diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml
index e1699c1c54..d2c4d0c846 100644
--- a/.github/workflows/async.yml
+++ b/.github/workflows/async.yml
@@ -36,7 +36,7 @@ jobs:
           ./configure ${{ matrix.config }}
           make check
 
-      - name: Print errors 
+      - name: Print errors
         if: ${{ failure() }}
         run: |
           if [ -f test-suite.log ] ; then
diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml
index d1ffb6f666..ba3ff3ff70 100644
--- a/.github/workflows/curl.yml
+++ b/.github/workflows/curl.yml
@@ -26,11 +26,14 @@ jobs:
           configure: --enable-curl
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-curl
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   test_curl:
@@ -54,7 +57,9 @@ jobs:
       uses: actions/download-artifact@v4
       with:
         name: wolf-install-curl
-        path: build-dir
+
+    - name: untar build-dir
+      run: tar -xf build-dir.tgz
 
     - name: Build curl
       uses: wolfSSL/actions-build-autotools-project@v1
@@ -67,4 +72,4 @@ jobs:
 
     - name: Test curl
       working-directory: curl
-      run: make -j test-ci
+      run: make -j $(nproc) test-ci
diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml
index 9cd572aea0..9f2aab72c2 100644
--- a/.github/workflows/cyrus-sasl.yml
+++ b/.github/workflows/cyrus-sasl.yml
@@ -29,11 +29,14 @@ jobs:
           # Don't run tests as this config is tested in many other places
           check: false
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-sasl
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   sasl_check:
@@ -60,7 +63,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-sasl
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
         uses: actions/checkout@v4
@@ -88,4 +93,11 @@ jobs:
         working-directory: sasl
         run: |
           make -j -C utils testsuite saslpasswd2
-          $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh
+          # Retry up to five times
+          for i in {1..5}; do
+             TEST_RES=0
+             $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh || TEST_RES=$?
+             if [ "$TEST_RES" -eq "0" ]; then
+                break
+             fi
+          done
diff --git a/.github/workflows/disabled/haproxy.yml b/.github/workflows/disabled/haproxy.yml
index 43e197fd59..1943a6269a 100644
--- a/.github/workflows/disabled/haproxy.yml
+++ b/.github/workflows/disabled/haproxy.yml
@@ -57,4 +57,3 @@ jobs:
       - name: Test HaProxy
         working-directory: haproxy
         run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest
- 
diff --git a/.github/workflows/disabled/hostap.yml b/.github/workflows/disabled/hostap.yml
index aad37cad30..97a03ce327 100644
--- a/.github/workflows/disabled/hostap.yml
+++ b/.github/workflows/disabled/hostap.yml
@@ -181,7 +181,7 @@ jobs:
       - name: Checkout hostap
         uses: actions/checkout@v4
         with:
-          repository: julek-wolfssl/hostap-mirror 
+          repository: julek-wolfssl/hostap-mirror
           path: hostap
           ref: ${{ matrix.config.hostap_ref }}
           # necessary for cherry pick step
@@ -210,7 +210,7 @@ jobs:
           done
 
       - if: ${{ matrix.hostapd }}
-        name: Setup hostapd config file 
+        name: Setup hostapd config file
         run: |
           cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
              hostap/hostapd/.config
@@ -220,7 +220,7 @@ jobs:
           EOF
 
       - if: ${{ matrix.wpa_supplicant }}
-        name: Setup wpa_supplicant config file 
+        name: Setup wpa_supplicant config file
         run: |
           cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
              hostap/wpa_supplicant/.config
diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml
index c71b500a67..283e3b92e2 100644
--- a/.github/workflows/docker-OpenWrt.yml
+++ b/.github/workflows/docker-OpenWrt.yml
@@ -28,11 +28,15 @@ jobs:
             - uses: actions/checkout@v4
             - name: Compile libwolfssl.so
               run: ./autogen.sh && ./configure --enable-all && make
+              # 2024-08-05 - Something broke in the actions. They are no longer following links.
+            - name: tar libwolfssl.so
+              working-directory: src/.libs
+              run: tar -zcf libwolfssl.tgz libwolfssl.so*
             - name: Upload libwolfssl.so
               uses: actions/upload-artifact@v4
               with:
                 name: openwrt-libwolfssl.so
-                path: src/.libs/libwolfssl.so
+                path: src/.libs/libwolfssl.tgz
                 retention-days: 5
     compile_container:
         name: Compile container
@@ -50,7 +54,9 @@ jobs:
             - uses: actions/download-artifact@v4
               with:
                 name: openwrt-libwolfssl.so
-                path: Docker/OpenWrt/.
+                path: .
+            - name: untar libwolfssl.so
+              run: tar -xf libwolfssl.tgz -C Docker/OpenWrt
             - name: Build but dont push
               uses: docker/build-push-action@v5
               with:
diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml
index d2f0a8317c..4e145cc6c8 100644
--- a/.github/workflows/grpc.yml
+++ b/.github/workflows/grpc.yml
@@ -27,11 +27,14 @@ jobs:
           configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-grpc
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   grpc_check:
@@ -65,7 +68,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-grpc
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
         uses: actions/checkout@v4
diff --git a/.github/workflows/hitch.yml b/.github/workflows/hitch.yml
index 4f11a79f04..60ee38dba2 100644
--- a/.github/workflows/hitch.yml
+++ b/.github/workflows/hitch.yml
@@ -27,11 +27,14 @@ jobs:
           configure: --enable-hitch
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-hitch
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   hitch_check:
@@ -53,7 +56,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-hitch
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
         uses: actions/checkout@v4
@@ -100,4 +105,4 @@ jobs:
         working-directory: ./hitch
         run: |
           export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
-          make check
\ No newline at end of file
+          make check
diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml
index aa983ac03e..22a073ce65 100644
--- a/.github/workflows/hostap-vm.yml
+++ b/.github/workflows/hostap-vm.yml
@@ -24,7 +24,7 @@ jobs:
             wolf_extra_config: --disable-tls13
           - build_id: hostap-vm-build2
             wolf_extra_config: >-
-              --enable-wpas-dpp --enable-brainpool --with-eccminsz=192 
+              --enable-wpas-dpp --enable-brainpool --with-eccminsz=192
               --enable-tlsv10 --enable-oldtls
     name: Build wolfSSL
     runs-on: ubuntu-latest
@@ -52,11 +52,14 @@ jobs:
             ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.build_id }}
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   build_uml_linux:
@@ -84,7 +87,7 @@ jobs:
         if: steps.cache.outputs.cache-hit != 'true'
         uses: actions/checkout@v4
         with:
-          repository: torvalds/linux 
+          repository: torvalds/linux
           path: linux
 
       - name: Compile linux
@@ -178,7 +181,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: ${{ matrix.config.build_id }}
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Install dependencies
         run: |
@@ -194,7 +199,7 @@ jobs:
       - name: Checkout hostap
         uses: actions/checkout@v4
         with:
-          repository: julek-wolfssl/hostap-mirror 
+          repository: julek-wolfssl/hostap-mirror
           path: hostap
           ref: ${{ matrix.config.hostap_ref }}
 
@@ -228,7 +233,7 @@ jobs:
           fi
 
       - if: ${{ matrix.hostapd }}
-        name: Setup hostapd config file 
+        name: Setup hostapd config file
         run: |
           cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
              hostap/hostapd/.config
@@ -238,7 +243,7 @@ jobs:
           EOF
 
       - if: ${{ matrix.wpa_supplicant }}
-        name: Setup wpa_supplicant config file 
+        name: Setup wpa_supplicant config file
         run: |
           cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
              hostap/wpa_supplicant/.config
diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml
index 83117a9001..2fb6403d71 100644
--- a/.github/workflows/ipmitool.yml
+++ b/.github/workflows/ipmitool.yml
@@ -30,11 +30,14 @@ jobs:
           # Don't run tests as this config is tested in many other places
           check: false
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-ipmitool
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   build_ipmitool:
@@ -50,7 +53,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-ipmitool
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
         uses: actions/checkout@v4
@@ -74,4 +79,3 @@ jobs:
         run: |
           ldd src/ipmitool | grep wolfssl
           ldd src/ipmievd | grep wolfssl
- 
\ No newline at end of file
diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml
index a76d8a1050..13569574fa 100644
--- a/.github/workflows/jwt-cpp.yml
+++ b/.github/workflows/jwt-cpp.yml
@@ -29,11 +29,14 @@ jobs:
           # Don't run tests as this config is tested in many other places
           check: false
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-jwt-cpp
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   build_pam-ipmi:
@@ -56,7 +59,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-jwt-cpp
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
         uses: actions/checkout@v4
diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml
index 87f89dba1c..ce96479ce0 100644
--- a/.github/workflows/krb5.yml
+++ b/.github/workflows/krb5.yml
@@ -31,11 +31,14 @@ jobs:
           configure: --enable-krb CC='gcc -fsanitize=address'
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-krb5
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   krb5_check:
@@ -54,7 +57,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-krb5
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
         uses: actions/checkout@v4
diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml
index a66d1c5697..0f5f241008 100644
--- a/.github/workflows/libssh2.yml
+++ b/.github/workflows/libssh2.yml
@@ -28,11 +28,14 @@ jobs:
           check: false # config is already tested in many other PRB's
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-libssh2
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   libssh2_check:
@@ -51,7 +54,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-libssh2
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Build and test libssh2
         uses: wolfSSL/actions-build-autotools-project@v1
diff --git a/.github/workflows/libvncserver.yml b/.github/workflows/libvncserver.yml
index 348eb56eb6..cdef79dde5 100644
--- a/.github/workflows/libvncserver.yml
+++ b/.github/workflows/libvncserver.yml
@@ -29,11 +29,14 @@ jobs:
           # Don't run tests as this config is tested in many other places
           check: false
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-libvncserver
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   build_libvncserver:
@@ -49,7 +52,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-libvncserver
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
         uses: actions/checkout@v4
diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml
index 9bcedc149e..e1cbb37847 100644
--- a/.github/workflows/memcached.yml
+++ b/.github/workflows/memcached.yml
@@ -28,11 +28,14 @@ jobs:
       - name: Bundle Docker entry point
         run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-memcached
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   memcached_check:
@@ -50,7 +53,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-memcached
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
         uses: actions/checkout@v4
diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml
new file mode 100644
index 0000000000..8ba0477797
--- /dev/null
+++ b/.github/workflows/mosquitto.yml
@@ -0,0 +1,98 @@
+name: mosquitto Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-mosquitto
+          path: build-dir.tgz
+          retention-days: 5
+
+  mosquitto_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        ref: [ 2.0.18 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-mosquitto
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Install dependencies
+        run: |
+            export DEBIAN_FRONTEND=noninteractive
+            sudo apt-get update
+            sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make
+            sudo pip install --upgrade psutil
+
+      - name: Checkout mosquitto
+        uses: actions/checkout@v4
+        with:
+          repository: eclipse/mosquitto
+          ref: v${{ matrix.ref }}
+          path: mosquitto
+
+      - name: Configure and build mosquitto
+        run: |
+            cd $GITHUB_WORKSPACE/mosquitto/
+            patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
+            make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
+
+      - name: Run mosquitto tests
+        working-directory: ./mosquitto
+        run: |
+          # Retry up to five times
+          for i in {1..5}; do
+            TEST_RES=0
+            make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
+            if [ "$TEST_RES" -eq "0" ]; then
+              break
+            fi
+          done
+          if [ "$TEST_RES" -ne "0" ]; then
+            exit $TEST_RES
+          fi
diff --git a/.github/workflows/multi-arch.yml b/.github/workflows/multi-arch.yml
index f296464f9f..c8f2270193 100644
--- a/.github/workflows/multi-arch.yml
+++ b/.github/workflows/multi-arch.yml
@@ -51,7 +51,7 @@ jobs:
             CFLAGS: ${{ matrix.CFLAGS }}
             QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
         run: ./autogen.sh && ./configure --host=${{ matrix.HOST }} --enable-all --disable-examples ${{ matrix.EXTRA_OPTS }} && make
-      - name: Print errors 
+      - name: Print errors
         if: ${{ failure() }}
         run: |
           if [ -f config.log ] ; then
diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml
index c121709f39..709b59f5e1 100644
--- a/.github/workflows/net-snmp.yml
+++ b/.github/workflows/net-snmp.yml
@@ -27,11 +27,14 @@ jobs:
           configure: --enable-net-snmp
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-net-snmp
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   net-snmp_check:
@@ -52,8 +55,10 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-net-snmp
-          path: build-dir
-    
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
       - name: Checkout OSP
         uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml
index 97e57a1eea..0d4f1448e4 100644
--- a/.github/workflows/nginx.yml
+++ b/.github/workflows/nginx.yml
@@ -33,11 +33,14 @@ jobs:
           configure: --enable-nginx ${{ env.wolf_debug_flags }}
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-nginx
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   nginx_check:
@@ -93,7 +96,7 @@ jobs:
               stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
               stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
               upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
-              uwsgi_ssl.t uwsgi_ssl_verify.t 
+              uwsgi_ssl.t uwsgi_ssl_verify.t
             # Following tests do not pass with sanitizer on (with OpenSSL too)
             sanitize-not-ok: >-
               grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
@@ -111,7 +114,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-nginx
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Install dependencies
         run: |
@@ -216,4 +221,4 @@ jobs:
           LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
             TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
             prove ${{ matrix.sanitize-ok }}
- 
+
diff --git a/.github/workflows/no-malloc.yml b/.github/workflows/no-malloc.yml
index 88e5eedd70..d3ba9b2d27 100644
--- a/.github/workflows/no-malloc.yml
+++ b/.github/workflows/no-malloc.yml
@@ -18,7 +18,7 @@ jobs:
       matrix:
         config: [
           # Add new configs here
-          '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC"',
+          '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
         ]
     name: make check
     runs-on: ubuntu-latest
@@ -35,7 +35,7 @@ jobs:
           make
           ./wolfcrypt/test/testwolfcrypt
 
-      - name: Print errors 
+      - name: Print errors
         if: ${{ failure() }}
         run: |
           if [ -f test-suite.log ] ; then
diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml
new file mode 100644
index 0000000000..fcc0843243
--- /dev/null
+++ b/.github/workflows/ntp.yml
@@ -0,0 +1,91 @@
+name: ntp Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-ntp
+          path: build-dir.tgz
+          retention-days: 5
+
+  ntp_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 4.2.8p15 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-ntp
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      # Avoid DoS'ing ntp site so cache the tar.gz
+      - name: Check if we have ntp
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: ntp-${{ matrix.ref }}.tar.gz
+          key: ntp-${{ matrix.ref }}.tar.gz
+
+      - name: Download ntp
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz
+
+      - name: Extract ntp
+        run: |
+          tar -xf ntp-${{ matrix.ref }}.tar.gz
+
+      - name: Build and test ntp
+        working-directory: ntp-${{ matrix.ref }}
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/ntp/${{ matrix.ref }}/ntp-${{ matrix.ref }}.patch
+          ./bootstrap
+          ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          make -j
+          make -j check
diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml
new file mode 100644
index 0000000000..950435b5cc
--- /dev/null
+++ b/.github/workflows/openldap.yml
@@ -0,0 +1,89 @@
+name: openldap Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-openldap CPPFLAGS=-DWOLFSSL_NO_ASN_STRICT
+          install: true
+          check: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openldap
+          path: build-dir.tgz
+          retention-days: 5
+
+  openldap_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # List of releases to test
+          - osp_ref: 2.5.13
+            git_ref: OPENLDAP_REL_ENG_2_5_13
+    name: ${{ matrix.osp_ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openldap
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout openldap
+        uses: actions/checkout@v4
+        with:
+          repository: openldap/openldap
+          path: openldap
+          ref: ${{ matrix.git_ref }}
+
+      - name: Build and test OpenLDAP
+        working-directory: openldap
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          patch -p1 < $GITHUB_WORKSPACE/osp/openldap/${{ matrix.osp_ref }}/openldap-${{ matrix.osp_ref }}.patch
+          rm aclocal.m4
+          autoreconf -ivf
+          ./configure --with-tls=wolfssl --disable-bdb --disable-hdb \
+            CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include \
+              -I$GITHUB_WORKSPACE/build-dir/include/wolfssl \
+              -L$GITHUB_WORKSPACE/build-dir/lib"
+          make -j depend
+          make -j
+          make -j check
diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml
index 040ae74648..3e717af012 100644
--- a/.github/workflows/openssh.yml
+++ b/.github/workflows/openssh.yml
@@ -26,14 +26,17 @@ jobs:
           path: wolfssl
           configure: >-
             --enable-openssh --enable-dsa --with-max-rsa-bits=8192
-            --enable-intelasm --enable-sp-asm
+            --enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-openssh
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   openssh_check:
@@ -51,7 +54,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-openssh
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
         uses: actions/checkout@v4
@@ -69,7 +74,7 @@ jobs:
           configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
           check: false
 
-      # make tests take >20 minutes. Consider limiting? 
+      # make tests take >20 minutes. Consider limiting?
       - name: Run tests
         working-directory: ./openssh
         run: |
diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml
index 97243cb9ea..a547e8d8f4 100644
--- a/.github/workflows/openvpn.yml
+++ b/.github/workflows/openvpn.yml
@@ -27,11 +27,14 @@ jobs:
           configure: --enable-openvpn
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-openvpn
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   openvpn_check:
@@ -50,7 +53,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-openvpn
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Install dependencies
         run: |
diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml
index 68557a31ab..8b337c1f0b 100644
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -25,14 +25,19 @@ jobs:
           '--enable-all --enable-asn=original',
           '--enable-harden-tls',
           '--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
-             --enable-opensslextra --enable-sessioncerts 
-             CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE 
+             --enable-opensslextra --enable-sessioncerts
+             CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
              -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
           '--enable-all --enable-secure-renegotiation',
           '--enable-all --enable-haproxy --enable-quic',
-          '--enable-dtls --enable-dtls13 --enable-earlydata 
-             --enable-session-ticket --enable-psk 
+          '--enable-dtls --enable-dtls13 --enable-earlydata
+             --enable-session-ticket --enable-psk
              CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
+          '--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
+             --enable-dtls-frag-ch',
+          '--enable-all --enable-dtls13 --enable-dtls-frag-ch',
+          '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
+           --enable-dtls-mtu',
         ]
     name: make check
     runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index b4657110c5..b9d3378ff7 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -37,8 +37,9 @@ jobs:
       - name: Build wolfSSL .deb
         run: make deb-docker
 
-      - name: Build wolfSSL .rpm
-        run: make rpm-docker
+# disabled 20240919 -- broken target.
+#      - name: Build wolfSSL .rpm
+#        run: make rpm-docker
 
       - name: Confirm packages built
         run: |
@@ -47,8 +48,9 @@ jobs:
             echo Did not find exactly two deb packages!!!
             exit 1
           fi
-          RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
-          if [ "$RPM_COUNT" != "4" ]; then
-            echo Did not find exactly four rpm packages!!!
-            exit 1
-          fi
+# disabled 20240919 -- broken target.
+#          RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
+#          if [ "$RPM_COUNT" != "4" ]; then
+#            echo Did not find exactly four rpm packages!!!
+#            exit 1
+#          fi
diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml
index e6a2a4ae55..dda3200644 100644
--- a/.github/workflows/pam-ipmi.yml
+++ b/.github/workflows/pam-ipmi.yml
@@ -30,11 +30,14 @@ jobs:
           # Don't run tests as this config is tested in many other places
           check: false
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-pam-ipmi
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   build_pam-ipmi:
@@ -58,7 +61,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-pam-ipmi
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
         uses: actions/checkout@v4
diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml
new file mode 100644
index 0000000000..98a4280070
--- /dev/null
+++ b/.github/workflows/rng-tools.yml
@@ -0,0 +1,114 @@
+name: rng-tools Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-rng-tools
+          path: build-dir.tgz
+          retention-days: 5
+
+  rng-tools_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 6.16 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y libcurl4-openssl-dev libjansson-dev libp11-dev librtlsdr-dev libcap-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-rng-tools
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout jitterentropy-library
+        uses: actions/checkout@v4
+        with:
+          repository: smuellerDD/jitterentropy-library
+          path: jitterentropy-library
+          ref: v3.5.0
+
+      - name: Build jitterentropy-library
+        working-directory: jitterentropy-library
+        run: make -j
+
+      - name: Build rng-tools
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: nhorman/rng-tools
+          ref: v${{ matrix.ref }}
+          path: rng-tools
+          patch-file: $GITHUB_WORKSPACE/osp/rng-tools/${{ matrix.ref }}.patch
+          configure: --without-pkcs11 --enable-jitterentropy=$GITHUB_WORKSPACE/jitterentropy-library --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          check: false
+
+      - name: Testing rng-tools
+        id: testing
+        working-directory: rng-tools
+        run: |
+          # Retry up to five times
+          for i in {1..5}; do
+            TEST_RES=0
+            LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib make check || TEST_RES=$?
+            if [ "$TEST_RES" -eq "0" ]; then
+               break
+            fi
+          done
+          if [ "$TEST_RES" -ne "0" ]; then
+            exit $TEST_RES
+          fi
+
+      - name: Print logs
+        if: ${{ failure() && steps.testing.outcome == 'failure' }}
+        working-directory: rng-tools/tests
+        run: cat test-suite.log
diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml
index 98c612d840..fe2c8252ac 100644
--- a/.github/workflows/socat.yml
+++ b/.github/workflows/socat.yml
@@ -25,12 +25,15 @@ jobs:
           configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS'
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-socat
-          path: build-dir
-          retention-days: 3
+          path: build-dir.tgz
+          retention-days: 5
 
 
   socat_check:
@@ -49,7 +52,9 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-socat
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Download socat
         run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz
diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml
new file mode 100644
index 0000000000..31011e1874
--- /dev/null
+++ b/.github/workflows/sssd.yml
@@ -0,0 +1,97 @@
+name: sssd Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-sssd
+          path: build-dir.tgz
+          retention-days: 5
+
+  sssd_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.9.1 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/sssd/ci-client-devel:ubuntu-latest
+      env:
+        LD_LIBRARY_PATH: /usr/local/lib
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y build-essential autoconf libldb-dev libldb2 python3-ldb bc
+
+      - name: Setup env
+        run: |
+          ln -s samba-4.0/ldb.h /usr/include/ldb.h
+          ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h
+          ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h
+          ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h
+          ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-sssd
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test sssd
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: SSSD/sssd
+          ref: ${{ matrix.ref }}
+          path: sssd
+          patch-file: $GITHUB_WORKSPACE/osp/sssd/${{ matrix.ref }}.patch
+          configure: >-
+            --without-samba --without-nfsv4-idmapd-plugin --with-oidc-child=no
+            --without-manpages WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
+          check: true
+
diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml
index 5e1b6b325f..fdb6623f43 100644
--- a/.github/workflows/stunnel.yml
+++ b/.github/workflows/stunnel.yml
@@ -27,11 +27,14 @@ jobs:
           configure: --enable-stunnel
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
         uses: actions/upload-artifact@v4
         with:
           name: wolf-install-stunnel
-          path: build-dir
+          path: build-dir.tgz
           retention-days: 5
 
   stunnel_check:
@@ -50,8 +53,10 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: wolf-install-stunnel
-          path: build-dir
-    
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
       - name: Checkout OSP
         uses: actions/checkout@v4
         with:
diff --git a/.gitignore b/.gitignore
index 833b664af3..c542ec121b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -413,6 +413,14 @@ user_settings_asm.h
 /IDE/Espressif/**/sdkconfig
 /IDE/Espressif/**/sdkconfig.old
 
+# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
+/IDE/Espressif/**/sdkconfig.debug
+/IDE/Espressif/**/sdkconfig.release
+
+# Always include Espressif makefiles (typically only used for ESP8266)
+!/IDE/Espressif/**/Makefile
+!/IDE/Espressif/**/component.mk
+
 # MPLAB
 /IDE/MPLABX16/wolfssl.X/dist/default/
 /IDE/MPLABX16/wolfssl.X/.generated_files
@@ -434,6 +442,12 @@ debian/changelog
 debian/control
 *.deb
 
+# Ada/Alire files
+wrapper/Ada/alire/
+wrapper/Ada/config/
+wrapper/Ada/lib/
+wrapper/Ada/obj/
+
 # PlatformIO
 /**/.pio
 /**/.vscode/.browse.c_cpp.db*
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4e6f05fc68..d5dd2796e6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -945,13 +945,29 @@ if(WOLFSSL_ECC)
     endif()
 endif()
 
-# TODO: - ECC custom curves
-#       - Compressed key
+# TODO: - Compressed key
 #       - FP ECC, fixed point cache ECC
 #       - ECC encrypt
 #       - PSK
 #       - Single PSK identity
 
+# ECC custom curves
+add_option("WOLFSSL_ECCCUSTCURVES"
+    "Enable ECC Custom Curves (default: disabled)"
+    "no" "yes;no;all")
+
+if(WOLFSSL_ECCCUSTCURVES)
+    if("${WOLFSSL_ECCCUSTCURVES}" STREQUAL "all")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR2")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR3")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_BRAINPOOL")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_KOBLITZ")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_CDH")
+    endif()
+
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CUSTOM_CURVES")
+endif()
+
 # CURVE25519
 set(WOLFSSL_CURVE25519_SMALL "no")
 add_option("WOLFSSL_CURVE25519"
@@ -1877,6 +1893,10 @@ add_option("WOLFSSL_CRYPTOCB"
     "Enable crypto callbacks (default: disabled)"
     "no" "yes;no")
 
+add_option("WOLFSSL_CRYPTOCB_NO_SW_TEST"
+    "Disable crypto callback SW testing (default: disabled)"
+    "no" "yes;no")
+
 add_option("WOLFSSL_PKCALLBACKS"
     "Enable public key callbacks (default: disabled)"
     "no" "yes;no")
@@ -2080,6 +2100,10 @@ if(WOLFSSL_CRYPTOCB)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLF_CRYPTO_CB")
 endif()
 
+if(WOLFSSL_CRYPTOCB_NO_SW_TEST)
+    list(APPEND WOLFSSL_DEFINITIONS "-DWC_TEST_NO_CRYPTOCB_SW_TEST")
+endif()
+
 # Public Key Callbacks
 if(WOLFSSL_PKCALLBACKS)
     list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PK_CALLBACKS")
@@ -2335,7 +2359,7 @@ endif()
 
 foreach(DEF IN LISTS WOLFSSL_DEFINITIONS)
     string(REGEX MATCH "^(-D)?([^=]+)(=(.*))?$" DEF_MATCH ${DEF})
-    if (DEFINED CMAKE_MATCH_4)
+    if (NOT "${CMAKE_MATCH_4}" STREQUAL "")
         set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})
         # message("set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})")
     else()
diff --git a/ChangeLog.md b/ChangeLog.md
index 0939a65940..bee6e614ee 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -220,7 +220,7 @@ fixed this omission in several PRs for this release.
 
 * [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
 
-* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
+* [Low] CVE-2024-1543: A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
 
 * [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
 
@@ -874,9 +874,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
 
 ## Enhancements
 * DTLSv1.3: Do HRR Cookie exchange by default
-* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API 
-* Update ide win10 build files to add missing sp source files 
-* Improve Workbench docs 
+* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
+* Update ide win10 build files to add missing sp source files
+* Improve Workbench docs
 * Improve EVP support for CHACHA20_POLY1305
 * Improve `wc_SetCustomExtension` documentation
 * RSA-PSS with OCSP and add simple OCSP response DER verify test case
@@ -884,23 +884,23 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
 * Don't over-allocate memory for DTLS fragments
 * Add WOLFSSL_ATECC_TFLXTLS for Atmel port
 * SHA-3 performance improvements with x86_64 assembly
-* Add code to fallback to S/W if TSIP cannot handle 
+* Add code to fallback to S/W if TSIP cannot handle
 * Improves entropy with VxWorks
 * Make time in milliseconds 64-bits for longer session ticket lives
 * Support for setting cipher list with bytes
 * wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements
 * Add to RSAES-OAEP key parsing for pkcs7
 * Add missing DN nid to work with PrintName()
-* SP int: default to 16 bit word size when NO_64BIT defined 
+* SP int: default to 16 bit word size when NO_64BIT defined
 * Limit the amount of fragments we store per a DTLS connection and error out when max limit is reached
 * Detect when certificate's RSA public key size is too big and fail on loading of certificate
 
 ## Fixes
 * Fix for async with OCSP non-blocking in `ProcessPeerCerts`
 * Fixes for building with 32-bit and socket size sign/unsigned mismatch
-* Fix Windows CMakeList compiler options 
-* TLS 1.3 Middle-Box compat: fix missing brace 
-* Configuration consistency fixes for RSA keys and way to force disable of private keys 
+* Fix Windows CMakeList compiler options
+* TLS 1.3 Middle-Box compat: fix missing brace
+* Configuration consistency fixes for RSA keys and way to force disable of private keys
 * Fix for Aarch64 Mac M1 SP use
 * Fix build errors and warnings for MSVC with DTLS 1.3
 * Fix HMAC compat layer function for SHA-1
@@ -908,9 +908,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
 * Check return from call to wc_Time
 * SP math: fix build configuration with opensslall
 * Fix for async session tickets
-* SP int mp_init_size fixes when SP_WORD_SIZE == 8 
+* SP int mp_init_size fixes when SP_WORD_SIZE == 8
 * Ed. function to make public key now checks for if the private key flag is set
-* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash 
+* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
 * Fix for building with PSK only
 * Set correct types in wolfSSL_sk_*_new functions
 * Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS
@@ -1024,7 +1024,7 @@ CVE-2020-12966 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb
 * Update SP math all to not use sp_int_word when SQR_MUL_ASM is available
 ### SP Math Fixes
 * Fixes for constant time with div function
-* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile 
+* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
 * Fix for div_word when not using div function
 * Fixes for user settings with SP ASM and ED/Curve25519 small
 * Additional Wycheproof tests ran and fixes
@@ -1204,7 +1204,7 @@ Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
 ### Math Library Fixes
 * Sanity check with SP math that ECC points ordinates are not greater than modulus length
 * Additional sanity checks that _sp_add_d does not error due to overflow
-* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests 
+* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
 * TFM fp_div_2_ct rework to avoid potential overflow
 
 ### Misc.
@@ -1445,7 +1445,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
 ###### PORT Fixes
 * Building with Android wpa_supplicant and KeyStore
 * Setting initial value of CA certificate with TSIP enabled
-* Cryptocell ECC build fix and fix with RSA disabled 
+* Cryptocell ECC build fix and fix with RSA disabled
 * IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation
 
 ###### Math Library Fixes
@@ -1584,7 +1584,7 @@ Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
     - SSL_SESSION_has_ticket()
     - SSL_SESSION_get_ticket_lifetime_hint()
     - DIST_POINT_new
-    - DIST_POINT_free 
+    - DIST_POINT_free
     - DIST_POINTS_free
     - CRL_DIST_POINTS_free
     - sk_DIST_POINT_push
@@ -1747,7 +1747,7 @@ Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
 
 ### Vulnerabilities
 * [Low] CVE-2021-37155: OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer Mueller-Amersdorffer, Roee Yankelevsky, Barak Gutman, Hila Cohen and Shoshi Berko (from CYMOTIVE Technologies and CARIAD) for the report.
-* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report. 
+* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
 
 ### New Feature Additions
 ###### New Product
diff --git a/Docker/Dockerfile b/Docker/Dockerfile
index 32b10900ce..e6c3cd35d3 100644
--- a/Docker/Dockerfile
+++ b/Docker/Dockerfile
@@ -40,10 +40,12 @@ RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-s
 
 # Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
 RUN mkdir /var/empty
-RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-14.1.1.tar.gz | tar xzf - && cd pkixssh-14.1.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
+RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
 
 # Install udp/tcp-proxy
 RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/.
+# Install libbacktrace
+RUN cd /opt/sources && git clone --depth=1 --single-branch https://github.com/ianlancetaylor/libbacktrace.git && cd libbacktrace && mkdir build && cd build && ../configure && make && make install
 
 # Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container)
 RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump
diff --git a/Docker/buildAndPush.sh b/Docker/buildAndPush.sh
index d66e2c8486..444edaca09 100755
--- a/Docker/buildAndPush.sh
+++ b/Docker/buildAndPush.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Assume we're in wolfssl/Docker
 WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
@@ -18,18 +18,37 @@ docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${W
     docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest
 
 if [ $? -eq 0 ]; then
-    echo "Pushing containers to DockerHub"
-    docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
-        docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
+    echo "Push containers to DockerHub [y/N]? "
+    read val
+    if [ "$val" = "y" ]; then
+        docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
+            docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
+        if [ $? -ne 0 ]; then
+            echo "Warning: push failed. Continuing"
+            ((NUM_FAILURES++))
+        fi
+    fi
 else
     echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing"
     ((NUM_FAILURES++))
 fi
 
 echo "Building wolfssl/wolfCLU:${CUR_DATE}"
-docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU" && \
-docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:latest      --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU"
-if [ $? -ne 0 ]; then
+DOCKER_ARGS="--pull --build-arg DUMMY=${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 ${WOLFSSL_DIR}/Docker/wolfCLU"
+docker buildx build -t wolfssl/wolfclu:${CUR_DATE} ${DOCKER_ARGS} && \
+    docker buildx build -t wolfssl/wolfclu:latest ${DOCKER_ARGS}
+if [ $? -eq 0 ]; then
+    echo "Push containers to DockerHub [y/N]? "
+    read val
+    if [ "$val" = "y" ]; then
+        docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:${CUR_DATE} && \
+            docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:latest
+        if [ $? -ne 0 ]; then
+            echo "Warning: push failed. Continuing"
+            ((NUM_FAILURES++))
+        fi
+    fi
+else
     echo "Warning: Build wolfssl/wolfclu failed. Continuing"
     ((NUM_FAILURES++))
 fi
diff --git a/Docker/run.sh b/Docker/run.sh
index 3820425bb3..880e1e44f6 100755
--- a/Docker/run.sh
+++ b/Docker/run.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 echo "Running with \"${*}\"..."
 
diff --git a/Docker/wolfCLU/Dockerfile b/Docker/wolfCLU/Dockerfile
index 03b6a6fee3..da10d73dd6 100644
--- a/Docker/wolfCLU/Dockerfile
+++ b/Docker/wolfCLU/Dockerfile
@@ -3,7 +3,7 @@ FROM ubuntu as BUILDER
 
 ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap"
 RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
-                    && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} \
+                    && apt install -y ${DEPS_WOLFSSL} \
                     && apt clean -y && rm -rf /var/lib/apt/lists/*
 
 ARG NUM_CPU=16
diff --git a/Docker/wolfCLU/README.md b/Docker/wolfCLU/README.md
index 1fc7bc6de8..2c271d5569 100644
--- a/Docker/wolfCLU/README.md
+++ b/Docker/wolfCLU/README.md
@@ -1,6 +1,6 @@
 This is a small container that has wolfCLU installed for quick access. To build your own run the following:
 ```
-docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu . 
+docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
 ```
 
 To run the container, you can use:
diff --git a/Docker/yocto/buildAndPush.sh b/Docker/yocto/buildAndPush.sh
index 8c749502c6..87558eb769 100755
--- a/Docker/yocto/buildAndPush.sh
+++ b/Docker/yocto/buildAndPush.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Assume we're in wolfssl/Docker/yocto
 WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/../..; pwd)
diff --git a/IDE/ARDUINO/Arduino_README_prepend.md b/IDE/ARDUINO/Arduino_README_prepend.md
index 594a067847..c11b35dbb9 100644
--- a/IDE/ARDUINO/Arduino_README_prepend.md
+++ b/IDE/ARDUINO/Arduino_README_prepend.md
@@ -10,4 +10,6 @@ See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/githu
 
 The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
 
+The next Official wolfSSL Arduino Library is [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable)
+
 See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md
index 75c25a20ad..f8b1ad60f1 100644
--- a/IDE/ARDUINO/README.md
+++ b/IDE/ARDUINO/README.md
@@ -27,7 +27,7 @@ This option will allow wolfSSL to be installed directly using the native Arduino
 
 ## Manually Reformatting wolfSSL as a Compatible Arduino Library
 
-Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be 
+Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
 compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
 for projects that use Arduino IDE 1.5.0 or newer.
 
@@ -55,8 +55,8 @@ from within the `wolfssl/IDE/ARDUINO` directory:
 3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
     - Creates an Arduino Library in `wolfSSL` directory
     - Copies that directory contents to the specified `/path/to/repository`
-    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`. 
-     
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
+
 4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
     - Creates an Arduino Library in `wolfSSL` directory
     - Copies that directory contents to the specified `/path/to/any/other/directory`
diff --git a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
index 21a84deb00..e4727dce1a 100644
--- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
@@ -1,6 +1,6 @@
 /* wolfssl_client.ino
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ARDUINO/sketches/wolfssl_server/README.md b/IDE/ARDUINO/sketches/wolfssl_server/README.md
index 523eb08729..a7073573b5 100644
--- a/IDE/ARDUINO/sketches/wolfssl_server/README.md
+++ b/IDE/ARDUINO/sketches/wolfssl_server/README.md
@@ -13,7 +13,7 @@ Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.co
 
 ## Connect with an Arduino Sketch
 
-See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino). 
+See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
 
 ## Connect with Linux Client
 
@@ -35,7 +35,7 @@ press the reset button or power cycle the Arduino before making a connection.
 Here's one possible script to test the server from a command-line client:
 
 ```bash
-#!/bin/bash
+#!/usr/bin/env bash
 echo "client log " > client_log.txt
 counter=1
 THIS_ERR=0
diff --git a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
index 3a894323e4..387052ca6b 100644
--- a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
@@ -1,6 +1,6 @@
 /* wolfssl_server.ino
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh
index d48b416626..e8a175a9f4 100755
--- a/IDE/ARDUINO/wolfssl-arduino.sh
+++ b/IDE/ARDUINO/wolfssl-arduino.sh
@@ -20,7 +20,7 @@
 # Reminder there's typically no $USER for GitHub actions, but:
 # ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
 #
-# The company name is "wolfSSL Inc."; There’s a space, no comma, and a period after "Inc."
+# The company name is "wolfSSL Inc."; There's a space, no comma, and a period after "Inc."
 # The Arduino library name is "wolfssl" (all lower case)
 # The Arduino library directory name is "wolfssl" (all lower case)
 # The Arduino library include file is "wolfssl.h" (all lower case)
@@ -29,7 +29,7 @@
 ROOT_DIR="/wolfssl"
 
 # The Arduino Version will initially have a suffix appended during fine tuning stage.
-WOLFSSL_VERSION_ARUINO_SUFFIX="-Arduino.3"
+WOLFSSL_VERSION_ARUINO_SUFFIX=""
 
 # For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp"
 # Do not set to empty string, as copy will fail with this: CP_CMD=""
@@ -65,6 +65,11 @@ if ! [ "$CP_CMD" = "cp " ]; then
     fi
 fi
 
+if [ "$ROOT_DIR" = "" ]; then
+    echo "ERROR: ROOT_DIR cannot be blank"
+    exit 1
+fi
+
 # Check environment
 if [ -n "$WSL_DISTRO_NAME" ]; then
     # we found a non-blank WSL environment distro name
@@ -84,6 +89,11 @@ if [ $# -gt 0 ]; then
     if [ "$THIS_OPERATION" = "INSTALL" ]; then
         THIS_INSTALL_DIR=$2
 
+        if [ "$THIS_INSTALL_DIR" = "/" ]; then
+            echo "ERROR: THIS_INSTALL_DIR cannot be /"
+            exit 1
+        fi
+
         echo "Install is active."
 
         if [ "$THIS_INSTALL_DIR" = "" ]; then
@@ -300,20 +310,22 @@ echo ""
 # Note we should have exited above if a problem was encountered,
 # as we'll never want to install a bad library.
 if [ "$THIS_OPERATION" = "INSTALL" ]; then
+    echo "Config:"
+    echo "cp ../../examples/configs/user_settings_arduino.h  ".${ROOT_SRC_DIR}"/user_settings.h"
+    # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
+    grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
+
+    # Show the user_settings.h revision string:
+    grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
+    echo ""
+
     if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
         echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
         cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
+        echo "Removing workspace library directory: .$ROOT_DIR"
+        rm -rf ".$ROOT_DIR"
     else
-        echo "Config:"
-        echo "cp ../../examples/configs/user_settings_arduino.h  ".${ROOT_SRC_DIR}"/user_settings.h"
-        # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
-        grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
-
-        # Show the user_settings.h revision string:
-        grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
-        echo ""
-
-        echo "Install:"
+        echo "Installing to local directory:"
         echo "mv .$ROOT_DIR $ARDUINO_ROOT"
         mv  ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
 
diff --git a/IDE/AURIX/Cpu0_Main.c b/IDE/AURIX/Cpu0_Main.c
index 536ddbb10c..c1667202f6 100644
--- a/IDE/AURIX/Cpu0_Main.c
+++ b/IDE/AURIX/Cpu0_Main.c
@@ -1,6 +1,6 @@
 /* Cpu0_Main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -63,7 +63,7 @@ int fputc(int ch, FILE *f)
     if (ch == (int)'\n') {
         int chcr = (int)'\r';
         count = 1;
-        IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);    
+        IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
     }
     count = 1;
     IfxAsclin_Asc_write(&g_asc, &ch, &count, TIME_INFINITE);
diff --git a/IDE/AURIX/README.md b/IDE/AURIX/README.md
index 11f884db38..fdcb171d56 100644
--- a/IDE/AURIX/README.md
+++ b/IDE/AURIX/README.md
@@ -9,7 +9,7 @@ Tested Platform:
 
 ## Running wolfCrypt on TriCore
 
-1) Add the wolfSSL source and headers to `Libraries/wolfssl`. 
+1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
   - Only the following folders are required: `src`, `wolfcrypt` and `wolfssl`.
   - See script to help with producing bundle here: https://github.com/wolfSSL/wolfssl/blob/master/scripts/makedistsmall.sh
 2) Add `WOLFSSL_USER_SETTINGS` to the Preprocessing symbols list. C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Preprocessing.
diff --git a/IDE/AURIX/user_settings.h b/IDE/AURIX/user_settings.h
index 4b41446b9e..d041a99862 100644
--- a/IDE/AURIX/user_settings.h
+++ b/IDE/AURIX/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/AURIX/wolf_main.c b/IDE/AURIX/wolf_main.c
index 9f90038985..f88140339b 100644
--- a/IDE/AURIX/wolf_main.c
+++ b/IDE/AURIX/wolf_main.c
@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/CRYPTOCELL/main.c b/IDE/CRYPTOCELL/main.c
index 7938d0dfae..c1ed8a0b13 100644
--- a/IDE/CRYPTOCELL/main.c
+++ b/IDE/CRYPTOCELL/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,8 +18,8 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-
-
+
+
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfcrypt/test/test.h>
 #include <wolfcrypt/benchmark/benchmark.h>
@@ -63,4 +63,3 @@ int main(void)
 
     return 0;
 }
-
diff --git a/IDE/CRYPTOCELL/user_settings.h b/IDE/CRYPTOCELL/user_settings.h
index dc9822f5cf..b6ffe4c781 100644
--- a/IDE/CRYPTOCELL/user_settings.h
+++ b/IDE/CRYPTOCELL/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -401,6 +401,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/ECLIPSE/DEOS/deos_malloc.c b/IDE/ECLIPSE/DEOS/deos_malloc.c
index b944e3bf05..9dcc7a473d 100644
--- a/IDE/ECLIPSE/DEOS/deos_malloc.c
+++ b/IDE/ECLIPSE/DEOS/deos_malloc.c
@@ -1,6 +1,6 @@
 /* deos_malloc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/DEOS/tls_wolfssl.c b/IDE/ECLIPSE/DEOS/tls_wolfssl.c
index 41149aa442..d74cc436ed 100644
--- a/IDE/ECLIPSE/DEOS/tls_wolfssl.c
+++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.c
@@ -1,6 +1,6 @@
 /* tls_wolfssl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/DEOS/tls_wolfssl.h b/IDE/ECLIPSE/DEOS/tls_wolfssl.h
index 02a0e53161..427eef6388 100644
--- a/IDE/ECLIPSE/DEOS/tls_wolfssl.h
+++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.h
@@ -1,6 +1,6 @@
 /* tls_wolfssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/DEOS/user_settings.h b/IDE/ECLIPSE/DEOS/user_settings.h
index ca68a2a909..16dc09ee74 100644
--- a/IDE/ECLIPSE/DEOS/user_settings.h
+++ b/IDE/ECLIPSE/DEOS/user_settings.h
@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/client_wolfssl.c b/IDE/ECLIPSE/MICRIUM/client_wolfssl.c
index 43d2e9be86..2c9b296417 100644
--- a/IDE/ECLIPSE/MICRIUM/client_wolfssl.c
+++ b/IDE/ECLIPSE/MICRIUM/client_wolfssl.c
@@ -1,6 +1,6 @@
 /* client_wolfssl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/client_wolfssl.h b/IDE/ECLIPSE/MICRIUM/client_wolfssl.h
index f86cc98d51..edf6559f84 100644
--- a/IDE/ECLIPSE/MICRIUM/client_wolfssl.h
+++ b/IDE/ECLIPSE/MICRIUM/client_wolfssl.h
@@ -1,6 +1,6 @@
 /* client_wolfssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/server_wolfssl.c b/IDE/ECLIPSE/MICRIUM/server_wolfssl.c
index 225aaa2eef..e31f4ca615 100644
--- a/IDE/ECLIPSE/MICRIUM/server_wolfssl.c
+++ b/IDE/ECLIPSE/MICRIUM/server_wolfssl.c
@@ -1,6 +1,6 @@
 /* server_wolfssl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/server_wolfssl.h b/IDE/ECLIPSE/MICRIUM/server_wolfssl.h
index 715e17b07c..b94e1fe6e2 100644
--- a/IDE/ECLIPSE/MICRIUM/server_wolfssl.h
+++ b/IDE/ECLIPSE/MICRIUM/server_wolfssl.h
@@ -1,6 +1,6 @@
 /* server_wolfssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/user_settings.h b/IDE/ECLIPSE/MICRIUM/user_settings.h
index b6b93fce84..27f8e08e25 100644
--- a/IDE/ECLIPSE/MICRIUM/user_settings.h
+++ b/IDE/ECLIPSE/MICRIUM/user_settings.h
@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c b/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
index 99a9212e42..e7553c3d77 100644
--- a/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
+++ b/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/RTTHREAD/user_settings.h b/IDE/ECLIPSE/RTTHREAD/user_settings.h
index 28157c2026..5e5ec18b43 100644
--- a/IDE/ECLIPSE/RTTHREAD/user_settings.h
+++ b/IDE/ECLIPSE/RTTHREAD/user_settings.h
@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c b/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
index 84d7f460a3..511801209c 100644
--- a/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
+++ b/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/SIFIVE/README.md b/IDE/ECLIPSE/SIFIVE/README.md
index 030e140496..206793e9c8 100644
--- a/IDE/ECLIPSE/SIFIVE/README.md
+++ b/IDE/ECLIPSE/SIFIVE/README.md
@@ -1 +1 @@
-This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.
\ No newline at end of file
+This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.
diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md
index 2075bde353..cc1a1d661d 100644
--- a/IDE/Espressif/ESP-IDF/README.md
+++ b/IDE/Espressif/ESP-IDF/README.md
@@ -1,6 +1,6 @@
 # ESP-IDF Port
 
-These Espressif examples have been created and tested with the latest stable release branch of 
+These Espressif examples have been created and tested with the latest stable release branch of
 [ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html).
 The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
 Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
@@ -140,7 +140,7 @@ See the specific examples for additional details.
 
 This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
 
- 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree  
+ 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
  2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
  3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
 
@@ -169,7 +169,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
 
 ## Configuration
 
- 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`. 
+ 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`.
 
 ## Configuration (Legacy IDF install)
 
@@ -183,7 +183,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
 
  For question please email [support@wolfssl.com]
 
- Note: This is tested with :  
+ Note: This is tested with :
    - OS: Ubuntu 20.04.3 LTS
    - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715
    - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777)
diff --git a/IDE/Espressif/ESP-IDF/compileAllExamples.sh b/IDE/Espressif/ESP-IDF/compileAllExamples.sh
index 536dc295c1..95a85d9068 100755
--- a/IDE/Espressif/ESP-IDF/compileAllExamples.sh
+++ b/IDE/Espressif/ESP-IDF/compileAllExamples.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # testing script: compileAllExamples
 #
diff --git a/IDE/Espressif/ESP-IDF/dummy_config_h b/IDE/Espressif/ESP-IDF/dummy_config_h
index 9d13eb2844..258ffd3f3d 100644
--- a/IDE/Espressif/ESP-IDF/dummy_config_h
+++ b/IDE/Espressif/ESP-IDF/dummy_config_h
@@ -1,6 +1,6 @@
 /* config.h - dummy
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Espressif/ESP-IDF/examples/README.md b/IDE/Espressif/ESP-IDF/examples/README.md
index 1cd6696f7b..d4a0ad696a 100644
--- a/IDE/Espressif/ESP-IDF/examples/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/README.md
@@ -12,7 +12,7 @@ These are the core examples for wolfSSL:
 
 - [TLS Client](./wolfssl_client/README.md). See also [CLI Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) and [more TLS examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/tls).
 
-- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server) 
+- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server)
 
 ## Other Espressif wolfSSL Examples
 
@@ -44,7 +44,7 @@ TLS1.3 Linux Client to Linux Server: `TLS_AES_128_GCM_SHA256` (default)
 ./examples/client/client -v 4 -h 127.0.0.1 -p 11111 -A ./certs/ca-cert.pem
 ```
 
-TLS1.2 Linux Server 
+TLS1.2 Linux Server
 ```
 ./examples/server/server -v 3 -b -d -p 11111 -c ./certs/server-cert.pem -k ./certs/server-key.pem
 ```
@@ -71,11 +71,11 @@ There's an additional example that uses wolfSSL installed as a component to the
 
 ## Installing wolfSSL for Espressif projects
 
-[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) 
-have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require 
+[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require
 wolfSSL to be installed.
 
-If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux) 
+If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux)
 and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux).
 
 The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl)
diff --git a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
index 649a736630..2f3e1630a3 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
@@ -1,10 +1,13 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.2
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
+# add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -68,6 +71,8 @@ else()
     message(STATUS "No conflicting wolfSSL components found.")
 endif()
 
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_template)
diff --git a/IDE/Espressif/ESP-IDF/examples/template/README.md b/IDE/Espressif/ESP-IDF/examples/template/README.md
index 274e22dea5..8d9ebbe49a 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/template/README.md
@@ -11,7 +11,7 @@ It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-
 
 ### Files Included
 
-- [main.c](./main/main.c) with a simple call to an Espressif library (`ESP_LOGI`) and a call to a wolfSSL library (`esp_ShowExtendedSystemInfo`) . 
+- [main.c](./main/main.c) with a simple call to an Espressif library (`ESP_LOGI`) and a call to a wolfSSL library (`esp_ShowExtendedSystemInfo`) .
 
 - See [components/wolfssl/include](./components/wolfssl/include/user_settings.h) directory to edit the wolfSSL `user_settings.h`.
 
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
index 1aea2577f8..8c678fbf3b 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
@@ -1,34 +1,160 @@
 #
-#  Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
+
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
 set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message("Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message("Detected UNIX")
+    endif()
+    if(APPLE)
+        message("Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message("Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message("Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message("Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+endif()
 
 # find the user name to search for possible "wolfssl-username"
 message(STATUS "USERNAME = $ENV{USERNAME}")
@@ -51,6 +177,25 @@ else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
 
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
+
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -68,7 +213,8 @@ endif()
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -76,27 +222,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
+    else()
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
     if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
             set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
             return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -114,16 +304,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -143,7 +364,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -154,17 +376,52 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
+
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
 
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "")
+    set(THIS_INCLUDE_DRIVER "")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_INCLUDE_DRIVER "driver")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          # esp_timer
-                                          # driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -173,48 +430,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -237,11 +545,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -291,6 +600,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -347,7 +657,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -360,13 +672,14 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
         # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
         "${THIS_IDF_PATH}/components/esp_event/include"
@@ -374,7 +687,7 @@ else()
         "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -383,7 +696,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -399,6 +712,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -409,6 +724,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -430,22 +746,140 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE)
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -453,6 +887,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -508,31 +948,77 @@ endfunction() # LIBWOLFSSL_SAVE_INFO
 
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    file(WRITE "tada.txt" "${WOLFSSL_ROOT}\n")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        message(STATUS "wolfSSL will be used for ESP-TLS")
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
new file mode 100644
index 0000000000..5e21683b32
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
@@ -0,0 +1,498 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superflous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
index e0e0d61495..3939302b98 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
@@ -1,4 +1,4 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
  * Copyright (C) 2006-2024 wolfSSL Inc.
  *
@@ -18,19 +18,52 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
  * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
  *
- * Do not include any wolfssl headers here
+ * Do not include any wolfssl headers here.
  *
  * When editing this file:
- * ensure wolfssl_test and wolfssl_benchmark settings match.
+ * ensure all examples match. The template example is the reference.
  */
 
-/* The Espressif project config file. See also sdkconfig.defaults */
-#include "sdkconfig.h"
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
@@ -46,33 +79,228 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
-/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
-#define NO_ESP_SDK_WIFI
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
 
 /* Experimental Kyber */
-#if 0
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
     /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
     #define WOLFSSL_HAVE_KYBER
     #define WOLFSSL_WC_KYBER
     #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
 #endif
 
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
  * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
 /* See below for chipset detection from sdkconfig.h */
 
 /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
-/* #define SINGLE_THREADED */
+#define SINGLE_THREADED
 
-/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
  * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
@@ -92,9 +320,6 @@
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
-
-
-
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_256 */
@@ -109,14 +334,33 @@
 #define BENCH_EMBEDDED
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
+
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE. For now just syntax highlight: */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
 
 #define NO_FILESYSTEM
 
@@ -133,29 +377,64 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
-
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
-
- /* ED25519 requires SHA512 */
-#define HAVE_ED25519
-
 /* Some features not enabled for ESP8266: */
 #if defined(CONFIG_IDF_TARGET_ESP8266) || \
     defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
     /* TODO determine low memory configuration for ECC. */
 #else
-    #define HAVE_ECC
-    #define HAVE_CURVE25519
-    #define CURVE25519_SMALL
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
+
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
+
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
 #endif
 
-#define HAVE_ED25519
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
 
-/* Optional OPENSSL compatibility */
-#define OPENSSL_EXTRA
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
 
 /* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
@@ -208,7 +487,7 @@
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
 /* #define WOLFSSL_SP_RISCV32    */
@@ -217,6 +496,14 @@
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 
@@ -224,18 +511,32 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
+
 
+    #define WOLFSSL_CERT_TEXT
 
-#define WOLFSSL_CERT_TEXT
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -255,10 +556,62 @@
 --enable-asn-template
 */
 
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 /* Chipset detection from sdkconfig.h
  * Default is HW enabled unless turned off.
  * Uncomment lines to force SW instead of HW acceleration */
-#if defined(CONFIG_IDF_TARGET_ESP32)
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ESP32
     /*  Alternatively, if there's an ECC Secure Element present: */
     /* #define WOLFSSL_ESPWROOM32SE */
@@ -435,18 +788,30 @@
 /* Debug options:
 See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
 
 See wolfcrypt/benchmark/benchmark.c for debug and other settings:
 
@@ -458,7 +823,8 @@ Turn on timer debugging (used when CPU cycles not available)
 */
 
 /* Pause in a loop rather than exit. */
-#define WOLFSSL_ESPIDF_ERROR_PAUSE
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
 
 #define WOLFSSL_HW_METRICS
 
@@ -507,6 +873,12 @@ Turn on timer debugging (used when CPU cycles not available)
  * There are various certificate examples in this header file:
  * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
  * To use the sets of macros below, define *one* of these:
  *
  *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
@@ -584,7 +956,8 @@ Turn on timer debugging (used when CPU cycles not available)
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
-    	/* Be sure to include in app when using example certs: */
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
@@ -605,7 +978,8 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
-    	/* Be sure to include in app when using example certs: */
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
@@ -629,3 +1003,34 @@ Turn on timer debugging (used when CPU cycles not available)
         #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
new file mode 100644
index 0000000000..b43b62cb47
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
@@ -0,0 +1,123 @@
+# Kconfig main
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
+menu "Example wolfSSL Configuration"
+
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
+    help
+        The user settings file can be adjusted to specific wolfSSL examples.
+
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hellow World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_APPLE_HOMEKIT
+        bool "Apple HomeKit for the ESP32"
+        help
+            See AchimPieters/esp32-homekit-demo on GitHub.
+
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
+
+config WOLFSSL_TARGET_HOST
+    string "Target host"
+    default "127.0.0.1"
+    help
+        host address for the example to connect
+
+config WOLFSSL_TARGET_PORT
+    int "Target port"
+    default 11111
+    help
+        host port for the example to connect
+
+endmenu
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/main.c b/IDE/Espressif/ESP-IDF/examples/template/main/main.c
index f2f69bcb28..6b3abe13f6 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/main.c
@@ -50,6 +50,11 @@ void app_main(void)
 #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
     int ret = 0;
 #endif
+
+#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
+#endif
+
     ESP_LOGI(TAG, "Hello wolfSSL!");
 
 #ifdef HAVE_VERSION_EXTENDED_INFO
diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
index 88f1e113e9..d14a51ee0c 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
@@ -1,6 +1,11 @@
+# Set the known example app config to template example (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
+
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
+# Set the known example app config to TLS Client (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
 #
 # Default main stack size
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
index 7b3a4f255b..143a6a6991 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
@@ -62,10 +62,10 @@ See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-sh
 
 ## ESP-IDF Commandline
 
-1. `idf.py menuconfig` to configure the program.  
+1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    BENCH_ARG : argument that you want to use. Default is "-lng 0"  
+    BENCH_ARG : argument that you want to use. Default is "-lng 0"
     The list of argument can be find in help.
 
 When you want to run the benchmark program
@@ -110,9 +110,9 @@ idf.py build flash -p /dev/ttyS20 -b 115200 monitor
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 115200 monitor`:
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
index 29f679b78f..f0bef7fc31 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
@@ -1,21 +1,21 @@
 #
-#  Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl Espressif projects
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
index 5862894ee4..1c30597da9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
@@ -705,7 +705,7 @@ Turn on timer debugging (used when CPU cycles not available)
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
-    	/* Be sure to include in app when using example certs: */
+        /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
@@ -726,7 +726,7 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
-    	/* Be sure to include in app when using example certs: */
+        /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
index e37c4d5f62..6614af4fcc 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
@@ -19,7 +19,7 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
 endif()
 
 idf_component_register(SRCS main.c
-                       INCLUDE_DIRS "." 
+                       INCLUDE_DIRS "."
                        "./include")
 
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
index 45d4b1d264..cedefce722 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
@@ -39,6 +39,10 @@
 #
 PROJECT_NAME := wolfssl_client
 
+# Optionally include component source when print path (needs work to then properly build)
+#
+# include components/wolfssl/component.mk
+
 MY_PRIVATE_CONFIG ?= n
 USE_MY_PRIVATE_WSL_CONFIG ?= n
 USE_MY_PRIVATE_MAC_CONFIG ?= n
@@ -52,76 +56,76 @@ USE_MY_PRIVATE_WINDOWS_CONFIG ?= n
 $(info *************  wolfssl_client *************)
 
 ifeq ($(MY_PRIVATE_CONFIG),y)
-    CFLAGS += -DMY_PRIVATE_CONFIG
-    $(info Enabled MY_PRIVATE_CONFIG")
+	CFLAGS += -DMY_PRIVATE_CONFIG
+	$(info Enabled MY_PRIVATE_CONFIG")
 endif
 
 # Check for Windows environment variable: USE_MY_PRIVATE_WINDOWS_CONFIG
 ifeq ($(USE_MY_PRIVATE_WINDOWS_CONFIG),y)
-    # This hard coded MY_CONFIG_FILE value must match that in the header file.
-    MY_CONFIG_FILE := /workspace/my_private_config.h
-    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
-        $(info File does not exist: $(MY_CONFIG_FILE))
-    else
-        CFLAGS += -DUSE_MY_PRIVATE_WINDOWS_CONFIG
-        $(info Using private config file for: Windows)
-    endif
+	# This hard coded MY_CONFIG_FILE value must match that in the header file.
+	MY_CONFIG_FILE := /workspace/my_private_config.h
+	ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+		$(info File does not exist: $(MY_CONFIG_FILE))
+	else
+		CFLAGS += -DUSE_MY_PRIVATE_WINDOWS_CONFIG
+		$(info Using private config file for: Windows)
+	endif
 endif
 
 # Check for WSL environment variable: USE_MY_PRIVATE_WSL_CONFIG
 ifeq ($(USE_MY_PRIVATE_WSL_CONFIG),y)
-    # This hard coded MY_CONFIG_FILE value must match that in the header file.
-    MY_CONFIG_FILE := /mnt/c/workspace/my_private_config.h
-    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
-        $(info File does not exist: $(MY_CONFIG_FILE))
-    else
-        CFLAGS += -DUSE_MY_PRIVATE_WSL_CONFIG
-        $(info Using private config file for: WSL)
-    endif
+	# This hard coded MY_CONFIG_FILE value must match that in the header file.
+	MY_CONFIG_FILE := /mnt/c/workspace/my_private_config.h
+	ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+		$(info File does not exist: $(MY_CONFIG_FILE))
+	else
+		CFLAGS += -DUSE_MY_PRIVATE_WSL_CONFIG
+		$(info Using private config file for: WSL)
+	endif
 endif
 
 # Check for Linux environment variable: USE_MY_PRIVATE_LINUX_CONFIG
 ifeq ($(USE_MY_PRIVATE_LINUX_CONFIG),y)
-    # This hard coded MY_CONFIG_FILE value must match that in the header file.
-    MY_CONFIG_FILE := ~/workspace/my_private_config.h
-    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
-        $(info File does not exist: $(MY_CONFIG_FILE))
-    else
-        CFLAGS += -DUSE_MY_PRIVATE_LINUX_CONFIG
-        $(info Using private config file for: Linux)
-    endif
+	# This hard coded MY_CONFIG_FILE value must match that in the header file.
+	MY_CONFIG_FILE := ~/workspace/my_private_config.h
+	ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+		$(info File does not exist: $(MY_CONFIG_FILE))
+	else
+		CFLAGS += -DUSE_MY_PRIVATE_LINUX_CONFIG
+		$(info Using private config file for: Linux)
+	endif
 endif
 
 # Check for Mac environment variable: USE_MY_PRIVATE_MAC_CONFIG
 ifeq ($(USE_MY_PRIVATE_MAC_CONFIG),y)
-    # This hard coded MY_CONFIG_FILE value must match that in the header file.
-    MY_CONFIG_FILE := ~/Documents/my_private_config.h
-    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
-        $(info File does not exist: $(MY_CONFIG_FILE))
-    else
-        CFLAGS += -DUSE_MY_PRIVATE_MAC_CONFIG
-        $(info Using private config file for: Mac)
-    endif
+	# This hard coded MY_CONFIG_FILE value must match that in the header file.
+	MY_CONFIG_FILE := ~/Documents/my_private_config.h
+	ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+		$(info File does not exist: $(MY_CONFIG_FILE))
+	else
+		CFLAGS += -DUSE_MY_PRIVATE_MAC_CONFIG
+		$(info Using private config file for: Mac)
+	endif
 endif
 
 ifneq ($(OS),MY_PRIVATE_CONFIG)
-    CFLAGS += -DMY_PRIVATE_CONFIG="$(MY_PRIVATE_CONFIG)"
+	CFLAGS += -DMY_PRIVATE_CONFIG="$(MY_PRIVATE_CONFIG)"
 else
-    ifeq ($(OS),Linux)
-        CFLAGS += -DOS_LINUX
-    endif
-    ifeq ($(OS),Windows_NT)
-        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_WINDOWS
-    endif
-    ifeq ($(OS),Darwin)
-        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_APPLE
-    endif
-    ifneq (,$(findstring MINGW,$(OS)))
-        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_MINGW
-    endif
-    ifneq (,$(findstring CYGWIN,$(OS)))
-        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_CYGWIN
-    endif
+	ifeq ($(OS),Linux)
+		CFLAGS += -DOS_LINUX
+	endif
+	ifeq ($(OS),Windows_NT)
+		CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_WINDOWS
+	endif
+	ifeq ($(OS),Darwin)
+		CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_APPLE
+	endif
+	ifneq (,$(findstring MINGW,$(OS)))
+		CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_MINGW
+	endif
+	ifneq (,$(findstring CYGWIN,$(OS)))
+		CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_CYGWIN
+	endif
 endif
 
 # It is essential that the build process sees the WOLFSSL_USER_SETTINGS
@@ -132,3 +136,4 @@ EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_
 
 # The Standard Espressif IDF include:
 include $(IDF_PATH)/make/project.mk
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
index d8ed28c051..43961ec9be 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
@@ -56,23 +56,23 @@ Difficulty flashing:
 
 1. `idf.py menuconfig` to config the project
 
-      1-1. Example Configuration ->  
+      1-1. Example Configuration ->
 
           Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
 
      1-2. Example Connection Configuration ->
-     
-          WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")  
+
+          WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")
           WIFI Password: WIFI password, and default is "mypassword"
-    
-    
-    Note: the example program uses 11111 port. If you want to use different port  
+
+
+    Note: the example program uses 11111 port. If you want to use different port
         , you need to modify DEFAULT_PORT definition in the code.
 
 When you want to test the wolfSSL client
 
-1. `idf.py -p <PORT> flash` and then `idf.py monitor` to load the firmware and see the context  
-2. You can use <wolfssl>/examples/server/server program for test.  
+1. `idf.py -p <PORT> flash` and then `idf.py monitor` to load the firmware and see the context
+2. You can use <wolfssl>/examples/server/server program for test.
 
          e.g. Launch ./examples/server/server -v 4 -b -i -d
 
@@ -83,11 +83,75 @@ Reminder that we build with `make` and not `cmake` in VisualGDB.
 
 Build files will be created in `[project directory]\build`
 
-## ESP-IDF make Commandline (version 3.5 or earlier for the ESP8266)
+See notes below if building a project in a directory other than the examples.
+
+Problems?
+
+- Try deleting any existing `sdkconfig` file and/or `./build` directory to start fresh.
+- Be sure the RTOS SDK is installed and properly configured.
+
+## ESP-IDF `make` Commandline (version 3.5 or earlier for the ESP8266)
+
+In-place example build:
 
+```bash
+export IDF_PATH=~/esp/ESP8266_RTOS_SDK
+export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin"
+cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client
+make clean
+make
 ```
+
+When building a in a *different directory*, for example assuming the `wolfssl_client` in the wolfssl examples
+directory is copied to the `C:\test\demo` directory in Windows. (aka ` /mnt/c/test/demo` in WSL),
+with a clone of wolfSSL `master` branch in `C:\workspace\wolfssl-master`:
+
+```bash
+cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+```
+
+Modify the project `./components/wolfssl/component.mk` file. Adjust `WOLFSSL_ROOT` setting, in this case to a value of:
+
+`WOLFSSL_ROOT := ../../../../workspace/wolfssl-master`
+
+Ensure the path is *relative* to the project `component.mk` file location and *not* absolute.
+
+Note the location of the component makefile in this case is `c:\test\demo\components\wolfssl\component.mk`.
+Thus we need to navigate up 4 parents to the root of `C:\` to find `/mnt/c` in WSL.
+
+Proceed to run `make` from the project directory as usual:
+
+```bash
+# setup environment as needed
 export IDF_PATH=~/esp/ESP8266_RTOS_SDK
+export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin"
+
+# copy and navigate to project directory
+mkdir -p /mnt/c/test/demo
+cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+cd /mnt/c/test/demo
 
+# Clean
+rm -rf ./build
+rm sdkconfig
+make clean
+
+# Edit ./components/wolfssl/component.mk and set WOLFSSL_ROOT value
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# build the example project
+make
+```
+
+When using `make` there should be details in the build log to indicate
+the assigned path, and the equivalent, fully-qualified path of `WOLFSSL_ROOT`.
+
+```
+*************  wolfssl_client *************
+***********  wolfssl component ************
+WOLFSSL_ROOT defined: ../../../../workspace/wolfssl-master
+WOLFSSL_ROOT actual:  /mnt/c/workspace/wolfssl-master
+********** end wolfssl component **********
 ```
 
 
@@ -158,7 +222,7 @@ Command:
 
 ```
 cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
-. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
+. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
 idf.py flash -p /dev/ttyS19 -b 115200 monitor
 ```
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
index 01dd6baf8a..71ab1b6c11 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
@@ -49,7 +49,7 @@ make clean && make
 ### Others...
 
 ```
-# Success: Linux Client to ESP32 Server TLS1.2 
+# Success: Linux Client to ESP32 Server TLS1.2
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
@@ -81,7 +81,7 @@ be the same as the Linux server files.
 
 |  Usage |            Certificate             |        Key                          |   Certificate Authority file, default ./certs/client-cert.pem |
 | -----  | ---------------------------------- | ----------------------------------- | --------------------------------- |
-| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |                      
+| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |
 | client | -c ./certs/sm2/client-sm2.pem      | -k ./certs/sm2/client-sm2-priv.pem  | -A ./certs/sm2/root-sm2.pem -C    |
 | emdedded:
 | server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2  |
@@ -156,7 +156,7 @@ I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
 I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
 I (636) spi_flash: detected chip: generic
 I (639) spi_flash: flash io: dio
-W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the 
+W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
 size in the binary image header.
 I (657) cpu_start: Starting scheduler on PRO CPU.
 I (0) cpu_start: Starting scheduler on APP CPU.
@@ -358,12 +358,12 @@ I (14715) internal.c: GrowOutputBuffer ok
 I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
 I (14725) wolfssl: Point Formats extension to write
 W (14735) wolfio: ssl->wflags = 0
-I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57 
-I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8 
-I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20 
-I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58 
-I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00 
-I (14765) wolfio: 06 00 0b 00 02 01 00 
+I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
+I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
+I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
+I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
+I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
+I (14765) wolfio: 06 00 0b 00 02 01 00
 W (14775) wolfio: sz          = 87
 I (14775) wolfssl: Shrinking output buffer
 I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
@@ -372,53 +372,53 @@ I (14795) wolfssl: wolfSSL Entering SendCertificate
 I (14795) wolfssl: growing output buffer
 I (14805) internal.c: GrowOutputBuffer ok
 W (14815) wolfio: ssl->wflags = 0
-I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30 
-I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30 
-I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b 
-I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 
-I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 
-I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 
-I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 
-I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06 
-I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c 
-I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d 
-I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 
-I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f 
-I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01 
-I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33 
-I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31 
-I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30 
-I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 
-I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e 
-I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14 
-I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c 
-I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53 
-I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55 
-I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 
-I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 
-I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 
-I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 
-I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30 
-I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c 
-I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f 
-I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa 
-I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f 
-I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0 
-I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30 
-I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b 
-I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f 
-I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb 
-I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30 
-I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06 
-I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06 
-I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 
-I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04 
-I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83 
-I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d 
-I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3 
-I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1 
-I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f 
-I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68 
+I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
+I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
+I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
+I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
+I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
+I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
+I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
+I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
+I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
+I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
+I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
+I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
+I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
+I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
+I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
+I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
+I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
+I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
+I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
+I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
+I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
+I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
+I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
+I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
+I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
+I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
+I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
+I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
+I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
+I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
+I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
+I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
+I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
+I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
+I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
+I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
+I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
+I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
+I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
+I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
+I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
+I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
+I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
+I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
+I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
+I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
+I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
 W (15135) wolfio: sz          = 747
 I (15135) wolfssl: Shrinking output buffer
 I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
@@ -440,16 +440,16 @@ I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
 I (15925) wolfssl: growing output buffer
 I (15925) internal.c: GrowOutputBuffer ok
 W (15925) wolfio: ssl->wflags = 0
-I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5 
-I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3 
-I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f 
-I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27 
-I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08 
-I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad 
-I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac 
-I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a 
-I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c 
-I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6 
+I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
+I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
+I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
+I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
+I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
+I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
+I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
+I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
+I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
+I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
 W (15995) wolfio: sz          = 154
 I (16005) wolfssl: Shrinking output buffer
 I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
@@ -459,7 +459,7 @@ I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
 I (16035) wolfssl: growing output buffer
 I (16035) internal.c: GrowOutputBuffer ok
 W (16045) wolfio: ssl->wflags = 0
-I (16045) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16045) wolfio: sz          = 9
 I (16055) wolfssl: Embed Send error
 I (16055) wolfssl:      Connection reset
@@ -479,14 +479,14 @@ I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
 I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
 E (16145) tls_server: ERROR: failed to read
 I (16145) wolfssl: Client sends:
-I (16145) wolfssl: 
+I (16145) wolfssl:
 I (16155) wolfssl: wolfSSL Entering wolfSSL_write
 I (16155) wolfssl: handshake not complete, trying to finish
 I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
 I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
 I (16175) wolfssl: wolfSSL Entering ReinitSSL
 W (16185) wolfio: ssl->wflags = 0
-I (16185) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16185) wolfio: sz          = 9
 I (16195) wolfssl: Embed Send error
 I (16195) wolfssl:      General error
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
index 35b5cf88a8..c3c09ca532 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
@@ -1,21 +1,21 @@
 #
-#  Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl Espressif projects
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
index c1087504a5..1008e04afe 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
@@ -18,7 +18,9 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 
-#
+$(info ***********  wolfssl component ************)
+
+ #
 # Component Makefile
 #
 #
@@ -48,14 +50,57 @@
 # define it here:
 CFLAGS +=-DWOLFSSL_USER_SETTINGS
 
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
 # NOTICE: the WOLFSSL_ROOT setting MUST be relative!
 # See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
 # In the wolfSSL GitHub examples for Espressif:
 #   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
 # When this wolfssl component.mk makefile is in [project]/components/wolfssl
-# The root is 7 directories up from here:
+# The root is 7 directories up from here (the location of of this component.mk):
 WOLFSSL_ROOT := ../../../../../../..
 
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[currect directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT))
+
 # NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
 COMPONENT_ADD_INCLUDEDIRS := .
@@ -64,7 +109,6 @@ COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
@@ -120,7 +164,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
@@ -144,7 +188,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -176,7 +220,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
@@ -213,8 +257,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
 
@@ -246,5 +290,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.
 ##
 ## wolfcrypt
 ##
-# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
+## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
index 1f00afa3c5..638fdf343d 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
@@ -297,8 +297,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 
 /* see user_settings PROJECT_DH for HAVE_DH and HAVE_FFDHE_2048 */
 #ifndef NO_DH
-    ret = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
-     if (ret != WOLFSSL_SUCCESS) {
+    ret_i = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
+     if (ret_i != WOLFSSL_SUCCESS) {
         ESP_LOGE(TAG, "Error setting minimum DH key size");
     }
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
index c663c78cbc..6baa41aa7a 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
@@ -20,18 +20,18 @@ The Example contains a wolfSSL simple server.
 1. `idf.py menuconfig` to configure the project
 
     1-1. Example Connection Configuration ->
-    
-           WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")  
+
+           WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")
            WIFI Password : WIFI password, and default is "mypassword"
 
 When you want to test the wolfSSL simple server demo
 
 1. `idf.py -p <PORT> flash` to compile the code and load the firmware
 2. `idf.py monitor` to see the context. The assigned IP address can be found in output message.
-3. Once the server connects to the wifi, it is waiting for client request.  
+3. Once the server connects to the wifi, it is waiting for client request.
     ("Waiting for a connection..." message will be displayed.)
-   
-4. You can use <wolfssl>/examples/client to test the server  
+
+4. You can use <wolfssl>/examples/client to test the server
     e.g ./example/client/client -h xx.xx.xx
 
 See the README.md file in the upper level 'examples' directory for more information about examples.
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
index 01dd6baf8a..71ab1b6c11 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
@@ -49,7 +49,7 @@ make clean && make
 ### Others...
 
 ```
-# Success: Linux Client to ESP32 Server TLS1.2 
+# Success: Linux Client to ESP32 Server TLS1.2
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
@@ -81,7 +81,7 @@ be the same as the Linux server files.
 
 |  Usage |            Certificate             |        Key                          |   Certificate Authority file, default ./certs/client-cert.pem |
 | -----  | ---------------------------------- | ----------------------------------- | --------------------------------- |
-| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |                      
+| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |
 | client | -c ./certs/sm2/client-sm2.pem      | -k ./certs/sm2/client-sm2-priv.pem  | -A ./certs/sm2/root-sm2.pem -C    |
 | emdedded:
 | server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2  |
@@ -156,7 +156,7 @@ I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
 I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
 I (636) spi_flash: detected chip: generic
 I (639) spi_flash: flash io: dio
-W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the 
+W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
 size in the binary image header.
 I (657) cpu_start: Starting scheduler on PRO CPU.
 I (0) cpu_start: Starting scheduler on APP CPU.
@@ -358,12 +358,12 @@ I (14715) internal.c: GrowOutputBuffer ok
 I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
 I (14725) wolfssl: Point Formats extension to write
 W (14735) wolfio: ssl->wflags = 0
-I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57 
-I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8 
-I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20 
-I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58 
-I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00 
-I (14765) wolfio: 06 00 0b 00 02 01 00 
+I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
+I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
+I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
+I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
+I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
+I (14765) wolfio: 06 00 0b 00 02 01 00
 W (14775) wolfio: sz          = 87
 I (14775) wolfssl: Shrinking output buffer
 I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
@@ -372,53 +372,53 @@ I (14795) wolfssl: wolfSSL Entering SendCertificate
 I (14795) wolfssl: growing output buffer
 I (14805) internal.c: GrowOutputBuffer ok
 W (14815) wolfio: ssl->wflags = 0
-I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30 
-I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30 
-I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b 
-I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 
-I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 
-I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 
-I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 
-I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06 
-I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c 
-I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d 
-I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 
-I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f 
-I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01 
-I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33 
-I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31 
-I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30 
-I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 
-I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e 
-I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14 
-I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c 
-I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53 
-I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55 
-I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 
-I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 
-I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 
-I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 
-I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30 
-I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c 
-I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f 
-I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa 
-I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f 
-I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0 
-I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30 
-I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b 
-I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f 
-I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb 
-I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30 
-I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06 
-I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06 
-I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 
-I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04 
-I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83 
-I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d 
-I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3 
-I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1 
-I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f 
-I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68 
+I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
+I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
+I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
+I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
+I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
+I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
+I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
+I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
+I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
+I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
+I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
+I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
+I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
+I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
+I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
+I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
+I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
+I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
+I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
+I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
+I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
+I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
+I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
+I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
+I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
+I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
+I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
+I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
+I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
+I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
+I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
+I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
+I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
+I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
+I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
+I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
+I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
+I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
+I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
+I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
+I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
+I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
+I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
+I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
+I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
+I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
+I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
 W (15135) wolfio: sz          = 747
 I (15135) wolfssl: Shrinking output buffer
 I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
@@ -440,16 +440,16 @@ I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
 I (15925) wolfssl: growing output buffer
 I (15925) internal.c: GrowOutputBuffer ok
 W (15925) wolfio: ssl->wflags = 0
-I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5 
-I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3 
-I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f 
-I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27 
-I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08 
-I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad 
-I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac 
-I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a 
-I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c 
-I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6 
+I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
+I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
+I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
+I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
+I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
+I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
+I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
+I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
+I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
+I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
 W (15995) wolfio: sz          = 154
 I (16005) wolfssl: Shrinking output buffer
 I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
@@ -459,7 +459,7 @@ I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
 I (16035) wolfssl: growing output buffer
 I (16035) internal.c: GrowOutputBuffer ok
 W (16045) wolfio: ssl->wflags = 0
-I (16045) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16045) wolfio: sz          = 9
 I (16055) wolfssl: Embed Send error
 I (16055) wolfssl:      Connection reset
@@ -479,14 +479,14 @@ I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
 I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
 E (16145) tls_server: ERROR: failed to read
 I (16145) wolfssl: Client sends:
-I (16145) wolfssl: 
+I (16145) wolfssl:
 I (16155) wolfssl: wolfSSL Entering wolfSSL_write
 I (16155) wolfssl: handshake not complete, trying to finish
 I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
 I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
 I (16175) wolfssl: wolfSSL Entering ReinitSSL
 W (16185) wolfio: ssl->wflags = 0
-I (16185) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16185) wolfio: sz          = 9
 I (16195) wolfssl: Embed Send error
 I (16195) wolfssl:      General error
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
index 60297155f5..b809a17142 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
@@ -1,21 +1,21 @@
 #
-#  Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl Espressif projects
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
index 9109e6f706..380da3e691 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
@@ -132,7 +132,7 @@
 #define WOLFSSL_SHA384
 
 #if defined(CONFIG_IDF_TARGET_ESP8266)
-	/* Some known low-memory devices have features not enabled by default. */
+    /* Some known low-memory devices have features not enabled by default. */
 #else
     /* when you want to use SHA512 */
     #define WOLFSSL_SHA512
@@ -140,7 +140,7 @@
     /* when you want to use SHA3 */
     #define WOLFSSL_SHA3
 
-	/* ED25519 requires SHA512 */
+    /* ED25519 requires SHA512 */
     #define HAVE_ED25519
 
     #define HAVE_ECC
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
index d31083f65b..44bd2b5273 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
@@ -1,3 +1,3 @@
 #
 # Main Makefile. This is basically the same as a component makefile.
-#
\ No newline at end of file
+#
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
index e4e79dce8d..ee66039f04 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
@@ -7,7 +7,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## ESP Registry
 
-The easiest way to get started with wolfSSL is by using the 
+The easiest way to get started with wolfSSL is by using the
 [ESP Registry](https://components.espressif.com/components/wolfssl/wolfssl/) examples.
 
 ```
@@ -24,10 +24,10 @@ No wolfSSL setup is needed. You may need to adjust your specific COM port. The d
 
 ## ESP-IDF Commandline
 
-1. `idf.py menuconfig` to configure the program.  
+1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    TEST_ARG : argument that you want to use. Default is "-lng 0"  
+    TEST_ARG : argument that you want to use. Default is "-lng 0"
     The list of argument can be find in help.
 
 When you want to run the test program
@@ -60,16 +60,16 @@ idf.py set-target esp32s3
 idf.py erase-flash -p /dev/ttyS24 -b 115200
 
 # start with a low upload speed, then increase as found operational
-idf.py 
+idf.py
 # build and flash, in this example to COM24
 idf.py build flash -p /dev/ttyS24 -b 115200 monitor
 ```
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 115200 monitor`:
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
index b0be1c2dd0..5f42ad3452 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
@@ -1,21 +1,21 @@
 #
-#  Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl Espressif projects
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
index 59709233f2..9cf87e8fdb 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
@@ -705,7 +705,7 @@ Turn on timer debugging (used when CPU cycles not available)
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
-    	/* Be sure to include in app when using example certs: */
+        /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
@@ -726,7 +726,7 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
-    	/* Be sure to include in app when using example certs: */
+        /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
index e0a7643bea..0d8de0fd6f 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # testAll.sh [keyword suffix]
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
index f71c0f6cc9..9876995117 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Syntax:
 #   ./testMonitor.sh <example_name> <target> <keyword>
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
index f2efc2f3dd..f8ec01cec6 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
@@ -12,10 +12,10 @@ Open the VisualGDB Visual Studio Project file in the VisualGDB directory and cli
 
 ## ESP-IDF Commandline
 
-1. `idf.py menuconfig` to configure the program.  
+1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    TEST_ARG : argument that you want to use. Default is "-lng 0"  
+    TEST_ARG : argument that you want to use. Default is "-lng 0"
     The list of argument can be find in help.
 
 When you want to run the test program
@@ -46,9 +46,9 @@ idf.py build flash -p /dev/ttyS20 -b 115200 monitor
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 115200 monitor`:
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk
index e19e22a535..0adf45649a 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk
@@ -1,8 +1,8 @@
 #
 # Main component makefile.
 #
-# This Makefile can be left empty. By default, it will take the sources in the 
-# src/ directory, compile them and link them into lib(subdirectory_name).a 
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
 # in the build directory. This behaviour is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
-#
\ No newline at end of file
+#
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk
index d31083f65b..44bd2b5273 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk
@@ -1,3 +1,3 @@
 #
 # Main Makefile. This is basically the same as a component makefile.
-#
\ No newline at end of file
+#
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex
index b301e65201..a1a18d9812 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
index b63775e143..a0ec798a2b 100644
--- a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
@@ -1,21 +1,21 @@
 #
-#  Copyright (C) 2006-2022 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl
 #
diff --git a/IDE/Espressif/ESP-IDF/libs/README.md b/IDE/Espressif/ESP-IDF/libs/README.md
index 703baf1ea4..d5dc4c993d 100644
--- a/IDE/Espressif/ESP-IDF/libs/README.md
+++ b/IDE/Espressif/ESP-IDF/libs/README.md
@@ -4,4 +4,4 @@ Files in IDE\Espressif\ESP-IDF\libs:
 
 `component.mk` used in ESP-IDF `wolfssl` component directory
 
-`tigard.cfg` Tigard JTAG config file 
\ No newline at end of file
+`tigard.cfg` Tigard JTAG config file
diff --git a/IDE/Espressif/ESP-IDF/libs/component.mk b/IDE/Espressif/ESP-IDF/libs/component.mk
index ac239e538e..047bb83ea0 100644
--- a/IDE/Espressif/ESP-IDF/libs/component.mk
+++ b/IDE/Espressif/ESP-IDF/libs/component.mk
@@ -16,6 +16,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#/
 #
 #
 # Component Makefile
diff --git a/IDE/Espressif/ESP-IDF/setup.sh b/IDE/Espressif/ESP-IDF/setup.sh
index 8d10a59b72..7a68ae4d99 100755
--- a/IDE/Espressif/ESP-IDF/setup.sh
+++ b/IDE/Espressif/ESP-IDF/setup.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # check if IDF_PATH is set
 if [ -z "$IDF_PATH" ]; then
diff --git a/IDE/Espressif/ESP-IDF/test/README.md b/IDE/Espressif/ESP-IDF/test/README.md
index e832b5c50f..8a12a50fea 100644
--- a/IDE/Espressif/ESP-IDF/test/README.md
+++ b/IDE/Espressif/ESP-IDF/test/README.md
@@ -2,9 +2,9 @@
 
 The test contains of wolfSSL unit-test app on Unity.
 
-When you want to run the app  
-1. Go to /esp-idf/tools/unit-test-app/ folder  
-2. `idf.py menuconfig` to configure unit test app.  
-3. `idf.py -T wolfssl build` to build wolfssl unit test app.  
+When you want to run the app
+1. Go to /esp-idf/tools/unit-test-app/ folder
+2. `idf.py menuconfig` to configure unit test app.
+3. `idf.py -T wolfssl build` to build wolfssl unit test app.
 
 See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app.
diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am
index 7fa3887361..ab57c84ab7 100644
--- a/IDE/Espressif/include.am
+++ b/IDE/Espressif/include.am
@@ -22,7 +22,9 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/user_settings.h
 # Template
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
diff --git a/IDE/GCC-ARM/Header/user_settings.h b/IDE/GCC-ARM/Header/user_settings.h
index f1f8fd6d11..40986b08b4 100644
--- a/IDE/GCC-ARM/Header/user_settings.h
+++ b/IDE/GCC-ARM/Header/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -250,10 +250,10 @@ extern "C" {
 /* AES */
 #undef NO_AES
 #if 1
-	#undef  HAVE_AES_CBC
-	#define HAVE_AES_CBC
+    #undef  HAVE_AES_CBC
+    #define HAVE_AES_CBC
 
-	#undef  HAVE_AESGCM
+    #undef  HAVE_AESGCM
     #define HAVE_AESGCM
 
     /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
@@ -419,6 +419,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/GCC-ARM/README.md b/IDE/GCC-ARM/README.md
index 2aa29d969d..40b2bdfd1d 100644
--- a/IDE/GCC-ARM/README.md
+++ b/IDE/GCC-ARM/README.md
@@ -118,7 +118,7 @@ These settings are located in `Header/user_settings.h`.
 * `USE_SLOW_SHA`: Enables smaller/slower version of SHA.
 * `USE_SLOW_SHA256`: About 2k smaller and about 25% slower
 * `USE_SLOW_SHA512`: Over twice as small, but 50% slower
-* `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with. 
+* `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with.
 * `BENCH_EMBEDDED`: Define this if using the wolfCrypt test/benchmark and using a low memory target.
 * `ECC_USER_CURVES`: Allows user to define curve sizes to enable. Default is 256-bit on. To enable others use `HAVE_ECC192`, `HAVE_ECC224`, etc....
 * `TFM_ARM`, `TFM_SSE2`, `TFM_AVR32`, `TFM_PPC32`, `TFM_MIPS`, `TFM_X86` or `TFM_X86_64`: These are assembly optimizations available with USE_FAST_MATH.
diff --git a/IDE/GCC-ARM/Source/armtarget.c b/IDE/GCC-ARM/Source/armtarget.c
index 4780be1f1d..8b62a6b756 100644
--- a/IDE/GCC-ARM/Source/armtarget.c
+++ b/IDE/GCC-ARM/Source/armtarget.c
@@ -1,6 +1,6 @@
 /* armtarget.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/benchmark_main.c b/IDE/GCC-ARM/Source/benchmark_main.c
index e113c86ef6..1151bbc32c 100644
--- a/IDE/GCC-ARM/Source/benchmark_main.c
+++ b/IDE/GCC-ARM/Source/benchmark_main.c
@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/test_main.c b/IDE/GCC-ARM/Source/test_main.c
index bf7216b116..c63246368b 100644
--- a/IDE/GCC-ARM/Source/test_main.c
+++ b/IDE/GCC-ARM/Source/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/tls_client.c b/IDE/GCC-ARM/Source/tls_client.c
index 00afe6ef95..927b854d3d 100644
--- a/IDE/GCC-ARM/Source/tls_client.c
+++ b/IDE/GCC-ARM/Source/tls_client.c
@@ -1,6 +1,6 @@
 /* tls_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/tls_server.c b/IDE/GCC-ARM/Source/tls_server.c
index 50e93d1a1e..1a19b4e53c 100644
--- a/IDE/GCC-ARM/Source/tls_server.c
+++ b/IDE/GCC-ARM/Source/tls_server.c
@@ -1,6 +1,6 @@
 /* tls_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/wolf_main.c b/IDE/GCC-ARM/Source/wolf_main.c
index 3c705d2451..0956773b6e 100644
--- a/IDE/GCC-ARM/Source/wolf_main.c
+++ b/IDE/GCC-ARM/Source/wolf_main.c
@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/HEXAGON/DSP/Makefile b/IDE/HEXAGON/DSP/Makefile
index 5b73cef4db..361873ee8c 100644
--- a/IDE/HEXAGON/DSP/Makefile
+++ b/IDE/HEXAGON/DSP/Makefile
@@ -1,6 +1,6 @@
 # Makefile
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/HEXAGON/Makefile b/IDE/HEXAGON/Makefile
index cdf6a1c59e..cf7252c866 100644
--- a/IDE/HEXAGON/Makefile
+++ b/IDE/HEXAGON/Makefile
@@ -1,6 +1,6 @@
 # Makefile
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/HEXAGON/README.md b/IDE/HEXAGON/README.md
index 8ac7913db2..4cf6ffe170 100644
--- a/IDE/HEXAGON/README.md
+++ b/IDE/HEXAGON/README.md
@@ -71,5 +71,5 @@ benchmarking using threads on aDSP
 20000 verifies on 4 threads took 23.261446 seconds
 
 benchmarking 1 thread on cDSP
-5000 verifies on 1 threads took 18.560995 seconds 
+5000 verifies on 1 threads took 18.560995 seconds
 
diff --git a/IDE/HEXAGON/build.sh b/IDE/HEXAGON/build.sh
index 5e09fba45e..29fc8ed0ac 100755
--- a/IDE/HEXAGON/build.sh
+++ b/IDE/HEXAGON/build.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 if [ -z $1 ]; then
 	echo "./build <Debug | Release>"
 	exit 1
diff --git a/IDE/HEXAGON/ecc-verify-benchmark.c b/IDE/HEXAGON/ecc-verify-benchmark.c
index 24f9125702..bc88c38818 100644
--- a/IDE/HEXAGON/ecc-verify-benchmark.c
+++ b/IDE/HEXAGON/ecc-verify-benchmark.c
@@ -1,6 +1,6 @@
 /* ecc-verify-benchmark.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,14 +32,14 @@
 #define MAX_TIMES 5000
 #define MAX_BLOCK_SIZE 1024
 
-#include <sys/time.h>                                                       
+#include <sys/time.h>
 
-static double get_time()                                              
-{                                                                           
-    struct timeval tv;                                                      
-    gettimeofday(&tv, 0);                                                   
-    return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;                
-} 
+static double get_time()
+{
+    struct timeval tv;
+    gettimeofday(&tv, 0);
+    return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
+}
 
 
 /* software version */
diff --git a/IDE/HEXAGON/ecc-verify.c b/IDE/HEXAGON/ecc-verify.c
index ccbc18d81b..1e2d9510fb 100644
--- a/IDE/HEXAGON/ecc-verify.c
+++ b/IDE/HEXAGON/ecc-verify.c
@@ -1,6 +1,6 @@
 /* ecc-verify.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/HEXAGON/user_settings.h b/IDE/HEXAGON/user_settings.h
index 1897e883c4..5643e759db 100644
--- a/IDE/HEXAGON/user_settings.h
+++ b/IDE/HEXAGON/user_settings.h
@@ -13,25 +13,25 @@
 #define USE_FAST_MATH
 #define TFM_TIMING_RESISTANT
 #ifdef HAVE_ECC
-	#define ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
 #endif
 #ifndef NO_RSA
-	#define WC_RSA_BLINDING
+    #define WC_RSA_BLINDING
 #endif
 
 #if 1
-	#define WOLFSSL_HAVE_SP_RSA
-	#define WOLFSSL_HAVE_SP_ECC
-	#define WOLFSSL_SP_MATH
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_ECC
+    #define WOLFSSL_SP_MATH
 
-	#if 1
-		/* ARM NEON instructions */
-		#define WOLFSSL_SP_ARM64_ASM
-	#endif
-	#if 1
-		/* Use DSP */
-		#define WOLFSSL_DSP
-	#endif
+    #if 1
+        /* ARM NEON instructions */
+        #define WOLFSSL_SP_ARM64_ASM
+    #endif
+    #if 1
+        /* Use DSP */
+        #define WOLFSSL_DSP
+    #endif
 #endif
 
 #endif
diff --git a/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
index f5e51cd977..76d4470c75 100644
--- a/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
+++ b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
@@ -1,6 +1,6 @@
 /* benchmark-main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/benchmark/current_time.c b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
index 0e8d402687..cf0f57ac68 100644
--- a/IDE/IAR-EWARM/Projects/benchmark/current_time.c
+++ b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
@@ -1,6 +1,6 @@
 /* current-time.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/common/minimum-startup.c b/IDE/IAR-EWARM/Projects/common/minimum-startup.c
index ec79e29a4f..4463b158d2 100644
--- a/IDE/IAR-EWARM/Projects/common/minimum-startup.c
+++ b/IDE/IAR-EWARM/Projects/common/minimum-startup.c
@@ -1,6 +1,6 @@
 /* minimum-startup.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/test/test-main.c b/IDE/IAR-EWARM/Projects/test/test-main.c
index d472d5d1e1..13d1308d55 100644
--- a/IDE/IAR-EWARM/Projects/test/test-main.c
+++ b/IDE/IAR-EWARM/Projects/test/test-main.c
@@ -1,6 +1,6 @@
 /* test-main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c
index 36937deeff..07fd6c5bc8 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c
@@ -26,4 +26,4 @@ int main(void) {
   OS_CREATETASK(&WLFTASK, "Tests task", wolfTask, 100, WLFSTACK);
   OS_Start();                      /* Start the OS */
   return 0;
-}
\ No newline at end of file
+}
diff --git a/IDE/IAR-MSP430/main.c b/IDE/IAR-MSP430/main.c
index e89afb6280..c99cb0075a 100644
--- a/IDE/IAR-MSP430/main.c
+++ b/IDE/IAR-MSP430/main.c
@@ -1,6 +1,6 @@
 /* MSP430 example main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-MSP430/user_settings.h b/IDE/IAR-MSP430/user_settings.h
index 1e4caea9d3..fc8f6ba621 100644
--- a/IDE/IAR-MSP430/user_settings.h
+++ b/IDE/IAR-MSP430/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/INTIME-RTOS/libwolfssl.c b/IDE/INTIME-RTOS/libwolfssl.c
index 94d39bb24b..b92658eaf6 100644
--- a/IDE/INTIME-RTOS/libwolfssl.c
+++ b/IDE/INTIME-RTOS/libwolfssl.c
@@ -4,7 +4,7 @@
 #include <rt.h>
 
 BOOLEAN __stdcall RslMain( RTHANDLE hModule,
-                        DWORD  ul_reason_for_call,  
+                        DWORD  ul_reason_for_call,
                         LPVOID lpReserved
                        )
 {
diff --git a/IDE/LINUX-SGX/sgx_t_static.mk b/IDE/LINUX-SGX/sgx_t_static.mk
index ebb718cf74..1941bae02b 100644
--- a/IDE/LINUX-SGX/sgx_t_static.mk
+++ b/IDE/LINUX-SGX/sgx_t_static.mk
@@ -115,7 +115,7 @@ ifeq ($(HAVE_WOLFSSL_SP), 1)
 endif
 
 
-Flags_Just_For_C := -Wno-implicit-function-declaration -std=c11
+Flags_Just_For_C := -Wno-implicit-function-declaration -std=c99
 Common_C_Cpp_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Wolfssl_Include_Paths) -fno-builtin-printf -I.
 Wolfssl_C_Flags := $(Flags_Just_For_C) $(Common_C_Cpp_Flags) $(Wolfssl_C_Extra_Flags)
 
diff --git a/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c b/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c
index dd27de2665..1bd3c8ecd2 100644
--- a/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c
+++ b/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c
@@ -1,6 +1,6 @@
 /* lpc_18xx_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c b/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c
index 8f67b1c33e..f5ffe3fe6c 100644
--- a/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c
+++ b/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c
@@ -1,6 +1,6 @@
 /* lpc_18xx_startup.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/M68K/README.md b/IDE/M68K/README.md
index 2fe43b67ac..64eaad8b5d 100644
--- a/IDE/M68K/README.md
+++ b/IDE/M68K/README.md
@@ -34,7 +34,7 @@ BUILD_C
 RSA 2048 public 7.619 ops/sec
 RSA 2048 private 0.276 ops/sec
 
-###Building testwolfcryt/benchmark
+###Building testwolfcrypt/benchmark
 To build either testwolfcrypt or benchmark first build wolfssl.a, place it in
 $(NBROOT)/lib and then cd into the respective directory. Running "make" will
 then create a .s19 application that can be ran on the board.
diff --git a/IDE/M68K/benchmark/main.cpp b/IDE/M68K/benchmark/main.cpp
index a7a76fb2d5..263b9289a2 100644
--- a/IDE/M68K/benchmark/main.cpp
+++ b/IDE/M68K/benchmark/main.cpp
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/M68K/testwolfcrypt/main.cpp b/IDE/M68K/testwolfcrypt/main.cpp
index 8b31c9e893..3df8ebd37c 100644
--- a/IDE/M68K/testwolfcrypt/main.cpp
+++ b/IDE/M68K/testwolfcrypt/main.cpp
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MCUEXPRESSO/RT1170/user_settings.h b/IDE/MCUEXPRESSO/RT1170/user_settings.h
index f620b1cc9f..f89e398664 100644
--- a/IDE/MCUEXPRESSO/RT1170/user_settings.h
+++ b/IDE/MCUEXPRESSO/RT1170/user_settings.h
@@ -53,7 +53,7 @@
 /* using the RTC */
 //#define NO_ASN_TIME
 #ifndef NO_ASN_TIME
-	#define FREESCALE_SNVS_RTC
+    #define FREESCALE_SNVS_RTC
 #endif
 
 #define NO_CRYPT_TEST
@@ -64,19 +64,19 @@
     #include <stdarg.h>
     static void myPrintf(const char* fmt, ...)
     {
-	    int ret;
-	    char line[150];
-	    va_list ap;
+        int ret;
+        char line[150];
+        va_list ap;
 
-	    va_start(ap, fmt);
-	    ret = vsnprintf(line, sizeof(line), fmt, ap);
-	    line[sizeof(line)-1] = '\0';
+        va_start(ap, fmt);
+        ret = vsnprintf(line, sizeof(line), fmt, ap);
+        line[sizeof(line)-1] = '\0';
 
-	    DbgConsole_Printf("%s", line);
+        DbgConsole_Printf("%s", line);
 
-	    /* add CR on newlines */
-	    if (ret > 0 && line[ret-1] == '\n') {
-	        DbgConsole_Printf("\r");
+        /* add CR on newlines */
+        if (ret > 0 && line[ret-1] == '\n') {
+            DbgConsole_Printf("\r");
         }
     }
     #define XPRINTF myPrintf
diff --git a/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c b/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c
index c413251325..bf092fce9c 100644
--- a/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c
+++ b/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c
@@ -1,6 +1,6 @@
 /* run_benchmark.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MCUEXPRESSO/user_settings.h b/IDE/MCUEXPRESSO/user_settings.h
index 77e137852f..d9fd0766c2 100644
--- a/IDE/MCUEXPRESSO/user_settings.h
+++ b/IDE/MCUEXPRESSO/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,19 +40,19 @@
     #include <stdarg.h>
     static void myPrintf(const char* fmt, ...)
     {
-	    int ret;
-	    char line[150];
-	    va_list ap;
+        int ret;
+        char line[150];
+        va_list ap;
 
-	    va_start(ap, fmt);
-	    ret = vsnprintf(line, sizeof(line), fmt, ap);
-	    line[sizeof(line)-1] = '\0';
+        va_start(ap, fmt);
+        ret = vsnprintf(line, sizeof(line), fmt, ap);
+        line[sizeof(line)-1] = '\0';
 
-	    DbgConsole_Printf("%s", line);
+        DbgConsole_Printf("%s", line);
 
-	    /* add CR on newlines */
-	    if (ret > 0 && line[ret-1] == '\n') {
-	        DbgConsole_Printf("\r");
+        /* add CR on newlines */
+        if (ret > 0 && line[ret-1] == '\n') {
+            DbgConsole_Printf("\r");
         }
     }
     #define XPRINTF myPrintf
@@ -70,9 +70,9 @@
 #define USE_FAST_MATH
 #ifdef USE_FAST_MATH
     /* big enough for even 4096 bit RSA key */
-	#define FP_MAX_BITS 8192
-	#define TFM_TIMING_RESISTANT
-	#define ECC_TIMING_RESISTANT
+    #define FP_MAX_BITS 8192
+    #define TFM_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
     #define ALT_ECC_SIZE
 #endif
 
diff --git a/IDE/MCUEXPRESSO/wolfcrypt_test.c b/IDE/MCUEXPRESSO/wolfcrypt_test.c
index 08a0d432e8..8d8993dda2 100644
--- a/IDE/MCUEXPRESSO/wolfcrypt_test.c
+++ b/IDE/MCUEXPRESSO/wolfcrypt_test.c
@@ -1,6 +1,6 @@
 /* wolfcrypt_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c
index 1e7fba4f12..04d4802165 100644
--- a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c
+++ b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c
@@ -1,6 +1,6 @@
 /* time.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
index 5732479838..dadffe9dcf 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
@@ -2,7 +2,7 @@
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
- 
+
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -39,7 +39,7 @@ extern int  SER_PutChar   (int ch);
 /*-----------------------------------------------------------------------------
   Write character to the Serial Port
  *----------------------------------------------------------------------------*/
-int sendchar (int c) 
+int sendchar (int c)
 {
     if (c == '\n')  {
         SER_PutChar ('\r');
@@ -52,7 +52,7 @@ int sendchar (int c)
 /*-----------------------------------------------------------------------------
   Read character from the Serial Port
  *----------------------------------------------------------------------------*/
-int getkey (void) 
+int getkey (void)
 {
     int ch = SER_GetChar();
         #if defined (HAVE_KEIL_RTX)
@@ -67,7 +67,7 @@ int getkey (void)
 
 /*--------------------------- _ttywrch ---------------------------------------*/
 
-void _ttywrch (int ch) 
+void _ttywrch (int ch)
 {
 #ifdef STDIO
     sendchar (ch);
@@ -76,28 +76,28 @@ void _ttywrch (int ch)
 
 /*--------------------------- _sys_open --------------------------------------*/
 #ifndef NO_FILESYSTEM
-static int KEIL_FS_open(const char *name, int openmode) 
+static int KEIL_FS_open(const char *name, int openmode)
 {
     int i ;  int ret ;
     #define PATHSIZE 100
     char path[PATHSIZE] ; char *p ;
-    
+
     if(strlen(name) > PATHSIZE)return(-1) ;
-    
+
     for(i = 0; i<= strlen(name); i++) {
         if(name[i] == '/')path[i] = '\\' ;
         else              path[i] = name[i] ;
-    }       
+    }
     if(path[0] == '.' && path[1] == '\\') p = path + 2 ;
     else                                  p = path ;
 
     ret = __sys_open (p, openmode) ;
-    
+
     return(ret) ;
 }
 #endif
 
-FILEHANDLE _sys_open (const char *name, int openmode) 
+FILEHANDLE _sys_open (const char *name, int openmode)
 {
     /* Register standard Input Output devices. */
     if (strcmp(name, "STDIN") == 0) {
@@ -118,7 +118,7 @@ FILEHANDLE _sys_open (const char *name, int openmode)
 
 /*--------------------------- _sys_close -------------------------------------*/
 
-int _sys_close (FILEHANDLE fh) 
+int _sys_close (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (0);
@@ -132,7 +132,7 @@ int _sys_close (FILEHANDLE fh)
 
 /*--------------------------- _sys_write -------------------------------------*/
 
-int _sys_write (FILEHANDLE fh, const U8 *buf, U32 len, int mode) 
+int _sys_write (FILEHANDLE fh, const U8 *buf, U32 len, int mode)
 {
 #ifdef STDIO
     if (fh == STDOUT) {
@@ -155,7 +155,7 @@ int _sys_write (FILEHANDLE fh, const U8 *buf, U32 len, int mode)
 
 /*--------------------------- _sys_read --------------------------------------*/
 
-int _sys_read (FILEHANDLE fh, U8 *buf, U32 len, int mode) 
+int _sys_read (FILEHANDLE fh, U8 *buf, U32 len, int mode)
 {
 #ifdef STDIO
     if (fh == STDIN) {
@@ -183,7 +183,7 @@ int _sys_read (FILEHANDLE fh, U8 *buf, U32 len, int mode)
 
 /*--------------------------- _sys_istty -------------------------------------*/
 
-int _sys_istty (FILEHANDLE fh) 
+int _sys_istty (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (1);
@@ -193,7 +193,7 @@ int _sys_istty (FILEHANDLE fh)
 
 /*--------------------------- _sys_seek --------------------------------------*/
 
-int _sys_seek (FILEHANDLE fh, long pos) 
+int _sys_seek (FILEHANDLE fh, long pos)
 {
     if (fh > 0x8000) {
         return (-1);
@@ -207,7 +207,7 @@ int _sys_seek (FILEHANDLE fh, long pos)
 
 /*--------------------------- _sys_ensure ------------------------------------*/
 
-int _sys_ensure (FILEHANDLE fh) 
+int _sys_ensure (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (-1);
@@ -221,7 +221,7 @@ int _sys_ensure (FILEHANDLE fh)
 
 /*--------------------------- _sys_flen --------------------------------------*/
 
-long _sys_flen (FILEHANDLE fh) 
+long _sys_flen (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (0);
@@ -236,21 +236,21 @@ long _sys_flen (FILEHANDLE fh)
 
 /*--------------------------- _sys_tmpnam ------------------------------------*/
 
-int _sys_tmpnam (char *name, int sig, unsigned maxlen) 
+int _sys_tmpnam (char *name, int sig, unsigned maxlen)
 {
     return (1);
 }
 
 /*--------------------------- _sys_command_string ----------------------------*/
 
-char *_sys_command_string (char *cmd, int len) 
+char *_sys_command_string (char *cmd, int len)
 {
     return (cmd);
 }
 
 /*--------------------------- _sys_exit --------------------------------------*/
 
-void _sys_exit (int return_code) 
+void _sys_exit (int return_code)
 {
 #ifdef WOLFSSL_MDK_SHELL
     return ;
@@ -258,6 +258,6 @@ void _sys_exit (int return_code)
     /* Endless loop. */
     while (1);
 #endif
-    
+
 }
 
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
index 3f2af99c99..0f57692e27 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
@@ -1,6 +1,6 @@
 /* certs_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
index d06afdd1d6..f63a58eb06 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
@@ -8,8 +8,8 @@ extern int sizeof_client_key_der_1024 ;
 extern const unsigned char client_cert_der_1024[] ;
 extern int sizeof_client_cert_der_1024 ;
 /* ./certs/1024/dh1024.der, 1024-bit */
-extern const unsigned char dh_key_der_1024[] ; 
-extern int sizeof_dh_key_der_1024 ; 
+extern const unsigned char dh_key_der_1024[] ;
+extern int sizeof_dh_key_der_1024 ;
 /* ./certs/1024/dsa1024.der, 1024-bit */
 extern const unsigned char dsa_key_der_1024[] ;
 extern int sizeof_dsa_key_der_1024 ;
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
index ca36781692..04373c97ab 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
@@ -1,6 +1,6 @@
 /* config-BEREFOOT.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
index 45b8c1b329..85e02db34c 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
@@ -1,6 +1,6 @@
 /* config-FS.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
index a96e5d7862..eb93fa931a 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
@@ -1,6 +1,6 @@
 /* config-RTX-TCP-FS.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
index 98562cd164..d6fe1aa16d 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
@@ -1,6 +1,6 @@
 /* config.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
index de71e9941e..84d3bc4ba0 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
index 63e2cdc2f1..1ce952e037 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
@@ -1,6 +1,6 @@
 /*shell.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
index 024943bd3d..f7cb61f0df 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
@@ -1,6 +1,6 @@
 /* time-STM32F2.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
index bd7d515026..f41a948137 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
@@ -1,6 +1,6 @@
 /* time-dummy.c.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
index 9b68ab8158..7908dfec68 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
index 6e3464ba6e..b52c547fde 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -78,7 +78,7 @@ typedef int socklen_t ;
 #define tcp_listen      wolfssl_tcp_listen
 #define tcp_select     wolfssl_tcp_select
 
-extern int wolfssl_connect(int sd,  const  struct sockaddr* sa, 	int sz) ;
+extern int wolfssl_connect(int sd,  const  struct sockaddr* sa, int sz) ;
 extern int wolfssl_accept(int sd, struct sockaddr*addr, socklen_t *addrlen);
 extern int wolfssl_recv(int sd, void *buf, size_t len, int flags);
 extern int wolfssl_send(int sd, const void *buf, size_t len, int flags);
diff --git a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c
index 08dcbdf8f3..3a30349cac 100644
--- a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c
+++ b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c
@@ -1,6 +1,6 @@
 /* time-STM32F2xx.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Conf/user_settings.h b/IDE/MDK5-ARM/Conf/user_settings.h
index c58b5fb6a9..089712b852 100644
--- a/IDE/MDK5-ARM/Conf/user_settings.h
+++ b/IDE/MDK5-ARM/Conf/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h b/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h
index e6d314a771..66623a9441 100644
--- a/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h
+++ b/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h
@@ -1,6 +1,6 @@
 /* wolfssl_MDK_ARM.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c
index 1b055e7fa0..a9b0bc0add 100644
--- a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c
+++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/CryptTest/main.c b/IDE/MDK5-ARM/Projects/CryptTest/main.c
index 6425e654e5..826a8ade2b 100644
--- a/IDE/MDK5-ARM/Projects/CryptTest/main.c
+++ b/IDE/MDK5-ARM/Projects/CryptTest/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/EchoClient/main.c b/IDE/MDK5-ARM/Projects/EchoClient/main.c
index 22f27cb153..0e40a7249e 100644
--- a/IDE/MDK5-ARM/Projects/EchoClient/main.c
+++ b/IDE/MDK5-ARM/Projects/EchoClient/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/EchoServer/main.c b/IDE/MDK5-ARM/Projects/EchoServer/main.c
index 53a27bec00..a99244f63c 100644
--- a/IDE/MDK5-ARM/Projects/EchoServer/main.c
+++ b/IDE/MDK5-ARM/Projects/EchoServer/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/main.c b/IDE/MDK5-ARM/Projects/SimpleClient/main.c
index 0461547014..686cda6b6a 100644
--- a/IDE/MDK5-ARM/Projects/SimpleClient/main.c
+++ b/IDE/MDK5-ARM/Projects/SimpleClient/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/main.c b/IDE/MDK5-ARM/Projects/SimpleServer/main.c
index 973fdbbe1d..22e6a9b056 100644
--- a/IDE/MDK5-ARM/Projects/SimpleServer/main.c
+++ b/IDE/MDK5-ARM/Projects/SimpleServer/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c
index 9eab03cc69..db26c5b262 100644
--- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c
+++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c
index 3958f4a23e..06f39b0e86 100644
--- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c
+++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c
@@ -1,6 +1,6 @@
 /*shell.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c
index 8b1de0aa51..a4ce55fc60 100644
--- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c
+++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c
@@ -1,6 +1,6 @@
 /* time-STM32F2.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Src/ssl-dummy.c b/IDE/MDK5-ARM/Src/ssl-dummy.c
index 7cfd82ec69..734b126ce0 100644
--- a/IDE/MDK5-ARM/Src/ssl-dummy.c
+++ b/IDE/MDK5-ARM/Src/ssl-dummy.c
@@ -1,6 +1,6 @@
 /* ssl-dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MPLABX16/user_settings.h b/IDE/MPLABX16/user_settings.h
index d4754db89f..174551e95e 100644
--- a/IDE/MPLABX16/user_settings.h
+++ b/IDE/MPLABX16/user_settings.h
@@ -51,7 +51,7 @@ extern "C" {
     #undef  FP_MAX_BITS
     #define FP_MAX_BITS     2048
 #else
-    #define WOLFSSL_SP_MATH 
+    #define WOLFSSL_SP_MATH
     #define WOLFSSL_SP_SMALL
     #define WOLFSSL_SP_MATH_ALL
     #define SP_INT_BITS 256
@@ -162,7 +162,7 @@ extern "C" {
 
  /* #undef  WOLFSSL_AES_DIRECT
     #define WOLFSSL_AES_DIRECT */
-    
+
     #undef  NO_AES_CBC
     #define NO_AES_CBC
 #else
@@ -301,7 +301,7 @@ extern "C" {
 #define NO_PKCS8
 #define WOLFSSL_NO_PEM
 
-    
+
 /* ------------------------------------------------------------------------- */
 /* Enable Features */
 /* ------------------------------------------------------------------------- */
@@ -397,7 +397,7 @@ extern "C" {
 #undef  NO_PWDBASED
 #define NO_PWDBASED
 
-#undef  NO_MD5    
+#undef  NO_MD5
 #define NO_MD5
 
 #undef  NO_DES3
diff --git a/IDE/MQX/README-jp.md b/IDE/MQX/README-jp.md
index 093e98b6bd..649e7c65df 100644
--- a/IDE/MQX/README-jp.md
+++ b/IDE/MQX/README-jp.md
@@ -26,4 +26,3 @@
   CC:       コンパイラコマンド
   AR:       ARコマンド
   WOLF_ROOT: Makefileの格納位置を変える場合はこの定義を変更してください
-  
\ No newline at end of file
diff --git a/IDE/MQX/client-tls.c b/IDE/MQX/client-tls.c
index 9834251c0d..70ef3b4eaa 100644
--- a/IDE/MQX/client-tls.c
+++ b/IDE/MQX/client-tls.c
@@ -1,6 +1,6 @@
 /* client-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MQX/include.am b/IDE/MQX/include.am
index 27687d33e7..deb5ebc765 100644
--- a/IDE/MQX/include.am
+++ b/IDE/MQX/include.am
@@ -8,4 +8,4 @@ EXTRA_DIST+= IDE/MQX/README-jp.md
 EXTRA_DIST+= IDE/MQX/README.md
 EXTRA_DIST+= IDE/MQX/server-tls.c
 EXTRA_DIST+= IDE/MQX/user_config.h
-EXTRA_DIST+= IDE/MQX/user_settings.h
\ No newline at end of file
+EXTRA_DIST+= IDE/MQX/user_settings.h
diff --git a/IDE/MQX/server-tls.c b/IDE/MQX/server-tls.c
index e7e1a48529..33e26a9263 100644
--- a/IDE/MQX/server-tls.c
+++ b/IDE/MQX/server-tls.c
@@ -1,6 +1,6 @@
 /* server-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -193,4 +193,4 @@ int main()
     wolfSSL_Cleanup();      /* Cleanup the wolfSSL environment          */
     close(sockfd);          /* Close the socket listening for clients   */
     return 0;               /* Return reporting a success               */
-}
\ No newline at end of file
+}
diff --git a/IDE/MQX/user_config.h b/IDE/MQX/user_config.h
index d66e532355..81bbf4e49e 100644
--- a/IDE/MQX/user_config.h
+++ b/IDE/MQX/user_config.h
@@ -1 +1 @@
-#define MQX_CPU                 PSP_CPU_MK60DN512Z
\ No newline at end of file
+#define MQX_CPU                 PSP_CPU_MK60DN512Z
diff --git a/IDE/MSVS-2019-AZSPHERE/client/client.c b/IDE/MSVS-2019-AZSPHERE/client/client.c
index 6756c89a57..c206ce217a 100644
--- a/IDE/MSVS-2019-AZSPHERE/client/client.c
+++ b/IDE/MSVS-2019-AZSPHERE/client/client.c
@@ -1,6 +1,6 @@
-/* client.c
+/* client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/client/client.h b/IDE/MSVS-2019-AZSPHERE/client/client.h
index f10c0db94f..edef19afc3 100644
--- a/IDE/MSVS-2019-AZSPHERE/client/client.h
+++ b/IDE/MSVS-2019-AZSPHERE/client/client.h
@@ -1,6 +1,6 @@
 /* client.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/server/server.c b/IDE/MSVS-2019-AZSPHERE/server/server.c
index 7c4528a06d..5ffe865a46 100644
--- a/IDE/MSVS-2019-AZSPHERE/server/server.c
+++ b/IDE/MSVS-2019-AZSPHERE/server/server.c
@@ -1,6 +1,6 @@
-/* server.c
+/* server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/server/server.h b/IDE/MSVS-2019-AZSPHERE/server/server.h
index e4d5edfeaf..e3a53b5e3a 100644
--- a/IDE/MSVS-2019-AZSPHERE/server/server.h
+++ b/IDE/MSVS-2019-AZSPHERE/server/server.h
@@ -1,6 +1,6 @@
 /* server.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/shared/util.h b/IDE/MSVS-2019-AZSPHERE/shared/util.h
index fc54a709ae..0cab4bf60e 100644
--- a/IDE/MSVS-2019-AZSPHERE/shared/util.h
+++ b/IDE/MSVS-2019-AZSPHERE/shared/util.h
@@ -1,6 +1,6 @@
 /* util.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/user_settings.h b/IDE/MSVS-2019-AZSPHERE/user_settings.h
index 0dc2354b50..ea18de895f 100644
--- a/IDE/MSVS-2019-AZSPHERE/user_settings.h
+++ b/IDE/MSVS-2019-AZSPHERE/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,9 +31,9 @@
     #ifndef SERVER_IP
         #define SERVER_IP "192.168.1.200" /* Local Test Server IP */
     #endif
-	#ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 11111
-	#endif
+    #ifndef DEFAULT_PORT
+        #define DEFAULT_PORT 11111
+    #endif
     #define CERT         ca_cert_der_2048
     #define SIZEOF_CERT  sizeof_ca_cert_der_2048
     static const char msg[] = "Are you listening wolfSSL Server?";
@@ -41,9 +41,9 @@
     #ifndef SERVER_IP
         #define SERVER_IP "www.wolfssl.com"
     #endif
-	#ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 443
-	#endif
+    #ifndef DEFAULT_PORT
+        #define DEFAULT_PORT 443
+    #endif
     #define CERT         wolfssl_website_root_ca
     #define SIZEOF_CERT  sizeof_wolfssl_website_root_ca
     static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n";
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h
index 2837ac3c2d..6cca8f6015 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h
@@ -1,6 +1,6 @@
-/* template_appliance.h
+/* template_appliance.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h
index 05ed1790f6..403300de22 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h
@@ -1,4 +1,5 @@
-/* Copyright (C) 2006-2022 wolfSSL Inc.
+/ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
  * This file is part of wolfSSL.
  *
  * wolfSSL is free software; you can redistribute it and/or modify
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h
index 051b6ac03b..df84198e92 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h
@@ -1,6 +1,6 @@
-/* template_appliance.h
+/* template_appliance.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h
index 2afdfcf3ee..4078fb7a5b 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h
@@ -1,4 +1,4 @@
-#pragma once
+#pragma once
 
 /// <summary>
 /// This identifier should be defined before including any of the networking-related header files.
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c
index ca8e80577c..0d95b29e8e 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c
@@ -1,6 +1,6 @@
-/* main.c
+/* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MYSQL/CMakeLists_wolfCrypt.txt b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
index 566b7d8b80..ba6d98116a 100644
--- a/IDE/MYSQL/CMakeLists_wolfCrypt.txt
+++ b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
@@ -1,6 +1,6 @@
 # CMakeLists.txt
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/MYSQL/CMakeLists_wolfSSL.txt b/IDE/MYSQL/CMakeLists_wolfSSL.txt
index e95c929103..7bfaa88c90 100644
--- a/IDE/MYSQL/CMakeLists_wolfSSL.txt
+++ b/IDE/MYSQL/CMakeLists_wolfSSL.txt
@@ -1,6 +1,6 @@
 # CMakeLists.txt
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/NETOS/user_settings.h b/IDE/NETOS/user_settings.h
index ceb70ec663..efdbf01614 100644
--- a/IDE/NETOS/user_settings.h
+++ b/IDE/NETOS/user_settings.h
@@ -1,23 +1,23 @@
 /* user_settings.h
 *
-* Copyright (C) 2006-2021 wolfSSL Inc.
-*
-* This file is part of wolfSSL.
-*
-* wolfSSL is free software; you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation; either version 2 of the License, or
-* (at your option) any later version.
-*
-* wolfSSL is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program; if not, write to the Free Software
-* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-*/
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
 
 /* Custom wolfSSL user settings for GCC ARM */
 
@@ -410,6 +410,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h> /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/NETOS/wolfssl_netos_custom.c b/IDE/NETOS/wolfssl_netos_custom.c
index 8617eee66b..db4b518aa0 100644
--- a/IDE/NETOS/wolfssl_netos_custom.c
+++ b/IDE/NETOS/wolfssl_netos_custom.c
@@ -1,6 +1,6 @@
 /* wolfssl_netos_custom.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/README.md b/IDE/PlatformIO/examples/wolfssl_benchmark/README.md
index c602facfe5..6505ecbb5c 100644
--- a/IDE/PlatformIO/examples/wolfssl_benchmark/README.md
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/README.md
@@ -9,9 +9,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 ```
@@ -59,7 +59,7 @@ I (323) cpu_start: Compile time:     May 17 2024 19:42:07
 I (329) cpu_start: ELF file SHA256:  eebe816ce...
 I (334) cpu_start: ESP-IDF:          5.2.1
 I (339) cpu_start: Min chip rev:     v0.0
-I (344) cpu_start: Max chip rev:     v3.99 
+I (344) cpu_start: Max chip rev:     v3.99
 I (349) cpu_start: Chip rev:         v1.0
 I (354) heap_init: Initializing. RAM available for dynamic allocation:
 I (361) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
@@ -83,7 +83,7 @@ W (449) esp32_util: Warning: old cmake, user_settings.h location unknown.
 I (457) esp32_util: LIBWOLFSSL_VERSION_STRING = 5.7.0
 I (463) esp32_util: LIBWOLFSSL_VERSION_HEX = 5007000
 I (468) esp32_util: Stack HWM: 9204
-I (472) esp32_util: 
+I (472) esp32_util:
 I (475) esp32_util: Macro Name                 Defined   Not Defined
 I (482) esp32_util: ------------------------- --------- -------------
 I (489) esp32_util: NO_ESPIDF_DEFAULT........                 X
@@ -115,7 +115,7 @@ I (638) esp32_util: FREERTOS.................     X
 I (643) esp32_util: NO_WOLFSSL_DIR...........     X
 I (649) esp32_util: WOLFSSL_NO_CURRDIR.......     X
 I (654) esp32_util: WOLFSSL_LWIP.............     X
-I (660) esp32_util: 
+I (660) esp32_util:
 I (663) esp32_util: Compiler Optimization: Default
 I (668) esp32_util:
 I (671) esp32_util: CONFIG_IDF_TARGET = esp32
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini b/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini
index c9e32235c5..a83ae32410 100644
--- a/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini
@@ -17,4 +17,4 @@ monitor_port = COM19
 monitor_speed = 115200
 build_flags = -DWOLFSSL_USER_SETTINGS, -DWOLFSSL_ESP32
 monitor_filters = direct
-lib_deps = wolfssl/wolfSSL@^5.7.0-rev.3b
+lib_deps = wolfssl/wolfSSL@^5.7.2
diff --git a/IDE/PlatformIO/examples/wolfssl_test/README.md b/IDE/PlatformIO/examples/wolfssl_test/README.md
index d67d76111c..86058cd572 100644
--- a/IDE/PlatformIO/examples/wolfssl_test/README.md
+++ b/IDE/PlatformIO/examples/wolfssl_test/README.md
@@ -10,9 +10,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 
@@ -61,7 +61,7 @@ I (511) cpu_start: Compile time:     May 17 2024 19:31:47
 I (517) cpu_start: ELF file SHA256:  40b2541a0...
 I (523) cpu_start: ESP-IDF:          5.2.1
 I (528) cpu_start: Min chip rev:     v0.0
-I (532) cpu_start: Max chip rev:     v3.99 
+I (532) cpu_start: Max chip rev:     v3.99
 I (537) cpu_start: Chip rev:         v1.0
 I (542) heap_init: Initializing. RAM available for dynamic allocation:
 I (549) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
diff --git a/IDE/PlatformIO/examples/wolfssl_test/platformio.ini b/IDE/PlatformIO/examples/wolfssl_test/platformio.ini
index 79356a165c..5382576311 100644
--- a/IDE/PlatformIO/examples/wolfssl_test/platformio.ini
+++ b/IDE/PlatformIO/examples/wolfssl_test/platformio.ini
@@ -39,4 +39,4 @@ monitor_port = COM19
 monitor_speed = 115200
 build_flags = -DWOLFSSL_USER_SETTINGS, -DWOLFSSL_ESP32
 monitor_filters = direct
-lib_deps = wolfssl/wolfssl@^5.7.0-rev.3d
+lib_deps = wolfssl/wolfssl@^5.7.2
diff --git a/IDE/QNX/README.md b/IDE/QNX/README.md
index fb79abf6b4..4a283f158c 100644
--- a/IDE/QNX/README.md
+++ b/IDE/QNX/README.md
@@ -17,7 +17,7 @@ source ~/qnx700/qnxsdp-env.sh
 make
 ```
 
-Once the wolfSSL library has been built cd to IDE/QNX/CAAM-DRIVER and run "make". This will produce the wolfCrypt resource manager. It should be started on the device with root permissions. Once wolfCrypt is running on the device with root permissions then any user with access to open a connection to /dev/wolfCrypt can make use of the driver.  
+Once the wolfSSL library has been built cd to IDE/QNX/CAAM-DRIVER and run "make". This will produce the wolfCrypt resource manager. It should be started on the device with root permissions. Once wolfCrypt is running on the device with root permissions then any user with access to open a connection to /dev/wolfCrypt can make use of the driver.
 
 ### Momentics
 To build in momentics IDE:
diff --git a/IDE/QNX/example-client/client-tls.c b/IDE/QNX/example-client/client-tls.c
index 27e56e3438..9c9b6e4b0c 100644
--- a/IDE/QNX/example-client/client-tls.c
+++ b/IDE/QNX/example-client/client-tls.c
@@ -1,6 +1,6 @@
 /* client-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/QNX/example-cmac/cmac-test.c b/IDE/QNX/example-cmac/cmac-test.c
index f72277e9d9..64d5ccacd4 100644
--- a/IDE/QNX/example-cmac/cmac-test.c
+++ b/IDE/QNX/example-cmac/cmac-test.c
@@ -1,6 +1,6 @@
 /* cmac-test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/QNX/example-server/server-tls.c b/IDE/QNX/example-server/server-tls.c
index 6c2a9f1f4e..1257e3b331 100644
--- a/IDE/QNX/example-server/server-tls.c
+++ b/IDE/QNX/example-server/server-tls.c
@@ -1,6 +1,6 @@
 /* server-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/README.md b/IDE/RISCV/SIFIVE-HIFIVE1/README.md
index 5e1183deab..5b3f3ed89b 100644
--- a/IDE/RISCV/SIFIVE-HIFIVE1/README.md
+++ b/IDE/RISCV/SIFIVE-HIFIVE1/README.md
@@ -44,7 +44,7 @@ The `IDE/RISCV/SIFIVE-HIFIVE1/main.c` example application provides a function to
   $ export WOLFSSL_SRC_DIR=~/wolfssl
 ```
 
-5. Setup your riscv64 compiler 
+5. Setup your riscv64 compiler
 
 ```
   $ export RISCV_OPENOCD_PATH=/opt/riscv-openocd
@@ -64,7 +64,7 @@ You can build from source or create a static library.
   $ cd freedom-e-sdk
   $ make PROGRAM=wolfcrypt TARGET=sifive-hifive1-revb CONFIGURATION=debug clean software upload
 ```
-This example cleans, builds and uploads the software on the sifive-hifive1-revb target but you can also combine and build for any of the supported targets. 
+This example cleans, builds and uploads the software on the sifive-hifive1-revb target but you can also combine and build for any of the supported targets.
 
 Review the test results on the target console.
 
diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/main.c b/IDE/RISCV/SIFIVE-HIFIVE1/main.c
index ff0488956b..eeaf4e29c7 100644
--- a/IDE/RISCV/SIFIVE-HIFIVE1/main.c
+++ b/IDE/RISCV/SIFIVE-HIFIVE1/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,7 +35,7 @@
 
 #ifndef NO_CRYPT_BENCHMARK
 
-/*-specs=nano.specs doesn’t include support for floating point in printf()*/
+/*-specs=nano.specs doesn't include support for floating point in printf()*/
 asm (".global _printf_float");
 
 #ifndef RTC_FREQ
diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h b/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h
index e0a4a9077c..75d5f54d22 100644
--- a/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h
+++ b/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -397,6 +397,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/RISCV/SIFIVE-UNLEASHED/README.md b/IDE/RISCV/SIFIVE-UNLEASHED/README.md
index 64f88ae811..c2e1c1ba61 100644
--- a/IDE/RISCV/SIFIVE-UNLEASHED/README.md
+++ b/IDE/RISCV/SIFIVE-UNLEASHED/README.md
@@ -6,7 +6,7 @@ Instructions for cross-compiling and running wolfSSL on the HiFive Unleashed boa
 
 SiFive Freedom U540 SoC at 1.5GHz
 
-Getting started guide: 
+Getting started guide:
 https://sifive.cdn.prismic.io/sifive%2Ffa3a584a-a02f-4fda-b758-a2def05f49f9_hifive-unleashed-getting-started-guide-v1p1.pdf
 
 Make sure your ethernet is attached and power up board. You can connecct the micro-usb to get a UART console that will display the DHCP IP address. Default user is "root" and login password is "sifive".
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/README.md b/IDE/ROWLEY-CROSSWORKS-ARM/README.md
index beb9416454..fc305b631a 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/README.md
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/README.md
@@ -4,11 +4,11 @@ This directory contains a CrossWorks solution named wolfssl.hzp.
 
 Inside are three projects:
 
-1. libwolfssl: 
+1. libwolfssl:
 This generates a library file named "libwolfssl_ARM_Debug/libwolfssl_v7em_t_le_eabi.a"
-2. benchmark: 
+2. benchmark:
 This is a sample benchmark application. It runs the "benchmark_test" suite repeatedly until a failure occurs.
-3. test: 
+3. test:
 This is a sample test application. It runs "wolfcrypt_test" suite suite repeatedly until a failure occurs.
 
 # Prerequisites
@@ -21,7 +21,7 @@ All hardware functions are defined in `kinetis_hw.c` and are currently setup for
 
 To create support for a new ARM microcontroller the functions in `hw.h` will need to be implemented.
 
-Also you will need to configure the ARM Architecture and ARM Core Type in the "Solution Properties" -> "ARM". 
+Also you will need to configure the ARM Architecture and ARM Core Type in the "Solution Properties" -> "ARM".
 Also the "Target Processor" in each of the projects ("Project Properties" -> "Target Processor")
 
 ## Hardware Crypto Acceleration
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c
index 2e1d7707bc..085fa4109a 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c
@@ -1,6 +1,6 @@
 /* arm_startup.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
index e95059e9ef..94f55bfb52 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
index 5626126920..ffe76bf1b8 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
@@ -1,6 +1,6 @@
 /* kinetis_hw.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c b/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c
index bfd53ff703..752ec6e663 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c
@@ -1,6 +1,6 @@
 /* retarget.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c
index 1f6339d908..062c0982b7 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/common/strings.h b/IDE/Renesas/cs+/Projects/common/strings.h
index 030e4ffad0..a66c8bbbf8 100644
--- a/IDE/Renesas/cs+/Projects/common/strings.h
+++ b/IDE/Renesas/cs+/Projects/common/strings.h
@@ -1,6 +1,6 @@
 /* strings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/common/unistd.h b/IDE/Renesas/cs+/Projects/common/unistd.h
index d288552e6c..12f9374948 100644
--- a/IDE/Renesas/cs+/Projects/common/unistd.h
+++ b/IDE/Renesas/cs+/Projects/common/unistd.h
@@ -1,6 +1,6 @@
 /* unistd.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/common/user_settings.h b/IDE/Renesas/cs+/Projects/common/user_settings.h
index 5e0d375360..c4aeaa786a 100644
--- a/IDE/Renesas/cs+/Projects/common/user_settings.h
+++ b/IDE/Renesas/cs+/Projects/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,11 +25,11 @@
 #define NO_DEV_RANDOM
 #define USE_CERT_BUFFERS_2048
 #define SIZEOF_LONG_LONG 8
-#define NO_WOLFSSL_DIR 
+#define NO_WOLFSSL_DIR
 #define WOLFSSL_NO_CURRDIR
 #define WOLFSSL_LOG_PRINTF
 #define NO_WOLFSSL_STUB
-#define NO_DYNAMIC_ARRAY       /* for compilers not allowed dynamic size array */ 
+#define NO_DYNAMIC_ARRAY      /* for compilers not allowed dynamic size array */
 #define WOLFSSL_SMALL_STACK
 #define WOLFSSL_DH_CONST
 
diff --git a/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c b/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c
index 8feffe8f31..f6d9abaa79 100644
--- a/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c
+++ b/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -51,10 +51,10 @@ int strncasecmp(const char *s1, const char * s2, unsigned int sz)
             return 1;
         }
     }
-    return 0;	
+    return 0;
 }
-    
-void abort(void) 
+
+void abort(void)
 {
     while(1);
 }
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
index c556f647af..e25b038c9e 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
index 3cffc7191c..64f5aff137 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,7 @@ static void timeTick(void *pdata)
 double current_time(int reset)
 {
       if(reset) tick = 0 ;
-      return ((double)tick/FREQ) ;	
+      return ((double)tick/FREQ) ;
 }
 
 #define ARG_SZ 256
@@ -50,10 +50,10 @@ static int get_arg(func_args *args)
     int i;
     char *arg = argBuff;
     args->argc = 0;
-    
+
     for(i=0; i<ARG_SZ; i++) {
         *arg = getchar();
-        
+
 	switch(*arg){
 	case '\n':
 	     *arg = '\0';
@@ -84,10 +84,10 @@ void wolfSSL_main()
 {
     int c;
     func_args args = {0};
-    
+
     printf("wolfSSL Demo\nt: test, b: benchmark, s: server, or c <IP addr> <Port>: client\n$ ");
     c = getchar();
-    
+
     switch(c) {
     case 't':
         get_arg(&args);
@@ -95,14 +95,14 @@ void wolfSSL_main()
         wolfcrypt_test(&args);
         printf("End wolfCrypt Test\n");
 	break;
-	
+
     case 'b':
         get_arg(&args);
         printf("Start wolfCrypt Benchmark\n");
         benchmark_test(NULL);
         printf("End wolfCrypt Benchmark\n");
 	break;
-	
+
     case 'c':
         if(get_arg(&args) < 0)
             break;
@@ -110,7 +110,7 @@ void wolfSSL_main()
 	wolfSSL_TLS_client(wolfSSL_cl_ctx, &args);
         printf("End TLS Client\n");
 	break;
-	
+
     case 's':
         if(get_arg(&args) < 0)
             break;
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
index a86ff18c81..858347170f 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/test/test_main.c b/IDE/Renesas/cs+/Projects/test/test_main.c
index a1e00ef0af..c92fdddfb3 100644
--- a/IDE/Renesas/cs+/Projects/test/test_main.c
+++ b/IDE/Renesas/cs+/Projects/test/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,7 +45,7 @@ void wolfcrypt_test(func_args args);
 void main(void)
 {
     func_args args = { 1 };
-  
+
     printf("Start wolfCrypt Test\n");
     wolfcrypt_test(args);
     printf("End wolfCrypt Test\n");
diff --git a/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c
index 705b53fc46..353f906dc0 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c
+++ b/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c
@@ -1,6 +1,6 @@
 /* app_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c
index ea15ee4f12..c52f8aaf3c 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c
+++ b/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c
@@ -1,6 +1,6 @@
 /* app_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c
index a056213313..9edf7ff84e 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c
+++ b/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c
@@ -1,6 +1,6 @@
 /* app_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/common/strings.h b/IDE/Renesas/e2studio/Projects/common/strings.h
index 030e4ffad0..a66c8bbbf8 100644
--- a/IDE/Renesas/e2studio/Projects/common/strings.h
+++ b/IDE/Renesas/e2studio/Projects/common/strings.h
@@ -1,6 +1,6 @@
 /* strings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/common/unistd.h b/IDE/Renesas/e2studio/Projects/common/unistd.h
index d288552e6c..12f9374948 100644
--- a/IDE/Renesas/e2studio/Projects/common/unistd.h
+++ b/IDE/Renesas/e2studio/Projects/common/unistd.h
@@ -1,6 +1,6 @@
 /* unistd.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/common/user_settings.h b/IDE/Renesas/e2studio/Projects/common/user_settings.h
index a9cc84ac76..01b01dbc3b 100644
--- a/IDE/Renesas/e2studio/Projects/common/user_settings.h
+++ b/IDE/Renesas/e2studio/Projects/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,7 @@
 #define USE_CERT_BUFFERS_2048
 #define WOLFSSL_USER_CURRTIME
 #define SIZEOF_LONG_LONG 8
-#define NO_WOLFSSL_DIR 
+#define NO_WOLFSSL_DIR
 #define WOLFSSL_NO_CURRDIR
 #define NO_FILESYSTEM
 #define WOLFSSL_LOG_PRINTF
diff --git a/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c
index b6b21e85bb..bf2006d491 100644
--- a/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/key_data.c b/IDE/Renesas/e2studio/Projects/test/src/key_data.c
index 8d06ccc1dd..d3e7a04164 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/key_data.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/key_data.c
@@ -1,6 +1,6 @@
 /* key_data.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/key_data.h b/IDE/Renesas/e2studio/Projects/test/src/key_data.h
index 5c58e35298..c9be7039d7 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/key_data.h
+++ b/IDE/Renesas/e2studio/Projects/test/src/key_data.h
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/test_main.c b/IDE/Renesas/e2studio/Projects/test/src/test_main.c
index 5264faef29..3e59160275 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c b/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c
index 314243d0ed..7ebbe29234 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c b/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c
index 6454017771..615ef60a3a 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -124,7 +124,7 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
     #if !defined(NO_FILESYSTEM)
         ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
     #else
-        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, 
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
                                                         SSL_FILETYPE_ASN1);
     #endif
         if (ret != SSL_SUCCESS) {
@@ -138,20 +138,20 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
             wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER |
                                 WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
 #if !defined(NO_FILESYSTEM)
-            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0) 
+            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0)
                                                                 != WOLFSSL_SUCCESS)
 #else
-            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert, 
+            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert,
                                                sizeof_clicert,
                                                SSL_FILETYPE_ASN1) != SSL_SUCCESS)
 #endif
                 printf("can't load ca file, Please run from wolfSSL home dir\n");
         }
-   
+
    /* Register callbacks */
    wolfSSL_SetIORecv(server_ctx, my_IORecv);
    wolfSSL_SetIOSend(server_ctx, my_IOSend);
-   
+
 }
 
 void wolfSSL_TLS_server( )
diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h b/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h
index 385a5d7bd4..2168ad0a05 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh b/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh
index d221e5428d..c5256060dd 100755
--- a/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh
+++ b/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 function usage(){
     cat << _EOT_
@@ -7,7 +7,7 @@ function usage(){
 
     Description:
      Generate 2048 bit Rsa key pair and Display modulus and public exponent
-     
+
     Options:
       -g    generate rsa key pair, default on
       -s    only show modulus and public exponent
@@ -39,7 +39,7 @@ FLAG_S="off"
 
 if [ $FLAG_G = "on" ]; then
     # generate 2048bit Rsa private key
-    openssl genrsa 2048 2> /dev/null > private-key.pem 
+    openssl genrsa 2048 2> /dev/null > private-key.pem
     # expose public key
     openssl rsa -in private-key.pem -pubout -out public-key.pem 2> /dev/null
 fi
diff --git a/IDE/Renesas/e2studio/Projects/tools/genhexbuf.pl b/IDE/Renesas/e2studio/Projects/tools/genhexbuf.pl
index ca9074b201..42e547f244 100755
--- a/IDE/Renesas/e2studio/Projects/tools/genhexbuf.pl
+++ b/IDE/Renesas/e2studio/Projects/tools/genhexbuf.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # genhexbuf.pl
 # Copyright (C) 2020 wolfSSL Inc.
diff --git a/IDE/Renesas/e2studio/Projects/tools/rsa_pss_sign.sh b/IDE/Renesas/e2studio/Projects/tools/rsa_pss_sign.sh
index 3c1f30032a..5dde500e84 100755
--- a/IDE/Renesas/e2studio/Projects/tools/rsa_pss_sign.sh
+++ b/IDE/Renesas/e2studio/Projects/tools/rsa_pss_sign.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 SIGOPT=rsa_padding_mode:pss
 SIGOPT2=rsa_pss_saltlen:-1
diff --git a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md
index 0a68c65656..43bf3b91d1 100644
--- a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md
+++ b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md
@@ -84,9 +84,9 @@ The following steps explain how to generate the missing files and where to place
   (Click the drop-down arrow to the left of the project name.)
 + Select and Copy the following folders/files inside dummy_library
 
-    `ra/`  
-    `ra_gen/`  
-    `ra_cfg/`  
+    `ra/`
+    `ra_gen/`
+    `ra_cfg/`
     `script/`
 
 + Paste the copied folders/files into wolfSSL_RA6M3G
@@ -108,7 +108,7 @@ The following steps explain how to generate the missing files and where to place
 
 + Select and Copy the following folder inside dummy_app
 
-    `src/`  
+    `src/`
     `script/`
 
 + Paste the copied folders into `./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`
@@ -132,17 +132,17 @@ Right-Click each Project and select Build.
 
 ### Run wolfCrypt Test and Benchmark
 
-1.) Right-Click the Project name.  
-2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`  
-3.) Select J-Link ARM. Click OK.  
+1.) Right-Click the Project name.
+2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`
+3.) Select J-Link ARM. Click OK.
 4.) Select R7Fa6M3AH. Click OK.
 
 ### Run the wolfSSL TLS Server Example.
 
-1.) Right-Click the Project name.  
-2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`  
-3.) Select J-Link ARM. Click OK.  
-4.) Select R7Fa6M3AH. Click OK.  
+1.) Right-Click the Project name.
+2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`
+3.) Select J-Link ARM. Click OK.
+4.) Select R7Fa6M3AH. Click OK.
 5.) Run the following wolfSSL example client command inside the base of the wolfssl directory.
 
 ```
diff --git a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md
index d3dc23a96c..93a5437115 100644
--- a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md
+++ b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md
@@ -83,9 +83,9 @@ wolfSSL のプロジェクトファイルは、wolfSSL と wolfCrypt の両方
   プロジェクト名横にある矢印マークをクリック
 + `dummy_library` の以下のフォルダーとファイルを選択
 
-    `ra/`  
-    `ra_gen/`  
-    `ra_cfg/`  
+    `ra/`
+    `ra_gen/`
+    `ra_cfg/`
     `script/`
 
 + 選択したフォルダーとファイルを `wolfSSL_RA6M3G`プロジェクトに貼り付け
@@ -110,7 +110,7 @@ wolfSSL のプロジェクトファイルは、wolfSSL と wolfCrypt の両方
 
 + `dummy_app`の以下のフォルダーをコピー
 
-    `src/`  
+    `src/`
     `script/`
 
 + 選択したフォルダーを`./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`へコピー
diff --git a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
index 0a850be473..cf7f270612 100644
--- a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
index 5bc8e55ece..5ba72ce492 100644
--- a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h
index 701e4bd4bb..d1f7e0f8cc 100644
--- a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h
+++ b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c b/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c
index c45d550417..faf154dc13 100644
--- a/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c
+++ b/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c
@@ -1,6 +1,6 @@
 /* freertos_tcp_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/common/user_settings.h b/IDE/Renesas/e2studio/RA6M3/common/user_settings.h
index 78f7cf86a8..a2869400f2 100644
--- a/IDE/Renesas/e2studio/RA6M3/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RA6M3/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,7 +50,6 @@
 #define HAVE_CHACHA
 #define HAVE_POLY1305
 #define HAVE_ECC
-#define HAVE_RSA
 #define HAVE_SHA256
 #define HAVE_SUPPORTED_CURVES
 #define HAVE_TLS_EXTENSIONS
diff --git a/IDE/Renesas/e2studio/RA6M3/common/util.h b/IDE/Renesas/e2studio/RA6M3/common/util.h
index 036d4627d0..57eaf767b7 100644
--- a/IDE/Renesas/e2studio/RA6M3/common/util.h
+++ b/IDE/Renesas/e2studio/RA6M3/common/util.h
@@ -1,6 +1,6 @@
 /* util.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
index 03179846ba..47808cb423 100644
--- a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h
index 0907433e6d..7720180f1b 100644
--- a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h
+++ b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
index e7e4cb6ffe..454f5744a5 100644
--- a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M4/README.md b/IDE/Renesas/e2studio/RA6M4/README.md
index 4ce63ab332..b93879d986 100644
--- a/IDE/Renesas/e2studio/RA6M4/README.md
+++ b/IDE/Renesas/e2studio/RA6M4/README.md
@@ -4,13 +4,13 @@ wolfSSL for Renesas RA Evaluation Kit (EK-RA6M4)
 ## Description
 
 This directory contains e2studio projects targeted at the Renesas RA 32-bit MCUs.
-The example projects include a wolfSSL TLS client. 
+The example projects include a wolfSSL TLS client.
 They also include benchmark and cryptography tests for the wolfCrypt library.
 
 
 The wolfssl project contains both the wolfSSL and wolfCrypt libraries.
 It is built as a `Renesas RA C Library Project` and contains the Renesas RA
-configuration. The wolfssl project uses `Secure Cryptography Engine on RA6 Protected Mode` 
+configuration. The wolfssl project uses `Secure Cryptography Engine on RA6 Protected Mode`
 as hardware acceleration for cypto and TLS operation.
 
 
@@ -24,27 +24,29 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |Board|EK-RA6M4|
 |Device|R7FA6M4AF3CFB|
 |Toolchain|GCC ARM Embedded|
-|FSP Version|3.5.0|
+|FSP Version|5.4.0|
 
 #### Selected software components
 
 |Components|Version|
 |:--|:--|
-|Board Support Package Common Files|v3.6.0|
-|Secure Cryptography Engine on RA6 Protected Mode|v3.6.0|
-|I/O Port|v3.6.0|
-|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.6.0|
-|RA6M4-EK Board Support Files|v3.5.0|
-|Board support package for R7FA6M4AF3CFB|v3.6.0|
-|Board support package for RA6M4|v3.6.0|
-|Board support package for RA6M4 - FSP Data|v3.6.0|
-|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.6.0|
-|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.6.0|
-|r_ether to FreeRTOS+TCP Wrapper|v3.6.0|
-|Ethernet|v3.6.0|
-|Ethernet PHY|v3.6.0|
-|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.6.0|
-|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.6.0|
+|Board Support Package Common Files|v5.4.0|
+|Secure Cryptography Engine on RA6 Protected Mode|v5.4.0|
+|I/O Port|v5.4.0|
+|Arm CMSIS Version 5 - Core (M)|v6.1.0+fsp.5.4.0|
+|RA6M4-EK Board Support Files|v5.4.0|
+|Board support package for R7FA6M4AF3CFB|v5.4.0|
+|Board support package for RA6M4 - Events|v5.4.0|
+|Board support package for RA6M4|v5.4.0|
+|Board support package for RA6M4 - FSP Data|v5.4.0|
+|FreeRTOS|v10.6.1+fsp.5.4.0|
+|FreeRTOS - Memory Management - Heap 4|v10.6.1+fsp.5.4.0|
+|r_ether to FreeRTOS+TCP Wrapper|v5.4.0|
+|Ethernet|v5.4.0|
+|Ethernet PHY|v5.4.0|
+|FreeRTOS+TCP|v4.0.0+fsp.5.4.0|
+|FreeRTOS - Buffer Allocation 2|v4.0.0+fsp.5.4.0|
+|FreeRTOS Port|v5.4.0|
 
 ## Setup Steps and Build wolfSSL Library
 
@@ -85,7 +87,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |:--|:--|
 |Network Events call vApplicationIPNetworkEventHook|Disable|
 |Use DHCP|Disable|
-  
+
 + Save `dummy_library` FSP configuration
 + Copy <u>configuration.xml</u> and pincfg under `dummy_library` to `wolfSSL_RA6M4`
 + Open Smart Configurator by clicking copied configuration.xml
@@ -105,7 +107,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 + Copy the following folder and file at `dummy_application` to `test_RA6M4`\
   script/\
   src/sce_tst_thread_entry.c
-  
+
 + Add `sce_test()` call under /* TODO: add your own code here */ line at sce_tst_thread_entry.c
 ```
 ...
@@ -119,7 +121,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 + Download J-Link software from [Segger](https://www.segger.com/downloads/jlink)
 + Choose `J-Link Software and Documentation Pack`
 + Copy sample program files below from `Installed SEGGER` folder, `e.g C:\Program Files\SEGGER\JLink\Samples\RTT`, to /path/to/wolfssl/IDE/Reenesas/e2studio/RA6M4/test/src/SEGGER_RTT\
-  
+
     SEGGER_RTT.c\
     SEGGER_RTT.h\
     SEGGER_RTT_Conf.h\
@@ -134,7 +136,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
     you can specify "RTT control block" to 0x200232a8 by Address\
     OR\
     you can specify "RTT control block" to 0x20020000 0x10000 by Search Range
-  
+
 ## Run Client
 1.) Enable TLS_CLIENT definition in wolfssl_demo.h of test_RA6M4 project
 
@@ -175,7 +177,7 @@ $./examples/server/server -b -d -i -c ./certs/server-ecc.pem -k ./certs/ecc-key.
 
 You will see the following message on J-LinK RTT Viewer when using RSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
 [wolfSSL_TLS_client_do(00)][00]  Start to connect to the server.
@@ -204,7 +206,7 @@ You will see the following message on J-LinK RTT Viewer when using RSA sign and
 
 You will see the following message on J-LinK RTT Viewer when using ECDSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
 [wolfSSL_TLS_client_do(00)][00]  Start to connect to the server.
@@ -235,7 +237,7 @@ You will see the following message on J-LinK RTT Viewer when using ECDSA sign an
 ### Run Multi Client Session example
 1.) Enable TLS_CLIENT and TLS_MULTITHREAD_TEST definition in wolfssl_demo.h of test_RA6M4 project
 
-2.) Follow [Run Client](#run-client) instruction 
+2.) Follow [Run Client](#run-client) instruction
 
 3.) Prepare peer wolfssl server
 
@@ -258,7 +260,7 @@ $./examples/server/server -b -d -c -i ./certs/server-ecc.pem -k ./certs/ecc-key.
 4.) Run Multi Client Session Example
 You will see similar following message on J-LinK RTT Viewer when using ECDSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
  clt_thd_taskA connecting to 11111 port
@@ -291,7 +293,7 @@ You will see similar following message on J-LinK RTT Viewer when using ECDSA sig
 
 You will see similar following message on J-LinK RTT Viewer when using ECDSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
  clt_thd_taskA connecting to 11111 port
diff --git a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
index 485415317c..6f40f37f22 100644
--- a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h b/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
index dd56fc1e7f..cbe535b2ab 100644
--- a/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M4/include.am b/IDE/Renesas/e2studio/RA6M4/include.am
index cd8adec9c3..db3f280f3e 100644
--- a/IDE/Renesas/e2studio/RA6M4/include.am
+++ b/IDE/Renesas/e2studio/RA6M4/include.am
@@ -16,4 +16,4 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/common/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
-EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h
\ No newline at end of file
+EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h
diff --git a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
index 41fb29c07a..5ab5c2656e 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,112 +28,112 @@ const st_user_key_block_data_t g_key_block_data =
 {
     /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
     {
-        0xE7, 0x1C, 0xEB, 0xCA, 0x3A, 0x64, 0x0B, 0xD2, 0xC5, 0xB8, 0xF2, 0xD0, 
-        0xF7, 0x1B, 0xA9, 0x4A, 0x98, 0xFF, 0xF3, 0x48, 0x81, 0xAD, 0xAF, 0x63, 
+        0xE7, 0x1C, 0xEB, 0xCA, 0x3A, 0x64, 0x0B, 0xD2, 0xC5, 0xB8, 0xF2, 0xD0,
+        0xF7, 0x1B, 0xA9, 0x4A, 0x98, 0xFF, 0xF3, 0x48, 0x81, 0xAD, 0xAF, 0x63,
         0x19, 0x24, 0x4B, 0x2B, 0xC0, 0x8B, 0x9C, 0x6B
     },
     /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
     {
-        0xD7, 0x97, 0x56, 0x82, 0x5B, 0x4B, 0x7F, 0xB2, 0x1C, 0x1F, 0xEE, 0x85, 
+        0xD7, 0x97, 0x56, 0x82, 0x5B, 0x4B, 0x7F, 0xB2, 0x1C, 0x1F, 0xEE, 0x85,
         0x02, 0xC5, 0xD0, 0xBA
     },
     /* uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; */
     {
-        0x3F, 0xA5, 0xBE, 0xBF, 0x86, 0xEC, 0x23, 0x37, 0x82, 0x37, 0x71, 0x0C, 
-        0x83, 0xA7, 0x8E, 0x86, 0xF0, 0x16, 0xD3, 0x7B, 0xF1, 0x25, 0xA4, 0x37, 
-        0x7A, 0x2D, 0x16, 0xF2, 0xFF, 0x3D, 0xEE, 0x46, 0xE0, 0x05, 0x58, 0x56, 
+        0x3F, 0xA5, 0xBE, 0xBF, 0x86, 0xEC, 0x23, 0x37, 0x82, 0x37, 0x71, 0x0C,
+        0x83, 0xA7, 0x8E, 0x86, 0xF0, 0x16, 0xD3, 0x7B, 0xF1, 0x25, 0xA4, 0x37,
+        0x7A, 0x2D, 0x16, 0xF2, 0xFF, 0x3D, 0xEE, 0x46, 0xE0, 0x05, 0x58, 0x56,
         0xC2, 0xE7, 0x9D, 0x2C, 0x01, 0x84, 0x59, 0x8E, 0xA8, 0x9E, 0xEE, 0x3F,
         0x22, 0x83, 0x68, 0xDA, 0x9E, 0xCE, 0xEA, 0x99, 0xFD, 0xAF, 0xDF, 0x67,
-        0x1E, 0x73, 0x25, 0x68, 0xBF, 0x0A, 0xDF, 0xAF, 0xC4, 0x3D, 0xF1, 0xBD, 
-        0x41, 0xF5, 0xAC, 0xAC, 0xA4, 0x36, 0xF8, 0x96, 0xC0, 0x8C, 0x2F, 0x1A, 
+        0x1E, 0x73, 0x25, 0x68, 0xBF, 0x0A, 0xDF, 0xAF, 0xC4, 0x3D, 0xF1, 0xBD,
+        0x41, 0xF5, 0xAC, 0xAC, 0xA4, 0x36, 0xF8, 0x96, 0xC0, 0x8C, 0x2F, 0x1A,
         0x79, 0x75, 0x28, 0xAE, 0x67, 0xC9, 0x5A, 0xDE, 0x2A, 0xB4, 0x99, 0xDB,
-        0x8C, 0x25, 0x53, 0x58, 0x8C, 0xDC, 0xA8, 0x0D, 0xFE, 0xEE, 0x0F, 0x6C, 
-        0x61, 0xE6, 0x43, 0x66, 0xE8, 0x4A, 0xE3, 0xEB, 0xAB, 0xA2, 0x52, 0xE4, 
-        0x67, 0xC2, 0x9A, 0x57, 0xA4, 0x1F, 0xE0, 0xFC, 0x2B, 0xBE, 0x25, 0xBF, 
+        0x8C, 0x25, 0x53, 0x58, 0x8C, 0xDC, 0xA8, 0x0D, 0xFE, 0xEE, 0x0F, 0x6C,
+        0x61, 0xE6, 0x43, 0x66, 0xE8, 0x4A, 0xE3, 0xEB, 0xAB, 0xA2, 0x52, 0xE4,
+        0x67, 0xC2, 0x9A, 0x57, 0xA4, 0x1F, 0xE0, 0xFC, 0x2B, 0xBE, 0x25, 0xBF,
         0xF0, 0x70, 0x18, 0x88, 0x93, 0xB7, 0x2F, 0x74, 0xF8, 0xF3, 0x88, 0xB8,
-        0xFA, 0x18, 0xBE, 0xC1, 0xB2, 0x24, 0x4B, 0xBC, 0x89, 0x2D, 0xC4, 0x02, 
-        0xB3, 0x82, 0xEC, 0xDB, 0xC9, 0xF0, 0xA9, 0xC3, 0x30, 0x7C, 0xF5, 0x15, 
-        0xEB, 0x9B, 0x16, 0x8C, 0x9D, 0xEF, 0x42, 0x8A, 0xCA, 0x5D, 0x28, 0xDF, 
+        0xFA, 0x18, 0xBE, 0xC1, 0xB2, 0x24, 0x4B, 0xBC, 0x89, 0x2D, 0xC4, 0x02,
+        0xB3, 0x82, 0xEC, 0xDB, 0xC9, 0xF0, 0xA9, 0xC3, 0x30, 0x7C, 0xF5, 0x15,
+        0xEB, 0x9B, 0x16, 0x8C, 0x9D, 0xEF, 0x42, 0x8A, 0xCA, 0x5D, 0x28, 0xDF,
         0x68, 0xEA, 0xE0, 0xB8, 0x76, 0x7C, 0xBB, 0x4A, 0x51, 0xDD, 0x55, 0x14,
-        0xB7, 0xAB, 0xD2, 0xF1, 0xB9, 0x51, 0x19, 0x05, 0x26, 0x87, 0xF7, 0x5C, 
-        0x69, 0x45, 0x3C, 0x82, 0xE8, 0x82, 0x05, 0x5D, 0x33, 0x8E, 0xD1, 0x42, 
-        0x71, 0xD6, 0x96, 0xDA, 0xAB, 0xB8, 0xC0, 0x0F, 0xF7, 0x85, 0x8A, 0x12, 
+        0xB7, 0xAB, 0xD2, 0xF1, 0xB9, 0x51, 0x19, 0x05, 0x26, 0x87, 0xF7, 0x5C,
+        0x69, 0x45, 0x3C, 0x82, 0xE8, 0x82, 0x05, 0x5D, 0x33, 0x8E, 0xD1, 0x42,
+        0x71, 0xD6, 0x96, 0xDA, 0xAB, 0xB8, 0xC0, 0x0F, 0xF7, 0x85, 0x8A, 0x12,
         0xEF, 0xB9, 0x53, 0xFF, 0xD2, 0x95, 0x18, 0x2F, 0x0C, 0xA6, 0x72, 0x98,
-        0xC3, 0xC6, 0x9B, 0x95, 0x70, 0x69, 0xC5, 0xB7, 0xD5, 0x24, 0x77, 0x05, 
-        0xD0, 0x68, 0x85, 0x36, 0xB8, 0x57, 0xE3, 0xED, 0x2E, 0x4D, 0x95, 0xD3, 
-        0xFC, 0x24, 0x1B, 0x22, 0xFA, 0x43, 0xD8, 0x62, 0x28, 0x57, 0x6B, 0x34, 
+        0xC3, 0xC6, 0x9B, 0x95, 0x70, 0x69, 0xC5, 0xB7, 0xD5, 0x24, 0x77, 0x05,
+        0xD0, 0x68, 0x85, 0x36, 0xB8, 0x57, 0xE3, 0xED, 0x2E, 0x4D, 0x95, 0xD3,
+        0xFC, 0x24, 0x1B, 0x22, 0xFA, 0x43, 0xD8, 0x62, 0x28, 0x57, 0x6B, 0x34,
         0xBF, 0xD1, 0x63, 0x4B, 0xB5, 0xF5, 0x88, 0xBC, 0xB8, 0x69, 0xF3, 0xB5
     },
 };
 
 #ifndef USE_CERT_BUFFERS_256
-/* ca-cert.der.sign,  
- * ca-cert.der signed by RSA2048 PSS with SHA256 
+/* ca-cert.der.sign,
+ * ca-cert.der signed by RSA2048 PSS with SHA256
  * This is used for Root Certificate verify by SCE */
 const unsigned char ca_cert_der_sign[] =
 {
-        0x70, 0x4D, 0x6C, 0xCC, 0xAD, 0xD0, 0x74, 0x34, 0x10, 0xB3,
-        0x1F, 0x26, 0x49, 0x31, 0xD0, 0xD5, 0x0B, 0x4F, 0x50, 0xD4,
-        0x21, 0x7D, 0x3D, 0xE6, 0x9D, 0x5A, 0xF1, 0xE4, 0x48, 0xBD,
-        0x6D, 0xB3, 0x58, 0xB4, 0x07, 0xF1, 0x06, 0xA7, 0x3D, 0xB7,
-        0x24, 0x60, 0xBD, 0x72, 0xB2, 0x7B, 0xA8, 0x4F, 0xFC, 0x47,
-        0x64, 0xF0, 0x04, 0xBE, 0xC7, 0xAE, 0xB6, 0x6F, 0xA5, 0xD6,
-        0x65, 0xE9, 0xB5, 0x3D, 0x8A, 0xC8, 0x27, 0x9A, 0x3B, 0x4C,
-        0x98, 0xB0, 0x5F, 0x1E, 0x54, 0xA5, 0xEF, 0xBC, 0x61, 0xA7,
-        0x3F, 0xB7, 0x5D, 0x36, 0x5A, 0x27, 0x1C, 0x5A, 0xAF, 0x65,
-        0x7A, 0x89, 0x4F, 0x00, 0xB1, 0x75, 0xA7, 0xA9, 0x5C, 0xE8,
-        0xC8, 0x0E, 0x5C, 0x83, 0x12, 0x47, 0x11, 0xD1, 0xBD, 0xF4,
-        0x10, 0x7D, 0x7B, 0xD6, 0x05, 0xF7, 0xBE, 0xD2, 0x70, 0x05,
-        0x56, 0xD6, 0x84, 0x70, 0x11, 0x3D, 0x67, 0x93, 0x2E, 0xB0,
-        0x93, 0xBA, 0x34, 0xD0, 0xDE, 0xB8, 0x16, 0x7B, 0x0D, 0x67,
-        0x16, 0x92, 0x91, 0x79, 0xAC, 0x3C, 0xC9, 0x4D, 0x8A, 0xEE,
-        0x31, 0xCC, 0xFC, 0xF7, 0x78, 0xB3, 0x1B, 0x0F, 0x54, 0xCE,
-        0xF4, 0xBB, 0xE7, 0xF4, 0xAC, 0x80, 0xEF, 0xDD, 0xFF, 0x84,
-        0x7A, 0x37, 0xED, 0xC4, 0x45, 0x3D, 0x7C, 0x19, 0x81, 0x95,
-        0x2E, 0x71, 0xE7, 0x1B, 0x1C, 0x75, 0x67, 0xBC, 0x62, 0x0F,
-        0xAA, 0x90, 0x41, 0x01, 0x53, 0xD0, 0x3A, 0x6E, 0xE9, 0xC9,
-        0xAA, 0x2F, 0xD1, 0xD8, 0xB3, 0x3B, 0x80, 0xCA, 0xE5, 0xA1,
-        0x1B, 0x7F, 0xCF, 0xF5, 0xBF, 0x2C, 0x2B, 0xBE, 0x1F, 0x77,
-        0x89, 0x21, 0xD7, 0x76, 0x51, 0xA8, 0xD0, 0x31, 0xE1, 0x97,
-        0xD1, 0x63, 0x84, 0xA2, 0xAA, 0x6E, 0x9A, 0x33, 0x43, 0x65,
-        0x2A, 0x6B, 0x40, 0x03, 0x84, 0x6F, 0xC7, 0xB3, 0xE5, 0xD8,
-        0x64, 0x30, 0x12, 0x2A, 0x45, 0x1D
+		0x42, 0xDC, 0x1F, 0xF5, 0x71, 0x54, 0x13, 0xB5, 0x86, 0x30,
+		0x34, 0xF3, 0x04, 0x50, 0x69, 0x50, 0x6C, 0x94, 0x05, 0x60,
+		0xC6, 0x34, 0x12, 0xCC, 0xA1, 0x68, 0x56, 0x1F, 0x54, 0x4D,
+		0x6C, 0x3E, 0xCB, 0xFB, 0xEB, 0xEF, 0x4E, 0xCF, 0xA8, 0xB0,
+		0xA7, 0xDE, 0xAD, 0x64, 0xBA, 0xB8, 0xE5, 0x0C, 0x97, 0x31,
+		0x16, 0xEE, 0xF7, 0x73, 0xCC, 0xAF, 0x54, 0x20, 0xE1, 0xFF,
+		0xF7, 0x94, 0x6D, 0x7B, 0xC7, 0x83, 0xA3, 0xE5, 0xF6, 0x01,
+		0xA1, 0xA7, 0x90, 0xF1, 0x3D, 0xCE, 0x95, 0xD8, 0x15, 0x29,
+		0x7A, 0x6C, 0xC1, 0x43, 0xB8, 0x29, 0x30, 0xC9, 0x38, 0x36,
+		0x85, 0x03, 0x23, 0x3D, 0xAE, 0x40, 0xAA, 0x0A, 0x38, 0xF8,
+		0x06, 0xDB, 0xA5, 0x7B, 0xBF, 0x72, 0x12, 0xD7, 0xB1, 0x35,
+		0x82, 0x47, 0xA8, 0x9E, 0xCB, 0xFF, 0xD1, 0x34, 0xA2, 0x15,
+		0xBB, 0xC8, 0x35, 0xE7, 0x91, 0x58, 0x52, 0xD8, 0xA6, 0x9F,
+		0x1D, 0x68, 0xD2, 0x92, 0x0E, 0xAD, 0x42, 0xB9, 0xE5, 0x72,
+		0xE9, 0x3B, 0x24, 0xF2, 0x05, 0xEA, 0x9F, 0xAD, 0x07, 0xE0,
+		0xD8, 0x40, 0x33, 0x7D, 0x1C, 0x8C, 0x71, 0x7E, 0x37, 0x22,
+		0x1B, 0x13, 0x27, 0xE5, 0xBC, 0x6E, 0x6E, 0x6A, 0xE5, 0x66,
+		0x4C, 0xAB, 0x74, 0x74, 0x12, 0xE4, 0x12, 0x36, 0xD5, 0xB0,
+		0x56, 0x0E, 0x79, 0xFB, 0x56, 0xA0, 0x09, 0x4B, 0xBD, 0xE0,
+		0xF5, 0x75, 0x0E, 0xA1, 0xB1, 0xDC, 0xA6, 0xC5, 0x0B, 0x7E,
+		0x79, 0x83, 0xD5, 0xCE, 0x2A, 0xB3, 0x2C, 0xE8, 0x49, 0xDE,
+		0x18, 0xB2, 0x50, 0x58, 0x58, 0x2E, 0x31, 0xAD, 0xF1, 0x25,
+		0x71, 0xD2, 0x74, 0xA1, 0xC8, 0x1C, 0xF6, 0xF7, 0xE6, 0xDA,
+		0xA3, 0x9F, 0x32, 0x5A, 0xA0, 0xBC, 0x1D, 0x13, 0xAC, 0x9C,
+		0x41, 0x97, 0xDB, 0xA4, 0xF4, 0xE2, 0xE4, 0x28, 0xD3, 0x30,
+		0xC3, 0x14, 0xF2, 0xB0, 0xBF, 0x94
 };
 
 const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
 #else
-/* ca-ecc-cert.der.sign,  
- * ca-ecc-cert.der signed by RSA2048 PSS with SHA256 
+/* ca-ecc-cert.der.sign,
+ * ca-ecc-cert.der signed by RSA2048 PSS with SHA256
  * This is used for Root Certificate verify by SCE
  */
 const unsigned char ca_ecc_cert_der_sign[] =
 {
-        0xB9, 0x59, 0x94, 0xE6, 0xD1, 0x5B, 0xFD, 0x59, 0xBB, 0x4F,
-        0x14, 0x0B, 0x9E, 0x30, 0x61, 0xF9, 0xFA, 0x2C, 0xD8, 0xE2,
-        0x7F, 0xD0, 0x1F, 0x47, 0xDE, 0x14, 0x8E, 0xD1, 0x78, 0x86,
-        0xA4, 0x9B, 0xDC, 0x86, 0x64, 0x2A, 0xD9, 0xBC, 0xBE, 0x61,
-        0x60, 0xB8, 0x1C, 0x46, 0xCE, 0x66, 0x97, 0xC0, 0x32, 0x04,
-        0x38, 0x3B, 0xCB, 0xB7, 0x38, 0x89, 0x11, 0xCE, 0xBA, 0x64,
-        0xE1, 0xDD, 0x4E, 0x3C, 0x6F, 0xA0, 0x48, 0xFA, 0x9F, 0x8F,
-        0xEC, 0x6A, 0xCA, 0xAC, 0x29, 0x4B, 0xD9, 0xF7, 0xE3, 0x03,
-        0xF7, 0xBA, 0xB8, 0xCC, 0x2C, 0xD1, 0xC8, 0x84, 0xFA, 0xF6,
-        0xFA, 0xE4, 0x72, 0xAF, 0x8D, 0x07, 0xF0, 0x3D, 0xD7, 0x58,
-        0x95, 0x08, 0x6F, 0xD5, 0x77, 0x1B, 0x92, 0x81, 0x99, 0x69,
-        0x5C, 0x4D, 0x8F, 0x98, 0xC6, 0x09, 0xC1, 0xEB, 0xB5, 0x86,
-        0x87, 0x47, 0xD7, 0x68, 0x73, 0xE8, 0x1D, 0x1B, 0xFE, 0xA5,
-        0x9C, 0x7A, 0x4B, 0xAD, 0x1A, 0x54, 0x46, 0xA0, 0xC8, 0xF7,
-        0x6C, 0xDD, 0xA6, 0xEF, 0x16, 0x21, 0x18, 0xCE, 0xF8, 0xDE,
-        0x3D, 0xB4, 0x56, 0x0C, 0xBA, 0xB7, 0x95, 0xD1, 0x6D, 0x0D,
-        0x49, 0xE7, 0x78, 0x64, 0x65, 0xC7, 0x24, 0x26, 0x81, 0xCD,
-        0x56, 0xB7, 0xB2, 0x31, 0xF2, 0xD7, 0x64, 0x55, 0x89, 0xCC,
-        0xDB, 0x69, 0x56, 0xED, 0x9B, 0x07, 0x9E, 0xD4, 0x07, 0x5E,
-        0xAF, 0xF0, 0x98, 0x94, 0xD6, 0x87, 0x0C, 0x22, 0xE1, 0x3A,
-        0x88, 0xE1, 0xC4, 0xBC, 0x51, 0x4B, 0x07, 0x4D, 0x2A, 0xCE,
-        0xA8, 0xE8, 0x9F, 0xF7, 0xA2, 0x8A, 0xEA, 0x90, 0x32, 0x20,
-        0xFC, 0xB6, 0x32, 0xE6, 0x8A, 0x47, 0x2B, 0xF4, 0xB4, 0x0F,
-        0x96, 0x7A, 0xC9, 0x0B, 0xF6, 0xBF, 0x69, 0x51, 0x9B, 0x44,
-        0xC2, 0xE2, 0xD6, 0x2D, 0xB1, 0x17, 0xAC, 0x7B, 0x32, 0xF2,
-        0x0E, 0x7A, 0x28, 0x67, 0xAB, 0xA5
+		0x34, 0x5E, 0xA6, 0xED, 0xA7, 0x19, 0xC1, 0x57, 0x3F, 0x89,
+		0x71, 0xEC, 0xA0, 0x26, 0x94, 0x67, 0xFF, 0x2A, 0xE3, 0x88,
+		0xAF, 0xD5, 0xD8, 0x7A, 0x23, 0x9D, 0xD5, 0x4A, 0x11, 0x0D,
+		0x28, 0xB7, 0x00, 0xB3, 0xC9, 0xD9, 0x5C, 0xAD, 0xB0, 0x5C,
+		0xD6, 0xFF, 0xD5, 0x98, 0x9A, 0x3D, 0xFC, 0xC2, 0x1A, 0xC8,
+		0x9C, 0x17, 0x60, 0xD7, 0xA8, 0x10, 0x62, 0x56, 0x87, 0xD7,
+		0x95, 0x71, 0xE5, 0xC8, 0x65, 0xA9, 0x16, 0xC0, 0x21, 0x08,
+		0x31, 0x51, 0xED, 0x51, 0x02, 0xED, 0x1C, 0x8A, 0xEA, 0x82,
+		0x93, 0x0E, 0x9C, 0xBD, 0x25, 0x1B, 0xD7, 0x91, 0x12, 0xC1,
+		0x49, 0xC5, 0x2E, 0x1D, 0x04, 0x5D, 0x60, 0x63, 0x68, 0xF3,
+		0x5A, 0x18, 0x60, 0xF3, 0xD9, 0x88, 0x2C, 0xCC, 0x56, 0x49,
+		0xA4, 0x07, 0x9C, 0xA7, 0x50, 0x36, 0x83, 0xFB, 0x39, 0x83,
+		0x1F, 0xB9, 0x6B, 0x1F, 0x19, 0x2B, 0x4B, 0x6D, 0xEC, 0xC5,
+		0xC5, 0x08, 0x8D, 0x38, 0x80, 0xEC, 0x8D, 0xC1, 0x8B, 0x74,
+		0xC4, 0xD7, 0x60, 0xB4, 0x29, 0xA9, 0xE1, 0x2B, 0x98, 0xF6,
+		0x9C, 0xFB, 0x73, 0x40, 0x80, 0xA8, 0x5D, 0x64, 0xDA, 0x12,
+		0xE0, 0x43, 0x5B, 0xC9, 0x65, 0xB2, 0x76, 0x11, 0xB7, 0x06,
+		0x0C, 0x81, 0x62, 0x18, 0xD3, 0x34, 0x0C, 0xAC, 0xD0, 0x61,
+		0x98, 0x5A, 0x3E, 0x94, 0x6F, 0xAA, 0x51, 0xF2, 0x75, 0xF7,
+		0xBE, 0x6C, 0xA8, 0xCB, 0xDC, 0xFD, 0x3C, 0x9C, 0xF3, 0x15,
+		0xA5, 0x5B, 0x8A, 0x81, 0x11, 0x15, 0x50, 0x3D, 0x8B, 0xA9,
+		0x3E, 0xD9, 0xAA, 0x22, 0x0B, 0xB5, 0x20, 0x83, 0x7C, 0xAF,
+		0x74, 0x4C, 0x51, 0x60, 0x44, 0xC2, 0x04, 0xA0, 0xB2, 0x17,
+		0x57, 0xE0, 0xEE, 0x63, 0x13, 0xBF, 0xEA, 0x21, 0x16, 0x4D,
+		0x2D, 0xFB, 0x0D, 0x66, 0x66, 0x43, 0x1F, 0xAB, 0xFE, 0xE3,
+		0x14, 0xAD, 0xE4, 0xE2, 0xEB, 0xBF
 };
 static const int sizeof_ca_ecc_cert_der_sign = sizeof(ca_ecc_cert_der_sign);
 #endif /*  USE_CERT_BUFFERS_256 */
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c b/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
index 4ff71d1548..eb025be711 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
@@ -1,6 +1,6 @@
 /* myprintf.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
index e6dca444c7..199970e4a4 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -100,9 +100,9 @@ static int SetScetlsKey()
 
     #endif
 
-#endif    
+#endif
     return 0;
-}    
+}
 #endif
 
 typedef struct func_args {
@@ -142,8 +142,8 @@ void SCE_KeyGeneration(FSPSM_ST *g)
         if (err == FSP_SUCCESS)
             g->keyflgs_crypt.bits.aes256_installedkey_set = 1;
     }
-    
-    
+
+
 }
 
 void Clr_CallbackCtx(FSPSM_ST *g)
@@ -151,17 +151,11 @@ void Clr_CallbackCtx(FSPSM_ST *g)
     (void) g;
 
    #if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
-    if (g->wrapped_key_rsapri2048 != NULL)
-        XFREE(g->wrapped_key_rsapri2048,
-                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(g->wrapped_key_rsapri2048, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    if (g->wrapped_key_rsapub2048 != NULL)
-        XFREE(g->wrapped_key_rsapub2048,
-                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(g->wrapped_key_rsapub2048, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    if (g->wrapped_key_rsapri1024 != NULL)
-        XFREE(g->wrapped_key_rsapri1024,
-                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(g->wrapped_key_rsapri1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (g->wrapped_key_rsapub2048 != NULL)
         XFREE(g->wrapped_key_rsapub1024,
@@ -245,7 +239,7 @@ void sce_test(void)
     if ((ret = wolfCrypt_Init()) != 0) {
          printf("wolfCrypt_Init failed %d\n", ret);
     }
-    
+
 #if defined(HAVE_RENESAS_SYNC) && \
     defined(HAVE_AES_CBC)
 
@@ -267,14 +261,14 @@ void sce_test(void)
     printf("Start wolfCrypt Benchmark\n");
     benchmark_test(NULL);
     printf("End wolfCrypt Benchmark\n");
-    
+
     /* free */
     Clr_CallbackCtx(&guser_PKCbInfo);
 
 #elif defined(TLS_CLIENT)
     #include "hal_data.h"
     #include "r_sce.h"
-    
+
 #if defined(WOLFSSL_TLS13)
     /* TLS1.3 needs RSA_PSS enabled.
      * SCE doesn't support RSA PSS Padding
@@ -335,6 +329,7 @@ void sce_test(void)
     int j = 0;
     #endif
     int i = 0;
+    int ret = 0;
 
     printf("\n Start Client Example, ");
     printf("\n Connecting to %s\n\n", SERVER_IP);
@@ -359,20 +354,20 @@ void sce_test(void)
             info[j].log_f = my_Logging_cb;
 
             memset(info[j].name, 0, sizeof(info[j].name));
-            sprintf(info[j].name, "clt_thd_%s", ((j%2) == 0) ? 
+            sprintf(info[j].name, "clt_thd_%s", ((j%2) == 0) ?
                                                             "taskA" : "taskB");
 
             printf(" %s connecting to %d port\n", info[j].name, info[j].port);
 
-            xReturned = xTaskCreate(wolfSSL_TLS_client_do, info[j].name, 
+            xReturned = xTaskCreate(wolfSSL_TLS_client_do, info[j].name,
                                     THREAD_STACK_SIZE, &info[j], 2, NULL);
             if (xReturned != pdPASS) {
                  printf("Failed to create task\n");
             }
         }
-        
+
         for(j = i; j < (i+2); j++) {
-            xSemaphoreGiveFromISR(info[j].xBinarySemaphore, 
+            xSemaphoreGiveFromISR(info[j].xBinarySemaphore,
                                                 &xHigherPriorityTaskWoken);
         }
 
@@ -404,7 +399,8 @@ void sce_test(void)
         XMEMSET(info[i].name, 0, sizeof(info[i].name));
         XSPRINTF(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
 
-        if(wolfSSL_TLS_client_do(&info[i]) == -116) {
+        ret = wolfSSL_TLS_client_do(&info[i]);
+        if(ret == -116 || ret == -128) {
             TCP_connect_retry++;
             continue;
         }
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
index 5a920a250e..19c523f6c9 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -72,7 +72,7 @@ static int msg(const char* pname, int l,
 void TCPInit( )
 {
    BaseType_t fr_status;
-  
+
    /* FreeRTOS+TCP Ethernet and IP Setup */
    fr_status = FreeRTOS_IPInit(ucIPAddress,
                                ucNetMask,
@@ -114,14 +114,14 @@ void wolfSSL_TLS_client_init()
           /* set callback functions for ECC */
           wc_sce_set_callbacks(client_ctx);
     #endif
-    
+
     #if !defined(NO_FILESYSTEM)
     if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
         printf("ERROR: can't load \"%s\"\n", cert);
         return NULL;
     }
     #else
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
                                             SSL_FILETYPE_ASN1) != SSL_SUCCESS){
            printf("ERROR: can't load certificate data\n");
        return;
@@ -142,16 +142,16 @@ int wolfSSL_TLS_client_do(void *pvParam)
     socklen_t xSize = sizeof(struct freertos_sockaddr);
     xSocket_t xClientSocket = NULL;
     struct freertos_sockaddr xRemoteAddress;
-    
+
     WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;
     WOLFSSL *ssl = NULL;
     const char* pcName = p->name;
 
     #define BUFF_SIZE 256
     static const char sendBuff[]= "Hello Server\n" ;
-    
+
     char    rcvBuff[BUFF_SIZE] = {0};
-    
+
     i = p->id;
     /* Client Socket Setup */
     xRemoteAddress.sin_port = FreeRTOS_htons(p->port);
@@ -195,11 +195,11 @@ int wolfSSL_TLS_client_do(void *pvParam)
 
        /* Set callback CTX */
         #if !defined(TLS_MULTITHREAD_TEST)
-        
+
         XMEMSET(&guser_PKCbInfo, 0, sizeof(FSPSM_ST));
         guser_PKCbInfo.devId = 0;
         wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
-        
+
         #else
         if (p->port - DEFAULT_PORT == 0) {
            XMEMSET(&guser_PKCbInfo_taskA, 0, sizeof(FSPSM_ST));
@@ -210,7 +210,7 @@ int wolfSSL_TLS_client_do(void *pvParam)
            wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo_taskB);
         }
         #endif
-        
+
      #endif
 
      /* Attach wolfSSL to the socket */
@@ -219,10 +219,10 @@ int wolfSSL_TLS_client_do(void *pvParam)
          msg(pcName, i, " Error [%d]: wolfSSL_set_fd.\n",ret);
      }
 
-     msg(pcName, i, "  Cipher : %s\n", 
+     msg(pcName, i, "  Cipher : %s\n",
                                     (p->cipher == NULL) ? "NULL" : p->cipher);
      /* use specific cipher */
-     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) 
+     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher)
                                                            != WOLFSSL_SUCCESS) {
           msg(pcName, i, " client can't set cipher list 1");
           goto out;
@@ -241,7 +241,7 @@ int wolfSSL_TLS_client_do(void *pvParam)
      wolfSSL_Debugging_OFF();
      #endif
 
-     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) 
+     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff))
                                                     != (int)strlen(sendBuff)) {
         msg(pcName, i, " ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
         goto out;
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
index f3cef8ffc7..0a819468c0 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
@@ -1,6 +1,6 @@
 /* wolfssl_sce_unit_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -70,7 +70,7 @@ int sce_crypt_sha_multitest();
 int sce_crypt_test();
 int sce_crypt_sha256_multitest();
 void tskSha256_Test1(void *pvParam);
- 
+
 void Clr_CallbackCtx(FSPSM_ST *g);
 void SCE_KeyGeneration(FSPSM_ST *g);
 
@@ -111,7 +111,7 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     byte plain[AES_BLOCK_SIZE];
     int  ret = 0;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 
+    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
        /* "Now is the time for all " w/o trailing 0 */
         0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
         0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
@@ -125,10 +125,10 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt) {
         printf(" sce_aes_cbc_test() ");
     }
-    
+
     ret = wc_AesInit(aes, NULL, devId);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, (byte*)aes_key, 
+        ret = wc_AesSetKey(aes, (byte*)aes_key,
         		AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret == 0) {
             ret = wc_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
@@ -143,7 +143,7 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(aes, NULL, devId);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, (byte*)aes_key, 
+        ret = wc_AesSetKey(aes, (byte*)aes_key,
         		AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret == 0)
             ret = wc_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
@@ -161,7 +161,7 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -169,7 +169,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aes_cbc_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -207,7 +207,7 @@ static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
 
     if (prnt)
         printf(" sce_aes256_test() ");
-    
+
     if (wc_AesInit(enc, NULL, devId) != 0) {
         ret = -1;
         goto out;
@@ -259,7 +259,7 @@ static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -267,7 +267,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aes256_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -289,8 +289,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     Aes enc[1];
     Aes dec[1];
     FSPSM_ST userContext;
-    
-    
+
+
     /*
      * This is Test Case 16 from the document Galois/
      * Counter Mode of Operation (GCM) by McGrew and
@@ -350,7 +350,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     if (prnt) {
         printf(" sce_aes256_gcm_test() ");
     }
-    
+
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
@@ -365,7 +365,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
         goto out;
     }
 
-    result = wc_AesGcmSetKey(enc, 
+    result = wc_AesGcmSetKey(enc,
         (byte*)aes256_key, AES_BLOCK_SIZE*2);
     if (result != 0) {
         ret = -3;
@@ -374,7 +374,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p),
-                                (byte*)iv1, sizeof(iv1), 
+                                (byte*)iv1, sizeof(iv1),
                                 resultT, sizeof(resultT), a, sizeof(a));
 
     if (result != 0) {
@@ -382,7 +382,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
         goto out;
     }
 
-    result = wc_AesGcmSetKey(dec, 
+    result = wc_AesGcmSetKey(dec,
             (byte*)aes256_key, AES_BLOCK_SIZE*2);
     if (result != 0) {
         ret = -7;
@@ -407,7 +407,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
-    wc_AesGcmSetKey(enc, 
+    wc_AesGcmSetKey(enc,
         (byte*)aes256_key, AES_BLOCK_SIZE*2);
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p),
@@ -420,7 +420,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     }
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
-              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, 
+              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
               a, sizeof(a));
 
     if (result != 0) {
@@ -437,11 +437,11 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -449,7 +449,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aesgcm256_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -471,7 +471,7 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
     Aes enc[1];
     Aes dec[1];
     FSPSM_ST userContext;
-    
+
     /*
      * This is Test Case 16 from the document Galois/
      * Counter Mode of Operation (GCM) by McGrew and
@@ -565,7 +565,7 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
         ret = -4;
         goto out;
     }
-    
+
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
                       iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
@@ -583,11 +583,11 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -595,7 +595,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aesgcm128_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -622,7 +622,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 static int sce_rsa_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
@@ -633,32 +633,32 @@ static int sce_rsa_test(int prnt, int keySize)
     byte *in2 = NULL;
     byte *out= NULL;
     byte *out2 = NULL;
-    
+
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     (void) prnt;
-    
+
     if (key == NULL || in == NULL || out == NULL ||
         in2 == NULL || out2 == NULL) {
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
     XMEMCPY(in2, inStr2, inLen);
     XMEMSET(out,  0, outSz);
     XMEMSET(out2, 0, outSz);
-    
+
     ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
 
@@ -669,7 +669,7 @@ static int sce_rsa_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
         goto out;
@@ -691,26 +691,18 @@ static int sce_rsa_test(int prnt, int keySize)
         wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (in != NULL) {
-        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (in2 != NULL) {
-        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out2 != NULL) {
-        XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
     return ret;
 }
 
 static int sce_rsa_SignVerify_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
@@ -725,14 +717,14 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     (void) prnt;
 
     if (key == NULL || in == NULL || out == NULL) {
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
@@ -742,10 +734,10 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
-    
+
     if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
         goto out;
 
@@ -753,7 +745,7 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     gCbInfo.keyflgs_crypt.bits.message_type = 0;
     ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
@@ -778,16 +770,10 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
         wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (in != NULL) {
-        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (in2 != NULL) {
-        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
     return ret;
 }
 #endif
@@ -796,45 +782,45 @@ int sce_crypt_test()
 {
     int ret = 0;
     fsp_err_t err;
-    
+
     Clr_CallbackCtx(&gCbInfo);
     Clr_CallbackCtx(&gCbInfo_a);
-    
+
     /* sets wrapped aes key */
     gCbInfo.wrapped_key_aes128 = &g_user_aes128_key_index1;
     gCbInfo.wrapped_key_aes256 = &g_user_aes256_key_index1;
     /* Aes Key Gen */
     SCE_KeyGeneration(&gCbInfo);
-    
+
     /* Rsa Key Gen */
     err = R_SCE_RSA1024_WrappedKeyPairGenerate(&g_wrapped_pair_1024key);
     if (err == FSP_SUCCESS) {
         /* sets wrapped rsa 1024 bits key */
-        gCbInfo.wrapped_key_rsapri1024 = 
+        gCbInfo.wrapped_key_rsapri1024 =
                 &g_wrapped_pair_1024key.priv_key;
         gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
-        gCbInfo.wrapped_key_rsapub1024 = 
+        gCbInfo.wrapped_key_rsapub1024 =
                 &g_wrapped_pair_1024key.pub_key;
         gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
     }
-    
+
     err = R_SCE_RSA2048_WrappedKeyPairGenerate(&g_wrapped_pair_2048key);
     if (err == FSP_SUCCESS) {
         /* sets wrapped rsa 1024 bits key */
-        gCbInfo.wrapped_key_rsapri2048 = 
+        gCbInfo.wrapped_key_rsapri2048 =
                 &g_wrapped_pair_2048key.priv_key;
         gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
-        
-        gCbInfo.wrapped_key_rsapub2048 = 
+
+        gCbInfo.wrapped_key_rsapub2048 =
                 &g_wrapped_pair_2048key.pub_key;
         gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
     }
-    
+
     /* Key generation for multi testing */
     gCbInfo_a.wrapped_key_aes128 = &g_user_aes128_key_index2;
     gCbInfo_a.wrapped_key_aes256 = &g_user_aes256_key_index2;
     SCE_KeyGeneration(&gCbInfo_a);
-    
+
     ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &gCbInfo);
     if ( ret > 0)
          ret = 0;
@@ -882,7 +868,7 @@ int sce_crypt_test()
     if (ret == 0) {
         ret = sce_aesgcm128_test(1, &g_user_aes128_key_index1);
     }
-    
+
     if (ret == 0) {
         ret = sce_aesgcm256_test(1, &g_user_aes256_key_index1);
     }
@@ -904,12 +890,12 @@ int sce_crypt_test()
         sce_crypt_Sha_AesCbcGcm_multitest();
     } else
         ret = -1;
-    
+
     #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
     #endif
-    
+
     return ret;
 }
 
@@ -958,7 +944,7 @@ int sce_crypt_sha256_multitest()
     int num = 0;
     int i;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -968,7 +954,7 @@ int sce_crypt_sha256_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
     xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                         STACK_SIZE, NULL, 2, NULL);
@@ -990,15 +976,15 @@ int sce_crypt_sha256_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
+
     if ((xRet == pdPASS) &&
        (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0))
         ret = 0;
     else
         ret = -1;
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -1015,7 +1001,7 @@ int sce_crypt_AesCbc_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1028,7 +1014,7 @@ int sce_crypt_AesCbc_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                             sizeof(sce_aes_wrapped_key_t));
@@ -1057,7 +1043,7 @@ int sce_crypt_AesCbc_multitest()
         xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2",
                                     STACK_SIZE, &info_aes256_2, 3, NULL);
 #endif
-    
+
     if (xRet == pdPASS) {
     printf(" Waiting for completing tasks ...   ");
         vTaskDelay(10000/portTICK_PERIOD_MS);
@@ -1071,7 +1057,7 @@ int sce_crypt_AesCbc_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1096,7 +1082,7 @@ int sce_crypt_AesGcm_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1110,7 +1096,7 @@ int sce_crypt_AesGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #if defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                     sizeof(sce_aes_wrapped_key_t));
@@ -1155,7 +1141,7 @@ int sce_crypt_AesGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1179,7 +1165,7 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
     Info info_aes256cbc;
     Info info_aes256gcm;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -1201,45 +1187,45 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
-    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1", 
+    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                             STACK_SIZE, NULL, 3, NULL);
 
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2", 
+        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2",
                                             STACK_SIZE, NULL, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1, 
+    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1", 
+        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1",
                                     STACK_SIZE, &info_aes128cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2, 
+    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2", 
+        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2",
                                     STACK_SIZE, &info_aes128gcm, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1, 
+    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1", 
+        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1",
                                     STACK_SIZE, &info_aes256cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2, 
+    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", 
+        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
                                     STACK_SIZE, &info_aes256gcm, 3, NULL);
 #endif
 
@@ -1256,19 +1242,19 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
-    if ((xRet == pdPASS) && 
+
+    if ((xRet == pdPASS) &&
         (Aes128_Gcm_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0) &&
         (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0)) {
-        
+
         ret = 0;
     }
     else {
         ret = -1;
     }
-    
+
     RESULT_STR(ret)
 
     return ret;
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/README.md b/IDE/Renesas/e2studio/RA6M4/tools/README.md
new file mode 100644
index 0000000000..dcb17b70ab
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/README.md
@@ -0,0 +1,39 @@
+# Create/Update Signed CA
+This document describes how to create/update Signed CA data that is used at an example program.
+
+## Signed CA Creatation
+### Generate RSA Key pair
+```
+2048 bit RSA key pair
+$ openssl genrsa 2048 2> /dev/null > rsa_private.pem
+$ openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem 2> /dev/null
+```
+
+### Sign to CA certificate
+```
+Signed by 2048-bit RSA
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out <signed-CA>.sign <CA-file-for-Signed>
+
+For an example program, it assumes that wolfSSL example CA cert is to be signed.
+e.g.
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out Signed-CA.sign /path/for/wolfssl/certs/ca-cert.der
+```
+
+### Convert Signed CA to C source
+It is able to use `dertoc.pl` to generate c-source data from signed-ca binary data.
+
+```
+$ /path/to/wolfssl/scripts/dertoc.pl ./ca-cert.der.sign ca_cert_der_sig example.c
+```
+
+
+## Appendix
+### Example Keys
+There are multiple example keys for testing in the `example_keys` folder.
+```
+<example_keys>
+|
++----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
+     + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
+     + generate_signCA.sh an example script to genearte signed-certificate data for the example program
+```
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh
new file mode 100755
index 0000000000..772f5ddfa1
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# example usage
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../wolfssl/certs/ca-cert.der ../../../../../../../wolfssl
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../wolfssl/certs/ca-ecc-cert.der ../../../../../../../wolfssl
+#
+SIGOPT=rsa_padding_mode:pss
+SIGOPT2=rsa_pss_saltlen:-1
+CURRENT=$(cd $(dirname $0);pwd)
+
+function usage() {
+    cat <<- _EOT_
+    Usage:
+      $0 private-key public-key file-name wolfssl-dir
+
+    Options:
+      private-key : private key for sign/verify
+      public-key  : public key for verify
+      file-name   : file name to be signed
+      wolfssl-dir : wolfssl folder path
+
+_EOT_
+exit 1
+}
+
+if [ $# -ne 4 ]; then
+    usage
+fi
+
+# $1 private key for sign/verify
+# $2 public key for verify
+# $3 file for sign/verify
+signed_file=$(basename $3)
+wolf_dir=$4
+
+openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/${signed_file}.sign $3
+
+echo Verify by private key
+openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+echo Verifiy by public key
+openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+
+# Convert Signed CA to c source
+${wolf_dir}/scripts/dertoc.pl ${CURRENT}/${signed_file}.sign  XXXXXXX ${signed_file}.c
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem
new file mode 100644
index 0000000000..a6246b036b
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA1m5BL7AjTKZidSHuz0dvqKWrhY3/eD5swV8FBe2y6L1u2ulR
+FAmyHUmMnmy3YMIx+Zhi+Qc4Ra27t/3/ffFhTBwx2Snr5oqryxfB2rj1+Cc6kDQL
+aUIVY1z2y9s9E4NJIQAzSlzQ5e7oGiXH3cLjOTlEI8xKDGLJEhah58Lh18am4Dqp
+DilrkL+p0H+HQJPC6eJs3urEn7ueeqQaKCv1OOsrmQfeCfkjxSqbyrR/+F5VV4H6
+PjyXHCW0lbNhxSmF9wVK8+t4DRARU5ONoECY7dIkPMqFHdzGdRmOrfEsGl++wjPH
+CvvUOLJ7/Pt0h6c7yazZngt1kqKYmKWJR7+FLQIDAQABAoIBAQCdfIqJwL6cPBNR
+3eMr/1ZlsY+A3mKD6K0tdGEXEpX007RIOVXf9qMHWY5aiJRCDz5vB1mhdokAu/GD
+15u+3vpL0OVXjq+AOdakqcUpo/CbGgyr/l1nKC7XNF7aKCH6Y9Dg2OnSssqGJWn4
+UkkxeUIzM/j0pcS4xhDRJSgyNHJ0a0xjY37K5JXTVhzgAAWxAVmh0iaptNpGAsU2
++DN6yQgtsGcKmrUp5ERtuiT66X79uDJdDL5OE070LpRGz+547rXE7haSzM0Iepup
+hEENj1UB8PZ8xK9Ki/h7iWaRNllv5TV5SfryHGlUi/kPbTDWCc+CoVG8o7tQPQ12
+yxOxMaehAoGBAPbMLvr132Kt3mCQa2SbAIV+fnv9hqY+K5jiV+Vp220kmc4ji7L/
+uleiKT8jkmO93mvLau3uLelGN2udVaBbhn5llZIwhK8R/jLP0XIap9v7EKKhuRad
++UbfYWKs6zANM8hIrRkW0P6BNlSZyjL1KiIY8kdNIBn/ZpIQh8evpcFJAoGBAN5t
+HIiiSe9mY1HCbArxD9BjKebfIMDhgwb+vgWHwk6iexdE9aFRLVhriYvQA8dhOoqZ
+LFeExaIfG0XJnrcgkEyOuuGnO3M2KUv/UKM1/F+nP3g5pCD8MC0qSM4kukFEMG2u
+3oPPCUsdRUoQBjCoae89g1CQADDfTe3zMVIda4jFAoGBALSASawKv8KwX4BIoAMI
+yqzYAzI0DpLvzXsXsCl97po4trTpknbsSiFl3LztC1gfudklAaPbG4ENdeMjQ0jx
+J8CyE17EVYalpkELdaf6juJ5EYWgunosN/D514QP7ENMpJ7LaK583YYGgvIFOLlk
+Tdh6Xlh/tAbPoPkbVfNaJ+ThAoGAHIMeIkGzepXEa4mhsfFe1pavm2HE4BTIaBAl
+qa3ScaQQZVY4qnouduQqGJsMsPU8vOGPtpRVhUe5hkOnLdBlzvqI6D44t7ccqhpL
+avCTrmtRDodNC9FoF5IRDSPWIGGuV5EQAxN6HH/fDvRo5rngAoP/HkenTpyBb9w5
+2U3eKAUCgYB0M2INdmqs8DltOVLo2vJqJxKQGtbeizB1HdQjQ9NKH+cyjmnXHZ4v
+0x1AtQsyO9FNYhib52ExYgTCpLc5rX6QNHA14mrhWpLtzB2noM4fo9BdKopMrQtE
+Kt8tl+JWmKtpBnPdTMeoF+0GYd8KZCgxITcE0SccsNl6yROBquA/pQ==
+-----END RSA PRIVATE KEY-----
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem
new file mode 100644
index 0000000000..bc83722139
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1m5BL7AjTKZidSHuz0dv
+qKWrhY3/eD5swV8FBe2y6L1u2ulRFAmyHUmMnmy3YMIx+Zhi+Qc4Ra27t/3/ffFh
+TBwx2Snr5oqryxfB2rj1+Cc6kDQLaUIVY1z2y9s9E4NJIQAzSlzQ5e7oGiXH3cLj
+OTlEI8xKDGLJEhah58Lh18am4DqpDilrkL+p0H+HQJPC6eJs3urEn7ueeqQaKCv1
+OOsrmQfeCfkjxSqbyrR/+F5VV4H6PjyXHCW0lbNhxSmF9wVK8+t4DRARU5ONoECY
+7dIkPMqFHdzGdRmOrfEsGl++wjPHCvvUOLJ7/Pt0h6c7yazZngt1kqKYmKWJR7+F
+LQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject b/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject
index 7684a0b608..0daf30fa0e 100644
--- a/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject
+++ b/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject
@@ -81,10 +81,14 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs.1008320129" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1332222526" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
 							</tool>
@@ -111,6 +115,9 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1740279599" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
@@ -118,6 +125,7 @@
 									<listOptionValue builtIn="false" value="WOLFSSL_RENESAS_RA6M4"/>
 									<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.214105753" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
 							</tool>
@@ -361,10 +369,14 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs.98883299" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1801561027" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
 							</tool>
@@ -389,10 +401,14 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1403729518" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1088287076" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
 							</tool>
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
index 967b6ec739..0ea94144ca 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
@@ -6,16 +6,16 @@ wolfSSL sample application project for GR-ROSE evaluation board
 ## 1. Overview
 -----
 
-We provide a sample program for evaluating wolfSSL targeting the GR-ROSE evaluation board, which has RX65N MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program. 
+We provide a sample program for evaluating wolfSSL targeting the GR-ROSE evaluation board, which has RX65N MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program.
 
 The sample provided is a single application that can evaluate the following three functions:
 
 - CryptoTest: A program that automatically tests various cryptographic operation functions
-- Benchmark: A program that measures the execution speed of various cryptographic operations 
+- Benchmark: A program that measures the execution speed of various cryptographic operations
 - TlsClient: A program that performs TLS communication with the opposite TLS server application
 <br><br>
 
-Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only. 
+Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only.
 
 The following sections will walk you through the steps leading up to running the sample application.
 <br><br>
@@ -23,16 +23,16 @@ The following sections will walk you through the steps leading up to running the
 ## 2. Target H/W, components and libraries
 -----
 
-This sample program uses the following hardware and software libraries. If a new version of the software component is available at the time of use, please update it as appropriate. 
+This sample program uses the following hardware and software libraries. If a new version of the software component is available at the time of use, please update it as appropriate.
 
 |item|name & version|
 |:--|:--|
 |Board|GR-ROSE|
 |Device|R5F565NEHxFP|
-|IDE| Renesas e2Studio Version:2022-01 |
+|IDE| Renesas e2Studio Version:2024-04 (24.4.0) |
 |Emulator| E1, E2 Emulator Lite |
-|Toolchain|CCRX v3.04.00|
-|TSIP| TSIP v1.17|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 <br>
 
 The project of this sample program has a configuration file that uses the following FIT components.
@@ -47,21 +47,20 @@ However, the FIT components themselves are not included in the distribution of t
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.17.l|r_tsip_rx|
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 <br>
 
-Note) As of April 2022, TIPS v1.15 does not seem to be able to be added as a FIT component by adding a component in the Smart Configurator Perspective. Add it manually along the method described later. 
 <br><br>
 
 ## 3. Importing sample application project into e2Studio
 ----
 
-There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below. 
+There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below.
 
-+ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}) where this README file exists. 
-+ Four projects that can be imported are listed, but check only the three projects "smc", "test" and "wolfssl" and click the "Finish" button. 
++ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}) where this README file exists.
++ Four projects that can be imported are listed, but check only the three projects "smc", "test" and "wolfssl" and click the "Finish" button.
 
-You should see the **smc**, **test**, and **wolfssl** 3 projects you imported into the project explorer. 
+You should see the **smc**, **test**, and **wolfssl** 3 projects you imported into the project explorer.
 <br><br>
 
 ## 4. FIT module download and smart configurator file generation
@@ -69,13 +68,13 @@ You should see the **smc**, **test**, and **wolfssl** 3 projects you imported in
 
 You will need to get the required FIT modules yourself. Follow the steps below to get them.
 
-1. Open the smc project in Project Explorer and double-click the **smc.scfg** file to open the Smart Configurator Perspective. 
+1. Open the smc project in Project Explorer and double-click the **smc.scfg** file to open the Smart Configurator Perspective.
 
 2. Select the "Components" tab on the software component settings pane. Then click the "Add Component" button at the top right of the pane. The software component selection dialog will pop up. Click "Download the latest version of FIT driver and middleware" at the bottom of the dialog to get the modules. You can check the download destination folder by pressing "Basic settings...".
 
 3. The latest version of the TSIP component may not be automatically obtained due to the delay in Renesas' support by the method in step 2 above. In that case, you can download it manually from the Renesas website. Unzip the downloaded component and store the files contained in the FIT Modules folder in the download destination folder of step 2.
 
-4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components. 
+4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components.
 
 5. Select the Components tab on the Software Component Settings pane and select the r_t4_rx component. In the settings pane on the right, specify the IP address of this board as the value of the "# IP address for ch0, when DHCP disable." Property (e.g. 192.168.1.9).
 
@@ -117,7 +116,7 @@ Then build the test application.
 ## 7. Build and run the test application
 -----
 
-Now that the test application is ready to build. 
+Now that the test application is ready to build.
 
 1. Build the wolfssl project on the project explorer, then the test project.
 
@@ -129,14 +128,14 @@ Now that the test application is ready to build.
 
 5. Press the run button to run the test application.
 
-6. CryptoTest, Benchmark or TLS_Client After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging. 
+6. CryptoTest, Benchmark or TLS_Client After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging.
 <br><br>
 
 ## 8. Running test application as TLS_Client
 -----
 <br>
 
-### 8.1 TLS version supported by the test application 
+### 8.1 TLS version supported by the test application
 
 <br>
 You can use the TLS1.3 protocol in addition to the existing TLS1.2. The following macro is defined to {board-name-folder}/common/user_settings.h.
@@ -177,7 +176,7 @@ In the test application, the TLS version and certificate type determine the ciph
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA certificate|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA certificate|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -200,7 +199,7 @@ To operate as TLS_Client, an opposite application for TLS communication is requi
 
 Configuration options need to be changed depending on the certificate type used.
 
-#### 8.4.1 Configuration when using ECDSA certificates 
+#### 8.4.1 Configuration when using ECDSA certificates
 
 <br>
 
@@ -217,7 +216,7 @@ Note: Do not forget to specify "-DNO_RSA"
 <br>
 
 With the above build, <wolfssl-folder\>/examples/server/server
-Is generated. This executable acts as a TLS server application. If you execute it with the following options, it will be in the listening state for the connection from TLS_Client. 
+Is generated. This executable acts as a TLS server application. If you execute it with the following options, it will be in the listening state for the connection from TLS_Client.
 <br><br>
 
 ```
@@ -247,7 +246,7 @@ is generated. This executable program acts as a server application. If you execu
 <br> <br>
 
 ```
-$ examples / server / server -b -v4 -i
+$ examples / server / server -b -v 4 -i
 ```
 
 <br>
@@ -298,7 +297,7 @@ If you want to use it for purposes beyond functional evaluation, you need to pre
   2. RSA key pair required for RootCA certificate validation
   3. The signature generated by the RootCA certificate with the private key in 2 above.
 
-will become necessary. Please refer to the manual provided by Renesas for how to generate them. 
+will become necessary. Please refer to the manual provided by Renesas for how to generate them.
 
 <br>
 
@@ -316,7 +315,7 @@ Use wolfSSL_use_certificate_buffer or wolfSSL_CTX_use_certificate_buffer to load
 
 (2)	Loading client private key/public key
 
-Type of the client certificate decides the keys to be loaded. 
+Type of the client certificate decides the keys to be loaded.
 
 a)	ECDSA certificate:<br>
 	Load private key using tsip_use_PrivateKey_buffer.
@@ -324,25 +323,25 @@ a)	ECDSA certificate:<br>
 b)	RSA certificate:<br>
 Load private key using tsip_use_PrivateKey_buffer.
 Load public key using tsip_use_PublicKey_buffer.
-Note. In case of RSA certificate, the public key will be used for internal verification of signature process.   
+Note. In case of RSA certificate, the public key will be used for internal verification of signature process.
 
 (3)	How to generate encrypted keys
 
 The keys (private and public keys) to be loaded should be encrypted-key format. Those keys could be generated with Renesas Secure Flash Programmer or SecurityKeyManagementTool.  Refer the section 7.5 and 7.6 of the application note named “RX Family TSIP Module Firmware Integration technology” how to operate above key wrapping tool.
 
 (4)	Macro to be defined
-Define “WOLF_PRIVATE_KEY_ID” in your user_settings.h. 
+Define “WOLF_PRIVATE_KEY_ID” in your user_settings.h.
 
 <br>
 
 ## 11. Limitations
 ----
 <br>
-wolfSSL, which supports TSIPv1.17, has the following functional restrictions.
+wolfSSL, which supports TSIPv1.21, has the following functional restrictions.
 <br><br>
 
 1. Handshake message packets exchanged with the server during the TLS handshake are stored in plaintext in memory. This is used to calculate the hash of handshake messages. The content will be deleted at the end of the session.
 
 1. Session resumption and early data using TSIP are not supported.
 
-The above limitations are expected to be improved by TSIP or wolfSSL from the next version onwards.
\ No newline at end of file
+The above limitations are expected to be improved by TSIP or wolfSSL from the next version onwards.
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
index c3186924ab..29ca1169aa 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
@@ -30,10 +30,10 @@ Renesas社製MCU RX65Nを搭載した評価ボードGR-ROSEをターゲットと
 |:--|:--|
 |評価ボード|GR-ROSE|
 |Device|R5F565NEHxFP|
-|IDE| Renesas e2Studio Version:2022-01 |
+|IDE| Renesas e2Studio Version:2024-04 (24.4.0) |
 |エミュレーター| E1, E2エミュレーターLite |
-|Toolchain|CCRX v3.04.00|
-|TSIP| TSIP v1.17|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 <br>
 
 本サンプルプログラムのプロジェクトには以下のFITコンポーネントを使用する設定ファイルが用意されています。
@@ -50,10 +50,7 @@ Renesas社製MCU RX65Nを搭載した評価ボードGR-ROSEをターゲットと
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.17.l|r_tsip_rx|
-
-（注意）2022年4月現在、TIPSv1.15はFITコンポーネントとしてスマートコンフィギュレータパースペクティブのコンポーネントの追加操作では追加できないようです。後ほど説明する手動での追加方法を使って追加してください。<br>
-
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 
 <br><br>
 
@@ -186,7 +183,7 @@ testアプリケーションでは、TLSバージョンと証明書のタイプ
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA証明書|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA証明書|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -246,7 +243,7 @@ $ make
 <br><br>
 
 ```
-$ examples/server/server -b -v4 -i
+$ examples/server/server -b -v 4 -i
 ```
 <br>
 testアプリケーションには、サーバーアプリケーションに割り当てられたIPアドレスを指定します。
@@ -336,7 +333,7 @@ user_settings.hにWOLF_PRIVATE_KEY_IDの定義を行ってください。
 
 ## 11. 制限事項
 -----
-TSIPv1.17をサポートしたwolfSSLでは以下の機能制限があります。
+TSIPv1.21をサポートしたwolfSSLでは以下の機能制限があります。
 
 1. TLSハンドシェーク中にサーバーと交換したメッセージパケットが平文でメモリ上に蓄積されています。これはハンドシェークメッセージのハッシュ計算に使用されます。内容はセッション終了時に削除されます。
 
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h
index 030e4ffad0..a66c8bbbf8 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h
@@ -1,6 +1,6 @@
 /* strings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
index d288552e6c..12f9374948 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
@@ -1,6 +1,6 @@
 /* unistd.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
index fa80de8404..ecf532359e 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,7 @@
 /*-- Renesas TSIP usage and its version ---------------------------------------
  *
  *  "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration
- *   for cipher operations. 
+ *   for cipher operations.
  *  TSIP definition asks to have its version number.
  *  "WOLFSSL_RENESAS_TSIP_VER" takes following value:
  *      106: TSIPv1.06
@@ -38,27 +38,29 @@
  *      113: TSIPv1.13
  *      114: TSIPv1.14
  *      115: TSIPv1.15
+ *      117: TSIPv1.17
+ *      121: TSIPv1.21
  *----------------------------------------------------------------------------*/
   #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     117
+  #define WOLFSSL_RENESAS_TSIP_VER     121
 
 
 /*-- TLS version definitions  --------------------------------------------------
  *
  * wolfSSL supports TLSv1.2 by default. In case you want your system to support
  * TLSv1.3, uncomment line below.
- * 
+ *
  *----------------------------------------------------------------------------*/
 #define WOLFSSL_TLS13
 
 
 /*-- Operating System related definitions --------------------------------------
- * 
+ *
  *  In case any real-time OS is used, define its name(e.g. FREERTOS).
  *  Otherwise, define "SINGLE_THREADED". They are exclusive each other.
- *   
+ *
  *----------------------------------------------------------------------------*/
-  #define SINGLE_THREADED 
+  #define SINGLE_THREADED
 /*#define FREERTOS*/
 
 /*-- Compiler related definitions  ---------------------------------------------
@@ -98,34 +100,34 @@
 
   /* USE_ECC_CERT
    * This macro is for selecting root CA certificate to load, it is valid only
-   * in example applications. wolfSSL does not refer this macro. 
-   * If you want to use cipher suites including ECDSA authentication in 
+   * in example applications. wolfSSL does not refer this macro.
+   * If you want to use cipher suites including ECDSA authentication in
    * the example applications with TSIP, enable this macro.
-   * In TSIP 1.13 or later version, following cipher suites are 
+   * In TSIP 1.13 or later version, following cipher suites are
    * available:
    * - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SAH256
-   * 
+   *
    * Note that, this macro disables cipher suites including RSA
    * authentication such as:
    * - TLS_RSA_WITH_AES_128_CBC_SHA
-   * - TLS_RSA_WITH_AES_256_CBC_SHA 
+   * - TLS_RSA_WITH_AES_256_CBC_SHA
    * - TLS_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_RSA_WITH_AES_256_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
-   * 
+   *
    */
   #define USE_ECC_CERT
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_ecc_cert_der_256" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_ecc_cert_der_256" is used under the following macro definition
    * for ECDSA.
    */
   #define USE_CERT_BUFFERS_256
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_cert_der_2048" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_cert_der_2048" is used under the following macro definition
    * for RSA authentication.
    */
   #define USE_CERT_BUFFERS_2048
@@ -137,7 +139,7 @@
   #define SIZEOF_LONG_LONG 8
 
   /*#define WOLFSSL_STATIC_MEMORY*/
-  
+
   #if defined(WOLFSSL_STATIC_MEMORY)
     #define USE_FAST_MATH
   #else
@@ -146,24 +148,24 @@
 
 
 
- /* 
+ /*
   * -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
-  *  
-  * Note. In your actual products, do not forget to comment-out 
+  *
+  * Note. In your actual products, do not forget to comment-out
   * "NO_ASN_TIME" macro. And prepare time function to get calendar time,
-  * otherwise, certificate expiration validation will not work.  
+  * otherwise, certificate expiration validation will not work.
   */
   /*#define NO_ASN_TIME*/
-  
+
   #define NO_MAIN_DRIVER
   #define BENCH_EMBEDDED
-  #define NO_WOLFSSL_DIR 
+  #define NO_WOLFSSL_DIR
   #define WOLFSSL_NO_CURRDIR
   #define NO_FILESYSTEM
   #define WOLFSSL_LOG_PRINTF
   #define WOLFSSL_HAVE_MIN
   #define WOLFSSL_HAVE_MAX
-  
+
   #define NO_WRITEV
   #define WOLFSSL_USER_IO
 
@@ -175,7 +177,7 @@
   #define USE_WOLF_SUSECONDS_T
   #define USE_WOLF_TIMEVAL_T
 
-  
+
   #define WC_RSA_BLINDING
   #define TFM_TIMING_RESISTANT
   #define ECC_TIMING_RESISTANT
@@ -191,7 +193,7 @@
 
 /*-- Definitions for functionality negation  -----------------------------------
  *
- * 
+ *
  *----------------------------------------------------------------------------*/
 
 /*#define NO_RENESAS_TSIP_CRYPT*/
@@ -203,7 +205,7 @@
 
 /*-- Consistency checking between definitions  ---------------------------------
  *
- *  
+ *
  *----------------------------------------------------------------------------*/
 
 /*-- TSIP TLS specific definitions --*/
@@ -229,7 +231,6 @@
     #define WOLFSSL_RENESAS_TSIP_TLS
 
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -243,10 +244,20 @@
         # undef WOLFSSL_RENESAS_TSIP_TLS
         # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
-
+        /*-------------------------------------------------------------------------
+     * TSIP generates random numbers using the CRT-DRBG described
+     * in NIST SP800-90A. Recommend to define the CUSTOM_RAND_GENERATE_BLOCK
+     * so that wc_RNG_GenerateByte/Block() call TSIP random generatoion API
+     * directly. Comment out the macro will generate random number by
+     * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
+     *-----------------------------------------------------------------------*/
+	#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 #else
     #define OPENSSL_EXTRA
     #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
+    #if !defined(min)
+    	#define min(data1, data2)    _builtin_min(data1, data2)
+	#endif
 #endif
 
 
@@ -260,7 +271,3 @@
 
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
 
-#if !defined(WOLFSSL_RENESAS_TSIP_TLS)
- #define min(x,y) ((x)<(y)?(x):(y))
-#endif
-
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
index 251d6481b6..b26cd7d6bc 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,18 +18,33 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-#define YEAR 2023
-#define MON  6
-
 static int tick = 0;
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
 
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++;
 }
 
 #include <ctype.h>
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am b/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
index 60df793e5c..ce88e9b152 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
@@ -23,4 +23,8 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/.cproject
 EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/.project
-EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
\ No newline at end of file
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg b/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
index 393a20ac49..9193414c7a 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
@@ -4,16 +4,18 @@
         <configuration active="true" id="com.renesas.smc.toolchain.rxc.configuration.release">
             <property id="com.renesas.smc.service.project.buildArtefactType" values="com.renesas.smc.service.project.buildArtefactType.exe"/>
             <toolchain id="com.renesas.smc.toolchain.rxc.toolchain.rxc">
+                <option id="com.renesas.smc.toolchain.option.language" key="com.renesas.smc.toolchain.option.language.c"/>
                 <option id="com.renesas.smc.toolchain.option.buildArtefactType" key="com.renesas.smc.toolchain.option.buildArtefactType.exe"/>
                 <option id="com.renesas.smc.toolchain.option.rtos" key="com.renesas.smc.toolchain.option.rtos.none"/>
+                <option id="com.renesas.smc.toolchain.option.dual" key="com.renesas.smc.toolchain.option.dual.false"/>
             </toolchain>
         </configuration>
         <platform id="R5F565NEHxFP"/>
-        <option id="board" value="gr-rose (v1.01)"/>
+        <option id="board" value="GR-ROSE-RX65N (V1.03)"/>
     </general>
     <tool id="Clock">
         <option enabled="true" id="vccinput" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="3.3" value="3.300"/>
+            <item enabled="true" id="textinputitem" input="3.3" value="3.3"/>
         </option>
         <option enabled="true" id="mainclockenable" selection="check">
             <item enabled="true" id="check"/>
@@ -24,10 +26,10 @@
             <item enabled="true" id="srcEOI"/>
         </option>
         <option enabled="true" id="mainfrequency" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="12" value="12.000000"/>
+            <item enabled="true" id="textinputitem" input="12" value="12"/>
         </option>
         <option enabled="false" id="mainwaittime" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="9980" value="9980.000000"/>
+            <item enabled="true" id="textinputitem" input="9980" value="9980"/>
         </option>
         <option enabled="true" id="subclockenable" selection="uncheck">
             <item enabled="true" id="check"/>
@@ -41,7 +43,7 @@
             <item enabled="true" id="lowCL"/>
         </option>
         <option enabled="false" id="subwaittime" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="2000" value="2000.000000"/>
+            <item enabled="true" id="textinputitem" input="2000" value="2000"/>
         </option>
         <option enabled="true" id="hococlockenable" selection="uncheck">
             <item enabled="true" id="check"/>
@@ -71,7 +73,7 @@
             <item enabled="true" id="textinputitem" input="" value="120"/>
         </option>
         <option enabled="true" id="pllswitcher" selection="pllmain">
-            <item enabled="true" id="pllmain" input="" value="12.0"/>
+            <item enabled="true" id="pllmain" input="" value="12"/>
             <item enabled="false" id="pllhoco" input="" value="16"/>
         </option>
         <option enabled="true" id="plldivider" selection="div1-1">
@@ -124,7 +126,7 @@
         </option>
         <option enabled="true" id="sckswitcher" selection="pll">
             <item enabled="true" id="pll" input="" value="1.2E8"/>
-            <item enabled="true" id="main" input="" value="1.2E7"/>
+            <item enabled="true" id="main" input="" value="12000000"/>
             <item enabled="false" id="sub" input="" value="32768.0"/>
             <item enabled="false" id="hoco" input="" value="16000000"/>
             <item enabled="false" id="loco" input="" value="240000"/>
@@ -257,308 +259,308 @@
             <item enabled="true" id="textoutputitem" input="" value="120"/>
         </option>
         <option enabled="true" id="cacmclk" selection="textoutputitem">
-            <item enabled="true" id="textoutputitem" input="" value="12.0"/>
+            <item enabled="true" id="textoutputitem" input="" value="12"/>
         </option>
     </tool>
     <tool id="Interrupt">
-        <Item currentVect="16" id="BSC_BUSERR" priority="15" usedState="Not Use"/>
-        <Item currentVect="18" id="RAM_RAMERR" priority="15" usedState="Not Use"/>
-        <Item currentVect="21" id="FCU_FIFERR" priority="15" usedState="Not Use"/>
-        <Item currentVect="23" id="FCU_FRDYI" priority="15" usedState="Not Use"/>
-        <Item currentVect="26" id="ICU_SWINT2" priority="1" usedState="Used"/>
-        <Item currentVect="27" id="ICU_SWINT" priority="1" usedState="Used"/>
-        <Item currentVect="28" id="CMT0_CMI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="29" id="CMT1_CMI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="30" id="CMTW0_CMWI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="31" id="CMTW1_CMWI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="34" id="USB0_D0FIFO0" priority="15" usedState="Not Use"/>
-        <Item currentVect="35" id="USB0_D1FIFO0" priority="15" usedState="Not Use"/>
-        <Item currentVect="38" id="RSPI0_SPRI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="39" id="RSPI0_SPTI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="40" id="RSPI1_SPRI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="41" id="RSPI1_SPTI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="42" id="QSPI_SPRI" priority="15" usedState="Not Use"/>
-        <Item currentVect="43" id="QSPI_SPTI" priority="15" usedState="Not Use"/>
-        <Item currentVect="44" id="SDHI_SBFAI" priority="15" usedState="Not Use"/>
-        <Item currentVect="45" id="MMCIF_MBFAI" priority="15" usedState="Not Use"/>
-        <Item currentVect="50" id="RIIC1_RXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="51" id="RIIC1_TXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="52" id="RIIC0_RXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="53" id="RIIC0_TXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="54" id="RIIC2_RXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="55" id="RIIC2_TXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="58" id="SCI0_RXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="59" id="SCI0_TXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="60" id="SCI1_RXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="61" id="SCI1_TXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="62" id="SCI2_RXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="63" id="SCI2_TXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="64" id="ICU_IRQ0" priority="15" usedState="Not Use"/>
-        <Item currentVect="65" id="ICU_IRQ1" priority="15" usedState="Not Use"/>
-        <Item currentVect="66" id="ICU_IRQ2" priority="15" usedState="Not Use"/>
-        <Item currentVect="67" id="ICU_IRQ3" priority="15" usedState="Not Use"/>
-        <Item currentVect="68" id="ICU_IRQ4" priority="15" usedState="Not Use"/>
-        <Item currentVect="69" id="ICU_IRQ5" priority="15" usedState="Not Use"/>
-        <Item currentVect="70" id="ICU_IRQ6" priority="15" usedState="Not Use"/>
-        <Item currentVect="71" id="ICU_IRQ7" priority="15" usedState="Not Use"/>
-        <Item currentVect="72" id="ICU_IRQ8" priority="15" usedState="Not Use"/>
-        <Item currentVect="73" id="ICU_IRQ9" priority="15" usedState="Not Use"/>
-        <Item currentVect="74" id="ICU_IRQ10" priority="15" usedState="Not Use"/>
-        <Item currentVect="75" id="ICU_IRQ11" priority="15" usedState="Not Use"/>
-        <Item currentVect="76" id="ICU_IRQ12" priority="15" usedState="Not Use"/>
-        <Item currentVect="77" id="ICU_IRQ13" priority="15" usedState="Not Use"/>
-        <Item currentVect="78" id="ICU_IRQ14" priority="15" usedState="Not Use"/>
-        <Item currentVect="79" id="ICU_IRQ15" priority="15" usedState="Not Use"/>
-        <Item currentVect="80" id="SCI3_RXI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="81" id="SCI3_TXI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="82" id="SCI4_RXI4" priority="15" usedState="Not Use"/>
-        <Item currentVect="83" id="SCI4_TXI4" priority="15" usedState="Not Use"/>
-        <Item currentVect="84" id="SCI5_RXI5" priority="15" usedState="Not Use"/>
-        <Item currentVect="85" id="SCI5_TXI5" priority="15" usedState="Not Use"/>
-        <Item currentVect="86" id="SCI6_RXI6" priority="15" usedState="Not Use"/>
-        <Item currentVect="87" id="SCI6_TXI6" priority="15" usedState="Not Use"/>
-        <Item currentVect="88" id="LVD1_LVD1" priority="15" usedState="Not Use"/>
-        <Item currentVect="89" id="LVD2_LVD2" priority="15" usedState="Not Use"/>
-        <Item currentVect="90" id="USB0_USBR0" priority="15" usedState="Not Use"/>
-        <Item currentVect="92" id="RTC_ALM" priority="15" usedState="Not Use"/>
-        <Item currentVect="93" id="RTC_PRD" priority="15" usedState="Not Use"/>
-        <Item currentVect="95" id="IWDT_IWUNI" priority="15" usedState="Not Use"/>
-        <Item currentVect="96" id="WDT_WUNI" priority="15" usedState="Not Use"/>
-        <Item currentVect="97" id="PDC_PCDFI" priority="15" usedState="Not Use"/>
-        <Item currentVect="98" id="SCI7_RXI7" priority="15" usedState="Not Use"/>
-        <Item currentVect="99" id="SCI7_TXI7" priority="15" usedState="Not Use"/>
-        <Item currentVect="100" id="SCI8_RXI8" priority="15" usedState="Not Use"/>
-        <Item currentVect="101" id="SCI8_TXI8" priority="15" usedState="Not Use"/>
-        <Item currentVect="102" id="SCI9_RXI9" priority="15" usedState="Not Use"/>
-        <Item currentVect="103" id="SCI9_TXI9" priority="15" usedState="Not Use"/>
-        <Item currentVect="104" id="SCI10_RXI10" priority="15" usedState="Not Use"/>
-        <Item currentVect="105" id="SCI10_TXI10" priority="15" usedState="Not Use"/>
-        <Item currentVect="106" groupchild="&lt;br&gt;1-ERS0&lt;br&gt;2-ERS1" id="BE0" priority="15" usedState="Not Use"/>
-        <Item currentVect="107" groupchild="&lt;br&gt;1-SDIOI" id="BL2" priority="15" usedState="Not Use"/>
-        <Item currentVect="108" id="RSPI2_SPRI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="109" id="RSPI2_SPTI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="110" groupchild="&lt;br&gt;1-TEI0&lt;br&gt;2-ERI0&lt;br&gt;3-TEI1&lt;br&gt;4-ERI1&lt;br&gt;5-TEI2&lt;br&gt;6-ERI2&lt;br&gt;7-TEI3&lt;br&gt;8-ERI3&lt;br&gt;9-TEI4&lt;br&gt;10-ERI4&lt;br&gt;11-TEI5&lt;br&gt;12-ERI5&lt;br&gt;13-TEI6&lt;br&gt;14-ERI6&lt;br&gt;15-TEI7&lt;br&gt;16-ERI7&lt;br&gt;17-TEI12&lt;br&gt;18-ERI12&lt;br&gt;19-SCIX0&lt;br&gt;20-SCIX1&lt;br&gt;21-SCIX2&lt;br&gt;22-SCIX3&lt;br&gt;23-QSPSSLI&lt;br&gt;24-FERRI&lt;br&gt;25-MENDI&lt;br&gt;26-OVFI&lt;br&gt;27-DOPCI&lt;br&gt;28-PCFEI&lt;br&gt;29-PCERI" id="BL0" priority="15" usedState="Not Use"/>
-        <Item currentVect="111" groupchild="&lt;br&gt;1-CDETI&lt;br&gt;2-CACI&lt;br&gt;3-SDACI&lt;br&gt;4-CDETIO&lt;br&gt;5-ERRIO&lt;br&gt;6-ACCIO&lt;br&gt;7-OEI1&lt;br&gt;8-OEI2&lt;br&gt;9-OEI3&lt;br&gt;10-OEI4&lt;br&gt;11-TEI0&lt;br&gt;12-EEI0&lt;br&gt;13-TEI2&lt;br&gt;14-EEI2&lt;br&gt;15-S12CMPAI&lt;br&gt;16-S12CMPBI&lt;br&gt;17-S12CMPAI1&lt;br&gt;18-S12CMPBI1&lt;br&gt;19-TEI8&lt;br&gt;20-ERI8&lt;br&gt;21-TEI9&lt;br&gt;22-ERI9&lt;br&gt;23-TEI1&lt;br&gt;24-EEI1" id="BL1" priority="15" usedState="Not Use"/>
-        <Item currentVect="112" groupchild="&lt;br&gt;1-TEI10&lt;br&gt;2-ERI10&lt;br&gt;3-TEI11&lt;br&gt;4-ERI11&lt;br&gt;5-SPII0&lt;br&gt;6-SPEI0&lt;br&gt;7-SPII1&lt;br&gt;8-SPEI1&lt;br&gt;9-SPII2&lt;br&gt;10-SPEI2" id="AL0" priority="15" usedState="Not Use"/>
-        <Item currentVect="113" groupchild="&lt;br&gt;1-EINT0&lt;br&gt;2-VPOS&lt;br&gt;3-GR1UF&lt;br&gt;4-GR2UF&lt;br&gt;5-DRW_IRQ" id="AL1" priority="2" usedState="Used"/>
-        <Item currentVect="114" id="SCI11_RXI11" priority="15" usedState="Not Use"/>
-        <Item currentVect="115" id="SCI11_TXI11" priority="15" usedState="Not Use"/>
-        <Item currentVect="116" id="SCI12_RXI12" priority="15" usedState="Not Use"/>
-        <Item currentVect="117" id="SCI12_TXI12" priority="15" usedState="Not Use"/>
-        <Item currentVect="120" id="DMAC_DMAC0I" priority="15" usedState="Not Use"/>
-        <Item currentVect="121" id="DMAC_DMAC1I" priority="15" usedState="Not Use"/>
-        <Item currentVect="122" id="DMAC_DMAC2I" priority="15" usedState="Not Use"/>
-        <Item currentVect="123" id="DMAC_DMAC3I" priority="15" usedState="Not Use"/>
-        <Item currentVect="124" id="DMAC_DMAC74I" priority="15" usedState="Not Use"/>
-        <Item currentVect="125" id="OST_OSTDI" priority="15" usedState="Not Use"/>
-        <Item currentVect="126" id="EXDMAC_EXDMAC0I" priority="15" usedState="Not Use"/>
-        <Item currentVect="127" id="EXDMAC_EXDMAC1I" priority="15" usedState="Not Use"/>
-        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="130" defaultVect="130" id="TPU0_TGI0A" priority="15" usedState="Not Use"/>
-        <Item currentVect="131" defaultVect="131" id="TPU0_TGI0B" priority="15" usedState="Not Use"/>
-        <Item currentVect="132" defaultVect="132" id="TPU0_TGI0C" priority="15" usedState="Not Use"/>
-        <Item currentVect="133" defaultVect="133" id="TPU0_TGI0D" priority="15" usedState="Not Use"/>
-        <Item currentVect="134" defaultVect="134" id="TPU0_TCI0V" priority="15" usedState="Not Use"/>
-        <Item currentVect="135" defaultVect="135" id="TPU1_TGI1B" priority="15" usedState="Not Use"/>
-        <Item currentVect="136" defaultVect="136" id="TPU1_TCI1V" priority="15" usedState="Not Use"/>
-        <Item currentVect="137" defaultVect="137" id="TPU1_TCI1U" priority="15" usedState="Not Use"/>
-        <Item currentVect="138" defaultVect="138" id="TPU2_TGI2A" priority="15" usedState="Not Use"/>
-        <Item currentVect="139" defaultVect="139" id="TPU2_TGI2B" priority="15" usedState="Not Use"/>
-        <Item currentVect="140" defaultVect="140" id="TPU2_TCI2V" priority="15" usedState="Not Use"/>
-        <Item currentVect="141" defaultVect="141" id="TPU2_TCI2U" priority="15" usedState="Not Use"/>
-        <Item currentVect="142" defaultVect="142" id="TPU3_TGI3A" priority="15" usedState="Not Use"/>
-        <Item currentVect="143" defaultVect="143" id="TPU3_TGI3B" priority="15" usedState="Not Use"/>
-        <Item currentVect="144" defaultVect="144" id="TPU1_TGI1A" priority="15" usedState="Not Use"/>
-        <Item currentVect="145" defaultVect="145" id="TPU3_TGI3C" priority="15" usedState="Not Use"/>
-        <Item currentVect="146" defaultVect="146" id="TMR0_CMIA0" priority="15" usedState="Not Use"/>
-        <Item currentVect="147" defaultVect="147" id="TMR0_CMIB0" priority="15" usedState="Not Use"/>
-        <Item currentVect="148" defaultVect="148" id="TMR0_OVI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="149" defaultVect="149" id="TMR1_CMIA1" priority="15" usedState="Not Use"/>
-        <Item currentVect="150" defaultVect="150" id="TMR1_CMIB1" priority="15" usedState="Not Use"/>
-        <Item currentVect="151" defaultVect="151" id="TMR1_OVI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="152" defaultVect="152" id="TMR2_CMIA2" priority="15" usedState="Not Use"/>
-        <Item currentVect="153" defaultVect="153" id="TMR2_CMIB2" priority="15" usedState="Not Use"/>
-        <Item currentVect="154" defaultVect="154" id="TMR2_OVI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="155" defaultVect="155" id="TMR3_CMIA3" priority="15" usedState="Not Use"/>
-        <Item currentVect="156" defaultVect="156" id="TMR3_CMIB3" priority="15" usedState="Not Use"/>
-        <Item currentVect="157" defaultVect="157" id="TMR3_OVI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="158" defaultVect="158" id="TPU3_TGI3D" priority="15" usedState="Not Use"/>
-        <Item currentVect="159" defaultVect="159" id="TPU3_TCI3V" priority="15" usedState="Not Use"/>
-        <Item currentVect="160" defaultVect="160" id="TPU4_TGI4A" priority="15" usedState="Not Use"/>
-        <Item currentVect="161" defaultVect="161" id="TPU4_TGI4B" priority="15" usedState="Not Use"/>
-        <Item currentVect="162" defaultVect="162" id="TPU4_TCI4V" priority="15" usedState="Not Use"/>
-        <Item currentVect="163" defaultVect="163" id="TPU4_TCI4U" priority="15" usedState="Not Use"/>
-        <Item currentVect="164" defaultVect="164" id="TPU5_TGI5A" priority="15" usedState="Not Use"/>
-        <Item currentVect="165" defaultVect="165" id="TPU5_TGI5B" priority="15" usedState="Not Use"/>
-        <Item currentVect="166" defaultVect="166" id="TPU5_TCI5V" priority="15" usedState="Not Use"/>
-        <Item currentVect="167" defaultVect="167" id="TPU5_TCI5U" priority="15" usedState="Not Use"/>
-        <Item currentVect="168" defaultVect="168" id="CMTW0_IC0I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="169" defaultVect="169" id="CMTW0_IC1I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="170" defaultVect="170" id="CMTW0_OC0I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="171" defaultVect="171" id="CMTW0_OC1I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="172" defaultVect="172" id="CMTW1_IC0I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="173" defaultVect="173" id="CMTW1_IC1I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="174" defaultVect="174" id="CMTW1_OC0I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="175" defaultVect="175" id="CMTW1_OC1I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="176" defaultVect="176" id="RTC_CUP" priority="15" usedState="Not Use"/>
-        <Item currentVect="177" defaultVect="177" id="CAN0_RXF0" priority="15" usedState="Not Use"/>
-        <Item currentVect="178" defaultVect="178" id="CAN0_TXF0" priority="15" usedState="Not Use"/>
-        <Item currentVect="179" defaultVect="179" id="CAN0_RXM0" priority="15" usedState="Not Use"/>
-        <Item currentVect="180" defaultVect="180" id="CAN0_TXM0" priority="15" usedState="Not Use"/>
-        <Item currentVect="181" defaultVect="181" id="CAN1_RXF1" priority="15" usedState="Not Use"/>
-        <Item currentVect="182" defaultVect="182" id="CAN1_TXF1" priority="15" usedState="Not Use"/>
-        <Item currentVect="183" defaultVect="183" id="CAN1_RXM1" priority="15" usedState="Not Use"/>
-        <Item currentVect="184" defaultVect="184" id="CAN1_TXM1" priority="15" usedState="Not Use"/>
-        <Item currentVect="185" defaultVect="185" id="USB0_USBI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="186" defaultVect="186" id="S12AD_S12ADI" priority="15" usedState="Not Use"/>
-        <Item currentVect="187" defaultVect="187" id="S12AD_S12GBADI" priority="15" usedState="Not Use"/>
-        <Item currentVect="188" defaultVect="188" id="S12AD_S12GCADI" priority="15" usedState="Not Use"/>
-        <Item currentVect="189" defaultVect="189" id="S12AD1_S12ADI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="190" defaultVect="190" id="S12AD1_S12GBADI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="191" defaultVect="191" id="S12AD1_S12GCADI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="192" defaultVect="192" id="RNG_RNGEND" priority="15" usedState="Not Use"/>
-        <Item currentVect="193" defaultVect="193" id="ELC_ELSR18I" priority="15" usedState="Not Use"/>
-        <Item currentVect="194" defaultVect="194" id="ELC_ELSR19I" priority="15" usedState="Not Use"/>
-        <Item currentVect="195" defaultVect="195" id="TSIP_PROC_BUSY" priority="15" usedState="Not Use"/>
-        <Item currentVect="196" defaultVect="196" id="TSIP_ROMOK" priority="15" usedState="Not Use"/>
-        <Item currentVect="197" defaultVect="197" id="TSIP_LONG_PLG" priority="15" usedState="Not Use"/>
-        <Item currentVect="198" defaultVect="198" id="TSIP_TEST_BUSY" priority="15" usedState="Not Use"/>
-        <Item currentVect="199" defaultVect="199" id="TSIP_WRRDY0" priority="15" usedState="Not Use"/>
-        <Item currentVect="200" defaultVect="200" id="TSIP_WRRDY1" priority="15" usedState="Not Use"/>
-        <Item currentVect="201" defaultVect="201" id="TSIP_WRRDY4" priority="15" usedState="Not Use"/>
-        <Item currentVect="202" defaultVect="202" id="TSIP_RDRDY0" priority="15" usedState="Not Use"/>
-        <Item currentVect="203" defaultVect="203" id="TSIP_RDRDY1" priority="15" usedState="Not Use"/>
-        <Item currentVect="204" defaultVect="204" id="TSIP_INTEGRATE_WRRDY" priority="15" usedState="Not Use"/>
-        <Item currentVect="205" defaultVect="205" id="TSIP_INTEGRATE_RDRDY" priority="15" usedState="Not Use"/>
-        <Item currentVect="206" id="PERIB_INTB206" priority="15" usedState="Not Use"/>
-        <Item currentVect="207" id="PERIB_INTB207" priority="15" usedState="Not Use"/>
-        <Item currentVect="208" defaultVect="208" id="MTU1_TGIA1" priority="15" usedState="Not Use"/>
-        <Item currentVect="209" defaultVect="209" id="MTU0_TGIA0" priority="15" usedState="Not Use"/>
-        <Item currentVect="210" defaultVect="210" id="MTU0_TGIB0" priority="15" usedState="Not Use"/>
-        <Item currentVect="211" defaultVect="211" id="MTU0_TGIC0" priority="15" usedState="Not Use"/>
-        <Item currentVect="212" defaultVect="212" id="MTU0_TGID0" priority="15" usedState="Not Use"/>
-        <Item currentVect="213" defaultVect="213" id="MTU0_TCIV0" priority="15" usedState="Not Use"/>
-        <Item currentVect="214" defaultVect="214" id="MTU0_TGIE0" priority="15" usedState="Not Use"/>
-        <Item currentVect="215" defaultVect="215" id="MTU0_TGIF0" priority="15" usedState="Not Use"/>
-        <Item currentVect="216" defaultVect="216" id="MTU1_TGIB1" priority="15" usedState="Not Use"/>
-        <Item currentVect="217" defaultVect="217" id="MTU1_TCIV1" priority="15" usedState="Not Use"/>
-        <Item currentVect="218" defaultVect="218" id="MTU1_TCIU1" priority="15" usedState="Not Use"/>
-        <Item currentVect="219" defaultVect="219" id="MTU2_TGIA2" priority="15" usedState="Not Use"/>
-        <Item currentVect="220" defaultVect="220" id="MTU2_TGIB2" priority="15" usedState="Not Use"/>
-        <Item currentVect="221" defaultVect="221" id="MTU2_TCIV2" priority="15" usedState="Not Use"/>
-        <Item currentVect="222" defaultVect="222" id="MTU2_TCIU2" priority="15" usedState="Not Use"/>
-        <Item currentVect="223" defaultVect="223" id="MTU3_TGIA3" priority="15" usedState="Not Use"/>
-        <Item currentVect="224" defaultVect="224" id="MTU3_TGIB3" priority="15" usedState="Not Use"/>
-        <Item currentVect="225" defaultVect="225" id="MTU3_TGIC3" priority="15" usedState="Not Use"/>
-        <Item currentVect="226" defaultVect="226" id="MTU3_TGID3" priority="15" usedState="Not Use"/>
-        <Item currentVect="227" defaultVect="227" id="MTU3_TCIV3" priority="15" usedState="Not Use"/>
-        <Item currentVect="228" defaultVect="228" id="MTU4_TGIA4" priority="15" usedState="Not Use"/>
-        <Item currentVect="229" defaultVect="229" id="MTU4_TGIB4" priority="15" usedState="Not Use"/>
-        <Item currentVect="230" defaultVect="230" id="MTU4_TGIC4" priority="15" usedState="Not Use"/>
-        <Item currentVect="231" defaultVect="231" id="MTU4_TGID4" priority="15" usedState="Not Use"/>
-        <Item currentVect="232" defaultVect="232" id="MTU4_TCIV4" priority="15" usedState="Not Use"/>
-        <Item currentVect="233" defaultVect="233" id="MTU5_TGIU5" priority="15" usedState="Not Use"/>
-        <Item currentVect="234" defaultVect="234" id="MTU5_TGIV5" priority="15" usedState="Not Use"/>
-        <Item currentVect="235" defaultVect="235" id="MTU5_TGIW5" priority="15" usedState="Not Use"/>
-        <Item currentVect="236" defaultVect="236" id="MTU6_TGIA6" priority="15" usedState="Not Use"/>
-        <Item currentVect="237" defaultVect="237" id="MTU6_TGIB6" priority="15" usedState="Not Use"/>
-        <Item currentVect="238" defaultVect="238" id="MTU6_TGIC6" priority="15" usedState="Not Use"/>
-        <Item currentVect="239" defaultVect="239" id="MTU6_TGID6" priority="15" usedState="Not Use"/>
-        <Item currentVect="240" defaultVect="240" id="MTU6_TCIV6" priority="15" usedState="Not Use"/>
-        <Item currentVect="241" defaultVect="241" id="MTU7_TGIA7" priority="15" usedState="Not Use"/>
-        <Item currentVect="242" defaultVect="242" id="MTU7_TGIB7" priority="15" usedState="Not Use"/>
-        <Item currentVect="243" defaultVect="243" id="MTU7_TGIC7" priority="15" usedState="Not Use"/>
-        <Item currentVect="244" defaultVect="244" id="MTU7_TGID7" priority="15" usedState="Not Use"/>
-        <Item currentVect="245" defaultVect="245" id="MTU7_TCIV7" priority="15" usedState="Not Use"/>
-        <Item currentVect="246" defaultVect="246" id="MTU8_TGIA8" priority="15" usedState="Not Use"/>
-        <Item currentVect="247" defaultVect="247" id="MTU8_TGIB8" priority="15" usedState="Not Use"/>
-        <Item currentVect="248" defaultVect="248" id="MTU8_TGIC8" priority="15" usedState="Not Use"/>
-        <Item currentVect="249" defaultVect="249" id="MTU8_TGID8" priority="15" usedState="Not Use"/>
-        <Item currentVect="250" defaultVect="250" id="MTU8_TCIV8" priority="15" usedState="Not Use"/>
-        <Item currentVect="251" defaultVect="251" id="AES_AESRDY" priority="15" usedState="Not Use"/>
-        <Item currentVect="252" defaultVect="252" id="AES_AESEND" priority="15" usedState="Not Use"/>
-        <Item currentVect="253" id="PERIA_INTA253" priority="15" usedState="Not Use"/>
-        <Item currentVect="254" id="PERIA_INTA254" priority="15" usedState="Not Use"/>
-        <Item currentVect="255" id="PERIA_INTA255" priority="15" usedState="Not Use"/>
+        <Item currentVect="16" id="BSC_BUSERR" priority="15" usedState="未使用"/>
+        <Item currentVect="18" id="RAM_RAMERR" priority="15" usedState="未使用"/>
+        <Item currentVect="21" id="FCU_FIFERR" priority="15" usedState="未使用"/>
+        <Item currentVect="23" id="FCU_FRDYI" priority="15" usedState="未使用"/>
+        <Item currentVect="26" id="ICU_SWINT2" priority="1" usedState="使用中"/>
+        <Item currentVect="27" id="ICU_SWINT" priority="1" usedState="使用中"/>
+        <Item currentVect="28" id="CMT0_CMI0" priority="5" usedState="使用中"/>
+        <Item currentVect="29" id="CMT1_CMI1" priority="5" usedState="使用中"/>
+        <Item currentVect="30" id="CMTW0_CMWI0" priority="15" usedState="未使用"/>
+        <Item currentVect="31" id="CMTW1_CMWI1" priority="15" usedState="未使用"/>
+        <Item currentVect="34" id="USB0_D0FIFO0" priority="15" usedState="未使用"/>
+        <Item currentVect="35" id="USB0_D1FIFO0" priority="15" usedState="未使用"/>
+        <Item currentVect="38" id="RSPI0_SPRI0" priority="15" usedState="未使用"/>
+        <Item currentVect="39" id="RSPI0_SPTI0" priority="15" usedState="未使用"/>
+        <Item currentVect="40" id="RSPI1_SPRI1" priority="15" usedState="未使用"/>
+        <Item currentVect="41" id="RSPI1_SPTI1" priority="15" usedState="未使用"/>
+        <Item currentVect="42" id="QSPI_SPRI" priority="15" usedState="未使用"/>
+        <Item currentVect="43" id="QSPI_SPTI" priority="15" usedState="未使用"/>
+        <Item currentVect="44" id="SDHI_SBFAI" priority="15" usedState="未使用"/>
+        <Item currentVect="45" id="MMCIF_MBFAI" priority="15" usedState="未使用"/>
+        <Item currentVect="50" id="RIIC1_RXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="51" id="RIIC1_TXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="52" id="RIIC0_RXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="53" id="RIIC0_TXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="54" id="RIIC2_RXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="55" id="RIIC2_TXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="58" id="SCI0_RXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="59" id="SCI0_TXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="60" id="SCI1_RXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="61" id="SCI1_TXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="62" id="SCI2_RXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="63" id="SCI2_TXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="64" id="ICU_IRQ0" priority="15" usedState="未使用"/>
+        <Item currentVect="65" id="ICU_IRQ1" priority="15" usedState="未使用"/>
+        <Item currentVect="66" id="ICU_IRQ2" priority="15" usedState="未使用"/>
+        <Item currentVect="67" id="ICU_IRQ3" priority="15" usedState="未使用"/>
+        <Item currentVect="68" id="ICU_IRQ4" priority="15" usedState="未使用"/>
+        <Item currentVect="69" id="ICU_IRQ5" priority="15" usedState="未使用"/>
+        <Item currentVect="70" id="ICU_IRQ6" priority="15" usedState="未使用"/>
+        <Item currentVect="71" id="ICU_IRQ7" priority="15" usedState="未使用"/>
+        <Item currentVect="72" id="ICU_IRQ8" priority="15" usedState="未使用"/>
+        <Item currentVect="73" id="ICU_IRQ9" priority="15" usedState="未使用"/>
+        <Item currentVect="74" id="ICU_IRQ10" priority="15" usedState="未使用"/>
+        <Item currentVect="75" id="ICU_IRQ11" priority="15" usedState="未使用"/>
+        <Item currentVect="76" id="ICU_IRQ12" priority="15" usedState="未使用"/>
+        <Item currentVect="77" id="ICU_IRQ13" priority="15" usedState="未使用"/>
+        <Item currentVect="78" id="ICU_IRQ14" priority="15" usedState="未使用"/>
+        <Item currentVect="79" id="ICU_IRQ15" priority="15" usedState="未使用"/>
+        <Item currentVect="80" id="SCI3_RXI3" priority="15" usedState="未使用"/>
+        <Item currentVect="81" id="SCI3_TXI3" priority="15" usedState="未使用"/>
+        <Item currentVect="82" id="SCI4_RXI4" priority="15" usedState="未使用"/>
+        <Item currentVect="83" id="SCI4_TXI4" priority="15" usedState="未使用"/>
+        <Item currentVect="84" id="SCI5_RXI5" priority="15" usedState="未使用"/>
+        <Item currentVect="85" id="SCI5_TXI5" priority="15" usedState="未使用"/>
+        <Item currentVect="86" id="SCI6_RXI6" priority="15" usedState="未使用"/>
+        <Item currentVect="87" id="SCI6_TXI6" priority="15" usedState="未使用"/>
+        <Item currentVect="88" id="LVD1_LVD1" priority="15" usedState="未使用"/>
+        <Item currentVect="89" id="LVD2_LVD2" priority="15" usedState="未使用"/>
+        <Item currentVect="90" id="USB0_USBR0" priority="15" usedState="未使用"/>
+        <Item currentVect="92" id="RTC_ALM" priority="15" usedState="未使用"/>
+        <Item currentVect="93" id="RTC_PRD" priority="15" usedState="未使用"/>
+        <Item currentVect="95" id="IWDT_IWUNI" priority="15" usedState="未使用"/>
+        <Item currentVect="96" id="WDT_WUNI" priority="15" usedState="未使用"/>
+        <Item currentVect="97" id="PDC_PCDFI" priority="15" usedState="未使用"/>
+        <Item currentVect="98" id="SCI7_RXI7" priority="15" usedState="未使用"/>
+        <Item currentVect="99" id="SCI7_TXI7" priority="15" usedState="未使用"/>
+        <Item currentVect="100" id="SCI8_RXI8" priority="15" usedState="未使用"/>
+        <Item currentVect="101" id="SCI8_TXI8" priority="15" usedState="未使用"/>
+        <Item currentVect="102" id="SCI9_RXI9" priority="15" usedState="未使用"/>
+        <Item currentVect="103" id="SCI9_TXI9" priority="15" usedState="未使用"/>
+        <Item currentVect="104" id="SCI10_RXI10" priority="15" usedState="未使用"/>
+        <Item currentVect="105" id="SCI10_TXI10" priority="15" usedState="未使用"/>
+        <Item currentVect="106" groupchild="&lt;br&gt;0-ERS0&lt;br&gt;1-ERS1" id="BE0" priority="15" usedState="未使用"/>
+        <Item currentVect="107" groupchild="&lt;br&gt;0-SDIOI" id="BL2" priority="15" usedState="未使用"/>
+        <Item currentVect="108" id="RSPI2_SPRI2" priority="15" usedState="未使用"/>
+        <Item currentVect="109" id="RSPI2_SPTI2" priority="15" usedState="未使用"/>
+        <Item currentVect="110" groupchild="&lt;br&gt;0-TEI0&lt;br&gt;1-ERI0&lt;br&gt;2-TEI1&lt;br&gt;3-ERI1&lt;br&gt;4-TEI2&lt;br&gt;5-ERI2&lt;br&gt;6-TEI3&lt;br&gt;7-ERI3&lt;br&gt;8-TEI4&lt;br&gt;9-ERI4&lt;br&gt;10-TEI5&lt;br&gt;11-ERI5&lt;br&gt;12-TEI6&lt;br&gt;13-ERI6&lt;br&gt;14-TEI7&lt;br&gt;15-ERI7&lt;br&gt;16-TEI12&lt;br&gt;17-ERI12&lt;br&gt;18-SCIX0&lt;br&gt;19-SCIX1&lt;br&gt;20-SCIX2&lt;br&gt;21-SCIX3&lt;br&gt;24-QSPSSLI&lt;br&gt;26-FERRI&lt;br&gt;27-MENDI&lt;br&gt;28-OVFI&lt;br&gt;29-DOPCI&lt;br&gt;30-PCFEI&lt;br&gt;31-PCERI" id="BL0" priority="15" usedState="未使用"/>
+        <Item currentVect="111" groupchild="&lt;br&gt;3-CDETI&lt;br&gt;4-CACI&lt;br&gt;5-SDACI&lt;br&gt;6-CDETIO&lt;br&gt;7-ERRIO&lt;br&gt;8-ACCIO&lt;br&gt;9-OEI1&lt;br&gt;10-OEI2&lt;br&gt;11-OEI3&lt;br&gt;12-OEI4&lt;br&gt;13-TEI0&lt;br&gt;14-EEI0&lt;br&gt;15-TEI2&lt;br&gt;16-EEI2&lt;br&gt;20-S12CMPAI&lt;br&gt;21-S12CMPBI&lt;br&gt;22-S12CMPAI1&lt;br&gt;23-S12CMPBI1&lt;br&gt;24-TEI8&lt;br&gt;25-ERI8&lt;br&gt;26-TEI9&lt;br&gt;27-ERI9&lt;br&gt;28-TEI1&lt;br&gt;29-EEI1" id="BL1" priority="15" usedState="未使用"/>
+        <Item currentVect="112" groupchild="&lt;br&gt;8-TEI10&lt;br&gt;9-ERI10&lt;br&gt;12-TEI11&lt;br&gt;13-ERI11&lt;br&gt;16-SPII0&lt;br&gt;17-SPEI0&lt;br&gt;18-SPII1&lt;br&gt;19-SPEI1&lt;br&gt;20-SPII2&lt;br&gt;21-SPEI2" id="AL0" priority="15" usedState="未使用"/>
+        <Item currentVect="113" groupchild="&lt;br&gt;4-EINT0&lt;br&gt;8-VPOS&lt;br&gt;9-GR1UF&lt;br&gt;10-GR2UF&lt;br&gt;11-DRW_IRQ" id="AL1" priority="2" usedState="使用中"/>
+        <Item currentVect="114" id="SCI11_RXI11" priority="15" usedState="未使用"/>
+        <Item currentVect="115" id="SCI11_TXI11" priority="15" usedState="未使用"/>
+        <Item currentVect="116" id="SCI12_RXI12" priority="15" usedState="未使用"/>
+        <Item currentVect="117" id="SCI12_TXI12" priority="15" usedState="未使用"/>
+        <Item currentVect="120" id="DMAC_DMAC0I" priority="15" usedState="未使用"/>
+        <Item currentVect="121" id="DMAC_DMAC1I" priority="15" usedState="未使用"/>
+        <Item currentVect="122" id="DMAC_DMAC2I" priority="15" usedState="未使用"/>
+        <Item currentVect="123" id="DMAC_DMAC3I" priority="15" usedState="未使用"/>
+        <Item currentVect="124" id="DMAC_DMAC74I" priority="15" usedState="未使用"/>
+        <Item currentVect="125" id="OST_OSTDI" priority="15" usedState="未使用"/>
+        <Item currentVect="126" id="EXDMAC_EXDMAC0I" priority="15" usedState="未使用"/>
+        <Item currentVect="127" id="EXDMAC_EXDMAC1I" priority="15" usedState="未使用"/>
+        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="5" usedState="使用中"/>
+        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="5" usedState="使用中"/>
+        <Item currentVect="130" defaultVect="130" id="TPU0_TGI0A" priority="15" usedState="未使用"/>
+        <Item currentVect="131" defaultVect="131" id="TPU0_TGI0B" priority="15" usedState="未使用"/>
+        <Item currentVect="132" defaultVect="132" id="TPU0_TGI0C" priority="15" usedState="未使用"/>
+        <Item currentVect="133" defaultVect="133" id="TPU0_TGI0D" priority="15" usedState="未使用"/>
+        <Item currentVect="134" defaultVect="134" id="TPU0_TCI0V" priority="15" usedState="未使用"/>
+        <Item currentVect="135" defaultVect="135" id="TPU1_TGI1B" priority="15" usedState="未使用"/>
+        <Item currentVect="136" defaultVect="136" id="TPU1_TCI1V" priority="15" usedState="未使用"/>
+        <Item currentVect="137" defaultVect="137" id="TPU1_TCI1U" priority="15" usedState="未使用"/>
+        <Item currentVect="138" defaultVect="138" id="TPU2_TGI2A" priority="15" usedState="未使用"/>
+        <Item currentVect="139" defaultVect="139" id="TPU2_TGI2B" priority="15" usedState="未使用"/>
+        <Item currentVect="140" defaultVect="140" id="TPU2_TCI2V" priority="15" usedState="未使用"/>
+        <Item currentVect="141" defaultVect="141" id="TPU2_TCI2U" priority="15" usedState="未使用"/>
+        <Item currentVect="142" defaultVect="142" id="TPU3_TGI3A" priority="15" usedState="未使用"/>
+        <Item currentVect="143" defaultVect="143" id="TPU3_TGI3B" priority="15" usedState="未使用"/>
+        <Item currentVect="144" defaultVect="144" id="TPU1_TGI1A" priority="15" usedState="未使用"/>
+        <Item currentVect="145" defaultVect="145" id="TPU3_TGI3C" priority="15" usedState="未使用"/>
+        <Item currentVect="146" defaultVect="146" id="TMR0_CMIA0" priority="15" usedState="未使用"/>
+        <Item currentVect="147" defaultVect="147" id="TMR0_CMIB0" priority="15" usedState="未使用"/>
+        <Item currentVect="148" defaultVect="148" id="TMR0_OVI0" priority="15" usedState="未使用"/>
+        <Item currentVect="149" defaultVect="149" id="TMR1_CMIA1" priority="15" usedState="未使用"/>
+        <Item currentVect="150" defaultVect="150" id="TMR1_CMIB1" priority="15" usedState="未使用"/>
+        <Item currentVect="151" defaultVect="151" id="TMR1_OVI1" priority="15" usedState="未使用"/>
+        <Item currentVect="152" defaultVect="152" id="TMR2_CMIA2" priority="15" usedState="未使用"/>
+        <Item currentVect="153" defaultVect="153" id="TMR2_CMIB2" priority="15" usedState="未使用"/>
+        <Item currentVect="154" defaultVect="154" id="TMR2_OVI2" priority="15" usedState="未使用"/>
+        <Item currentVect="155" defaultVect="155" id="TMR3_CMIA3" priority="15" usedState="未使用"/>
+        <Item currentVect="156" defaultVect="156" id="TMR3_CMIB3" priority="15" usedState="未使用"/>
+        <Item currentVect="157" defaultVect="157" id="TMR3_OVI3" priority="15" usedState="未使用"/>
+        <Item currentVect="158" defaultVect="158" id="TPU3_TGI3D" priority="15" usedState="未使用"/>
+        <Item currentVect="159" defaultVect="159" id="TPU3_TCI3V" priority="15" usedState="未使用"/>
+        <Item currentVect="160" defaultVect="160" id="TPU4_TGI4A" priority="15" usedState="未使用"/>
+        <Item currentVect="161" defaultVect="161" id="TPU4_TGI4B" priority="15" usedState="未使用"/>
+        <Item currentVect="162" defaultVect="162" id="TPU4_TCI4V" priority="15" usedState="未使用"/>
+        <Item currentVect="163" defaultVect="163" id="TPU4_TCI4U" priority="15" usedState="未使用"/>
+        <Item currentVect="164" defaultVect="164" id="TPU5_TGI5A" priority="15" usedState="未使用"/>
+        <Item currentVect="165" defaultVect="165" id="TPU5_TGI5B" priority="15" usedState="未使用"/>
+        <Item currentVect="166" defaultVect="166" id="TPU5_TCI5V" priority="15" usedState="未使用"/>
+        <Item currentVect="167" defaultVect="167" id="TPU5_TCI5U" priority="15" usedState="未使用"/>
+        <Item currentVect="168" defaultVect="168" id="CMTW0_IC0I0" priority="15" usedState="未使用"/>
+        <Item currentVect="169" defaultVect="169" id="CMTW0_IC1I0" priority="15" usedState="未使用"/>
+        <Item currentVect="170" defaultVect="170" id="CMTW0_OC0I0" priority="15" usedState="未使用"/>
+        <Item currentVect="171" defaultVect="171" id="CMTW0_OC1I0" priority="15" usedState="未使用"/>
+        <Item currentVect="172" defaultVect="172" id="CMTW1_IC0I1" priority="15" usedState="未使用"/>
+        <Item currentVect="173" defaultVect="173" id="CMTW1_IC1I1" priority="15" usedState="未使用"/>
+        <Item currentVect="174" defaultVect="174" id="CMTW1_OC0I1" priority="15" usedState="未使用"/>
+        <Item currentVect="175" defaultVect="175" id="CMTW1_OC1I1" priority="15" usedState="未使用"/>
+        <Item currentVect="176" defaultVect="176" id="RTC_CUP" priority="15" usedState="未使用"/>
+        <Item currentVect="177" defaultVect="177" id="CAN0_RXF0" priority="15" usedState="未使用"/>
+        <Item currentVect="178" defaultVect="178" id="CAN0_TXF0" priority="15" usedState="未使用"/>
+        <Item currentVect="179" defaultVect="179" id="CAN0_RXM0" priority="15" usedState="未使用"/>
+        <Item currentVect="180" defaultVect="180" id="CAN0_TXM0" priority="15" usedState="未使用"/>
+        <Item currentVect="181" defaultVect="181" id="CAN1_RXF1" priority="15" usedState="未使用"/>
+        <Item currentVect="182" defaultVect="182" id="CAN1_TXF1" priority="15" usedState="未使用"/>
+        <Item currentVect="183" defaultVect="183" id="CAN1_RXM1" priority="15" usedState="未使用"/>
+        <Item currentVect="184" defaultVect="184" id="CAN1_TXM1" priority="15" usedState="未使用"/>
+        <Item currentVect="185" defaultVect="185" id="USB0_USBI0" priority="15" usedState="未使用"/>
+        <Item currentVect="186" defaultVect="186" id="S12AD_S12ADI" priority="15" usedState="未使用"/>
+        <Item currentVect="187" defaultVect="187" id="S12AD_S12GBADI" priority="15" usedState="未使用"/>
+        <Item currentVect="188" defaultVect="188" id="S12AD_S12GCADI" priority="15" usedState="未使用"/>
+        <Item currentVect="189" defaultVect="189" id="S12AD1_S12ADI1" priority="15" usedState="未使用"/>
+        <Item currentVect="190" defaultVect="190" id="S12AD1_S12GBADI1" priority="15" usedState="未使用"/>
+        <Item currentVect="191" defaultVect="191" id="S12AD1_S12GCADI1" priority="15" usedState="未使用"/>
+        <Item currentVect="192" defaultVect="192" id="RNG_RNGEND" priority="15" usedState="未使用"/>
+        <Item currentVect="193" defaultVect="193" id="ELC_ELSR18I" priority="15" usedState="未使用"/>
+        <Item currentVect="194" defaultVect="194" id="ELC_ELSR19I" priority="15" usedState="未使用"/>
+        <Item currentVect="195" defaultVect="195" id="TSIP_PROC_BUSY" priority="15" usedState="未使用"/>
+        <Item currentVect="196" defaultVect="196" id="TSIP_ROMOK" priority="15" usedState="未使用"/>
+        <Item currentVect="197" defaultVect="197" id="TSIP_LONG_PLG" priority="15" usedState="未使用"/>
+        <Item currentVect="198" defaultVect="198" id="TSIP_TEST_BUSY" priority="15" usedState="未使用"/>
+        <Item currentVect="199" defaultVect="199" id="TSIP_WRRDY0" priority="15" usedState="未使用"/>
+        <Item currentVect="200" defaultVect="200" id="TSIP_WRRDY1" priority="15" usedState="未使用"/>
+        <Item currentVect="201" defaultVect="201" id="TSIP_WRRDY4" priority="15" usedState="未使用"/>
+        <Item currentVect="202" defaultVect="202" id="TSIP_RDRDY0" priority="15" usedState="未使用"/>
+        <Item currentVect="203" defaultVect="203" id="TSIP_RDRDY1" priority="15" usedState="未使用"/>
+        <Item currentVect="204" defaultVect="204" id="TSIP_INTEGRATE_WRRDY" priority="15" usedState="未使用"/>
+        <Item currentVect="205" defaultVect="205" id="TSIP_INTEGRATE_RDRDY" priority="15" usedState="未使用"/>
+        <Item currentVect="206" id="PERIB_INTB206" priority="15" usedState="未使用"/>
+        <Item currentVect="207" id="PERIB_INTB207" priority="15" usedState="未使用"/>
+        <Item currentVect="208" defaultVect="208" id="MTU1_TGIA1" priority="15" usedState="未使用"/>
+        <Item currentVect="209" defaultVect="209" id="MTU0_TGIA0" priority="15" usedState="未使用"/>
+        <Item currentVect="210" defaultVect="210" id="MTU0_TGIB0" priority="15" usedState="未使用"/>
+        <Item currentVect="211" defaultVect="211" id="MTU0_TGIC0" priority="15" usedState="未使用"/>
+        <Item currentVect="212" defaultVect="212" id="MTU0_TGID0" priority="15" usedState="未使用"/>
+        <Item currentVect="213" defaultVect="213" id="MTU0_TCIV0" priority="15" usedState="未使用"/>
+        <Item currentVect="214" defaultVect="214" id="MTU0_TGIE0" priority="15" usedState="未使用"/>
+        <Item currentVect="215" defaultVect="215" id="MTU0_TGIF0" priority="15" usedState="未使用"/>
+        <Item currentVect="216" defaultVect="216" id="MTU1_TGIB1" priority="15" usedState="未使用"/>
+        <Item currentVect="217" defaultVect="217" id="MTU1_TCIV1" priority="15" usedState="未使用"/>
+        <Item currentVect="218" defaultVect="218" id="MTU1_TCIU1" priority="15" usedState="未使用"/>
+        <Item currentVect="219" defaultVect="219" id="MTU2_TGIA2" priority="15" usedState="未使用"/>
+        <Item currentVect="220" defaultVect="220" id="MTU2_TGIB2" priority="15" usedState="未使用"/>
+        <Item currentVect="221" defaultVect="221" id="MTU2_TCIV2" priority="15" usedState="未使用"/>
+        <Item currentVect="222" defaultVect="222" id="MTU2_TCIU2" priority="15" usedState="未使用"/>
+        <Item currentVect="223" defaultVect="223" id="MTU3_TGIA3" priority="15" usedState="未使用"/>
+        <Item currentVect="224" defaultVect="224" id="MTU3_TGIB3" priority="15" usedState="未使用"/>
+        <Item currentVect="225" defaultVect="225" id="MTU3_TGIC3" priority="15" usedState="未使用"/>
+        <Item currentVect="226" defaultVect="226" id="MTU3_TGID3" priority="15" usedState="未使用"/>
+        <Item currentVect="227" defaultVect="227" id="MTU3_TCIV3" priority="15" usedState="未使用"/>
+        <Item currentVect="228" defaultVect="228" id="MTU4_TGIA4" priority="15" usedState="未使用"/>
+        <Item currentVect="229" defaultVect="229" id="MTU4_TGIB4" priority="15" usedState="未使用"/>
+        <Item currentVect="230" defaultVect="230" id="MTU4_TGIC4" priority="15" usedState="未使用"/>
+        <Item currentVect="231" defaultVect="231" id="MTU4_TGID4" priority="15" usedState="未使用"/>
+        <Item currentVect="232" defaultVect="232" id="MTU4_TCIV4" priority="15" usedState="未使用"/>
+        <Item currentVect="233" defaultVect="233" id="MTU5_TGIU5" priority="15" usedState="未使用"/>
+        <Item currentVect="234" defaultVect="234" id="MTU5_TGIV5" priority="15" usedState="未使用"/>
+        <Item currentVect="235" defaultVect="235" id="MTU5_TGIW5" priority="15" usedState="未使用"/>
+        <Item currentVect="236" defaultVect="236" id="MTU6_TGIA6" priority="15" usedState="未使用"/>
+        <Item currentVect="237" defaultVect="237" id="MTU6_TGIB6" priority="15" usedState="未使用"/>
+        <Item currentVect="238" defaultVect="238" id="MTU6_TGIC6" priority="15" usedState="未使用"/>
+        <Item currentVect="239" defaultVect="239" id="MTU6_TGID6" priority="15" usedState="未使用"/>
+        <Item currentVect="240" defaultVect="240" id="MTU6_TCIV6" priority="15" usedState="未使用"/>
+        <Item currentVect="241" defaultVect="241" id="MTU7_TGIA7" priority="15" usedState="未使用"/>
+        <Item currentVect="242" defaultVect="242" id="MTU7_TGIB7" priority="15" usedState="未使用"/>
+        <Item currentVect="243" defaultVect="243" id="MTU7_TGIC7" priority="15" usedState="未使用"/>
+        <Item currentVect="244" defaultVect="244" id="MTU7_TGID7" priority="15" usedState="未使用"/>
+        <Item currentVect="245" defaultVect="245" id="MTU7_TCIV7" priority="15" usedState="未使用"/>
+        <Item currentVect="246" defaultVect="246" id="MTU8_TGIA8" priority="15" usedState="未使用"/>
+        <Item currentVect="247" defaultVect="247" id="MTU8_TGIB8" priority="15" usedState="未使用"/>
+        <Item currentVect="248" defaultVect="248" id="MTU8_TGIC8" priority="15" usedState="未使用"/>
+        <Item currentVect="249" defaultVect="249" id="MTU8_TGID8" priority="15" usedState="未使用"/>
+        <Item currentVect="250" defaultVect="250" id="MTU8_TCIV8" priority="15" usedState="未使用"/>
+        <Item currentVect="251" defaultVect="251" id="AES_AESRDY" priority="15" usedState="未使用"/>
+        <Item currentVect="252" defaultVect="252" id="AES_AESEND" priority="15" usedState="未使用"/>
+        <Item currentVect="253" id="PERIA_INTA253" priority="15" usedState="未使用"/>
+        <Item currentVect="254" id="PERIA_INTA254" priority="15" usedState="未使用"/>
+        <Item currentVect="255" id="PERIA_INTA255" priority="15" usedState="未使用"/>
     </tool>
     <tool id="Pins" version="1.0.1.0">
-        <pinItem allocation="11" comments="" direction="None" id="XTAL" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="59" comments="" direction="None" id="RMII0_RXD0" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="61" comments="" direction="None" id="RMII0_RXD1" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="54" comments="" direction="None" id="RMII0_TXD1" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="55" comments="" direction="None" id="RMII0_TXD0" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="58" comments="" direction="None" id="REF50CK0" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="66" comments="" direction="None" id="ET0_MDC" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="13" comments="" direction="None" id="EXTAL" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="65" comments="" direction="None" id="ET0_LINKSTA" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="57" comments="" direction="None" id="RMII0_RX_ER" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="56" comments="" direction="None" id="RMII0_TXD_EN" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="67" comments="" direction="None" id="ET0_MDIO" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="53" comments="" direction="None" id="RMII0_CRS_DV" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinnumItem comment="SW2 Reset Switch" id="10"/>
-        <pinnumItem comment="CN10 Serial Servo" id="16"/>
-        <pinnumItem comment="CN10 Serial Servo" id="17"/>
-        <pinnumItem comment="CN10 Serial Servo" id="18"/>
-        <pinnumItem comment="U5 WiFi Module" id="19"/>
-        <pinnumItem comment="N.C." id="4"/>
-        <pinnumItem comment="SW1 Operation Mode Switch" id="7"/>
-        <pinnumItem comment="CN4 PMOD" id="20"/>
-        <pinnumItem comment="U5 WiFi Module" id="21"/>
-        <pinnumItem comment="CN4 PMOD" id="22"/>
-        <pinnumItem comment="U5 WiFi Module" id="23"/>
-        <pinnumItem comment="U5 WiFi Module" id="24"/>
-        <pinnumItem comment="U5 WiFi Module" id="25"/>
-        <pinnumItem comment="CN7 Serial Servo" id="26"/>
-        <pinnumItem comment="CN7 Serial Servo" id="27"/>
-        <pinnumItem comment="CN7 Serial Servo" id="28"/>
-        <pinnumItem comment="U5 WiFi Module" id="29"/>
-        <pinnumItem comment="CN5 USB" id="30"/>
-        <pinnumItem comment="CN8 Serial Servo" id="32"/>
-        <pinnumItem comment="CN8 Serial Servo" id="33"/>
-        <pinnumItem comment="CN8 Serial Servo" id="34"/>
-        <pinnumItem comment="CN5 USB" id="36"/>
-        <pinnumItem comment="CN5 USB" id="37"/>
-        <pinnumItem comment="CN4 PMOD" id="42"/>
-        <pinnumItem comment="CN4 PMOD" id="44"/>
-        <pinnumItem comment="CN11 Serial Servo I/F" id="45"/>
-        <pinnumItem comment="CN11 Serial Servo I/F" id="46"/>
-        <pinnumItem comment="CN11 Serial Servo I/F" id="47"/>
-        <pinnumItem comment="CN9 Serial Servo" id="48"/>
-        <pinnumItem comment="CN9 Serial Servo" id="49"/>
-        <pinnumItem comment="CN9 Serial Servo" id="50"/>
-        <pinnumItem comment="CN6 Ether" id="53"/>
-        <pinnumItem comment="CN6 Ether" id="54"/>
-        <pinnumItem comment="CN6 Ether" id="55"/>
-        <pinnumItem comment="CN6 Ether" id="56"/>
-        <pinnumItem comment="CN6 Ether" id="57"/>
-        <pinnumItem comment="CN6 Ether" id="58"/>
-        <pinnumItem comment="CN6 Ether" id="59"/>
-        <pinnumItem comment="CN6 Ether" id="61"/>
-        <pinnumItem comment="CN6 Ether" id="64"/>
-        <pinnumItem comment="CN6 Ether" id="65"/>
-        <pinnumItem comment="CN6 Ether" id="66"/>
-        <pinnumItem comment="CN6 Ether" id="67"/>
-        <pinnumItem comment="LED2" id="69"/>
-        <pinnumItem comment="LED1" id="70"/>
-        <pinnumItem comment="CN4 PMOD" id="71"/>
-        <pinnumItem comment="CN4 PMOD" id="72"/>
-        <pinnumItem comment="CN4 PMOD" id="73"/>
-        <pinnumItem comment="CN4 PMOD" id="74"/>
-        <pinnumItem comment="CN12C ADC" id="79"/>
-        <pinnumItem comment="CN13 DAC" id="100"/>
-        <pinnumItem comment="CN12C ADC" id="80"/>
-        <pinnumItem comment="CN12C ADC" id="81"/>
-        <pinnumItem comment="CN12C ADC" id="82"/>
-        <pinnumItem comment="CN12C ADC" id="83"/>
-        <pinnumItem comment="CN12C ADC" id="84"/>
+        <pinItem allocation="11" comments="" direction="None" id="XTAL" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="59" comments="" direction="None" id="RMII0_RXD0" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="61" comments="" direction="None" id="RMII0_RXD1" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="54" comments="" direction="None" id="RMII0_TXD1" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="55" comments="" direction="None" id="RMII0_TXD0" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="58" comments="" direction="None" id="REF50CK0" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="66" comments="" direction="None" id="ET0_MDC" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="13" comments="" direction="None" id="EXTAL" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="65" comments="" direction="None" id="ET0_LINKSTA" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="57" comments="" direction="None" id="RMII0_RX_ER" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="56" comments="" direction="None" id="RMII0_TXD_EN" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="67" comments="" direction="None" id="ET0_MDIO" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="53" comments="" direction="None" id="RMII0_CRS_DV" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinnumItem comment="CN4 PMOD" id="44" symbolicname=""/>
+        <pinnumItem comment="CN11 Serial Servo I/F" id="45" symbolicname=""/>
+        <pinnumItem comment="CN11 Serial Servo I/F" id="46" symbolicname=""/>
+        <pinnumItem comment="CN11 Serial Servo I/F" id="47" symbolicname=""/>
+        <pinnumItem comment="CN9 Serial Servo" id="48" symbolicname=""/>
+        <pinnumItem comment="CN9 Serial Servo" id="49" symbolicname=""/>
+        <pinnumItem comment="CN9 Serial Servo" id="50" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="53" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="54" symbolicname=""/>
+        <pinnumItem comment="SW2 Reset Switch" id="10" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="55" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="56" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="57" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="58" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="59" symbolicname=""/>
+        <pinnumItem comment="CN10 Serial Servo" id="16" symbolicname=""/>
+        <pinnumItem comment="CN10 Serial Servo" id="17" symbolicname=""/>
+        <pinnumItem comment="CN10 Serial Servo" id="18" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="19" symbolicname=""/>
+        <pinnumItem comment="N.C." id="4" symbolicname=""/>
+        <pinnumItem comment="SW1 Operation Mode Switch" id="7" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="61" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="20" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="64" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="65" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="21" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="66" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="22" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="67" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="23" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="24" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="25" symbolicname=""/>
+        <pinnumItem comment="LED2" id="69" symbolicname=""/>
+        <pinnumItem comment="CN7 Serial Servo" id="26" symbolicname=""/>
+        <pinnumItem comment="CN7 Serial Servo" id="27" symbolicname=""/>
+        <pinnumItem comment="CN7 Serial Servo" id="28" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="29" symbolicname=""/>
+        <pinnumItem comment="LED1" id="70" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="71" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="72" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="73" symbolicname=""/>
+        <pinnumItem comment="CN5 USB" id="30" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="74" symbolicname=""/>
+        <pinnumItem comment="CN8 Serial Servo" id="32" symbolicname=""/>
+        <pinnumItem comment="CN8 Serial Servo" id="33" symbolicname=""/>
+        <pinnumItem comment="CN8 Serial Servo" id="34" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="79" symbolicname=""/>
+        <pinnumItem comment="CN5 USB" id="36" symbolicname=""/>
+        <pinnumItem comment="CN5 USB" id="37" symbolicname=""/>
+        <pinnumItem comment="CN13 DAC" id="100" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="80" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="81" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="82" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="83" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="84" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="42" symbolicname=""/>
     </tool>
     <tool id="Summary" version="1.0.0.0">
         <option id="com.renesas.smc.code.path" value="src\smc_gen"/>
         <option id="com.renesas.smc.code.type" value="Normal Folder"/>
     </tool>
     <tool id="SWComponent" version="1.0.0.0">
-        <configuration id="60957c51-a5e9-46fc-b2c8-a6141e24332c" inuse="true" name="Config_TMR0">
+        <configuration apiMode="FULL_API" id="60957c51-a5e9-46fc-b2c8-a6141e24332c" inuse="true" name="Config_TMR0">
             <allocatable id="TMR0">
                 <isocket id="CountingClock" selection="Clock.tool_clock_pclkb" value="3.0E7"/>
                 <option enabled="true" id="CountMode" selection="8bitMode">
@@ -683,8 +685,8 @@
                     <item id="Level15" input="" vlaue="0"/>
                 </option>
             </allocatable>
-            <component description="This software component generates two units (unit 0, unit 1) of an on-chip 8-bit timer (TMR) module that comprise two 8-bit counter channels, totaling four channels." detailDescription="" display="8-Bit Timer" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.9.0"/>
-            <allocator channelLevel0="0" channelLevel1="" channelLevel2="" channelLevel3="" channelLevel4="" channelLevel5="" description="8-Bit Timer 0" display="TMR0" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr.rx651.tmr0" type="">
+            <component description="このソフトウェアコンポーネントは、8 ビットタイマ（TMR）の構成を提供します。&#10;&#10;外部イベントのカウントが可能なほか、2 本のレジスタとのコンペアマッチ信号により、カウンタのクリア、割り込み要求、任意のデューティ比のパルス出力など、多機能タイマとして種々の応用が可能です。" detailDescription="" display="8 ビットタイマ" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.10.0"/>
+            <allocator channelLevel0="0" channelLevel1="" channelLevel2="" channelLevel3="" channelLevel4="" channelLevel5="" description="8 ビットタイマ0" display="TMR0" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr.rx651.tmr0" type="">
                 <context>
                     <option enabled="true" id="CountMode" selection="8bitMode">
                         <item enabled="true" id="8bitMode"/>
@@ -692,10 +694,10 @@
                     </option>
                 </context>
             </allocator>
-            <source description="Code generator components provide peripheral drivers with customized generated source geared towards small code size" display="Code Generator" id="com.renesas.smc.tools.swcomponent.codegenerator.source"/>
+            <source description="コード生成に対応したコンポーネントは、設定に応じた周辺ドライバのコードを小さなコードサイズで出力します。" display="コード生成" id="com.renesas.smc.tools.swcomponent.codegenerator.source"/>
         </configuration>
         <configuration inuse="true" name="r_bsp">
-            <component description="Dependencies : None&#10;The r_bsp package provides a foundation for code to be built on top of. It provides startup code, iodefines, and MCU information for different boards. There are 2 folders that make up the r_bsp package. The 'mcu' folder contains files that are common to a MCU group. These files provide functionality such as easy register access, CPU functions, and a file named 'mcu_info.h' for each MCU group. The 'mcu_info.h' file has information about the MCU on the board and is configured based on the information given in r_bsp_config.h. The information in 'mcu_info.h' is used to help configure Renesas middleware that uses the r_bsp package. The 'board' folder has a folder with startup code for each supported board.  Which MCU and board is chosen is decided by the settings in 'platform.h'. The user can choose which board they are using by uncommenting the include path that applies to their board. For example, if you are using the RSK+RX64M then you would uncomment the #include &quot;./board/generic_rx64m/r_bsp.h&quot; include path. Users are encouraged to add their own boards to the 'board' directory. BSPs are configured by using the r_bsp_config.h file. Each board will have a reference configuration file named r_bsp_config_reference.h. The user should copy this file to their project, rename it to r_bsp_config.h, and use the options inside the file to configure the BSP for their project." detailDescription="Board Support Packages." display="r_bsp" id="r_bsp6.21" version="6.21">
+            <component description="依存モジュール: なし&#10;The r_bsp package provides a foundation for code to be built on top of. It provides startup code, iodefines, and MCU information for different boards. There are 2 folders that make up the r_bsp package. The 'mcu' folder contains files that are common to a MCU group. These files provide functionality such as easy register access, CPU functions, and a file named 'mcu_info.h' for each MCU group. The 'mcu_info.h' file has information about the MCU on the board and is configured based on the information given in r_bsp_config.h. The information in 'mcu_info.h' is used to help configure Renesas middleware that uses the r_bsp package. The 'board' folder has a folder with startup code for each supported board.  Which MCU and board is chosen is decided by the settings in 'platform.h'. The user can choose which board they are using by uncommenting the include path that applies to their board. For example, if you are using the RSK+RX64M then you would uncomment the #include &quot;./board/generic_rx64m/r_bsp.h&quot; include path. Users are encouraged to add their own boards to the 'board' directory. BSPs are configured by using the r_bsp_config.h file. Each board will have a reference configuration file named r_bsp_config_reference.h. The user should copy this file to their project, rename it to r_bsp_config.h, and use the options inside the file to configure the BSP for their project." detailDescription="Board Support Packages." display="r_bsp" id="r_bsp6.21" version="6.21">
                 <gridItem id="BSP_CFG_USER_STACK_ENABLE" selectedIndex="1"/>
                 <gridItem id="BSP_CFG_USTACK_BYTES" selectedIndex="0x2000"/>
                 <gridItem id="BSP_CFG_ISTACK_BYTES" selectedIndex="0x400"/>
@@ -746,14 +748,14 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_cmt_rx">
-            <component description="Dependency : r_bsp version(s) 6.20&#10;This module creates a timer tick using a CMT channel based on a frequency input by the user." detailDescription="CMT driver" display="r_cmt_rx" id="r_cmt_rx4.90" version="4.90">
+            <component description="依存モジュール: r_bsp バージョン 6.20&#10;This module creates a timer tick using a CMT channel based on a frequency input by the user." detailDescription="CMT driver" display="r_cmt_rx" id="r_cmt_rx4.90" version="4.90">
                 <gridItem id="CMT_RX_CFG_IPR" selectedIndex="5"/>
             </component>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_ether_rx">
-            <component description="Dependency : r_bsp version(s) 5.52&#10;The Ethernet fit module provides a method to send and receive Ethernet / IEEE802.3 frame using Ethernet controller (ETHERC), Ethernet DMA controller (EDMAC)." detailDescription="Ethernet Driver." display="r_ether_rx" id="r_ether_rx1.21" version="1.21">
+            <component description="依存モジュール: r_bsp バージョン 5.52&#10;The Ethernet fit module provides a method to send and receive Ethernet / IEEE802.3 frame using Ethernet controller (ETHERC), Ethernet DMA controller (EDMAC)." detailDescription="Ethernet Driver." display="r_ether_rx" id="r_ether_rx1.21" version="1.21">
                 <gridItem id="CLKOUT25M" selectedIndex="0"/>
                 <gridItem id="ET0_TX_CLK" selectedIndex="0"/>
                 <gridItem id="ET0_RX_CLK" selectedIndex="1"/>
@@ -863,22 +865,22 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_sys_time_rx">
-            <component description="Dependency : r_bsp version(s) 5.20&#10;Dependency : r_cmt_rx version(s) 4.00&#10;Generic system timer for RX MCUs using CMT module." detailDescription="Generic system timer for RX MCUs using CMT module." display="r_sys_time_rx" id="r_sys_time_rx1.01" version="1.01"/>
+            <component description="依存モジュール: r_bsp バージョン 5.20&#10;依存モジュール: r_cmt_rx バージョン 4.00&#10;Generic system timer for RX MCUs using CMT module." detailDescription="Generic system timer for RX MCUs using CMT module." display="r_sys_time_rx" id="r_sys_time_rx1.01" version="1.01"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_t4_driver_rx">
-            <component description="Dependency : r_bsp version(s) 5.61&#10;Dependency : r_ether_rx version(s) 1.21&#10;Dependency : r_sys_time_rx version(s) 1.01&#10;Dependency : r_t4_rx version(s) 2.10&#10;Convert the TCP/IP(T4) - RX Ethernet Driver Interface." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] - RX Ethernet Driver Interface" display="r_t4_driver_rx" id="r_t4_driver_rx1.09" version="1.09"/>
+            <component description="依存モジュール: r_bsp バージョン 5.61&#10;依存モジュール: r_ether_rx バージョン 1.21&#10;依存モジュール: r_sys_time_rx バージョン 1.01&#10;依存モジュール: r_t4_rx バージョン 2.10&#10;Convert the TCP/IP(T4) - RX Ethernet Driver Interface." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] - RX Ethernet Driver Interface" display="r_t4_driver_rx" id="r_t4_driver_rx1.09" version="1.09"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_t4_rx">
-            <component description="Dependency : r_t4_driver_rx version(s) 1.09&#10;T4 is TCP/IP protocol stack that has small footprint for Renesas MCUs." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] for Renesas MCUs" display="r_t4_rx" id="r_t4_rx2.10" version="2.10">
+            <component description="依存モジュール: r_t4_driver_rx バージョン 1.09&#10;T4 is TCP/IP protocol stack that has small footprint for Renesas MCUs." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] for Renesas MCUs" display="r_t4_rx" id="r_t4_rx2.10" version="2.10">
                 <gridItem id="T4_CFG_SYSTEM_CHANNEL_NUMBER" selectedIndex="0"/>
                 <gridItem id="T4_CFG_SYSTEM_DHCP" selectedIndex="0"/>
-                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,1,33"/>
+                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,11,33"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH0" selectedIndex="255,255,255,0"/>
-                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,1,1"/>
+                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,11,1"/>
                 <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH1" selectedIndex="192,168,0,10"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH1" selectedIndex="255,255,255,0"/>
                 <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH1" selectedIndex="0,0,0,0"/>
@@ -959,7 +961,63 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_tsip_rx">
-            <component description="Dependency : r_bsp version(s) 7.00&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update.&#10;The &quot;.l&quot; in version number means library version." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.15.l" version="1.15.l"/>
+            <component description="依存モジュール: r_bsp バージョン 7.30&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.21" version="1.21">
+                <gridItem id="TSIP_AES_128_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_TDES_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_SHA_1" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256" selectedIndex="1"/>
+                <gridItem id="TSIP_MD5" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_1_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_RSAES_1024" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_2048" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_1024" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_2048" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSA_RETRY_COUNT_FOR_RSA_KEY_GENERATION" selectedIndex="5120*2"/>
+                <gridItem id="TSIP_ECDSA_P192" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P224" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDSA_P384" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDH_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_USER_SHA_384_ENABLED" selectedIndex="0"/>
+                <gridItem id="TSIP_USER_SHA_384_FUNCTION" selectedIndex="user_sha384_function"/>
+                <gridItem id="TSIP_TLS" selectedIndex="1"/>
+                <gridItem id="TSIP_SECURE_BOOT" selectedIndex="0"/>
+                <gridItem id="TSIP_FIRMWARE_UPDATE" selectedIndex="0"/>
+                <gridItem id="TSIP_MULTI_THREADING" selectedIndex="0"/>
+                <gridItem id="TSIP_MULTI_THREADING_LOCK_FUNCTION" selectedIndex="user_lock_function"/>
+                <gridItem id="TSIP_MULTI_THREADING_UNLOCK_FUNCTION" selectedIndex="user_unlock_function"/>
+            </component>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
index dcc59aac32..10b0ad4c83 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
@@ -1,6 +1,6 @@
 /* key_data.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,7 +37,7 @@ const st_key_block_data_t g_key_block_data =
     },
     /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
     {
-        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, 
+        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D,
         0x34, 0xB2, 0x4D, 0x92
     },
     /* 
@@ -45,30 +45,30 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
      */
     {
-        0xD9, 0x9A, 0x75, 0x0E, 0x9D, 0x4F, 0x63, 0xA4, 0x02, 0x96, 0xE1, 0xF1,
-        0x49, 0x44, 0xB5, 0x90, 0x59, 0x24, 0xC4, 0x23, 0xF7, 0xA0, 0x32, 0x65,
-        0x68, 0x7B, 0x70, 0xE7, 0xA5, 0xC8, 0x12, 0xD1, 0xCD, 0x55, 0x36, 0x5F,
-        0xE6, 0xEB, 0xD0, 0xAD, 0x5A, 0x7F, 0x9F, 0x41, 0x79, 0x8B, 0x2F, 0x3B,
-        0x17, 0xC9, 0xEE, 0xA7, 0xCB, 0xB5, 0x40, 0xFA, 0x3B, 0x43, 0x1D, 0xF8,
-        0x34, 0xCC, 0xB1, 0xB4, 0x8E, 0x67, 0xF6, 0xA0, 0x49, 0xAA, 0x76, 0x33,
-        0xA4, 0x56, 0xCD, 0x16, 0xE9, 0x76, 0x16, 0x92, 0xBE, 0x3F, 0x3A, 0x3A,
-        0xD7, 0x7A, 0xCD, 0xC9, 0xE2, 0xA0, 0xC8, 0x16, 0x2A, 0x0D, 0xBD, 0x3C,
-        0xEA, 0xC8, 0x26, 0x82, 0xDA, 0x5D, 0x19, 0x71, 0x7B, 0x90, 0x03, 0xEF,
-        0x1E, 0x24, 0x01, 0x62, 0x15, 0x3D, 0x2B, 0x4C, 0xA7, 0x8F, 0xBC, 0xD3,
-        0xD9, 0xC8, 0x9F, 0xBB, 0x4A, 0x62, 0x57, 0xE8, 0xE2, 0x86, 0x8C, 0x56,
-        0x36, 0x64, 0xE7, 0xB9, 0x47, 0x5C, 0x02, 0xF4, 0x87, 0x50, 0x16, 0x9C,
-        0xFB, 0xF6, 0xE9, 0x73, 0x96, 0x78, 0x94, 0x59, 0x12, 0x28, 0x03, 0x37,
-        0x75, 0x56, 0x00, 0x2F, 0xCE, 0x54, 0x7C, 0x34, 0xFD, 0x0B, 0x10, 0x5B,
-        0x4A, 0xEE, 0x11, 0x1B, 0x39, 0xE9, 0x80, 0x8B, 0x27, 0x2D, 0x29, 0x12,
-        0x68, 0x87, 0xD2, 0xC9, 0x78, 0xED, 0xED, 0xF2, 0xA6, 0x4D, 0x6B, 0x10,
-        0x98, 0x9D, 0x52, 0x1C, 0xCE, 0x69, 0x0D, 0x5C, 0x46, 0xEB, 0x5D, 0x9B,
-        0xC8, 0x6A, 0x8E, 0x1F, 0x56, 0x05, 0xBA, 0xD2, 0x50, 0x9F, 0x92, 0xB7,
-        0xD4, 0x4D, 0xCD, 0x58, 0x5B, 0xA7, 0x87, 0x10, 0x6D, 0xF3, 0xDB, 0xA8,
-        0x1D, 0x23, 0x00, 0xE4, 0x81, 0x69, 0x3E, 0x7D, 0xEA, 0x5B, 0x33, 0xF4,
-        0x73, 0xD8, 0x7C, 0xDD, 0x64, 0x74, 0x40, 0x30, 0x93, 0x8D, 0x2C, 0xA5,
-        0x2C, 0x24, 0x11, 0xB2, 0x26, 0x56, 0xE3, 0x41, 0x72, 0xAE, 0x41, 0x56,
-        0x9C, 0x75, 0x11, 0x8E, 0x53, 0x59, 0x77, 0xBF, 0x48, 0x71, 0x86, 0x7C,
-        0x7C, 0xCE, 0x04, 0xB9, 0x73, 0x62, 0xE6, 0x1D, 0xF8, 0xED, 0x93, 0x87
+        0x7F, 0xE5, 0x80, 0x89, 0xD7, 0x3E, 0xB9, 0x92, 0xF6, 0xBD, 0x13, 0x4B,
+        0x8D, 0xE8, 0x96, 0xC5, 0xAB, 0x56, 0x45, 0x55, 0xD4, 0xA6, 0x57, 0x73,
+        0xB5, 0xA8, 0xD7, 0x35, 0xF4, 0x4B, 0x0D, 0xA2, 0x30, 0x5A, 0xFE, 0xCB,
+        0x18, 0x06, 0x55, 0xB2, 0x51, 0xF2, 0xA4, 0x0E, 0xCB, 0x6E, 0x6C, 0x88,
+        0x03, 0xF3, 0x5C, 0x1E, 0xF0, 0xA4, 0xA8, 0x6E, 0x48, 0xE7, 0xB4, 0x87,
+        0xE9, 0xE9, 0xA0, 0xF0, 0xB2, 0xD3, 0x24, 0x8D, 0x2E, 0x8C, 0x11, 0x2C,
+        0x05, 0x26, 0x7C, 0xEE, 0x15, 0x67, 0xB8, 0xBF, 0xCA, 0xBC, 0x44, 0x8D,
+        0x80, 0xED, 0x94, 0xF1, 0x5B, 0x88, 0xE1, 0xB1, 0x81, 0x7D, 0x4D, 0x92,
+        0x6E, 0x1E, 0x3E, 0xF5, 0x7B, 0x77, 0x0A, 0xC8, 0x60, 0xB8, 0x7F, 0x43,
+        0x2F, 0x07, 0x3B, 0xCA, 0xF5, 0xC7, 0x6F, 0x8F, 0x9E, 0xC1, 0x39, 0x29,
+        0x10, 0xFA, 0xBA, 0xCD, 0x51, 0xDF, 0xF6, 0xAE, 0x6A, 0x84, 0xF4, 0xE0,
+        0xED, 0xFC, 0xE2, 0xCE, 0x68, 0x3A, 0x38, 0xBF, 0x9B, 0xAD, 0x6F, 0x8B,
+        0x84, 0x95, 0xAA, 0x5B, 0x4C, 0x73, 0xCE, 0x34, 0x8D, 0x84, 0x78, 0x1E,
+        0xBF, 0xD6, 0xE2, 0x12, 0xEB, 0x27, 0xA6, 0x96, 0x4C, 0x76, 0x9C, 0x19,
+        0x1C, 0x3C, 0x7D, 0xF7, 0xB0, 0xDB, 0xD6, 0x64, 0xFD, 0x67, 0xEB, 0x83,
+        0xC1, 0x60, 0x8F, 0x65, 0x19, 0xC0, 0x78, 0xFD, 0x09, 0xD4, 0x52, 0x74,
+        0xD6, 0x96, 0x89, 0x91, 0xEF, 0xF6, 0xB6, 0xAB, 0x27, 0x37, 0x7B, 0x43,
+        0xA9, 0xEC, 0xDA, 0x68, 0x5F, 0x3A, 0x32, 0xFE, 0xE8, 0x4E, 0x7B, 0xDC,
+        0xE4, 0x18, 0x5C, 0x53, 0x15, 0x5B, 0x5E, 0xC7, 0x08, 0x93, 0xF0, 0xBD,
+        0xF6, 0xC3, 0x78, 0x80, 0x3B, 0x1F, 0xC8, 0xBA, 0x0F, 0x58, 0xF7, 0x1E,
+        0x9C, 0xFB, 0x53, 0xCA, 0xA2, 0xBF, 0x9A, 0x18, 0xEE, 0x26, 0xD2, 0xA8,
+        0x88, 0x64, 0x13, 0xC8, 0xEE, 0xD2, 0x79, 0xB5, 0x67, 0xD4, 0x10, 0xB3,
+        0xF4, 0xC9, 0xCC, 0xCE, 0x4A, 0xE2, 0x38, 0x8B, 0x77, 0xEB, 0xD2, 0x89,
+        0xB0, 0x66, 0xFF, 0xCD, 0x76, 0xC1, 0x28, 0x65, 0xC2, 0xA3, 0xE3, 0x45
     },
     /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
     {
@@ -78,7 +78,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -107,7 +107,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -186,83 +186,95 @@ const uint32_t              encrypted_user_key_type =
 
 const unsigned char ca_ecc_cert_der_sig[] =
 {
-    0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
-    0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
-    0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
-    0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
-    0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
-    0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
-    0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
-    0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
-    0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
-    0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
-    0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
-    0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
-    0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
-    0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
-    0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
-    0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
-    0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
-    0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
-    0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
-    0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
-    0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
-    0xc0, 0x73, 0x11, 0x1e
+        0xAD, 0x89, 0x0C, 0x68, 0x8E, 0x97, 0xE5, 0x23, 0xE4, 0x35,
+        0x91, 0x2F, 0x1B, 0x2F, 0x48, 0xCC, 0x03, 0xFC, 0x18, 0xE1,
+        0x64, 0x8C, 0x4D, 0x12, 0xBB, 0xC1, 0xDD, 0xFE, 0xDF, 0x3B,
+        0x87, 0xB0, 0x5B, 0x84, 0x54, 0xE6, 0xAE, 0x6D, 0xE4, 0x08,
+        0x91, 0xF0, 0xBD, 0x11, 0xCA, 0xC4, 0xF1, 0x44, 0x41, 0x4C,
+        0x17, 0x65, 0xAD, 0xEC, 0xE5, 0x08, 0xD7, 0x9D, 0x3D, 0x95,
+        0x2A, 0x2B, 0x85, 0x70, 0x75, 0xC7, 0xEB, 0x2F, 0xB2, 0x5C,
+        0x07, 0xB8, 0x80, 0xBA, 0x6C, 0x5A, 0x78, 0x1C, 0xAC, 0xBC,
+        0x00, 0x2C, 0x9A, 0x21, 0x4E, 0x2A, 0xBA, 0x8E, 0x7D, 0x27,
+        0x82, 0xF8, 0xA9, 0x5A, 0xB3, 0x28, 0x82, 0x45, 0x1D, 0xF7,
+        0x5C, 0x06, 0x6C, 0xFA, 0x00, 0xE4, 0x8D, 0x0C, 0xC7, 0xBC,
+        0x16, 0x50, 0x84, 0xCE, 0x74, 0xAC, 0x67, 0x5E, 0xE0, 0x19,
+        0xF3, 0xFC, 0xD2, 0x1D, 0x46, 0x00, 0x63, 0x5E, 0xF8, 0xAC,
+        0x70, 0x82, 0x7C, 0x78, 0xD2, 0xD6, 0x42, 0xB0, 0xBC, 0x6E,
+        0x41, 0xCC, 0x3E, 0x08, 0x39, 0x29, 0xF4, 0xA6, 0xF5, 0x3D,
+        0x81, 0x0A, 0xF8, 0x12, 0xD8, 0xD1, 0x15, 0xA2, 0x4A, 0x4F,
+        0x13, 0x07, 0x9A, 0x56, 0x92, 0x51, 0xA2, 0xD6, 0x6B, 0xD9,
+        0xF9, 0x86, 0x8B, 0xBE, 0x05, 0xDE, 0x76, 0x66, 0x89, 0x73,
+        0x02, 0x19, 0x5C, 0xAC, 0xDE, 0x1E, 0x52, 0x80, 0x65, 0x42,
+        0x5D, 0xBB, 0xB4, 0xED, 0xCF, 0x1B, 0x5E, 0xED, 0xA1, 0xC2,
+        0x24, 0xAB, 0xBD, 0x30, 0xB2, 0xAE, 0x65, 0x8D, 0xE1, 0xDC,
+        0xA3, 0xC7, 0x43, 0xC0, 0xE4, 0xB9, 0x66, 0x91, 0x64, 0xFD,
+        0x12, 0x42, 0x12, 0x18, 0x4D, 0x7D, 0xF4, 0x14, 0xE5, 0x9E,
+        0x81, 0x38, 0xFB, 0x32, 0x3B, 0x54, 0xFA, 0x4A, 0x6F, 0x25,
+        0xA7, 0x3F, 0x45, 0x5D, 0x99, 0xC5, 0x4A, 0xE1, 0xEF, 0x12,
+        0x5E, 0x03, 0x30, 0xBC, 0x5C, 0x31
 };
 const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
 
 /* ./ca-cert.der.sign,  */
 const unsigned char ca_cert_der_sig[] =
 {
-    0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
-    0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
-    0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
-    0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
-    0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
-    0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
-    0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
-    0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
-    0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
-    0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
-    0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
-    0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
-    0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
-    0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
-    0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
-    0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
-    0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
-    0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
-    0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
-    0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
-    0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
-    0x1d, 0xdb, 0x57, 0xb8
+        0x78, 0xA1, 0x30, 0x91, 0xC7, 0x12, 0xA0, 0x6B, 0x48, 0xFC,
+        0x2B, 0x67, 0xF5, 0x00, 0x0D, 0x41, 0x64, 0x45, 0x20, 0xEF,
+        0x14, 0xD4, 0x60, 0x5A, 0x0C, 0x7D, 0xBA, 0x16, 0x46, 0x6C,
+        0x52, 0x3E, 0x8D, 0x15, 0x8C, 0xAB, 0x4D, 0x2F, 0x7E, 0x34,
+        0xB9, 0x92, 0xFF, 0xFB, 0x6F, 0xCE, 0x7B, 0x15, 0xF0, 0xB7,
+        0x1C, 0xFA, 0x6C, 0x06, 0x7A, 0x15, 0xC4, 0xAB, 0xA2, 0x8B,
+        0xCB, 0x48, 0x6D, 0x25, 0x2F, 0xB3, 0xF0, 0xA1, 0xAB, 0xFD,
+        0x53, 0xA9, 0x69, 0xC7, 0x33, 0xC3, 0x87, 0x48, 0xEE, 0x27,
+        0x01, 0x22, 0xC0, 0x1B, 0x69, 0x96, 0x1B, 0x2D, 0xD2, 0x92,
+        0x0B, 0xCC, 0x29, 0xD8, 0x17, 0x0E, 0x2C, 0x20, 0x95, 0xAC,
+        0xE3, 0xE6, 0xF6, 0x9C, 0xE7, 0xBE, 0x0F, 0xF0, 0xD8, 0xBE,
+        0xCF, 0x44, 0xBF, 0x34, 0x26, 0x7D, 0x30, 0xEA, 0x8D, 0xB9,
+        0xB4, 0xB0, 0x18, 0xF1, 0x19, 0x1A, 0x19, 0xD9, 0xF0, 0x9D,
+        0x72, 0xA6, 0x33, 0x9A, 0xA6, 0xC6, 0x74, 0xA9, 0x01, 0xE3,
+        0xFF, 0x60, 0xFC, 0x6D, 0x0B, 0x4C, 0x5D, 0x52, 0x4D, 0xED,
+        0x6C, 0xCC, 0xB9, 0x8D, 0x7B, 0x44, 0x3A, 0x1A, 0xD5, 0x8F,
+        0x75, 0xAA, 0x6B, 0xEC, 0xBB, 0x94, 0x5D, 0xA3, 0x9D, 0x33,
+        0x50, 0x1B, 0xBD, 0x04, 0x23, 0x05, 0x65, 0xA4, 0x5F, 0x21,
+        0xDD, 0x27, 0x3A, 0xB7, 0xE6, 0x21, 0x54, 0xA1, 0x75, 0x3C,
+        0x3D, 0x0E, 0x2F, 0xF5, 0x21, 0x7F, 0x02, 0x53, 0xB7, 0x14,
+        0x41, 0xEE, 0x0D, 0xCE, 0xB7, 0x48, 0xE6, 0x9A, 0x2E, 0x77,
+        0x9F, 0x94, 0x94, 0x00, 0x69, 0x28, 0xB4, 0xE9, 0xB1, 0x26,
+        0x2B, 0x90, 0xB9, 0xCD, 0x21, 0x05, 0xB5, 0x01, 0x37, 0x45,
+        0x32, 0x96, 0x80, 0xC3, 0x5A, 0xF1, 0x60, 0x9B, 0x97, 0x0D,
+        0x58, 0x63, 0x84, 0xB0, 0xF9, 0xCA, 0xBB, 0x97, 0x53, 0xA4,
+        0xC6, 0xE5, 0x6F, 0x59, 0x37, 0x81
 };
 const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
 /* ./client-cert.der.sign,  */
 const unsigned char client_cert_der_sign[] =
 {
-    0x9a, 0x0e, 0xbc, 0x0f, 0x7a, 0xbe, 0xb6, 0x47, 0x79, 0x71, 0xcc, 0x51,
-    0x87, 0xaa, 0x28, 0xbd, 0x9c, 0x04, 0x08, 0x0b, 0xb9, 0x78, 0x84, 0xeb,
-    0x1d, 0xf9, 0x0e, 0x38, 0x23, 0xfe, 0x8f, 0x6e, 0x75, 0x21, 0xcc, 0x39,
-    0x79, 0xf8, 0x9d, 0x80, 0x6b, 0xa9, 0x63, 0x79, 0x13, 0xd8, 0xc9, 0x5d,
-    0xd5, 0x84, 0x17, 0xdc, 0xe4, 0x56, 0xae, 0x55, 0x64, 0x69, 0x8c, 0x95,
-    0xa4, 0x03, 0xc1, 0x4a, 0xe8, 0xb6, 0xd5, 0x1b, 0xfa, 0x26, 0x3f, 0x2c,
-    0xff, 0xfc, 0xea, 0x83, 0xca, 0xf7, 0x4d, 0x9e, 0xf4, 0xbf, 0xca, 0xb6,
-    0x19, 0x46, 0x55, 0x45, 0xf4, 0x7d, 0xcd, 0x4b, 0xbc, 0x3d, 0xb7, 0xff,
-    0x57, 0xbf, 0xe8, 0x0e, 0xbc, 0x16, 0x45, 0xa1, 0xdb, 0xf0, 0xb4, 0x44,
-    0x64, 0x76, 0x0b, 0xe5, 0x86, 0x32, 0xbe, 0xd7, 0xf0, 0x26, 0x6c, 0x48,
-    0xb6, 0x7f, 0x1a, 0x2a, 0xe6, 0x1b, 0xbd, 0x5b, 0x9e, 0xca, 0xd0, 0xf4,
-    0xbb, 0xe4, 0x7f, 0x29, 0x66, 0xf6, 0x31, 0x6d, 0x70, 0x6f, 0xfd, 0x4d,
-    0x7f, 0xc8, 0x7f, 0x9a, 0x5b, 0x1e, 0x37, 0xf7, 0x0c, 0x66, 0xb2, 0x62,
-    0xd8, 0x3e, 0xca, 0x79, 0x6c, 0xec, 0x05, 0x01, 0xda, 0xd9, 0xe2, 0xc3,
-    0xd5, 0x9b, 0xf9, 0x43, 0xa6, 0x14, 0x9a, 0x1f, 0x32, 0xd3, 0x68, 0x63,
-    0x65, 0xb8, 0xb1, 0x63, 0xd5, 0xe2, 0xaa, 0x06, 0x27, 0x62, 0x4a, 0x95,
-    0x48, 0x3f, 0xee, 0xde, 0x3b, 0x89, 0xd4, 0x61, 0x74, 0x39, 0xef, 0xe6,
-    0x6e, 0x16, 0x2d, 0x8b, 0x54, 0x29, 0xe9, 0x71, 0xbc, 0xd4, 0x30, 0x42,
-    0x35, 0x1e, 0x89, 0xfb, 0xf7, 0x4a, 0x47, 0x87, 0x41, 0x66, 0x49, 0xe5,
-    0x8e, 0x16, 0x7f, 0x17, 0x07, 0xd6, 0xff, 0xe1, 0x2a, 0x4d, 0x7c, 0x70,
-    0x0d, 0x72, 0x5d, 0x3d, 0x1f, 0xd8, 0x41, 0x1a, 0x43, 0x00, 0x31, 0x81,
-    0x60, 0xa8, 0x6c, 0xef
+		0x81, 0x89, 0xC5, 0xC6, 0x25, 0xE3, 0xD5, 0x3D, 0xEE, 0xE0,
+		0xBC, 0xDF, 0xF0, 0xA4, 0xCE, 0xAC, 0xF8, 0x26, 0xB1, 0x41,
+		0xE3, 0x8C, 0x50, 0xE8, 0xCA, 0x4A, 0xA7, 0xDB, 0x5F, 0xED,
+		0x61, 0x31, 0xFD, 0x13, 0xC7, 0x04, 0x25, 0x4A, 0x2D, 0x77,
+		0xE8, 0xA0, 0xB3, 0xA5, 0x5D, 0x54, 0x70, 0xF9, 0x76, 0xC9,
+		0x26, 0x32, 0x84, 0x04, 0xEC, 0xEF, 0x39, 0x48, 0x8D, 0xB1,
+		0xDC, 0xA7, 0x71, 0xC2, 0x69, 0xC6, 0x99, 0x16, 0xB2, 0x06,
+		0xBD, 0xA7, 0x7C, 0x66, 0x35, 0x2D, 0x9A, 0xFB, 0xDA, 0xAF,
+		0xAA, 0xF7, 0x5A, 0x2E, 0x7C, 0x74, 0x3C, 0x53, 0xBC, 0x59,
+		0x5A, 0xF6, 0x1A, 0x0E, 0x2F, 0x9A, 0xA6, 0x9B, 0x3C, 0x06,
+		0x88, 0x77, 0x38, 0x7A, 0x02, 0xC9, 0x89, 0x03, 0x5B, 0xF9,
+		0xE7, 0xF2, 0xFD, 0x2B, 0x63, 0x94, 0x92, 0x8D, 0xBB, 0x9D,
+		0x71, 0x17, 0xB6, 0xBF, 0xA4, 0x68, 0x51, 0xF4, 0x98, 0xAC,
+		0xD2, 0x57, 0x6D, 0xC0, 0xBD, 0xE9, 0xC1, 0xE5, 0x4D, 0xD6,
+		0xFF, 0xC8, 0xDF, 0x7A, 0x4F, 0x97, 0x5D, 0x46, 0x3A, 0x0A,
+		0x38, 0xE8, 0x0C, 0x99, 0xE7, 0x97, 0xE7, 0x3F, 0xFE, 0xC8,
+		0x6A, 0x93, 0x95, 0xD2, 0x32, 0xB1, 0x01, 0x00, 0x1C, 0x9A,
+		0xCE, 0x5F, 0x2B, 0xA8, 0xB1, 0xC7, 0xDC, 0x1B, 0x04, 0x9F,
+		0x58, 0x03, 0x57, 0x19, 0x9A, 0xDB, 0x58, 0x33, 0xBD, 0x9D,
+		0x3E, 0xA0, 0x3D, 0x9A, 0x00, 0xA6, 0xE9, 0x2E, 0xCD, 0x45,
+		0x97, 0xC1, 0xDF, 0xCF, 0xAF, 0x8A, 0x93, 0x52, 0xAA, 0x65,
+		0x1C, 0xC2, 0x3C, 0xDD, 0xE1, 0xED, 0x4B, 0x8A, 0x05, 0x5A,
+		0xBE, 0x84, 0xEE, 0xDF, 0xC0, 0x96, 0xD2, 0x5A, 0x60, 0x32,
+		0xDF, 0xC9, 0x01, 0x7C, 0x83, 0x27, 0x2B, 0x4B, 0x18, 0x18,
+		0x9F, 0x58, 0xE4, 0xF0, 0x0C, 0x36, 0xC1, 0xB4, 0x08, 0x70,
+		0xFB, 0xDC, 0xCB, 0x70, 0x61, 0xAC
 };
 const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
 
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h
index 2d6bead068..80df72cb31 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
index 733da69714..9b17f3d5c3 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -89,14 +89,14 @@ double current_time(int reset)
 
 int SetTsiptlsKey()
 {
-#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER >=109)   
-    
+#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER >=109)
+
 #if defined(TLS_CLIENT)
 
-    #if defined(USE_ECC_CERT)    
+    #if defined(USE_ECC_CERT)
     /* Root CA cert has ECC-P256 public key */
     tsip_inform_cert_sign((const byte *)ca_ecc_cert_der_sig);
-    #else    
+    #else
     /* Root CA cert has RSA public key */
     tsip_inform_cert_sign((const byte *)ca_cert_der_sig);
     #endif
@@ -120,24 +120,24 @@ int SetTsiptlsKey()
 #endif
 
 #elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER < 109)
-    
+
     #if defined(TLS_CLIENT)
- 
+
         tsip_inform_cert_sign((const byte *)ca_cert_sig);
         tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key,
                             (byte*)&g_key_block_data.iv,
                             (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key);
- 
+
     #elif defined(TLS_SERVER)
- 
+
         tsip_inform_cert_sign((const byte *)client_cert_der_sign);
         tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key,
                             (byte*)&g_key_block_data.iv,
                             (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key);
- 
+
     #endif
 
-#endif    
+#endif
     return 0;
 }
 
@@ -283,7 +283,7 @@ void main(void)
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     SetTsiptlsKey();
 #endif
-    
+
     do {
         if(cipherlist_sz > 0 ) printf("cipher : %s\n", cipherlist[i]);
 
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
index 437ce74775..4506a6d4bc 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c
index 52ad49bba5..38964e6728 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -126,7 +126,7 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
     #if !defined(NO_FILESYSTEM)
         ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
     #else
-        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, 
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
                                                         SSL_FILETYPE_ASN1);
     #endif
         if (ret != SSL_SUCCESS) {
@@ -140,20 +140,20 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
             wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER |
                                 WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
 #if !defined(NO_FILESYSTEM)
-            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0) 
+            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0)
                                                                 != WOLFSSL_SUCCESS)
 #else
-            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert, 
+            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert,
                                                sizeof_clicert,
                                                SSL_FILETYPE_ASN1) != SSL_SUCCESS)
 #endif
                 printf("can't load ca file, Please run from wolfSSL home dir\n");
         }
-   
+
    /* Register callbacks */
    wolfSSL_SetIORecv(server_ctx, my_IORecv);
    wolfSSL_SetIOSend(server_ctx, my_IOSend);
-   
+
 }
 
 void wolfSSL_TLS_server( )
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h
index 5f0a537d30..9558d8f12b 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
new file mode 100644
index 0000000000..dcb17b70ab
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
@@ -0,0 +1,39 @@
+# Create/Update Signed CA
+This document describes how to create/update Signed CA data that is used at an example program.
+
+## Signed CA Creatation
+### Generate RSA Key pair
+```
+2048 bit RSA key pair
+$ openssl genrsa 2048 2> /dev/null > rsa_private.pem
+$ openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem 2> /dev/null
+```
+
+### Sign to CA certificate
+```
+Signed by 2048-bit RSA
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out <signed-CA>.sign <CA-file-for-Signed>
+
+For an example program, it assumes that wolfSSL example CA cert is to be signed.
+e.g.
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out Signed-CA.sign /path/for/wolfssl/certs/ca-cert.der
+```
+
+### Convert Signed CA to C source
+It is able to use `dertoc.pl` to generate c-source data from signed-ca binary data.
+
+```
+$ /path/to/wolfssl/scripts/dertoc.pl ./ca-cert.der.sign ca_cert_der_sig example.c
+```
+
+
+## Appendix
+### Example Keys
+There are multiple example keys for testing in the `example_keys` folder.
+```
+<example_keys>
+|
++----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
+     + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
+     + generate_signCA.sh an example script to genearte signed-certificate data for the example program
+```
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
new file mode 100755
index 0000000000..dd56430ae2
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# example usage
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../../wolfssl/certs/ca-cert.der ../../../../../../../../wolfssl
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../../wolfssl/certs/ca-ecc-cert.der ../../../../../../../../wolfssl
+#
+SIGOPT=rsa_padding_mode:pss
+SIGOPT2=rsa_pss_saltlen:-1
+CURRENT=$(cd $(dirname $0);pwd)
+
+function usage() {
+    cat <<- _EOT_
+    Usage:
+      $0 private-key public-key file-name wolfssl-dir
+
+    Options:
+      private-key : private key for sign/verify
+      public-key  : public key for verify
+      file-name   : file name to be signed
+      wolfssl-dir : wolfssl folder path
+
+_EOT_
+exit 1
+}
+
+if [ $# -ne 4 ]; then
+    usage
+fi
+
+# $1 private key for sign/verify
+# $2 public key for verify
+# $3 file for sign/verify
+signed_file=$(basename $3)
+wolf_dir=$4
+
+openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/${signed_file}.sign $3
+
+echo Verify by private key
+openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+echo Verifiy by public key
+openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+
+# Convert Signed CA to c source
+${wolf_dir}/scripts/dertoc.pl ${CURRENT}/${signed_file}.sign  XXXXXXX ${signed_file}.c
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem
new file mode 100644
index 0000000000..1fdfcca481
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvv9Ojq+nD5Qey29QAjw30fNVQz1A9OaDMivHMsLDKrW2qlzb
+y5upich6j+bFVCV/qxeWe3Gqgz/9P5lL1gxlsfMB0Ou9ktkpr/tPTGfEg2GqnRT9
+jy6H2gayKV9TB4cGrqOdcg8JA8ioYt6tks03jMqAzqYG20N8pPOxZLl0bRX/CR9r
+zo/ngDZkyHXf35LL+XsjLmavPYrHdULxS4DYz/sHVJe5hLboOjNShpDAM5WU3flD
+xQqspaWfAiXty0RyNmHgVY3ev5xj053hOr2FzbA+vGr2krg6jTlGtt7Pq1/uLfsn
+c86E+wzHqJj/yW+ovlUGFTBhHVosQ/MB2wRxiwIDAQABAoIBAAC5xZmjLzZO8MMD
+HEG16txgWU2VGP8VNSBmrC4UMVujLxt8mNUwNTexzE1pqgxEzDRhNZAogWZYQuUP
+9wrMJ0LC0pnxm1nIe3EQul9m8YcyQsyv/LqjiZ6ZcenYU99ucucM9hct2XHrPECL
+6grpvrFJP64JUXNZ0UprJpxkW/3iGtQGBqtyWKWvIEhvU0rdZuE4JSW1bJTSyplb
+LM4947lLRJufnKNPkCKZlVrhvnd0QE9Q6nwip6+H7Tk/sMPKHZcG8HeQkloHO/ar
+0o2dPwp2vx6T7IvQ1duZyGTvWHCPW66mnrINFJcuUmVDBj0+tHYx94fjEVRUYrig
+4PTIkAkCgYEA6tok4Md+Yqogw+QOPj0tQKujQkxAhkUA8EteVmwFP6Vy6oMYLTkf
+oZuBMh0S+8ddWXJIpDnLMown7a79XwFtXc39W5nXXBhMexNf44ad8soXDOuc363E
+2TYWn/GTUqGcCc4wy99vCe3508XG02yvVSIEY3iEdT0F6iis1uV+TG0CgYEA0DI2
+fS0Xl0+ig4c/0LtiuO40CBoblKsL+fe/bTUhKOnE3z5AkHy71FT2B0JSOnO04F0Q
+cTniGks9LISYm6kQQ43jfxMQCsaUzRbS1i+z+h+TdE8324gHP/4PH1mcUvuUWZHb
+esLeTpLRlsF9Wlm5bnG4wZsHM2+HnJDj5WUOCtcCgYEA6ivXp7XjZHfksc69EPwp
+GhnKcPndQMSfOfq8twmAdkT/f6x1t+oEizymJxTsb9cLUnvsyKvD28P6sDnS9B9V
+MLqLjQGpxm+IGxRngVQiPAubzktEoZf/9uHCz3qufi8cin5pE2/XpRwABlRnezsc
+3JNNsu1hjhDpy+EA7knolEUCgYBFCaGP+Lft8PZO7zZ2HO0rrbGLTjz/G4kpJsJP
+kGKikoI6FQaL4xDV5CaBWbiysVO1YqblJPCZD4IFlSKV24YNIKvjo4qaSCdnqr3X
+UJI5yua2lt5K6dydl72kA68WxV34JanGF4BoRb9CYn8SytX2jbdaW/ITWFR70n//
+vXbemQKBgG+yXyN14DZeld3zCX/1OTi1no++XSe99tK0eeXCmMTjq5kLPJAyQfSz
+Cht82D1bkovS/LX+mZ06ySD632d46W8rgv+AMZqChhUmOG6a0QcCK1vYsgX90O5e
+da5/kHw4lwcCY7yRDq7i0dtgoBGRsLQzIVvo4VxnLNBPH2uqHvum
+-----END RSA PRIVATE KEY-----
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem
new file mode 100644
index 0000000000..ab82dcda3c
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvv9Ojq+nD5Qey29QAjw3
+0fNVQz1A9OaDMivHMsLDKrW2qlzby5upich6j+bFVCV/qxeWe3Gqgz/9P5lL1gxl
+sfMB0Ou9ktkpr/tPTGfEg2GqnRT9jy6H2gayKV9TB4cGrqOdcg8JA8ioYt6tks03
+jMqAzqYG20N8pPOxZLl0bRX/CR9rzo/ngDZkyHXf35LL+XsjLmavPYrHdULxS4DY
+z/sHVJe5hLboOjNShpDAM5WU3flDxQqspaWfAiXty0RyNmHgVY3ev5xj053hOr2F
+zbA+vGr2krg6jTlGtt7Pq1/uLfsnc86E+wzHqJj/yW+ovlUGFTBhHVosQ/MB2wRx
+iwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md b/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md
index 769610879d..4574735ab3 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md
+++ b/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md
@@ -3,7 +3,7 @@ wolfSSL sample application project for Renesas RSK+RX65N-2MB evaluation board
 
 <br>
 
-A sample program for evaluating wolfSSL targeting the Renesas RSK+RX65N-2MB evaluation board is provided. For details on the program, refer to the following documents included in the package. 
+A sample program for evaluating wolfSSL targeting the Renesas RSK+RX65N-2MB evaluation board is provided. For details on the program, refer to the following documents included in the package.
 
 + InstructionManualForExample_RSK+RX65N-2MB_JP.pdf (Japanese)
-+ InstructionManualForExample_RSK+RX65N-2MB_EN.pdf (English）
\ No newline at end of file
++ InstructionManualForExample_RSK+RX65N-2MB_EN.pdf (English）
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md b/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md
index 630f28c0af..9aaa188fe2 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md
+++ b/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md
@@ -9,4 +9,4 @@ Renesas社製 RSK+RX65N-2MB 評価ボードをターゲットとしてwolfSSLを
 + InstructionManualForExample_RSK+RX65N-2MB_JP.pdf (日本語版)
 + InstructionManualForExample_RSK+RX65N-2MB_EN.pdf (英語版)
 
-を参照ください。
\ No newline at end of file
+を参照ください。
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
index 29d0adcbd5..9ddda19e44 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
@@ -1,6 +1,6 @@
 /* key_data.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,7 +37,7 @@ const st_key_block_data_t g_key_block_data =
     },
     /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
     {
-        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, 
+        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D,
         0x34, 0xB2, 0x4D, 0x92
     },
     /* 
@@ -45,30 +45,30 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
      */
     {
-        0xD9, 0x9A, 0x75, 0x0E, 0x9D, 0x4F, 0x63, 0xA4, 0x02, 0x96, 0xE1, 0xF1,
-        0x49, 0x44, 0xB5, 0x90, 0x59, 0x24, 0xC4, 0x23, 0xF7, 0xA0, 0x32, 0x65,
-        0x68, 0x7B, 0x70, 0xE7, 0xA5, 0xC8, 0x12, 0xD1, 0xCD, 0x55, 0x36, 0x5F,
-        0xE6, 0xEB, 0xD0, 0xAD, 0x5A, 0x7F, 0x9F, 0x41, 0x79, 0x8B, 0x2F, 0x3B,
-        0x17, 0xC9, 0xEE, 0xA7, 0xCB, 0xB5, 0x40, 0xFA, 0x3B, 0x43, 0x1D, 0xF8,
-        0x34, 0xCC, 0xB1, 0xB4, 0x8E, 0x67, 0xF6, 0xA0, 0x49, 0xAA, 0x76, 0x33,
-        0xA4, 0x56, 0xCD, 0x16, 0xE9, 0x76, 0x16, 0x92, 0xBE, 0x3F, 0x3A, 0x3A,
-        0xD7, 0x7A, 0xCD, 0xC9, 0xE2, 0xA0, 0xC8, 0x16, 0x2A, 0x0D, 0xBD, 0x3C,
-        0xEA, 0xC8, 0x26, 0x82, 0xDA, 0x5D, 0x19, 0x71, 0x7B, 0x90, 0x03, 0xEF,
-        0x1E, 0x24, 0x01, 0x62, 0x15, 0x3D, 0x2B, 0x4C, 0xA7, 0x8F, 0xBC, 0xD3,
-        0xD9, 0xC8, 0x9F, 0xBB, 0x4A, 0x62, 0x57, 0xE8, 0xE2, 0x86, 0x8C, 0x56,
-        0x36, 0x64, 0xE7, 0xB9, 0x47, 0x5C, 0x02, 0xF4, 0x87, 0x50, 0x16, 0x9C,
-        0xFB, 0xF6, 0xE9, 0x73, 0x96, 0x78, 0x94, 0x59, 0x12, 0x28, 0x03, 0x37,
-        0x75, 0x56, 0x00, 0x2F, 0xCE, 0x54, 0x7C, 0x34, 0xFD, 0x0B, 0x10, 0x5B,
-        0x4A, 0xEE, 0x11, 0x1B, 0x39, 0xE9, 0x80, 0x8B, 0x27, 0x2D, 0x29, 0x12,
-        0x68, 0x87, 0xD2, 0xC9, 0x78, 0xED, 0xED, 0xF2, 0xA6, 0x4D, 0x6B, 0x10,
-        0x98, 0x9D, 0x52, 0x1C, 0xCE, 0x69, 0x0D, 0x5C, 0x46, 0xEB, 0x5D, 0x9B,
-        0xC8, 0x6A, 0x8E, 0x1F, 0x56, 0x05, 0xBA, 0xD2, 0x50, 0x9F, 0x92, 0xB7,
-        0xD4, 0x4D, 0xCD, 0x58, 0x5B, 0xA7, 0x87, 0x10, 0x6D, 0xF3, 0xDB, 0xA8,
-        0x1D, 0x23, 0x00, 0xE4, 0x81, 0x69, 0x3E, 0x7D, 0xEA, 0x5B, 0x33, 0xF4,
-        0x73, 0xD8, 0x7C, 0xDD, 0x64, 0x74, 0x40, 0x30, 0x93, 0x8D, 0x2C, 0xA5,
-        0x2C, 0x24, 0x11, 0xB2, 0x26, 0x56, 0xE3, 0x41, 0x72, 0xAE, 0x41, 0x56,
-        0x9C, 0x75, 0x11, 0x8E, 0x53, 0x59, 0x77, 0xBF, 0x48, 0x71, 0x86, 0x7C,
-        0x7C, 0xCE, 0x04, 0xB9, 0x73, 0x62, 0xE6, 0x1D, 0xF8, 0xED, 0x93, 0x87
+        0x7F, 0xE5, 0x80, 0x89, 0xD7, 0x3E, 0xB9, 0x92, 0xF6, 0xBD, 0x13, 0x4B,
+        0x8D, 0xE8, 0x96, 0xC5, 0xAB, 0x56, 0x45, 0x55, 0xD4, 0xA6, 0x57, 0x73,
+        0xB5, 0xA8, 0xD7, 0x35, 0xF4, 0x4B, 0x0D, 0xA2, 0x30, 0x5A, 0xFE, 0xCB,
+        0x18, 0x06, 0x55, 0xB2, 0x51, 0xF2, 0xA4, 0x0E, 0xCB, 0x6E, 0x6C, 0x88,
+        0x03, 0xF3, 0x5C, 0x1E, 0xF0, 0xA4, 0xA8, 0x6E, 0x48, 0xE7, 0xB4, 0x87,
+        0xE9, 0xE9, 0xA0, 0xF0, 0xB2, 0xD3, 0x24, 0x8D, 0x2E, 0x8C, 0x11, 0x2C,
+        0x05, 0x26, 0x7C, 0xEE, 0x15, 0x67, 0xB8, 0xBF, 0xCA, 0xBC, 0x44, 0x8D,
+        0x80, 0xED, 0x94, 0xF1, 0x5B, 0x88, 0xE1, 0xB1, 0x81, 0x7D, 0x4D, 0x92,
+        0x6E, 0x1E, 0x3E, 0xF5, 0x7B, 0x77, 0x0A, 0xC8, 0x60, 0xB8, 0x7F, 0x43,
+        0x2F, 0x07, 0x3B, 0xCA, 0xF5, 0xC7, 0x6F, 0x8F, 0x9E, 0xC1, 0x39, 0x29,
+        0x10, 0xFA, 0xBA, 0xCD, 0x51, 0xDF, 0xF6, 0xAE, 0x6A, 0x84, 0xF4, 0xE0,
+        0xED, 0xFC, 0xE2, 0xCE, 0x68, 0x3A, 0x38, 0xBF, 0x9B, 0xAD, 0x6F, 0x8B,
+        0x84, 0x95, 0xAA, 0x5B, 0x4C, 0x73, 0xCE, 0x34, 0x8D, 0x84, 0x78, 0x1E,
+        0xBF, 0xD6, 0xE2, 0x12, 0xEB, 0x27, 0xA6, 0x96, 0x4C, 0x76, 0x9C, 0x19,
+        0x1C, 0x3C, 0x7D, 0xF7, 0xB0, 0xDB, 0xD6, 0x64, 0xFD, 0x67, 0xEB, 0x83,
+        0xC1, 0x60, 0x8F, 0x65, 0x19, 0xC0, 0x78, 0xFD, 0x09, 0xD4, 0x52, 0x74,
+        0xD6, 0x96, 0x89, 0x91, 0xEF, 0xF6, 0xB6, 0xAB, 0x27, 0x37, 0x7B, 0x43,
+        0xA9, 0xEC, 0xDA, 0x68, 0x5F, 0x3A, 0x32, 0xFE, 0xE8, 0x4E, 0x7B, 0xDC,
+        0xE4, 0x18, 0x5C, 0x53, 0x15, 0x5B, 0x5E, 0xC7, 0x08, 0x93, 0xF0, 0xBD,
+        0xF6, 0xC3, 0x78, 0x80, 0x3B, 0x1F, 0xC8, 0xBA, 0x0F, 0x58, 0xF7, 0x1E,
+        0x9C, 0xFB, 0x53, 0xCA, 0xA2, 0xBF, 0x9A, 0x18, 0xEE, 0x26, 0xD2, 0xA8,
+        0x88, 0x64, 0x13, 0xC8, 0xEE, 0xD2, 0x79, 0xB5, 0x67, 0xD4, 0x10, 0xB3,
+        0xF4, 0xC9, 0xCC, 0xCE, 0x4A, 0xE2, 0x38, 0x8B, 0x77, 0xEB, 0xD2, 0x89,
+        0xB0, 0x66, 0xFF, 0xCD, 0x76, 0xC1, 0x28, 0x65, 0xC2, 0xA3, 0xE3, 0x45
     },
     /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
     {
@@ -78,7 +78,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -107,7 +107,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -187,84 +187,96 @@ const uint32_t              encrypted_user_key_type =
 
 const unsigned char ca_ecc_cert_der_sig[] =
 {
-    0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
-    0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
-    0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
-    0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
-    0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
-    0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
-    0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
-    0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
-    0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
-    0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
-    0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
-    0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
-    0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
-    0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
-    0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
-    0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
-    0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
-    0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
-    0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
-    0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
-    0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
-    0xc0, 0x73, 0x11, 0x1e
+        0xAD, 0x89, 0x0C, 0x68, 0x8E, 0x97, 0xE5, 0x23, 0xE4, 0x35,
+        0x91, 0x2F, 0x1B, 0x2F, 0x48, 0xCC, 0x03, 0xFC, 0x18, 0xE1,
+        0x64, 0x8C, 0x4D, 0x12, 0xBB, 0xC1, 0xDD, 0xFE, 0xDF, 0x3B,
+        0x87, 0xB0, 0x5B, 0x84, 0x54, 0xE6, 0xAE, 0x6D, 0xE4, 0x08,
+        0x91, 0xF0, 0xBD, 0x11, 0xCA, 0xC4, 0xF1, 0x44, 0x41, 0x4C,
+        0x17, 0x65, 0xAD, 0xEC, 0xE5, 0x08, 0xD7, 0x9D, 0x3D, 0x95,
+        0x2A, 0x2B, 0x85, 0x70, 0x75, 0xC7, 0xEB, 0x2F, 0xB2, 0x5C,
+        0x07, 0xB8, 0x80, 0xBA, 0x6C, 0x5A, 0x78, 0x1C, 0xAC, 0xBC,
+        0x00, 0x2C, 0x9A, 0x21, 0x4E, 0x2A, 0xBA, 0x8E, 0x7D, 0x27,
+        0x82, 0xF8, 0xA9, 0x5A, 0xB3, 0x28, 0x82, 0x45, 0x1D, 0xF7,
+        0x5C, 0x06, 0x6C, 0xFA, 0x00, 0xE4, 0x8D, 0x0C, 0xC7, 0xBC,
+        0x16, 0x50, 0x84, 0xCE, 0x74, 0xAC, 0x67, 0x5E, 0xE0, 0x19,
+        0xF3, 0xFC, 0xD2, 0x1D, 0x46, 0x00, 0x63, 0x5E, 0xF8, 0xAC,
+        0x70, 0x82, 0x7C, 0x78, 0xD2, 0xD6, 0x42, 0xB0, 0xBC, 0x6E,
+        0x41, 0xCC, 0x3E, 0x08, 0x39, 0x29, 0xF4, 0xA6, 0xF5, 0x3D,
+        0x81, 0x0A, 0xF8, 0x12, 0xD8, 0xD1, 0x15, 0xA2, 0x4A, 0x4F,
+        0x13, 0x07, 0x9A, 0x56, 0x92, 0x51, 0xA2, 0xD6, 0x6B, 0xD9,
+        0xF9, 0x86, 0x8B, 0xBE, 0x05, 0xDE, 0x76, 0x66, 0x89, 0x73,
+        0x02, 0x19, 0x5C, 0xAC, 0xDE, 0x1E, 0x52, 0x80, 0x65, 0x42,
+        0x5D, 0xBB, 0xB4, 0xED, 0xCF, 0x1B, 0x5E, 0xED, 0xA1, 0xC2,
+        0x24, 0xAB, 0xBD, 0x30, 0xB2, 0xAE, 0x65, 0x8D, 0xE1, 0xDC,
+        0xA3, 0xC7, 0x43, 0xC0, 0xE4, 0xB9, 0x66, 0x91, 0x64, 0xFD,
+        0x12, 0x42, 0x12, 0x18, 0x4D, 0x7D, 0xF4, 0x14, 0xE5, 0x9E,
+        0x81, 0x38, 0xFB, 0x32, 0x3B, 0x54, 0xFA, 0x4A, 0x6F, 0x25,
+        0xA7, 0x3F, 0x45, 0x5D, 0x99, 0xC5, 0x4A, 0xE1, 0xEF, 0x12,
+        0x5E, 0x03, 0x30, 0xBC, 0x5C, 0x31
 };
 const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
 
 /* ./ca-cert.der.sign,  */
 const unsigned char ca_cert_der_sig[] =
 {
-    0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
-    0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
-    0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
-    0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
-    0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
-    0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
-    0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
-    0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
-    0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
-    0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
-    0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
-    0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
-    0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
-    0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
-    0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
-    0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
-    0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
-    0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
-    0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
-    0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
-    0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
-    0x1d, 0xdb, 0x57, 0xb8
+        0x78, 0xA1, 0x30, 0x91, 0xC7, 0x12, 0xA0, 0x6B, 0x48, 0xFC,
+        0x2B, 0x67, 0xF5, 0x00, 0x0D, 0x41, 0x64, 0x45, 0x20, 0xEF,
+        0x14, 0xD4, 0x60, 0x5A, 0x0C, 0x7D, 0xBA, 0x16, 0x46, 0x6C,
+        0x52, 0x3E, 0x8D, 0x15, 0x8C, 0xAB, 0x4D, 0x2F, 0x7E, 0x34,
+        0xB9, 0x92, 0xFF, 0xFB, 0x6F, 0xCE, 0x7B, 0x15, 0xF0, 0xB7,
+        0x1C, 0xFA, 0x6C, 0x06, 0x7A, 0x15, 0xC4, 0xAB, 0xA2, 0x8B,
+        0xCB, 0x48, 0x6D, 0x25, 0x2F, 0xB3, 0xF0, 0xA1, 0xAB, 0xFD,
+        0x53, 0xA9, 0x69, 0xC7, 0x33, 0xC3, 0x87, 0x48, 0xEE, 0x27,
+        0x01, 0x22, 0xC0, 0x1B, 0x69, 0x96, 0x1B, 0x2D, 0xD2, 0x92,
+        0x0B, 0xCC, 0x29, 0xD8, 0x17, 0x0E, 0x2C, 0x20, 0x95, 0xAC,
+        0xE3, 0xE6, 0xF6, 0x9C, 0xE7, 0xBE, 0x0F, 0xF0, 0xD8, 0xBE,
+        0xCF, 0x44, 0xBF, 0x34, 0x26, 0x7D, 0x30, 0xEA, 0x8D, 0xB9,
+        0xB4, 0xB0, 0x18, 0xF1, 0x19, 0x1A, 0x19, 0xD9, 0xF0, 0x9D,
+        0x72, 0xA6, 0x33, 0x9A, 0xA6, 0xC6, 0x74, 0xA9, 0x01, 0xE3,
+        0xFF, 0x60, 0xFC, 0x6D, 0x0B, 0x4C, 0x5D, 0x52, 0x4D, 0xED,
+        0x6C, 0xCC, 0xB9, 0x8D, 0x7B, 0x44, 0x3A, 0x1A, 0xD5, 0x8F,
+        0x75, 0xAA, 0x6B, 0xEC, 0xBB, 0x94, 0x5D, 0xA3, 0x9D, 0x33,
+        0x50, 0x1B, 0xBD, 0x04, 0x23, 0x05, 0x65, 0xA4, 0x5F, 0x21,
+        0xDD, 0x27, 0x3A, 0xB7, 0xE6, 0x21, 0x54, 0xA1, 0x75, 0x3C,
+        0x3D, 0x0E, 0x2F, 0xF5, 0x21, 0x7F, 0x02, 0x53, 0xB7, 0x14,
+        0x41, 0xEE, 0x0D, 0xCE, 0xB7, 0x48, 0xE6, 0x9A, 0x2E, 0x77,
+        0x9F, 0x94, 0x94, 0x00, 0x69, 0x28, 0xB4, 0xE9, 0xB1, 0x26,
+        0x2B, 0x90, 0xB9, 0xCD, 0x21, 0x05, 0xB5, 0x01, 0x37, 0x45,
+        0x32, 0x96, 0x80, 0xC3, 0x5A, 0xF1, 0x60, 0x9B, 0x97, 0x0D,
+        0x58, 0x63, 0x84, 0xB0, 0xF9, 0xCA, 0xBB, 0x97, 0x53, 0xA4,
+        0xC6, 0xE5, 0x6F, 0x59, 0x37, 0x81
 };
 const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
 /* ./client-cert.der.sign,  */
 const unsigned char client_cert_der_sign[] =
 {
-    0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79, 0x8A, 0x16,
-    0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B, 0x58, 0xC6, 0x5A, 0xED,
-    0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04, 0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23,
-    0x15, 0x84, 0x00, 0xE1, 0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53,
-    0x8A, 0x95, 0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21,
-    0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90, 0x5B, 0x3F,
-    0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE, 0x1D, 0xBE, 0xEB, 0x8E,
-    0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8, 0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6,
-    0x7E, 0xB6, 0xC8, 0xE1, 0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46,
-    0xCC, 0xCA, 0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81,
-    0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26, 0x55, 0xB6,
-    0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60, 0xD7, 0xEB, 0x1D, 0x08,
-    0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB, 0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38,
-    0xAC, 0x89, 0x63, 0xD5, 0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB,
-    0x9B, 0x71, 0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5,
-    0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02, 0x58, 0x3A,
-    0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23, 0x2D, 0xC5, 0xCD, 0x62,
-    0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95, 0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8,
-    0xC6, 0x2E, 0xDF, 0xD9, 0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73,
-    0x35, 0x4F, 0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C,
-    0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48, 0x3E, 0x95,
-    0x2A, 0x10, 0x01, 0x05
+        0x81, 0x89, 0xC5, 0xC6, 0x25, 0xE3, 0xD5, 0x3D, 0xEE, 0xE0,
+        0xBC, 0xDF, 0xF0, 0xA4, 0xCE, 0xAC, 0xF8, 0x26, 0xB1, 0x41,
+        0xE3, 0x8C, 0x50, 0xE8, 0xCA, 0x4A, 0xA7, 0xDB, 0x5F, 0xED,
+        0x61, 0x31, 0xFD, 0x13, 0xC7, 0x04, 0x25, 0x4A, 0x2D, 0x77,
+        0xE8, 0xA0, 0xB3, 0xA5, 0x5D, 0x54, 0x70, 0xF9, 0x76, 0xC9,
+        0x26, 0x32, 0x84, 0x04, 0xEC, 0xEF, 0x39, 0x48, 0x8D, 0xB1,
+        0xDC, 0xA7, 0x71, 0xC2, 0x69, 0xC6, 0x99, 0x16, 0xB2, 0x06,
+        0xBD, 0xA7, 0x7C, 0x66, 0x35, 0x2D, 0x9A, 0xFB, 0xDA, 0xAF,
+        0xAA, 0xF7, 0x5A, 0x2E, 0x7C, 0x74, 0x3C, 0x53, 0xBC, 0x59,
+        0x5A, 0xF6, 0x1A, 0x0E, 0x2F, 0x9A, 0xA6, 0x9B, 0x3C, 0x06,
+        0x88, 0x77, 0x38, 0x7A, 0x02, 0xC9, 0x89, 0x03, 0x5B, 0xF9,
+        0xE7, 0xF2, 0xFD, 0x2B, 0x63, 0x94, 0x92, 0x8D, 0xBB, 0x9D,
+        0x71, 0x17, 0xB6, 0xBF, 0xA4, 0x68, 0x51, 0xF4, 0x98, 0xAC,
+        0xD2, 0x57, 0x6D, 0xC0, 0xBD, 0xE9, 0xC1, 0xE5, 0x4D, 0xD6,
+        0xFF, 0xC8, 0xDF, 0x7A, 0x4F, 0x97, 0x5D, 0x46, 0x3A, 0x0A,
+        0x38, 0xE8, 0x0C, 0x99, 0xE7, 0x97, 0xE7, 0x3F, 0xFE, 0xC8,
+        0x6A, 0x93, 0x95, 0xD2, 0x32, 0xB1, 0x01, 0x00, 0x1C, 0x9A,
+        0xCE, 0x5F, 0x2B, 0xA8, 0xB1, 0xC7, 0xDC, 0x1B, 0x04, 0x9F,
+        0x58, 0x03, 0x57, 0x19, 0x9A, 0xDB, 0x58, 0x33, 0xBD, 0x9D,
+        0x3E, 0xA0, 0x3D, 0x9A, 0x00, 0xA6, 0xE9, 0x2E, 0xCD, 0x45,
+        0x97, 0xC1, 0xDF, 0xCF, 0xAF, 0x8A, 0x93, 0x52, 0xAA, 0x65,
+        0x1C, 0xC2, 0x3C, 0xDD, 0xE1, 0xED, 0x4B, 0x8A, 0x05, 0x5A,
+        0xBE, 0x84, 0xEE, 0xDF, 0xC0, 0x96, 0xD2, 0x5A, 0x60, 0x32,
+        0xDF, 0xC9, 0x01, 0x7C, 0x83, 0x27, 0x2B, 0x4B, 0x18, 0x18,
+        0x9F, 0x58, 0xE4, 0xF0, 0x0C, 0x36, 0xC1, 0xB4, 0x08, 0x70,
+        0xFB, 0xDC, 0xCB, 0x70, 0x61, 0xAC
 };
 const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
-
+uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
 #endif
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
index 2d6bead068..80df72cb31 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
index f856d4e5e6..e35feacb90 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,7 +29,7 @@
 /*-- Renesas TSIP usage and its version ---------------------------------------
  *
  *  "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration
- *   for cipher operations. 
+ *   for cipher operations.
  *  TSIP definition asks to have its version number.
  *  "WOLFSSL_RENESAS_TSIP_VER" takes following value:
  *      106: TSIPv1.06
@@ -38,25 +38,26 @@
  *      114: TSIPv1.14
  *      115: TSIPv1.15
  *      117: TSIPv1.17
+ *      121: TSIPv1.21
  *----------------------------------------------------------------------------*/
   #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     117
+  #define WOLFSSL_RENESAS_TSIP_VER     121
 
 
 /*-- TLS version definitions  --------------------------------------------------
  *
  * wolfSSL supports TLSv1.2 by default. In case you want your system to support
  * TLSv1.3, uncomment line below.
- * 
+ *
  *----------------------------------------------------------------------------*/
 #define WOLFSSL_TLS13
 
 
 /*-- Operating System related definitions --------------------------------------
- * 
+ *
  *  In case any real-time OS is used, define its name(e.g. FREERTOS).
  *  Otherwise, define "SINGLE_THREADED". They are exclusive each other.
- *   
+ *
  *----------------------------------------------------------------------------*/
 
 #define FREERTOS
@@ -101,23 +102,23 @@
 
   /* USE_ECC_CERT
    * This macro is for selecting root CA certificate to load, it is valid only
-   * in example applications. wolfSSL does not refer this macro. 
-   * If you want to use cipher suites including ECDSA authentication in 
+   * in example applications. wolfSSL does not refer this macro.
+   * If you want to use cipher suites including ECDSA authentication in
    * the example applications with TSIP, enable this macro.
-   * In TSIP 1.13 or later version, following cipher suites are 
+   * In TSIP 1.13 or later version, following cipher suites are
    * available:
    * - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SAH256
-   * 
+   *
    * Note that, this macro disables cipher suites including RSA
    * authentication such as:
    * - TLS_RSA_WITH_AES_128_CBC_SHA
-   * - TLS_RSA_WITH_AES_256_CBC_SHA 
+   * - TLS_RSA_WITH_AES_256_CBC_SHA
    * - TLS_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_RSA_WITH_AES_256_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
-   * 
+   *
    */
   #define USE_ECC_CERT
 
@@ -126,14 +127,14 @@
    */
   /*#define WOLFSSL_CHECK_SIG_FAULTS*/
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_ecc_cert_der_256" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_ecc_cert_der_256" is used under the following macro definition
    * for ECDSA.
    */
   #define USE_CERT_BUFFERS_256
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_cert_der_2048" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_cert_der_2048" is used under the following macro definition
    * for RSA authentication.
    */
   #define USE_CERT_BUFFERS_2048
@@ -143,27 +144,27 @@
  *
  *----------------------------------------------------------------------------*/
   #define SIZEOF_LONG_LONG 8
+  #define WOLFSSL_SMALL_STACK
 
-
- /* 
+ /*
   * -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
-  *  
-  * Note. In your actual products, do not forget to comment-out 
+  *
+  * Note. In your actual products, do not forget to comment-out
   * "NO_ASN_TIME" macro. And prepare time function to get calendar time,
-  * otherwise, certificate expiration validation will not work.  
+  * otherwise, certificate expiration validation will not work.
   */
   /*#define NO_ASN_TIME*/
-  
+
   #define NO_MAIN_DRIVER
   #define BENCH_EMBEDDED
-  #define NO_WOLFSSL_DIR 
+  #define NO_WOLFSSL_DIR
   #define WOLFSSL_NO_CURRDIR
   #define NO_FILESYSTEM
   #define WOLFSSL_LOG_PRINTF
   #define WOLFSSL_HAVE_MIN
   #define WOLFSSL_HAVE_MAX
   #define NO_WRITEV
-  
+
 
   #define WOLFSSL_USER_CURRTIME /* for benchmark */
   #define TIME_OVERRIDES
@@ -196,7 +197,7 @@
 
 /*-- Definitions for functionality negation  -----------------------------------
  *
- * 
+ *
  *----------------------------------------------------------------------------*/
 
 /*#define NO_RENESAS_TSIP_CRYPT*/
@@ -207,7 +208,7 @@
 #endif
 /*-- Consistency checking between definitions  ---------------------------------
  *
- *  
+ *
  *----------------------------------------------------------------------------*/
 
 /*-- TSIP TLS specific definitions --*/
@@ -233,7 +234,6 @@
     #define WOLFSSL_RENESAS_TSIP_TLS
 
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -247,7 +247,14 @@
         # undef WOLFSSL_RENESAS_TSIP_TLS
         # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
-
+    /*-------------------------------------------------------------------------
+    * TSIP generates random numbers using the CRT-DRBG described
+    * in NIST SP800-90A. Recommend to define the CUSTOM_RAND_GENERATE_BLOCK
+    * so that wc_RNG_GenerateByte/Block() call TSIP random generatoion API
+    * directly. Comment out the macro will generate random number by
+    * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
+    *-----------------------------------------------------------------------*/
+	#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 #else
     #define OPENSSL_EXTRA
     #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
@@ -263,3 +270,4 @@
 
 /*-- strcasecmp */
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
+
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
index 5614f3f1f2..1d9c1e1472 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
@@ -1,6 +1,6 @@
 /* wolfssl_demo.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,6 @@
 #include "platform/iot_network.h"
 #include "platform.h"
 
-
 #include <wolfssl/wolfcrypt/settings.h>
 #include "wolfssl/ssl.h"
 #include <wolfssl/wolfio.h>
@@ -59,22 +58,40 @@
     static WOLFSSL_CTX* client_ctx;
 #endif /* TLS_CLIENT */
 
-#define TLSSERVER_IP      "192.168.1.14"
+#define TLSSERVER_IP      "192.168.10.6"
 #define TLSSERVER_PORT    11111
-#define YEAR 2023
-#define MON  3
 #define FREQ 10000 /* Hz */
 
 static long         tick;
 static int          tmTick;
 
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
+
 /* time
  * returns seconds from EPOCH
  */
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tmTick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tmTick++;
 }
 
 /* timeTick
@@ -94,8 +111,6 @@ double current_time(int reset)
       return ((double)tick/FREQ) ;
 }
 
-
-
 /* --------------------------------------------------------*/
 /*  Benchmark_demo                                         */
 /* --------------------------------------------------------*/
@@ -145,7 +160,7 @@ static void Tls_client_init(const char* cipherlist)
             char *cert       = "./certs/ca-cert.pem";
         #endif
     #else
-        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256) 
+        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
             const unsigned char *cert       = ca_ecc_cert_der_256;
             #define  SIZEOF_CERT sizeof_ca_ecc_cert_der_256
         #else
@@ -164,7 +179,7 @@ static void Tls_client_init(const char* cipherlist)
     #endif
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((client_ctx = 
+    if ((client_ctx =
         wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return;
@@ -175,7 +190,7 @@ static void Tls_client_init(const char* cipherlist)
     #endif
 
     #if defined(NO_FILESYSTEM)
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert,
                             SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
            printf("ERROR: can't load certificate data\n");
        return;
@@ -187,10 +202,10 @@ static void Tls_client_init(const char* cipherlist)
     }
     #endif
 
-    
+
     /* use specific cipher */
-    if (cipherlist != NULL && 
-        wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != 
+    if (cipherlist != NULL &&
+        wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) !=
                                                             WOLFSSL_SUCCESS) {
         wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
         printf("client can't set cipher list");
@@ -220,8 +235,8 @@ static void Tls_client()
     socklen_t       socksize = sizeof(struct freertos_sockaddr);
     struct freertos_sockaddr    PeerAddr;
     char    addrBuff[ADDR_SIZE] = {0};
-  
-    static const char sendBuff[]= "Hello Server\n" ;    
+
+    static const char sendBuff[]= "Hello Server\n" ;
     char    rcvBuff[BUFF_SIZE] = {0};
 
 
@@ -285,7 +300,7 @@ static void Tls_client()
         }
     }
 
-#endif /* USE_ECC_CERT */    
+#endif /* USE_ECC_CERT */
 
 
 #ifdef USE_ECC_CERT
@@ -313,14 +328,14 @@ static void Tls_client()
         }
     }
     #endif /* WOLFSSL_CHECK_SIG_FAULTS */
- 
+
     #else
 
     /* DER format ECC private key */
     if (ret == 0) {
-        err = wolfSSL_use_PrivateKey_buffer(ssl, 
+        err = wolfSSL_use_PrivateKey_buffer(ssl,
                                     ecc_clikey_der_256,
-                                    sizeof_ecc_clikey_der_256, 
+                                    sizeof_ecc_clikey_der_256,
                                     WOLFSSL_FILETYPE_ASN1);
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
@@ -334,7 +349,7 @@ static void Tls_client()
 #else
 
     #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-    
+
     /* Note: TSIP asks RSA client key pair for client authentication.  */
 
     /* TSIP specific RSA private key */
@@ -359,10 +374,10 @@ static void Tls_client()
 
     #else
 
-    if (ret == 0) { 
+    if (ret == 0) {
         err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
                             sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
-         
+
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
@@ -390,7 +405,7 @@ static void Tls_client()
     }
 
     if (ret == 0) {
-        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != 
+        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) !=
                                                             strlen(sendBuff)) {
             printf("ERROR wolfSSL_write: %d\n", wolfSSL_get_error(ssl, 0));
             ret = -1;
@@ -409,7 +424,7 @@ static void Tls_client()
         }
     }
 
-    
+
     wolfSSL_shutdown(ssl);
 
     FreeRTOS_shutdown(socket, FREERTOS_SHUT_RDWR);
@@ -499,7 +514,7 @@ static void Tls_client_demo(void)
     tsip_inform_cert_sign((const byte*)ca_ecc_cert_der_sig);
 
     #else
-    
+
     /* Root CA cert has RSA public key */
     tsip_inform_cert_sign((const byte*)ca_cert_der_sig);
 
@@ -529,7 +544,7 @@ static void Tls_client_demo(void)
 #endif /* TLS_CLIENT */
 
 /* Demo entry function called by iot_demo_runner
- * To run this entry function as an aws_iot_demo, define this as 
+ * To run this entry function as an aws_iot_demo, define this as
  * DEMO_entryFUNCTION in aws_demo_config.h.
  */
 void wolfSSL_demo_task(bool         awsIotMqttMode,
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h
index 6eb3b9641a..cb916e6536 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md
index 1447132e86..576fcfab3e 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md
@@ -3,7 +3,7 @@ wolfSSL sample application project for Renesas RX72N EnvisionKit evaluation boar
 
 <br>
 
-A sample program for evaluating wolfSSL targeting the Renesas RX72N EnvisionKit evaluation board is provided. For details on the program, refer to the following documents included in the package. 
+A sample program for evaluating wolfSSL targeting the Renesas RX72N EnvisionKit evaluation board is provided. For details on the program, refer to the following documents included in the package.
 
 + InstructionManualForExample_RX72N_EnvisonKit_JP.pdf (Japanese)
-+ InstructionManualForExample_RX72N_EnvisonKit_EN.pdf(English）
\ No newline at end of file
++ InstructionManualForExample_RX72N_EnvisonKit_EN.pdf(English）
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md
index be61aec040..decfcbfed8 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md
@@ -3,16 +3,16 @@ wolfSSL simple application project for RX72N EnvisionKit board
 ## 1. Overview
 -----
 
-We provide a simple program for evaluating wolfSSL targeting the RX72N evaluation board, which has RX72 MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program. 
+We provide a simple program for evaluating wolfSSL targeting the RX72N evaluation board, which has RX72 MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program.
 
 The sample provided is a single application that can evaluate the following four functions:
 
 - CryptoTest: A program that automatically tests various cryptographic operation functions
-- Benchmark: A program that measures the execution speed of various cryptographic operations 
+- Benchmark: A program that measures the execution speed of various cryptographic operations
 - TlsClient: A program that performs TLS communication with the opposite TLS server application
 - TlsServer: A program that performs TLS communication with the opposite TLS client application
 
-Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only. 
+Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only.
 
 The following sections will walk you through the steps leading up to running the sample application.
 ## 2. Target H/W, components and libraries
@@ -26,8 +26,8 @@ This sample program uses the following hardware and software libraries. If a new
 |Device|R5F572NNHxFB|
 |IDE| Renesas e2Studio Version:2022-07 |
 |Emulator| E2 Emulator Lite |
-|Toolchain|CCRX v3.03.00|
-|TSIP| TSIP v1.15|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 
 
 The project of this sample program has a configuration file that uses the following FIT components.
@@ -42,30 +42,30 @@ However, the FIT components themselves are not included in the distribution of t
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.15.l|r_tsip_rx|
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 
 ## 3. Importing sample application project into e2Studio
 ----
 
-There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below. 
+There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below.
 
-+ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}/Simple) where this README file exists. 
-+ Three projects that can be imported are listed, but check only the three projects "test" and "wolfssl" and click the "Finish" button. 
++ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}/Simple) where this README file exists.
++ Three projects that can be imported are listed, but check only the three projects "test" and "wolfssl" and click the "Finish" button.
 
-You should see the **test** and **wolfssl** 2 projects you imported into the project explorer. 
+You should see the **test** and **wolfssl** 2 projects you imported into the project explorer.
 
 ## 4. FIT module download and smart configurator file generation
 ----
 
 You will need to get the required FIT modules yourself. Follow the steps below to get them.
 
-1. Open the test project in Project Explorer and double-click the **test.scfg** file to open the Smart Configurator Perspective. 
+1. Open the test project in Project Explorer and double-click the **test.scfg** file to open the Smart Configurator Perspective.
 
 2. Select the "Components" tab on the software component settings pane. Then click the "Add Component" button at the top right of the pane. The software component selection dialog will pop up. Click "Download the latest version of FIT driver and middleware" at the bottom of the dialog to get the modules. You can check the download destination folder by pressing "Basic settings...".
 
 3. The latest version of the TSIP component may not be automatically obtained due to the delay in Renesas' support by the method in step 2 above. In that case, you can download it manually from the Renesas website. Unzip the downloaded component and store the files contained in the FIT Modules folder in the download destination folder of step 2.
 
-4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components. 
+4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components.
 
 5. Select the Components tab on the Software Component Settings pane and select the r_t4_rx component. In the settings pane on the right, specify the IP address of this board as the value of the "# IP address for ch0, when DHCP disable." Property (e.g. 192.168.1.9).
 
@@ -80,7 +80,7 @@ The test project is a single sample application, but you can specify to perform
 - Benchmark: A program that measures the execution speed of various cryptographic operations
 - TlsClient: A program that performs TLS communication with the opposite TLS server application
 - TlsServer: A program that performs TLS communication with the opposite TLS client application
-- 
+-
 Open the <board-name-folder\>/test/src/wolfssl_simple_demo.h file and enable one of the following definitions:
 
 - #define CRYPT_TEST
@@ -109,7 +109,7 @@ Now that the test application is ready to build.
 
 5. Press the run button to run the test application.
 
-6. CryptoTest, Benchmark, TLS_Client or TLS_Server After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging. 
+6. CryptoTest, Benchmark, TLS_Client or TLS_Server After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging.
 
 ## 7. Running test application as Client
 -----
@@ -176,7 +176,7 @@ Client message: Hello Server
 Note `-v 4` option in server execution command line means to use TLS 1.3. If you want to use smaller version of TLS than 1.3, `-v 4` needs to be removed from an exmeple server command options.
 
 ### 7.3 Run Client using TSIP driver
-When it enables SIMPLE_TLS_TSIP_CLIENT, we can run TLS client including TSIP driver on the baord. 
+When it enables SIMPLE_TLS_TSIP_CLIENT, we can run TLS client including TSIP driver on the baord.
 In this case, we disable `#define WOLFSSL_TLS13` and `#define USE_ECC_CERT`. As a result, TLS communication between Client and Server use TLS 1.2 and RSA certificate.
 
 The table below shows the cipher suites that TSIP supports.
@@ -185,7 +185,7 @@ The table below shows the cipher suites that TSIP supports.
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA certificate|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA certificate|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -213,7 +213,7 @@ $ ./examples/server/server -b -i
 ```
 
 
-When you run the test application, it makes a TLS connection with the server application by TLS1.2, then exchanges a simple string and displays the following on the standard output. 
+When you run the test application, it makes a TLS connection with the server application by TLS1.2, then exchanges a simple string and displays the following on the standard output.
 The cipher suites displayed depends on the combination of TLS version and certificate type.
 
 ```
@@ -285,7 +285,7 @@ If you want to use it for purposes beyond functional evaluation, you need to pre
   2. RSA key pair required for RootCA certificate validation
   3. The signature generated by the RootCA certificate with the private key in 2 above.
 
-will become necessary. Please refer to the manual provided by Renesas for how to generate them. 
+will become necessary. Please refer to the manual provided by Renesas for how to generate them.
 
 ## 10. Limitations
 ----
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md
index e870bba016..6022c3a620 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md
@@ -32,10 +32,10 @@ IDEとしてe2 studioを使用するものです。本ドキュメントでは
 |:--|:--|
 |評価ボード|RX72N EnvisionKit|
 |Device|R5F572NNHxFB|
-|IDE| Renesas e2Studio Version:2022-07 |
+|IDE| Renesas e2Studio Version:2024-01.1 (24.1.1) |
 |エミュレーター| E2エミュレーターLite |
-|Toolchain|CCRX v3.03.00|
-|TSIP| TSIP v1.15|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 
 
 本サンプルプログラムのプロジェクトには以下のFITコンポーネントを使用する設定ファイルが用意されています。
@@ -51,7 +51,7 @@ IDEとしてe2 studioを使用するものです。本ドキュメントでは
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.15.l|r_tsip_rx|
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 
 
 ## 3. サンプルプログラムプロジェクトのe2Studioへのインポート
@@ -212,7 +212,7 @@ TSIPドライバがサポートする暗号スイートは下記の一覧にな
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA certificate|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA certificate|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -334,4 +334,4 @@ wolfSSL_CTX_use_certificate_buffer あるいはwolfSSL_CTX_use_certificate_chain
 上記制限1 ~ 4は次版以降のTSIPによって改善が見込まれています。
 
 ## 11. サポート
-ご質問・ご要望は、info@wolfssl.jp まで日本語でお知らせください。
\ No newline at end of file
+ご質問・ご要望は、info@wolfssl.jp まで日本語でお知らせください。
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
index 2c48ed510c..3e4c1e56ea 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,8 +21,8 @@
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-#define YEAR 2023
-#define MON  5
+#define YEAR 2024
+#define MON  7
 
 static int tick = 0;
 
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject
index 5f7ceb0e4c..42c63d72e7 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject
@@ -25,7 +25,7 @@
 							<builder buildPath="${workspace_loc:/test}/HardwareDebug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.65531188" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1710373085" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.390598726" name="デバッグ情報を出力する (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="出力するデータ値のエンディアン (-littleEndianData)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="出力するデータ値のエンディアン (-cpuLittleEndian/-cpuBigEndian)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.385785132" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.968417281" name="命令セット・アーキテクチャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
@@ -50,7 +50,6 @@
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../common&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../wolfssl_demo&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../../../../../../&quot;"/>
-									<listOptionValue builtIn="false" value="${ProjDirPath}/generate"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
@@ -66,6 +65,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.511269805" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
@@ -109,6 +109,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.502444415" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
 							</tool>
@@ -119,7 +120,7 @@
 									<listOptionValue builtIn="false" value="D_2=R_2"/>
 									<listOptionValue builtIn="false" value="D_8=R_8"/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R,B_8,R_8/04,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/0800000,PResetPRG,C_1,C_2,C,C_8,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R,B_8,R_8/04,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/0800000,PResetPRG,C_1,C_2,C,C_8,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000" valueType="string"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1452234640" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
@@ -128,7 +129,7 @@
 								</option>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.47410515" name="可変ベクタテーブルのアドレス未設定ベクタ番号に指定するアドレス (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.239094904" name="セクションの割り付けアドレスをチェックする (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="アドレス範囲指定方法 (-cpu(アドレス範囲指定方法))" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="アドレス範囲指定方法 (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1237940973" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;.\src\benchmark.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\key_data.obj&quot;"/>
@@ -181,7 +182,6 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.1438206933" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../wolfssl/Debug/wolfssl.lib&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}&quot;"/>
 								</option>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1723543812" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
@@ -242,7 +242,7 @@
 							<builder buildPath="${workspace_loc:/test}/Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.117543810" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1744140894" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.1464228342" name="デバッグ情報を出力する (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="出力するデータ値のエンディアン (-littleEndianData)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="出力するデータ値のエンディアン (-cpuLittleEndian/-cpuBigEndian)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.1294844059" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.644795578" name="命令セット・アーキテクチャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
@@ -263,7 +263,6 @@
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.2144484247" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.545347560" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" valueType="includePath">
 									<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
-									<listOptionValue builtIn="false" value="${ProjDirPath}/generate"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
@@ -279,6 +278,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.935611572" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
@@ -319,6 +319,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.1482916460" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
 							</tool>
@@ -329,7 +330,7 @@
 									<listOptionValue builtIn="false" value="D_2=R_2"/>
 									<listOptionValue builtIn="false" value="D_8=R_8"/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000" valueType="string"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1651005552" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
@@ -338,13 +339,12 @@
 								</option>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.1524833684" name="可変ベクタテーブルのアドレス未設定ベクタ番号に指定するアドレス (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.1914971075" name="セクションの割り付けアドレスをチェックする (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="アドレス範囲指定方法 (-cpu(アドレス範囲指定方法))" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="アドレス範囲指定方法 (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1556433699" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;.\test.lib&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.856176867" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}&quot;"/>
 								</option>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1598250045" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c
index eaeb627405..68cd8c8668 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c
@@ -1,6 +1,6 @@
 /* simple_tcp_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -88,11 +88,11 @@ void simple_tcp_client( )
 
     #define BUFF_SIZE 256
     static const char sendBuff[]= "Hello Server\n" ;
-    
+
     char    rcvBuff[BUFF_SIZE] = {0};
-    
+
     static T_IPV4EP my_addr = { 0, 0 };
-    
+
     T_IPV4EP dst_addr;
 
     if((dst_addr.ipaddr = getIPaddr(SIMPLE_TCPSEVER_IP)) == 0){
@@ -109,7 +109,7 @@ void simple_tcp_client( )
         goto out;
     }
 
-    if (my_IOSend((char*)sendBuff, strlen(sendBuff), (void*)&cepid) != 
+    if (my_IOSend((char*)sendBuff, strlen(sendBuff), (void*)&cepid) !=
                                                             strlen(sendBuff)) {
         printf("ERROR TCP write \n");
         goto out;
@@ -129,4 +129,4 @@ void simple_tcp_client( )
     tcp_cls_cep(cepid, TMO_FEVR);
 
     return;
-}
\ No newline at end of file
+}
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
index 452d0ac747..62c426ca08 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
@@ -1,6 +1,6 @@
 /* simpel_tls_tsip_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,7 +31,7 @@
     #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
 #endif
 
-#define SIMPLE_TLSSEVER_IP       "192.168.11.9"
+#define SIMPLE_TLSSEVER_IP       "192.168.11.5"
 #define SIMPLE_TLSSERVER_PORT    "11111"
 
 ER    t4_tcp_callback(ID cepid, FN fncd , VP p_parblk);
@@ -198,7 +198,7 @@ void wolfSSL_TLS_client( )
 {
     ID  cepid = 1;
     ER  ercd;
-    int ret;
+    int ret = 0;
     WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)client_ctx;
     WOLFSSL *ssl = NULL;
 
@@ -231,44 +231,95 @@ void wolfSSL_TLS_client( )
     }
 
 #ifdef SIMPLE_TLS_TSIP_CLIENT
-    tsip_set_callback_ctx(ssl, &userContext);
+    ret = tsip_set_callback_ctx(ssl, &userContext);
 #endif
 
     /* set client private key data */
-#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT)
-    #if defined(USE_ECC_CERT)
-        if (tsip_use_PrivateKey_buffer_TLS(ssl,
-               (const char*)g_key_block_data.encrypted_user_ecc256_private_key,
+#ifdef USE_ECC_CERT
+
+    #ifdef WOLFSSL_RENESAS_TSIP_TLS
+
+    /* TSIP specific ECC private key */
+    if (ret == 0){
+        ret = tsip_use_PrivateKey_buffer_TLS(ssl,
+                (const char*)g_key_block_data.encrypted_user_ecc256_private_key,
                 sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
-               TSIP_ECCP256) != 0) {
-            printf("ERROR: can't load client-private key\n");
-            return;
+                TSIP_ECCP256);
+        if (ret != 0) {
+            printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
+        }
+    }
+    # if defined(WOLFSSL_CHECK_SIG_FAULTS)
+    if (ret == 0){
+        ret = tsip_use_PublicKey_buffer_TLS(ssl,
+                (const char*)g_key_block_data.encrypted_user_ecc256_public_key,
+                sizeof(g_key_block_data.encrypted_user_ecc256_public_key),
+                TSIP_ECCP256);
+        if (ret != 0) {
+            printf("ERROR tsip_use_PublicKey_buffer_TLS\n");
         }
+    }
+    #endif /* WOLFSSL_CHECK_SIG_FAULTS */
+
     #else
-        if (tsip_use_PrivateKey_buffer_TLS(ssl,
+
+    /* DER format ECC private key */
+    if (ret == 0) {
+        ret = wolfSSL_use_PrivateKey_buffer(ssl,
+                                    ecc_clikey_der_256,
+                                    sizeof_ecc_clikey_der_256,
+                                    WOLFSSL_FILETYPE_ASN1);
+        if (ret != SSL_SUCCESS) {
+            printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
+                                                wolfSSL_get_error(ssl, 0));
+            ret = -1;
+        }
+    }
+
+    #endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
+#else
+
+    #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+
+    /* Note: TSIP asks RSA client key pair for client authentication.  */
+
+    /* TSIP specific RSA private key */
+    if (ret == 0) {
+        ret = tsip_use_PrivateKey_buffer_TLS(ssl,
                (const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
                sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
-               TSIP_RSA2048) != 0) {
-            printf("ERROR: can't load client-private key\n");
-            return;
+                                                        TSIP_RSA2048);
+        if (ret != 0) {
+            printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret);
         }
+    }
+    if (ret == 0) {
         ret = tsip_use_PublicKey_buffer_TLS(ssl,
                 (const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
-                 sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),                                                            TSIP_RSA2048);
+                sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
+                                                        TSIP_RSA2048);
         if (ret != 0) {
-           printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret);
-           return;
+            printf("ERROR tsip_use_PublicKey_buffer_TLS: %d\n", ret);
         }
-    #endif
-#else
-    if (wolfSSL_use_PrivateKey_buffer(ssl,
-                                ecc_clikey_der_256,
-                                sizeof_ecc_clikey_der_256,
-                                SSL_FILETYPE_ASN1)      != WOLFSSL_SUCCESS) {
-        printf("ERROR: can't load private-key data.\n");
-        return;
     }
-#endif /* WOLFSSL_TLS13 */
+
+    #else
+
+    if (ret == 0) {
+        err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
+                            sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
+
+        if (err != SSL_SUCCESS) {
+            printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
+                                                wolfSSL_get_error(ssl, 0));
+            ret = -1;
+        }
+    }
+
+    #endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
+#endif /* USE_ECC_CERT */
 
     /* set callback context */
     wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c
index dfa4858916..1a096d37f6 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c
@@ -1,6 +1,6 @@
 /* simple_tcp_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c
index d5138b0ea6..1066e536f7 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c
@@ -1,6 +1,6 @@
 /* simple_tls_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -123,18 +123,18 @@ void wolfSSL_TLS_server_init()
     #if !defined(NO_FILESYSTEM)
         ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
     #else
-        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, 
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
                                                         SSL_FILETYPE_ASN1);
     #endif
         if (ret != SSL_SUCCESS) {
             printf("Error %d loading server-key!\n", ret);
             return;
         }
-   
+
    /* Register callbacks */
    wolfSSL_SetIORecv(server_ctx, my_IORecv);
    wolfSSL_SetIOSend(server_ctx, my_IOSend);
-   
+
 }
 
 void wolfSSL_TLS_server( )
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
index 42d62359ff..276ab79a7f 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -259,7 +259,7 @@ void main(void)
 #if defined(SIMPLE_TLS_TSIP_CLIENT)
     SetTsiptlsKey();
 #endif
-    
+
     do {
         /* simply use TCP */
         #if defined(SIMPLE_TCP_CLIENT)
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h
index c62cd4a38d..ff328622e5 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_simple_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,9 +36,9 @@
 /* cannot enable with other definition */
 /* simplest tcp client*/
 /*#define SIMPLE_TCP_CLIENT */
-/* software TLS　client */
+/* software TLS client */
 /* #define SIMPLE_TLS_CLIENT */
-/* use TSIP　Acceleration */
+/* use TSIP Acceleration */
 /*#define SIMPLE_TLS_TSIP_CLIENT*/
 
 /* simplest tcp server */
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
index bf7fe09204..d5c797c884 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
@@ -362,14 +362,14 @@
     </tool>
     <tool id="Interrupt">
         <Item currentVect="16" id="BSC_BUSERR" priority="15" usedState="未使用"/>
-        <Item currentVect="17" groupchild="&lt;br&gt;1-DPFPUEX" id="IE0" priority="15" usedState="未使用"/>
+        <Item currentVect="17" groupchild="&lt;br&gt;0-DPFPUEX" id="IE0" priority="15" usedState="未使用"/>
         <Item currentVect="18" id="RAM_RAMERR" priority="15" usedState="未使用"/>
         <Item currentVect="21" id="FCU_FIFERR" priority="15" usedState="未使用"/>
         <Item currentVect="23" id="FCU_FRDYI" priority="15" usedState="未使用"/>
         <Item currentVect="26" id="ICU_SWINT2" priority="1" usedState="未使用"/>
         <Item currentVect="27" id="ICU_SWINT" priority="1" usedState="未使用"/>
-        <Item currentVect="28" id="CMT0_CMI0" priority="15" usedState="未使用"/>
-        <Item currentVect="29" id="CMT1_CMI1" priority="15" usedState="未使用"/>
+        <Item currentVect="28" id="CMT0_CMI0" priority="5" usedState="使用中"/>
+        <Item currentVect="29" id="CMT1_CMI1" priority="5" usedState="使用中"/>
         <Item currentVect="30" id="CMTW0_CMWI0" priority="15" usedState="未使用"/>
         <Item currentVect="31" id="CMTW1_CMWI1" priority="15" usedState="未使用"/>
         <Item currentVect="34" id="USB0_D0FIFO0" priority="15" usedState="未使用"/>
@@ -437,14 +437,14 @@
         <Item currentVect="103" id="SCI9_TXI9" priority="15" usedState="未使用"/>
         <Item currentVect="104" id="SCI10_RXI10" priority="15" usedState="未使用"/>
         <Item currentVect="105" id="SCI10_TXI10" priority="15" usedState="未使用"/>
-        <Item currentVect="106" groupchild="&lt;br&gt;1-ERS0&lt;br&gt;2-ERS1&lt;br&gt;3-ERS2" id="BE0" priority="15" usedState="未使用"/>
-        <Item currentVect="107" groupchild="&lt;br&gt;1-POEGGAI&lt;br&gt;2-POEGGBI&lt;br&gt;3-POEGGCI&lt;br&gt;4-POEGGDI" id="BL2" priority="15" usedState="未使用"/>
+        <Item currentVect="106" groupchild="&lt;br&gt;0-ERS0&lt;br&gt;1-ERS1&lt;br&gt;2-ERS2" id="BE0" priority="15" usedState="未使用"/>
+        <Item currentVect="107" groupchild="&lt;br&gt;7-POEGGAI&lt;br&gt;8-POEGGBI&lt;br&gt;9-POEGGCI&lt;br&gt;10-POEGGDI" id="BL2" priority="15" usedState="未使用"/>
         <Item currentVect="108" id="RSPI2_SPRI2" priority="15" usedState="未使用"/>
         <Item currentVect="109" id="RSPI2_SPTI2" priority="15" usedState="未使用"/>
-        <Item currentVect="110" groupchild="&lt;br&gt;1-TEI0&lt;br&gt;2-ERI0&lt;br&gt;3-TEI1&lt;br&gt;4-ERI1&lt;br&gt;5-TEI2&lt;br&gt;6-ERI2&lt;br&gt;7-TEI3&lt;br&gt;8-ERI3&lt;br&gt;9-TEI4&lt;br&gt;10-ERI4&lt;br&gt;11-TEI5&lt;br&gt;12-ERI5&lt;br&gt;13-TEI6&lt;br&gt;14-ERI6&lt;br&gt;15-TEI12&lt;br&gt;16-ERI12&lt;br&gt;17-SCIX0&lt;br&gt;18-SCIX1&lt;br&gt;19-SCIX2&lt;br&gt;20-SCIX3&lt;br&gt;21-QSPSSLI&lt;br&gt;22-FERRI&lt;br&gt;23-MENDI&lt;br&gt;24-OVFI&lt;br&gt;25-DOPCI&lt;br&gt;26-PCFEI&lt;br&gt;27-PCERI" id="BL0" priority="15" usedState="未使用"/>
-        <Item currentVect="111" groupchild="&lt;br&gt;1-CDETI&lt;br&gt;2-CACI&lt;br&gt;3-SDACI&lt;br&gt;4-CDETIO&lt;br&gt;5-ERRIO&lt;br&gt;6-ACCIO&lt;br&gt;7-OEI1&lt;br&gt;8-OEI2&lt;br&gt;9-OEI3&lt;br&gt;10-OEI4&lt;br&gt;11-TEI0&lt;br&gt;12-EEI0&lt;br&gt;13-TEI2&lt;br&gt;14-EEI2&lt;br&gt;15-SSIF0&lt;br&gt;16-SSIF1&lt;br&gt;17-S12CMPAI&lt;br&gt;18-S12CMPBI&lt;br&gt;19-S12CMPAI1&lt;br&gt;20-S12CMPBI1&lt;br&gt;21-TEI1&lt;br&gt;22-EEI1" id="BL1" priority="15" usedState="未使用"/>
-        <Item currentVect="112" groupchild="&lt;br&gt;1-TEI8&lt;br&gt;2-ERI8&lt;br&gt;3-TEI9&lt;br&gt;4-ERI9&lt;br&gt;5-TEI10&lt;br&gt;6-ERI10&lt;br&gt;7-TEI11&lt;br&gt;8-ERI11&lt;br&gt;9-SPII0&lt;br&gt;10-SPEI0&lt;br&gt;11-SPII1&lt;br&gt;12-SPEI1&lt;br&gt;13-SPII2&lt;br&gt;14-SPEI2&lt;br&gt;15-TEI7&lt;br&gt;16-ERI7" id="AL0" priority="15" usedState="未使用"/>
-        <Item currentVect="113" groupchild="&lt;br&gt;1-MINT&lt;br&gt;2-PINT&lt;br&gt;3-EINT0&lt;br&gt;4-EINT1&lt;br&gt;5-VPOS&lt;br&gt;6-GR1UF&lt;br&gt;7-GR2UF&lt;br&gt;8-DRW_IRQ" id="AL1" priority="2" usedState="使用中"/>
+        <Item currentVect="110" groupchild="&lt;br&gt;0-TEI0&lt;br&gt;1-ERI0&lt;br&gt;2-TEI1&lt;br&gt;3-ERI1&lt;br&gt;4-TEI2&lt;br&gt;5-ERI2&lt;br&gt;6-TEI3&lt;br&gt;7-ERI3&lt;br&gt;8-TEI4&lt;br&gt;9-ERI4&lt;br&gt;10-TEI5&lt;br&gt;11-ERI5&lt;br&gt;12-TEI6&lt;br&gt;13-ERI6&lt;br&gt;16-TEI12&lt;br&gt;17-ERI12&lt;br&gt;18-SCIX0&lt;br&gt;19-SCIX1&lt;br&gt;20-SCIX2&lt;br&gt;21-SCIX3&lt;br&gt;24-QSPSSLI&lt;br&gt;26-FERRI&lt;br&gt;27-MENDI&lt;br&gt;28-OVFI&lt;br&gt;29-DOPCI&lt;br&gt;30-PCFEI&lt;br&gt;31-PCERI" id="BL0" priority="15" usedState="未使用"/>
+        <Item currentVect="111" groupchild="&lt;br&gt;3-CDETI&lt;br&gt;4-CACI&lt;br&gt;5-SDACI&lt;br&gt;6-CDETIO&lt;br&gt;7-ERRIO&lt;br&gt;8-ACCIO&lt;br&gt;9-OEI1&lt;br&gt;10-OEI2&lt;br&gt;11-OEI3&lt;br&gt;12-OEI4&lt;br&gt;13-TEI0&lt;br&gt;14-EEI0&lt;br&gt;15-TEI2&lt;br&gt;16-EEI2&lt;br&gt;17-SSIF0&lt;br&gt;18-SSIF1&lt;br&gt;20-S12CMPAI&lt;br&gt;21-S12CMPBI&lt;br&gt;22-S12CMPAI1&lt;br&gt;23-S12CMPBI1&lt;br&gt;28-TEI1&lt;br&gt;29-EEI1" id="BL1" priority="15" usedState="未使用"/>
+        <Item currentVect="112" groupchild="&lt;br&gt;0-TEI8&lt;br&gt;1-ERI8&lt;br&gt;4-TEI9&lt;br&gt;5-ERI9&lt;br&gt;8-TEI10&lt;br&gt;9-ERI10&lt;br&gt;12-TEI11&lt;br&gt;13-ERI11&lt;br&gt;16-SPII0&lt;br&gt;17-SPEI0&lt;br&gt;18-SPII1&lt;br&gt;19-SPEI1&lt;br&gt;20-SPII2&lt;br&gt;21-SPEI2&lt;br&gt;22-TEI7&lt;br&gt;23-ERI7" id="AL0" priority="15" usedState="未使用"/>
+        <Item currentVect="113" groupchild="&lt;br&gt;0-MINT&lt;br&gt;1-PINT&lt;br&gt;4-EINT0&lt;br&gt;5-EINT1&lt;br&gt;8-VPOS&lt;br&gt;9-GR1UF&lt;br&gt;10-GR2UF&lt;br&gt;11-DRW_IRQ" id="AL1" priority="2" usedState="使用中"/>
         <Item currentVect="114" id="SCI11_RXI11" priority="15" usedState="未使用"/>
         <Item currentVect="115" id="SCI11_TXI11" priority="15" usedState="未使用"/>
         <Item currentVect="116" id="SCI12_RXI12" priority="15" usedState="未使用"/>
@@ -457,8 +457,8 @@
         <Item currentVect="125" id="OST_OSTDI" priority="15" usedState="未使用"/>
         <Item currentVect="126" id="EXDMAC_EXDMAC0I" priority="15" usedState="未使用"/>
         <Item currentVect="127" id="EXDMAC_EXDMAC1I" priority="15" usedState="未使用"/>
-        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="15" usedState="未使用"/>
-        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="15" usedState="未使用"/>
+        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="5" usedState="使用中"/>
+        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="5" usedState="使用中"/>
         <Item currentVect="130" defaultVect="130" id="TPU0_TGI0A" priority="15" usedState="未使用"/>
         <Item currentVect="131" defaultVect="131" id="TPU0_TGI0B" priority="15" usedState="未使用"/>
         <Item currentVect="132" defaultVect="132" id="TPU0_TGI0C" priority="15" usedState="未使用"/>
@@ -608,110 +608,110 @@
         <pinItem allocation="71" comments="" direction="None" id="ET0_ERXD0" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
         <pinItem allocation="66" comments="" direction="None" id="ET0_TX_CLK" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
         <pinItem allocation="86" comments="" direction="None" id="ET0_MDIO" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
-        <pinnumItem comment="LCD-B4" id="88"/>
-        <pinnumItem comment="LCD-B5" id="89"/>
-        <pinnumItem comment="LCD-R7" id="110"/>
-        <pinnumItem comment="LCD-B6" id="90"/>
-        <pinnumItem comment="LCD-B7" id="92"/>
-        <pinnumItem comment="QSPI-SO/SIO1" id="119"/>
-        <pinnumItem comment="LCD-G2" id="94"/>
-        <pinnumItem comment="LCD-G3" id="95"/>
-        <pinnumItem comment="LCD-G4" id="96"/>
-        <pinnumItem comment="LCD-G5" id="97"/>
-        <pinnumItem comment="EMLE" id="10"/>
-        <pinnumItem comment="LCD-BACKLIGHT" id="98"/>
-        <pinnumItem comment="MIC-DATA" id="11"/>
-        <pinnumItem comment="LCD-TOUCH-RST" id="99"/>
-        <pinnumItem comment="MD/FINED" id="16"/>
-        <pinnumItem comment="RESET" id="19"/>
-        <pinnumItem comment="QSPI-SI/SIO0" id="120"/>
-        <pinnumItem comment="QSPI-SCLK" id="121"/>
-        <pinnumItem comment="QSPI-CS#" id="122"/>
-        <pinnumItem comment="D2-LRCK" id="2"/>
-        <pinnumItem comment="QSPI-HOLD#/SIO3" id="123"/>
-        <pinnumItem comment="QSPI-WP#/SIO2" id="124"/>
-        <pinnumItem comment="D2-SDIN" id="4"/>
-        <pinnumItem comment="PMOD2-RST" id="125"/>
-        <pinnumItem comment="PMOD2-IRQ" id="126"/>
-        <pinnumItem comment="D2-SCLK" id="6"/>
-        <pinnumItem comment="PMOD2-SS" id="127"/>
-        <pinnumItem comment="MIC-BCLK" id="7"/>
-        <pinnumItem comment="PMOD2-MISO" id="128"/>
-        <pinnumItem comment="AUDIO_CLK" id="8"/>
-        <pinnumItem comment="PMOD2-SCK" id="129"/>
-        <pinnumItem comment="MIC-WS" id="9"/>
-        <pinnumItem comment="XTAL" id="20"/>
-        <pinnumItem comment="EXTAL" id="22"/>
-        <pinnumItem comment="LCD-TOUCH-INT" id="25"/>
-        <pinnumItem comment="LCD-TOUCH-SCL" id="26"/>
-        <pinnumItem comment="LCD-TOUCH-SDA" id="27"/>
-        <pinnumItem comment="WiFi-RTS" id="28"/>
-        <pinnumItem comment="WiFi-TXD" id="29"/>
-        <pinnumItem comment="PMOD2-MOSI" id="131"/>
-        <pinnumItem comment="PMOD2-IO1" id="133"/>
-        <pinnumItem comment="PMOD2-IO0" id="134"/>
-        <pinnumItem comment="WiFi-EN" id="137"/>
-        <pinnumItem comment="SD-ENABLE" id="138"/>
-        <pinnumItem comment="SD-FLT" id="139"/>
-        <pinnumItem comment="WiFi-CTS" id="30"/>
-        <pinnumItem comment="WiFi-RXD" id="31"/>
-        <pinnumItem comment="SDHI-SW_B" id="32"/>
-        <pinnumItem comment="SDHI-DATA1" id="34"/>
-        <pinnumItem comment="SDHI-DATA0" id="35"/>
-        <pinnumItem comment="SDHI-CLK" id="36"/>
-        <pinnumItem comment="SDHI-CMD" id="37"/>
-        <pinnumItem comment="SDHI-CD/DATA3" id="38"/>
-        <pinnumItem comment="SDHI-DATA2" id="39"/>
-        <pinnumItem comment="LED2" id="141"/>
-        <pinnumItem comment="SW2" id="144"/>
-        <pinnumItem comment="USB0VBUSEN" id="40"/>
-        <pinnumItem comment="PMOD1-RST" id="41"/>
-        <pinnumItem comment="PMOD1-IO1" id="42"/>
-        <pinnumItem comment="USB0OVRCURA" id="43"/>
-        <pinnumItem comment="USB-TXD" id="44"/>
-        <pinnumItem comment="USB-RXD" id="45"/>
-        <pinnumItem comment="USB0DM" id="47"/>
-        <pinnumItem comment="USB0DP" id="48"/>
-        <pinnumItem comment="ET0REFCLK" id="50"/>
-        <pinnumItem comment="PMOD1-IRQ" id="51"/>
-        <pinnumItem comment="PMOD1-SS" id="52"/>
-        <pinnumItem comment="PMOD1-IO0" id="53"/>
-        <pinnumItem comment="PMOD1-MISO" id="54"/>
-        <pinnumItem comment="PMOD1-SCK" id="55"/>
-        <pinnumItem comment="PMOD1-MOSI" id="56"/>
-        <pinnumItem comment="ET0CRS" id="58"/>
-        <pinnumItem comment="ET0COL" id="60"/>
-        <pinnumItem comment="ET0ETXD3" id="61"/>
-        <pinnumItem comment="ET0ETXD2" id="62"/>
-        <pinnumItem comment="ET0ETXD1" id="63"/>
-        <pinnumItem comment="ET0ETXD0" id="64"/>
-        <pinnumItem comment="ET0TXEN" id="65"/>
-        <pinnumItem comment="ET0TXCLK" id="66"/>
-        <pinnumItem comment="ET0INTRP" id="67"/>
-        <pinnumItem comment="ET0RXER" id="68"/>
-        <pinnumItem comment="ET0RXCLK" id="69"/>
-        <pinnumItem comment="ET0RXDV" id="70"/>
-        <pinnumItem comment="ET0ERXD0" id="71"/>
-        <pinnumItem comment="ET0ERXD1" id="72"/>
-        <pinnumItem comment="ET0ERXD2" id="73"/>
-        <pinnumItem comment="ET0ERXD3" id="75"/>
-        <pinnumItem comment="ET0RST(SW1-1ch)" id="77"/>
-        <pinnumItem comment="Light-SDA" id="78"/>
-        <pinnumItem comment="Light-SCL" id="79"/>
-        <pinnumItem comment="LCD-G6" id="101"/>
-        <pinnumItem comment="LCD-G7" id="102"/>
-        <pinnumItem comment="LCD-R3" id="106"/>
-        <pinnumItem comment="LCD-CLK" id="80"/>
-        <pinnumItem comment="LCD-R4" id="107"/>
-        <pinnumItem comment="LCD-VSYNC" id="81"/>
-        <pinnumItem comment="LCD-R5" id="108"/>
-        <pinnumItem comment="LCD-DISP-EN" id="82"/>
-        <pinnumItem comment="LCD-R6" id="109"/>
-        <pinnumItem comment="LCD-HSYNC" id="83"/>
-        <pinnumItem comment="LCD-DATA-EN" id="84"/>
-        <pinnumItem comment="ET0MDC" id="85"/>
-        <pinnumItem comment="ET0MDIO" id="86"/>
-        <pinnumItem comment="LCD-B3" id="87"/>
+        <pinnumItem comment="LCD-B4" id="88" symbolicname=""/>
+        <pinnumItem comment="LCD-B5" id="89" symbolicname=""/>
+        <pinnumItem comment="LCD-R7" id="110" symbolicname=""/>
+        <pinnumItem comment="LCD-B6" id="90" symbolicname=""/>
+        <pinnumItem comment="LCD-B7" id="92" symbolicname=""/>
+        <pinnumItem comment="QSPI-SO/SIO1" id="119" symbolicname=""/>
+        <pinnumItem comment="LCD-G2" id="94" symbolicname=""/>
+        <pinnumItem comment="LCD-G3" id="95" symbolicname=""/>
+        <pinnumItem comment="LCD-G4" id="96" symbolicname=""/>
+        <pinnumItem comment="LCD-G5" id="97" symbolicname=""/>
+        <pinnumItem comment="EMLE" id="10" symbolicname=""/>
+        <pinnumItem comment="LCD-BACKLIGHT" id="98" symbolicname=""/>
+        <pinnumItem comment="MIC-DATA" id="11" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-RST" id="99" symbolicname=""/>
+        <pinnumItem comment="MD/FINED" id="16" symbolicname=""/>
+        <pinnumItem comment="RESET" id="19" symbolicname=""/>
+        <pinnumItem comment="QSPI-SI/SIO0" id="120" symbolicname=""/>
+        <pinnumItem comment="QSPI-SCLK" id="121" symbolicname=""/>
+        <pinnumItem comment="QSPI-CS#" id="122" symbolicname=""/>
+        <pinnumItem comment="D2-LRCK" id="2" symbolicname=""/>
+        <pinnumItem comment="QSPI-HOLD#/SIO3" id="123" symbolicname=""/>
+        <pinnumItem comment="QSPI-WP#/SIO2" id="124" symbolicname=""/>
+        <pinnumItem comment="D2-SDIN" id="4" symbolicname=""/>
+        <pinnumItem comment="PMOD2-RST" id="125" symbolicname=""/>
+        <pinnumItem comment="PMOD2-IRQ" id="126" symbolicname=""/>
+        <pinnumItem comment="D2-SCLK" id="6" symbolicname=""/>
+        <pinnumItem comment="PMOD2-SS" id="127" symbolicname=""/>
+        <pinnumItem comment="MIC-BCLK" id="7" symbolicname=""/>
+        <pinnumItem comment="PMOD2-MISO" id="128" symbolicname=""/>
+        <pinnumItem comment="AUDIO_CLK" id="8" symbolicname=""/>
+        <pinnumItem comment="PMOD2-SCK" id="129" symbolicname=""/>
+        <pinnumItem comment="MIC-WS" id="9" symbolicname=""/>
+        <pinnumItem comment="XTAL" id="20" symbolicname=""/>
+        <pinnumItem comment="EXTAL" id="22" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-INT" id="25" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-SCL" id="26" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-SDA" id="27" symbolicname=""/>
+        <pinnumItem comment="WiFi-RTS" id="28" symbolicname=""/>
+        <pinnumItem comment="WiFi-TXD" id="29" symbolicname=""/>
+        <pinnumItem comment="PMOD2-MOSI" id="131" symbolicname=""/>
+        <pinnumItem comment="PMOD2-IO1" id="133" symbolicname=""/>
+        <pinnumItem comment="PMOD2-IO0" id="134" symbolicname=""/>
+        <pinnumItem comment="WiFi-EN" id="137" symbolicname=""/>
+        <pinnumItem comment="SD-ENABLE" id="138" symbolicname=""/>
+        <pinnumItem comment="SD-FLT" id="139" symbolicname=""/>
+        <pinnumItem comment="WiFi-CTS" id="30" symbolicname=""/>
+        <pinnumItem comment="WiFi-RXD" id="31" symbolicname=""/>
+        <pinnumItem comment="SDHI-SW_B" id="32" symbolicname=""/>
+        <pinnumItem comment="SDHI-DATA1" id="34" symbolicname=""/>
+        <pinnumItem comment="SDHI-DATA0" id="35" symbolicname=""/>
+        <pinnumItem comment="SDHI-CLK" id="36" symbolicname=""/>
+        <pinnumItem comment="SDHI-CMD" id="37" symbolicname=""/>
+        <pinnumItem comment="SDHI-CD/DATA3" id="38" symbolicname=""/>
+        <pinnumItem comment="SDHI-DATA2" id="39" symbolicname=""/>
+        <pinnumItem comment="LED2" id="141" symbolicname=""/>
+        <pinnumItem comment="SW2" id="144" symbolicname=""/>
+        <pinnumItem comment="USB0VBUSEN" id="40" symbolicname=""/>
+        <pinnumItem comment="PMOD1-RST" id="41" symbolicname=""/>
+        <pinnumItem comment="PMOD1-IO1" id="42" symbolicname=""/>
+        <pinnumItem comment="USB0OVRCURA" id="43" symbolicname=""/>
+        <pinnumItem comment="USB-TXD" id="44" symbolicname=""/>
+        <pinnumItem comment="USB-RXD" id="45" symbolicname=""/>
+        <pinnumItem comment="USB0DM" id="47" symbolicname=""/>
+        <pinnumItem comment="USB0DP" id="48" symbolicname=""/>
+        <pinnumItem comment="ET0REFCLK" id="50" symbolicname=""/>
+        <pinnumItem comment="PMOD1-IRQ" id="51" symbolicname=""/>
+        <pinnumItem comment="PMOD1-SS" id="52" symbolicname=""/>
+        <pinnumItem comment="PMOD1-IO0" id="53" symbolicname=""/>
+        <pinnumItem comment="PMOD1-MISO" id="54" symbolicname=""/>
+        <pinnumItem comment="PMOD1-SCK" id="55" symbolicname=""/>
+        <pinnumItem comment="PMOD1-MOSI" id="56" symbolicname=""/>
+        <pinnumItem comment="ET0CRS" id="58" symbolicname=""/>
+        <pinnumItem comment="ET0COL" id="60" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD3" id="61" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD2" id="62" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD1" id="63" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD0" id="64" symbolicname=""/>
+        <pinnumItem comment="ET0TXEN" id="65" symbolicname=""/>
+        <pinnumItem comment="ET0TXCLK" id="66" symbolicname=""/>
+        <pinnumItem comment="ET0INTRP" id="67" symbolicname=""/>
+        <pinnumItem comment="ET0RXER" id="68" symbolicname=""/>
+        <pinnumItem comment="ET0RXCLK" id="69" symbolicname=""/>
+        <pinnumItem comment="ET0RXDV" id="70" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD0" id="71" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD1" id="72" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD2" id="73" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD3" id="75" symbolicname=""/>
+        <pinnumItem comment="ET0RST(SW1-1ch)" id="77" symbolicname=""/>
+        <pinnumItem comment="Light-SDA" id="78" symbolicname=""/>
+        <pinnumItem comment="Light-SCL" id="79" symbolicname=""/>
+        <pinnumItem comment="LCD-G6" id="101" symbolicname=""/>
+        <pinnumItem comment="LCD-G7" id="102" symbolicname=""/>
+        <pinnumItem comment="LCD-R3" id="106" symbolicname=""/>
+        <pinnumItem comment="LCD-CLK" id="80" symbolicname=""/>
+        <pinnumItem comment="LCD-R4" id="107" symbolicname=""/>
+        <pinnumItem comment="LCD-VSYNC" id="81" symbolicname=""/>
+        <pinnumItem comment="LCD-R5" id="108" symbolicname=""/>
+        <pinnumItem comment="LCD-DISP-EN" id="82" symbolicname=""/>
+        <pinnumItem comment="LCD-R6" id="109" symbolicname=""/>
+        <pinnumItem comment="LCD-HSYNC" id="83" symbolicname=""/>
+        <pinnumItem comment="LCD-DATA-EN" id="84" symbolicname=""/>
+        <pinnumItem comment="ET0MDC" id="85" symbolicname=""/>
+        <pinnumItem comment="ET0MDIO" id="86" symbolicname=""/>
+        <pinnumItem comment="LCD-B3" id="87" symbolicname=""/>
     </tool>
     <tool id="Summary" version="1.0.0.0">
         <option id="com.renesas.smc.code.path" value="src\smc_gen"/>
@@ -843,7 +843,7 @@
                     <item id="Level15" input="" vlaue="0"/>
                 </option>
             </allocatable>
-            <component description="本MCU は、8 ビットのカウンタをベースにした2 チャネルの8 ビットタイマ（TMR）を2 ユニット（ユニット0、ユニット1）、合計4 チャネル内蔵しています。" detailDescription="" display="8 ビットタイマ" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.10.0"/>
+            <component description="このソフトウェアコンポーネントは、8 ビットタイマ（TMR）の構成を提供します。&#10;&#10;外部イベントのカウントが可能なほか、2 本のレジスタとのコンペアマッチ信号により、カウンタのクリア、割り込み要求、任意のデューティ比のパルス出力など、多機能タイマとして種々の応用が可能です。" detailDescription="" display="8 ビットタイマ" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.10.0"/>
             <allocator channelLevel0="0" channelLevel1="" channelLevel2="" channelLevel3="" channelLevel4="" channelLevel5="" description="8 ビットタイマ0" display="TMR0" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr.rx72n.tmr0" type="">
                 <context>
                     <option enabled="true" id="CountMode" selection="8bitMode">
@@ -868,9 +868,9 @@
             <component description="依存モジュール: r_t4_driver_rx バージョン 1.09&#10;T4 is TCP/IP protocol stack that has small footprint for Renesas MCUs." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] for Renesas MCUs" display="r_t4_rx" id="r_t4_rx2.10" version="2.10">
                 <gridItem id="T4_CFG_SYSTEM_CHANNEL_NUMBER" selectedIndex="0"/>
                 <gridItem id="T4_CFG_SYSTEM_DHCP" selectedIndex="0"/>
-                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,10,33"/>
+                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,11,33"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH0" selectedIndex="255,255,255,0"/>
-                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,10,1"/>
+                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,11,1"/>
                 <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH1" selectedIndex="192,168,0,10"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH1" selectedIndex="255,255,255,0"/>
                 <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH1" selectedIndex="0,0,0,0"/>
@@ -1132,7 +1132,63 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_tsip_rx">
-            <component description="依存モジュール: r_bsp バージョン 7.30&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update.&#10;The &quot;.l&quot; in version number means library version." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.18.l" version="1.18.l"/>
+            <component description="依存モジュール: r_bsp バージョン 7.30&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.21" version="1.21">
+                <gridItem id="TSIP_AES_128_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_TDES_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_SHA_1" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256" selectedIndex="1"/>
+                <gridItem id="TSIP_MD5" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_1_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_RSAES_1024" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_2048" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_1024" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_2048" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSA_RETRY_COUNT_FOR_RSA_KEY_GENERATION" selectedIndex="5120*2"/>
+                <gridItem id="TSIP_ECDSA_P192" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P224" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDSA_P384" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDH_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_USER_SHA_384_ENABLED" selectedIndex="0"/>
+                <gridItem id="TSIP_USER_SHA_384_FUNCTION" selectedIndex="user_sha384_function"/>
+                <gridItem id="TSIP_TLS" selectedIndex="1"/>
+                <gridItem id="TSIP_SECURE_BOOT" selectedIndex="0"/>
+                <gridItem id="TSIP_FIRMWARE_UPDATE" selectedIndex="1"/>
+                <gridItem id="TSIP_MULTI_THREADING" selectedIndex="0"/>
+                <gridItem id="TSIP_MULTI_THREADING_LOCK_FUNCTION" selectedIndex="user_lock_function"/>
+                <gridItem id="TSIP_MULTI_THREADING_UNLOCK_FUNCTION" selectedIndex="user_unlock_function"/>
+            </component>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject
index 142c267b63..03765b97e8 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject
@@ -14,7 +14,7 @@
 			</storageModule>
 			<storageModule moduleId="com.renesas.cdt.managedbuild.core.toolchainInfo">
 				<option id="toolchain.id" value="Renesas_RXC"/>
-				<option id="toolchain.version" value="v3.04.00"/>
+				<option id="toolchain.version" value="v3.06.00"/>
 				<option id="toolchain.enable" value="true"/>
 			</storageModule>
 			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am b/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
index bbcf978e2c..cd39f4b25a 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
@@ -16,6 +16,10 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem
 
 # Simple Example Contents
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/sectioninfo.esi
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
new file mode 100644
index 0000000000..6a4ea144ee
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
@@ -0,0 +1,39 @@
+# Create/Update Signed CA
+This document describes how to create/update Signed CA data that is used at an example program.
+
+## Signed CA Creatation
+### Generate RSA Key pair
+```
+2048 bit RSA key pair
+$ openssl genrsa 2048 2> /dev/null > rsa_private.pem
+$ openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem 2> /dev/null
+```
+
+### Sign to CA certificate
+```
+Signed by 2048-bit RSA
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out <signed-CA>.sign <CA-file-for-Signed>
+
+For an example program, it assumes that wolfSSL example CA cert is to be signed.
+e.g.
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out Signed-CA.sign /path/for/wolfssl/certs/ca-cert.der
+```
+
+### Convert Signed CA to C source
+It is able to use `dertoc.pl` to generate c-source data from signed-ca binary data.
+
+```
+$ /path/to/wolfssl/scripts/dertoc.pl ./ca-cert.der.sign ca_cert_der_sig example.c
+```
+
+
+## Appendix
+### Example Keys
+There are multiple example keys for testing in the `example_keys` folder.
+```
+<example_keys>
+|
++----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
+     + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
+     + generate_signCA.sh an example script to genearte signed-certificate data for the example program
+```
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
new file mode 100755
index 0000000000..d603f2c6e7
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# example usage
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../certs/ca-cert.der ../../../../../../../../wolfssl/
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../certs/ca-ecc-cert.der ../../../../../../../../wolfssl
+#
+SIGOPT=rsa_padding_mode:pss
+SIGOPT2=rsa_pss_saltlen:-1
+CURRENT=$(cd $(dirname $0);pwd)
+
+function usage() {
+    cat <<- _EOT_
+    Usage:
+      $0 private-key public-key file-name wolfssl-dir
+
+    Options:
+      private-key : private key for sign/verify
+      public-key  : public key for verify
+      file-name   : file name to be signed
+      wolfssl-dir : wolfssl folder path
+
+_EOT_
+exit 1
+}
+
+if [ $# -ne 4 ]; then
+    usage
+fi
+
+# $1 private key for sign/verify
+# $2 public key for verify
+# $3 file for sign/verify
+signed_file=$(basename $3)
+wolf_dir=$4
+
+openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/${signed_file}.sign $3
+
+echo Verify by private key
+openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+echo Verifiy by public key
+openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+
+# Convert Signed CA to c source
+${wolf_dir}/scripts/dertoc.pl ${CURRENT}/${signed_file}.sign  XXXXXXX ${signed_file}.c
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem
new file mode 100644
index 0000000000..18c7bb9acc
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAlC67WM6HB9unhAcRoIXJHbLFViHzQIpIirnePFIXq5DvOcQN
+ApYQ8iO+94CvDDed05HEhML/ENbyTHjfMhKcJrstGtIPLk+QSeTNi14SGyhhSfxd
+An/NrkATygOh8Qdjacxyq5wmTwZOVlq4waGbcQOlwvTVGijGQ786IRIezj56Vhce
+TWnA3GgMUCM7zTkMKd8zmPZSX0bHxkcQqCk98wXMpVAKaScZMPvHBrxHji0zG2QH
+vDpf5yUsomSXnqD/9D2oIKy2oG0sx9JXbz9AqPqBCPszUqY07b4QdOinHu8bkDmC
+Sj0nAI8PdC010q3GAYLw6X1sxRCMldqVPRAUvQIDAQABAoIBAGYt30P6jcQOY/G3
+iiEdf7P53Pdqy7jaYfE+/46qsOW+OCemF66L2j2OBpXWZ15OT4dfQZqmd4meHlA7
+HPUDPie68/xFkvBFLuK1YkLS6DtP2d5RpbUeea7JQpwPazCv/o4qy3uoXgYp/ASx
+5CqpDG2erUPE3dl++lAm4aeCPjnKcKUgklzZDjhAqEe/32oyR/Ns0m9TkTC7t73z
+a0iE2ncJSyPAdZmF5ZmyVilBRwU5HKFvlrL1NdoMU3DbD/BpZlKdEH7LxU7Rl3ad
+m4TlVpsnnDY/GfX5ScqpMK5KnYM31Hmt8kulomotor2R7AFWkI3Q8rL6XcKJRSDl
+cDbrHuECgYEAxFhMgldDhtYQfvsxpA+NLVL8G6Nfj5+zRTtlGp3+KhXqnJed84y8
+RhyfDd7sa2WZCyZyG7omJBLSXjnjGgvmT5ibgllCT0F1c3sVeBMEI21QCxWxxmLB
+3RBN6rBqxMdNpwn4AhOi397aIr9kch8iVpXcfif77xadeWVIgyW22CkCgYEAwTRd
+hjHfFNyU2qBWFg4i9LxWVZYaLqUa23z1IqDIzdAW+kyt/06Cln2cFdoH+XFjY2Ua
+Hm74HU+4QskoE+joGBkhr24Iwh5SLyOAwxcAbG4zYjWL9rBNe+wJVwmimV/Xv7A5
+bEOWPQyfNMGVQaV4T7NtNS9i7jsrdMtHqwAWOnUCgYAPdwz/rzPoaO//sHVmgLsT
++NdWrfWW8HNEXrtF72/XjMZf8ylDx7AErbhxdT+V7fiyAiM2v+DFMp5TQaf7ozhO
+yKxnBfTNHVDM+cLlJEpNKA0H8nuALsMqUGByvdaLDU+2eniIYVeQ3pK77etRedZQ
+j5lAbpHPcS6SI0Ik4lGWkQKBgQCRTtsQNK39OLFThMd6KwOrYYLlN9FVR6PddCvB
+8X9VG65MbiNnIxsgKDSeUq8wslD3znBId1lwYibJRBU6dC8rAKvPD0jTBo71GRSc
+pc4RvwgyUueDj7GXBD06EusRw322k8l8XZC/NaD/wqCJEPRdrSrzl0ImvqW+X6z1
+NUmCiQKBgQCcz9S2cwr6aCtwtpde+zGEdECNO2Sk7ZAVqUX7uuxig/SqryPUfrmJ
+tGGxoc2AoBZ6IE6+Ocq/B8HeFYfOTos59tn/HoKQp2LqCmunhBsuHlj1PS+e2JGz
+5f4Gg5OxvuvsMA19d3/E9D85drOoR1qKGt//DtvPwfY/nyyEVD19vw==
+-----END RSA PRIVATE KEY-----
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem
new file mode 100644
index 0000000000..62fd2e9f57
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlC67WM6HB9unhAcRoIXJ
+HbLFViHzQIpIirnePFIXq5DvOcQNApYQ8iO+94CvDDed05HEhML/ENbyTHjfMhKc
+JrstGtIPLk+QSeTNi14SGyhhSfxdAn/NrkATygOh8Qdjacxyq5wmTwZOVlq4waGb
+cQOlwvTVGijGQ786IRIezj56VhceTWnA3GgMUCM7zTkMKd8zmPZSX0bHxkcQqCk9
+8wXMpVAKaScZMPvHBrxHji0zG2QHvDpf5yUsomSXnqD/9D2oIKy2oG0sx9JXbz9A
+qPqBCPszUqY07b4QdOinHu8bkDmCSj0nAI8PdC010q3GAYLw6X1sxRCMldqVPRAU
+vQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
index fe3aaaaf01..f272cbcc10 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
@@ -1,276 +1,284 @@
-/* key_data.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-#include "key_data.h"
-
-/*-------------------------------------------------------------------------
-      RX72N supports TSIP v1.09 or later
---------------------------------------------------------------------------*/
-#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 109)
-
-const st_key_block_data_t g_key_block_data =
-{
-    /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
-    {
-        0xDF, 0x78, 0x49, 0x28, 0xA9, 0x4C, 0x36, 0xD6, 0xC9, 0x89, 0x98, 0xDF,
-        0xFF, 0xB1, 0xCB, 0xBC, 0x9F, 0xF4, 0x34, 0xCD, 0x81, 0x53, 0x67, 0xB3,
-        0xFC, 0x85, 0xC6, 0x0B, 0xA2, 0xC8, 0xF4, 0x83
-   },
-    /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
-    {
-        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D,
-        0x34, 0xB2, 0x4D, 0x92
-    },
-    /* uint8_t 
-     * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
-     */
-    {
-        0xC8, 0x12, 0x94, 0x44, 0x43, 0x35, 0x82, 0x09, 0xF2, 0x54, 0x69, 0xB6, 
-        0x9B, 0x8E, 0x6F, 0x92, 0xE3, 0x3A, 0xB2, 0x55, 0x63, 0x8D, 0xDB, 0x47,
-        0x75, 0x8D, 0x9D, 0x56, 0xD7, 0x7F, 0x42, 0x3A, 0x04, 0x4C, 0xAA, 0xF1,
-        0x94, 0x9C, 0x8C, 0x97, 0xAF, 0x5C, 0xBA, 0x0E, 0xBD, 0x8A, 0xE3, 0x67,
-        0x3E, 0xF8, 0x4C, 0x8E, 0xB7, 0x71, 0xB0, 0xCE, 0x09, 0x3C, 0xEC, 0x9C,
-        0xCC, 0x81, 0x9D, 0x37, 0x9E, 0x34, 0x39, 0x6D, 0xF0, 0x7D, 0x1A, 0x4A,
-        0xEB, 0xF5, 0x99, 0x91, 0xE1, 0xB0, 0x99, 0x72, 0xB3, 0xF3, 0x2B, 0xE1,
-        0x6F, 0x5B, 0xD4, 0xA3, 0xB9, 0x9C, 0xEB, 0x95, 0xC3, 0xB2, 0x8F, 0x5C,
-        0x58, 0xD5, 0x0A, 0xAA, 0x02, 0x01, 0xBF, 0xE1, 0xE9, 0x23, 0xFB, 0x03,
-        0xCF, 0x54, 0x6D, 0x29, 0xE7, 0x5E, 0x96, 0x51, 0x68, 0x6B, 0xDD, 0x06,
-        0x67, 0x5E, 0x84, 0x50, 0x21, 0x50, 0x78, 0x89, 0x80, 0xF8, 0x61, 0x9C,
-        0xBE, 0xDA, 0x75, 0x55, 0x1A, 0xE6, 0x3C, 0xA5, 0x1C, 0xE4, 0x5A, 0x5C,
-        0x68, 0x7C, 0x48, 0xC7, 0x6A, 0xC9, 0x80, 0x54, 0x31, 0xE7, 0x65, 0x8A,
-        0x13, 0xF3, 0x6D, 0x0F, 0xB3, 0x62, 0x8D, 0x1B, 0xEA, 0x71, 0x12, 0x86,
-        0x50, 0x98, 0xA3, 0x8E, 0x64, 0x1D, 0x3E, 0xA4, 0x5A, 0x99, 0xB3, 0xBD,
-        0x3E, 0x3D, 0xF5, 0x0F, 0x41, 0x09, 0xFB, 0x04, 0x7B, 0x8D, 0xA1, 0xCF,
-        0xBA, 0x71, 0x85, 0x86, 0x3C, 0x04, 0xDD, 0x74, 0x8D, 0xE3, 0x3C, 0x8E,
-        0x52, 0x3C, 0x05, 0x7A, 0xBE, 0xCC, 0xEA, 0x9D, 0x57, 0x2C, 0x40, 0x05,
-        0xEE, 0x49, 0x1D, 0xD2, 0xA3, 0x5A, 0xFA, 0x25, 0x1D, 0x1F, 0xDD, 0xB5,
-        0x36, 0x7D, 0x25, 0xD3, 0x34, 0x39, 0xC2, 0x59, 0x57, 0xAD, 0x3C, 0x9D,
-        0xC9, 0xBF, 0x09, 0x8D, 0xA0, 0x40, 0x5A, 0x14, 0x7B, 0xCF, 0xFE, 0x05,
-        0x3E, 0xF3, 0xD1, 0x7D, 0xBB, 0x33, 0x96, 0x40, 0x79, 0xC2, 0x7B, 0x15,
-        0x2E, 0xEE, 0xE3, 0x5B, 0x9C, 0x06, 0x72, 0x95, 0xFF, 0xCB, 0xC9, 0xE4,
-        0x96, 0x97, 0x18, 0x0D, 0xE7, 0x78, 0xCD, 0xE9, 0xA7, 0xEA, 0xE9, 0xDF
-    },
-    /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
-    {
-        0
-    },
-    /* uint8_t
-     * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
-     */
-    {
-        0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE,
-        0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA,
-        0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6,
-        0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE,
-        0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F,
-        0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE,
-        0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC,
-        0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3,
-        0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7,
-        0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15,
-        0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF,
-        0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D,
-        0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E,
-        0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3,
-        0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5,
-        0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72,
-        0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D,
-        0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9,
-        0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26,
-        0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3,
-        0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D,
-        0x25, 0x5B, 0x52, 0xF3, 0xBC, 0xCE, 0x10, 0x77, 0x76, 0xE4, 0x5C, 0xCF,
-        0xC3, 0xA4, 0xCC, 0x11, 0xD3, 0x1E, 0x02, 0x98, 0x33, 0xA5, 0xF7, 0xD9,
-        0x43, 0xAB, 0x45, 0x9A, 0x97, 0x0D, 0x08, 0x03, 0xBD, 0xB2, 0xAB, 0x50
-    }, 
-    /* uint8_t 
-     * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
-     */
-    {
-        0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE,
-        0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA,
-        0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6,
-        0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE,
-        0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F,
-        0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE,
-        0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC,
-        0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3,
-        0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7,
-        0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15,
-        0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF,
-        0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D,
-        0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E,
-        0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3,
-        0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5,
-        0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72,
-        0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D,
-        0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9,
-        0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26,
-        0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3,
-        0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D,
-        0x25, 0x5B, 0x52, 0xF3, 0x44, 0xBA, 0x28, 0xF8, 0xF2, 0x01, 0x41, 0x61,
-        0xF3, 0xE5, 0x91, 0x44, 0xF9, 0xA3, 0x56, 0xD8, 0xE9, 0x43, 0x0F, 0x78,
-        0x7E, 0x1C, 0x01, 0xA6, 0xD7, 0x47, 0x87, 0x7C, 0xC5, 0xAF, 0x2A, 0xD3,
-        0x71, 0x3A, 0x3E, 0x96, 0xF5, 0x8E, 0xA8, 0x1A, 0x89, 0x17, 0xCD, 0x52,
-        0x7E, 0x98, 0x70, 0xB3, 0x57, 0x22, 0x59, 0x1C, 0xB7, 0x61, 0xD3, 0x32,
-        0xE5, 0x2E, 0x6B, 0x6F, 0x2B, 0xD2, 0xAB, 0x27, 0x62, 0x65, 0xBE, 0x0B,
-        0x8B, 0xFC, 0x9D, 0xB7, 0x3B, 0x4F, 0xA7, 0x35, 0xA6, 0xB3, 0x10, 0x98,
-        0x6D, 0x47, 0x12, 0x16, 0x89, 0x33, 0x9A, 0x87, 0x85, 0x50, 0x21, 0x2B,
-        0x03, 0xD0, 0x0C, 0x25, 0x52, 0xC1, 0xA4, 0xD9, 0x50, 0x57, 0x0A, 0x88,
-        0x67, 0xE9, 0x55, 0x78, 0xFF, 0x23, 0xC0, 0xD1, 0xB6, 0xF4, 0xBD, 0x64,
-        0x38, 0x9A, 0x59, 0xD8, 0x0C, 0xCA, 0x3C, 0x44, 0xBB, 0x31, 0x40, 0xF3,
-        0x3F, 0x84, 0x74, 0x1A, 0x1B, 0xFB, 0x81, 0x22, 0x20, 0x0E, 0x68, 0x48,
-        0x7F, 0xBF, 0xBB, 0xE2, 0xF7, 0xEA, 0x1C, 0xDD, 0x63, 0xAA, 0x3E, 0xFE,
-        0x7A, 0xBD, 0x6C, 0x2A, 0x2C, 0x6C, 0x8E, 0x3C, 0xB6, 0x42, 0x2F, 0x42,
-        0xF2, 0x17, 0x07, 0x2F, 0x4F, 0xAA, 0x4B, 0xA0, 0xE7, 0x98, 0xAE, 0x95,
-        0x21, 0x2A, 0xF8, 0x1C, 0x33, 0x81, 0xC2, 0x64, 0xEC, 0xF3, 0xD7, 0x75,
-        0x81, 0x61, 0x8C, 0xDF, 0x7F, 0x76, 0x6B, 0x44, 0x22, 0x36, 0xD3, 0x7F,
-        0x17, 0x40, 0x84, 0xF8, 0xA8, 0x4B, 0xD5, 0xD4, 0x4E, 0xA1, 0x86, 0xDB,
-        0x9B, 0xCD, 0xB6, 0x6C, 0xDF, 0x35, 0x0C, 0x0D, 0x7E, 0x0F, 0x01, 0x9C,
-        0xF7, 0x6E, 0x89, 0xE6, 0x2F, 0x0E, 0xC5, 0xF3, 0xEA, 0x69, 0x8C, 0xA5,
-        0xD5, 0x48, 0xEE, 0x5B, 0x77, 0x04, 0xFE, 0xC7, 0x56, 0x87, 0x27, 0xD4,
-        0xF9, 0xCC, 0xB4, 0xB4, 0xB7, 0x1A, 0x85, 0x38, 0x0B, 0x93, 0xD2, 0x1D,
-        0xD3, 0xDE, 0x7E, 0x45, 0xAF, 0x82, 0x46, 0x65, 0xFE, 0x59, 0x55, 0x83
-    },
-    /* uint8_t
-     * encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
-     */
-    {
-        0xAD, 0x59, 0x2A, 0x12, 0xAA, 0xA8, 0x34, 0x30, 0xD4, 0xC9, 0xA1, 0x5A,
-        0xD2, 0xD8, 0xF8, 0x99, 0xA0, 0x26, 0x87, 0x27, 0x90, 0x39, 0x00, 0xEA,
-        0x64, 0x8F, 0x70, 0xF8, 0x1A, 0xA7, 0x44, 0xC8, 0xE6, 0x66, 0xCB, 0xF6,
-        0x8B, 0x00, 0xC7, 0x86, 0x2B, 0x14, 0x98, 0xDB, 0x03, 0xE8, 0xD5, 0x02,
-        0xB8, 0x02, 0x6D, 0x73, 0x66, 0x19, 0x94, 0x83, 0xC4, 0xB9, 0x57, 0x3D,
-        0xFE, 0xA7, 0x19, 0xAC, 0xBC, 0xE3, 0x75, 0x40, 0xC2, 0x48, 0x5E, 0xEF,
-        0x1E, 0x9E, 0xCC, 0xE2, 0xAC, 0xE6, 0xC8, 0x08
-     },
-    /* uint8_t
-     * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
-     */
-    {
-        0xE6, 0x6C, 0xB8, 0x7C, 0xDB, 0x85, 0x50, 0x51, 0x4A, 0x75, 0x38, 0xA4,
-        0x74, 0x7A, 0x8C, 0x7C, 0x07, 0x71, 0x0E, 0x52, 0xC3, 0x19, 0xD1, 0xE6,
-        0xF8, 0x36, 0xD2, 0xD3, 0x53, 0xF8, 0xA7, 0xCE, 0xBC, 0xBE, 0xAE, 0x62,
-        0x7F, 0x00, 0x54, 0xB1, 0x01, 0x11, 0xCA, 0xE3, 0x77, 0x3E, 0x2E, 0x21
-    },
-
-};
-
-/* Public key type of CA root cert: 0: RSA-2048 2: ECDSA-P256*/
-#if defined(USE_ECC_CERT)
-const uint32_t              encrypted_user_key_type =
-                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256;
-#else
-const uint32_t              encrypted_user_key_type =
-                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_RSA2048;
-#endif
-
-const unsigned char ca_ecc_cert_der_sig[] =
-{
-    0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
-    0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
-    0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
-    0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
-    0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
-    0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
-    0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
-    0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
-    0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
-    0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
-    0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
-    0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
-    0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
-    0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
-    0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
-    0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
-    0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
-    0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
-    0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
-    0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
-    0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
-    0xc0, 0x73, 0x11, 0x1e
-};
-const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
-
-/* ./ca-cert.der.sign,  */
-const unsigned char ca_cert_der_sig[] =
-{
-    0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
-    0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
-    0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
-    0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
-    0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
-    0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
-    0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
-    0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
-    0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
-    0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
-    0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
-    0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
-    0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
-    0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
-    0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
-    0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
-    0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
-    0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
-    0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
-    0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
-    0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
-    0x1d, 0xdb, 0x57, 0xb8
-};
-const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
-/* ./client-cert.der.sign,  */
-const unsigned char client_cert_der_sign[] =
-{
-    0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79,
-    0x8A, 0x16, 0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B,
-    0x58, 0xC6, 0x5A, 0xED, 0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04,
-    0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23, 0x15, 0x84, 0x00, 0xE1,
-    0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53, 0x8A, 0x95,
-    0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21,
-    0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90,
-    0x5B, 0x3F, 0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE,
-    0x1D, 0xBE, 0xEB, 0x8E, 0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8,
-    0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6, 0x7E, 0xB6, 0xC8, 0xE1,
-    0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46, 0xCC, 0xCA,
-    0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81,
-    0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26,
-    0x55, 0xB6, 0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60,
-    0xD7, 0xEB, 0x1D, 0x08, 0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB,
-    0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38, 0xAC, 0x89, 0x63, 0xD5,
-    0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB, 0x9B, 0x71,
-    0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5,
-    0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02,
-    0x58, 0x3A, 0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23,
-    0x2D, 0xC5, 0xCD, 0x62, 0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95,
-    0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8, 0xC6, 0x2E, 0xDF, 0xD9,
-    0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73, 0x35, 0x4F,
-    0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C,
-    0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48,
-    0x3E, 0x95, 0x2A, 0x10, 0x01, 0x05
-};
-const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
-
-uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
-uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
-
-#endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >= 109) */
+/* key_data.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include "key_data.h"
+
+/*-------------------------------------------------------------------------
+      RX72N supports TSIP v1.09 or later
+--------------------------------------------------------------------------*/
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 109)
+
+const st_key_block_data_t g_key_block_data =
+{
+    /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
+    {
+    	0xDF, 0x78, 0x49, 0x28, 0xA9, 0x4C, 0x36, 0xD6, 0xC9, 0x89, 0x98, 0xDF,
+    	0xFF, 0xB1, 0xCB, 0xBC, 0x9F, 0xF4, 0x34, 0xCD, 0x81, 0x53, 0x67, 0xB3,
+    	0xFC, 0x85, 0xC6, 0x0B, 0xA2, 0xC8, 0xF4, 0x83
+   },
+    /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
+    {
+    	0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23,
+    	0x45, 0x67, 0x89, 0x01
+    },
+    /* uint8_t
+     * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
+     */
+    {
+        0xCF, 0x64, 0xE8, 0xB7, 0xAB, 0x18, 0x50, 0xFD, 0xF5, 0x33, 0xA7, 0xA4,
+        0x43, 0xA0, 0x3D, 0xCE, 0xEB, 0x7F, 0xC8, 0x1E, 0x7F, 0xE9, 0x4D, 0x6B,
+        0x2E, 0xFB, 0x00, 0x14, 0x72, 0x49, 0x6F, 0xAA, 0x13, 0x58, 0xCC, 0xA2,
+        0x49, 0xC7, 0x98, 0xEB, 0xBD, 0x9F, 0x10, 0x32, 0x99, 0xBA, 0x28, 0xC5,
+        0xA3, 0x6A, 0x01, 0x9C, 0x97, 0x6D, 0x9B, 0xDF, 0xE9, 0xE0, 0x24, 0x18,
+        0xD0, 0x59, 0x3C, 0x93, 0x96, 0x7C, 0x90, 0xCF, 0xED, 0xAE, 0xE0, 0xCE,
+        0xC6, 0xBE, 0x81, 0x23, 0xE2, 0xBC, 0xE9, 0x69, 0x3B, 0x4A, 0x65, 0xA6,
+        0x84, 0x02, 0xDF, 0x54, 0x24, 0x25, 0x48, 0x76, 0xEF, 0x2C, 0xB6, 0x87,
+        0xC8, 0x09, 0x5E, 0x0D, 0xCA, 0xC5, 0x97, 0xCD, 0xA4, 0x44, 0xCA, 0xC9,
+        0xAD, 0xA0, 0x9C, 0x54, 0x05, 0x85, 0x18, 0xA7, 0xBF, 0xD8, 0x37, 0xBD,
+        0xF7, 0x73, 0x5D, 0x30, 0xFB, 0x48, 0xB1, 0xE0, 0x41, 0x92, 0x74, 0x4A,
+        0x68, 0x21, 0xEC, 0xE4, 0x2C, 0x0C, 0xBC, 0x02, 0xAD, 0xA5, 0x6F, 0xDD,
+        0xA6, 0xD6, 0x1C, 0x72, 0x85, 0xFD, 0x37, 0xB6, 0x2E, 0x0A, 0xD6, 0xBE,
+        0x7A, 0x81, 0xD3, 0x50, 0x24, 0xBE, 0x69, 0xFD, 0x6D, 0xD6, 0xAA, 0x2E,
+        0xFA, 0x00, 0x0A, 0x33, 0xEF, 0x53, 0xFC, 0xA4, 0xE7, 0xA2, 0x3E, 0xCE,
+        0x24, 0x39, 0x4D, 0xCA, 0xE7, 0xAA, 0xC5, 0x82, 0x19, 0x40, 0x60, 0x0F,
+        0xD3, 0x2C, 0x7D, 0x8E, 0x13, 0xEC, 0xCB, 0x38, 0xE1, 0xC9, 0x97, 0xF9,
+        0x24, 0x1D, 0x7C, 0x77, 0xCD, 0x73, 0xBD, 0x76, 0xC7, 0x08, 0x49, 0x24,
+        0xAE, 0x83, 0xE3, 0x99, 0x28, 0x62, 0xF9, 0x70, 0xD8, 0xB5, 0x28, 0x03,
+        0x83, 0x0A, 0xE0, 0xEB, 0x1C, 0xC9, 0xE4, 0x0E, 0x31, 0xF9, 0x5A, 0x0B,
+        0x3D, 0x06, 0x24, 0x49, 0x3B, 0xAE, 0xFE, 0x99, 0xAC, 0x59, 0x20, 0x6E,
+        0xF4, 0xE1, 0x4B, 0x3C, 0x7B, 0x86, 0xF7, 0x48, 0xAA, 0x3A, 0x79, 0x8D,
+        0x71, 0x4B, 0x7C, 0x4B, 0x5A, 0x74, 0x31, 0xB1, 0x6A, 0xA6, 0xD4, 0xC4,
+        0xE1, 0x59, 0x90, 0x62, 0x09, 0xAB, 0xA4, 0x91, 0x02, 0x0A, 0x22, 0x2B
+    },
+    /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
+    {
+        0
+    },
+    /* uint8_t
+     * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
+     */
+    {
+        0x60, 0x6B, 0x2E, 0x15, 0xAB, 0xE2, 0x51, 0x4D, 0x75, 0xEA, 0xF4, 0xE8,
+        0xF5, 0x21, 0xC3, 0x31, 0xF9, 0x3C, 0x8A, 0x7D, 0x2B, 0x55, 0x7B, 0xA7,
+        0xC0, 0xC5, 0xE0, 0xBC, 0x56, 0x75, 0xEB, 0xFA, 0x43, 0x6E, 0x49, 0x4F,
+        0x29, 0xD6, 0xE8, 0xAC, 0xDA, 0x44, 0xDD, 0x82, 0x23, 0xEC, 0x3D, 0x0E,
+        0xE2, 0xA1, 0xE7, 0xF3, 0x81, 0xB3, 0x4D, 0x81, 0x9A, 0xFB, 0xCE, 0x1A,
+        0x57, 0xE7, 0x0E, 0x8B, 0xDC, 0x18, 0xD8, 0xB4, 0x97, 0xD0, 0xA9, 0x5D,
+        0x81, 0xFB, 0x13, 0x10, 0x19, 0xD1, 0x0D, 0x43, 0xE6, 0x1D, 0xFC, 0x80,
+        0x32, 0x97, 0x6A, 0xB2, 0xB2, 0x63, 0xD9, 0xC2, 0x09, 0x34, 0xF3, 0xA0,
+        0x0C, 0xCE, 0x06, 0x6C, 0xB2, 0xB9, 0x2A, 0xDF, 0xEE, 0x68, 0x8B, 0x4E,
+        0x8C, 0xBA, 0xF8, 0xA7, 0x60, 0x3C, 0xCC, 0xD4, 0x94, 0x42, 0xCC, 0x37,
+        0x4B, 0xED, 0x70, 0xB1, 0x53, 0xBD, 0xE8, 0x92, 0xB9, 0x8B, 0x07, 0x27,
+        0x42, 0xC2, 0x1B, 0xE1, 0x7D, 0x45, 0xBC, 0xB9, 0xB4, 0x3D, 0xD1, 0x62,
+        0x44, 0x76, 0x4E, 0xFA, 0xE5, 0x00, 0x4F, 0x6B, 0xE6, 0xBB, 0x32, 0xFB,
+        0xD6, 0xEC, 0x58, 0x98, 0xFB, 0x80, 0xF7, 0x0E, 0x96, 0x9B, 0xBB, 0xCF,
+        0xDE, 0x31, 0x09, 0x39, 0x1A, 0x31, 0x49, 0xB8, 0x2F, 0x99, 0xEA, 0x9A,
+        0xF2, 0x46, 0xDB, 0x09, 0x21, 0xB1, 0x41, 0x98, 0x38, 0x9A, 0xDD, 0xEE,
+        0xA3, 0xEE, 0x02, 0xBB, 0x2D, 0x79, 0x44, 0xD0, 0x81, 0x60, 0x0E, 0xD3,
+        0xFF, 0xBC, 0x98, 0x6B, 0x5A, 0x19, 0x47, 0xEB, 0x88, 0xC3, 0x25, 0x58,
+        0xD8, 0x77, 0x95, 0x40, 0x76, 0xE3, 0x56, 0xCF, 0x94, 0x2D, 0xFE, 0x43,
+        0x63, 0xD6, 0x8D, 0xA0, 0x1B, 0x43, 0x33, 0xEB, 0xBC, 0xE7, 0x92, 0x40,
+        0xA2, 0xD5, 0x98, 0x5C, 0xF8, 0x91, 0xAF, 0x0B, 0xD2, 0x8E, 0xA8, 0x58,
+        0x84, 0x7D, 0x90, 0xBD, 0x46, 0x09, 0xD1, 0x14, 0x95, 0x32, 0x8F, 0x49,
+        0xC6, 0xDE, 0xB8, 0xA5, 0xC6, 0xFA, 0xB5, 0x5F, 0xA7, 0x41, 0x29, 0x68,
+        0x87, 0xE9, 0xAF, 0xC8, 0x6F, 0xFE, 0x50, 0x84, 0x01, 0x2E, 0x02, 0x6A
+    },
+    /* uint8_t
+     * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
+     */
+    {
+        0x60, 0x6B, 0x2E, 0x15, 0xAB, 0xE2, 0x51, 0x4D, 0x75, 0xEA, 0xF4, 0xE8,
+        0xF5, 0x21, 0xC3, 0x31, 0xF9, 0x3C, 0x8A, 0x7D, 0x2B, 0x55, 0x7B, 0xA7,
+        0xC0, 0xC5, 0xE0, 0xBC, 0x56, 0x75, 0xEB, 0xFA, 0x43, 0x6E, 0x49, 0x4F,
+        0x29, 0xD6, 0xE8, 0xAC, 0xDA, 0x44, 0xDD, 0x82, 0x23, 0xEC, 0x3D, 0x0E,
+        0xE2, 0xA1, 0xE7, 0xF3, 0x81, 0xB3, 0x4D, 0x81, 0x9A, 0xFB, 0xCE, 0x1A,
+        0x57, 0xE7, 0x0E, 0x8B, 0xDC, 0x18, 0xD8, 0xB4, 0x97, 0xD0, 0xA9, 0x5D,
+        0x81, 0xFB, 0x13, 0x10, 0x19, 0xD1, 0x0D, 0x43, 0xE6, 0x1D, 0xFC, 0x80,
+        0x32, 0x97, 0x6A, 0xB2, 0xB2, 0x63, 0xD9, 0xC2, 0x09, 0x34, 0xF3, 0xA0,
+        0x0C, 0xCE, 0x06, 0x6C, 0xB2, 0xB9, 0x2A, 0xDF, 0xEE, 0x68, 0x8B, 0x4E,
+        0x8C, 0xBA, 0xF8, 0xA7, 0x60, 0x3C, 0xCC, 0xD4, 0x94, 0x42, 0xCC, 0x37,
+        0x4B, 0xED, 0x70, 0xB1, 0x53, 0xBD, 0xE8, 0x92, 0xB9, 0x8B, 0x07, 0x27,
+        0x42, 0xC2, 0x1B, 0xE1, 0x7D, 0x45, 0xBC, 0xB9, 0xB4, 0x3D, 0xD1, 0x62,
+        0x44, 0x76, 0x4E, 0xFA, 0xE5, 0x00, 0x4F, 0x6B, 0xE6, 0xBB, 0x32, 0xFB,
+        0xD6, 0xEC, 0x58, 0x98, 0xFB, 0x80, 0xF7, 0x0E, 0x96, 0x9B, 0xBB, 0xCF,
+        0xDE, 0x31, 0x09, 0x39, 0x1A, 0x31, 0x49, 0xB8, 0x2F, 0x99, 0xEA, 0x9A,
+        0xF2, 0x46, 0xDB, 0x09, 0x21, 0xB1, 0x41, 0x98, 0x38, 0x9A, 0xDD, 0xEE,
+        0xA3, 0xEE, 0x02, 0xBB, 0x2D, 0x79, 0x44, 0xD0, 0x81, 0x60, 0x0E, 0xD3,
+        0xFF, 0xBC, 0x98, 0x6B, 0x5A, 0x19, 0x47, 0xEB, 0x88, 0xC3, 0x25, 0x58,
+        0xD8, 0x77, 0x95, 0x40, 0x76, 0xE3, 0x56, 0xCF, 0x94, 0x2D, 0xFE, 0x43,
+        0x63, 0xD6, 0x8D, 0xA0, 0x1B, 0x43, 0x33, 0xEB, 0xBC, 0xE7, 0x92, 0x40,
+        0xA2, 0xD5, 0x98, 0x5C, 0xF8, 0x91, 0xAF, 0x0B, 0xD2, 0x8E, 0xA8, 0x58,
+        0x84, 0x7D, 0x90, 0xBD, 0x56, 0x1F, 0x2D, 0x1B, 0x8C, 0x17, 0x9E, 0xBA,
+        0x0C, 0x61, 0xF8, 0x1B, 0xFB, 0xA4, 0x9E, 0x71, 0xA8, 0x09, 0x9E, 0xA9,
+        0x0D, 0x2B, 0x18, 0x32, 0xFE, 0x56, 0x09, 0x1B, 0xD4, 0x0D, 0xEE, 0x58,
+        0x40, 0x3B, 0x2D, 0x85, 0x52, 0xDA, 0x75, 0x2E, 0x8E, 0x52, 0xE1, 0x06,
+        0x64, 0xA3, 0x06, 0x6B, 0x3E, 0x71, 0x45, 0x94, 0xE0, 0x12, 0x6F, 0x15,
+        0x03, 0x57, 0x87, 0xBF, 0xE2, 0x05, 0xF7, 0x0D, 0xEA, 0x27, 0x9D, 0x9C,
+        0xC4, 0x55, 0x7F, 0x87, 0x85, 0x87, 0x7F, 0xA7, 0xE4, 0xB4, 0xA6, 0x6F,
+        0xB9, 0x18, 0x2E, 0x3C, 0xCF, 0x8E, 0x61, 0xD9, 0x13, 0x8C, 0xC4, 0xFF,
+        0xA5, 0x0A, 0x86, 0xB7, 0x6D, 0x03, 0xA4, 0x48, 0xF5, 0xF4, 0xF5, 0x64,
+        0xEA, 0x43, 0x54, 0xEB, 0x27, 0xEE, 0xD6, 0xD8, 0x89, 0xDB, 0x62, 0x37,
+        0x73, 0x85, 0x86, 0xCA, 0x32, 0xE4, 0xA5, 0x61, 0x65, 0xA0, 0x0F, 0x59,
+        0xA1, 0xB5, 0xB6, 0xE4, 0xA5, 0xDC, 0xFF, 0x81, 0x86, 0xB0, 0x84, 0x1A,
+        0x4C, 0x68, 0xDA, 0xEB, 0x3D, 0x64, 0x40, 0x9D, 0x6B, 0x4B, 0x2A, 0x2B,
+        0x09, 0xE5, 0xF0, 0x78, 0xC2, 0x47, 0x37, 0xCB, 0xE8, 0xD1, 0xA5, 0xD8,
+        0xAA, 0x54, 0xC4, 0x23, 0xF9, 0x21, 0xF9, 0x78, 0x22, 0xB1, 0x40, 0x96,
+        0xF9, 0xEB, 0xCB, 0x7A, 0x4B, 0xFF, 0x78, 0x8A, 0x7B, 0x8A, 0x09, 0xA9,
+        0x94, 0x30, 0x4E, 0x20, 0xD2, 0x24, 0x1D, 0xED, 0x45, 0xA2, 0xAB, 0xFC,
+        0xFD, 0x6A, 0xBE, 0xA7, 0x18, 0xD4, 0x5B, 0xE5, 0xBE, 0x83, 0x9F, 0xEC,
+        0xA3, 0xBA, 0xEA, 0x62, 0x7E, 0xA0, 0xA2, 0x7C, 0x61, 0x8D, 0xF5, 0x42,
+        0x50, 0x73, 0xE0, 0x66, 0x0B, 0x61, 0xD7, 0x86, 0x7C, 0x72, 0xF9, 0x86,
+        0x0B, 0x8C, 0xC1, 0xB4, 0x2E, 0x9D, 0x19, 0xD1, 0xA4, 0xDC, 0x47, 0x85,
+        0xB1, 0xBA, 0x16, 0x30, 0x97, 0x80, 0x98, 0x29, 0x16, 0xFA, 0xFD, 0x50,
+        0xC6, 0x7F, 0x69, 0xA0, 0x16, 0xAF, 0x0A, 0x56, 0xDB, 0x1D, 0x53, 0xC4
+    },
+    /* uint8_t
+     * encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
+     */
+    {
+        0x12, 0xF0, 0x90, 0x57, 0xDA, 0x92, 0xB4, 0x6A, 0xD9, 0xD3, 0x4D, 0x54,
+        0x4C, 0x96, 0x8E, 0xB3, 0xAA, 0x33, 0x06, 0xC3, 0x7F, 0x4B, 0x6F, 0xFD,
+        0xA9, 0x11, 0x73, 0x0F, 0x70, 0x73, 0xA0, 0xF7, 0x73, 0xE7, 0x8B, 0xDB,
+        0xD4, 0x56, 0x4D, 0x7B, 0xCB, 0x79, 0x1E, 0x9B, 0x71, 0x74, 0xDF, 0x53,
+        0x05, 0xA8, 0x54, 0xB2, 0x8B, 0x55, 0xE1, 0x7F, 0x3D, 0x4A, 0xC8, 0x84,
+        0xB4, 0xD8, 0xBB, 0x9A, 0xDE, 0x2E, 0x42, 0x48, 0x9B, 0x12, 0x0B, 0x1B,
+        0x1A, 0xDB, 0x3E, 0x0E, 0xE3, 0x07, 0xF8, 0x3B
+     },
+    /* uint8_t
+     * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
+     */
+    {
+        0x07, 0x21, 0xB3, 0x4A, 0x2D, 0xCE, 0xBE, 0x59, 0xBC, 0x8C, 0xE1, 0x84,
+        0xF0, 0xE3, 0xEF, 0x07, 0xD8, 0xE4, 0x30, 0x31, 0xB7, 0xE2, 0xB0, 0xA6,
+        0x6E, 0x51, 0xAE, 0xFD, 0x6B, 0x43, 0xB2, 0xFE, 0x1F, 0x16, 0x99, 0x67,
+        0x7D, 0x33, 0x1F, 0xF9, 0x5B, 0x3C, 0xB1, 0xAC, 0x90, 0xE4, 0x05, 0x7F
+    },
+
+};
+
+/* Public key type of CA root cert: 0: RSA-2048 2: ECDSA-P256*/
+#if defined(USE_ECC_CERT)
+const uint32_t              encrypted_user_key_type =
+                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256;
+#else
+const uint32_t              encrypted_user_key_type =
+                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_RSA2048;
+#endif
+
+const unsigned char ca_ecc_cert_der_sig[] =
+{
+	0x64, 0x38, 0x4F, 0x4E, 0x04, 0x69, 0xC9, 0xFC, 0x2C, 0x31,
+	0x00, 0x85, 0x6B, 0xC9, 0xE6, 0x81, 0xFF, 0x4A, 0x98, 0x4F,
+	0x02, 0x1B, 0x63, 0x01, 0x5C, 0xEE, 0xE0, 0x6C, 0x0D, 0xA0,
+	0x7E, 0xC2, 0xA5, 0xFC, 0x87, 0x90, 0xB7, 0xFE, 0xA1, 0x4C,
+	0x0D, 0xB9, 0x81, 0xC7, 0x68, 0x39, 0x26, 0xD3, 0x38, 0xAD,
+	0x3C, 0xCC, 0x4B, 0xA5, 0x59, 0x01, 0xF1, 0x56, 0x50, 0x72,
+	0x5F, 0xFF, 0x5D, 0x8C, 0x4D, 0xB9, 0xA6, 0xA1, 0x08, 0xE1,
+	0xF2, 0x30, 0xA4, 0x20, 0x19, 0x08, 0x7F, 0x7E, 0x5C, 0xE7,
+	0x6F, 0x7B, 0x19, 0x0D, 0xC0, 0x04, 0x9F, 0x68, 0x15, 0x52,
+	0xDE, 0x8D, 0x9C, 0xA2, 0xC8, 0xE7, 0x71, 0xF2, 0x3B, 0xEE,
+	0x5E, 0xB1, 0x72, 0xF5, 0x53, 0x80, 0xD8, 0x48, 0x2D, 0xF0,
+	0x5B, 0xA1, 0x11, 0xFE, 0x0F, 0xCB, 0x60, 0x29, 0x2F, 0x27,
+	0x44, 0x82, 0xE6, 0x24, 0x40, 0xE6, 0xF9, 0x63, 0x82, 0x82,
+	0xFC, 0x3E, 0x82, 0xC0, 0xA2, 0x80, 0xF5, 0x25, 0x56, 0xB0,
+	0x3A, 0x18, 0x70, 0x4C, 0x3F, 0x8A, 0xCD, 0xF5, 0x9E, 0xA9,
+	0x34, 0x5D, 0x82, 0x24, 0xA3, 0xA7, 0x14, 0xC0, 0x13, 0x31,
+	0x51, 0xED, 0x6F, 0x3E, 0x88, 0x2B, 0xAB, 0xE6, 0x7F, 0x2B,
+	0xA7, 0x08, 0x24, 0xC5, 0x25, 0xDF, 0x16, 0x7D, 0x1E, 0x9B,
+	0x7F, 0xA0, 0xDA, 0x07, 0xB0, 0x40, 0xF0, 0xCC, 0x76, 0x62,
+	0xF7, 0xB1, 0x70, 0x98, 0x78, 0x94, 0x6D, 0xE4, 0x0E, 0xD4,
+	0x86, 0x59, 0x9C, 0x4C, 0xBC, 0xC2, 0x6E, 0x82, 0x35, 0xF3,
+	0x34, 0x2A, 0x17, 0x75, 0xA7, 0xD7, 0x5F, 0xF1, 0x45, 0x84,
+	0xD5, 0x75, 0xF9, 0x3C, 0x2A, 0x82, 0xB7, 0xC0, 0x9E, 0x3E,
+	0x76, 0xB2, 0xB3, 0xC2, 0xDC, 0xF4, 0xEA, 0x19, 0xC3, 0x8D,
+	0xE9, 0x08, 0x8F, 0xA0, 0x2D, 0x5C, 0x48, 0x51, 0x51, 0x2B,
+	0x74, 0x9E, 0xC8, 0xEB, 0x7C, 0x3C
+};
+const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
+
+/* ./ca-cert.der.sign,  */
+const unsigned char ca_cert_der_sig[] =
+{
+	0x2C, 0xA8, 0x2C, 0xA2, 0x95, 0x60, 0x27, 0xDA, 0xE1, 0xB9,
+	0xD8, 0x74, 0x30, 0x10, 0x13, 0x5B, 0xDA, 0x9B, 0x15, 0xB7,
+	0xF4, 0x65, 0x3A, 0x9C, 0x08, 0xF6, 0x2A, 0xC2, 0xF4, 0xD9,
+	0x29, 0x3C, 0x27, 0xD2, 0xC6, 0x8B, 0x09, 0xB2, 0xBF, 0xEF,
+	0x77, 0x7D, 0x95, 0x6B, 0xCC, 0x9E, 0x6F, 0x12, 0xDA, 0x7B,
+	0x88, 0x36, 0x84, 0xB3, 0xC5, 0x9D, 0xCD, 0xEB, 0xE9, 0x87,
+	0xC3, 0xB9, 0x25, 0xF2, 0x35, 0x27, 0x3D, 0x82, 0x00, 0xA9,
+	0xDA, 0x16, 0x56, 0x29, 0xD1, 0xBD, 0xE5, 0x85, 0x79, 0xC9,
+	0x2F, 0x95, 0x51, 0xDF, 0xD2, 0x3D, 0x83, 0x3F, 0x8C, 0xE6,
+	0xB5, 0x6C, 0x86, 0x2D, 0x7B, 0x7D, 0x70, 0x02, 0xAF, 0x0C,
+	0x63, 0x78, 0xB5, 0x9A, 0x39, 0xA7, 0x21, 0x8C, 0x84, 0xCB,
+	0x21, 0x21, 0x9F, 0xEE, 0x3D, 0x38, 0xBC, 0xD6, 0x9B, 0x64,
+	0xF0, 0x33, 0xD6, 0xE0, 0x81, 0x2E, 0x4F, 0x19, 0xBF, 0x2A,
+	0x4B, 0x24, 0x0B, 0x2C, 0x39, 0xAA, 0xA6, 0x92, 0xAC, 0x00,
+	0x89, 0xEB, 0xD5, 0xC2, 0x19, 0x5D, 0x33, 0xFA, 0xEE, 0xCB,
+	0x99, 0x4E, 0xCE, 0x10, 0xAA, 0xFB, 0xB1, 0x3B, 0x6E, 0xEC,
+	0x81, 0x01, 0xEE, 0x65, 0xE8, 0xB9, 0xC2, 0xBE, 0x05, 0x23,
+	0xFE, 0x44, 0x27, 0xAA, 0x34, 0x68, 0xB3, 0x79, 0x27, 0xB8,
+	0xFC, 0xCF, 0x1C, 0x31, 0x73, 0x7E, 0xFA, 0x65, 0x08, 0x91,
+	0x45, 0xB6, 0xD7, 0x4D, 0x0E, 0x0D, 0x9C, 0x96, 0xDB, 0x49,
+	0x98, 0xAE, 0xD6, 0xB5, 0xE7, 0x1C, 0x5E, 0xB4, 0x62, 0x52,
+	0x5D, 0x82, 0x2C, 0xF2, 0x2F, 0xAE, 0xB8, 0xB4, 0x0C, 0x2A,
+	0x26, 0x7E, 0xD2, 0x22, 0xE9, 0x51, 0x65, 0x75, 0x9E, 0x4F,
+	0x23, 0xB9, 0x5E, 0x06, 0xD6, 0x71, 0xE6, 0x24, 0xFC, 0x89,
+	0x16, 0xA1, 0xCC, 0xE2, 0x99, 0x5A, 0x98, 0xD0, 0x11, 0x8A,
+	0x36, 0x26, 0xB5, 0xB4, 0xB1, 0x57
+};
+const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
+/* ./client-cert.der.sign,  */
+const unsigned char client_cert_der_sign[] =
+{
+    0x21, 0x2A, 0x81, 0xFF, 0xC2, 0x4C, 0x98, 0xFF, 0xB8, 0x99,
+	0xFC, 0x14, 0x07, 0xBA, 0xBD, 0x7F, 0x58, 0x0F, 0x23, 0x49,
+	0x6B, 0xFA, 0x47, 0xAC, 0xF5, 0xCF, 0x7A, 0x76, 0x89, 0x07,
+	0x22, 0x2F, 0x2A, 0xC5, 0x9F, 0x6D, 0x37, 0xFC, 0x7E, 0x51,
+	0x55, 0x29, 0xDA, 0xF9, 0x7E, 0x30, 0x25, 0x3F, 0x38, 0xE3,
+	0x5B, 0xD8, 0xD1, 0xC4, 0xE1, 0x05, 0x14, 0x5D, 0x3A, 0x8C,
+	0xFC, 0x42, 0x7D, 0x38, 0x21, 0x5B, 0x0B, 0xC8, 0x6E, 0x80,
+	0x35, 0xA7, 0x0B, 0xAB, 0x9E, 0x8B, 0x7F, 0x04, 0xE5, 0x43,
+	0x2E, 0xFF, 0x11, 0x67, 0x04, 0xF4, 0x52, 0x52, 0xEF, 0x6C,
+	0xC6, 0x30, 0x63, 0xE0, 0xAE, 0xCB, 0xD0, 0xBC, 0x7F, 0xB7,
+	0x98, 0xD4, 0x08, 0x76, 0x49, 0xFF, 0x0E, 0xAF, 0x2B, 0x3B,
+	0xA0, 0xFD, 0x25, 0xD5, 0x42, 0x02, 0x0A, 0xAA, 0xC0, 0x0C,
+	0x5C, 0x62, 0x04, 0xD0, 0x4A, 0xE7, 0xEA, 0x26, 0x72, 0xE1,
+	0x35, 0x8D, 0x47, 0x5A, 0xE6, 0x9A, 0xD5, 0x5C, 0x31, 0x79,
+	0x7A, 0xEE, 0x59, 0xAD, 0x1B, 0x04, 0x2C, 0xFF, 0x74, 0x9D,
+	0xA5, 0x90, 0x21, 0xCE, 0xC2, 0x04, 0x41, 0x98, 0x14, 0x27,
+	0xF8, 0x35, 0xB9, 0xF5, 0x73, 0x1D, 0xAE, 0x2F, 0x8F, 0x44,
+	0x79, 0xCA, 0xE7, 0x38, 0xDD, 0x15, 0x11, 0xDB, 0xA5, 0x6D,
+	0xE6, 0x7F, 0x4E, 0x73, 0xE6, 0x2E, 0x98, 0xF3, 0xDD, 0x5A,
+	0x34, 0x24, 0x6B, 0xAF, 0x28, 0xDC, 0x3A, 0x10, 0x0D, 0x54,
+	0x86, 0x11, 0x52, 0x0F, 0x88, 0x65, 0x03, 0xE5, 0x1C, 0x04,
+	0x45, 0x6B, 0x25, 0x3E, 0x8D, 0x5B, 0xD7, 0x2E, 0x33, 0x06,
+	0xAA, 0x23, 0xFE, 0x1B, 0x7B, 0xE8, 0xB9, 0xA7, 0x80, 0x3F,
+	0x08, 0x89, 0x6A, 0x22, 0x3F, 0xE0, 0xB8, 0xF3, 0xA4, 0x0A,
+	0xC6, 0xA5, 0x51, 0xC4, 0x1A, 0x38, 0xE3, 0xD2, 0x8A, 0x1C,
+	0xF1, 0xAE, 0x89, 0xFB, 0xCE, 0x9E
+};
+const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
+
+uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
+uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
+
+#endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >= 109) */
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
index 2d6bead068..f06787b6a9 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
@@ -1,68 +1,72 @@
-/* key_data.h
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-
-
-
-#ifndef KEY_DATA_H_
-#define KEY_DATA_H_
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-
-#if defined(WOLFSSL_RENESAS_TSIP)
-
-#include "r_tsip_rx_if.h"
-
-typedef struct st_key_block_data
-{
-    /* encrypted provisioning key */
-    uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2];
-    /* iv */
-    uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
-    /* RSA2048 public key for RootCA sign verification */
-    uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
-    /* update key (not used) */
-    uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
-    /* wrapped client RSA2048bit public key */
-    uint8_t encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
-    /* wrapped client RSA2048bit private key */
-    uint8_t encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
-    /* wrapped client ECC P256 public key */
-    uint8_t encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
-    /* wrapped client ECC P256 private key */
-    uint8_t encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
-} st_key_block_data_t;
-
-
-extern const uint32_t               encrypted_user_key_type;
-extern const st_key_block_data_t    g_key_block_data;
-
-extern const unsigned char          ca_cert_der_sig[];
-extern const unsigned char          ca_ecc_cert_der_sig[];
-extern const unsigned char          client_cert_der_sign[];
-extern const int                    sizeof_ca_cert_der;
-
-
-#endif /* WOLFSSL_RENESAS_TSIP */
-#endif /* KEY_DATA_H_ */
-
+/* key_data.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+
+
+#ifndef KEY_DATA_H_
+#define KEY_DATA_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+
+#if defined(WOLFSSL_RENESAS_TSIP)
+
+#include "r_tsip_rx_if.h"
+
+typedef struct st_key_block_data
+{
+    /* encrypted provisioning key */
+    uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2];
+    /* iv */
+    uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
+    /* RSA2048 public key for RootCA sign verification */
+    uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
+    /* update key (not used) */
+    uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
+    /* wrapped client RSA2048bit public key */
+    uint8_t encrypted_user_rsa2048_public_key[
+                                    R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
+    /* wrapped client RSA2048bit private key */
+    uint8_t encrypted_user_rsa2048_private_key[
+                                    R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
+    /* wrapped client ECC P256 public key */
+    uint8_t encrypted_user_ecc256_public_key[
+                                    R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
+    /* wrapped client ECC P256 private key */
+    uint8_t encrypted_user_ecc256_private_key[
+                                    R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
+} st_key_block_data_t;
+
+
+extern const uint32_t               encrypted_user_key_type;
+extern const st_key_block_data_t    g_key_block_data;
+
+extern const unsigned char          ca_cert_der_sig[];
+extern const unsigned char          ca_ecc_cert_der_sig[];
+extern const unsigned char          client_cert_der_sign[];
+extern const int                    sizeof_ca_cert_der;
+
+
+#endif /* WOLFSSL_RENESAS_TSIP */
+#endif /* KEY_DATA_H_ */
+
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
index 6e8d165b3e..06841e3191 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,9 +40,10 @@
  *      114: TSIPv1.14
  *      115: TSIPv1.15
  *      117: TSIPv1.17
+ *      121: TSIPv1.21
  *----------------------------------------------------------------------------*/
   #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     117
+  #define WOLFSSL_RENESAS_TSIP_VER     121
 
 
 #if defined(SIMPLE_TLS_CLIENT) || defined(SIMPLE_TLS_SERVER)
@@ -246,7 +247,6 @@
     #define WOLFSSL_RENESAS_TSIP_TLS
 
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -260,10 +260,20 @@
         # undef WOLFSSL_RENESAS_TSIP_TLS
         # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
-
+    /*-------------------------------------------------------------------------
+     * TSIP generates random numbers using the CRT-DRBG described
+     * in NIST SP800-90A. Recommend to define the CUSTOM_RAND_GENERATE_BLOCK
+     * so that wc_RNG_GenerateByte/Block() call TSIP random generatoion API
+     * directly. Comment out the macro will generate random number by
+     * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
+     *-----------------------------------------------------------------------*/
+	#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 #else
     #define OPENSSL_EXTRA
     #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
+	#if !defined(min)
+    	#define min(data1, data2)    _builtin_min(data1, data2)
+	#endif
 #endif
 
 
@@ -277,6 +287,5 @@
 /*-- strcasecmp */
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
 
-#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 /* use original ASN parsing */
 #define WOLFSSL_ASN_ORIGINAL
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
index 5d1f913677..73c001457b 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
@@ -1,6 +1,6 @@
 /* wolfssl_demo.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,10 +67,10 @@
     static WOLFSSL_CTX* client_ctx;
 #endif /* TLS_CLIENT */
 
-#define TLSSERVER_IP      "192.168.11.49"
+#define TLSSERVER_IP      "192.168.11.47"
 #define TLSSERVER_PORT    11111
-#define YEAR 2023
-#define MON  3
+#define YEAR 2024
+#define MON  9
 #define FREQ 10000 /* Hz */
 #define MAX_MSGSTR  80
 
@@ -201,7 +201,7 @@ static void Tls_client_init()
             char *cert       = "./certs/ca-cert.pem";
         #endif
     #else
-        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256) 
+        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
             const unsigned char *cert       = ca_ecc_cert_der_256;
             #define  SIZEOF_CERT sizeof_ca_ecc_cert_der_256
         #else
@@ -216,7 +216,7 @@ static void Tls_client_init()
     wolfSSL_Init();
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((client_ctx = 
+    if ((client_ctx =
         wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return;
@@ -228,7 +228,7 @@ static void Tls_client_init()
 
     /* load root CA certificate */
     #if defined(NO_FILESYSTEM)
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert,
                             SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
            printf("ERROR: can't load certificate data\n");
        return;
@@ -239,7 +239,7 @@ static void Tls_client_init()
         return NULL;
     }
     #endif
-     
+
     #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS)
 
     if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
@@ -311,7 +311,7 @@ static void Tls_client(void *pvParam)
     if (ret == 0) {
         ssl = wolfSSL_new(ctx);
         if (ssl == NULL) {
-            msg(pcName, p->id, "ERROR wolfSSL_new: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_new: %d\n",
                                         wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -345,7 +345,7 @@ static void Tls_client(void *pvParam)
     if (ret == 0) {
         /* associate socket with ssl object */
         if (wolfSSL_set_fd(ssl, (int)socket) != WOLFSSL_SUCCESS) {
-            msg(pcName, p->id, "ERROR wolfSSL_set_fd: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_set_fd: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -404,11 +404,11 @@ static void Tls_client(void *pvParam)
         }
     }
 #endif /* WOLFSSL_CHECK_SIG_FAULTS */
-    
+
     #else
     /* Client authentication using RSA certificate can be handled by TSIP.
      * Note that the internal verification of the signature process requires
-     * not only the client's private key but also its public key, so pass them 
+     * not only the client's private key but also its public key, so pass them
      * using tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS
      * respectively.
          */
@@ -422,7 +422,7 @@ static void Tls_client(void *pvParam)
             }
         }
         if (ret == 0) {
-            ret = tsip_use_PublicKey_buffer(ssl,
+            ret = tsip_use_PublicKey_buffer_TLS(ssl,
                 (const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
                 sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
                                                             TSIP_RSA2048);
@@ -435,9 +435,9 @@ static void Tls_client(void *pvParam)
 #else
     #if defined(USE_ECC_CERT)
     if (ret == 0) {
-        err = wolfSSL_use_PrivateKey_buffer(ssl, 
+        err = wolfSSL_use_PrivateKey_buffer(ssl,
                                     ecc_clikey_der_256,
-                                    sizeof_ecc_clikey_der_256, 
+                                    sizeof_ecc_clikey_der_256,
                                     WOLFSSL_FILETYPE_ASN1);
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
@@ -446,10 +446,10 @@ static void Tls_client(void *pvParam)
         }
     }
     #else
-    if (ret == 0) { 
+    if (ret == 0) {
         err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
                             sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
-         
+
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
@@ -464,7 +464,7 @@ static void Tls_client(void *pvParam)
 #endif
     if (ret == 0) {
         if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
-            msg(pcName, p->id, "ERROR wolfSSL_connect: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_connect: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -473,9 +473,9 @@ static void Tls_client(void *pvParam)
    wolfSSL_Debugging_OFF();
 #endif
     if (ret == 0) {
-        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != 
+        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) !=
                                                             strlen(sendBuff)) {
-            msg(pcName, p->id, "ERROR wolfSSL_write: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_write: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -483,7 +483,7 @@ static void Tls_client(void *pvParam)
 
     if (ret == 0) {
         if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE -1)) < 0) {
-            msg(pcName, p->id, "ERROR wolfSSL_read: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_read: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -493,7 +493,7 @@ static void Tls_client(void *pvParam)
             ret = 0;
         }
     }
-    
+
 #if defined(TLS_MULTITHREAD_TEST)
 out:
 #endif
@@ -600,7 +600,7 @@ static void Tls_client_demo(void)
     tsip_inform_cert_sign((const byte*)ca_ecc_cert_der_sig);
 
     #else
-    
+
     /* Root CA cert has RSA public key */
     tsip_inform_cert_sign((const byte*)ca_cert_der_sig);
 
@@ -639,7 +639,7 @@ static void Tls_client_demo(void)
 
             printf(" %s connecting to %d port\n", info[j].name, info[j].port);
 
-            xReturned = xTaskCreate(Tls_client, info[j].name, 
+            xReturned = xTaskCreate(Tls_client, info[j].name,
                                         THREAD_STACK_SIZE, &info[j], 3, NULL);
             if (xReturned != pdPASS) {
                 printf("Failed to create task\n");
@@ -647,7 +647,7 @@ static void Tls_client_demo(void)
         }
 
         for (j = i; j < (i+2); j++) {
-            xSemaphoreGiveFromISR(info[j].xBinarySemaphore, 
+            xSemaphoreGiveFromISR(info[j].xBinarySemaphore,
                                                     &xHigherPriorityTaskWoken);
         }
 
@@ -695,7 +695,7 @@ static void Tls_client_demo(void)
 #endif /* TLS_CLIENT */
 
 /* Demo entry function called by iot_demo_runner
- * To run this entry function as an aws_iot_demo, define this as 
+ * To run this entry function as an aws_iot_demo, define this as
  * DEMO_entryFUNCTION in aws_demo_config.h.
  */
 void wolfSSL_demo_task(bool         awsIotMqttMode,
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
index c11e59c830..4aa90b5d5a 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
index f89b48cf15..1b84878d3c 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
@@ -1,6 +1,6 @@
 /* wolfssl_tsip_unit_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -107,22 +107,13 @@ typedef struct tagInfo
 
  void Clr_CallbackCtx(TsipUserCtx *g)
  {
+     XFREE(g->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-     if (g->rsa1024pri_keyIdx != NULL)
-         XFREE(g->rsa1024pri_keyIdx,
-                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
+     XFREE(g->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-     if (g->rsa1024pub_keyIdx != NULL)
-         XFREE(g->rsa1024pub_keyIdx,
-                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
+     XFREE(g->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-     if (g->rsa2048pri_keyIdx != NULL)
-         XFREE(g->rsa2048pri_keyIdx,
-                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-     if (g->rsa2048pub_keyIdx != NULL)
-         XFREE(g->rsa2048pub_keyIdx,
-                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
+     XFREE(g->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
      XMEMSET(g, 0, sizeof(TsipUserCtx));
  }
 
@@ -139,7 +130,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
     byte plain[AES_BLOCK_SIZE];
     int  ret = 0;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 
+    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
         /* "Now is the time for all " w/o trailing 0 */
         0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
         0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
@@ -154,7 +145,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
     if (prnt) {
         printf(" tsip_aes_cbc_test() ");
     }
-    
+
     ret = wc_AesInit(aes, NULL, INVALID_DEVID);
     if (ret == 0) {
         ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
@@ -196,7 +187,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -205,7 +196,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == false) {
         ret = tsip_aes_cbc_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -257,7 +248,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
 
     if (prnt)
         printf(" tsip_aes256_test() ");
-    
+
     if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
         ret = -1;
         goto out;
@@ -315,7 +306,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 #ifdef FREERTOS
@@ -323,7 +314,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == false) {
         ret = tsip_aes256_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -345,8 +336,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     Aes enc[1];
     Aes dec[1];
     TsipUserCtx userContext;
-    
-    
+
+
     /*
      * This is Test Case 16 from the document Galois/
      * Counter Mode of Operation (GCM) by McGrew and
@@ -416,7 +407,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     if (prnt) {
         printf(" tsip_aes256_gcm_test() ");
     }
-    
+
     ForceZero(resultT, sizeof(resultT));
     ForceZero(resultC, sizeof(resultC));
     ForceZero(resultP, sizeof(resultP));
@@ -443,8 +434,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     }
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), 
-                        (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT), 
+    result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p),
+                        (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT),
                         a, sizeof(a), &userContext);
 
     if (result != 0) {
@@ -461,7 +452,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     }
 
     result = wc_tsip_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
-                        iv1, sizeof(iv1), resultT, sizeof(resultT), 
+                        iv1, sizeof(iv1), resultT, sizeof(resultT),
                         a, sizeof(a), &userContext);
     if (result != 0){
         ret = -8;
@@ -479,7 +470,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     wc_AesGcmSetKey(enc, k1, sizeof(k1));
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
-                                resultT + 1, sizeof(resultT) - 1, 
+                                resultT + 1, sizeof(resultT) - 1,
                                 a, sizeof(a), &userContext);
     if (result != 0) {
         ret = -10;
@@ -487,7 +478,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     }
 
     result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
-                            iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, 
+                            iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
                             a, sizeof(a), &userContext);
 
     if (result != 0) {
@@ -504,11 +495,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 #ifdef FREERTOS
@@ -516,7 +507,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == false) {
         ret = tsip_aesgcm256_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -616,16 +607,16 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
         enc->ctx.keySize = enc->keylen;
     }
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), 
+    result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3),
                                         iv3, sizeof(iv3),
-                                        resultT, sizeof(t3), 
+                                        resultT, sizeof(t3),
                                         a3, sizeof(a3), &userContext);
     if (result != 0) {
         ret = -4;
         goto out;
     }
     result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
-                                iv3, sizeof(iv3), resultT, sizeof(resultT), 
+                                iv3, sizeof(iv3), resultT, sizeof(resultT),
                                 a3, sizeof(a3), &userContext);
     if (result != 0) {
         ret = -5;
@@ -641,11 +632,11 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 #ifdef FREERTOS
@@ -790,15 +781,9 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
         wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (in != NULL) {
-        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (in2 != NULL) {
-        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -812,7 +797,7 @@ int tsip_crypt_sha_multitest()
     int num = 0;
     int i;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA
     num++;
 #endif
@@ -825,14 +810,14 @@ int tsip_crypt_sha_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA
-    xRet = xTaskCreate(tskSha_Test, "sha_test", 
+    xRet = xTaskCreate(tskSha_Test, "sha_test",
                             SMALL_STACK_SIZE, NULL, 3, NULL);
 #endif
 #ifndef NO_SHA256
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskSha256_Test, "sha256_test", 
+        xRet = xTaskCreate(tskSha256_Test, "sha256_test",
                             SMALL_STACK_SIZE, NULL, 3, NULL);
 #endif
 
@@ -849,15 +834,15 @@ int tsip_crypt_sha_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
+
     if ((xRet == pdPASS) &&
        (sha_multTst_rslt == 0 && sha256_multTst_rslt == 0))
         ret = 0;
     else
         ret = -1;
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -874,7 +859,7 @@ int tsip_crypt_AesCbc_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -887,7 +872,7 @@ int tsip_crypt_AesCbc_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                             sizeof(tsip_aes_key_index_t));
@@ -916,7 +901,7 @@ int tsip_crypt_AesCbc_multitest()
         xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2",
                 SMALL_STACK_SIZE, &info_aes256_2, 3, NULL);
 #endif
-    
+
     if (xRet == pdPASS) {
     printf(" Waiting for completing tasks ...");
         vTaskDelay(10000/portTICK_PERIOD_MS);
@@ -930,7 +915,7 @@ int tsip_crypt_AesCbc_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -955,7 +940,7 @@ int tsip_crypt_AesGcm_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1010,7 +995,7 @@ int tsip_crypt_AesGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1032,7 +1017,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
     Info info_aes256cbc;
     Info info_aes256gcm;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA
     num++;
 #endif
@@ -1051,7 +1036,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA
     xRet = xTaskCreate(tskSha_Test, "sha_test",
                                 SMALL_STACK_SIZE, NULL, 3, NULL);
@@ -1069,7 +1054,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
     XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2,
                                                 sizeof(tsip_aes_key_index_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", 
+        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
                                     STACK_SIZE, &info_aes256gcm, 3, NULL);
 #endif
 
@@ -1086,9 +1071,9 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
+
     if (xRet == pdPASS && sha_multTst_rslt == 0 &&
        (Aes256_Cbc_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0)) {
         ret = 0;
@@ -1096,7 +1081,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
     else {
         ret = -1;
     }
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -1158,11 +1143,10 @@ int tsip_crypt_test()
             ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1);
 
         }
-   #if defined(WOLFSSL_KEY_GEN)&& \
+   #if defined(WOLFSSL_KEY_GEN) && \
        defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
         if (ret == 0) {
-
             Clr_CallbackCtx(&userContext);
 
             ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &userContext);
@@ -1172,11 +1156,10 @@ int tsip_crypt_test()
         }
 
         if (ret == 0) {
-
             printf(" tsip_rsa_SignVerify_test(1024)");
 
             userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
-            userContext.sing_hash_type = sha256_mac;
+            userContext.sign_hash_type = sha256_mac;
             userContext.keyflgs_crypt.bits.message_type = 0;
 
             ret = tsip_rsa_SignVerify_test(1, 1024);
@@ -1189,7 +1172,7 @@ int tsip_crypt_test()
             printf(" tsip_rsa_SignVerify_test(2048)");
 
             userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
-            userContext.sing_hash_type = sha256_mac;
+            userContext.sign_hash_type = sha256_mac;
             userContext.keyflgs_crypt.bits.message_type = 0;
 
             ret = tsip_rsa_SignVerify_test(1, 2048);
diff --git a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
index 48e4522493..beb89aae6f 100644
--- a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h b/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
index 9f5a8cd0ae..6357c0b640 100644
--- a/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/include.am b/IDE/Renesas/e2studio/RZN2L/include.am
index af40725cbb..88ccadfc74 100644
--- a/IDE/Renesas/e2studio/RZN2L/include.am
+++ b/IDE/Renesas/e2studio/RZN2L/include.am
@@ -14,4 +14,4 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
-EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/user_settings.h
\ No newline at end of file
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/user_settings.h
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
index 0e4c459ed0..cb9b3b7a0e 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
@@ -1,6 +1,6 @@
 /* rzn2l_tst_thread_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
index f2d610da1f..7353bc1afe 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,14 +58,14 @@ void wolfSSL_TLS_client_init()
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return;
     }
-    
+
     #if !defined(NO_FILESYSTEM)
     if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
         printf("ERROR: can't load \"%s\"\n", cert);
         return NULL;
     }
     #else
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
                                             SSL_FILETYPE_ASN1) != SSL_SUCCESS){
            printf("ERROR: can't load certificate data\n");
        return;
@@ -83,13 +83,13 @@ int wolfSSL_TLS_client_do(void *pvParam)
     socklen_t xSize = sizeof(struct freertos_sockaddr);
     xSocket_t xClientSocket = NULL;
     struct freertos_sockaddr xRemoteAddress;
-    
+
     WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;
     WOLFSSL *ssl = NULL;
 
     #define BUFF_SIZE 256
     static const char sendBuff[]= "Hello Server\n" ;
-    
+
     char    rcvBuff[BUFF_SIZE] = {0};
 
     /* Client Socket Setup */
@@ -128,10 +128,10 @@ int wolfSSL_TLS_client_do(void *pvParam)
          printf(" Error [%d]: wolfSSL_set_fd.\n",ret);
      }
 
-     printf("  Cipher : %s\n", 
+     printf("  Cipher : %s\n",
                                     (p->cipher == NULL) ? "NULL" : p->cipher);
      /* use specific cipher */
-     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) 
+     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher)
                                                            != WOLFSSL_SUCCESS) {
           printf(" client can't set cipher list 1");
           goto out;
@@ -150,7 +150,7 @@ int wolfSSL_TLS_client_do(void *pvParam)
      wolfSSL_Debugging_OFF();
      #endif
 
-     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) 
+     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff))
                                                     != (int)strlen(sendBuff)) {
         printf(" ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
         goto out;
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
index b4ce624c99..fc3d9706c8 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
index 4f437bc7df..0944a5ca84 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
@@ -1,6 +1,6 @@
 /* wolfssl_sce_unit_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -112,7 +112,7 @@ FSPSM_ST gCbInfo_a; /* for multi testing */
     uint8_t rsa1024_wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_1024_PRIVATE ];
     uint8_t rsa2048_wrapped_key1[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PUBLIC];
     uint8_t rsa2048_wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PRIVATE ];
-    
+
     FSPSM_RSA1024_WPB_KEY* g_user_rsa1024_public_key =
                     (FSPSM_RSA1024_WPB_KEY*)rsa1024_wrapped_key1;
     FSPSM_RSA1024_WPI_KEY* g_user_rsa1024_private_key =
@@ -139,7 +139,7 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     word32 keySz = (word32)(128/8);
     int  ret = 0;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 
+    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
        /* "Now is the time for all " w/o trailing 0 */
         0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
         0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
@@ -153,7 +153,7 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt) {
         printf(" rsip_aes_cbc_test() ");
     }
-    
+
     ret = wc_AesInit(aes, NULL, devId1);
     if (ret == 0) {
         ret = wc_AesSetKey(aes, (byte*)aes_key, keySz,
@@ -189,7 +189,7 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -197,7 +197,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aes128_cbc_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -236,7 +236,7 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 
     if (prnt)
         printf(" rsip_aes256_test() ");
-    
+
     if (wc_AesInit(enc, NULL, devId1) != 0) {
         ret = -1;
         goto out;
@@ -288,7 +288,7 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -296,7 +296,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aes256_cbc_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -378,7 +378,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     if (prnt) {
         printf(" rsip_aes256_gcm_test() ");
     }
-    
+
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
@@ -402,7 +402,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p),
-                                (byte*)iv1, sizeof(iv1), 
+                                (byte*)iv1, sizeof(iv1),
                                 resultT, sizeof(resultT),
                                  a, sizeof(a));
 
@@ -417,7 +417,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
         ret = -7;
         goto out;
     }
-    
+
     result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
                 iv1, sizeof(iv1), resultT, sizeof(resultT),
                  a, sizeof(a));
@@ -447,7 +447,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     }
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
-              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, 
+              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
               a, sizeof(a));
 
     if (result != 0) {
@@ -464,11 +464,11 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -476,7 +476,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aesgcm256_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -592,7 +592,7 @@ static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
         ret = -4;
         goto out;
     }
-    
+
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
                       iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
@@ -610,11 +610,11 @@ static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -622,7 +622,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aesgcm128_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -649,7 +649,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 static int rsip_rsa_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
@@ -661,7 +661,7 @@ static int rsip_rsa_test(int prnt, int keySize)
     byte *in2 = NULL;
     byte *out= NULL;
     byte *out2 = NULL;
-    
+
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -672,19 +672,19 @@ static int rsip_rsa_test(int prnt, int keySize)
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
     XMEMCPY(in2, inStr2, inLen);
     XMEMSET(out,  0, outSz);
     XMEMSET(out2, 0, outSz);
-    
+
     ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
 
@@ -695,7 +695,7 @@ static int rsip_rsa_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
         goto out;
@@ -718,19 +718,11 @@ static int rsip_rsa_test(int prnt, int keySize)
         wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (in != NULL) {
-        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (in2 != NULL) {
-        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out2 != NULL) {
-        XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
     (void) prnt;
     return ret;
 }
@@ -738,7 +730,7 @@ static int rsip_rsa_test(int prnt, int keySize)
 static int rsip_rsa_SignVerify_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     word32 sigSz;
@@ -762,7 +754,7 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
@@ -772,10 +764,10 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
-    
+
     if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
         goto out;
 
@@ -783,7 +775,7 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     gCbInfo.keyflgs_crypt.bits.message_type = 0;
     ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
@@ -808,16 +800,10 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
         wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (in != NULL) {
-        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (in2 != NULL) {
-        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
     return ret;
 }
 #endif
@@ -869,7 +855,7 @@ int rsip_crypt_sha256_multitest()
     int num = 0;
     int i;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -879,7 +865,7 @@ int rsip_crypt_sha256_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
     xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                         STACK_SIZE, NULL, 2, NULL);
@@ -901,15 +887,15 @@ int rsip_crypt_sha256_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
+
     if ((xRet == pdPASS) &&
        (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0))
         ret = 0;
     else
         ret = -1;
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -926,7 +912,7 @@ int rsip_crypt_AesCbc_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -939,7 +925,7 @@ int rsip_crypt_AesCbc_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                             sizeof(FSPSM_AES_PWKEY));
@@ -968,7 +954,7 @@ int rsip_crypt_AesCbc_multitest()
         xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2",
                                     STACK_SIZE, &info_aes256_2, 3, NULL);
 #endif
-    
+
     if (xRet == pdPASS) {
     printf(" Waiting for completing tasks ...   ");
         vTaskDelay(10000/portTICK_PERIOD_MS);
@@ -982,7 +968,7 @@ int rsip_crypt_AesCbc_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1007,7 +993,7 @@ int rsip_crypt_AesGcm_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1021,7 +1007,7 @@ int rsip_crypt_AesGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #if defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                     sizeof(FSPSM_AES_PWKEY));
@@ -1066,7 +1052,7 @@ int rsip_crypt_AesGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1090,7 +1076,7 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
     Info info_aes256cbc;
     Info info_aes256gcm;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -1112,45 +1098,45 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
-    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1", 
+    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                             STACK_SIZE, NULL, 3, NULL);
 
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2", 
+        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2",
                                             STACK_SIZE, NULL, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1, 
+    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1", 
+        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1",
                                     STACK_SIZE, &info_aes128cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2, 
+    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2", 
+        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2",
                                     STACK_SIZE, &info_aes128gcm, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1, 
+    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1", 
+        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1",
                                     STACK_SIZE, &info_aes256cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2, 
+    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", 
+        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
                                     STACK_SIZE, &info_aes256gcm, 3, NULL);
 #endif
 
@@ -1167,19 +1153,19 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
-    if ((xRet == pdPASS) && 
+
+    if ((xRet == pdPASS) &&
         (Aes128_Gcm_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0) &&
         (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0)) {
-        
+
         ret = 0;
     }
     else {
         ret = -1;
     }
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -1191,13 +1177,13 @@ int rsip_crypt_test()
     fsp_err_t rsip_error_code = FSP_SUCCESS;
 
     /* Generate AES sce Key */
-    
+
     if (rsip_error_code == FSP_SUCCESS) {
        #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
         /* set up Crypt Call back */
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
-        
+
         /* sets wrapped aes key */
         gCbInfo.wrapped_key_aes128 = g_user_aes128_key_index1;
         gCbInfo.wrapped_key_aes256 = g_user_aes256_key_index1;
@@ -1206,14 +1192,14 @@ int rsip_crypt_test()
         gCbInfo.wrapped_key_rsapub1024 = g_user_rsa1024_public_key;
         gCbInfo.wrapped_key_rsapri2048 = g_user_rsa2048_private_key;
         gCbInfo.wrapped_key_rsapub2048 = g_user_rsa2048_public_key;
-        
+
         RSIP_KeyGeneration(&gCbInfo);
-        
+
         /* Key generation for multi testing */
         gCbInfo_a.wrapped_key_aes128 = g_user_aes128_key_index2;
         gCbInfo_a.wrapped_key_aes256 = g_user_aes256_key_index2;
         RSIP_KeyGeneration(&gCbInfo_a);
-        
+
         /* set callback ctx */
         ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &gCbInfo);
 
@@ -1290,27 +1276,27 @@ int rsip_crypt_test()
         if (ret == 0) {
             ret = rsip_aesgcm256_test(1, g_user_aes256_key_index1);
         }
-        
+
         if (ret == 0) {
             printf(" multi sha thread test\n");
             ret = rsip_crypt_sha256_multitest();
         }
-        
+
         if (ret == 0) {
             printf(" multi Aes cbc thread test\n");
             ret = rsip_crypt_AesCbc_multitest();
         }
-        
+
         if (ret == 0) {
             printf(" multi Aes Gcm thread test\n");
             ret = rsip_crypt_AesGcm_multitest();
         }
-        
+
         if (ret == 0) {
             printf("rsip_crypt_Sha_AesCbcGcm_multitest\n");
             ret = rsip_crypt_Sha_AesCbcGcm_multitest();
         }
-        
+
     #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
index 2b9642c0c5..94cdc9bbcf 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/STARCORE/starcore_test.c b/IDE/STARCORE/starcore_test.c
index 72c3613f11..69eefbca24 100644
--- a/IDE/STARCORE/starcore_test.c
+++ b/IDE/STARCORE/starcore_test.c
@@ -1,6 +1,6 @@
 /* starcore_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,7 +20,7 @@
  */
 
 
-#include <prototype.h> 
+#include <prototype.h>
 
 #include <wolfssl/wolfcrypt/settings.h>
 #ifndef WOLFSSL_USER_SETTINGS
@@ -135,12 +135,12 @@ int process_a_file(char* fName)
     }
     return ret;
 }
-#endif 
+#endif
 
 void check_ret(int ret)
 {
     if(ret != 0) {
-        exit(-1); 
+        exit(-1);
     }
 }
 
diff --git a/IDE/STARCORE/user_settings.h b/IDE/STARCORE/user_settings.h
index e62f12d67a..f5e3907701 100644
--- a/IDE/STARCORE/user_settings.h
+++ b/IDE/STARCORE/user_settings.h
@@ -1,23 +1,23 @@
 /* user_settings.h
 *
-* Copyright (C) 2006-2023 wolfSSL Inc.
-*
-* This file is part of wolfSSL.
-*
-* wolfSSL is free software; you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation; either version 2 of the License, or
-* (at your option) any later version.
-*
-* wolfSSL is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program; if not, write to the Free Software
-* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-*/
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
 
 /* Custom wolfSSL user settings for Vortec Scheduler,
  *                                  VxWorks 6.9 and VxWorks 7.0  */
@@ -417,6 +417,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h> /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
@@ -560,7 +561,7 @@ extern "C" {
 
 #undef NO_FILESYSTEM
 /* #define NO_FILESYSTEM */
-    
+
 #undef NO_WRITE_TEMP_FILES
 #define NO_WRITE_TEMP_FILES
 
@@ -569,7 +570,7 @@ extern "C" {
 
 #undef NO_WRITEV
 #define NO_WRITEV
-    
+
 #undef WOLFSSL_NO_SOCK
 #define WOLFSSL_NO_SOCK
 
@@ -593,10 +594,10 @@ extern "C" {
 
 #undef NO_MD4
 #define NO_MD4
-    
+
 #undef WOLFSSL_NO_SHAKE128
 #define WOLFSSL_NO_SHAKE128
-    
+
 #undef WOLFSSL_NO_SHAKE256
 #define WOLFSSL_NO_SHAKE256
 
diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl
index 5e92dc1ddf..6041dc90a1 100644
--- a/IDE/STM32Cube/default_conf.ftl
+++ b/IDE/STM32Cube/default_conf.ftl
@@ -107,7 +107,7 @@ extern ${variable.value} ${variable.name};
     #undef  NO_STM32_HASH
     #undef  NO_STM32_CRYPTO
     #define HAL_CONSOLE_UART huart3
-#elif defined(STM32H723xx) || defined(STM32H725xx)
+#elif defined(STM32H723xx) || defined(STM32H725xx) || defined(STM32H743xx)
     #define WOLFSSL_STM32H7
     #define HAL_CONSOLE_UART huart3
 #elif defined(STM32L4A6xx)
@@ -148,11 +148,14 @@ extern ${variable.value} ${variable.name};
     #define HAL_CONSOLE_UART huart2
     #define NO_STM32_RNG
     #define WOLFSSL_GENSEED_FORTEST /* no HW RNG is available use test seed */
-#elif defined(STM32U575xx) || defined(STM32U585xx)
+#elif defined(STM32G491xx)
+    #define WOLFSSL_STM32G4
+    #define HAL_CONSOLE_UART hlpuart1
+#elif defined(STM32U575xx) || defined(STM32U585xx) || defined(STM32U5A9xx)
     #define HAL_CONSOLE_UART huart1
     #define WOLFSSL_STM32U5
     #define STM32_HAL_V2
-    #ifdef STM32U585xx
+    #if defined(STM32U585xx) || defined(STM32U5A9xx)
         #undef  NO_STM32_HASH
         #undef  NO_STM32_CRYPTO
         #define WOLFSSL_STM32_PKA
@@ -169,7 +172,7 @@ extern ${variable.value} ${variable.name};
     /* You need to define a CPU type, HW crypto and debug UART */
     /* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4,
         WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4, WOLFSSL_STM32L5,
-        WOLFSSL_STM32G0, WOLFSSL_STM32WB and WOLFSSL_STM32U5 */
+        WOLFSSL_STM32G0, WOLFSSL_STM32G4, WOLFSSL_STM32WB and WOLFSSL_STM32U5 */
     #define WOLFSSL_STM32F4
 
     /* Debug UART used for printf */
@@ -195,13 +198,23 @@ extern ${variable.value} ${variable.name};
 #define WOLFSSL_GENERAL_ALIGNMENT 4
 #define WOLFSSL_STM32_CUBEMX
 #define WOLFSSL_SMALL_STACK
-#define WOLFSSL_USER_IO
-#define WOLFSSL_NO_SOCK
 #define WOLFSSL_IGNORE_FILE_WARN
 
+/* ------------------------------------------------------------------------- */
+/* Network stack: 1=User IO (custom), 2=LWIP (posix), 3=LWIP (native) */
+/* ------------------------------------------------------------------------- */
+#if defined(WOLF_CONF_IO) && WOLF_CONF_IO == 2
+    #define WOLFSSL_LWIP
+#elif defined(WOLF_CONF_IO) && WOLF_CONF_IO == 3
+    #define WOLFSSL_LWIP_NATIVE
+#else /* custom */
+    #define WOLFSSL_USER_IO
+    #define WOLFSSL_NO_SOCK
+#endif
+
 
 /* ------------------------------------------------------------------------- */
-/* Operating System */
+/* Operating System: 1=Bare-metal/Single threaded, 2=FREERTOS */
 /* ------------------------------------------------------------------------- */
 #if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
     #define FREERTOS
@@ -328,20 +341,24 @@ extern ${variable.value} ${variable.name};
 #endif
 
 /* TLS Session Cache */
-#if 0
+#if defined(WOLF_CONF_RESUMPTION) && WOLF_CONF_RESUMPTION == 1
     #define SMALL_SESSION_CACHE
+    #define HAVE_SESSION_TICKET
 #else
     #define NO_SESSION_CACHE
 #endif
 
-/* Post Quantum
- * Note: PQM4 is compatible with STM32. The project can be found at:
- * https://github.com/mupq/pqm4
- */
-#if defined(WOLF_CONF_PQM4) && WOLF_CONF_PQM4 == 1
-    #define HAVE_PQM4
+/* TPM support */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLF_CRYPTO_CB
+    #define WOLFSSL_PUBLIC_MP
+    /* also AES CFB - enabled below */
 #endif
 
+/* TLS key callbacks */
+#if defined(WOLF_CONF_PK) && WOLF_CONF_PK == 1
+    #define HAVE_PK_CALLBACKS
+#endif
 
 /* ------------------------------------------------------------------------- */
 /* Crypto */
@@ -430,21 +447,31 @@ extern ${variable.value} ${variable.name};
 #endif
 
 /* AES */
-#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
+#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM >= 1
     #define HAVE_AESGCM
+    #define HAVE_AES_DECRYPT
+
     /* GCM Method: GCM_SMALL, GCM_WORD32, GCM_TABLE or GCM_TABLE_4BIT */
     /* GCM_TABLE is about 4K larger and 3x faster for GHASH */
-    #define GCM_SMALL
-    #define HAVE_AES_DECRYPT
+    #if WOLF_CONF_AESGCM == 2
+        #define GCM_TABLE_4BIT
+    #else
+        #define GCM_SMALL
+    #endif
 #endif
 
 #if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
     #define HAVE_AES_CBC
     #define HAVE_AES_DECRYPT
+#else
+    #define NO_AES_CBC
 #endif
 
 /* Other possible AES modes */
-//#define WOLFSSL_AES_CFB /* Used by TPM parameter encryption */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLFSSL_AES_CFB /* Used by TPM parameter encryption */
+#endif
+
 //#define WOLFSSL_AES_COUNTER
 //#define HAVE_AESCCM
 //#define WOLFSSL_AES_XTS
@@ -534,6 +561,33 @@ extern ${variable.value} ${variable.name};
     #define NO_MD5
 #endif
 
+/* ------------------------------------------------------------------------- */
+/* Post-Quantum Crypto */
+/* ------------------------------------------------------------------------- */
+/* NOTE: this is after the hashing section to override the potential SHA3 undef
+ * above. */
+#if defined(WOLF_CONF_KYBER) && WOLF_CONF_KYBER == 1
+#undef  WOLFSSL_EXPERIMENTAL_SETTINGS
+#define WOLFSSL_EXPERIMENTAL_SETTINGS
+
+#undef  WOLFSSL_HAVE_KYBER
+#define WOLFSSL_HAVE_KYBER
+
+#undef  WOLFSSL_WC_KYBER
+#define WOLFSSL_WC_KYBER
+
+#undef  WOLFSSL_NO_SHAKE128
+#undef  WOLFSSL_SHAKE128
+#define WOLFSSL_SHAKE128
+
+#undef  WOLFSSL_NO_SHAKE256
+#undef  WOLFSSL_SHAKE256
+#define WOLFSSL_SHAKE256
+
+#undef  WOLFSSL_SHA3
+#define WOLFSSL_SHA3
+#endif /* WOLF_CONF_KYBER */
+
 /* ------------------------------------------------------------------------- */
 /* Crypto Acceleration */
 /* ------------------------------------------------------------------------- */
diff --git a/IDE/STM32Cube/main.c b/IDE/STM32Cube/main.c
index f056c8cd6a..0acdb389c7 100644
--- a/IDE/STM32Cube/main.c
+++ b/IDE/STM32Cube/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -138,11 +138,11 @@ static void SystemClock_Config(void)
     RCC_ClkInitTypeDef RCC_ClkInitStruct = {0};
     RCC_PeriphCLKInitTypeDef PeriphClkInitStruct = {0};
 
-    /** Configure the main internal regulator output voltage 
+    /** Configure the main internal regulator output voltage
     */
     __HAL_RCC_PWR_CLK_ENABLE();
     __HAL_PWR_VOLTAGESCALING_CONFIG(PWR_REGULATOR_VOLTAGE_SCALE1);
-    /** Initializes the CPU, AHB and APB buses clocks 
+    /** Initializes the CPU, AHB and APB buses clocks
     */
     RCC_OscInitStruct.OscillatorType = RCC_OSCILLATORTYPE_HSI|RCC_OSCILLATORTYPE_LSI;
     RCC_OscInitStruct.HSIState = RCC_HSI_ON;
@@ -157,7 +157,7 @@ static void SystemClock_Config(void)
     if (HAL_RCC_OscConfig(&RCC_OscInitStruct) != HAL_OK) {
         Error_Handler();
     }
-    /** Initializes the CPU, AHB and APB buses clocks 
+    /** Initializes the CPU, AHB and APB buses clocks
     */
     RCC_ClkInitStruct.ClockType = RCC_CLOCKTYPE_HCLK|RCC_CLOCKTYPE_SYSCLK|RCC_CLOCKTYPE_PCLK1|RCC_CLOCKTYPE_PCLK2;
     RCC_ClkInitStruct.SYSCLKSource = RCC_SYSCLKSOURCE_PLLCLK;
@@ -325,7 +325,7 @@ void Error_Handler(void)
   * @retval None
   */
 void assert_failed(uint8_t *file, uint32_t line)
-{ 
+{
     /* User can add his own implementation to report the file name and line number,
       tex: printf("Wrong parameters value: file %s on line %d\r\n", file, line) */
 }
@@ -336,7 +336,7 @@ void assert_failed(uint8_t *file, uint32_t line)
 /* Working _sbrk example for .ld based libC malloc/free */
 /* Replace this with one in Core/Src/sysmem.c */
 /* Symbols defined in the linker script */
-extern uint8_t _end; 
+extern uint8_t _end;
 extern uint8_t _estack;
 extern uint32_t _Min_Stack_Size;
 void* _sbrk(ptrdiff_t incr)
diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c
index fc813483f1..342e8ee9d0 100644
--- a/IDE/STM32Cube/wolfssl_example.c
+++ b/IDE/STM32Cube/wolfssl_example.c
@@ -1,6 +1,6 @@
 /* wolfssl_example.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -284,7 +284,7 @@ typedef struct {
 typedef struct {
     int ret;
 
-    osThreadId threadId;
+    osThreadId_t threadId;
 #ifdef CMSIS_OS2_H_
     osSemaphoreId_t mutex;
 #else
@@ -1700,9 +1700,7 @@ static int tls13_uart_server(void)
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (tbuf != NULL) {
-        XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -1752,7 +1750,7 @@ static int tls13_uart_client(void)
 
     wolfSSL_SetIOReadCtx(ssl, tbuf);
 
-#ifdef HAVE_PQC
+#ifdef WOLFSSL_HAVE_KYBER
     if (wolfSSL_UseKeyShare(ssl, WOLFSSL_KYBER_LEVEL1) != WOLFSSL_SUCCESS) {
         printf("wolfSSL_UseKeyShare Error!!");
     }
@@ -1795,9 +1793,7 @@ static int tls13_uart_client(void)
         wolfSSL_CTX_free(ctx);
     }
 #ifdef WOLFSSL_SMALL_STACK
-    if (tbuf != NULL) {
-        XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
diff --git a/IDE/STM32Cube/wolfssl_example.h b/IDE/STM32Cube/wolfssl_example.h
index 5720511f30..792c7d9844 100644
--- a/IDE/STM32Cube/wolfssl_example.h
+++ b/IDE/STM32Cube/wolfssl_example.h
@@ -1,6 +1,6 @@
 /* wolfssl_example.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,7 @@
 #endif
 
 #ifndef WOLFSSL_USER_SETTINGS
-	#include <wolfssl/options.h>
+    #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
diff --git a/IDE/SimplicityStudio/test_wolf.c b/IDE/SimplicityStudio/test_wolf.c
index e52266ac40..f05ee30476 100644
--- a/IDE/SimplicityStudio/test_wolf.c
+++ b/IDE/SimplicityStudio/test_wolf.c
@@ -1,6 +1,6 @@
 /* test_wolf.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/SimplicityStudio/user_settings.h b/IDE/SimplicityStudio/user_settings.h
index cfe138a695..05ba8d517d 100644
--- a/IDE/SimplicityStudio/user_settings.h
+++ b/IDE/SimplicityStudio/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -337,6 +337,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/VS-AZURE-SPHERE/client/client.c b/IDE/VS-AZURE-SPHERE/client/client.c
index 9a326e0695..d23e0f957c 100644
--- a/IDE/VS-AZURE-SPHERE/client/client.c
+++ b/IDE/VS-AZURE-SPHERE/client/client.c
@@ -1,6 +1,6 @@
-/* client.c
+/* client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/client/client.h b/IDE/VS-AZURE-SPHERE/client/client.h
index f2d6fd805f..72a3f7b970 100644
--- a/IDE/VS-AZURE-SPHERE/client/client.h
+++ b/IDE/VS-AZURE-SPHERE/client/client.h
@@ -1,6 +1,6 @@
 /* client.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/server/server.c b/IDE/VS-AZURE-SPHERE/server/server.c
index aad4ef7235..70208fe5e6 100644
--- a/IDE/VS-AZURE-SPHERE/server/server.c
+++ b/IDE/VS-AZURE-SPHERE/server/server.c
@@ -1,6 +1,6 @@
-/* server.c
+/* server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/server/server.h b/IDE/VS-AZURE-SPHERE/server/server.h
index 497a3c41ca..f43231682b 100644
--- a/IDE/VS-AZURE-SPHERE/server/server.h
+++ b/IDE/VS-AZURE-SPHERE/server/server.h
@@ -1,6 +1,6 @@
 /* server.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/user_settings.h b/IDE/VS-AZURE-SPHERE/user_settings.h
index 91de4d2513..a55c0b0915 100644
--- a/IDE/VS-AZURE-SPHERE/user_settings.h
+++ b/IDE/VS-AZURE-SPHERE/user_settings.h
@@ -7,9 +7,9 @@
     #ifndef SERVER_IP
         #define SERVER_IP "192.168.1.200" /* Local Test Server IP */
     #endif
-	#ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 11111
-	#endif
+    #ifndef DEFAULT_PORT
+        #define DEFAULT_PORT 11111
+    #endif
     #define CERT         ca_cert_der_2048
     #define SIZEOF_CERT  sizeof_ca_cert_der_2048
     static const char msg[] = "Are you listening wolfSSL Server?";
@@ -17,9 +17,9 @@
     #ifndef SERVER_IP
         #define SERVER_IP "www.wolfssl.com"
     #endif
-	#ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 443
-	#endif
+    #ifndef DEFAULT_PORT
+        #define DEFAULT_PORT 443
+    #endif
     #define CERT         wolfssl_website_root_ca
     #define SIZEOF_CERT  sizeof_wolfssl_website_root_ca
     static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n";
diff --git a/IDE/VisualDSP/user_settings.h b/IDE/VisualDSP/user_settings.h
index 2ce8e1eba0..dd67bd8acb 100644
--- a/IDE/VisualDSP/user_settings.h
+++ b/IDE/VisualDSP/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -481,7 +481,7 @@ extern "C" {
 
 /* Seed Source */
 /* Size of returned HW RNG value */
-#if 0   
+#if 0
     #define CUSTOM_RAND_TYPE      unsigned int
     extern unsigned int my_rng_seed_gen(void);
     #undef  CUSTOM_RAND_GENERATE
@@ -690,7 +690,7 @@ extern "C" {
         int argc;
         char** argv;
         int return_code;
-        struct fssShellInfo* info;  
+        struct fssShellInfo* info;
     } wolfArgs;
 
     #define printf FCL_PRINTF
diff --git a/IDE/VisualDSP/wolf_tasks.c b/IDE/VisualDSP/wolf_tasks.c
index 5d38879f4a..4fd316aa2a 100644
--- a/IDE/VisualDSP/wolf_tasks.c
+++ b/IDE/VisualDSP/wolf_tasks.c
@@ -1,6 +1,6 @@
 /* wolf-tasks.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/WICED-STUDIO/user_settings.h b/IDE/WICED-STUDIO/user_settings.h
index 70ce019d6e..e4a6f2e8a5 100644
--- a/IDE/WICED-STUDIO/user_settings.h
+++ b/IDE/WICED-STUDIO/user_settings.h
@@ -1,4 +1,4 @@
- /* Copyright (C) 2006-2018 wolfSSL Inc.
+ / * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -411,6 +411,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/WIN-SRTP-KDF-140-3/resource.h b/IDE/WIN-SRTP-KDF-140-3/resource.h
index e92769c505..691fa76544 100644
--- a/IDE/WIN-SRTP-KDF-140-3/resource.h
+++ b/IDE/WIN-SRTP-KDF-140-3/resource.h
@@ -3,7 +3,7 @@
 // Used by wolfssl-fips.rc
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        101
diff --git a/IDE/WIN/user_settings_dtls.h b/IDE/WIN/user_settings_dtls.h
index 06880e413d..ff6f3ac1ef 100644
--- a/IDE/WIN/user_settings_dtls.h
+++ b/IDE/WIN/user_settings_dtls.h
@@ -8,8 +8,8 @@
 
 /* DTLS configuration including DTLS v.1.3 which requires TLS v.1.3. */
 
-/* The below DTLS configurations can be copied in to another user_settings.h 
-   file that may have other settings that need to be preserved. 
+/* The below DTLS configurations can be copied in to another user_settings.h
+   file that may have other settings that need to be preserved.
 */
 #define WOLFSSL_TLS13
 #define WOLFSSL_DTLS
diff --git a/IDE/WIN10/resource.h b/IDE/WIN10/resource.h
index e92769c505..691fa76544 100644
--- a/IDE/WIN10/resource.h
+++ b/IDE/WIN10/resource.h
@@ -3,7 +3,7 @@
 // Used by wolfssl-fips.rc
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        101
diff --git a/IDE/WINCE/user_settings.h b/IDE/WINCE/user_settings.h
index 228ed9b739..eca61f0436 100644
--- a/IDE/WINCE/user_settings.h
+++ b/IDE/WINCE/user_settings.h
@@ -491,6 +491,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
@@ -829,4 +830,4 @@ extern "C" {
 #endif
 
 
-#endif /* WOLFSSL_USER_SETTINGS_H */
\ No newline at end of file
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/IDE/WORKBENCH/README.md b/IDE/WORKBENCH/README.md
index 6565045790..d551b5ed9c 100644
--- a/IDE/WORKBENCH/README.md
+++ b/IDE/WORKBENCH/README.md
@@ -27,7 +27,7 @@ then "Browse" and select:
     ```
     Click "OK" then "OK" again.
 
-4. Create a new `<path_to_wolfssl>/user_settings.h` file and add your custom 
+4. Create a new `<path_to_wolfssl>/user_settings.h` file and add your custom
 settings. Below is an example but you can expand the settings. For more details,
 see https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_template.h
 
diff --git a/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h b/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h
index 28df853cbf..cbbdfe3a0e 100644
--- a/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h
+++ b/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -407,6 +407,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h b/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h
index f7c5693cc9..768ed06c2a 100644
--- a/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h
+++ b/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -418,6 +418,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/XCODE-FIPSv2/user_settings.h b/IDE/XCODE-FIPSv2/user_settings.h
index 031f54b52b..cf039344df 100644
--- a/IDE/XCODE-FIPSv2/user_settings.h
+++ b/IDE/XCODE-FIPSv2/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -419,6 +419,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/XCODE-FIPSv5/user_settings.h b/IDE/XCODE-FIPSv5/user_settings.h
index a66b0dce70..74fdb284e2 100644
--- a/IDE/XCODE-FIPSv5/user_settings.h
+++ b/IDE/XCODE-FIPSv5/user_settings.h
@@ -500,6 +500,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h
index 2feebb2112..f6a3eeee78 100644
--- a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h
+++ b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h
@@ -1,6 +1,6 @@
 /* AppDelegate.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m
index cfb4bd57f4..eb6a1d88ca 100644
--- a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m
+++ b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m
@@ -1,6 +1,6 @@
 /* AppDelegate.m
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/ViewController.h b/IDE/XCODE/Benchmark/wolfBench/ViewController.h
index 2dc6e90fd6..d8f1a9a3e6 100644
--- a/IDE/XCODE/Benchmark/wolfBench/ViewController.h
+++ b/IDE/XCODE/Benchmark/wolfBench/ViewController.h
@@ -1,6 +1,6 @@
 /* ViewController.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/ViewController.m b/IDE/XCODE/Benchmark/wolfBench/ViewController.m
index cf4f036925..94c3f63822 100644
--- a/IDE/XCODE/Benchmark/wolfBench/ViewController.m
+++ b/IDE/XCODE/Benchmark/wolfBench/ViewController.m
@@ -1,6 +1,6 @@
 /* ViewController.m
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/main.m b/IDE/XCODE/Benchmark/wolfBench/main.m
index 8966a562db..bee606d429 100644
--- a/IDE/XCODE/Benchmark/wolfBench/main.m
+++ b/IDE/XCODE/Benchmark/wolfBench/main.m
@@ -1,6 +1,6 @@
 /* main.m
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/README.md b/IDE/XCODE/README.md
index f76f4f7d4d..2401eae319 100644
--- a/IDE/XCODE/README.md
+++ b/IDE/XCODE/README.md
@@ -8,27 +8,27 @@ This directory contains the following files:
 4. `wolfssl-FIPS.xcodeproj` -- project to build wolfSSL and wolfCrypt-FIPS if available
 5. `user_settings.h` -- custom library settings, which are shared across projects
 
-The library will output as `libwolfssl_osx.a` or 'libwolfssl_ios.a` depending on 
-the target. It will also copy the wolfSSL/wolfCrypt (and the CyaSSL/CtaoCrypt 
-compatibility) headers into an `include` directory located in 
+The library will output as `libwolfssl_osx.a` or 'libwolfssl_ios.a` depending on
+the target. It will also copy the wolfSSL/wolfCrypt (and the CyaSSL/CtaoCrypt
+compatibility) headers into an `include` directory located in
 `Build/Products/Debug` or `Build/Products/Release`.
 
-For the library and testsuite to link properly the build location needs to be 
+For the library and testsuite to link properly the build location needs to be
 configured as realitive to workspace.
 1. File -> Workspace Settings (or Xcode -> Preferences -> Locations -> Locations)
 2. Derived Data -> Advanced
 3. Custom -> Relative to Workspace
 4. Products -> Build/Products
 
-These Xcode projects define the `WOLFSSL_USER_SETTINGS` preprocessor 
-to enable the `user_settings.h` file for setting macros across 
+These Xcode projects define the `WOLFSSL_USER_SETTINGS` preprocessor
+to enable the `user_settings.h` file for setting macros across
 multiple projects.
 
 If needed the Xcode preprocessors can be modified with these steps:
 1. Click on the Project in "Project Navigator".
 2. Click on the "Build Settings" tab.
 3. Scroll down to the "Apple LLVM 6.0 - Preprocessing" section.
-4. Open the disclosure for "Preprocessor Macros" and use the "+" and 
+4. Open the disclosure for "Preprocessor Macros" and use the "+" and
 "-" buttons to modify. Remember to do this for both Debug and Release.
 
 ## wolfSSL
diff --git a/IDE/XilinxSDK/user_settings.h b/IDE/XilinxSDK/user_settings.h
index 1b0c324c41..39bb710bcc 100644
--- a/IDE/XilinxSDK/user_settings.h
+++ b/IDE/XilinxSDK/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XilinxSDK/wolfssl_example.c b/IDE/XilinxSDK/wolfssl_example.c
index d111d2580b..ee11846825 100644
--- a/IDE/XilinxSDK/wolfssl_example.c
+++ b/IDE/XilinxSDK/wolfssl_example.c
@@ -1,6 +1,6 @@
 /* wolfssl_example.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/README.md b/IDE/apple-universal/README.md
index 7a4d38dac6..a13f349244 100644
--- a/IDE/apple-universal/README.md
+++ b/IDE/apple-universal/README.md
@@ -4,7 +4,7 @@ This example shows how to build a wolfSSL static library for Apple targets on al
 The example was created using Xcode version 14.3.1.
 
 # Why?
-Configuring and building wolfSSL through the `configure` interface can be simpler and more user friendly than manually adding the wolfSSL source files to your project and customizing through `user_settings.h`. Building via `configure` also streamlines integration with other open-source projects that expect an installation directory, such as `cURL`'s `--with-wolfssl` option. Finally, some developer teams might prefer to build wolfSSL once with the desired settings and then distribute it as a library framework for app developers to use. Packaging wolfSSL as a framework makes it highly portable and allows for drag-and-drop integration into Xcode projects without needing to worry about compiling the library every time they build their app.
+Configuring and building wolfSSL through the `configure` interface can be simpler and more user friendly than manually adding the wolfSSL source files to your project and customizing through `user_settings.h`. Building via `configure` also streamlines integration with other open-source projects that expect an installation directory, such as `curl`'s `--with-wolfssl` option. Finally, some developer teams might prefer to build wolfSSL once with the desired settings and then distribute it as a library framework for app developers to use. Packaging wolfSSL as a framework makes it highly portable and allows for drag-and-drop integration into Xcode projects without needing to worry about compiling the library every time they build their app.
 
 However, if you do want to compile wolfSSL from source manually in your Xcode project using `user_settings.h`, see the example in [IDE/XCODE](https://github.com/wolfSSL/wolfssl/tree/master/IDE/XCODE).
 
@@ -16,7 +16,7 @@ This example consists of a build script and an Xcode example project. The build
 
 To use the build script, you can run it without arguments to build a default configuration, or you can use the `-c` option to pass in a quoted string containing any additional flags to `configure` that you need. Note that `--enable-static --disable-shared` is always passed to `configure` by default. Consider the following usage example, with descriptions in the comments:
 
-```
+```sh
 # default configuration
 ./build-wolfssl-framework.sh
 
@@ -60,7 +60,7 @@ If you are developing on a macOS machine and want to compile wolfSSL to run on m
 
 The generic `configure` invocation required to cross compile a static library for an Apple device is as follows:
 
-```
+```sh
 ./configure --disable-shared --enable-static \
             --prefix=${INSTALL_DIR} \
             --host=${HOST} \
@@ -89,4 +89,43 @@ Low-level programming in the Apple ecosystem is sparsely documented, and certain
 
 2. Cross compiling for the **iOS simulator** with a min version specifier present (`-miphoneos-version-min`) requires the `-target ${ARCH}-apple-ios-simulator` compiler flag in order to build . It is unclear why this is required, as The GNU documentation claims that the `target` option is only required if cross-compiling a compiler to run on architecture X but emit code for architecture Y (known as a canadian cross-compilation scenario). Regardless, if you do not include a `-target` option, the build will generate a large number of warnings when linking against system libraries with messages like: `ld: warning: building for iOS, but linking in .tbd file (/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator16.4.sdk/usr/lib/libnetwork.tbd) built for iOS Simulator`. It was thought that perhaps the host option should instead be `--host=${ARCH}-apple-ios-simulator` but this is not a valid option, and `configure` will fail with a different error: `checking host system type... Invalid configuration 'arm64-apple-ios-simulator': Kernel 'ios' not known to work with OS 'simulator`. If you do not specify a min iOS version, this is not required. Mysteriously, the other simulators (tvOS, watchOS) do not have this issue....
 
+## Building wolfSSL and curl
+
+Building curl with wolfSSL for Apple targets using configure/autotools can be accomplished with the following procedure:
+
+1. Build wolfSSL as described in the above steps with curl compatibility enabled, either as a framework using the helper script, or as a cross-compiled library for your desired platform
+
+```sh
+cd /path/to/wolfssl/IDE/apple-universal
+
+# build wolfSSL as a framework using the helper script
+./build-wolfssl-framework.sh -c "--enable-curl"
+
+# or build as a static library for one platform (using iOS as an example)
+ARCH=arm64
+WOLFSSL_INSTALL=/path/to/output/install/wolfssl-iphoneos-${ARCH}
+./configure --host=${ARCH}-apple-darwin \
+            --enable-curl \
+            --enable-static --disable-shared \
+            --prefix=${WOLFSSL_INSTALL} \
+            CFLAGS="-arch ${ARCH} -isysroot $(xcrun --sdk iphoneos --show-sdk-path)"
+
+make
+```
+
+2. Configure and build curl to use the wolfSSL library for your platform that was built in step 1. Note that you must use `--with-wolfssl` to point curl to the wolfSSL *library install* for your specific platform, not to the xcframework.
+
+```sh
+cd /path/to/curl
+
+# Note that it is necessary to manually link curl against the Apple CoreFoundation and Security frameworks,
+# as they are required by wolfSSL on Apple platforms. Using iOS as an example:
+./configure --host=${ARCH}-apple-darwin \
+            --with-wolfssl=${WOLFSSL_INSTALL} \
+            CFLAGS="-arch ${ARCH} -isysroot $(xcrun -sdk iphoneos --show-sdk-path)" \
+            LDFLAGS="-framework CoreFoundation -framework Security"
+
+make
+```
+
 
diff --git a/IDE/apple-universal/build-wolfssl-framework.sh b/IDE/apple-universal/build-wolfssl-framework.sh
index a3ff12a6cc..1a09665542 100755
--- a/IDE/apple-universal/build-wolfssl-framework.sh
+++ b/IDE/apple-universal/build-wolfssl-framework.sh
@@ -1,8 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # build-wolfssl-framework.sh
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift
index 6e452c5029..29ca2b4099 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift
@@ -1,6 +1,6 @@
 /* ContentView.swift
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c
index b18d058da1..8efd0b4107 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c
@@ -1,6 +1,6 @@
 /* simple_client_example.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,7 @@ int simple_client_example(void)
     WOLFSSL_CTX* ctx;
     WOLFSSL* ssl;
     int sockfd, ret;
-    
+
     /* Resolve the server address */
     struct addrinfo hints, *server_addr;
     memset(&hints, 0, sizeof(hints));
@@ -84,7 +84,7 @@ int simple_client_example(void)
         close(sockfd);
         return 1;
     }
-    
+
     /* Load CA certificate into WOLFSSL_CTX
      * NOTE: CERT_PATH macro is set relative to Xcode $(PROJECT_DIR) environment
      * variable in the preprocessor macros section of the project build settings
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h
index ce88958216..915f7cc2e5 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h
@@ -1,6 +1,6 @@
 /* simple_client_example.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h
index f232f13bd0..e156376bb1 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h
@@ -1,6 +1,6 @@
 /* wolfssl-multiplatform-Bridging-Header.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift
index acf2a03aac..6627afb345 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift
@@ -1,6 +1,6 @@
 /* wolfssl_multiplatformApp.swift
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
index 50655c834e..e7ee8629eb 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
@@ -1,6 +1,6 @@
 /* wolfssl_test_driver.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,21 +42,21 @@ void wolfssl_test(void)
 {
     int ret;
     test_func_args args = {0};
-    
+
 #ifdef WC_RNG_SEED_CB
     wc_SetSeed_Cb(wc_GenerateSeed);
 #endif
-    
+
     printf("Run wolfCrypt Test:\n");
     ret = wolfcrypt_test(&args);
     printf("\nResult of wolfcrypt_test() = %d\n\n", ret);
-    
+
     printf("Run wolfCrypt Benchmark:\n");
     ret = benchmark_test(&args);
     printf("\nResult of benchmark_test() = %d\n\n", ret);
-    
+
     printf("Run simple client test:\n");
     ret = simple_client_example();
     printf("\nResult of simple_client_test() = %d\n\n", ret);
-    
+
 }
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h
index a3104e64ef..768518554e 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h
@@ -1,6 +1,6 @@
 /* wolfssl_test_driver.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe-raspberrypi/README.md b/IDE/iotsafe-raspberrypi/README.md
index 286ac5537a..c70b29677a 100644
--- a/IDE/iotsafe-raspberrypi/README.md
+++ b/IDE/iotsafe-raspberrypi/README.md
@@ -139,4 +139,4 @@ Run the built `./main.bin` to print the help usage.
 An example to run the demo connecting to a server:
 ```
 ./main.bin -ip <ipaddress> -h <full-hostname> -p <port> -t 25 -d /dev/ttyUSB0|/dev/tty/ACM0
-```
\ No newline at end of file
+```
diff --git a/IDE/iotsafe-raspberrypi/client-tls13.c b/IDE/iotsafe-raspberrypi/client-tls13.c
index 91383d5d06..0bcad0b774 100644
--- a/IDE/iotsafe-raspberrypi/client-tls13.c
+++ b/IDE/iotsafe-raspberrypi/client-tls13.c
@@ -1,6 +1,6 @@
 /* client-tls13.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe-raspberrypi/main.c b/IDE/iotsafe-raspberrypi/main.c
index f8cb3c51e8..aaa4129306 100644
--- a/IDE/iotsafe-raspberrypi/main.c
+++ b/IDE/iotsafe-raspberrypi/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/README.md b/IDE/iotsafe/README.md
index e594d03e92..3f772a8181 100644
--- a/IDE/iotsafe/README.md
+++ b/IDE/iotsafe/README.md
@@ -14,14 +14,14 @@ Note: The BG96 was tested using firmware `BG96MAR02A08M1G_01.012.01.012`. If hav
 
 ### Description
 
-This example firmware will run an example TLS 1.2 server using wolfSSL, and a 
+This example firmware will run an example TLS 1.2 server using wolfSSL, and a
 TLS 1.2 client, on the same host, using an IoT-safe applet supporting the
 [IoT.05-v1-IoT standard](https://www.gsma.com/iot/wp-content/uploads/2019/12/IoT.05-v1-IoT-Security-Applet-Interface-Description.pdf).
 
 The client and server routines alternate their execution in a single-threaded,
 cooperative loop.
 
-Client and server communicate to each other using memory buffers to establish a 
+Client and server communicate to each other using memory buffers to establish a
 TLS session without the use of TCP/IP sockets.
 
 ### IoT-Safe interface
@@ -59,7 +59,7 @@ wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CE
 
 The applet that has been tested with this demo has the current configuration:
 
-   Key slot | Name | Description 
+   Key slot | Name | Description
    -------|--------|------------------
    0x02 | `PRIVKEY_ID` | pre-provisioned with client ECC key
    0x03 | `ECDH_KEYPAIR_ID` | can store a keypair generated in the applet, used for shared key derivation
@@ -68,7 +68,7 @@ The applet that has been tested with this demo has the current configuration:
 
 
 The following file is used to read the client's certificate:
-   
+
   File Slot | Name | Description
   ----------|------|------------
   0x03 | `CRT_FILE_ID` | pre-provisioned with client certificate
@@ -81,7 +81,7 @@ software to upload the firmware `image.bin` to the target board.
 
 1) Using the STM32CubeProgrammer open the `image.elf` and program to flash.
 2) Using ST-Link virtual serial port connect at 115220
-3) Hit reset button. 
+3) Hit reset button.
 4) The output should look similar to below:
 
 ```
diff --git a/IDE/iotsafe/ca-cert.c b/IDE/iotsafe/ca-cert.c
index f8d75623c0..7b99b25cc1 100644
--- a/IDE/iotsafe/ca-cert.c
+++ b/IDE/iotsafe/ca-cert.c
@@ -1,6 +1,6 @@
 /* ca-cert.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/devices.c b/IDE/iotsafe/devices.c
index 59b739cf5d..aa78a7b706 100644
--- a/IDE/iotsafe/devices.c
+++ b/IDE/iotsafe/devices.c
@@ -1,6 +1,6 @@
 /* devices.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -62,10 +62,10 @@ static void usart1_init(void)
     GPIO_MODE(GPIOB_BASE) = reg | (0x02 << (USART1_PIN_TX * 2));
 
     reg = GPIO_PUPD(GPIOG_BASE) & (0x03 << (USART1_PIN_RX * 2));
-    
+
     reg = GPIO_PUPD(GPIOB_BASE) & (0x03 << (USART1_PIN_TX * 2));
     GPIO_PUPD(GPIOB_BASE) = reg | (0x01 << (USART1_PIN_TX * 2));
-    
+
 #if RTSCTS
     reg = GPIO_MODE(GPIOG_BASE) & ~(0x03 << (USART1_PIN_RTS * 2));
     GPIO_MODE(GPIOG_BASE) = reg | (0x02 << (USART1_PIN_RTS * 2));
@@ -376,7 +376,7 @@ static void stmod_pin_init(void)
     /* RST pin */
     reg = GPIO_MODE(STMOD_MODEM_RST_PORT) & ~(0x03 << (STMOD_MODEM_RST_PIN * 2));
     GPIO_MODE(STMOD_MODEM_RST_PORT) = reg | (0x01 << (STMOD_MODEM_RST_PIN * 2));
-    
+
     /* DTR pin */
     reg = GPIO_MODE(STMOD_MODEM_DTR_PORT) & ~(0x03 << (STMOD_MODEM_DTR_PIN * 2));
     GPIO_MODE(STMOD_MODEM_DTR_PORT) = reg | (0x01 << (STMOD_MODEM_DTR_PIN * 2));
diff --git a/IDE/iotsafe/devices.h b/IDE/iotsafe/devices.h
index f19ae3b8ad..5752fb550e 100644
--- a/IDE/iotsafe/devices.h
+++ b/IDE/iotsafe/devices.h
@@ -1,6 +1,6 @@
 /* devices.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -95,8 +95,8 @@
 #define FLASH_ACR_LATENCY_MASK (0x03)
 
 /* RCC: Periph enable flags */
-#define USART1_APB2_CLOCK_ER_VAL 	(1 << 14)
-#define USART2_APB1_CLOCK_ER_VAL 	(1 << 17)
+#define USART1_APB2_CLOCK_ER_VAL    (1 << 14)
+#define USART2_APB1_CLOCK_ER_VAL    (1 << 17)
 #define PWR_APB1_CLOCK_ER_VAL       (1 << 28)
 #define GPIOA_AHB2_CLOCK_ER_VAL     (1 << 0)
 #define GPIOB_AHB2_CLOCK_ER_VAL     (1 << 1)
@@ -208,11 +208,11 @@
 #define SYSTICK_CALIB   (*(volatile uint32_t *)(SYSTICK_BASE + 0x0C))
 
 
-/* STMod+ connector pinout 
+/* STMod+ connector pinout
  *
  * Connector            STM32L4
  * pins                 pins
- * 
+ *
  * 1      11            PG11    PH2
  * 2      12            PB6     PB2
  * 3      13            PG10    PA4
@@ -243,7 +243,7 @@ void stmod_modem_disable(void);
 /* inline functions for GPIO */
 static inline void gpio_set(uint32_t port, uint32_t pin)
 {
-    GPIO_BSSR(port) |= (1 << pin);   
+    GPIO_BSSR(port) |= (1 << pin);
 }
 
 static inline void gpio_clear(uint32_t port, uint32_t pin)
diff --git a/IDE/iotsafe/main.c b/IDE/iotsafe/main.c
index 90aa08da6e..df065551c0 100644
--- a/IDE/iotsafe/main.c
+++ b/IDE/iotsafe/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/memory-tls.c b/IDE/iotsafe/memory-tls.c
index 96d9216865..3d4bf088fb 100644
--- a/IDE/iotsafe/memory-tls.c
+++ b/IDE/iotsafe/memory-tls.c
@@ -1,6 +1,6 @@
 /* memory-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/startup.c b/IDE/iotsafe/startup.c
index a5418b1ab6..0e34251930 100644
--- a/IDE/iotsafe/startup.c
+++ b/IDE/iotsafe/startup.c
@@ -1,6 +1,6 @@
 /* startup.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -99,7 +99,7 @@ void isr_usagefault(void)
     /* Panic. */
     while(1) ;;
 }
-        
+
 
 void isr_empty(void)
 {
@@ -131,7 +131,7 @@ void (* const IV[])(void) =
 	0,                           // reserved
 	isr_empty,                   // PendSV
 	isr_systick,                 // SysTick
-    
+
     isr_empty,              // NVIC_WWDG_IRQ 0
     isr_empty,              // PVD_IRQ 1
     isr_empty,              // TAMP_STAMP_IRQ 2
diff --git a/IDE/iotsafe/target.ld b/IDE/iotsafe/target.ld
index df0f2272bc..0afe8a75ab 100644
--- a/IDE/iotsafe/target.ld
+++ b/IDE/iotsafe/target.ld
@@ -1,6 +1,6 @@
 /* target.ld
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/user_settings.h b/IDE/iotsafe/user_settings.h
index 3852464e82..368a76ed43 100644
--- a/IDE/iotsafe/user_settings.h
+++ b/IDE/iotsafe/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/mynewt/apps.wolfcrypttest.pkg.yml b/IDE/mynewt/apps.wolfcrypttest.pkg.yml
index c072dd50a2..f3392e93df 100644
--- a/IDE/mynewt/apps.wolfcrypttest.pkg.yml
+++ b/IDE/mynewt/apps.wolfcrypttest.pkg.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/mynewt/crypto.wolfssl.pkg.yml b/IDE/mynewt/crypto.wolfssl.pkg.yml
index ebb4bfaeb4..aa1b924bee 100644
--- a/IDE/mynewt/crypto.wolfssl.pkg.yml
+++ b/IDE/mynewt/crypto.wolfssl.pkg.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/mynewt/setup.sh b/IDE/mynewt/setup.sh
index 7cec0a8253..cb3aed0910 100755
--- a/IDE/mynewt/setup.sh
+++ b/IDE/mynewt/setup.sh
@@ -1,8 +1,10 @@
-#!/bin/bash -e
+#!/usr/bin/env bash
 
-# this scrypt deploy wolfssl and wolfcrypto source code to mynewt project
+# this script deploys wolfssl and wolfcrypto source code to the mynewt project.
 # run as bash "mynewt project root directory path"
 
+set -e
+
 SCRIPTDIR=`dirname $0`
 SCRIPTDIR=`cd $SCRIPTDIR && pwd -P`
 WOLFSSL_MYNEWTDIR=${SCRIPTDIR}
@@ -34,7 +36,7 @@ newt pkg new crypto/wolfssl
 echo "create apps/wolfcrypttest pkg"
 /bin/rm -rf apps/wolfcrypttest
 newt pkg new -t app apps/wolfcrypttest
-/bin/rm -rf apps/wolfcrypttest/include 
+/bin/rm -rf apps/wolfcrypttest/include
 /bin/rm -rf apps/wolfcrypttest/src
 /bin/mkdir -p apps/wolfcrypttest/src
 
diff --git a/IDE/zephyr/include.am b/IDE/zephyr/include.am
index 54648d4656..e35ff53e72 100644
--- a/IDE/zephyr/include.am
+++ b/IDE/zephyr/include.am
@@ -2,4 +2,4 @@
 # included from Top Level Makefile.am
 # All paths should be given relative to the root
 
-EXTRA_DIST+= IDE/zephyr/README.md
\ No newline at end of file
+EXTRA_DIST+= IDE/zephyr/README.md
diff --git a/INSTALL b/INSTALL
index d403432338..6ac6330043 100644
--- a/INSTALL
+++ b/INSTALL
@@ -12,6 +12,11 @@
     $ make check   # (optional, but highly recommended)
     $ sudo make install
 
+    Note: Building with configure generates a wolfssl/options.h file that contains
+    all the generated build options. This file needs to be included in your application
+    before any other wolfSSL headers. Optionally your application can define
+    WOLFSSL_USE_OPTIONS_H to do this automatically.
+
 2. Building on iOS
 
     Use on the xcode project in IDE/iOS/wolfssl.xcodeproj
@@ -74,7 +79,7 @@
 13. Porting to a new platform
 
     Please see section 2.4 in the manual:
-    http://www.wolfssl.com/yaSSL/Docs-cyassl-manual-2-building-cyassl.html
+    https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html#customizing-or-porting-wolfssl
 
 14. Building with CMake
     Note: Primary development uses automake (./configure). The support for CMake
@@ -91,6 +96,11 @@
     a header options.h in the wolfssl directory that contains the options used
     to configure the build.
 
+    Note: Building with configure generates a wolfssl/options.h file that contains
+    all the generated build options. This file needs to be included in your application
+    before any other wolfSSL headers. Optionally your application can define
+    WOLFSSL_USE_OPTIONS_H to do this automatically.
+
     Unix-based Platforms
     ---
     1) Navigate to the wolfssl root directory containing "CMakeLists.txt".
diff --git a/Makefile.am b/Makefile.am
index 50a072c314..1d4f26c6b4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -207,7 +207,8 @@ if BUILD_LINUXKM
     SUBDIRS_OPT += linuxkm
     DIST_SUBDIRS_OPT += linuxkm
 
-    export KERNEL_ROOT KERNEL_ARCH KERNEL_EXTRA_CFLAGS \
+    export build_triplet host_triplet CC AS LD \
+        KERNEL_ROOT KERNEL_ARCH KERNEL_EXTRA_CFLAGS \
         EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \
 	AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \
         AM_CCASFLAGS CCASFLAGS \
diff --git a/README.md b/README.md
index 8ab5a28064..28aac26695 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # wolfSSL Embedded SSL/TLS Library
 
-The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) 
+The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/)
 (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and
 targeted for embedded, RTOS, and resource-constrained environments - primarily
 because of its small size, speed, and feature set.  It is commonly used in
diff --git a/RTOS/nuttx/wolfssl/Make.defs b/RTOS/nuttx/wolfssl/Make.defs
index 78ff34afe2..95e85e06b3 100644
--- a/RTOS/nuttx/wolfssl/Make.defs
+++ b/RTOS/nuttx/wolfssl/Make.defs
@@ -1,9 +1,9 @@
 ############################################################################
 # apps/crypto/wolfssl/Make.defs
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
-# This file is part of wolfSSL. (formerly known as CyaSSL)
+# This file is part of wolfSSL.
 #
 # wolfSSL is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 ############################################################################
 
diff --git a/RTOS/nuttx/wolfssl/Makefile b/RTOS/nuttx/wolfssl/Makefile
index 0f2b7cfd4e..b9dd8c7793 100644
--- a/RTOS/nuttx/wolfssl/Makefile
+++ b/RTOS/nuttx/wolfssl/Makefile
@@ -1,9 +1,9 @@
 ############################################################################
 # apps/crypto/wolfssl/Makefile
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
-# This file is part of wolfSSL. (formerly known as CyaSSL)
+# This file is part of wolfSSL.
 #
 # wolfSSL is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 ############################################################################
 
diff --git a/RTOS/nuttx/wolfssl/setup-wolfssl.sh b/RTOS/nuttx/wolfssl/setup-wolfssl.sh
index 3c1df580d1..9cd6ef4d40 100755
--- a/RTOS/nuttx/wolfssl/setup-wolfssl.sh
+++ b/RTOS/nuttx/wolfssl/setup-wolfssl.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 set -e # exit on any command failure
 if [ ! -d wolfssl ]; then
diff --git a/async-check.sh b/async-check.sh
index ccfce052a1..bb24bded2d 100755
--- a/async-check.sh
+++ b/async-check.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # This script creates symbolic links to the required asynchronous
 # file for using the asynchronous simulator and make check
diff --git a/certs/acert/acert.pem b/certs/acert/acert.pem
new file mode 100644
index 0000000000..4bde876d3e
--- /dev/null
+++ b/certs/acert/acert.pem
@@ -0,0 +1,23 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIID4zCCAssCAQEwOaA3MB+kHTAbMRkwFwYDVQQDDBBUUE0gTWFudWZhY3R1cmVy
+AhRADHoGLYO7i9GfV2Yz2rrlRFDPSqA6MDikNjA0MQswCQYDVQQGEwJVUzEUMBIG
+A1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdDANBgkqhkiG9w0BAQsF
+AAIBATAiGA8yMDE4MDEwMTA1MDAwMFoYDzIwMjgwMTAxMDUwMDAwWjCB7TALBgVn
+gQUCEzECMAAwHAYFZ4EFAhExEzARMAkCAQECAQMCARYEBAAAAAEwEgYFZ4EFAhkx
+CTAHBgVngQUIAjCBlQYHZ4EFBQEHAjGBiTCBhqBkMC8wDgYGZ4EFEgMBBAQAAgAB
+DBJYWVogQ29tcHV0aW5nIEluYy4MATGABkFCQzEyMzAxMA4GBmeBBRIDAQQEAAcA
+AgwNTm90IFNwZWNpZmllZAwDSEQxgAgxMjM0QUJDRIMB/6IeMBwMCHVuYW1lIC1y
+DBA2LjUuMC0xNS1nZW5lcmljMBQGBWeBBQIXMQswCQIBAQIBAQIBETCCAScwbwYD
+VR0jBGgwZoAUl46DRCrPD3GZndkBbbNDngf6ZHChOKQ2MDQxCzAJBgNVBAYTAlVT
+MRQwEgYDVQQKDAtleGFtcGxlLmNvbTEPMA0GA1UECwwGUENUZXN0ghRmuv6Ey2Ja
+dCAOFysMNOn9CiH45zBBBgNVHSAEOjA4MDYGAioDMDAwLgYIKwYBBQUHAgIwIgwg
+VENHIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwcQYDVR0RBGowaKRmMGQx
+EzARBgZngQUFAQQMB01vZGVsIEExHjAcBgZngQUFAQEMElhZWiBDb21wdXRpbmcg
+SW5jLjEZMBcGBmeBBQUBBQwNTm90IFNwZWNpZmllZDESMBAGBmeBBQUBBgwGQUJD
+MTIzMA0GCSqGSIb3DQEBCwUAA4IBAQB2SdELM7Dqaq2mvT+IV3pCBN7qPzRL+sO4
+MZG6jpTbbblr124KM84g936zLVZxOJeAa+Ie7r0ET7GYI+zKtpLmIZrlqhZl4YkP
+3g65JsIVc5PvOogxv67IxVigHu/NFKHIbFPz85drTatEVCfA8ac8BwJXXwuESLNr
+cH+K/vdLWDgMhsijhco82RI8x11wBvzMXLPnM5OnkiG/0zaEW7mk1gH2tBS6oCc+
+0v8y9jQ5NqyPo0mNhLJhUMonmvaGdZ3iDEFyF+iNuDc3pP5PA1YDKk/BYGXt1NUE
+89mkuGoF8bwkU9uqLKQ3jpCKx/SZZ08IK5MPQyzsnwjyhrsrP3Qm
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/acert_ietf.pem b/certs/acert/acert_ietf.pem
new file mode 100644
index 0000000000..1c25c86779
--- /dev/null
+++ b/certs/acert/acert_ietf.pem
@@ -0,0 +1,15 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG
+A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl
+IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4
+LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj
+BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP
+gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI
+i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs
+GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn
+ERw2bQMmw//nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+
+mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6
+coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8
+d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A
+Bw==
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/acert_ietf_pubkey.pem b/certs/acert/acert_ietf_pubkey.pem
new file mode 100644
index 0000000000..c7434f9344
--- /dev/null
+++ b/certs/acert/acert_ietf_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvpigJZE2asRTFe63b3f
+xvh0swQuX+L4hW08E7mlm0NSQvBVs8yebELNnZLL738fvocvQMwAjf+8+Lyjb1fr
+FYMYvJpb6LmGA2Ysyt6Ny700dpiUValtd4mwtjSCH0/k4rCiaiCYWaN79Le9ZGwD
+pZ341kVX74JkNdaXs1EJ1tkUUoq6aIu5CWYncxjA4IufduHV1Eh/dpNq1tuLHjgY
+Y3NwYDJcotmN9mmIO+MAuZ1TzifhIy14tNGIspYpSZbn8j2RQpQOclhMVWeM5t0i
+TWgOO+jhJngptIJMXEaQQzKPiazv6pBhk8oamAZ0Nipr+DI8iDxvzHtyFDRVToOg
+1QIDAQAB
+-----END PUBLIC KEY-----
diff --git a/certs/acert/acert_pubkey.pem b/certs/acert/acert_pubkey.pem
new file mode 100644
index 0000000000..a382a1be06
--- /dev/null
+++ b/certs/acert/acert_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjl1VnpENuEfQCVm2E4q
+h28D62c0pX5IgN5F2RoS7siU2Oc9hsSz6Hj+9o0SRhUTEAxxrML2d7TM2SVoIJ/x
+CFrchA1fIZQm7FWJa7MDFpxkRc7cNUGrZ5oyVCHtK6IbKiU4y8B/vova6+dyy6bi
+j97ea0UDL8ztKNyDUH9ZntyFrHTltA/ZlEjmxGHQJQd4RBO6RdfM70R7l+YTGa2N
+PflyiRY2SKNXXx8cVUURJvkOXVfLCuRUzG+NnSS62WRuWOOD0ZjiJCnwkTJZQNw0
+qI+hLhWN+//05JeKOw6rNVVUHR/R0GgjPL6FIQ/+yF2Z8nCd8lVIIY+hQsM/1l/h
+2QIDAQAB
+-----END PUBLIC KEY-----
diff --git a/certs/acert/include.am b/certs/acert/include.am
new file mode 100644
index 0000000000..e93fe85d4d
--- /dev/null
+++ b/certs/acert/include.am
@@ -0,0 +1,13 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+		certs/acert/acert.pem \
+		certs/acert/acert_ietf.pem \
+		certs/acert/acert_pubkey.pem \
+		certs/acert/acert_ietf_pubkey.pem \
+		certs/acert/rsa_pss/acert.pem \
+		certs/acert/rsa_pss/acert_ietf.pem \
+		certs/acert/rsa_pss/acert_pubkey.pem \
+		certs/acert/rsa_pss/acert_ietf_pubkey.pem
diff --git a/certs/acert/rsa_pss/acert.pem b/certs/acert/rsa_pss/acert.pem
new file mode 100644
index 0000000000..74519df31d
--- /dev/null
+++ b/certs/acert/rsa_pss/acert.pem
@@ -0,0 +1,25 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIIESzCCAv8CAQEwOaA3MB+kHTAbMRkwFwYDVQQDDBBUUE0gTWFudWZhY3R1cmVy
+AhRADHoGLYO7i9GfV2Yz2rrlRFDPSqA6MDikNjA0MQswCQYDVQQGEwJVUzEUMBIG
+A1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdDBBBgkqhkiG9w0BAQow
+NKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA
+ogMCASACAQEwIhgPMjAxODAxMDEwNTAwMDBaGA8yMDI4MDEwMTA1MDAwMFowge0w
+CwYFZ4EFAhMxAjAAMBwGBWeBBQIRMRMwETAJAgEBAgEDAgEWBAQAAAABMBIGBWeB
+BQIZMQkwBwYFZ4EFCAIwgZUGB2eBBQUBBwIxgYkwgYagZDAvMA4GBmeBBRIDAQQE
+AAIAAQwSWFlaIENvbXB1dGluZyBJbmMuDAExgAZBQkMxMjMwMTAOBgZngQUSAwEE
+BAAHAAIMDU5vdCBTcGVjaWZpZWQMA0hEMYAIMTIzNEFCQ0SDAf+iHjAcDAh1bmFt
+ZSAtcgwQNi41LjAtMTUtZ2VuZXJpYzAUBgVngQUCFzELMAkCAQECAQECAREwggEn
+MG8GA1UdIwRoMGaAFJeOg0Qqzw9xmZ3ZAW2zQ54H+mRwoTikNjA0MQswCQYDVQQG
+EwJVUzEUMBIGA1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdIIUZrr+
+hMtiWnQgDhcrDDTp/Qoh+OcwQQYDVR0gBDowODA2BgIqAzAwMC4GCCsGAQUFBwIC
+MCIMIFRDRyBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MHEGA1UdEQRqMGik
+ZjBkMRMwEQYGZ4EFBQEEDAdNb2RlbCBBMR4wHAYGZ4EFBQEBDBJYWVogQ29tcHV0
+aW5nIEluYy4xGTAXBgZngQUFAQUMDU5vdCBTcGVjaWZpZWQxEjAQBgZngQUFAQYM
+BkFCQzEyMzBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZI
+hvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAH4FGu9CJJ/NraWxXoB+EuHu
+Ec95MPJDHnsDLea45z5TXkdxCd8Tb5EBuWYFCI6nkpWtkiF5UaLncQD/1ag0ECjZ
+duhmoaM01t8TERP1x2xOotpiS0nDGiAqn3twBS3NZlxgEDRMvW92tM49Vvlk7JwD
+Kxv9+qXidCXt62dcDNJoe1Uj9HXxuOO2NaO9OQHlPkY5GctKbcDBwaDUlEz40J9k
+PoXDNurLmI/nNgMDgicKdzdmhMT/BSXSt7Z228p7QcgROgJ5xTEVIMm+lGcBg1Sc
+RnWTVNjrIG+/nzYZENr+F40nrIKbkIIZTLCqwAN6fFFt/jNc44SdoJMNsKe1bTM=
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/rsa_pss/acert_ietf.pem b/certs/acert/rsa_pss/acert_ietf.pem
new file mode 100644
index 0000000000..37f75625fb
--- /dev/null
+++ b/certs/acert/rsa_pss/acert_ietf.pem
@@ -0,0 +1,17 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIICpTCCAVkCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG
+A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl
+IENlcnRpZmljYXRlIElzc3VlcjBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQC
+AQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASACFAO1kFkCoqq1
+QCFEuCxP2YAbX1fCMCIYDzIwMjEwNjE1MTIzNTAwWhgPMjAzMTA2MTMxMjM1MDBa
+MEEwIwYIKwYBBQUHCgQxFzAVoAmGB1Rlc3R2YWwwCAwGZ3JvdXAxMBoGA1UESDET
+MBGhD4MNYWRtaW5pc3RyYXRvcjAsMB8GA1UdIwQYMBaAFGJuyWhnbGS7U4LdLaqA
+itjKyItdMAkGA1UdOAQCBQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEF
+AKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQCX18Lyj2CR
+AJL9JAwxYgWbk7fWif2mG5IiQ264Rd0W6ugqw1hYseKHnRI5LpxsRVF5kEaFs2ta
+FhwxxOtAo8YvbxMC4emuatbqwOlWQYwk9wPLbZb1nd1FItPtO98FK7/vF0263eJu
+A+UFxmDvLlao3SzP19mtCOcUjGsVxcJ2PN05wDUzITu2vGXuJAdjHcYX+s1UMLwk
+WMwHsz7EK2Al/FavI1MfZp0lVFi++CMOAdLIRbTjlACATDq6Q6kPc+bTqvMYoca2
+bGLw1jSig6T3DvGa3O/BwRMOhyqCtJNQYY7MYxcZhPR4Y0RLmyFnFiSzwypL6oMk
+QMaW0z/K5YO2
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/rsa_pss/acert_ietf_pubkey.pem b/certs/acert/rsa_pss/acert_ietf_pubkey.pem
new file mode 100644
index 0000000000..f2d208d393
--- /dev/null
+++ b/certs/acert/rsa_pss/acert_ietf_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBALg9nrRhxCl5zxFdE7Le9GXL
+9M8Rzx5xU3meu6yp9lFIc3+FxNoc5E8nk7HXUK82iuEChcSlqt0j0/y03YqM+O45
+N6A9OkEkjdyL8BaeQEgNxZY16/nvhhnH0Bzg4n7DMvy3sUPQvsAu9tpbfSd+WNDT
+vtO9Fe84HIBkYhRuaIv7ca1UYn7R2VQk1RXK0lfY4orCOrexmlfPciJaTJcR5Lyi
+pjUj7X5lruRHVibrMY+Z+8DtvPaDZ7HFiuXzpGPQ0W907Wt7zEJfmTMUyQoOMDMM
+4iSlq0ib3rdZt9y2obCggRTFAtMAFIJ29FOT9FYDagMYFSqhnrR3ohiTNzfpYNMC
+AwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/acert/rsa_pss/acert_pubkey.pem b/certs/acert/rsa_pss/acert_pubkey.pem
new file mode 100644
index 0000000000..a0f2d828a0
--- /dev/null
+++ b/certs/acert/rsa_pss/acert_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBAL0P9mcosJbMQavKMo6FvjK/
+vC5PZAFYxsbQnDiG3kb3gCsshI8HQzHNIuw4wN3waJrqnFmsmsUqMENtsC0J2Fty
+DOI5791Ma7JUKT31RW6f5eU2Gjx1+evNWtWs2WzupsZdPS3DlgEQJsTSw3Fs1q5w
+JVLVHhtOjCwdj2QO9Xr17Nt0ZOfKoJdqth3LAVujMnOw9gbyTbCrCB+z1Mkq+dK4
+K0v6IPZqY76LVhR42y/lyG+MZ8jswg4I4qAE+iIwPi/9Tz9UdNwMfSr3gdD13pa3
+VqnGZG83prqPLEHwsSNpWGdDx7pQxgBkAPztO+7LPrMd1ck8Uugsq36pusLjdQ0C
+AwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/ca-key-pkcs8-attribute.der b/certs/ca-key-pkcs8-attribute.der
new file mode 100644
index 0000000000..692a8cccf4
Binary files /dev/null and b/certs/ca-key-pkcs8-attribute.der differ
diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh
index 98deb7e45e..9a1c67f16d 100755
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # gencrls, crl config already done, see taoCerts.txt for setup
 check_result(){
diff --git a/certs/ecc/ca-secp256k1-cert.pem b/certs/ecc/ca-secp256k1-cert.pem
new file mode 100644
index 0000000000..419d027346
--- /dev/null
+++ b/certs/ecc/ca-secp256k1-cert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICkTCCAjagAwIBAgIUcmBIdEUi0WtpofKM3r46Llhv86IwCgYIKoZIzj0EAwIw
+gZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
+ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzESMBAGA1UECwwJU0VDUDI1NksxMRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMjQwNzEyMDIxODUwWhcNNDQwNzA3MDIxODUwWjCBljELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
+ETAPBgNVBAoMCEVsbGlwdGljMRIwEAYDVQQLDAlTRUNQMjU2SzExGDAWBgNVBAMM
+D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bTBWMBAGByqGSM49AgEGBSuBBAAKA0IABORg5kLTHlkHvjnrRKUTmBXLdhxkdsIC
+s0ybo6r3oD6qGjX33FsBHp9nwos93gT7CECrexVlEUrH4wbfMN42+46jYzBhMB0G
+A1UdDgQWBBRzL8o6Lcvi46LBqy81zGRTZIwGLTAfBgNVHSMEGDAWgBRzL8o6Lcvi
+46LBqy81zGRTZIwGLTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAK
+BggqhkjOPQQDAgNJADBGAiEA0dfMbQlfjY+VhKuDfluyBtoAsQA1BqJnV+XBayBx
+HYYCIQCJr2YrYRwW4OvtP0yIqUH2fViOq12aqf1ByStksuL3mg==
+-----END CERTIFICATE-----
diff --git a/certs/ecc/ca-secp256k1-key.pem b/certs/ecc/ca-secp256k1-key.pem
new file mode 100644
index 0000000000..1c2e0bc546
--- /dev/null
+++ b/certs/ecc/ca-secp256k1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgoiOQsNn1L/vT3mU0e+Rz
+LMlaDEIuKp6RHZhKrPnOJOShRANCAATkYOZC0x5ZB74560SlE5gVy3YcZHbCArNM
+m6Oq96A+qho199xbAR6fZ8KLPd4E+whAq3sVZRFKx+MG3zDeNvuO
+-----END PRIVATE KEY-----
diff --git a/certs/ecc/genecc.sh b/certs/ecc/genecc.sh
index f90c5cbe93..c5c231c092 100755
--- a/certs/ecc/genecc.sh
+++ b/certs/ecc/genecc.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # run from wolfssl root
 
@@ -140,6 +140,13 @@ openssl x509 -req -in ./certs/ecc/client-bp256r1-req.pem -days 3650 -extfile ./c
 openssl x509 -inform pem -in ./certs/ecc/client-bp256r1-cert.pem -outform der -out ./certs/ecc/client-bp256r1-cert.der
 rm ./certs/ecc/client-bp256r1-req.pem
 
+# Create self-signed ECC secp256k1 (Koblitz) certificate
+openssl req -config ./certs/ecc/wolfssl.cnf -extensions v3_ca -x509 -nodes -newkey ec:certs/ecc/secp256k1-param.pem -keyout ./certs/ecc/ca-secp256k1-key.pem -out ./certs/ecc/ca-secp256k1-cert.pem -sha256 -days 7300 -batch -subj "/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=SECP256K1/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
+# Create server ECC secp256k1 (Koblitz) certificate
+openssl req -config ./certs/ecc/wolfssl.cnf -sha256 -new -key ./certs/ecc/secp256k1-privkey.pem -out ./certs/ecc/server2-secp256k1-req.pem -subj "/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=SECP256K1-SVR/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/"
+openssl x509 -req -in ./certs/ecc/server2-secp256k1-req.pem -days 3650 -extfile ./certs/ecc/wolfssl.cnf -extensions server_cert -CAkey ./certs/ecc/ca-secp256k1-key.pem -CA ./certs/ecc/ca-secp256k1-cert.pem -text -out ./certs/ecc/server2-secp256k1-cert.pem
+openssl x509 -inform pem -in ./certs/ecc/server2-secp256k1-cert.pem -outform der -out ./certs/ecc/server2-secp256k1-cert.der
+rm ./certs/ecc/server2-secp256k1-req.pem
 
 # update bad certificate with last byte in signature changed
 cp ./certs/server-ecc.der ./certs/test/server-cert-ecc-badsig.der
diff --git a/certs/ecc/include.am b/certs/ecc/include.am
index c5a4f858aa..3408449acf 100644
--- a/certs/ecc/include.am
+++ b/certs/ecc/include.am
@@ -16,6 +16,13 @@ EXTRA_DIST += \
 		 certs/ecc/server-secp256k1-cert.der \
 		 certs/ecc/server-secp256k1-cert.pem
 
+EXTRA_DIST += \
+                 certs/ecc/ca-secp256k1-cert.pem \
+                 certs/ecc/ca-secp256k1-key.pem \
+                 certs/ecc/secp256k1-param.pem \
+                 certs/ecc/secp256k1-privkey.pem \
+                 certs/ecc/server2-secp256k1-cert.pem
+
 # Brainpool Curves
 EXTRA_DIST += \
 		 certs/ecc/bp256r1-key.der \
diff --git a/certs/ecc/secp256k1-param.pem b/certs/ecc/secp256k1-param.pem
new file mode 100644
index 0000000000..32d952ea91
--- /dev/null
+++ b/certs/ecc/secp256k1-param.pem
@@ -0,0 +1,3 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQACg==
+-----END EC PARAMETERS-----
diff --git a/certs/ecc/secp256k1-privkey.der b/certs/ecc/secp256k1-privkey.der
new file mode 100644
index 0000000000..74e151bc51
Binary files /dev/null and b/certs/ecc/secp256k1-privkey.der differ
diff --git a/certs/ecc/secp256k1-privkey.pem b/certs/ecc/secp256k1-privkey.pem
new file mode 100644
index 0000000000..c229ff83cf
--- /dev/null
+++ b/certs/ecc/secp256k1-privkey.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgwdc3WnnD2eX1ti0IbCT5
+POy/xb1WDV8/7BgQd37MsWGhRANCAARvf9jvkv6kKKkzhWmk6OM3Rjmivo8mMVkg
+itdbdHrKAV5UT9zS0qXbHo7mlPZOOejEsodSk9yvzjAAnHnSSASY
+-----END PRIVATE KEY-----
diff --git a/certs/ecc/server2-secp256k1-cert.der b/certs/ecc/server2-secp256k1-cert.der
new file mode 100644
index 0000000000..d3c0c1cff4
Binary files /dev/null and b/certs/ecc/server2-secp256k1-cert.der differ
diff --git a/certs/ecc/server2-secp256k1-cert.pem b/certs/ecc/server2-secp256k1-cert.pem
new file mode 100644
index 0000000000..08a8ee9b52
--- /dev/null
+++ b/certs/ecc/server2-secp256k1-cert.pem
@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            23:8d:e3:d0:5a:a6:1f:e6:d3:b6:4c:e0:a2:a1:dd:2f:ee:35:b2:bb
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Washington, L=Seattle, O=Elliptic, OU=SECP256K1, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Jul 15 05:41:52 2024 GMT
+            Not After : Jul 13 05:41:52 2034 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=Elliptic, OU=SECP256K1-SVR, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:6f:7f:d8:ef:92:fe:a4:28:a9:33:85:69:a4:e8:
+                    e3:37:46:39:a2:be:8f:26:31:59:20:8a:d7:5b:74:
+                    7a:ca:01:5e:54:4f:dc:d2:d2:a5:db:1e:8e:e6:94:
+                    f6:4e:39:e8:c4:b2:87:52:93:dc:af:ce:30:00:9c:
+                    79:d2:48:04:98
+                ASN1 OID: secp256k1
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            X509v3 Subject Key Identifier: 
+                F4:A3:FD:34:57:E6:51:1F:0A:96:2F:F0:87:A9:7C:C7:EB:6B:34:8F
+            X509v3 Authority Key Identifier: 
+                keyid:73:2F:CA:3A:2D:CB:E2:E3:A2:C1:AB:2F:35:CC:64:53:64:8C:06:2D
+                DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=SECP256K1/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:72:60:48:74:45:22:D1:6B:69:A1:F2:8C:DE:BE:3A:2E:58:6F:F3:A2
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+    Signature Algorithm: ecdsa-with-SHA256
+    Signature Value:
+        30:44:02:20:3d:12:5a:0c:7a:1b:ff:b5:a6:70:8a:70:33:03:
+        6c:d9:9c:98:8b:80:1b:70:3b:15:3a:85:7e:23:8a:85:f0:76:
+        02:20:02:ca:71:2c:cc:5a:c2:a8:e2:c5:24:62:06:62:a0:53:
+        41:2a:bb:2e:88:9f:f0:b4:bd:dc:23:1c:06:4c:18:a2
+-----BEGIN CERTIFICATE-----
+MIIDcTCCAxigAwIBAgIUI43j0FqmH+bTtkzgoqHdL+41srswCgYIKoZIzj0EAwIw
+gZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
+ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzESMBAGA1UECwwJU0VDUDI1NksxMRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMjQwNzE1MDU0MTUyWhcNMzQwNzEzMDU0MTUyWjCBmjELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
+ETAPBgNVBAoMCEVsbGlwdGljMRYwFAYDVQQLDA1TRUNQMjU2SzEtU1ZSMRgwFgYD
+VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
+bC5jb20wVjAQBgcqhkjOPQIBBgUrgQQACgNCAARvf9jvkv6kKKkzhWmk6OM3Rjmi
+vo8mMVkgitdbdHrKAV5UT9zS0qXbHo7mlPZOOejEsodSk9yvzjAAnHnSSASYo4IB
+PzCCATswCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwHQYDVR0OBBYEFPSj
+/TRX5lEfCpYv8IepfMfrazSPMIHWBgNVHSMEgc4wgcuAFHMvyjoty+LjosGrLzXM
+ZFNkjAYtoYGcpIGZMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv
+bjEQMA4GA1UEBwwHU2VhdHRsZTERMA8GA1UECgwIRWxsaXB0aWMxEjAQBgNVBAsM
+CVNFQ1AyNTZLMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
+AQkBFhBpbmZvQHdvbGZzc2wuY29tghRyYEh0RSLRa2mh8ozevjouWG/zojAOBgNV
+HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDRwAw
+RAIgPRJaDHob/7WmcIpwMwNs2ZyYi4AbcDsVOoV+I4qF8HYCIALKcSzMWsKo4sUk
+YgZioFNBKrsuiJ/wtL3cIxwGTBii
+-----END CERTIFICATE-----
diff --git a/certs/ed25519/gen-ed25519-certs.sh b/certs/ed25519/gen-ed25519-certs.sh
index b945e49b69..1dd1262129 100755
--- a/certs/ed25519/gen-ed25519-certs.sh
+++ b/certs/ed25519/gen-ed25519-certs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_result(){
     if [ $1 -ne 0 ]; then
diff --git a/certs/ed25519/gen-ed25519.sh b/certs/ed25519/gen-ed25519.sh
index 6858d53b2f..70f41125c1 100755
--- a/certs/ed25519/gen-ed25519.sh
+++ b/certs/ed25519/gen-ed25519.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 EXAMPLE=$1
 echo "This uses ed25519 certificate generator from wolfssl-examples github"
diff --git a/certs/ed448/gen-ed448-certs.sh b/certs/ed448/gen-ed448-certs.sh
index af51bd2321..0920ab7b9b 100755
--- a/certs/ed448/gen-ed448-certs.sh
+++ b/certs/ed448/gen-ed448-certs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_result(){
     if [ $1 -ne 0 ]; then
diff --git a/certs/gen_revoked.sh b/certs/gen_revoked.sh
index dfb649110d..4e5e3fcaf2 100755
--- a/certs/gen_revoked.sh
+++ b/certs/gen_revoked.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
     ###########################################################
     ########## update and sign server-revoked-key.pem ################
diff --git a/certs/include.am b/certs/include.am
index dd87e3265f..f3f1f6a362 100644
--- a/certs/include.am
+++ b/certs/include.am
@@ -6,6 +6,7 @@ EXTRA_DIST += \
              certs/ca-cert-chain.der \
              certs/ca-cert.pem \
              certs/ca-key.pem \
+             certs/ca-key-pkcs8-attribute.der \
              certs/client-cert.pem \
              certs/client-keyEnc.pem \
              certs/client-key.pem \
@@ -147,4 +148,5 @@ include certs/rsapss/include.am
 include certs/dilithium/include.am
 include certs/sphincs/include.am
 include certs/rpk/include.am
+include certs/acert/include.am
 
diff --git a/certs/p521/gen-p521-certs.sh b/certs/p521/gen-p521-certs.sh
index f13cd6fee0..9ff0ffcd81 100755
--- a/certs/p521/gen-p521-certs.sh
+++ b/certs/p521/gen-p521-certs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_result(){
     if [ $1 -ne 0 ]; then
diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index d2482f5103..c46f3dda98 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # renewcerts.sh
 #
 # renews the following certs:
diff --git a/certs/rsapss/renew-rsapss-certs.sh b/certs/rsapss/renew-rsapss-certs.sh
index 417e7b9efd..aa5951f15d 100755
--- a/certs/rsapss/renew-rsapss-certs.sh
+++ b/certs/rsapss/renew-rsapss-certs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_result(){
     if [ $1 -ne 0 ]; then
diff --git a/certs/sm2/gen-sm2-certs.sh b/certs/sm2/gen-sm2-certs.sh
index af8ad9be69..790e91f503 100755
--- a/certs/sm2/gen-sm2-certs.sh
+++ b/certs/sm2/gen-sm2-certs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_result(){
     if [ $1 -ne 0 ]; then
diff --git a/certs/statickeys/gen-static.sh b/certs/statickeys/gen-static.sh
index 681a77edf5..a3fe1d5f9e 100644
--- a/certs/statickeys/gen-static.sh
+++ b/certs/statickeys/gen-static.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # run from wolfssl root
 
diff --git a/certs/test-pathlen/assemble-chains.sh b/certs/test-pathlen/assemble-chains.sh
index ff917cecea..6a507d8856 100755
--- a/certs/test-pathlen/assemble-chains.sh
+++ b/certs/test-pathlen/assemble-chains.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # assemble-chains.sh
 # Create certs and assemble all the certificate CA path test cert chains.
diff --git a/certs/test-pathlen/refreshkeys.sh b/certs/test-pathlen/refreshkeys.sh
index b70b7ecca2..02ef5f0392 100755
--- a/certs/test-pathlen/refreshkeys.sh
+++ b/certs/test-pathlen/refreshkeys.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 keyList=(
             chainA-ICA1-key.pem chainA-entity-key.pem
diff --git a/certs/test/cert-over-max-altnames.cfg b/certs/test/cert-over-max-altnames.cfg
index 472fa20f32..5aa44eb751 100644
--- a/certs/test/cert-over-max-altnames.cfg
+++ b/certs/test/cert-over-max-altnames.cfg
@@ -146,5 +146,925 @@ DNS.127 = example127.com
 DNS.128 = example128.com
 DNS.129 = example129.com
 DNS.130 = example130.com
+DNS.131 = example131.com
+DNS.132 = example132.com
+DNS.133 = example133.com
+DNS.134 = example134.com
+DNS.135 = example135.com
+DNS.136 = example136.com
+DNS.137 = example137.com
+DNS.138 = example138.com
+DNS.139 = example139.com
+DNS.140 = example140.com
+DNS.141 = example141.com
+DNS.142 = example142.com
+DNS.143 = example143.com
+DNS.144 = example144.com
+DNS.145 = example145.com
+DNS.146 = example146.com
+DNS.147 = example147.com
+DNS.148 = example148.com
+DNS.149 = example149.com
+DNS.150 = example150.com
+DNS.151 = example151.com
+DNS.152 = example152.com
+DNS.153 = example153.com
+DNS.154 = example154.com
+DNS.155 = example155.com
+DNS.156 = example156.com
+DNS.157 = example157.com
+DNS.158 = example158.com
+DNS.159 = example159.com
+DNS.160 = example160.com
+DNS.161 = example161.com
+DNS.162 = example162.com
+DNS.163 = example163.com
+DNS.164 = example164.com
+DNS.165 = example165.com
+DNS.166 = example166.com
+DNS.167 = example167.com
+DNS.168 = example168.com
+DNS.169 = example169.com
+DNS.170 = example170.com
+DNS.171 = example171.com
+DNS.172 = example172.com
+DNS.173 = example173.com
+DNS.174 = example174.com
+DNS.175 = example175.com
+DNS.176 = example176.com
+DNS.177 = example177.com
+DNS.178 = example178.com
+DNS.179 = example179.com
+DNS.180 = example180.com
+DNS.181 = example181.com
+DNS.182 = example182.com
+DNS.183 = example183.com
+DNS.184 = example184.com
+DNS.185 = example185.com
+DNS.186 = example186.com
+DNS.187 = example187.com
+DNS.188 = example188.com
+DNS.189 = example189.com
+DNS.190 = example190.com
+DNS.191 = example191.com
+DNS.192 = example192.com
+DNS.193 = example193.com
+DNS.194 = example194.com
+DNS.195 = example195.com
+DNS.196 = example196.com
+DNS.197 = example197.com
+DNS.198 = example198.com
+DNS.199 = example199.com
+DNS.200 = example200.com
+DNS.201 = example201.com
+DNS.202 = example202.com
+DNS.203 = example203.com
+DNS.204 = example204.com
+DNS.205 = example205.com
+DNS.206 = example206.com
+DNS.207 = example207.com
+DNS.208 = example208.com
+DNS.209 = example209.com
+DNS.210 = example210.com
+DNS.211 = example211.com
+DNS.212 = example212.com
+DNS.213 = example213.com
+DNS.214 = example214.com
+DNS.215 = example215.com
+DNS.216 = example216.com
+DNS.217 = example217.com
+DNS.218 = example218.com
+DNS.219 = example219.com
+DNS.220 = example220.com
+DNS.221 = example221.com
+DNS.222 = example222.com
+DNS.223 = example223.com
+DNS.224 = example224.com
+DNS.225 = example225.com
+DNS.226 = example226.com
+DNS.227 = example227.com
+DNS.228 = example228.com
+DNS.229 = example229.com
+DNS.230 = example230.com
+DNS.231 = example231.com
+DNS.232 = example232.com
+DNS.233 = example233.com
+DNS.234 = example234.com
+DNS.235 = example235.com
+DNS.236 = example236.com
+DNS.237 = example237.com
+DNS.238 = example238.com
+DNS.239 = example239.com
+DNS.240 = example240.com
+DNS.241 = example241.com
+DNS.242 = example242.com
+DNS.243 = example243.com
+DNS.244 = example244.com
+DNS.245 = example245.com
+DNS.246 = example246.com
+DNS.247 = example247.com
+DNS.248 = example248.com
+DNS.249 = example249.com
+DNS.250 = example250.com
+DNS.251 = example251.com
+DNS.252 = example252.com
+DNS.253 = example253.com
+DNS.254 = example254.com
+DNS.255 = example255.com
+DNS.256 = example256.com
+DNS.257 = example257.com
+DNS.258 = example258.com
+DNS.259 = example259.com
+DNS.260 = example260.com
+DNS.261 = example261.com
+DNS.262 = example262.com
+DNS.263 = example263.com
+DNS.264 = example264.com
+DNS.265 = example265.com
+DNS.266 = example266.com
+DNS.267 = example267.com
+DNS.268 = example268.com
+DNS.269 = example269.com
+DNS.270 = example270.com
+DNS.271 = example271.com
+DNS.272 = example272.com
+DNS.273 = example273.com
+DNS.274 = example274.com
+DNS.275 = example275.com
+DNS.276 = example276.com
+DNS.277 = example277.com
+DNS.278 = example278.com
+DNS.279 = example279.com
+DNS.280 = example280.com
+DNS.281 = example281.com
+DNS.282 = example282.com
+DNS.283 = example283.com
+DNS.284 = example284.com
+DNS.285 = example285.com
+DNS.286 = example286.com
+DNS.287 = example287.com
+DNS.288 = example288.com
+DNS.289 = example289.com
+DNS.290 = example290.com
+DNS.291 = example291.com
+DNS.292 = example292.com
+DNS.293 = example293.com
+DNS.294 = example294.com
+DNS.295 = example295.com
+DNS.296 = example296.com
+DNS.297 = example297.com
+DNS.298 = example298.com
+DNS.299 = example299.com
+DNS.300 = example300.com
+DNS.301 = example301.com
+DNS.302 = example302.com
+DNS.303 = example303.com
+DNS.304 = example304.com
+DNS.305 = example305.com
+DNS.306 = example306.com
+DNS.307 = example307.com
+DNS.308 = example308.com
+DNS.309 = example309.com
+DNS.310 = example310.com
+DNS.311 = example311.com
+DNS.312 = example312.com
+DNS.313 = example313.com
+DNS.314 = example314.com
+DNS.315 = example315.com
+DNS.316 = example316.com
+DNS.317 = example317.com
+DNS.318 = example318.com
+DNS.319 = example319.com
+DNS.320 = example320.com
+DNS.321 = example321.com
+DNS.322 = example322.com
+DNS.323 = example323.com
+DNS.324 = example324.com
+DNS.325 = example325.com
+DNS.326 = example326.com
+DNS.327 = example327.com
+DNS.328 = example328.com
+DNS.329 = example329.com
+DNS.330 = example330.com
+DNS.331 = example331.com
+DNS.332 = example332.com
+DNS.333 = example333.com
+DNS.334 = example334.com
+DNS.335 = example335.com
+DNS.336 = example336.com
+DNS.337 = example337.com
+DNS.338 = example338.com
+DNS.339 = example339.com
+DNS.340 = example340.com
+DNS.341 = example341.com
+DNS.342 = example342.com
+DNS.343 = example343.com
+DNS.344 = example344.com
+DNS.345 = example345.com
+DNS.346 = example346.com
+DNS.347 = example347.com
+DNS.348 = example348.com
+DNS.349 = example349.com
+DNS.350 = example350.com
+DNS.351 = example351.com
+DNS.352 = example352.com
+DNS.353 = example353.com
+DNS.354 = example354.com
+DNS.355 = example355.com
+DNS.356 = example356.com
+DNS.357 = example357.com
+DNS.358 = example358.com
+DNS.359 = example359.com
+DNS.360 = example360.com
+DNS.361 = example361.com
+DNS.362 = example362.com
+DNS.363 = example363.com
+DNS.364 = example364.com
+DNS.365 = example365.com
+DNS.366 = example366.com
+DNS.367 = example367.com
+DNS.368 = example368.com
+DNS.369 = example369.com
+DNS.370 = example370.com
+DNS.371 = example371.com
+DNS.372 = example372.com
+DNS.373 = example373.com
+DNS.374 = example374.com
+DNS.375 = example375.com
+DNS.376 = example376.com
+DNS.377 = example377.com
+DNS.378 = example378.com
+DNS.379 = example379.com
+DNS.380 = example380.com
+DNS.381 = example381.com
+DNS.382 = example382.com
+DNS.383 = example383.com
+DNS.384 = example384.com
+DNS.385 = example385.com
+DNS.386 = example386.com
+DNS.387 = example387.com
+DNS.388 = example388.com
+DNS.389 = example389.com
+DNS.390 = example390.com
+DNS.391 = example391.com
+DNS.392 = example392.com
+DNS.393 = example393.com
+DNS.394 = example394.com
+DNS.395 = example395.com
+DNS.396 = example396.com
+DNS.397 = example397.com
+DNS.398 = example398.com
+DNS.399 = example399.com
+DNS.400 = example400.com
+DNS.401 = example401.com
+DNS.402 = example402.com
+DNS.403 = example403.com
+DNS.404 = example404.com
+DNS.405 = example405.com
+DNS.406 = example406.com
+DNS.407 = example407.com
+DNS.408 = example408.com
+DNS.409 = example409.com
+DNS.410 = example410.com
+DNS.411 = example411.com
+DNS.412 = example412.com
+DNS.413 = example413.com
+DNS.414 = example414.com
+DNS.415 = example415.com
+DNS.416 = example416.com
+DNS.417 = example417.com
+DNS.418 = example418.com
+DNS.419 = example419.com
+DNS.420 = example420.com
+DNS.421 = example421.com
+DNS.422 = example422.com
+DNS.423 = example423.com
+DNS.424 = example424.com
+DNS.425 = example425.com
+DNS.426 = example426.com
+DNS.427 = example427.com
+DNS.428 = example428.com
+DNS.429 = example429.com
+DNS.430 = example430.com
+DNS.431 = example431.com
+DNS.432 = example432.com
+DNS.433 = example433.com
+DNS.434 = example434.com
+DNS.435 = example435.com
+DNS.436 = example436.com
+DNS.437 = example437.com
+DNS.438 = example438.com
+DNS.439 = example439.com
+DNS.440 = example440.com
+DNS.441 = example441.com
+DNS.442 = example442.com
+DNS.443 = example443.com
+DNS.444 = example444.com
+DNS.445 = example445.com
+DNS.446 = example446.com
+DNS.447 = example447.com
+DNS.448 = example448.com
+DNS.449 = example449.com
+DNS.450 = example450.com
+DNS.451 = example451.com
+DNS.452 = example452.com
+DNS.453 = example453.com
+DNS.454 = example454.com
+DNS.455 = example455.com
+DNS.456 = example456.com
+DNS.457 = example457.com
+DNS.458 = example458.com
+DNS.459 = example459.com
+DNS.460 = example460.com
+DNS.461 = example461.com
+DNS.462 = example462.com
+DNS.463 = example463.com
+DNS.464 = example464.com
+DNS.465 = example465.com
+DNS.466 = example466.com
+DNS.467 = example467.com
+DNS.468 = example468.com
+DNS.469 = example469.com
+DNS.470 = example470.com
+DNS.471 = example471.com
+DNS.472 = example472.com
+DNS.473 = example473.com
+DNS.474 = example474.com
+DNS.475 = example475.com
+DNS.476 = example476.com
+DNS.477 = example477.com
+DNS.478 = example478.com
+DNS.479 = example479.com
+DNS.480 = example480.com
+DNS.481 = example481.com
+DNS.482 = example482.com
+DNS.483 = example483.com
+DNS.484 = example484.com
+DNS.485 = example485.com
+DNS.486 = example486.com
+DNS.487 = example487.com
+DNS.488 = example488.com
+DNS.489 = example489.com
+DNS.490 = example490.com
+DNS.491 = example491.com
+DNS.492 = example492.com
+DNS.493 = example493.com
+DNS.494 = example494.com
+DNS.495 = example495.com
+DNS.496 = example496.com
+DNS.497 = example497.com
+DNS.498 = example498.com
+DNS.499 = example499.com
+DNS.500 = example500.com
+DNS.501 = example501.com
+DNS.502 = example502.com
+DNS.503 = example503.com
+DNS.504 = example504.com
+DNS.505 = example505.com
+DNS.506 = example506.com
+DNS.507 = example507.com
+DNS.508 = example508.com
+DNS.509 = example509.com
+DNS.510 = example510.com
+DNS.511 = example511.com
+DNS.512 = example512.com
+DNS.513 = example513.com
+DNS.514 = example514.com
+DNS.515 = example515.com
+DNS.516 = example516.com
+DNS.517 = example517.com
+DNS.518 = example518.com
+DNS.519 = example519.com
+DNS.520 = example520.com
+DNS.521 = example521.com
+DNS.522 = example522.com
+DNS.523 = example523.com
+DNS.524 = example524.com
+DNS.525 = example525.com
+DNS.526 = example526.com
+DNS.527 = example527.com
+DNS.528 = example528.com
+DNS.529 = example529.com
+DNS.530 = example530.com
+DNS.531 = example531.com
+DNS.532 = example532.com
+DNS.533 = example533.com
+DNS.534 = example534.com
+DNS.535 = example535.com
+DNS.536 = example536.com
+DNS.537 = example537.com
+DNS.538 = example538.com
+DNS.539 = example539.com
+DNS.540 = example540.com
+DNS.541 = example541.com
+DNS.542 = example542.com
+DNS.543 = example543.com
+DNS.544 = example544.com
+DNS.545 = example545.com
+DNS.546 = example546.com
+DNS.547 = example547.com
+DNS.548 = example548.com
+DNS.549 = example549.com
+DNS.550 = example550.com
+DNS.551 = example551.com
+DNS.552 = example552.com
+DNS.553 = example553.com
+DNS.554 = example554.com
+DNS.555 = example555.com
+DNS.556 = example556.com
+DNS.557 = example557.com
+DNS.558 = example558.com
+DNS.559 = example559.com
+DNS.560 = example560.com
+DNS.561 = example561.com
+DNS.562 = example562.com
+DNS.563 = example563.com
+DNS.564 = example564.com
+DNS.565 = example565.com
+DNS.566 = example566.com
+DNS.567 = example567.com
+DNS.568 = example568.com
+DNS.569 = example569.com
+DNS.570 = example570.com
+DNS.571 = example571.com
+DNS.572 = example572.com
+DNS.573 = example573.com
+DNS.574 = example574.com
+DNS.575 = example575.com
+DNS.576 = example576.com
+DNS.577 = example577.com
+DNS.578 = example578.com
+DNS.579 = example579.com
+DNS.580 = example580.com
+DNS.581 = example581.com
+DNS.582 = example582.com
+DNS.583 = example583.com
+DNS.584 = example584.com
+DNS.585 = example585.com
+DNS.586 = example586.com
+DNS.587 = example587.com
+DNS.588 = example588.com
+DNS.589 = example589.com
+DNS.590 = example590.com
+DNS.591 = example591.com
+DNS.592 = example592.com
+DNS.593 = example593.com
+DNS.594 = example594.com
+DNS.595 = example595.com
+DNS.596 = example596.com
+DNS.597 = example597.com
+DNS.598 = example598.com
+DNS.599 = example599.com
+DNS.600 = example600.com
+DNS.601 = example601.com
+DNS.602 = example602.com
+DNS.603 = example603.com
+DNS.604 = example604.com
+DNS.605 = example605.com
+DNS.606 = example606.com
+DNS.607 = example607.com
+DNS.608 = example608.com
+DNS.609 = example609.com
+DNS.610 = example610.com
+DNS.611 = example611.com
+DNS.612 = example612.com
+DNS.613 = example613.com
+DNS.614 = example614.com
+DNS.615 = example615.com
+DNS.616 = example616.com
+DNS.617 = example617.com
+DNS.618 = example618.com
+DNS.619 = example619.com
+DNS.620 = example620.com
+DNS.621 = example621.com
+DNS.622 = example622.com
+DNS.623 = example623.com
+DNS.624 = example624.com
+DNS.625 = example625.com
+DNS.626 = example626.com
+DNS.627 = example627.com
+DNS.628 = example628.com
+DNS.629 = example629.com
+DNS.630 = example630.com
+DNS.631 = example631.com
+DNS.632 = example632.com
+DNS.633 = example633.com
+DNS.634 = example634.com
+DNS.635 = example635.com
+DNS.636 = example636.com
+DNS.637 = example637.com
+DNS.638 = example638.com
+DNS.639 = example639.com
+DNS.640 = example640.com
+DNS.641 = example641.com
+DNS.642 = example642.com
+DNS.643 = example643.com
+DNS.644 = example644.com
+DNS.645 = example645.com
+DNS.646 = example646.com
+DNS.647 = example647.com
+DNS.648 = example648.com
+DNS.649 = example649.com
+DNS.650 = example650.com
+DNS.651 = example651.com
+DNS.652 = example652.com
+DNS.653 = example653.com
+DNS.654 = example654.com
+DNS.655 = example655.com
+DNS.656 = example656.com
+DNS.657 = example657.com
+DNS.658 = example658.com
+DNS.659 = example659.com
+DNS.660 = example660.com
+DNS.661 = example661.com
+DNS.662 = example662.com
+DNS.663 = example663.com
+DNS.664 = example664.com
+DNS.665 = example665.com
+DNS.666 = example666.com
+DNS.667 = example667.com
+DNS.668 = example668.com
+DNS.669 = example669.com
+DNS.670 = example670.com
+DNS.671 = example671.com
+DNS.672 = example672.com
+DNS.673 = example673.com
+DNS.674 = example674.com
+DNS.675 = example675.com
+DNS.676 = example676.com
+DNS.677 = example677.com
+DNS.678 = example678.com
+DNS.679 = example679.com
+DNS.680 = example680.com
+DNS.681 = example681.com
+DNS.682 = example682.com
+DNS.683 = example683.com
+DNS.684 = example684.com
+DNS.685 = example685.com
+DNS.686 = example686.com
+DNS.687 = example687.com
+DNS.688 = example688.com
+DNS.689 = example689.com
+DNS.690 = example690.com
+DNS.691 = example691.com
+DNS.692 = example692.com
+DNS.693 = example693.com
+DNS.694 = example694.com
+DNS.695 = example695.com
+DNS.696 = example696.com
+DNS.697 = example697.com
+DNS.698 = example698.com
+DNS.699 = example699.com
+DNS.700 = example700.com
+DNS.701 = example701.com
+DNS.702 = example702.com
+DNS.703 = example703.com
+DNS.704 = example704.com
+DNS.705 = example705.com
+DNS.706 = example706.com
+DNS.707 = example707.com
+DNS.708 = example708.com
+DNS.709 = example709.com
+DNS.710 = example710.com
+DNS.711 = example711.com
+DNS.712 = example712.com
+DNS.713 = example713.com
+DNS.714 = example714.com
+DNS.715 = example715.com
+DNS.716 = example716.com
+DNS.717 = example717.com
+DNS.718 = example718.com
+DNS.719 = example719.com
+DNS.720 = example720.com
+DNS.721 = example721.com
+DNS.722 = example722.com
+DNS.723 = example723.com
+DNS.724 = example724.com
+DNS.725 = example725.com
+DNS.726 = example726.com
+DNS.727 = example727.com
+DNS.728 = example728.com
+DNS.729 = example729.com
+DNS.730 = example730.com
+DNS.731 = example731.com
+DNS.732 = example732.com
+DNS.733 = example733.com
+DNS.734 = example734.com
+DNS.735 = example735.com
+DNS.736 = example736.com
+DNS.737 = example737.com
+DNS.738 = example738.com
+DNS.739 = example739.com
+DNS.740 = example740.com
+DNS.741 = example741.com
+DNS.742 = example742.com
+DNS.743 = example743.com
+DNS.744 = example744.com
+DNS.745 = example745.com
+DNS.746 = example746.com
+DNS.747 = example747.com
+DNS.748 = example748.com
+DNS.749 = example749.com
+DNS.750 = example750.com
+DNS.751 = example751.com
+DNS.752 = example752.com
+DNS.753 = example753.com
+DNS.754 = example754.com
+DNS.755 = example755.com
+DNS.756 = example756.com
+DNS.757 = example757.com
+DNS.758 = example758.com
+DNS.759 = example759.com
+DNS.760 = example760.com
+DNS.761 = example761.com
+DNS.762 = example762.com
+DNS.763 = example763.com
+DNS.764 = example764.com
+DNS.765 = example765.com
+DNS.766 = example766.com
+DNS.767 = example767.com
+DNS.768 = example768.com
+DNS.769 = example769.com
+DNS.770 = example770.com
+DNS.771 = example771.com
+DNS.772 = example772.com
+DNS.773 = example773.com
+DNS.774 = example774.com
+DNS.775 = example775.com
+DNS.776 = example776.com
+DNS.777 = example777.com
+DNS.778 = example778.com
+DNS.779 = example779.com
+DNS.780 = example780.com
+DNS.781 = example781.com
+DNS.782 = example782.com
+DNS.783 = example783.com
+DNS.784 = example784.com
+DNS.785 = example785.com
+DNS.786 = example786.com
+DNS.787 = example787.com
+DNS.788 = example788.com
+DNS.789 = example789.com
+DNS.790 = example790.com
+DNS.791 = example791.com
+DNS.792 = example792.com
+DNS.793 = example793.com
+DNS.794 = example794.com
+DNS.795 = example795.com
+DNS.796 = example796.com
+DNS.797 = example797.com
+DNS.798 = example798.com
+DNS.799 = example799.com
+DNS.800 = example800.com
+DNS.801 = example801.com
+DNS.802 = example802.com
+DNS.803 = example803.com
+DNS.804 = example804.com
+DNS.805 = example805.com
+DNS.806 = example806.com
+DNS.807 = example807.com
+DNS.808 = example808.com
+DNS.809 = example809.com
+DNS.810 = example810.com
+DNS.811 = example811.com
+DNS.812 = example812.com
+DNS.813 = example813.com
+DNS.814 = example814.com
+DNS.815 = example815.com
+DNS.816 = example816.com
+DNS.817 = example817.com
+DNS.818 = example818.com
+DNS.819 = example819.com
+DNS.820 = example820.com
+DNS.821 = example821.com
+DNS.822 = example822.com
+DNS.823 = example823.com
+DNS.824 = example824.com
+DNS.825 = example825.com
+DNS.826 = example826.com
+DNS.827 = example827.com
+DNS.828 = example828.com
+DNS.829 = example829.com
+DNS.830 = example830.com
+DNS.831 = example831.com
+DNS.832 = example832.com
+DNS.833 = example833.com
+DNS.834 = example834.com
+DNS.835 = example835.com
+DNS.836 = example836.com
+DNS.837 = example837.com
+DNS.838 = example838.com
+DNS.839 = example839.com
+DNS.840 = example840.com
+DNS.841 = example841.com
+DNS.842 = example842.com
+DNS.843 = example843.com
+DNS.844 = example844.com
+DNS.845 = example845.com
+DNS.846 = example846.com
+DNS.847 = example847.com
+DNS.848 = example848.com
+DNS.849 = example849.com
+DNS.850 = example850.com
+DNS.851 = example851.com
+DNS.852 = example852.com
+DNS.853 = example853.com
+DNS.854 = example854.com
+DNS.855 = example855.com
+DNS.856 = example856.com
+DNS.857 = example857.com
+DNS.858 = example858.com
+DNS.859 = example859.com
+DNS.860 = example860.com
+DNS.861 = example861.com
+DNS.862 = example862.com
+DNS.863 = example863.com
+DNS.864 = example864.com
+DNS.865 = example865.com
+DNS.866 = example866.com
+DNS.867 = example867.com
+DNS.868 = example868.com
+DNS.869 = example869.com
+DNS.870 = example870.com
+DNS.871 = example871.com
+DNS.872 = example872.com
+DNS.873 = example873.com
+DNS.874 = example874.com
+DNS.875 = example875.com
+DNS.876 = example876.com
+DNS.877 = example877.com
+DNS.878 = example878.com
+DNS.879 = example879.com
+DNS.880 = example880.com
+DNS.881 = example881.com
+DNS.882 = example882.com
+DNS.883 = example883.com
+DNS.884 = example884.com
+DNS.885 = example885.com
+DNS.886 = example886.com
+DNS.887 = example887.com
+DNS.888 = example888.com
+DNS.889 = example889.com
+DNS.890 = example890.com
+DNS.891 = example891.com
+DNS.892 = example892.com
+DNS.893 = example893.com
+DNS.894 = example894.com
+DNS.895 = example895.com
+DNS.896 = example896.com
+DNS.897 = example897.com
+DNS.898 = example898.com
+DNS.899 = example899.com
+DNS.900 = example900.com
+DNS.901 = example901.com
+DNS.902 = example902.com
+DNS.903 = example903.com
+DNS.904 = example904.com
+DNS.905 = example905.com
+DNS.906 = example906.com
+DNS.907 = example907.com
+DNS.908 = example908.com
+DNS.909 = example909.com
+DNS.910 = example910.com
+DNS.911 = example911.com
+DNS.912 = example912.com
+DNS.913 = example913.com
+DNS.914 = example914.com
+DNS.915 = example915.com
+DNS.916 = example916.com
+DNS.917 = example917.com
+DNS.918 = example918.com
+DNS.919 = example919.com
+DNS.920 = example920.com
+DNS.921 = example921.com
+DNS.922 = example922.com
+DNS.923 = example923.com
+DNS.924 = example924.com
+DNS.925 = example925.com
+DNS.926 = example926.com
+DNS.927 = example927.com
+DNS.928 = example928.com
+DNS.929 = example929.com
+DNS.930 = example930.com
+DNS.931 = example931.com
+DNS.932 = example932.com
+DNS.933 = example933.com
+DNS.934 = example934.com
+DNS.935 = example935.com
+DNS.936 = example936.com
+DNS.937 = example937.com
+DNS.938 = example938.com
+DNS.939 = example939.com
+DNS.940 = example940.com
+DNS.941 = example941.com
+DNS.942 = example942.com
+DNS.943 = example943.com
+DNS.944 = example944.com
+DNS.945 = example945.com
+DNS.946 = example946.com
+DNS.947 = example947.com
+DNS.948 = example948.com
+DNS.949 = example949.com
+DNS.950 = example950.com
+DNS.951 = example951.com
+DNS.952 = example952.com
+DNS.953 = example953.com
+DNS.954 = example954.com
+DNS.955 = example955.com
+DNS.956 = example956.com
+DNS.957 = example957.com
+DNS.958 = example958.com
+DNS.959 = example959.com
+DNS.960 = example960.com
+DNS.961 = example961.com
+DNS.962 = example962.com
+DNS.963 = example963.com
+DNS.964 = example964.com
+DNS.965 = example965.com
+DNS.966 = example966.com
+DNS.967 = example967.com
+DNS.968 = example968.com
+DNS.969 = example969.com
+DNS.970 = example970.com
+DNS.971 = example971.com
+DNS.972 = example972.com
+DNS.973 = example973.com
+DNS.974 = example974.com
+DNS.975 = example975.com
+DNS.976 = example976.com
+DNS.977 = example977.com
+DNS.978 = example978.com
+DNS.979 = example979.com
+DNS.980 = example980.com
+DNS.981 = example981.com
+DNS.982 = example982.com
+DNS.983 = example983.com
+DNS.984 = example984.com
+DNS.985 = example985.com
+DNS.986 = example986.com
+DNS.987 = example987.com
+DNS.988 = example988.com
+DNS.989 = example989.com
+DNS.990 = example990.com
+DNS.991 = example991.com
+DNS.992 = example992.com
+DNS.993 = example993.com
+DNS.994 = example994.com
+DNS.995 = example995.com
+DNS.996 = example996.com
+DNS.997 = example997.com
+DNS.998 = example998.com
+DNS.999 = example999.com
+DNS.1000 = example1000.com
+DNS.1001 = example1001.com
+DNS.1002 = example1002.com
+DNS.1003 = example1003.com
+DNS.1004 = example1004.com
+DNS.1005 = example1005.com
+DNS.1006 = example1006.com
+DNS.1007 = example1007.com
+DNS.1008 = example1008.com
+DNS.1009 = example1009.com
+DNS.1010 = example1010.com
+DNS.1011 = example1011.com
+DNS.1012 = example1012.com
+DNS.1013 = example1013.com
+DNS.1014 = example1014.com
+DNS.1015 = example1015.com
+DNS.1016 = example1016.com
+DNS.1017 = example1017.com
+DNS.1018 = example1018.com
+DNS.1019 = example1019.com
+DNS.1020 = example1020.com
+DNS.1021 = example1021.com
+DNS.1022 = example1022.com
+DNS.1023 = example1023.com
+DNS.1024 = example1024.com
+DNS.1025 = example1025.com
+DNS.1026 = example1026.com
+DNS.1027 = example1027.com
+DNS.1028 = example1028.com
+DNS.1029 = example1029.com
+DNS.1030 = example1030.com
+DNS.1031 = example1031.com
+DNS.1032 = example1032.com
+DNS.1033 = example1033.com
+DNS.1034 = example1034.com
+DNS.1035 = example1035.com
+DNS.1036 = example1036.com
+DNS.1037 = example1037.com
+DNS.1038 = example1038.com
+DNS.1039 = example1039.com
+DNS.1040 = example1040.com
+DNS.1041 = example1041.com
+DNS.1042 = example1042.com
+DNS.1043 = example1043.com
+DNS.1044 = example1044.com
+DNS.1045 = example1045.com
+DNS.1046 = example1046.com
+DNS.1047 = example1047.com
+DNS.1048 = example1048.com
+DNS.1049 = example1049.com
+DNS.1050 = example1050.com
 
 
diff --git a/certs/test/cert-over-max-altnames.der b/certs/test/cert-over-max-altnames.der
index d1b5cc935d..244eec0eb7 100644
Binary files a/certs/test/cert-over-max-altnames.der and b/certs/test/cert-over-max-altnames.der differ
diff --git a/certs/test/cert-over-max-altnames.pem b/certs/test/cert-over-max-altnames.pem
index cd1a1b7a8e..f7f3fde3e8 100644
--- a/certs/test/cert-over-max-altnames.pem
+++ b/certs/test/cert-over-max-altnames.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIILRzCCCi+gAwIBAgIUEwPXUbqtHk1KaT4zyVtCBdtnA14wDQYJKoZIhvcNAQEL
+MIJFGTCCRAGgAwIBAgIUF5nmfrjmbW0wm+StvWrMOmpvGaUwDQYJKoZIhvcNAQEL
 BQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmlu
-ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MDcwODA2MzQwNFoXDTI3
-MDQwNDA2MzQwNFowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
+ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MDcxODE4MDUxMVoXDTI3
+MDQxNDE4MDUxMVowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
 BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtF
 bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG
 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY
@@ -11,8 +11,8 @@ bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG
 YlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlc
 OM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+
 Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+
-k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABo4IHyTCC
-B8UwggfBBgNVHREEgge4MIIHtIIMZXhhbXBsZTEuY29tggxleGFtcGxlMi5jb22C
+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABo4JBmzCC
+QZcwgkF0BgNVHREEgkFrMIJBZ4IMZXhhbXBsZTEuY29tggxleGFtcGxlMi5jb22C
 DGV4YW1wbGUzLmNvbYIMZXhhbXBsZTQuY29tggxleGFtcGxlNS5jb22CDGV4YW1w
 bGU2LmNvbYIMZXhhbXBsZTcuY29tggxleGFtcGxlOC5jb22CDGV4YW1wbGU5LmNv
 bYINZXhhbXBsZTEwLmNvbYINZXhhbXBsZTExLmNvbYINZXhhbXBsZTEyLmNvbYIN
@@ -53,11 +53,319 @@ MTE3LmNvbYIOZXhhbXBsZTExOC5jb22CDmV4YW1wbGUxMTkuY29tgg5leGFtcGxl
 MTIwLmNvbYIOZXhhbXBsZTEyMS5jb22CDmV4YW1wbGUxMjIuY29tgg5leGFtcGxl
 MTIzLmNvbYIOZXhhbXBsZTEyNC5jb22CDmV4YW1wbGUxMjUuY29tgg5leGFtcGxl
 MTI2LmNvbYIOZXhhbXBsZTEyNy5jb22CDmV4YW1wbGUxMjguY29tgg5leGFtcGxl
-MTI5LmNvbYIOZXhhbXBsZTEzMC5jb20wDQYJKoZIhvcNAQELBQADggEBAJXFayJD
-s6QYItL6tiYYwUiLt7wtXySzAP4oOG/xEQbJ4MbQUk2epIahsd1kC2rej2DRi35P
-6PoQ8D5o8PwvtH0XzEMjr5QixRLBje0mIRr6vcqrM64ILj3v6BepwnaNY7RcuvC4
-P4kdM6fTUwK1lTaQavQymbcLkmUYHZroMZYDoLAm88pKJHzuCQng2j0qSH8h/egZ
-NPLchgV15I7Yesc0EOgrUMhkvkTmumZgv3HAmhLwqi+kv9PDsId88xzJaEcF2yO/
-uK44HCis+45Zp1FiePrpk1c27z21q/NgvfGkn21+lf9a27iWCIGHde2myf7RE1M6
-avQ7b3uyhvQ590A=
+MTI5LmNvbYIOZXhhbXBsZTEzMC5jb22CDmV4YW1wbGUxMzEuY29tgg5leGFtcGxl
+MTMyLmNvbYIOZXhhbXBsZTEzMy5jb22CDmV4YW1wbGUxMzQuY29tgg5leGFtcGxl
+MTM1LmNvbYIOZXhhbXBsZTEzNi5jb22CDmV4YW1wbGUxMzcuY29tgg5leGFtcGxl
+MTM4LmNvbYIOZXhhbXBsZTEzOS5jb22CDmV4YW1wbGUxNDAuY29tgg5leGFtcGxl
+MTQxLmNvbYIOZXhhbXBsZTE0Mi5jb22CDmV4YW1wbGUxNDMuY29tgg5leGFtcGxl
+MTQ0LmNvbYIOZXhhbXBsZTE0NS5jb22CDmV4YW1wbGUxNDYuY29tgg5leGFtcGxl
+MTQ3LmNvbYIOZXhhbXBsZTE0OC5jb22CDmV4YW1wbGUxNDkuY29tgg5leGFtcGxl
+MTUwLmNvbYIOZXhhbXBsZTE1MS5jb22CDmV4YW1wbGUxNTIuY29tgg5leGFtcGxl
+MTUzLmNvbYIOZXhhbXBsZTE1NC5jb22CDmV4YW1wbGUxNTUuY29tgg5leGFtcGxl
+MTU2LmNvbYIOZXhhbXBsZTE1Ny5jb22CDmV4YW1wbGUxNTguY29tgg5leGFtcGxl
+MTU5LmNvbYIOZXhhbXBsZTE2MC5jb22CDmV4YW1wbGUxNjEuY29tgg5leGFtcGxl
+MTYyLmNvbYIOZXhhbXBsZTE2My5jb22CDmV4YW1wbGUxNjQuY29tgg5leGFtcGxl
+MTY1LmNvbYIOZXhhbXBsZTE2Ni5jb22CDmV4YW1wbGUxNjcuY29tgg5leGFtcGxl
+MTY4LmNvbYIOZXhhbXBsZTE2OS5jb22CDmV4YW1wbGUxNzAuY29tgg5leGFtcGxl
+MTcxLmNvbYIOZXhhbXBsZTE3Mi5jb22CDmV4YW1wbGUxNzMuY29tgg5leGFtcGxl
+MTc0LmNvbYIOZXhhbXBsZTE3NS5jb22CDmV4YW1wbGUxNzYuY29tgg5leGFtcGxl
+MTc3LmNvbYIOZXhhbXBsZTE3OC5jb22CDmV4YW1wbGUxNzkuY29tgg5leGFtcGxl
+MTgwLmNvbYIOZXhhbXBsZTE4MS5jb22CDmV4YW1wbGUxODIuY29tgg5leGFtcGxl
+MTgzLmNvbYIOZXhhbXBsZTE4NC5jb22CDmV4YW1wbGUxODUuY29tgg5leGFtcGxl
+MTg2LmNvbYIOZXhhbXBsZTE4Ny5jb22CDmV4YW1wbGUxODguY29tgg5leGFtcGxl
+MTg5LmNvbYIOZXhhbXBsZTE5MC5jb22CDmV4YW1wbGUxOTEuY29tgg5leGFtcGxl
+MTkyLmNvbYIOZXhhbXBsZTE5My5jb22CDmV4YW1wbGUxOTQuY29tgg5leGFtcGxl
+MTk1LmNvbYIOZXhhbXBsZTE5Ni5jb22CDmV4YW1wbGUxOTcuY29tgg5leGFtcGxl
+MTk4LmNvbYIOZXhhbXBsZTE5OS5jb22CDmV4YW1wbGUyMDAuY29tgg5leGFtcGxl
+MjAxLmNvbYIOZXhhbXBsZTIwMi5jb22CDmV4YW1wbGUyMDMuY29tgg5leGFtcGxl
+MjA0LmNvbYIOZXhhbXBsZTIwNS5jb22CDmV4YW1wbGUyMDYuY29tgg5leGFtcGxl
+MjA3LmNvbYIOZXhhbXBsZTIwOC5jb22CDmV4YW1wbGUyMDkuY29tgg5leGFtcGxl
+MjEwLmNvbYIOZXhhbXBsZTIxMS5jb22CDmV4YW1wbGUyMTIuY29tgg5leGFtcGxl
+MjEzLmNvbYIOZXhhbXBsZTIxNC5jb22CDmV4YW1wbGUyMTUuY29tgg5leGFtcGxl
+MjE2LmNvbYIOZXhhbXBsZTIxNy5jb22CDmV4YW1wbGUyMTguY29tgg5leGFtcGxl
+MjE5LmNvbYIOZXhhbXBsZTIyMC5jb22CDmV4YW1wbGUyMjEuY29tgg5leGFtcGxl
+MjIyLmNvbYIOZXhhbXBsZTIyMy5jb22CDmV4YW1wbGUyMjQuY29tgg5leGFtcGxl
+MjI1LmNvbYIOZXhhbXBsZTIyNi5jb22CDmV4YW1wbGUyMjcuY29tgg5leGFtcGxl
+MjI4LmNvbYIOZXhhbXBsZTIyOS5jb22CDmV4YW1wbGUyMzAuY29tgg5leGFtcGxl
+MjMxLmNvbYIOZXhhbXBsZTIzMi5jb22CDmV4YW1wbGUyMzMuY29tgg5leGFtcGxl
+MjM0LmNvbYIOZXhhbXBsZTIzNS5jb22CDmV4YW1wbGUyMzYuY29tgg5leGFtcGxl
+MjM3LmNvbYIOZXhhbXBsZTIzOC5jb22CDmV4YW1wbGUyMzkuY29tgg5leGFtcGxl
+MjQwLmNvbYIOZXhhbXBsZTI0MS5jb22CDmV4YW1wbGUyNDIuY29tgg5leGFtcGxl
+MjQzLmNvbYIOZXhhbXBsZTI0NC5jb22CDmV4YW1wbGUyNDUuY29tgg5leGFtcGxl
+MjQ2LmNvbYIOZXhhbXBsZTI0Ny5jb22CDmV4YW1wbGUyNDguY29tgg5leGFtcGxl
+MjQ5LmNvbYIOZXhhbXBsZTI1MC5jb22CDmV4YW1wbGUyNTEuY29tgg5leGFtcGxl
+MjUyLmNvbYIOZXhhbXBsZTI1My5jb22CDmV4YW1wbGUyNTQuY29tgg5leGFtcGxl
+MjU1LmNvbYIOZXhhbXBsZTI1Ni5jb22CDmV4YW1wbGUyNTcuY29tgg5leGFtcGxl
+MjU4LmNvbYIOZXhhbXBsZTI1OS5jb22CDmV4YW1wbGUyNjAuY29tgg5leGFtcGxl
+MjYxLmNvbYIOZXhhbXBsZTI2Mi5jb22CDmV4YW1wbGUyNjMuY29tgg5leGFtcGxl
+MjY0LmNvbYIOZXhhbXBsZTI2NS5jb22CDmV4YW1wbGUyNjYuY29tgg5leGFtcGxl
+MjY3LmNvbYIOZXhhbXBsZTI2OC5jb22CDmV4YW1wbGUyNjkuY29tgg5leGFtcGxl
+MjcwLmNvbYIOZXhhbXBsZTI3MS5jb22CDmV4YW1wbGUyNzIuY29tgg5leGFtcGxl
+MjczLmNvbYIOZXhhbXBsZTI3NC5jb22CDmV4YW1wbGUyNzUuY29tgg5leGFtcGxl
+Mjc2LmNvbYIOZXhhbXBsZTI3Ny5jb22CDmV4YW1wbGUyNzguY29tgg5leGFtcGxl
+Mjc5LmNvbYIOZXhhbXBsZTI4MC5jb22CDmV4YW1wbGUyODEuY29tgg5leGFtcGxl
+MjgyLmNvbYIOZXhhbXBsZTI4My5jb22CDmV4YW1wbGUyODQuY29tgg5leGFtcGxl
+Mjg1LmNvbYIOZXhhbXBsZTI4Ni5jb22CDmV4YW1wbGUyODcuY29tgg5leGFtcGxl
+Mjg4LmNvbYIOZXhhbXBsZTI4OS5jb22CDmV4YW1wbGUyOTAuY29tgg5leGFtcGxl
+MjkxLmNvbYIOZXhhbXBsZTI5Mi5jb22CDmV4YW1wbGUyOTMuY29tgg5leGFtcGxl
+Mjk0LmNvbYIOZXhhbXBsZTI5NS5jb22CDmV4YW1wbGUyOTYuY29tgg5leGFtcGxl
+Mjk3LmNvbYIOZXhhbXBsZTI5OC5jb22CDmV4YW1wbGUyOTkuY29tgg5leGFtcGxl
+MzAwLmNvbYIOZXhhbXBsZTMwMS5jb22CDmV4YW1wbGUzMDIuY29tgg5leGFtcGxl
+MzAzLmNvbYIOZXhhbXBsZTMwNC5jb22CDmV4YW1wbGUzMDUuY29tgg5leGFtcGxl
+MzA2LmNvbYIOZXhhbXBsZTMwNy5jb22CDmV4YW1wbGUzMDguY29tgg5leGFtcGxl
+MzA5LmNvbYIOZXhhbXBsZTMxMC5jb22CDmV4YW1wbGUzMTEuY29tgg5leGFtcGxl
+MzEyLmNvbYIOZXhhbXBsZTMxMy5jb22CDmV4YW1wbGUzMTQuY29tgg5leGFtcGxl
+MzE1LmNvbYIOZXhhbXBsZTMxNi5jb22CDmV4YW1wbGUzMTcuY29tgg5leGFtcGxl
+MzE4LmNvbYIOZXhhbXBsZTMxOS5jb22CDmV4YW1wbGUzMjAuY29tgg5leGFtcGxl
+MzIxLmNvbYIOZXhhbXBsZTMyMi5jb22CDmV4YW1wbGUzMjMuY29tgg5leGFtcGxl
+MzI0LmNvbYIOZXhhbXBsZTMyNS5jb22CDmV4YW1wbGUzMjYuY29tgg5leGFtcGxl
+MzI3LmNvbYIOZXhhbXBsZTMyOC5jb22CDmV4YW1wbGUzMjkuY29tgg5leGFtcGxl
+MzMwLmNvbYIOZXhhbXBsZTMzMS5jb22CDmV4YW1wbGUzMzIuY29tgg5leGFtcGxl
+MzMzLmNvbYIOZXhhbXBsZTMzNC5jb22CDmV4YW1wbGUzMzUuY29tgg5leGFtcGxl
+MzM2LmNvbYIOZXhhbXBsZTMzNy5jb22CDmV4YW1wbGUzMzguY29tgg5leGFtcGxl
+MzM5LmNvbYIOZXhhbXBsZTM0MC5jb22CDmV4YW1wbGUzNDEuY29tgg5leGFtcGxl
+MzQyLmNvbYIOZXhhbXBsZTM0My5jb22CDmV4YW1wbGUzNDQuY29tgg5leGFtcGxl
+MzQ1LmNvbYIOZXhhbXBsZTM0Ni5jb22CDmV4YW1wbGUzNDcuY29tgg5leGFtcGxl
+MzQ4LmNvbYIOZXhhbXBsZTM0OS5jb22CDmV4YW1wbGUzNTAuY29tgg5leGFtcGxl
+MzUxLmNvbYIOZXhhbXBsZTM1Mi5jb22CDmV4YW1wbGUzNTMuY29tgg5leGFtcGxl
+MzU0LmNvbYIOZXhhbXBsZTM1NS5jb22CDmV4YW1wbGUzNTYuY29tgg5leGFtcGxl
+MzU3LmNvbYIOZXhhbXBsZTM1OC5jb22CDmV4YW1wbGUzNTkuY29tgg5leGFtcGxl
+MzYwLmNvbYIOZXhhbXBsZTM2MS5jb22CDmV4YW1wbGUzNjIuY29tgg5leGFtcGxl
+MzYzLmNvbYIOZXhhbXBsZTM2NC5jb22CDmV4YW1wbGUzNjUuY29tgg5leGFtcGxl
+MzY2LmNvbYIOZXhhbXBsZTM2Ny5jb22CDmV4YW1wbGUzNjguY29tgg5leGFtcGxl
+MzY5LmNvbYIOZXhhbXBsZTM3MC5jb22CDmV4YW1wbGUzNzEuY29tgg5leGFtcGxl
+MzcyLmNvbYIOZXhhbXBsZTM3My5jb22CDmV4YW1wbGUzNzQuY29tgg5leGFtcGxl
+Mzc1LmNvbYIOZXhhbXBsZTM3Ni5jb22CDmV4YW1wbGUzNzcuY29tgg5leGFtcGxl
+Mzc4LmNvbYIOZXhhbXBsZTM3OS5jb22CDmV4YW1wbGUzODAuY29tgg5leGFtcGxl
+MzgxLmNvbYIOZXhhbXBsZTM4Mi5jb22CDmV4YW1wbGUzODMuY29tgg5leGFtcGxl
+Mzg0LmNvbYIOZXhhbXBsZTM4NS5jb22CDmV4YW1wbGUzODYuY29tgg5leGFtcGxl
+Mzg3LmNvbYIOZXhhbXBsZTM4OC5jb22CDmV4YW1wbGUzODkuY29tgg5leGFtcGxl
+MzkwLmNvbYIOZXhhbXBsZTM5MS5jb22CDmV4YW1wbGUzOTIuY29tgg5leGFtcGxl
+MzkzLmNvbYIOZXhhbXBsZTM5NC5jb22CDmV4YW1wbGUzOTUuY29tgg5leGFtcGxl
+Mzk2LmNvbYIOZXhhbXBsZTM5Ny5jb22CDmV4YW1wbGUzOTguY29tgg5leGFtcGxl
+Mzk5LmNvbYIOZXhhbXBsZTQwMC5jb22CDmV4YW1wbGU0MDEuY29tgg5leGFtcGxl
+NDAyLmNvbYIOZXhhbXBsZTQwMy5jb22CDmV4YW1wbGU0MDQuY29tgg5leGFtcGxl
+NDA1LmNvbYIOZXhhbXBsZTQwNi5jb22CDmV4YW1wbGU0MDcuY29tgg5leGFtcGxl
+NDA4LmNvbYIOZXhhbXBsZTQwOS5jb22CDmV4YW1wbGU0MTAuY29tgg5leGFtcGxl
+NDExLmNvbYIOZXhhbXBsZTQxMi5jb22CDmV4YW1wbGU0MTMuY29tgg5leGFtcGxl
+NDE0LmNvbYIOZXhhbXBsZTQxNS5jb22CDmV4YW1wbGU0MTYuY29tgg5leGFtcGxl
+NDE3LmNvbYIOZXhhbXBsZTQxOC5jb22CDmV4YW1wbGU0MTkuY29tgg5leGFtcGxl
+NDIwLmNvbYIOZXhhbXBsZTQyMS5jb22CDmV4YW1wbGU0MjIuY29tgg5leGFtcGxl
+NDIzLmNvbYIOZXhhbXBsZTQyNC5jb22CDmV4YW1wbGU0MjUuY29tgg5leGFtcGxl
+NDI2LmNvbYIOZXhhbXBsZTQyNy5jb22CDmV4YW1wbGU0MjguY29tgg5leGFtcGxl
+NDI5LmNvbYIOZXhhbXBsZTQzMC5jb22CDmV4YW1wbGU0MzEuY29tgg5leGFtcGxl
+NDMyLmNvbYIOZXhhbXBsZTQzMy5jb22CDmV4YW1wbGU0MzQuY29tgg5leGFtcGxl
+NDM1LmNvbYIOZXhhbXBsZTQzNi5jb22CDmV4YW1wbGU0MzcuY29tgg5leGFtcGxl
+NDM4LmNvbYIOZXhhbXBsZTQzOS5jb22CDmV4YW1wbGU0NDAuY29tgg5leGFtcGxl
+NDQxLmNvbYIOZXhhbXBsZTQ0Mi5jb22CDmV4YW1wbGU0NDMuY29tgg5leGFtcGxl
+NDQ0LmNvbYIOZXhhbXBsZTQ0NS5jb22CDmV4YW1wbGU0NDYuY29tgg5leGFtcGxl
+NDQ3LmNvbYIOZXhhbXBsZTQ0OC5jb22CDmV4YW1wbGU0NDkuY29tgg5leGFtcGxl
+NDUwLmNvbYIOZXhhbXBsZTQ1MS5jb22CDmV4YW1wbGU0NTIuY29tgg5leGFtcGxl
+NDUzLmNvbYIOZXhhbXBsZTQ1NC5jb22CDmV4YW1wbGU0NTUuY29tgg5leGFtcGxl
+NDU2LmNvbYIOZXhhbXBsZTQ1Ny5jb22CDmV4YW1wbGU0NTguY29tgg5leGFtcGxl
+NDU5LmNvbYIOZXhhbXBsZTQ2MC5jb22CDmV4YW1wbGU0NjEuY29tgg5leGFtcGxl
+NDYyLmNvbYIOZXhhbXBsZTQ2My5jb22CDmV4YW1wbGU0NjQuY29tgg5leGFtcGxl
+NDY1LmNvbYIOZXhhbXBsZTQ2Ni5jb22CDmV4YW1wbGU0NjcuY29tgg5leGFtcGxl
+NDY4LmNvbYIOZXhhbXBsZTQ2OS5jb22CDmV4YW1wbGU0NzAuY29tgg5leGFtcGxl
+NDcxLmNvbYIOZXhhbXBsZTQ3Mi5jb22CDmV4YW1wbGU0NzMuY29tgg5leGFtcGxl
+NDc0LmNvbYIOZXhhbXBsZTQ3NS5jb22CDmV4YW1wbGU0NzYuY29tgg5leGFtcGxl
+NDc3LmNvbYIOZXhhbXBsZTQ3OC5jb22CDmV4YW1wbGU0NzkuY29tgg5leGFtcGxl
+NDgwLmNvbYIOZXhhbXBsZTQ4MS5jb22CDmV4YW1wbGU0ODIuY29tgg5leGFtcGxl
+NDgzLmNvbYIOZXhhbXBsZTQ4NC5jb22CDmV4YW1wbGU0ODUuY29tgg5leGFtcGxl
+NDg2LmNvbYIOZXhhbXBsZTQ4Ny5jb22CDmV4YW1wbGU0ODguY29tgg5leGFtcGxl
+NDg5LmNvbYIOZXhhbXBsZTQ5MC5jb22CDmV4YW1wbGU0OTEuY29tgg5leGFtcGxl
+NDkyLmNvbYIOZXhhbXBsZTQ5My5jb22CDmV4YW1wbGU0OTQuY29tgg5leGFtcGxl
+NDk1LmNvbYIOZXhhbXBsZTQ5Ni5jb22CDmV4YW1wbGU0OTcuY29tgg5leGFtcGxl
+NDk4LmNvbYIOZXhhbXBsZTQ5OS5jb22CDmV4YW1wbGU1MDAuY29tgg5leGFtcGxl
+NTAxLmNvbYIOZXhhbXBsZTUwMi5jb22CDmV4YW1wbGU1MDMuY29tgg5leGFtcGxl
+NTA0LmNvbYIOZXhhbXBsZTUwNS5jb22CDmV4YW1wbGU1MDYuY29tgg5leGFtcGxl
+NTA3LmNvbYIOZXhhbXBsZTUwOC5jb22CDmV4YW1wbGU1MDkuY29tgg5leGFtcGxl
+NTEwLmNvbYIOZXhhbXBsZTUxMS5jb22CDmV4YW1wbGU1MTIuY29tgg5leGFtcGxl
+NTEzLmNvbYIOZXhhbXBsZTUxNC5jb22CDmV4YW1wbGU1MTUuY29tgg5leGFtcGxl
+NTE2LmNvbYIOZXhhbXBsZTUxNy5jb22CDmV4YW1wbGU1MTguY29tgg5leGFtcGxl
+NTE5LmNvbYIOZXhhbXBsZTUyMC5jb22CDmV4YW1wbGU1MjEuY29tgg5leGFtcGxl
+NTIyLmNvbYIOZXhhbXBsZTUyMy5jb22CDmV4YW1wbGU1MjQuY29tgg5leGFtcGxl
+NTI1LmNvbYIOZXhhbXBsZTUyNi5jb22CDmV4YW1wbGU1MjcuY29tgg5leGFtcGxl
+NTI4LmNvbYIOZXhhbXBsZTUyOS5jb22CDmV4YW1wbGU1MzAuY29tgg5leGFtcGxl
+NTMxLmNvbYIOZXhhbXBsZTUzMi5jb22CDmV4YW1wbGU1MzMuY29tgg5leGFtcGxl
+NTM0LmNvbYIOZXhhbXBsZTUzNS5jb22CDmV4YW1wbGU1MzYuY29tgg5leGFtcGxl
+NTM3LmNvbYIOZXhhbXBsZTUzOC5jb22CDmV4YW1wbGU1MzkuY29tgg5leGFtcGxl
+NTQwLmNvbYIOZXhhbXBsZTU0MS5jb22CDmV4YW1wbGU1NDIuY29tgg5leGFtcGxl
+NTQzLmNvbYIOZXhhbXBsZTU0NC5jb22CDmV4YW1wbGU1NDUuY29tgg5leGFtcGxl
+NTQ2LmNvbYIOZXhhbXBsZTU0Ny5jb22CDmV4YW1wbGU1NDguY29tgg5leGFtcGxl
+NTQ5LmNvbYIOZXhhbXBsZTU1MC5jb22CDmV4YW1wbGU1NTEuY29tgg5leGFtcGxl
+NTUyLmNvbYIOZXhhbXBsZTU1My5jb22CDmV4YW1wbGU1NTQuY29tgg5leGFtcGxl
+NTU1LmNvbYIOZXhhbXBsZTU1Ni5jb22CDmV4YW1wbGU1NTcuY29tgg5leGFtcGxl
+NTU4LmNvbYIOZXhhbXBsZTU1OS5jb22CDmV4YW1wbGU1NjAuY29tgg5leGFtcGxl
+NTYxLmNvbYIOZXhhbXBsZTU2Mi5jb22CDmV4YW1wbGU1NjMuY29tgg5leGFtcGxl
+NTY0LmNvbYIOZXhhbXBsZTU2NS5jb22CDmV4YW1wbGU1NjYuY29tgg5leGFtcGxl
+NTY3LmNvbYIOZXhhbXBsZTU2OC5jb22CDmV4YW1wbGU1NjkuY29tgg5leGFtcGxl
+NTcwLmNvbYIOZXhhbXBsZTU3MS5jb22CDmV4YW1wbGU1NzIuY29tgg5leGFtcGxl
+NTczLmNvbYIOZXhhbXBsZTU3NC5jb22CDmV4YW1wbGU1NzUuY29tgg5leGFtcGxl
+NTc2LmNvbYIOZXhhbXBsZTU3Ny5jb22CDmV4YW1wbGU1NzguY29tgg5leGFtcGxl
+NTc5LmNvbYIOZXhhbXBsZTU4MC5jb22CDmV4YW1wbGU1ODEuY29tgg5leGFtcGxl
+NTgyLmNvbYIOZXhhbXBsZTU4My5jb22CDmV4YW1wbGU1ODQuY29tgg5leGFtcGxl
+NTg1LmNvbYIOZXhhbXBsZTU4Ni5jb22CDmV4YW1wbGU1ODcuY29tgg5leGFtcGxl
+NTg4LmNvbYIOZXhhbXBsZTU4OS5jb22CDmV4YW1wbGU1OTAuY29tgg5leGFtcGxl
+NTkxLmNvbYIOZXhhbXBsZTU5Mi5jb22CDmV4YW1wbGU1OTMuY29tgg5leGFtcGxl
+NTk0LmNvbYIOZXhhbXBsZTU5NS5jb22CDmV4YW1wbGU1OTYuY29tgg5leGFtcGxl
+NTk3LmNvbYIOZXhhbXBsZTU5OC5jb22CDmV4YW1wbGU1OTkuY29tgg5leGFtcGxl
+NjAwLmNvbYIOZXhhbXBsZTYwMS5jb22CDmV4YW1wbGU2MDIuY29tgg5leGFtcGxl
+NjAzLmNvbYIOZXhhbXBsZTYwNC5jb22CDmV4YW1wbGU2MDUuY29tgg5leGFtcGxl
+NjA2LmNvbYIOZXhhbXBsZTYwNy5jb22CDmV4YW1wbGU2MDguY29tgg5leGFtcGxl
+NjA5LmNvbYIOZXhhbXBsZTYxMC5jb22CDmV4YW1wbGU2MTEuY29tgg5leGFtcGxl
+NjEyLmNvbYIOZXhhbXBsZTYxMy5jb22CDmV4YW1wbGU2MTQuY29tgg5leGFtcGxl
+NjE1LmNvbYIOZXhhbXBsZTYxNi5jb22CDmV4YW1wbGU2MTcuY29tgg5leGFtcGxl
+NjE4LmNvbYIOZXhhbXBsZTYxOS5jb22CDmV4YW1wbGU2MjAuY29tgg5leGFtcGxl
+NjIxLmNvbYIOZXhhbXBsZTYyMi5jb22CDmV4YW1wbGU2MjMuY29tgg5leGFtcGxl
+NjI0LmNvbYIOZXhhbXBsZTYyNS5jb22CDmV4YW1wbGU2MjYuY29tgg5leGFtcGxl
+NjI3LmNvbYIOZXhhbXBsZTYyOC5jb22CDmV4YW1wbGU2MjkuY29tgg5leGFtcGxl
+NjMwLmNvbYIOZXhhbXBsZTYzMS5jb22CDmV4YW1wbGU2MzIuY29tgg5leGFtcGxl
+NjMzLmNvbYIOZXhhbXBsZTYzNC5jb22CDmV4YW1wbGU2MzUuY29tgg5leGFtcGxl
+NjM2LmNvbYIOZXhhbXBsZTYzNy5jb22CDmV4YW1wbGU2MzguY29tgg5leGFtcGxl
+NjM5LmNvbYIOZXhhbXBsZTY0MC5jb22CDmV4YW1wbGU2NDEuY29tgg5leGFtcGxl
+NjQyLmNvbYIOZXhhbXBsZTY0My5jb22CDmV4YW1wbGU2NDQuY29tgg5leGFtcGxl
+NjQ1LmNvbYIOZXhhbXBsZTY0Ni5jb22CDmV4YW1wbGU2NDcuY29tgg5leGFtcGxl
+NjQ4LmNvbYIOZXhhbXBsZTY0OS5jb22CDmV4YW1wbGU2NTAuY29tgg5leGFtcGxl
+NjUxLmNvbYIOZXhhbXBsZTY1Mi5jb22CDmV4YW1wbGU2NTMuY29tgg5leGFtcGxl
+NjU0LmNvbYIOZXhhbXBsZTY1NS5jb22CDmV4YW1wbGU2NTYuY29tgg5leGFtcGxl
+NjU3LmNvbYIOZXhhbXBsZTY1OC5jb22CDmV4YW1wbGU2NTkuY29tgg5leGFtcGxl
+NjYwLmNvbYIOZXhhbXBsZTY2MS5jb22CDmV4YW1wbGU2NjIuY29tgg5leGFtcGxl
+NjYzLmNvbYIOZXhhbXBsZTY2NC5jb22CDmV4YW1wbGU2NjUuY29tgg5leGFtcGxl
+NjY2LmNvbYIOZXhhbXBsZTY2Ny5jb22CDmV4YW1wbGU2NjguY29tgg5leGFtcGxl
+NjY5LmNvbYIOZXhhbXBsZTY3MC5jb22CDmV4YW1wbGU2NzEuY29tgg5leGFtcGxl
+NjcyLmNvbYIOZXhhbXBsZTY3My5jb22CDmV4YW1wbGU2NzQuY29tgg5leGFtcGxl
+Njc1LmNvbYIOZXhhbXBsZTY3Ni5jb22CDmV4YW1wbGU2NzcuY29tgg5leGFtcGxl
+Njc4LmNvbYIOZXhhbXBsZTY3OS5jb22CDmV4YW1wbGU2ODAuY29tgg5leGFtcGxl
+NjgxLmNvbYIOZXhhbXBsZTY4Mi5jb22CDmV4YW1wbGU2ODMuY29tgg5leGFtcGxl
+Njg0LmNvbYIOZXhhbXBsZTY4NS5jb22CDmV4YW1wbGU2ODYuY29tgg5leGFtcGxl
+Njg3LmNvbYIOZXhhbXBsZTY4OC5jb22CDmV4YW1wbGU2ODkuY29tgg5leGFtcGxl
+NjkwLmNvbYIOZXhhbXBsZTY5MS5jb22CDmV4YW1wbGU2OTIuY29tgg5leGFtcGxl
+NjkzLmNvbYIOZXhhbXBsZTY5NC5jb22CDmV4YW1wbGU2OTUuY29tgg5leGFtcGxl
+Njk2LmNvbYIOZXhhbXBsZTY5Ny5jb22CDmV4YW1wbGU2OTguY29tgg5leGFtcGxl
+Njk5LmNvbYIOZXhhbXBsZTcwMC5jb22CDmV4YW1wbGU3MDEuY29tgg5leGFtcGxl
+NzAyLmNvbYIOZXhhbXBsZTcwMy5jb22CDmV4YW1wbGU3MDQuY29tgg5leGFtcGxl
+NzA1LmNvbYIOZXhhbXBsZTcwNi5jb22CDmV4YW1wbGU3MDcuY29tgg5leGFtcGxl
+NzA4LmNvbYIOZXhhbXBsZTcwOS5jb22CDmV4YW1wbGU3MTAuY29tgg5leGFtcGxl
+NzExLmNvbYIOZXhhbXBsZTcxMi5jb22CDmV4YW1wbGU3MTMuY29tgg5leGFtcGxl
+NzE0LmNvbYIOZXhhbXBsZTcxNS5jb22CDmV4YW1wbGU3MTYuY29tgg5leGFtcGxl
+NzE3LmNvbYIOZXhhbXBsZTcxOC5jb22CDmV4YW1wbGU3MTkuY29tgg5leGFtcGxl
+NzIwLmNvbYIOZXhhbXBsZTcyMS5jb22CDmV4YW1wbGU3MjIuY29tgg5leGFtcGxl
+NzIzLmNvbYIOZXhhbXBsZTcyNC5jb22CDmV4YW1wbGU3MjUuY29tgg5leGFtcGxl
+NzI2LmNvbYIOZXhhbXBsZTcyNy5jb22CDmV4YW1wbGU3MjguY29tgg5leGFtcGxl
+NzI5LmNvbYIOZXhhbXBsZTczMC5jb22CDmV4YW1wbGU3MzEuY29tgg5leGFtcGxl
+NzMyLmNvbYIOZXhhbXBsZTczMy5jb22CDmV4YW1wbGU3MzQuY29tgg5leGFtcGxl
+NzM1LmNvbYIOZXhhbXBsZTczNi5jb22CDmV4YW1wbGU3MzcuY29tgg5leGFtcGxl
+NzM4LmNvbYIOZXhhbXBsZTczOS5jb22CDmV4YW1wbGU3NDAuY29tgg5leGFtcGxl
+NzQxLmNvbYIOZXhhbXBsZTc0Mi5jb22CDmV4YW1wbGU3NDMuY29tgg5leGFtcGxl
+NzQ0LmNvbYIOZXhhbXBsZTc0NS5jb22CDmV4YW1wbGU3NDYuY29tgg5leGFtcGxl
+NzQ3LmNvbYIOZXhhbXBsZTc0OC5jb22CDmV4YW1wbGU3NDkuY29tgg5leGFtcGxl
+NzUwLmNvbYIOZXhhbXBsZTc1MS5jb22CDmV4YW1wbGU3NTIuY29tgg5leGFtcGxl
+NzUzLmNvbYIOZXhhbXBsZTc1NC5jb22CDmV4YW1wbGU3NTUuY29tgg5leGFtcGxl
+NzU2LmNvbYIOZXhhbXBsZTc1Ny5jb22CDmV4YW1wbGU3NTguY29tgg5leGFtcGxl
+NzU5LmNvbYIOZXhhbXBsZTc2MC5jb22CDmV4YW1wbGU3NjEuY29tgg5leGFtcGxl
+NzYyLmNvbYIOZXhhbXBsZTc2My5jb22CDmV4YW1wbGU3NjQuY29tgg5leGFtcGxl
+NzY1LmNvbYIOZXhhbXBsZTc2Ni5jb22CDmV4YW1wbGU3NjcuY29tgg5leGFtcGxl
+NzY4LmNvbYIOZXhhbXBsZTc2OS5jb22CDmV4YW1wbGU3NzAuY29tgg5leGFtcGxl
+NzcxLmNvbYIOZXhhbXBsZTc3Mi5jb22CDmV4YW1wbGU3NzMuY29tgg5leGFtcGxl
+Nzc0LmNvbYIOZXhhbXBsZTc3NS5jb22CDmV4YW1wbGU3NzYuY29tgg5leGFtcGxl
+Nzc3LmNvbYIOZXhhbXBsZTc3OC5jb22CDmV4YW1wbGU3NzkuY29tgg5leGFtcGxl
+NzgwLmNvbYIOZXhhbXBsZTc4MS5jb22CDmV4YW1wbGU3ODIuY29tgg5leGFtcGxl
+NzgzLmNvbYIOZXhhbXBsZTc4NC5jb22CDmV4YW1wbGU3ODUuY29tgg5leGFtcGxl
+Nzg2LmNvbYIOZXhhbXBsZTc4Ny5jb22CDmV4YW1wbGU3ODguY29tgg5leGFtcGxl
+Nzg5LmNvbYIOZXhhbXBsZTc5MC5jb22CDmV4YW1wbGU3OTEuY29tgg5leGFtcGxl
+NzkyLmNvbYIOZXhhbXBsZTc5My5jb22CDmV4YW1wbGU3OTQuY29tgg5leGFtcGxl
+Nzk1LmNvbYIOZXhhbXBsZTc5Ni5jb22CDmV4YW1wbGU3OTcuY29tgg5leGFtcGxl
+Nzk4LmNvbYIOZXhhbXBsZTc5OS5jb22CDmV4YW1wbGU4MDAuY29tgg5leGFtcGxl
+ODAxLmNvbYIOZXhhbXBsZTgwMi5jb22CDmV4YW1wbGU4MDMuY29tgg5leGFtcGxl
+ODA0LmNvbYIOZXhhbXBsZTgwNS5jb22CDmV4YW1wbGU4MDYuY29tgg5leGFtcGxl
+ODA3LmNvbYIOZXhhbXBsZTgwOC5jb22CDmV4YW1wbGU4MDkuY29tgg5leGFtcGxl
+ODEwLmNvbYIOZXhhbXBsZTgxMS5jb22CDmV4YW1wbGU4MTIuY29tgg5leGFtcGxl
+ODEzLmNvbYIOZXhhbXBsZTgxNC5jb22CDmV4YW1wbGU4MTUuY29tgg5leGFtcGxl
+ODE2LmNvbYIOZXhhbXBsZTgxNy5jb22CDmV4YW1wbGU4MTguY29tgg5leGFtcGxl
+ODE5LmNvbYIOZXhhbXBsZTgyMC5jb22CDmV4YW1wbGU4MjEuY29tgg5leGFtcGxl
+ODIyLmNvbYIOZXhhbXBsZTgyMy5jb22CDmV4YW1wbGU4MjQuY29tgg5leGFtcGxl
+ODI1LmNvbYIOZXhhbXBsZTgyNi5jb22CDmV4YW1wbGU4MjcuY29tgg5leGFtcGxl
+ODI4LmNvbYIOZXhhbXBsZTgyOS5jb22CDmV4YW1wbGU4MzAuY29tgg5leGFtcGxl
+ODMxLmNvbYIOZXhhbXBsZTgzMi5jb22CDmV4YW1wbGU4MzMuY29tgg5leGFtcGxl
+ODM0LmNvbYIOZXhhbXBsZTgzNS5jb22CDmV4YW1wbGU4MzYuY29tgg5leGFtcGxl
+ODM3LmNvbYIOZXhhbXBsZTgzOC5jb22CDmV4YW1wbGU4MzkuY29tgg5leGFtcGxl
+ODQwLmNvbYIOZXhhbXBsZTg0MS5jb22CDmV4YW1wbGU4NDIuY29tgg5leGFtcGxl
+ODQzLmNvbYIOZXhhbXBsZTg0NC5jb22CDmV4YW1wbGU4NDUuY29tgg5leGFtcGxl
+ODQ2LmNvbYIOZXhhbXBsZTg0Ny5jb22CDmV4YW1wbGU4NDguY29tgg5leGFtcGxl
+ODQ5LmNvbYIOZXhhbXBsZTg1MC5jb22CDmV4YW1wbGU4NTEuY29tgg5leGFtcGxl
+ODUyLmNvbYIOZXhhbXBsZTg1My5jb22CDmV4YW1wbGU4NTQuY29tgg5leGFtcGxl
+ODU1LmNvbYIOZXhhbXBsZTg1Ni5jb22CDmV4YW1wbGU4NTcuY29tgg5leGFtcGxl
+ODU4LmNvbYIOZXhhbXBsZTg1OS5jb22CDmV4YW1wbGU4NjAuY29tgg5leGFtcGxl
+ODYxLmNvbYIOZXhhbXBsZTg2Mi5jb22CDmV4YW1wbGU4NjMuY29tgg5leGFtcGxl
+ODY0LmNvbYIOZXhhbXBsZTg2NS5jb22CDmV4YW1wbGU4NjYuY29tgg5leGFtcGxl
+ODY3LmNvbYIOZXhhbXBsZTg2OC5jb22CDmV4YW1wbGU4NjkuY29tgg5leGFtcGxl
+ODcwLmNvbYIOZXhhbXBsZTg3MS5jb22CDmV4YW1wbGU4NzIuY29tgg5leGFtcGxl
+ODczLmNvbYIOZXhhbXBsZTg3NC5jb22CDmV4YW1wbGU4NzUuY29tgg5leGFtcGxl
+ODc2LmNvbYIOZXhhbXBsZTg3Ny5jb22CDmV4YW1wbGU4NzguY29tgg5leGFtcGxl
+ODc5LmNvbYIOZXhhbXBsZTg4MC5jb22CDmV4YW1wbGU4ODEuY29tgg5leGFtcGxl
+ODgyLmNvbYIOZXhhbXBsZTg4My5jb22CDmV4YW1wbGU4ODQuY29tgg5leGFtcGxl
+ODg1LmNvbYIOZXhhbXBsZTg4Ni5jb22CDmV4YW1wbGU4ODcuY29tgg5leGFtcGxl
+ODg4LmNvbYIOZXhhbXBsZTg4OS5jb22CDmV4YW1wbGU4OTAuY29tgg5leGFtcGxl
+ODkxLmNvbYIOZXhhbXBsZTg5Mi5jb22CDmV4YW1wbGU4OTMuY29tgg5leGFtcGxl
+ODk0LmNvbYIOZXhhbXBsZTg5NS5jb22CDmV4YW1wbGU4OTYuY29tgg5leGFtcGxl
+ODk3LmNvbYIOZXhhbXBsZTg5OC5jb22CDmV4YW1wbGU4OTkuY29tgg5leGFtcGxl
+OTAwLmNvbYIOZXhhbXBsZTkwMS5jb22CDmV4YW1wbGU5MDIuY29tgg5leGFtcGxl
+OTAzLmNvbYIOZXhhbXBsZTkwNC5jb22CDmV4YW1wbGU5MDUuY29tgg5leGFtcGxl
+OTA2LmNvbYIOZXhhbXBsZTkwNy5jb22CDmV4YW1wbGU5MDguY29tgg5leGFtcGxl
+OTA5LmNvbYIOZXhhbXBsZTkxMC5jb22CDmV4YW1wbGU5MTEuY29tgg5leGFtcGxl
+OTEyLmNvbYIOZXhhbXBsZTkxMy5jb22CDmV4YW1wbGU5MTQuY29tgg5leGFtcGxl
+OTE1LmNvbYIOZXhhbXBsZTkxNi5jb22CDmV4YW1wbGU5MTcuY29tgg5leGFtcGxl
+OTE4LmNvbYIOZXhhbXBsZTkxOS5jb22CDmV4YW1wbGU5MjAuY29tgg5leGFtcGxl
+OTIxLmNvbYIOZXhhbXBsZTkyMi5jb22CDmV4YW1wbGU5MjMuY29tgg5leGFtcGxl
+OTI0LmNvbYIOZXhhbXBsZTkyNS5jb22CDmV4YW1wbGU5MjYuY29tgg5leGFtcGxl
+OTI3LmNvbYIOZXhhbXBsZTkyOC5jb22CDmV4YW1wbGU5MjkuY29tgg5leGFtcGxl
+OTMwLmNvbYIOZXhhbXBsZTkzMS5jb22CDmV4YW1wbGU5MzIuY29tgg5leGFtcGxl
+OTMzLmNvbYIOZXhhbXBsZTkzNC5jb22CDmV4YW1wbGU5MzUuY29tgg5leGFtcGxl
+OTM2LmNvbYIOZXhhbXBsZTkzNy5jb22CDmV4YW1wbGU5MzguY29tgg5leGFtcGxl
+OTM5LmNvbYIOZXhhbXBsZTk0MC5jb22CDmV4YW1wbGU5NDEuY29tgg5leGFtcGxl
+OTQyLmNvbYIOZXhhbXBsZTk0My5jb22CDmV4YW1wbGU5NDQuY29tgg5leGFtcGxl
+OTQ1LmNvbYIOZXhhbXBsZTk0Ni5jb22CDmV4YW1wbGU5NDcuY29tgg5leGFtcGxl
+OTQ4LmNvbYIOZXhhbXBsZTk0OS5jb22CDmV4YW1wbGU5NTAuY29tgg5leGFtcGxl
+OTUxLmNvbYIOZXhhbXBsZTk1Mi5jb22CDmV4YW1wbGU5NTMuY29tgg5leGFtcGxl
+OTU0LmNvbYIOZXhhbXBsZTk1NS5jb22CDmV4YW1wbGU5NTYuY29tgg5leGFtcGxl
+OTU3LmNvbYIOZXhhbXBsZTk1OC5jb22CDmV4YW1wbGU5NTkuY29tgg5leGFtcGxl
+OTYwLmNvbYIOZXhhbXBsZTk2MS5jb22CDmV4YW1wbGU5NjIuY29tgg5leGFtcGxl
+OTYzLmNvbYIOZXhhbXBsZTk2NC5jb22CDmV4YW1wbGU5NjUuY29tgg5leGFtcGxl
+OTY2LmNvbYIOZXhhbXBsZTk2Ny5jb22CDmV4YW1wbGU5NjguY29tgg5leGFtcGxl
+OTY5LmNvbYIOZXhhbXBsZTk3MC5jb22CDmV4YW1wbGU5NzEuY29tgg5leGFtcGxl
+OTcyLmNvbYIOZXhhbXBsZTk3My5jb22CDmV4YW1wbGU5NzQuY29tgg5leGFtcGxl
+OTc1LmNvbYIOZXhhbXBsZTk3Ni5jb22CDmV4YW1wbGU5NzcuY29tgg5leGFtcGxl
+OTc4LmNvbYIOZXhhbXBsZTk3OS5jb22CDmV4YW1wbGU5ODAuY29tgg5leGFtcGxl
+OTgxLmNvbYIOZXhhbXBsZTk4Mi5jb22CDmV4YW1wbGU5ODMuY29tgg5leGFtcGxl
+OTg0LmNvbYIOZXhhbXBsZTk4NS5jb22CDmV4YW1wbGU5ODYuY29tgg5leGFtcGxl
+OTg3LmNvbYIOZXhhbXBsZTk4OC5jb22CDmV4YW1wbGU5ODkuY29tgg5leGFtcGxl
+OTkwLmNvbYIOZXhhbXBsZTk5MS5jb22CDmV4YW1wbGU5OTIuY29tgg5leGFtcGxl
+OTkzLmNvbYIOZXhhbXBsZTk5NC5jb22CDmV4YW1wbGU5OTUuY29tgg5leGFtcGxl
+OTk2LmNvbYIOZXhhbXBsZTk5Ny5jb22CDmV4YW1wbGU5OTguY29tgg5leGFtcGxl
+OTk5LmNvbYIPZXhhbXBsZTEwMDAuY29tgg9leGFtcGxlMTAwMS5jb22CD2V4YW1w
+bGUxMDAyLmNvbYIPZXhhbXBsZTEwMDMuY29tgg9leGFtcGxlMTAwNC5jb22CD2V4
+YW1wbGUxMDA1LmNvbYIPZXhhbXBsZTEwMDYuY29tgg9leGFtcGxlMTAwNy5jb22C
+D2V4YW1wbGUxMDA4LmNvbYIPZXhhbXBsZTEwMDkuY29tgg9leGFtcGxlMTAxMC5j
+b22CD2V4YW1wbGUxMDExLmNvbYIPZXhhbXBsZTEwMTIuY29tgg9leGFtcGxlMTAx
+My5jb22CD2V4YW1wbGUxMDE0LmNvbYIPZXhhbXBsZTEwMTUuY29tgg9leGFtcGxl
+MTAxNi5jb22CD2V4YW1wbGUxMDE3LmNvbYIPZXhhbXBsZTEwMTguY29tgg9leGFt
+cGxlMTAxOS5jb22CD2V4YW1wbGUxMDIwLmNvbYIPZXhhbXBsZTEwMjEuY29tgg9l
+eGFtcGxlMTAyMi5jb22CD2V4YW1wbGUxMDIzLmNvbYIPZXhhbXBsZTEwMjQuY29t
+gg9leGFtcGxlMTAyNS5jb22CD2V4YW1wbGUxMDI2LmNvbYIPZXhhbXBsZTEwMjcu
+Y29tgg9leGFtcGxlMTAyOC5jb22CD2V4YW1wbGUxMDI5LmNvbYIPZXhhbXBsZTEw
+MzAuY29tgg9leGFtcGxlMTAzMS5jb22CD2V4YW1wbGUxMDMyLmNvbYIPZXhhbXBs
+ZTEwMzMuY29tgg9leGFtcGxlMTAzNC5jb22CD2V4YW1wbGUxMDM1LmNvbYIPZXhh
+bXBsZTEwMzYuY29tgg9leGFtcGxlMTAzNy5jb22CD2V4YW1wbGUxMDM4LmNvbYIP
+ZXhhbXBsZTEwMzkuY29tgg9leGFtcGxlMTA0MC5jb22CD2V4YW1wbGUxMDQxLmNv
+bYIPZXhhbXBsZTEwNDIuY29tgg9leGFtcGxlMTA0My5jb22CD2V4YW1wbGUxMDQ0
+LmNvbYIPZXhhbXBsZTEwNDUuY29tgg9leGFtcGxlMTA0Ni5jb22CD2V4YW1wbGUx
+MDQ3LmNvbYIPZXhhbXBsZTEwNDguY29tgg9leGFtcGxlMTA0OS5jb22CD2V4YW1w
+bGUxMDUwLmNvbTAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwDQYJKoZI
+hvcNAQELBQADggEBAAafsXELXxtWZERkGxkH1a6sXrqD9xdMUIu/Bf8QAKePLOLX
+VbJeGNW9UHCKA5jntP4BKP86/b+43KF3g8qMyphS9DBTvOZ+rbRe8z3K6ouTi4Cv
+4jxL0ej4QINeIEbNAC5GqVkSHnVB0ul5drsIXHEAHi72BTkSlFHOU0umlL99O8UG
+R++z7qkXJWjrHkUA7zVIS4pRne80AtDVd3WB3lCmG/hs9p8Dj7igUGfaQYF1T6uK
+zkgpT2PCjvVfXadTG9FTqe+MEkjOwpUqClJ0SS1Et7KF56Q++FdFx7msammI2SC+
+XrBKQPqYZviTlK1YepjwtXe1SxasL7tjabJuIyU=
 -----END CERTIFICATE-----
diff --git a/certs/test/gen-badsig.sh b/certs/test/gen-badsig.sh
index aafe06f97b..ca0b89d165 100755
--- a/certs/test/gen-badsig.sh
+++ b/certs/test/gen-badsig.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 generate() {
     # read in certificate and alter the last part of the signature
diff --git a/certs/test/gen-ext-certs.sh b/certs/test/gen-ext-certs.sh
index 27696fb079..65e8caca5c 100755
--- a/certs/test/gen-ext-certs.sh
+++ b/certs/test/gen-ext-certs.sh
@@ -531,6 +531,927 @@ DNS.127 = example127.com
 DNS.128 = example128.com
 DNS.129 = example129.com
 DNS.130 = example130.com
+DNS.131 = example131.com
+DNS.132 = example132.com
+DNS.133 = example133.com
+DNS.134 = example134.com
+DNS.135 = example135.com
+DNS.136 = example136.com
+DNS.137 = example137.com
+DNS.138 = example138.com
+DNS.139 = example139.com
+DNS.140 = example140.com
+DNS.141 = example141.com
+DNS.142 = example142.com
+DNS.143 = example143.com
+DNS.144 = example144.com
+DNS.145 = example145.com
+DNS.146 = example146.com
+DNS.147 = example147.com
+DNS.148 = example148.com
+DNS.149 = example149.com
+DNS.150 = example150.com
+DNS.151 = example151.com
+DNS.152 = example152.com
+DNS.153 = example153.com
+DNS.154 = example154.com
+DNS.155 = example155.com
+DNS.156 = example156.com
+DNS.157 = example157.com
+DNS.158 = example158.com
+DNS.159 = example159.com
+DNS.160 = example160.com
+DNS.161 = example161.com
+DNS.162 = example162.com
+DNS.163 = example163.com
+DNS.164 = example164.com
+DNS.165 = example165.com
+DNS.166 = example166.com
+DNS.167 = example167.com
+DNS.168 = example168.com
+DNS.169 = example169.com
+DNS.170 = example170.com
+DNS.171 = example171.com
+DNS.172 = example172.com
+DNS.173 = example173.com
+DNS.174 = example174.com
+DNS.175 = example175.com
+DNS.176 = example176.com
+DNS.177 = example177.com
+DNS.178 = example178.com
+DNS.179 = example179.com
+DNS.180 = example180.com
+DNS.181 = example181.com
+DNS.182 = example182.com
+DNS.183 = example183.com
+DNS.184 = example184.com
+DNS.185 = example185.com
+DNS.186 = example186.com
+DNS.187 = example187.com
+DNS.188 = example188.com
+DNS.189 = example189.com
+DNS.190 = example190.com
+DNS.191 = example191.com
+DNS.192 = example192.com
+DNS.193 = example193.com
+DNS.194 = example194.com
+DNS.195 = example195.com
+DNS.196 = example196.com
+DNS.197 = example197.com
+DNS.198 = example198.com
+DNS.199 = example199.com
+DNS.200 = example200.com
+DNS.201 = example201.com
+DNS.202 = example202.com
+DNS.203 = example203.com
+DNS.204 = example204.com
+DNS.205 = example205.com
+DNS.206 = example206.com
+DNS.207 = example207.com
+DNS.208 = example208.com
+DNS.209 = example209.com
+DNS.210 = example210.com
+DNS.211 = example211.com
+DNS.212 = example212.com
+DNS.213 = example213.com
+DNS.214 = example214.com
+DNS.215 = example215.com
+DNS.216 = example216.com
+DNS.217 = example217.com
+DNS.218 = example218.com
+DNS.219 = example219.com
+DNS.220 = example220.com
+DNS.221 = example221.com
+DNS.222 = example222.com
+DNS.223 = example223.com
+DNS.224 = example224.com
+DNS.225 = example225.com
+DNS.226 = example226.com
+DNS.227 = example227.com
+DNS.228 = example228.com
+DNS.229 = example229.com
+DNS.230 = example230.com
+DNS.231 = example231.com
+DNS.232 = example232.com
+DNS.233 = example233.com
+DNS.234 = example234.com
+DNS.235 = example235.com
+DNS.236 = example236.com
+DNS.237 = example237.com
+DNS.238 = example238.com
+DNS.239 = example239.com
+DNS.240 = example240.com
+DNS.241 = example241.com
+DNS.242 = example242.com
+DNS.243 = example243.com
+DNS.244 = example244.com
+DNS.245 = example245.com
+DNS.246 = example246.com
+DNS.247 = example247.com
+DNS.248 = example248.com
+DNS.249 = example249.com
+DNS.250 = example250.com
+DNS.251 = example251.com
+DNS.252 = example252.com
+DNS.253 = example253.com
+DNS.254 = example254.com
+DNS.255 = example255.com
+DNS.256 = example256.com
+DNS.257 = example257.com
+DNS.258 = example258.com
+DNS.259 = example259.com
+DNS.260 = example260.com
+DNS.261 = example261.com
+DNS.262 = example262.com
+DNS.263 = example263.com
+DNS.264 = example264.com
+DNS.265 = example265.com
+DNS.266 = example266.com
+DNS.267 = example267.com
+DNS.268 = example268.com
+DNS.269 = example269.com
+DNS.270 = example270.com
+DNS.271 = example271.com
+DNS.272 = example272.com
+DNS.273 = example273.com
+DNS.274 = example274.com
+DNS.275 = example275.com
+DNS.276 = example276.com
+DNS.277 = example277.com
+DNS.278 = example278.com
+DNS.279 = example279.com
+DNS.280 = example280.com
+DNS.281 = example281.com
+DNS.282 = example282.com
+DNS.283 = example283.com
+DNS.284 = example284.com
+DNS.285 = example285.com
+DNS.286 = example286.com
+DNS.287 = example287.com
+DNS.288 = example288.com
+DNS.289 = example289.com
+DNS.290 = example290.com
+DNS.291 = example291.com
+DNS.292 = example292.com
+DNS.293 = example293.com
+DNS.294 = example294.com
+DNS.295 = example295.com
+DNS.296 = example296.com
+DNS.297 = example297.com
+DNS.298 = example298.com
+DNS.299 = example299.com
+DNS.300 = example300.com
+DNS.301 = example301.com
+DNS.302 = example302.com
+DNS.303 = example303.com
+DNS.304 = example304.com
+DNS.305 = example305.com
+DNS.306 = example306.com
+DNS.307 = example307.com
+DNS.308 = example308.com
+DNS.309 = example309.com
+DNS.310 = example310.com
+DNS.311 = example311.com
+DNS.312 = example312.com
+DNS.313 = example313.com
+DNS.314 = example314.com
+DNS.315 = example315.com
+DNS.316 = example316.com
+DNS.317 = example317.com
+DNS.318 = example318.com
+DNS.319 = example319.com
+DNS.320 = example320.com
+DNS.321 = example321.com
+DNS.322 = example322.com
+DNS.323 = example323.com
+DNS.324 = example324.com
+DNS.325 = example325.com
+DNS.326 = example326.com
+DNS.327 = example327.com
+DNS.328 = example328.com
+DNS.329 = example329.com
+DNS.330 = example330.com
+DNS.331 = example331.com
+DNS.332 = example332.com
+DNS.333 = example333.com
+DNS.334 = example334.com
+DNS.335 = example335.com
+DNS.336 = example336.com
+DNS.337 = example337.com
+DNS.338 = example338.com
+DNS.339 = example339.com
+DNS.340 = example340.com
+DNS.341 = example341.com
+DNS.342 = example342.com
+DNS.343 = example343.com
+DNS.344 = example344.com
+DNS.345 = example345.com
+DNS.346 = example346.com
+DNS.347 = example347.com
+DNS.348 = example348.com
+DNS.349 = example349.com
+DNS.350 = example350.com
+DNS.351 = example351.com
+DNS.352 = example352.com
+DNS.353 = example353.com
+DNS.354 = example354.com
+DNS.355 = example355.com
+DNS.356 = example356.com
+DNS.357 = example357.com
+DNS.358 = example358.com
+DNS.359 = example359.com
+DNS.360 = example360.com
+DNS.361 = example361.com
+DNS.362 = example362.com
+DNS.363 = example363.com
+DNS.364 = example364.com
+DNS.365 = example365.com
+DNS.366 = example366.com
+DNS.367 = example367.com
+DNS.368 = example368.com
+DNS.369 = example369.com
+DNS.370 = example370.com
+DNS.371 = example371.com
+DNS.372 = example372.com
+DNS.373 = example373.com
+DNS.374 = example374.com
+DNS.375 = example375.com
+DNS.376 = example376.com
+DNS.377 = example377.com
+DNS.378 = example378.com
+DNS.379 = example379.com
+DNS.380 = example380.com
+DNS.381 = example381.com
+DNS.382 = example382.com
+DNS.383 = example383.com
+DNS.384 = example384.com
+DNS.385 = example385.com
+DNS.386 = example386.com
+DNS.387 = example387.com
+DNS.388 = example388.com
+DNS.389 = example389.com
+DNS.390 = example390.com
+DNS.391 = example391.com
+DNS.392 = example392.com
+DNS.393 = example393.com
+DNS.394 = example394.com
+DNS.395 = example395.com
+DNS.396 = example396.com
+DNS.397 = example397.com
+DNS.398 = example398.com
+DNS.399 = example399.com
+DNS.400 = example400.com
+DNS.401 = example401.com
+DNS.402 = example402.com
+DNS.403 = example403.com
+DNS.404 = example404.com
+DNS.405 = example405.com
+DNS.406 = example406.com
+DNS.407 = example407.com
+DNS.408 = example408.com
+DNS.409 = example409.com
+DNS.410 = example410.com
+DNS.411 = example411.com
+DNS.412 = example412.com
+DNS.413 = example413.com
+DNS.414 = example414.com
+DNS.415 = example415.com
+DNS.416 = example416.com
+DNS.417 = example417.com
+DNS.418 = example418.com
+DNS.419 = example419.com
+DNS.420 = example420.com
+DNS.421 = example421.com
+DNS.422 = example422.com
+DNS.423 = example423.com
+DNS.424 = example424.com
+DNS.425 = example425.com
+DNS.426 = example426.com
+DNS.427 = example427.com
+DNS.428 = example428.com
+DNS.429 = example429.com
+DNS.430 = example430.com
+DNS.431 = example431.com
+DNS.432 = example432.com
+DNS.433 = example433.com
+DNS.434 = example434.com
+DNS.435 = example435.com
+DNS.436 = example436.com
+DNS.437 = example437.com
+DNS.438 = example438.com
+DNS.439 = example439.com
+DNS.440 = example440.com
+DNS.441 = example441.com
+DNS.442 = example442.com
+DNS.443 = example443.com
+DNS.444 = example444.com
+DNS.445 = example445.com
+DNS.446 = example446.com
+DNS.447 = example447.com
+DNS.448 = example448.com
+DNS.449 = example449.com
+DNS.450 = example450.com
+DNS.451 = example451.com
+DNS.452 = example452.com
+DNS.453 = example453.com
+DNS.454 = example454.com
+DNS.455 = example455.com
+DNS.456 = example456.com
+DNS.457 = example457.com
+DNS.458 = example458.com
+DNS.459 = example459.com
+DNS.460 = example460.com
+DNS.461 = example461.com
+DNS.462 = example462.com
+DNS.463 = example463.com
+DNS.464 = example464.com
+DNS.465 = example465.com
+DNS.466 = example466.com
+DNS.467 = example467.com
+DNS.468 = example468.com
+DNS.469 = example469.com
+DNS.470 = example470.com
+DNS.471 = example471.com
+DNS.472 = example472.com
+DNS.473 = example473.com
+DNS.474 = example474.com
+DNS.475 = example475.com
+DNS.476 = example476.com
+DNS.477 = example477.com
+DNS.478 = example478.com
+DNS.479 = example479.com
+DNS.480 = example480.com
+DNS.481 = example481.com
+DNS.482 = example482.com
+DNS.483 = example483.com
+DNS.484 = example484.com
+DNS.485 = example485.com
+DNS.486 = example486.com
+DNS.487 = example487.com
+DNS.488 = example488.com
+DNS.489 = example489.com
+DNS.490 = example490.com
+DNS.491 = example491.com
+DNS.492 = example492.com
+DNS.493 = example493.com
+DNS.494 = example494.com
+DNS.495 = example495.com
+DNS.496 = example496.com
+DNS.497 = example497.com
+DNS.498 = example498.com
+DNS.499 = example499.com
+DNS.500 = example500.com
+DNS.501 = example501.com
+DNS.502 = example502.com
+DNS.503 = example503.com
+DNS.504 = example504.com
+DNS.505 = example505.com
+DNS.506 = example506.com
+DNS.507 = example507.com
+DNS.508 = example508.com
+DNS.509 = example509.com
+DNS.510 = example510.com
+DNS.511 = example511.com
+DNS.512 = example512.com
+DNS.513 = example513.com
+DNS.514 = example514.com
+DNS.515 = example515.com
+DNS.516 = example516.com
+DNS.517 = example517.com
+DNS.518 = example518.com
+DNS.519 = example519.com
+DNS.520 = example520.com
+DNS.521 = example521.com
+DNS.522 = example522.com
+DNS.523 = example523.com
+DNS.524 = example524.com
+DNS.525 = example525.com
+DNS.526 = example526.com
+DNS.527 = example527.com
+DNS.528 = example528.com
+DNS.529 = example529.com
+DNS.530 = example530.com
+DNS.531 = example531.com
+DNS.532 = example532.com
+DNS.533 = example533.com
+DNS.534 = example534.com
+DNS.535 = example535.com
+DNS.536 = example536.com
+DNS.537 = example537.com
+DNS.538 = example538.com
+DNS.539 = example539.com
+DNS.540 = example540.com
+DNS.541 = example541.com
+DNS.542 = example542.com
+DNS.543 = example543.com
+DNS.544 = example544.com
+DNS.545 = example545.com
+DNS.546 = example546.com
+DNS.547 = example547.com
+DNS.548 = example548.com
+DNS.549 = example549.com
+DNS.550 = example550.com
+DNS.551 = example551.com
+DNS.552 = example552.com
+DNS.553 = example553.com
+DNS.554 = example554.com
+DNS.555 = example555.com
+DNS.556 = example556.com
+DNS.557 = example557.com
+DNS.558 = example558.com
+DNS.559 = example559.com
+DNS.560 = example560.com
+DNS.561 = example561.com
+DNS.562 = example562.com
+DNS.563 = example563.com
+DNS.564 = example564.com
+DNS.565 = example565.com
+DNS.566 = example566.com
+DNS.567 = example567.com
+DNS.568 = example568.com
+DNS.569 = example569.com
+DNS.570 = example570.com
+DNS.571 = example571.com
+DNS.572 = example572.com
+DNS.573 = example573.com
+DNS.574 = example574.com
+DNS.575 = example575.com
+DNS.576 = example576.com
+DNS.577 = example577.com
+DNS.578 = example578.com
+DNS.579 = example579.com
+DNS.580 = example580.com
+DNS.581 = example581.com
+DNS.582 = example582.com
+DNS.583 = example583.com
+DNS.584 = example584.com
+DNS.585 = example585.com
+DNS.586 = example586.com
+DNS.587 = example587.com
+DNS.588 = example588.com
+DNS.589 = example589.com
+DNS.590 = example590.com
+DNS.591 = example591.com
+DNS.592 = example592.com
+DNS.593 = example593.com
+DNS.594 = example594.com
+DNS.595 = example595.com
+DNS.596 = example596.com
+DNS.597 = example597.com
+DNS.598 = example598.com
+DNS.599 = example599.com
+DNS.600 = example600.com
+DNS.601 = example601.com
+DNS.602 = example602.com
+DNS.603 = example603.com
+DNS.604 = example604.com
+DNS.605 = example605.com
+DNS.606 = example606.com
+DNS.607 = example607.com
+DNS.608 = example608.com
+DNS.609 = example609.com
+DNS.610 = example610.com
+DNS.611 = example611.com
+DNS.612 = example612.com
+DNS.613 = example613.com
+DNS.614 = example614.com
+DNS.615 = example615.com
+DNS.616 = example616.com
+DNS.617 = example617.com
+DNS.618 = example618.com
+DNS.619 = example619.com
+DNS.620 = example620.com
+DNS.621 = example621.com
+DNS.622 = example622.com
+DNS.623 = example623.com
+DNS.624 = example624.com
+DNS.625 = example625.com
+DNS.626 = example626.com
+DNS.627 = example627.com
+DNS.628 = example628.com
+DNS.629 = example629.com
+DNS.630 = example630.com
+DNS.631 = example631.com
+DNS.632 = example632.com
+DNS.633 = example633.com
+DNS.634 = example634.com
+DNS.635 = example635.com
+DNS.636 = example636.com
+DNS.637 = example637.com
+DNS.638 = example638.com
+DNS.639 = example639.com
+DNS.640 = example640.com
+DNS.641 = example641.com
+DNS.642 = example642.com
+DNS.643 = example643.com
+DNS.644 = example644.com
+DNS.645 = example645.com
+DNS.646 = example646.com
+DNS.647 = example647.com
+DNS.648 = example648.com
+DNS.649 = example649.com
+DNS.650 = example650.com
+DNS.651 = example651.com
+DNS.652 = example652.com
+DNS.653 = example653.com
+DNS.654 = example654.com
+DNS.655 = example655.com
+DNS.656 = example656.com
+DNS.657 = example657.com
+DNS.658 = example658.com
+DNS.659 = example659.com
+DNS.660 = example660.com
+DNS.661 = example661.com
+DNS.662 = example662.com
+DNS.663 = example663.com
+DNS.664 = example664.com
+DNS.665 = example665.com
+DNS.666 = example666.com
+DNS.667 = example667.com
+DNS.668 = example668.com
+DNS.669 = example669.com
+DNS.670 = example670.com
+DNS.671 = example671.com
+DNS.672 = example672.com
+DNS.673 = example673.com
+DNS.674 = example674.com
+DNS.675 = example675.com
+DNS.676 = example676.com
+DNS.677 = example677.com
+DNS.678 = example678.com
+DNS.679 = example679.com
+DNS.680 = example680.com
+DNS.681 = example681.com
+DNS.682 = example682.com
+DNS.683 = example683.com
+DNS.684 = example684.com
+DNS.685 = example685.com
+DNS.686 = example686.com
+DNS.687 = example687.com
+DNS.688 = example688.com
+DNS.689 = example689.com
+DNS.690 = example690.com
+DNS.691 = example691.com
+DNS.692 = example692.com
+DNS.693 = example693.com
+DNS.694 = example694.com
+DNS.695 = example695.com
+DNS.696 = example696.com
+DNS.697 = example697.com
+DNS.698 = example698.com
+DNS.699 = example699.com
+DNS.700 = example700.com
+DNS.701 = example701.com
+DNS.702 = example702.com
+DNS.703 = example703.com
+DNS.704 = example704.com
+DNS.705 = example705.com
+DNS.706 = example706.com
+DNS.707 = example707.com
+DNS.708 = example708.com
+DNS.709 = example709.com
+DNS.710 = example710.com
+DNS.711 = example711.com
+DNS.712 = example712.com
+DNS.713 = example713.com
+DNS.714 = example714.com
+DNS.715 = example715.com
+DNS.716 = example716.com
+DNS.717 = example717.com
+DNS.718 = example718.com
+DNS.719 = example719.com
+DNS.720 = example720.com
+DNS.721 = example721.com
+DNS.722 = example722.com
+DNS.723 = example723.com
+DNS.724 = example724.com
+DNS.725 = example725.com
+DNS.726 = example726.com
+DNS.727 = example727.com
+DNS.728 = example728.com
+DNS.729 = example729.com
+DNS.730 = example730.com
+DNS.731 = example731.com
+DNS.732 = example732.com
+DNS.733 = example733.com
+DNS.734 = example734.com
+DNS.735 = example735.com
+DNS.736 = example736.com
+DNS.737 = example737.com
+DNS.738 = example738.com
+DNS.739 = example739.com
+DNS.740 = example740.com
+DNS.741 = example741.com
+DNS.742 = example742.com
+DNS.743 = example743.com
+DNS.744 = example744.com
+DNS.745 = example745.com
+DNS.746 = example746.com
+DNS.747 = example747.com
+DNS.748 = example748.com
+DNS.749 = example749.com
+DNS.750 = example750.com
+DNS.751 = example751.com
+DNS.752 = example752.com
+DNS.753 = example753.com
+DNS.754 = example754.com
+DNS.755 = example755.com
+DNS.756 = example756.com
+DNS.757 = example757.com
+DNS.758 = example758.com
+DNS.759 = example759.com
+DNS.760 = example760.com
+DNS.761 = example761.com
+DNS.762 = example762.com
+DNS.763 = example763.com
+DNS.764 = example764.com
+DNS.765 = example765.com
+DNS.766 = example766.com
+DNS.767 = example767.com
+DNS.768 = example768.com
+DNS.769 = example769.com
+DNS.770 = example770.com
+DNS.771 = example771.com
+DNS.772 = example772.com
+DNS.773 = example773.com
+DNS.774 = example774.com
+DNS.775 = example775.com
+DNS.776 = example776.com
+DNS.777 = example777.com
+DNS.778 = example778.com
+DNS.779 = example779.com
+DNS.780 = example780.com
+DNS.781 = example781.com
+DNS.782 = example782.com
+DNS.783 = example783.com
+DNS.784 = example784.com
+DNS.785 = example785.com
+DNS.786 = example786.com
+DNS.787 = example787.com
+DNS.788 = example788.com
+DNS.789 = example789.com
+DNS.790 = example790.com
+DNS.791 = example791.com
+DNS.792 = example792.com
+DNS.793 = example793.com
+DNS.794 = example794.com
+DNS.795 = example795.com
+DNS.796 = example796.com
+DNS.797 = example797.com
+DNS.798 = example798.com
+DNS.799 = example799.com
+DNS.800 = example800.com
+DNS.801 = example801.com
+DNS.802 = example802.com
+DNS.803 = example803.com
+DNS.804 = example804.com
+DNS.805 = example805.com
+DNS.806 = example806.com
+DNS.807 = example807.com
+DNS.808 = example808.com
+DNS.809 = example809.com
+DNS.810 = example810.com
+DNS.811 = example811.com
+DNS.812 = example812.com
+DNS.813 = example813.com
+DNS.814 = example814.com
+DNS.815 = example815.com
+DNS.816 = example816.com
+DNS.817 = example817.com
+DNS.818 = example818.com
+DNS.819 = example819.com
+DNS.820 = example820.com
+DNS.821 = example821.com
+DNS.822 = example822.com
+DNS.823 = example823.com
+DNS.824 = example824.com
+DNS.825 = example825.com
+DNS.826 = example826.com
+DNS.827 = example827.com
+DNS.828 = example828.com
+DNS.829 = example829.com
+DNS.830 = example830.com
+DNS.831 = example831.com
+DNS.832 = example832.com
+DNS.833 = example833.com
+DNS.834 = example834.com
+DNS.835 = example835.com
+DNS.836 = example836.com
+DNS.837 = example837.com
+DNS.838 = example838.com
+DNS.839 = example839.com
+DNS.840 = example840.com
+DNS.841 = example841.com
+DNS.842 = example842.com
+DNS.843 = example843.com
+DNS.844 = example844.com
+DNS.845 = example845.com
+DNS.846 = example846.com
+DNS.847 = example847.com
+DNS.848 = example848.com
+DNS.849 = example849.com
+DNS.850 = example850.com
+DNS.851 = example851.com
+DNS.852 = example852.com
+DNS.853 = example853.com
+DNS.854 = example854.com
+DNS.855 = example855.com
+DNS.856 = example856.com
+DNS.857 = example857.com
+DNS.858 = example858.com
+DNS.859 = example859.com
+DNS.860 = example860.com
+DNS.861 = example861.com
+DNS.862 = example862.com
+DNS.863 = example863.com
+DNS.864 = example864.com
+DNS.865 = example865.com
+DNS.866 = example866.com
+DNS.867 = example867.com
+DNS.868 = example868.com
+DNS.869 = example869.com
+DNS.870 = example870.com
+DNS.871 = example871.com
+DNS.872 = example872.com
+DNS.873 = example873.com
+DNS.874 = example874.com
+DNS.875 = example875.com
+DNS.876 = example876.com
+DNS.877 = example877.com
+DNS.878 = example878.com
+DNS.879 = example879.com
+DNS.880 = example880.com
+DNS.881 = example881.com
+DNS.882 = example882.com
+DNS.883 = example883.com
+DNS.884 = example884.com
+DNS.885 = example885.com
+DNS.886 = example886.com
+DNS.887 = example887.com
+DNS.888 = example888.com
+DNS.889 = example889.com
+DNS.890 = example890.com
+DNS.891 = example891.com
+DNS.892 = example892.com
+DNS.893 = example893.com
+DNS.894 = example894.com
+DNS.895 = example895.com
+DNS.896 = example896.com
+DNS.897 = example897.com
+DNS.898 = example898.com
+DNS.899 = example899.com
+DNS.900 = example900.com
+DNS.901 = example901.com
+DNS.902 = example902.com
+DNS.903 = example903.com
+DNS.904 = example904.com
+DNS.905 = example905.com
+DNS.906 = example906.com
+DNS.907 = example907.com
+DNS.908 = example908.com
+DNS.909 = example909.com
+DNS.910 = example910.com
+DNS.911 = example911.com
+DNS.912 = example912.com
+DNS.913 = example913.com
+DNS.914 = example914.com
+DNS.915 = example915.com
+DNS.916 = example916.com
+DNS.917 = example917.com
+DNS.918 = example918.com
+DNS.919 = example919.com
+DNS.920 = example920.com
+DNS.921 = example921.com
+DNS.922 = example922.com
+DNS.923 = example923.com
+DNS.924 = example924.com
+DNS.925 = example925.com
+DNS.926 = example926.com
+DNS.927 = example927.com
+DNS.928 = example928.com
+DNS.929 = example929.com
+DNS.930 = example930.com
+DNS.931 = example931.com
+DNS.932 = example932.com
+DNS.933 = example933.com
+DNS.934 = example934.com
+DNS.935 = example935.com
+DNS.936 = example936.com
+DNS.937 = example937.com
+DNS.938 = example938.com
+DNS.939 = example939.com
+DNS.940 = example940.com
+DNS.941 = example941.com
+DNS.942 = example942.com
+DNS.943 = example943.com
+DNS.944 = example944.com
+DNS.945 = example945.com
+DNS.946 = example946.com
+DNS.947 = example947.com
+DNS.948 = example948.com
+DNS.949 = example949.com
+DNS.950 = example950.com
+DNS.951 = example951.com
+DNS.952 = example952.com
+DNS.953 = example953.com
+DNS.954 = example954.com
+DNS.955 = example955.com
+DNS.956 = example956.com
+DNS.957 = example957.com
+DNS.958 = example958.com
+DNS.959 = example959.com
+DNS.960 = example960.com
+DNS.961 = example961.com
+DNS.962 = example962.com
+DNS.963 = example963.com
+DNS.964 = example964.com
+DNS.965 = example965.com
+DNS.966 = example966.com
+DNS.967 = example967.com
+DNS.968 = example968.com
+DNS.969 = example969.com
+DNS.970 = example970.com
+DNS.971 = example971.com
+DNS.972 = example972.com
+DNS.973 = example973.com
+DNS.974 = example974.com
+DNS.975 = example975.com
+DNS.976 = example976.com
+DNS.977 = example977.com
+DNS.978 = example978.com
+DNS.979 = example979.com
+DNS.980 = example980.com
+DNS.981 = example981.com
+DNS.982 = example982.com
+DNS.983 = example983.com
+DNS.984 = example984.com
+DNS.985 = example985.com
+DNS.986 = example986.com
+DNS.987 = example987.com
+DNS.988 = example988.com
+DNS.989 = example989.com
+DNS.990 = example990.com
+DNS.991 = example991.com
+DNS.992 = example992.com
+DNS.993 = example993.com
+DNS.994 = example994.com
+DNS.995 = example995.com
+DNS.996 = example996.com
+DNS.997 = example997.com
+DNS.998 = example998.com
+DNS.999 = example999.com
+DNS.1000 = example1000.com
+DNS.1001 = example1001.com
+DNS.1002 = example1002.com
+DNS.1003 = example1003.com
+DNS.1004 = example1004.com
+DNS.1005 = example1005.com
+DNS.1006 = example1006.com
+DNS.1007 = example1007.com
+DNS.1008 = example1008.com
+DNS.1009 = example1009.com
+DNS.1010 = example1010.com
+DNS.1011 = example1011.com
+DNS.1012 = example1012.com
+DNS.1013 = example1013.com
+DNS.1014 = example1014.com
+DNS.1015 = example1015.com
+DNS.1016 = example1016.com
+DNS.1017 = example1017.com
+DNS.1018 = example1018.com
+DNS.1019 = example1019.com
+DNS.1020 = example1020.com
+DNS.1021 = example1021.com
+DNS.1022 = example1022.com
+DNS.1023 = example1023.com
+DNS.1024 = example1024.com
+DNS.1025 = example1025.com
+DNS.1026 = example1026.com
+DNS.1027 = example1027.com
+DNS.1028 = example1028.com
+DNS.1029 = example1029.com
+DNS.1030 = example1030.com
+DNS.1031 = example1031.com
+DNS.1032 = example1032.com
+DNS.1033 = example1033.com
+DNS.1034 = example1034.com
+DNS.1035 = example1035.com
+DNS.1036 = example1036.com
+DNS.1037 = example1037.com
+DNS.1038 = example1038.com
+DNS.1039 = example1039.com
+DNS.1040 = example1040.com
+DNS.1041 = example1041.com
+DNS.1042 = example1042.com
+DNS.1043 = example1043.com
+DNS.1044 = example1044.com
+DNS.1045 = example1045.com
+DNS.1046 = example1046.com
+DNS.1047 = example1047.com
+DNS.1048 = example1048.com
+DNS.1049 = example1049.com
+DNS.1050 = example1050.com
+
 
 EOF
 gen_cert
diff --git a/cmake/Config.cmake.in b/cmake/Config.cmake.in
index 19d60ed7ea..99d5ed8f05 100644
--- a/cmake/Config.cmake.in
+++ b/cmake/Config.cmake.in
@@ -1,3 +1,3 @@
-@PACKAGE_INIT@
-
-include ( "${CMAKE_CURRENT_LIST_DIR}/wolfssl-targets.cmake" )
+@PACKAGE_INIT@
+
+include ( "${CMAKE_CURRENT_LIST_DIR}/wolfssl-targets.cmake" )
diff --git a/cmake/functions.cmake b/cmake/functions.cmake
index ebba36948b..3c8832c2c3 100644
--- a/cmake/functions.cmake
+++ b/cmake/functions.cmake
@@ -78,10 +78,10 @@ function(generate_build_flags)
     if(WOLFSSL_AESCCM OR WOLFSSL_USER_SETTINGS)
         set(BUILD_AESCCM "yes" PARENT_SCOPE)
     endif()
-    set(BUILD_ARM_ASM ${WOLFSSL_ARM_ASM} PARENT_SCOPE)
+    set(BUILD_ARMASM ${WOLFSSL_ARM_ASM} PARENT_SCOPE)
     set(BUILD_XILINX ${WOLFSSL_XILINX} PARENT_SCOPE)
     set(BUILD_AESNI ${WOLFSSL_AESNI} PARENT_SCOPE)
-    set(BUILD_INTEL_ASM ${WOLFSSL_INTEL_ASM} PARENT_SCOPE)
+    set(BUILD_INTELASM ${WOLFSSL_INTEL_ASM} PARENT_SCOPE)
     set(BUILD_AFALG ${WOLFSSL_AFALG} PARENT_SCOPE)
     set(BUILD_DEVCRYPTO ${WOLFSSL_DEVCRYPTO} PARENT_SCOPE)
     if(WOLFSSL_CAMELLIA OR WOLFSSL_USER_SETTINGS)
@@ -198,6 +198,9 @@ function(generate_build_flags)
     if(WOLFSSL_XCHACHA OR WOLFSSL_USER_SETTINGS)
         set(BUILD_XCHACHA "yes" PARENT_SCOPE)
     endif()
+    if(WOLFSSL_KYBER OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_WC_KYBER "yes" PARENT_SCOPE)
+    endif()
     if(WOLFSSL_OQS OR WOLFSSL_USER_SETTINGS)
         set(BUILD_FALCON "yes" PARENT_SCOPE)
         set(BUILD_SPHINCS "yes" PARENT_SCOPE)
@@ -396,6 +399,10 @@ function(generate_lib_src_list LIB_SOURCES)
 
               if(BUILD_SHA3)
                    list(APPEND LIB_SOURCES wolfcrypt/src/sha3.c)
+
+                   if(BUILD_INTELASM)
+                        list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S)
+                   endif()
               endif()
 
               if(BUILD_DH)
@@ -579,6 +586,10 @@ function(generate_lib_src_list LIB_SOURCES)
 
          if(NOT BUILD_FIPS_V2 AND BUILD_SHA3)
               list(APPEND LIB_SOURCES wolfcrypt/src/sha3.c)
+
+              if(BUILD_INTELASM)
+                   list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S)
+              endif()
          endif()
     endif()
 
@@ -794,6 +805,15 @@ function(generate_lib_src_list LIB_SOURCES)
               list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c)
          endif()
 
+         if(BUILD_WC_KYBER)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_kyber.c)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_kyber_poly.c)
+
+              if(BUILD_INTELASM)
+                   list(APPEND LIB_SOURCES wolfcrypt/src/wc_kyber_asm.S)
+              endif()
+         endif()
+
          if(BUILD_EXT_KYBER)
               list(APPEND LIB_SOURCES wolfcrypt/src/ext_kyber.c)
          endif()
diff --git a/cmake/options.h.in b/cmake/options.h.in
index 71d9d4e6d0..f63953627b 100644
--- a/cmake/options.h.in
+++ b/cmake/options.h.in
@@ -86,6 +86,8 @@ extern "C" {
 #cmakedefine HAVE_CRL
 #undef HAVE_CRL_IO
 #cmakedefine HAVE_CRL_IO
+#undef WOLFSSL_CUSTOM_CURVES
+#cmakedefine WOLFSSL_CUSTOM_CURVES
 #undef HAVE_CURVE25519
 #cmakedefine HAVE_CURVE25519
 #undef HAVE_CURVE448
@@ -368,6 +370,16 @@ extern "C" {
 #cmakedefine WOLFSSL_WC_KYBER
 #undef NO_WOLFSSL_STUB
 #cmakedefine NO_WOLFSSL_STUB
+#undef HAVE_ECC_SECPR2
+#cmakedefine HAVE_ECC_SECPR2
+#undef HAVE_ECC_SECPR3
+#cmakedefine HAVE_ECC_SECPR3
+#undef HAVE_ECC_BRAINPOOL
+#cmakedefine HAVE_ECC_BRAINPOOL
+#undef HAVE_ECC_KOBLITZ
+#cmakedefine HAVE_ECC_KOBLITZ
+#undef HAVE_ECC_CDH
+#cmakedefine HAVE_ECC_CDH
 
 #ifdef __cplusplus
 }
diff --git a/commit-tests.sh b/commit-tests.sh
index ab5b5010d3..e7ba76f03b 100755
--- a/commit-tests.sh
+++ b/commit-tests.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #commit-tests.sh
 
diff --git a/configure.ac b/configure.ac
index 1d8eb993b2..e07b0bb115 100644
--- a/configure.ac
+++ b/configure.ac
@@ -69,7 +69,7 @@ AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
        AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
        ])
 
-WOLFSSL_BUILD_DATE=$(date -R)
+WOLFSSL_BUILD_DATE=$(LC_TIME=C date +"%a, %d %b %Y %T %z")
 AC_SUBST([WOLFSSL_BUILD_DATE])
 
 
@@ -217,11 +217,17 @@ AC_ARG_ENABLE([debug-trace-errcodes],
     [ ENABLED_DEBUG_TRACE_ERRCODES=no ]
     )
 
-if test "$ENABLED_DEBUG_TRACE_ERRCODES" = "yes"
+if test "$ENABLED_DEBUG_TRACE_ERRCODES" != "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEBUG_TRACE_ERROR_CODES"
 fi
 
+if test "$ENABLED_DEBUG_TRACE_ERRCODES" = "backtrace"
+then
+    AM_CFLAGS="$AM_CFLAGS -g -funwind-tables -DWOLFSSL_DEBUG_BACKTRACE_ERROR_CODES"
+    AM_LDFLAGS="$AM_LDFLAGS -lbacktrace"
+fi
+
 # Start without certificates enabled and enable if a certificate algorithm is
 # enabled
 ENABLED_CERTS="no"
@@ -310,7 +316,6 @@ then
 fi
 AC_SUBST([ENABLED_ASM])
 
-
 # Default math is SP Math all and not fast math
 # FIPS v1 and v2 must use fast math
 DEF_SP_MATH="yes"
@@ -333,9 +338,9 @@ then
     test -z "$enable_all_crypto" && enable_all_crypto=yes
     test -z "$enable_opensslcoexist" && enable_opensslcoexist=yes
     test -z "$enable_sha" && enable_sha=yes
-    test -z "$enable_eccminsz" && enable_eccminsz=192
+    test -z "$with_eccminsz" && with_eccminsz=192
     test -z "$with_max_ecc_bits" && with_max_ecc_bits=1024
-    AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFPROVIDER -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
 fi
 
 # wolfEngine Options
@@ -345,6 +350,11 @@ AC_ARG_ENABLE([engine],
     [ ENABLED_WOLFENGINE=no ]
     )
 
+if test "x$ENABLED_WOLFENGINE" != "xno"
+then
+    test -z "$with_eccminsz" && with_eccminsz=192
+fi
+
 AS_CASE([$ENABLED_WOLFENGINE],
     [no],[
         ENABLED_WOLFENGINE="no"
@@ -748,14 +758,14 @@ fi
 
 # fastmath
 AC_ARG_ENABLE([fastmath],
-    [AS_HELP_STRING([--enable-fastmath],[Enable fast math ops (default: disabled)])],
+    [AS_HELP_STRING([--enable-fastmath],[Enable legacy Tom's Fast Math back end (default: disabled)])],
     [ ENABLED_FASTMATH=$enableval ],
     [ ENABLED_FASTMATH=$DEF_FAST_MATH ]
     )
 
 # fast HUGE math
 AC_ARG_ENABLE([fasthugemath],
-    [AS_HELP_STRING([--enable-fasthugemath],[Enable fast math + huge code (default: disabled)])],
+    [AS_HELP_STRING([--enable-fasthugemath],[Enable legacy Tom's Fast Math + huge code (default: disabled)])],
     [ ENABLED_FASTHUGEMATH=$enableval ],
     [ ENABLED_FASTHUGEMATH=no ]
     )
@@ -779,6 +789,69 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_BUILD"
 fi
 
+
+AC_ARG_ENABLE([leanpsk],
+    [AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
+    [ ENABLED_LEANPSK=$enableval ],
+    [ ENABLED_LEANPSK=no ]
+    )
+
+if test "$ENABLED_LEANPSK" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
+    ENABLED_SLOWMATH="no"
+    ENABLED_SINGLETHREADED="yes"
+    enable_lowresource=yes
+fi
+
+
+# ASN
+
+# disabling ASN implicitly disables certs, RSA, DSA, and ECC,
+# and also disables MPI unless DH is enabled.
+
+# turn off ASN if leanpsk on
+if test "$ENABLED_LEANPSK" = "yes"
+then
+    enable_asn=no
+fi
+
+AC_ARG_ENABLE([asn],
+    [AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
+    [ ENABLED_ASN=$enableval ],
+    [ ENABLED_ASN=yes ]
+    )
+
+for v in `echo $ENABLED_ASN | tr "," " "`
+do
+    case $v in
+    all)
+        # Enable all ASN features
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
+        ENABLED_ASN=yes
+        ;;
+    template | yes)
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
+        ENABLED_ASN=yes
+        ;;
+    original)
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL"
+        ;;
+    nocrypt)
+        AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
+        enable_pwdbased=no
+        ;;
+    no)
+        AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
+        enable_pwdbased=no
+        ;;
+    *)
+        AC_MSG_ERROR([Invalid asn option. Valid are: all, template/yes, original, nocrypt or no. Seen: $ENABLED_ASN.])
+        break;;
+esac
+done
+
+
 # if sp-math-all is not set, then enable fast math
 if test "x$ENABLED_FASTMATH" = "xyes" && test "$enable_sp_math_all" = "" && test "$enable_sp_math" = ""
 then
@@ -830,6 +903,8 @@ AC_ARG_ENABLE([all],
     )
 if test "$ENABLED_ALL" = "yes"
 then
+    enable_all_crypto=yes
+
     test "$enable_dtls" = "" && enable_dtls=yes
     if test "x$FIPS_VERSION" != "xv1"
     then
@@ -837,62 +912,6 @@ then
         test "$enable_rsapss" = "" && enable_rsapss=yes
     fi
 
-    # this set is also enabled by enable-all-crypto:
-    test "$enable_atomicuser" = "" && enable_atomicuser=yes
-    test "$enable_aesgcm" = "" && enable_aesgcm=yes
-    test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
-    test "$enable_aesccm" = "" && enable_aesccm=yes
-    test "$enable_aesctr" = "" && enable_aesctr=yes
-    test "$enable_aeseax" = "" && enable_aeseax=yes
-    test "$enable_aesofb" = "" && enable_aesofb=yes
-    test "$enable_aescfb" = "" && enable_aescfb=yes
-    test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
-    test "$enable_camellia" = "" && enable_camellia=yes
-    test "$enable_ripemd" = "" && enable_ripemd=yes
-    test "$enable_sha224" = "" && enable_sha224=yes
-    test "$enable_sha512" = "" && enable_sha512=yes
-    test "$enable_sha3" = "" && enable_sha3=yes
-    test "$enable_shake128" = "" && enable_shake128=yes
-    test "$enable_shake256" = "" && enable_shake256=yes
-    test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
-    test "$enable_keygen" = "" && enable_keygen=yes
-    test "$enable_certgen" = "" && enable_certgen=yes
-    test "$enable_certreq" = "" && enable_certreq=yes
-    test "$enable_certext" = "" && enable_certext=yes
-    test "$enable_sep" = "" && enable_sep=yes
-    test "$enable_hkdf" = "" && enable_hkdf=yes
-    test "$enable_curve25519" = "" && enable_curve25519=yes
-    test "$enable_curve448" = "" && enable_curve448=yes
-    test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes
-    test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes
-    test "$enable_psk" = "" && enable_psk=yes
-    test "$enable_cmac" = "" && enable_cmac=yes
-    test "$enable_siphash" = "" && enable_siphash=yes
-    test "$enable_ocsp" = "" && enable_ocsp=yes
-    test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
-    test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes
-    test "$enable_crl" = "" && enable_crl=yes
-    test "$enable_supportedcurves" = "" && enable_supportedcurves=yes
-    test "$enable_tlsx" = "" && enable_tlsx=yes
-    test "$enable_pwdbased" = "" && enable_pwdbased=yes
-    test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes
-    test "$enable_x963kdf" = "" && enable_x963kdf=yes
-    test "$enable_scrypt" = "" && test "$enable_hmac" != "no" && enable_scrypt=yes
-    test "$enable_indef" = "" && enable_indef=yes
-    test "$enable_enckeys" = "" && enable_enckeys=yes
-    test "$enable_hashflags" = "" && enable_hashflags=yes
-    test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes
-    test "$enable_base64encode" = "" && enable_base64encode=yes
-    test "$enable_base16" = "" && enable_base16=yes
-    test "$enable_arc4" = "" && enable_arc4=yes
-    test "$enable_blake2" = "" && enable_blake2=yes
-    test "$enable_blake2s" = "" && enable_blake2s=yes
-    test "$enable_md2" = "" && enable_md2=yes
-    test "$enable_md4" = "" && enable_md4=yes
-    test "$enable_cryptocb" = "" && enable_cryptocb=yes
-    test "$enable_anon" = "" && enable_anon=yes
-    test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
-
     test "$enable_savesession" = "" && enable_savesession=yes
     test "$enable_savecert" = "" && enable_savecert=yes
     test "$enable_postauth" = "" && enable_postauth=yes
@@ -908,25 +927,16 @@ then
     test "$enable_session_ticket" = "" && enable_session_ticket=yes
     test "$enable_earlydata" = "" && enable_earlydata=yes
     test "$enable_ech" = "" && enable_ech=yes
-    test "$enable_srtp" = "" && enable_srtp=yes
     test "$enable_rpk" = "" && enable_rpk=yes
 
     if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
     then
-        test "$enable_compkey" = "" && enable_compkey=yes
         test "$enable_quic" = "" && test "$enable_cryptonly" != "yes" && enable_quic=yes
         AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
     fi
 
-    # sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
     if test "$ENABLED_SP_MATH" = "no"
     then
-        test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
-        if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
-            test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
-            test "$enable_brainpool" = "" && enable_brainpool=yes
-        fi
-        test "$enable_srp" = "" && enable_srp=yes
         # linuxkm is incompatible with opensslextra and its dependents.
         if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
         then
@@ -955,16 +965,8 @@ then
 
     if test "$ENABLED_FIPS" = "no"
     then
-        test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
-        test "$enable_xchacha" = "" && test "$enable_chacha" != "no" && enable_xchacha=yes
         test "$enable_scep" = "" && enable_scep=yes
-        test "$enable_pkcs7" = "" && enable_pkcs7=yes
-        test "$enable_nullcipher" = "" && enable_nullcipher=yes
         test "$enable_mcast" = "" && enable_mcast=yes
-        test "$enable_ed25519" = "" && enable_ed25519=yes
-        test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes
-        test "$enable_ed448" = "" && enable_ed448=yes
-        test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
 
         if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
         then
@@ -972,52 +974,120 @@ then
             test "$enable_stunnel" = "" && enable_stunnel=yes
             test "$enable_curl" = "" && enable_curl=yes
             test "$enable_tcpdump" = "" && enable_tcpdump=yes
-
-            test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
-            test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
         fi
     fi
 
-    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6 || test "$FIPS_VERSION" = "v5-dev"; then
-        test "$enable_aesxts" = "" && enable_aesxts=yes
-        test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && (test "$enable_armasm" = "" || test "$enable_armasm" = "no") && enable_aesxts_stream=yes
-        test "$enable_aessiv" = "" && enable_aessiv=yes
+    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
+    then
+        test "$enable_srtp" = "" && enable_srtp=yes
     fi
 
-    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
-        test "$enable_des3" = "" && enable_des3=yes
-    fi
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
 
-    # Enable DH const table speedups (eliminates `-lm` math lib dependency)
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
-    DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
+    # Certificate extensions and alt. names for FPKI use
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC"
 
-    # Enable multiple attribute additions such as DC
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB"
+    # Handle as many subject/issuer name OIDs as possible
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_NAME_ALL"
 
-    # Enable AES Decrypt, AES ECB
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB"
+    # More thorough error queue usage.
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERBOSE_ERRORS"
+fi
 
-    # Enable Alt Names, DER Load, Keep Certs, CRL IO with Timeout
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
 
-    # Enable DH Extra
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
+# Auto-selected activation of all applicable asm accelerations
 
-    # Enable deterministic ECC signing API with variant
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT"
+# Enable asm automatically only if the compiler advertises itself as full Gnu C.
+if "$CC" $AM_CFLAGS $CPPFLAGS $CFLAGS -x c - -o /dev/null >/dev/null 2>&1 <<'    EOF'
+    #include <stdlib.h>
+    int main(int argc, char **argv) {
+        (void)argc; (void)argv;
+    #ifdef __STRICT_ANSI__
+        #error __STRICT_ANSI__
+    #endif
+    #ifndef __GNUC__
+        #error !__GNUC__
+    #endif
+        return 0;
+    }
+    EOF
+then
+    HAVE_GNUC=yes
+fi
+
+if test "$enable_all_crypto" = "yes" &&
+   test "$ENABLED_LINUXKM_DEFAULTS" = "no" &&
+   test "$ENABLED_ASM" != "no" &&
+   test "$HAVE_GNUC" = "yes" &&
+   test "$enable_sp_asm" != "no" &&
+   test "$enable_intelasm" != "no" &&
+   test "$enable_armasm" != "no" &&
+   test "$enable_afalg" != "yes" &&
+   test "$ENABLED_32BIT" = "no"
+then
+    DEFAULT_ENABLED_ALL_ASM=yes
+else
+    DEFAULT_ENABLED_ALL_ASM=no
+fi
 
-    # Store issuer name components when parsing certificates.
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES"
+AC_ARG_ENABLE([all-asm],
+    [AS_HELP_STRING([--enable-all-asm],[Enable all applicable assembly accelerations (default: disabled)])],
+    [ ENABLED_ALL_ASM=$enableval ],
+    [ ENABLED_ALL_ASM=$DEFAULT_ENABLED_ALL_ASM ]
+    )
 
-    # Certificate extensions and alt. names for FPKI use
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC"
+if test "$ENABLED_ALL_ASM" != "no"
+then
+    if test "$ENABLED_ASM" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-asm])
+    fi
 
-    # Handle as many subject/issuer name OIDs as possible
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_NAME_ALL"
+    if test "$enable_sp_asm" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-sp-asm])
+    fi
 
-    # More thorough error queue usage.
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERBOSE_ERRORS"
+    if test "$enable_intelasm" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-intelasm])
+    fi
+
+    if test "$enable_armasm" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-armasm])
+    fi
+
+    case "$host_cpu" in
+        *x86_64*|*amd64*)
+            if test "$enable_intelasm" = ""
+            then
+                enable_intelasm=yes
+            fi
+            if test "$ENABLED_SP" != "no"
+            then
+                ENABLED_SP_ASM=yes
+                if test "$ENABLED_SP" = ""
+                then
+                    ENABLED_SP=yes
+                fi
+            fi
+            ;;
+        *aarch64*)
+            if test "$enable_armasm" = ""
+            then
+               enable_armasm=yes
+            fi
+            if test "$ENABLED_SP" != "no"
+            then
+                ENABLED_SP_ASM=yes
+                if test "$ENABLED_SP" = ""
+                then
+                    ENABLED_SP=yes
+                fi
+            fi
+            ;;
+    esac
 fi
 
 
@@ -1031,7 +1101,6 @@ if test "$ENABLED_ALL_CRYPT" = "yes"
 then
     test "$enable_atomicuser" = "" && enable_atomicuser=yes
     test "$enable_aesgcm" = "" && enable_aesgcm=yes
-    test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
     test "$enable_aesccm" = "" && enable_aesccm=yes
     test "$enable_aesctr" = "" && enable_aesctr=yes
     test "$enable_aeseax" = "" && enable_aeseax=yes
@@ -1043,8 +1112,6 @@ then
     test "$enable_sha224" = "" && enable_sha224=yes
     test "$enable_sha512" = "" && enable_sha512=yes
     test "$enable_sha3" = "" && enable_sha3=yes
-    test "$enable_shake128" = "" && enable_shake128=yes
-    test "$enable_shake256" = "" && enable_shake256=yes
     test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
     test "$enable_keygen" = "" && enable_keygen=yes
     test "$enable_certgen" = "" && enable_certgen=yes
@@ -1080,16 +1147,10 @@ then
     test "$enable_blake2s" = "" && enable_blake2s=yes
     test "$enable_md2" = "" && enable_md2=yes
     test "$enable_md4" = "" && enable_md4=yes
-    test "$enable_cryptocb" = "" && enable_cryptocb=yes
     test "$enable_anon" = "" && enable_anon=yes
     test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
-    test "$enable_srtp_kdf" = "" && enable_srtp_kdf=yes
-
-    if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
-    then
-        test "$enable_compkey" = "" && enable_compkey=yes
-    fi
 
+    # sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
     if test "$ENABLED_SP_MATH" = "no"
     then
         test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
@@ -1102,6 +1163,7 @@ then
 
     if test "$ENABLED_FIPS" = "no"
     then
+        test "$enable_cryptocb" = "" && enable_cryptocb=yes
         test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
         test "$enable_xchacha" = "" && test "$enable_chacha" != "no" && enable_xchacha=yes
         test "$enable_pkcs7" = "" && enable_pkcs7=yes
@@ -1118,25 +1180,31 @@ then
         fi
     fi
 
-    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6 || test "$FIPS_VERSION" = "v5-dev"; then
+    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
+    then
+        test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
         test "$enable_aesxts" = "" && enable_aesxts=yes
         test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && (test "$enable_armasm" = "" || test "$enable_armasm" = "no") && enable_aesxts_stream=yes
         test "$enable_aessiv" = "" && enable_aessiv=yes
+        test "$enable_shake128" = "" && enable_shake128=yes
+        test "$enable_shake256" = "" && enable_shake256=yes
+        test "$enable_compkey" = "" && test "$ENABLED_LINUXKM_DEFAULTS" != "yes" && enable_compkey=yes
+        # AFALG lacks AES-ECB
+        test "$enable_srtp_kdf" = "" && test "$enable_afalg" != "yes" && enable_srtp_kdf=yes
     fi
 
     if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
         test "$enable_des3" = "" && enable_des3=yes
     fi
 
-    # Enable AES Decrypt, AES ECB, Alt Names, DER Load
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES"
 
     # Enable DH const table speedups (eliminates `-lm` math lib dependency)
     AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
     DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
 
-    # Enable multiple attribute additions such as DC
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB"
+    # Enable all parsing features for ASN */
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
 
     # Enable DH Extra
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
@@ -1229,8 +1297,8 @@ do
   1024)
     ENABLED_KYBER1024=yes
     ;;
-  ml-kem)
-    ENABLED_ML_KEM=yes
+  original)
+    ENABLED_ORIGINAL=yes
     ;;
   *)
     AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.])
@@ -1240,7 +1308,6 @@ done
 
 if test "$ENABLED_KYBER" != "no"
 then
-    AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([KYBER requires --enable-experimental.]) ])
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_KYBER"
     # Use liboqs if specified.
     if test "$ENABLED_LIBOQS" = "no"; then
@@ -1258,8 +1325,8 @@ then
     if test "$ENABLED_KYBER1024" = ""; then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
     fi
-    if test "$ENABLED_ML_KEM" = "yes"; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ML_KEM"
+    if test "$ENABLED_ORIGINAL" = "yes"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_ORIGINAL"
     fi
 
     if test "$ENABLED_WC_KYBER" = "yes"
@@ -1327,6 +1394,9 @@ do
   87)
     ENABLED_MLDSA87=yes
     ;;
+  draft|fips204-draft)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_FIPS204_DRAFT"
+    ;;
   *)
     AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87]: $ENABLED_DILITHIUM.])
     break;;
@@ -1335,7 +1405,6 @@ done
 
 if test "$ENABLED_DILITHIUM" != "no"
 then
-    AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([DILITHIUM requires --enable-experimental.]) ])
     AM_CFLAGS="$AM_CFLAGS -DHAVE_DILITHIUM"
 
     if test "$ENABLED_MLDSA44" = ""; then
@@ -1817,6 +1886,7 @@ AC_ARG_ENABLE([mcast],
 # OpenLDAP (--enable-openldap)
 # hitch (--enable-hitch)
 # memcached (--enable-memcached)
+# Mosquitto (--enable-mosquitto) HAVE_MOSQUITTO
 
 # Bind DNS compatibility Build
 AC_ARG_ENABLE([bind],
@@ -1880,12 +1950,25 @@ AC_ARG_ENABLE([openldap],
     [ ENABLED_OPENLDAP=no ]
     )
 
+# Mosquitto support
+AC_ARG_ENABLE([mosquitto],
+    [AS_HELP_STRING([--enable-mosquitto],[Enable Mosquitto support (default: disabled)])],
+    [ ENABLED_MOSQUITTO=$enableval ],
+    [ ENABLED_MOSQUITTO=no ]
+    )
+
+if test "x$ENABLED_MOSQUITTO" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_MOSQUITTO"
+fi
+
 # lighty Support
 AC_ARG_ENABLE([lighty],
     [AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])],
     [ ENABLED_LIGHTY=$enableval ],
     [ ENABLED_LIGHTY=no ]
     )
+
 # rsyslog Support
 AC_ARG_ENABLE([rsyslog],
     [AS_HELP_STRING([--enable-rsyslog],[Enable rsyslog (default: disabled)])],
@@ -1973,7 +2056,7 @@ AC_ARG_ENABLE([ffmpeg],
     )
 
 
-#IP alternative name Support
+# IP alternative name Support
 AC_ARG_ENABLE([ip-alt-name],
     [AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])],
     [ ENABLE_IP_ALT_NAME=$enableval ],
@@ -1985,7 +2068,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME"
 fi
 
-#Qt Support
+# QT Support
 AC_ARG_ENABLE([qt],
     [AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])],
     [ ENABLED_QT=$enableval ],
@@ -2145,7 +2228,7 @@ if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
    test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \
    test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \
    test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \
-   test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
+   test "$ENABLED_OPENLDAP" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes" || test "$ENABLED_HITCH" = "yes"
 then
     ENABLED_OPENSSLALL="yes"
 fi
@@ -2274,21 +2357,6 @@ then
     DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
 fi
 
-# lean psk build
-AC_ARG_ENABLE([leanpsk],
-    [AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
-    [ ENABLED_LEANPSK=$enableval ],
-    [ ENABLED_LEANPSK=no ]
-    )
-
-if test "$ENABLED_LEANPSK" = "yes"
-then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
-    ENABLED_SLOWMATH="no"
-    ENABLED_SINGLETHREADED="yes"
-    enable_lowresource=yes
-fi
-
 
 # lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
 AC_ARG_ENABLE([leantls],
@@ -3041,12 +3109,6 @@ do
     ;;
   no)
     ;;
-  zbkb)
-    # PACK, REV8
-    ENABLED_RISCV_ASM=yes
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BIT_MANIPULATION"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BASE_BIT_MANIPULATION"
-    ;;
   zbb)
     # REV8
     ENABLED_RISCV_ASM=yes
@@ -3057,33 +3119,47 @@ do
     ENABLED_RISCV_ASM=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_CARRYLESS"
     ;;
+  zbkb)
+    # PACK, REV8
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BIT_MANIPULATION"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BASE_BIT_MANIPULATION"
+    ;;
+  zbt)
+    # FSL, FSR, FSRI, CMOV, CMIX - QEMU doesn't know about these instructions
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BIT_MANIPULATION_TERNARY"
+    ;;
   zkn|zkned)
-    # AES encrypt/decrpyt
+    # AES encrypt/decrpyt, SHA-2
     ENABLED_RISCV_ASM=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_SCALAR_CRYPTO_ASM"
     ;;
-  zvkg)
-    # VGMUL, VHHSH
+  zv)
     ENABLED_RISCV_ASM=yes
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_GCM"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR"
+    ;;
+  zvbb|zvkb)
+    # VBREV8
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION"
     ;;
   zvbc)
     # VCLMUL, VCLMULH
     ENABLED_RISCV_ASM=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_CARRYLESS"
     ;;
-  zvbb|zvkb)
-    # VBREV8
+  zvkg)
+    # VGMUL, VHHSH
     ENABLED_RISCV_ASM=yes
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_GCM"
     ;;
   zvkned)
-    # Vector AES
+    # Vector AES, SHA-2
     ENABLED_RISCV_ASM=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_CRYPTO_ASM"
     ;;
   *)
-    AC_MSG_ERROR([Invalid RISC-V option [yes,zbkb,zbb,zbc,zbkc,zkn,zkned,zvkg,zvbc,zvbb,zvkb,zvkned]: $ENABLED_RISCV_ASM.])
+    AC_MSG_ERROR([Invalid RISC-V option [yes,zbkb,zbb,zbc,zbkc,zkn,zkned,zv,zvkg,zvbc,zvbb,zvkb,zvkned]: $ENABLED_RISCV_ASM.])
     break
     ;;
   esac
@@ -3551,11 +3627,6 @@ AC_ARG_ENABLE([nullcipher],
     [ ENABLED_NULL_CIPHER=no ]
     )
 
-if test "$ENABLED_OPENSSH" = "yes"
-then
-    ENABLED_NULL_CIPHER="yes"
-fi
-
 if test "$ENABLED_NULL_CIPHER" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
@@ -3742,7 +3813,7 @@ AC_ARG_ENABLE([sessioncerts],
 
 if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
    test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
-   test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes"
+   test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes" || test "x$ENABLED_MOSQUITTO" = "xyes"
 then
     ENABLED_SESSIONCERTS=yes
 fi
@@ -3772,6 +3843,12 @@ then
     ENABLED_KEYGEN=yes
 fi
 
+# ATTRIBUTE CERTIFICATES
+AC_ARG_ENABLE([acert],
+    [AS_HELP_STRING([--enable-acert],[Enable attribute certificate support (default: disabled)])],
+    [ ENABLED_ACERT=$enableval ],
+    [ ENABLED_ACERT=no ]
+    )
 
 # CERT GENERATION
 AC_ARG_ENABLE([certgen],
@@ -4005,7 +4082,8 @@ AC_ARG_ENABLE([compkey],
     [ ENABLED_COMPKEY=no ]
     )
 
-if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_OPENSSLALL" = "yes"
+if (test "$ENABLED_WPAS" = "yes" || test "$ENABLED_OPENSSLALL" = "yes") &&
+   (test "$HAVE_FIPS_VERSION" != "5")
 then
     ENABLED_COMPKEY=yes
 fi
@@ -4226,6 +4304,11 @@ AC_ARG_ENABLE([psk],
     [ ENABLED_PSK=no ]
     )
 
+if test "x$ENABLED_MOSQUITTO" = "xyes"
+then
+    ENABLED_PSK=yes
+fi
+
 # Single PSK identity
 AC_ARG_ENABLE([psk-one-id],
     [AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])],
@@ -4719,45 +4802,6 @@ then
 fi
 
 
-# ASN
-# turn off asn, which means no certs, no rsa, no dsa, no ecc,
-# and no big int (unless dh is on)
-AC_ARG_ENABLE([asn],
-    [AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
-    [ ENABLED_ASN=$enableval ],
-    [ ENABLED_ASN=yes ]
-    )
-
-if test "$ENABLED_ASN" = "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
-    enable_pwdbased=no
-else
-    if test "$ENABLED_ASN" = "template"; then
-        ENABLED_ASN="yes"
-    fi
-    if test "$ENABLED_ASN" = "yes"; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
-    else
-        if test "$ENABLED_ASN" != "original"; then
-            AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.])
-        fi
-    fi
-
-    # turn off ASN if leanpsk on
-    if test "$ENABLED_LEANPSK" = "yes"
-    then
-        AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT"
-        ENABLED_ASN=no
-    else
-        if test "$ENABLED_ASN" = "nocrypt"
-        then
-            AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
-            enable_pwdbased=no
-        fi
-    fi
-fi
-
 if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \
    test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no"
 then
@@ -4769,11 +4813,6 @@ then
     AC_MSG_ERROR([please disable dsa if disabling asn.])
 fi
 
-if test "x$ENABLED_ECC" != "xno" && test "x$ENABLED_ASN" = "xno"
-then
-    AC_MSG_ERROR([please disable ecc if disabling asn.])
-fi
-
 # No Big Int (ASN, DSA, RSA, DH, ECC and compatibility layer need bigint)
 if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \
    test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \
@@ -5206,104 +5245,137 @@ AS_CASE([$FIPS_VERSION],
 # optimizations section
 
 # protocol section
-        AS_IF([test "$ENABLED_WOLFSSH" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_ssh" != "no")],
+        AS_IF([test "$ENABLED_WOLFSSH" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ssh" != "no")],
             [enable_ssh="yes"])
 
-        AS_IF([test "$ENABLED_HKDF" != "yes"],
+        AS_IF([test "$ENABLED_HKDF" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_hkdf" != "no")],
             [ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
 
-        AS_IF([test "x$ENABLED_PWDBASED" = "xno"],
+        AS_IF([test "x$ENABLED_PWDBASED" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_pwdbased" != "no")],
             [ENABLED_PWDBASED="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_PBKDF2 -DHAVE_AESGCM"])
 
-        AS_IF([test "x$ENABLED_SRTP" = "xno"],
+        AS_IF([test "x$ENABLED_SRTP" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_srtp" != "no")],
             [ENABLED_SRTP="yes"])
-        AS_IF([test "x$ENABLED_SRTP_KDF" = "xno"],
+        AS_IF([test "x$ENABLED_SRTP_KDF" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_srtp_kdf" != "no")],
             [ENABLED_SRTP_KDF="yes"])
 
 # public key section
-        AS_IF([test "$ENABLED_KEYGEN" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_keygen" != "no")],
+        AS_IF([test "$ENABLED_KEYGEN" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_keygen" != "no")],
             [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
 
-#        AS_IF([test "$ENABLED_COMPKEY" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_compkey" != "yes")],
+#        AS_IF([test "$ENABLED_COMPKEY" = "yes" &&
+#               (test "$FIPS_VERSION" != "dev" || test "$enable_compkey" != "yes")],
 #            [ENABLED_COMPKEY="yes"])
 
-        AS_IF([test "$ENABLED_RSAPSS" != "yes"],
+        AS_IF([test "$ENABLED_RSAPSS" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_rsapss" != "no")],
             [ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
 
-        AS_IF([test "$ENABLED_ECC" != "yes"],
+        AS_IF([test "$ENABLED_ECC" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ecc" != "no")],
             [ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
              AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes"],
                  [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
 
-        AS_IF([test "x$ENABLED_ED25519" != "xyes"],
+        AS_IF([test "x$ENABLED_ED25519" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ed25519" != "no")],
             [ENABLED_ED25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519 -DHAVE_ED25519_KEY_IMPORT"])
-        AS_IF([test "$ENABLED_CURVE25519" = "no"],
+        AS_IF([test "$ENABLED_CURVE25519" = "no" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_curve25519" != "no")],
             [ENABLED_CURVE25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"])
 
-        AS_IF([test "x$ENABLED_ED448" != "xyes"],
+        AS_IF([test "x$ENABLED_ED448" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ed448" != "no")],
             [ENABLED_ED448="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448 -DHAVE_ED448_KEY_IMPORT"])
-        AS_IF([test "x$ENABLED_CURVE448" != "xyes"],
+        AS_IF([test "x$ENABLED_CURVE448" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_curve448" != "no")],
             [ENABLED_CURVE448="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448"])
 
-        AS_IF([test "x$ENABLED_ED25519_STREAM" != "xyes"],
+        AS_IF([test "x$ENABLED_ED25519_STREAM" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ed25519_stream" != "no")],
             [ENABLED_ED25519_STREAM="yes"])
-        AS_IF([test "x$ENABLED_ED448_STREAM" != "xyes"],
+        AS_IF([test "x$ENABLED_ED448_STREAM" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ed448_stream" != "no")],
             [ENABLED_ED448_STREAM="yes"])
 
-        AS_IF([test "x$ENABLED_ECCCUSTCURVES" != "xno" && test "$FIPS_VERSION" != "dev"],
-            [ENABLED_ECCCUSTCURVES="no"])
+        AS_IF([test "x$ENABLED_ECCCUSTCURVES" != "xno" &&
+               test "$FIPS_VERSION" != "dev"],
+            [AC_MSG_WARN([Forcing off ecccustcurves for FIPS ${FIPS_VERSION}.])
+             ENABLED_ECCCUSTCURVES="no"])
 
 # Hashing section
-        AS_IF([test "x$ENABLED_SHA3" != "xyes"],
+        AS_IF([test "x$ENABLED_SHA3" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_sha3" != "no")],
             [ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"])
 
-        AS_IF([test "$ENABLED_SHA224" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_sha224" != "no")],
+        AS_IF([test "$ENABLED_SHA224" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_sha224" != "no")],
             [ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"])
 
-        AS_IF([test "$ENABLED_SHA512" = "no"],
+        AS_IF([test "$ENABLED_SHA512" = "no" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_sha512" != "no")],
             [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
 
         # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
 
         # Shake128 because we're testing SHAKE256
-        AS_IF([test "x$ENABLED_SHAKE128" = "xno"],
+        AS_IF([test "x$ENABLED_SHAKE128" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_shake128" != "no")],
             [ENABLED_SHAKE128="yes"])
 
         # Shake256 mandated for ED448
-        AS_IF([test "x$ENABLED_SHAKE256" = "xno"],
+        AS_IF([test "x$ENABLED_SHAKE256" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_shake256" != "no")],
             [ENABLED_SHAKE256="yes"])
 
 # Aes section
-        AS_IF([test "$ENABLED_AESCCM" != "yes"],
+        AS_IF([test "$ENABLED_AESCCM" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesccm" != "no")],
             [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
 
-        AS_IF([test "$ENABLED_AESCTR" != "yes"],
+        AS_IF([test "$ENABLED_AESCTR" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesctr" != "no")],
             [ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
 
-        AS_IF([test "$ENABLED_CMAC" != "yes"],
+        AS_IF([test "$ENABLED_CMAC" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_cmac" != "no")],
             [ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
 
-        AS_IF([test "$ENABLED_AESGCM" = "no"],
+        AS_IF([test "$ENABLED_AESGCM" = "no" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")],
             [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
 
         # AES-GCM streaming is part of the v6 FIPS suite, but isn't implemented
         # for armasm on arm-v7 or earlier (see armasm setup above).
-        AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" && ! (test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ARMASM_CRYPTO" = "no")],
+        AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "no") &&
+               ! (test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ARMASM_CRYPTO" = "no")],
             [ENABLED_AESGCM_STREAM="yes"])
 
-        AS_IF([test "x$ENABLED_AESOFB" = "xno"],
+        AS_IF([test "x$ENABLED_AESOFB" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesofb" != "no")],
             [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])
 
-        AS_IF([test "x$ENABLED_AESCFB" = "xno"],
+        AS_IF([test "x$ENABLED_AESCFB" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aescfb" != "no")],
             [ENABLED_AESCFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"])
 
-        AS_IF([test "x$ENABLED_AESXTS" = "xno"],
+        AS_IF([test "x$ENABLED_AESXTS" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts" != "no")],
             [ENABLED_AESXTS="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS"])
         AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
             [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
 
-        AS_IF([test "x$ENABLED_AESXTS_STREAM" = "xno" && ! (test "$ENABLED_ARMASM" = "yes" || test "$ENABLED_ARMASM_CRYPTO" = "no")],
+        AS_IF([test "x$ENABLED_AESXTS_STREAM" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts_stream" != "no") &&
+               ! (test "$ENABLED_ARMASM" = "yes" || test "$ENABLED_ARMASM_CRYPTO" = "no")],
             [ENABLED_AESXTS_STREAM="yes"])
 
         AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") ||
@@ -5312,12 +5384,14 @@ AS_CASE([$FIPS_VERSION],
                (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes")],
             [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
 
-        AS_IF([test "x$ENABLED_AESKEYWRAP" != "xyes"],
+        AS_IF([test "x$ENABLED_AESKEYWRAP" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aeskeywrap" != "no")],
             [ENABLED_AESKEYWRAP="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP"])
 
 # Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
         AS_IF([test "$ENABLED_OLD_TLS" != "no"],
-            [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
+            [AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
+             ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
 
     ],
     [v5*], [ # FIPS 140-3
@@ -5355,76 +5429,111 @@ AS_CASE([$FIPS_VERSION],
 
         # force various features to FIPS 140-3 defaults, unless overridden with dev:
 
-        AS_IF([test "$ENABLED_KEYGEN" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_keygen" != "no")],
+        AS_IF([test "$ENABLED_KEYGEN" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_keygen" != "no")],
             [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
 
-        AS_IF([test "$ENABLED_COMPKEY" = "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_compkey" != "yes")],
-            [ENABLED_COMPKEY="no"])
+        AS_IF([test "$ENABLED_COMPKEY" = "yes" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_compkey" = "yes")],
+            [AC_MSG_WARN([Forcing off compkey for FIPS ${FIPS_VERSION}.])
+             ENABLED_COMPKEY="no"])
 
-        AS_IF([test "$ENABLED_SHA224" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha224" != "no")],
+        AS_IF([test "$ENABLED_SHA224" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha224" != "no")],
             [ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"])
 
-        AS_IF([test "$ENABLED_SHA3" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha3" != "no")],
+        AS_IF([test "$ENABLED_SHA3" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha3" != "no")],
             [ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"])
 
-        AS_IF([test "$ENABLED_WOLFSSH" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ssh" != "no")],
+        AS_IF([test "$ENABLED_WOLFSSH" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ssh" != "no")],
             [enable_ssh="yes"])
 
         # Shake128 is a SHA-3 algorithm outside the v5 FIPS algorithm list
-        AS_IF([test "$ENABLED_SHAKE128" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake128" != "yes")],
-            [ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"])
+        AS_IF([test "$ENABLED_SHAKE128" != "no" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake128" = "yes")],
+            [AC_MSG_WARN([Forcing off shake128 for FIPS ${FIPS_VERSION}.])
+             ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"])
 
         # Shake256 is a SHA-3 algorithm outside the v5 FIPS algorithm list
-        AS_IF([test "$ENABLED_SHAKE256" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake256" != "yes")],
-            [ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"])
+        AS_IF([test "$ENABLED_SHAKE256" != "no" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake256" = "yes")],
+            [AC_MSG_WARN([Forcing off shake256 for FIPS ${FIPS_VERSION}.])
+             ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"])
 
         # SHA512-224 and SHA512-256 are SHA-2 algorithms outside the v5 FIPS algorithm list
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
 
-        AS_IF([test "$ENABLED_AESCCM" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesccm" != "no")],
+        AS_IF([test "$ENABLED_AESCCM" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesccm" != "no")],
             [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
 
-        AS_IF([test "$ENABLED_AESXTS" = "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesxts" != "yes")],
-            [ENABLED_AESXTS="no"])
+        AS_IF([test "$ENABLED_AESXTS" = "yes" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesxts" = "yes")],
+            [AC_MSG_WARN([Forcing off aesxts for FIPS ${FIPS_VERSION}.])
+             ENABLED_AESXTS="no"])
 
-        AS_IF([test "$ENABLED_RSAPSS" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_rsapss" != "no")],
+        AS_IF([test "$ENABLED_RSAPSS" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_rsapss" != "no")],
             [ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
 
-        AS_IF([test "$ENABLED_ECC" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ecc" != "no")],
+        AS_IF([test "$ENABLED_ECC" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ecc" != "no")],
             [ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
-             AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_eccshamir" != "no")],
+             AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes" &&
+                    (test "$FIPS_VERSION" != "v5-dev" || test "$enable_eccshamir" != "no")],
                  [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
 
-        AS_IF([test "$ENABLED_AESCTR" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesctr" != "no")],
+        AS_IF([test "$ENABLED_AESCTR" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesctr" != "no")],
             [ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
 
-        AS_IF([test "$ENABLED_CMAC" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_cmac" != "no")],
+        AS_IF([test "$ENABLED_CMAC" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_cmac" != "no")],
             [ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
 
-        AS_IF([test "$ENABLED_HKDF" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_hkdf" != "no")],
+        AS_IF([test "$ENABLED_HKDF" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_hkdf" != "no")],
             [ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
 
         AS_IF([test "$ENABLED_INTELASM" = "yes"],
             [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
 
-        AS_IF([test "$ENABLED_SHA512" = "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha512" != "no")],
+        AS_IF([test "$ENABLED_SHA512" = "no" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha512" != "no")],
             [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
 
-        AS_IF([test "$ENABLED_AESGCM" = "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm" != "no")],
+        AS_IF([test "$ENABLED_AESGCM" = "no" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm" != "no")],
             [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
 
         # AES-GCM streaming isn't part of the v5 FIPS suite.
-        AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm_stream" != "yes")],
-            [ENABLED_AESGCM_STREAM="no"])
+        AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesgcm_stream" = "yes")],
+            [AC_MSG_WARN([Forcing off aesgcm-stream for FIPS ${FIPS_VERSION}.])
+             ENABLED_AESGCM_STREAM="no"])
 
         # Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
         AS_IF([test "$ENABLED_OLD_TLS" != "no"],
-            [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
+            [AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
+             ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
 
         AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2],
-            [AS_IF([test "x$ENABLED_AESOFB" = "xno" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")],
+            [AS_IF([test "x$ENABLED_AESOFB" = "xno" &&
+                    (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")],
                 [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])])
 
+        AS_IF([test "$ENABLED_SRTP" != "no" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp" = "yes")],
+            [AC_MSG_WARN([Forcing off srtp for FIPS ${FIPS_VERSION}.])
+             ENABLED_SRTP="no"])
+
+        AS_IF([test "$ENABLED_SRTP_KDF" != "no" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp_kdf" = "yes")],
+            [AC_MSG_WARN([Forcing off srtp-kdf for FIPS ${FIPS_VERSION}.])
+             ENABLED_SRTP_KDF="no"])
+
         AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") ||
                (test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") ||
                (test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") ||
@@ -5851,7 +5960,8 @@ fi
 
 
 # OCSP
-if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
+if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \
+   test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_MOSQUITTO" = "xyes"
 then
     test "$enable_ocsp" = "" && enable_ocsp=yes
 fi
@@ -5883,7 +5993,9 @@ AC_ARG_ENABLE([ocspstapling],
     [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
     )
 
-if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
+if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || \
+   test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || \
+   test "x$ENABLED_MOSQUITTO" = "xyes"
 then
     ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
 fi
@@ -5931,9 +6043,11 @@ AC_ARG_ENABLE([crl],
     [ ENABLED_CRL=no ]
     )
 
-if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
-   test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
-   test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes"
+if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || \
+   test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" ||  \
+   test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
+   test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes" || \
+   test "x$ENABLED_MOSQUITTO" = "xyes"
 then
     ENABLED_CRL=yes
 fi
@@ -8326,7 +8440,7 @@ then
 
     if test "x$ENABLED_HEAPMATH" = "xyes"
     then
-        AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.])
+        AC_MSG_ERROR([--enable-heapmath is incompatible with --enable-staticmemory.])
     fi
     if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_RSA" = "no"
     then
@@ -8385,6 +8499,19 @@ AC_ARG_ENABLE([cryptocb],
     [ ENABLED_CRYPTOCB=no ]
     )
 
+# Enable testing of cryptoCb using software crypto. On platforms where wolfCrypt tests
+# are used to test a custom cryptoCb, it may be desired to disable this so wolfCrypt tests
+# don't also test software implementations of every algorithm
+AC_ARG_ENABLE([cryptocb-sw-test],
+    [AS_HELP_STRING([--disable-cryptocb-sw-test],[Disable wolfCrypt crypto callback tests using software crypto (default: enabled). Only valid with --enable-cryptocb])],
+    [ if test "x$ENABLED_CRYPTOCB" = "xno"; then
+          AC_MSG_ERROR([--disable-cryptocb-sw-test requires --enable-cryptocb])
+      else
+          ENABLED_CRYPTOCB_SW_TEST=$enableval
+      fi ],
+    [ ENABLED_CRYPTOCB_SW_TEST=yes ]
+    )
+
 if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" != "no"
 then
     ENABLED_CRYPTOCB=yes
@@ -8394,6 +8521,11 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB"
 fi
 
+if test "$ENABLED_CRYPTOCB_SW_TEST" = "no"
+then
+        AM_CFLAGS="$AM_CFLAGS -DWC_TEST_NO_CRYPTOCB_SW_TEST"
+fi
+
 
 
 # Asynchronous Crypto
@@ -8773,7 +8905,7 @@ fi
 # determine if we have key validation mechanism
 if test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_RSA" = "xyes"
 then
-    if test "x$ENABLED_ASN" = "xyes"
+    if test "$ENABLED_ASN" != "no" && test "$ENABLED_ASN" != "nocrypt"
     then
         ENABLED_PKI="yes"
     fi
@@ -8947,7 +9079,7 @@ if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \
    test "$ENABLED_LIBWEBSOCKETS" = "yes" || \
    test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \
    test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" || \
-   test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
+   test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes"
 then
     ENABLED_OPENSSLEXTRA="yes"
 fi
@@ -9114,6 +9246,9 @@ AS_IF([test "x$ENABLED_ALTNAMES" = "xyes"],
 AS_IF([test "x$ENABLED_KEYGEN" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
 
+AS_IF([test "x$ENABLED_ACERT" = "xyes"],
+      [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ACERT"])
+
 AS_IF([test "x$ENABLED_CERTREQ" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"])
 
@@ -9139,6 +9274,8 @@ AS_IF([test "x$ENABLED_STRONGSWAN" = "xyes"],
 
 AS_IF([test "x$ENABLED_OPENLDAP" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"])
 
+AS_IF([test "x$ENABLED_MOSQUITTO" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"])
+
 if test "$ENABLED_ED25519_STREAM" != "no" && test "$ENABLED_SE050" != "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY"
@@ -9321,7 +9458,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
     AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
-    AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=192"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFENGINE"
 fi
 
 if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "no"
@@ -9702,7 +9839,7 @@ AM_CONDITIONAL([BUILD_FASTMATH],[test "x$ENABLED_FASTMATH" = "xyes" || test "x$E
 AM_CONDITIONAL([BUILD_HEAPMATH],[test "x$ENABLED_HEAPMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
 AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
-AM_CONDITIONAL([BUILD_EXAMPLE_ASN1],[test "x$ENABLED_EXAMPLES" = "xyes"] && [test "x$ENABLED_ASN_PRINT" = "xyes"] && [test "x$ENABLED_ASN" = "xyes"])
+AM_CONDITIONAL([BUILD_EXAMPLE_ASN1],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_ASN_PRINT" = "xyes" && test "$ENABLED_ASN" != "no"])
 AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
 AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
 AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"])
@@ -9816,7 +9953,7 @@ AX_AM_JOBSERVER([yes])
 
 # See Automake 9.4.1 Built Sources Example
 AC_DEFUN([AX_OUT_OF_TREE_FILE],[
-  AC_CONFIG_COMMANDS([$1], [test ! -f $srcdir/$1 && >> $srcdir/$1])
+  AC_CONFIG_COMMANDS([$1], [test ! -f $srcdir/$1 && echo -n >> $srcdir/$1])
 ])
 
 AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/async.h])
@@ -9948,7 +10085,7 @@ echo "" >> $OPTION_FILE
 echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
 echo "" >> $OPTION_FILE
 
-if test "$ENABLED_DEBUG_TRACE_ERRCODES" = "yes"
+if test "$ENABLED_DEBUG_TRACE_ERRCODES" != "no"
 then
     support/gen-debug-trace-error-codes.sh || AC_MSG_ERROR([Header generation for debug-trace-errcodes failed.])
 fi
@@ -10103,6 +10240,7 @@ echo "   * BLAKE2S:                    $ENABLED_BLAKE2S"
 echo "   * SipHash:                    $ENABLED_SIPHASH"
 echo "   * CMAC:                       $ENABLED_CMAC"
 echo "   * keygen:                     $ENABLED_KEYGEN"
+echo "   * acert:                      $ENABLED_ACERT"
 echo "   * certgen:                    $ENABLED_CERTGEN"
 echo "   * certreq:                    $ENABLED_CERTREQ"
 echo "   * certext:                    $ENABLED_CERTEXT"
@@ -10181,6 +10319,7 @@ echo "   * strongSwan:                 $ENABLED_STRONGSWAN"
 echo "   * OpenLDAP:                   $ENABLED_OPENLDAP"
 echo "   * hitch:                      $ENABLED_HITCH"
 echo "   * memcached:                  $ENABLED_MEMCACHED"
+echo "   * Mosquitto                   $ENABLED_MOSQUITTO"
 echo "   * ERROR_STRINGS:              $ENABLED_ERROR_STRINGS"
 echo "   * DTLS:                       $ENABLED_DTLS"
 echo "   * DTLS v1.3:                  $ENABLED_DTLS13"
@@ -10295,7 +10434,7 @@ fi # $silent != yes
 
 if test "$ENABLED_ASYNCCRYPT" = "yes" && ! test -s $srcdir/wolfcrypt/src/async.c
 then
-    AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.])
+    AC_MSG_WARN([Make sure real async files are loaded. See async-check.sh or the wolfssl/wolfAsyncCrypt GitHub repo.])
 fi
 
 # MinGW static vs shared library
@@ -10322,3 +10461,10 @@ if test -n "$WITH_MAX_ECC_BITS"; then
     fi
 fi
 
+if test "$silent" != "yes"; then
+
+echo "---"
+echo "Note: Make sure your application includes \"wolfssl/options.h\" before any other wolfSSL headers."
+echo "      You can define \"WOLFSSL_USE_OPTIONS_H\" in your application to include this automatically."
+
+fi
diff --git a/doc/QUIC.md b/doc/QUIC.md
index 3ab3f8de1f..e0de42589f 100644
--- a/doc/QUIC.md
+++ b/doc/QUIC.md
@@ -8,7 +8,7 @@ TLS works on top of the Internet's TCP protocol stack. The TCP is shipped as par
 and accessible via system calls and APIs. TCP itself is not secured by TLS, only the data sent via it is
 protected. TCP does not have to know anything about TLS.
 
-QUIC, on the other hand, is always protected by TLS. A QUIC implementation does always need an 
+QUIC, on the other hand, is always protected by TLS. A QUIC implementation does always need an
 implementation of the TLS protocol, specifically TLSv1.3. It does this in new ways and TLS
 implementations need to accommodate these. Those specifics have been added to wolfSSL.
 
@@ -51,13 +51,13 @@ The above configuration has also been added to [curl](https://github.com/curl/cu
 
 ### why?
 
-Why all these different blocks? 
+Why all these different blocks?
 
 The separation of HTTP/3 and QUIC is natural when you think about the relationship between TCP and HTTP/1.1. Like TCP, QUIC can and will carry other protocols. HTTP/3 is only the first one. Most likely 'DNS over QUIC' (DoQ) is the next popular, replacing DoH.
 
 The separation of QUIC's "crypto" parts from its other protocol enabling functions is a matter of security. In its experimental beginnings, QUIC had its own security design. With the emerging TLSv1.3 and all it improvements, plus decades of experience, it seemed rather unwise to have something separate in QUIC.
 
-Therefore, the complete TLSv1.3 handshake became part of the QUIC protocol, with some restrictions and simplifications (UDP based QUIC does not accommodate broken TCP middle boxes). With the need for a complete TLSv1.3 stack, QUIC implementers happily make use of existing TLS libraries. 
+Therefore, the complete TLSv1.3 handshake became part of the QUIC protocol, with some restrictions and simplifications (UDP based QUIC does not accommodate broken TCP middle boxes). With the need for a complete TLSv1.3 stack, QUIC implementers happily make use of existing TLS libraries.
 
 ## wolfSSL API
 
@@ -76,7 +76,7 @@ A QUIC protocol handler installs these via `wolfSSL_CTX_set_quic_method()` or `w
 
 ```
   DATA ---recv+decrypt---+
-                         v 
+                         v
             wolfSSL_provide_quic_data(ssl, ...)
             wolfSSL_do_handshake(ssl);
                   +-> add_handshake_data_callback(REPLY)
diff --git a/doc/dox_comments/header_files-ja/arc4.h b/doc/dox_comments/header_files-ja/arc4.h
index bf3f8151fa..4c1e6ee91e 100644
--- a/doc/dox_comments/header_files-ja/arc4.h
+++ b/doc/dox_comments/header_files-ja/arc4.h
@@ -1,7 +1,7 @@
 /*!
-    \ingroup ARC4 
+    \ingroup ARC4
     \brief  この関数は、バッファ内の入力メッセージを暗号化し、出力バッファーに暗号文を配置するか、またはバッファーから暗号文を復号化したり、ARC4暗号化を使用して、出力バッファーOUTを出力したりします。この関数は暗号化と復号化の両方に使用されます。この方法が呼び出される可能性がある場合は、まずWC_ARC4SETKEYを使用してARC4構造を初期化する必要があります。
-    \return none 
+    \return none
     \param arc4  メッセージの処理に使用されるARC4構造へのポインタ
     \param out  処理されたメッセージを保存する出力バッファへのポインタ
     \param in  プロセスするメッセージを含む入力バッファへのポインタ
@@ -24,9 +24,9 @@
 int wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length);
 
 /*!
-    \ingroup ARC4 
+    \ingroup ARC4
     \brief  この関数はARC4オブジェクトのキーを設定し、それを暗号として使用するために初期化します。WC_ARC4PROCESSを使用した暗号化に使用する前に呼び出される必要があります。
-    \return none 
+    \return none
     \param arc4  暗号化に使用されるARC4構造へのポインタ
     \param key  ARC4構造を初期化するためのキー
     _Example_
diff --git a/doc/dox_comments/header_files-ja/asn_public.h b/doc/dox_comments/header_files-ja/asn_public.h
index 164108fe46..0cade01b46 100644
--- a/doc/dox_comments/header_files-ja/asn_public.h
+++ b/doc/dox_comments/header_files-ja/asn_public.h
@@ -1870,7 +1870,7 @@ int wc_Asn1PrintOptions_Init(Asn1PrintOptions* opts);
     \return  0 成功時に返します。
     \return  BAD_FUNC_ARG asn1がNULLの場合に返されます。
     \return  BAD_FUNC_ARG valが範囲外の場合に返されます。
- 
+
     \param opts  Asn1PrintOptions構造体へのポインタ
     \param opt   設定する情報へのポインタ
     \param val   設定値
diff --git a/doc/dox_comments/header_files-ja/blake2.h b/doc/dox_comments/header_files-ja/blake2.h
index 61dad75a59..3e5f976011 100644
--- a/doc/dox_comments/header_files-ja/blake2.h
+++ b/doc/dox_comments/header_files-ja/blake2.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup BLAKE2 
+    \ingroup BLAKE2
     \brief  この関数はBlake2 Hash関数で使用するためのBlake2b構造を初期化します。
     \return 0  Blake2B構造の初期化に成功し、ダイジェストサイズを設定したときに返されます。
     \param b2b  初期化するためにBlake2b構造へのポインタ
@@ -14,7 +14,7 @@
 int wc_InitBlake2b(Blake2b* b2b, word32 digestSz);
 
 /*!
-    \ingroup BLAKE2 
+    \ingroup BLAKE2
     \brief  この関数は、与えられた入力データとBlake2Bハッシュを更新します。この関数は、wc_initblake2bの後に呼び出され、最後のハッシュ：wc_blake2bfinalの準備ができているまで繰り返します。
     \return 0  与えられたデータを使用してBlake2B構造を正常に更新すると返されます。
     \return -1  入力データの圧縮中に障害が発生した場合
@@ -40,7 +40,7 @@ int wc_InitBlake2b(Blake2b* b2b, word32 digestSz);
 int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz);
 
 /*!
-    \ingroup BLAKE2 
+    \ingroup BLAKE2
     \brief  この関数は、以前に供給された入力データのBlake2bハッシュを計算します。出力ハッシュは長さREQUESTSZ、あるいは要求された場合はB2B構造のDigestSZを使用します。この関数は、wc_initblake2bの後に呼び出され、wc_blake2bupdateは必要な各入力データに対して処理されています。
     \return 0  Blake2B Hashの計算に成功したときに返されました
     \return -1  blake2bハッシュを解析している間に失敗がある場合
diff --git a/doc/dox_comments/header_files-ja/bn.h b/doc/dox_comments/header_files-ja/bn.h
index 30afb2b4d9..eb2749a42a 100644
--- a/doc/dox_comments/header_files-ja/bn.h
+++ b/doc/dox_comments/header_files-ja/bn.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  この関数は、次の数学「R =（A ^ P）％M」を実行します。
     \return SSL_SUCCESS  数学操作をうまく実行します。
     \return SSL_FAILURE  エラーケースに遭遇した場合
diff --git a/doc/dox_comments/header_files-ja/camellia.h b/doc/dox_comments/header_files-ja/camellia.h
index 5371a79ed5..c07af016de 100644
--- a/doc/dox_comments/header_files-ja/camellia.h
+++ b/doc/dox_comments/header_files-ja/camellia.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この関数は、Camelliaオブジェクトのキーと初期化ベクトルを設定し、それを暗号として使用するために初期化します。
     \return 0  キーと初期化ベクトルを正常に設定すると返されます
     \return BAD_FUNC_ARG  入力引数の1つがエラー処理がある場合に返されます
@@ -27,7 +27,7 @@ int  wc_CamelliaSetKey(Camellia* cam,
                                    const byte* key, word32 len, const byte* iv);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この関数は、Camelliaオブジェクトの初期化ベクトルを設定します。
     \return 0  キーと初期化ベクトルを正常に設定すると返されます
     \return BAD_FUNC_ARG  入力引数の1つがエラー処理がある場合に返されます
@@ -46,7 +46,7 @@ int  wc_CamelliaSetKey(Camellia* cam,
 int  wc_CamelliaSetIV(Camellia* cam, const byte* iv);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この機能は、提供されたCamelliaオブジェクトを使用して1ブロック暗号化します。それはバッファーの最初の16バイトブロックを解析し、暗号化結果をバッファアウトに格納します。この機能を使用する前に、WC_CAMELLIASETKEYを使用してCamelliaオブジェクトを初期化する必要があります。
     \return none  いいえ返します。
     \param cam  暗号化に使用する椿構造へのポインタ
@@ -66,7 +66,7 @@ int  wc_CamelliaEncryptDirect(Camellia* cam, byte* out,
                                                                 const byte* in);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この機能は、提供されたCamelliaオブジェクトを使用して1ブロック復号化します。それはバッファ内の最初の16バイトブロックを解析し、それを復号化し、結果をバッファアウトに格納します。この機能を使用する前に、WC_CAMELLIASETKEYを使用してCamelliaオブジェクトを初期化する必要があります。
     \return none  いいえ返します。
     \param cam  暗号化に使用する椿構造へのポインタ
@@ -86,7 +86,7 @@ int  wc_CamelliaDecryptDirect(Camellia* cam, byte* out,
                                                                 const byte* in);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この関数は、バッファーの平文を暗号化し、その出力をバッファOUTに格納します。暗号ブロックチェーン（CBC）を使用してCamelliaを使用してこの暗号化を実行します。
     \return none  いいえ返します。
     \param cam  暗号化に使用する椿構造へのポインタ
@@ -107,7 +107,7 @@ int wc_CamelliaCbcEncrypt(Camellia* cam,
                                           byte* out, const byte* in, word32 sz);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この関数は、バッファ内の暗号文を復号化し、その出力をバッファOUTに格納します。暗号ブロックチェーン（CBC）を搭載したCamelliaを使用してこの復号化を実行します。
     \return none  いいえ返します。
     \param cam  暗号化に使用する椿構造へのポインタ
diff --git a/doc/dox_comments/header_files-ja/chacha.h b/doc/dox_comments/header_files-ja/chacha.h
index 171256ea2c..dea2a6cc55 100644
--- a/doc/dox_comments/header_files-ja/chacha.h
+++ b/doc/dox_comments/header_files-ja/chacha.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup ChaCha 
+    \ingroup ChaCha
     \brief  この関数はChachaオブジェクトの初期化ベクトル（nonce）を設定し、暗号として使用するために初期化します。WC_CHACHA_SETKEYを使用して、キーが設定された後に呼び出されるべきです。暗号化の各ラウンドに差し違いを使用する必要があります。
     \return 0  初期化ベクトルを正常に設定すると返されます
     \return BAD_FUNC_ARG  CTX入力引数の処理中にエラーが発生した場合
@@ -21,7 +21,7 @@
 int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
 
 /*!
-    \ingroup ChaCha 
+    \ingroup ChaCha
     \brief  この関数は、バッファ入力からテキストを処理し、暗号化または復号化し、結果をバッファ出力に格納します。
     \return 0  入力の暗号化または復号化に成功したときに返されます
     \return BAD_FUNC_ARG  CTX入力引数の処理中にエラーが発生した場合
@@ -46,7 +46,7 @@ int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
                               word32 msglen);
 
 /*!
-    \ingroup ChaCha 
+    \ingroup ChaCha
     \brief  この関数はChachaオブジェクトのキーを設定し、それを暗号として使用するために初期化します。NONCEをWC_CHACHA_SETIVで設定する前に、WC_CHACHA_PROCESSを使用した暗号化に使用する前に呼び出す必要があります。
     \return 0  キーの設定に成功したときに返されます
     \return BAD_FUNC_ARG  CTX入力引数の処理中にエラーが発生した場合、またはキーが16または32バイトの長さがある場合
diff --git a/doc/dox_comments/header_files-ja/cmac.h b/doc/dox_comments/header_files-ja/cmac.h
index 6dc1dc9d63..401949a03f 100644
--- a/doc/dox_comments/header_files-ja/cmac.h
+++ b/doc/dox_comments/header_files-ja/cmac.h
@@ -204,4 +204,4 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
      ret = wc_CMAC_Grow(cmac、in、inSz)
      \endcode
 */
-int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
\ No newline at end of file
+int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
diff --git a/doc/dox_comments/header_files-ja/coding.h b/doc/dox_comments/header_files-ja/coding.h
index 7205bd0bd2..2abcf32488 100644
--- a/doc/dox_comments/header_files-ja/coding.h
+++ b/doc/dox_comments/header_files-ja/coding.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  この機能は、与えられたBASS64符号化入力、IN、および出力バッファを出力バッファOUTに格納します。また、変数outlen内の出力バッファに書き込まれたサイズも設定します。
     \return 0  Base64エンコード入力の復号化に成功したときに返されます
     \return BAD_FUNC_ARG  復号化された入力を保存するには、出力バッファが小さすぎる場合は返されます。
@@ -26,7 +26,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out,
                                word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  この機能は与えられた入力を符号化し、符号化結果を出力バッファOUTに格納します。エスケープ％0A行末の代わりに、従来の '\ N'行の終わりを持つデータを書き込みます。正常に完了すると、この機能はまた、出力バッファに書き込まれたバイト数に統一されます。
     \return 0  Base64エンコード入力の復号化に成功したときに返されます
     \return BAD_FUNC_ARG  出力バッファが小さすぎてエンコードされた入力を保存する場合は返されます。
@@ -53,7 +53,7 @@ int Base64_Encode(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  この機能は与えられた入力を符号化し、符号化結果を出力バッファOUTに格納します。それは '\ n "行の終わりではなく、％0aエスケープ行の終わりを持つデータを書き込みます。正常に完了すると、この機能はまた、出力バッファに書き込まれたバイト数に統一されます。
     \return 0  Base64エンコード入力の復号化に成功したときに返されます
     \return BAD_FUNC_ARG  出力バッファが小さすぎてエンコードされた入力を保存する場合は返されます。
@@ -80,7 +80,7 @@ int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  この機能は与えられた入力を符号化し、符号化結果を出力バッファOUTに格納します。それは新しい行なしでデータを書き込みます。正常に完了すると、この関数はまた、出力バッファに書き込まれたバイト数に統一されたものを設定します
     \return 0  Base64エンコード入力の復号化に成功したときに返されます
     \return BAD_FUNC_ARG  出力バッファが小さすぎてエンコードされた入力を保存する場合は返されます。
@@ -106,7 +106,7 @@ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  この機能は、与えられたBASE16符号化入力、IN、および出力バッファへの結果を記憶する。また、変数outlen内の出力バッファに書き込まれたサイズも設定します。
     \return 0  Base16エンコード入力の復号にうまく復号化したときに返されます
     \return BAD_FUNC_ARG  出力バッファが復号化された入力を保存するにも小さすぎる場合、または入力長が2つの倍数でない場合に返されます。
@@ -132,7 +132,7 @@ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
 int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  BASE16出力へのエンコード入力。
     \return 0  成功
     \return BAD_FUNC_ARG  IN、OUT、またはoutlenがNULLの場合、またはoutlenがInlen Plus 1を超えている場合は返します。
diff --git a/doc/dox_comments/header_files-ja/compress.h b/doc/dox_comments/header_files-ja/compress.h
index aee9fed37b..a522652033 100644
--- a/doc/dox_comments/header_files-ja/compress.h
+++ b/doc/dox_comments/header_files-ja/compress.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Compression 
+    \ingroup Compression
     \brief  この関数は、ハフマン符号化を用いて与えられた入力データを圧縮し、出力をOUTに格納する。出力バッファは、圧縮が可能でないことが存在するため、出力バッファが入力バッファよりも大きいはずです。これはまだルックアップテーブルを必要とします。出力バッファに対してSRCSZ + 0.1％+ 12を割り当てることをお勧めします。
     \return On  入力データの圧縮に成功し、出力バッファに格納されているバイト数を返します。
     \return COMPRESS_INIT_E  圧縮のためにストリームの初期化中にエラーがある場合
@@ -24,7 +24,7 @@
 int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 flags);
 
 /*!
-    \ingroup Compression 
+    \ingroup Compression
     \brief  この関数は、ハフマン符号化を用いて所定の圧縮データを解凍し、出力をOUTに格納する。
     \return Success  入力データの解凍に成功した場合は、出力バッファに格納されているバイト数を返します。
     \return COMPRESS_INIT_E:  圧縮のためにストリームの初期化中にエラーがある場合
diff --git a/doc/dox_comments/header_files-ja/cryptocb.h b/doc/dox_comments/header_files-ja/cryptocb.h
index 24ee2233e2..3b8e3dbd93 100644
--- a/doc/dox_comments/header_files-ja/cryptocb.h
+++ b/doc/dox_comments/header_files-ja/cryptocb.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup CryptoCb 
+    \ingroup CryptoCb
     \brief  この関数は、Crypto Operationsをキーストア、Secure Element、HSM、PKCS11またはTPMなどの外部ハードウェアにオフロードするための固有のデバイス識別子（DEVID）とコールバック関数を登録します。CryptoコールバックのSTSAFEの場合は、wolfcrypt / src / port / st / stsafe.cとwolfssl_stsafe_cryptodevcb関数を参照してください。TPMベースのCryptoコールバックの例では、wolftpm src / tpm2_wrap.cのwolftpm2_cryptodevcb関数を参照してください。
     \return CRYPTOCB_UNAVAILABLE  ソフトウェア暗号を使用するためにフォールバックする
     \return 0  成功のために
@@ -73,7 +73,7 @@
 int  wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
 
 /*!
-    \ingroup CryptoCb 
+    \ingroup CryptoCb
     \brief  この関数は、固有のデバイス識別子（devid）コールバック関数を除外します。
     \return none  いいえ返します。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/curve25519.h b/doc/dox_comments/header_files-ja/curve25519.h
index 5ddc615a9e..7f7150327c 100644
--- a/doc/dox_comments/header_files-ja/curve25519.h
+++ b/doc/dox_comments/header_files-ja/curve25519.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、与えられたサイズ（Keysize）の指定された乱数発生器RNGを使用してCurve25519キーを生成し、それを指定されたCurve25519_Key構造体に格納します。キー構造がWC_CURVE25519_INIT（）を介して初期化された後に呼び出されるべきです。
     \return 0  キーの生成に成功し、それを指定されたCurve25519_Key構造体に格納します。
     \return ECC_BAD_ARG_E  入力キーサイズがCurve25519キー（32バイト）のキーシェイズに対応していない場合は返されます。
@@ -27,7 +27,7 @@
 int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、秘密の秘密鍵と受信した公開鍵を考えると、共有秘密鍵を計算します。生成された秘密鍵をバッファアウトに保存し、ounlentの秘密鍵の変数を割り当てます。ビッグエンディアンのみをサポートします。
     \return 0  共有秘密鍵を正常に計算したときに返されました。
     \return BAD_FUNC_ARG  渡された入力パラメータのいずれかがNULLの場合に返されます。
@@ -59,7 +59,7 @@ int wc_curve25519_shared_secret(curve25519_key* private_key,
                                 byte* out, word32* outlen);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、秘密の秘密鍵と受信した公開鍵を考えると、共有秘密鍵を計算します。生成された秘密鍵をバッファアウトに保存し、ounlentの秘密鍵の変数を割り当てます。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  共有秘密鍵を正常に計算したときに返されました。
     \return BAD_FUNC_ARG  渡された入力パラメータのいずれかがNULLの場合に返されます。
@@ -94,7 +94,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
                                    byte* out, word32* outlen, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数はCurve25519キーを初期化します。構造のキーを生成する前に呼び出されるべきです。
     \return 0  Curve25519_Key構造体の初期化に成功しました。
     \return BAD_FUNC_ARG  キーがNULLのときに返されます。
@@ -110,7 +110,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
 int wc_curve25519_init(curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数はCurve25519オブジェクトを解放します。
     _Example_
     \code
@@ -125,7 +125,7 @@ int wc_curve25519_init(curve25519_key* key);
 void wc_curve25519_free(curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数はCurve25519秘密鍵のみをインポートします。（ビッグエンディアン）。
     \return 0  秘密鍵のインポートに成功しました。
     \return BAD_FUNC_ARG  キーまたはPRIVがNULLの場合は返します。
@@ -153,7 +153,7 @@ int wc_curve25519_import_private(const byte* priv, word32 privSz,
                                  curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  CURVE25519秘密鍵のインポートのみ。（大きなエンディアン）。
     \return 0  秘密鍵のインポートに成功しました。
     \return BAD_FUNC_ARG  キーまたはPRIVがNULLの場合は返します。
@@ -184,7 +184,7 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
                                     curve25519_key* key, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、パブリック秘密鍵ペアをCurve25519_Key構造体にインポートします。ビッグエンディアンのみ。
     \return 0  Curve25519_Key構造体へのインポートに返されます
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLの場合に返します。
@@ -221,7 +221,7 @@ int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
                             const byte* pub, word32 pubSz, curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、パブリック秘密鍵ペアをCurve25519_Key構造体にインポートします。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  Curve25519_Key構造体へのインポートに返されます
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLの場合に返します。
@@ -260,7 +260,7 @@ int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz,
                                         curve25519_key* key, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数はCurve25519_Key構造体から秘密鍵をエクスポートし、それを指定されたアウトバッファに格納します。また、エクスポートされたキーのサイズになるように概要を設定します。ビッグエンディアンのみ。
     \return 0  Curve25519_Key構造体から秘密鍵を正常にエクスポートしました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -291,7 +291,7 @@ int wc_curve25519_export_private_raw(curve25519_key* key, byte* out,
                                      word32* outLen);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数はCurve25519_Key構造体から秘密鍵をエクスポートし、それを指定されたアウトバッファに格納します。また、エクスポートされたキーのサイズになるように概要を設定します。それがビッグ・リトルエンディアンかを指定できます。
     \return 0  Curve25519_Key構造体から秘密鍵を正常にエクスポートしました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -324,7 +324,7 @@ int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out,
                                         word32* outLen, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、指定されたバッファから公開鍵をインポートし、それをCurve25519_Key構造体に格納します。
     \return 0  公開鍵をCurve25519_Key構造体に正常にインポートしました。
     \return ECC_BAD_ARG_E  InLenパラメータがキー構造のキーサイズと一致しない場合に返されます。
@@ -358,7 +358,7 @@ int wc_curve25519_import_public(const byte* in, word32 inLen,
                                 curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、指定されたバッファから公開鍵をインポートし、それをCurve25519_Key構造体に格納します。
     \return 0  公開鍵をCurve25519_Key構造体に正常にインポートしました。
     \return ECC_BAD_ARG_E  InLenパラメータがキー構造のキーサイズと一致しない場合に返されます。
@@ -393,7 +393,7 @@ int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
                                    curve25519_key* key, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、公開鍵バッファが指定されたエンディアンに対して有効なCurve2519キー値を保持していることを確認します。
     \return 0  公開鍵の値が有効なときに返されます。
     \return ECC_BAD_ARG_E  公開鍵の値が無効な場合は返されます。
@@ -420,7 +420,7 @@ int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
 int wc_curve25519_check_public(const byte* pub, word32 pubSz, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は指定されたキー構造から公開鍵をエクスポートし、結果をアウトバッファに格納します。ビッグエンディアンのみ。
     \return 0  Curve25519_Key構造体から公開鍵を正常にエクスポートする上で返されます。
     \return ECC_BAD_ARG_E  outlenがcurve25519_pub_key_sizeより小さい場合に返されます。
@@ -449,7 +449,7 @@ int wc_curve25519_check_public(const byte* pub, word32 pubSz, int endian);
 int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は指定されたキー構造から公開鍵をエクスポートし、結果をアウトバッファに格納します。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  Curve25519_Key構造体から公開鍵を正常にエクスポートする上で返されます。
     \return ECC_BAD_ARG_E  outlenがcurve25519_pub_key_sizeより小さい場合に返されます。
@@ -481,7 +481,7 @@ int wc_curve25519_export_public_ex(curve25519_key* key, byte* out,
                                    word32* outLen, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  Export Curve25519キーペア。ビッグエンディアンのみ。
     \return 0  Curve25519_Key構造体からキーペアのエクスポートに成功しました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -516,7 +516,7 @@ int wc_curve25519_export_key_raw(curve25519_key* key,
                                  byte* pub, word32 *pubSz);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  Export Curve25519キーペア。ビッグ・リトルエンディアン。
     \return 0  Curve25519_Key構造体からキーペアのエクスポートに成功しました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -555,7 +555,7 @@ int wc_curve25519_export_key_raw_ex(curve25519_key* key,
                                     int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は与えられたキー構造のキーサイズを返します。
     \return Success  有効な初期化されたCurve25519_Key構造体を考慮すると、キーのサイズを返します。
     \return 0  キーがNULLの場合は返されます
diff --git a/doc/dox_comments/header_files-ja/curve448.h b/doc/dox_comments/header_files-ja/curve448.h
index 4a6a1d2e75..d6d8a307a0 100644
--- a/doc/dox_comments/header_files-ja/curve448.h
+++ b/doc/dox_comments/header_files-ja/curve448.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、与えられたサイズ（Keysize）のサイズの指定された乱数発生器RNGを使用してCurve448キーを生成し、それを指定されたCurve448_Key構造体に格納します。キー構造がWC_CURVE448_INIT（）を介して初期化された後に呼び出されるべきです。
     \return 0  キーの生成に成功し、それを指定されたCurve448_Key構造体に格納します。
     \return ECC_BAD_ARG_E  入力キーサイズがCurve448キー（56バイト）のキーシェイズに対応していない場合は返されます。
@@ -27,7 +27,7 @@
 int wc_curve448_make_key(WC_RNG* rng, int keysize, curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、秘密の秘密鍵と受信した公開鍵を考えると、共有秘密鍵を計算します。生成された秘密鍵をバッファアウトに保存し、ounlentの秘密鍵の変数を割り当てます。ビッグエンディアンのみをサポートします。
     \return 0  共有秘密鍵を正常に計算する上で返却されました
     \return BAD_FUNC_ARG  渡された入力パラメーターのいずれかがNULLの場合に返されます
@@ -58,7 +58,7 @@ int wc_curve448_shared_secret(curve448_key* private_key,
                                 byte* out, word32* outlen);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、秘密の秘密鍵と受信した公開鍵を考えると、共有秘密鍵を計算します。生成された秘密鍵をバッファアウトに保存し、ounlentの秘密鍵の変数を割り当てます。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  共有秘密鍵を正常に計算したときに返されました。
     \return BAD_FUNC_ARG  渡された入力パラメータのいずれかがNULLの場合に返されます。
@@ -92,7 +92,7 @@ int wc_curve448_shared_secret_ex(curve448_key* private_key,
                                    byte* out, word32* outlen, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数はCurve448キーを初期化します。構造のキーを生成する前に呼び出されるべきです。
     \return 0  Curve448_Key構造体の初期化に成功しました。
     \return BAD_FUNC_ARG  キーがNULLのときに返されます。
@@ -108,7 +108,7 @@ int wc_curve448_shared_secret_ex(curve448_key* private_key,
 int wc_curve448_init(curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数はCurve448オブジェクトを解放します。
     _Example_
     \code
@@ -123,7 +123,7 @@ int wc_curve448_init(curve448_key* key);
 void wc_curve448_free(curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数はCurve448秘密鍵のみをインポートします。（ビッグエンディアン）。
     \return 0  秘密鍵のインポートに成功しました。
     \return BAD_FUNC_ARG  キーまたはPRIVがNULLの場合は返します。
@@ -151,7 +151,7 @@ int wc_curve448_import_private(const byte* priv, word32 privSz,
                                  curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  CURVE448秘密鍵のインポートのみ。（ビッグエンディアン）。
     \return 0  秘密鍵のインポートに成功しました。
     \return BAD_FUNC_ARG  キーまたはPRIVがNULLの場合は返します。
@@ -182,7 +182,7 @@ int wc_curve448_import_private_ex(const byte* priv, word32 privSz,
                                     curve448_key* key, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、public-秘密鍵のペアをCurve448_Key構造体にインポートします。ビッグエンディアンのみ。
     \return 0  Curve448_Key構造体へのインポート時に返されます。
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLの場合に返します。
@@ -219,7 +219,7 @@ int wc_curve448_import_private_raw(const byte* priv, word32 privSz,
                             const byte* pub, word32 pubSz, curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、public-秘密鍵のペアをCurve448_Key構造体にインポートします。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  Curve448_Key構造体へのインポート時に返されます。
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLの場合に返します。
@@ -259,7 +259,7 @@ int wc_curve448_import_private_raw_ex(const byte* priv, word32 privSz,
                                         curve448_key* key, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数はCurve448_Key構造体から秘密鍵をエクスポートし、それを指定されたバッファに格納します。また、エクスポートされたキーのサイズになるように概要を設定します。ビッグエンディアンのみ。
     \return 0  Curve448_Key構造体から秘密鍵を正常にエクスポートする上で返されました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -290,7 +290,7 @@ int wc_curve448_export_private_raw(curve448_key* key, byte* out,
                                      word32* outLen);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数はCurve448_Key構造体から秘密鍵をエクスポートし、それを指定されたバッファに格納します。また、エクスポートされたキーのサイズになるように概要を設定します。それが大きいかリトルエンディアンかを指定できます。
     \return 0  Curve448_Key構造体から秘密鍵を正常にエクスポートする上で返されました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -323,7 +323,7 @@ int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out,
                                         word32* outLen, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、指定されたバッファから公開鍵をインポートし、それをCurve448_Key構造体に格納します。
     \return 0  公開鍵をCurve448_Key構造体に正常にインポートしました。
     \return ECC_BAD_ARG_E  InLenパラメータがキー構造のキーサイズと一致しない場合に返されます。
@@ -357,7 +357,7 @@ int wc_curve448_import_public(const byte* in, word32 inLen,
                                 curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、指定されたバッファから公開鍵をインポートし、それをCurve448_Key構造体に格納します。
     \return 0  公開鍵をCurve448_Key構造体に正常にインポートしました。
     \return ECC_BAD_ARG_E  InLenパラメータがキー構造のキーサイズと一致しない場合に返されます。
@@ -392,7 +392,7 @@ int wc_curve448_import_public_ex(const byte* in, word32 inLen,
                                    curve448_key* key, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、公開鍵バッファがエンディアン順序付けを与えられた有効なCurve448キー値を保持することを確認します。
     \return 0  公開鍵の値が有効なときに返されます。
     \return ECC_BAD_ARG_E  公開鍵の値が無効な場合は返されます。
@@ -419,7 +419,7 @@ int wc_curve448_import_public_ex(const byte* in, word32 inLen,
 int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は指定されたキー構造から公開鍵をエクスポートし、結果をアウトバッファに格納します。ビッグエンディアンのみ。
     \return 0  Curve448_Key構造体から公開鍵のエクスポートに成功しました。
     \return ECC_BAD_ARG_E  outlenがcurve448_pub_key_sizeより小さい場合に返されます。
@@ -449,7 +449,7 @@ int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian);
 int wc_curve448_export_public(curve448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は指定されたキー構造から公開鍵をエクスポートし、結果をアウトバッファに格納します。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  Curve448_Key構造体から公開鍵のエクスポートに成功しました。
     \return ECC_BAD_ARG_E  outlenがcurve448_pub_key_sizeより小さい場合に返されます。
@@ -481,7 +481,7 @@ int wc_curve448_export_public_ex(curve448_key* key, byte* out,
                                    word32* outLen, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は指定されたキー構造からキーペアをエクスポートし、結果をアウトバッファに格納します。ビッグエンディアンのみ。
     \return 0  Curve448_Key構造体からキーペアのエクスポートに成功しました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -516,7 +516,7 @@ int wc_curve448_export_key_raw(curve448_key* key,
                                  byte* pub, word32 *pubSz);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  Curve448キーペアをエクスポートします。ビッグ、またはリトルエンディアン。
     \brief  この関数は指定されたキー構造からキーペアをエクスポートし、結果をアウトバッファに格納します。ビッグ、またはリトルエンディアン。
     \return 0  成功
@@ -556,7 +556,7 @@ int wc_curve448_export_key_raw_ex(curve448_key* key,
                                     int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は与えられたキー構造のキーサイズを返します。
     \return Success  有効な初期化されたCurve448_Key構造体を考慮すると、キーのサイズを返します。
     \return 0  キーがNULLの場合は返されます。
diff --git a/doc/dox_comments/header_files-ja/des3.h b/doc/dox_comments/header_files-ja/des3.h
index c7f57aba09..a8829ef435 100644
--- a/doc/dox_comments/header_files-ja/des3.h
+++ b/doc/dox_comments/header_files-ja/des3.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は、引数として与えられたDES構造体のキーと初期化ベクトル（IV）を設定します。また、これらがまだ初期化されていない場合は、暗号化と復号化に必要なバッファーのスペースを初期化して割り当てます。注：IVが指定されていない場合（i.e.iv == null）初期化ベクトルは、デフォルトのIV 0になります。
     \return 0  DES構造体のキーと初期化ベクトルを正常に設定する
     \param des  初期化するDES構造へのポインタ
@@ -24,7 +24,7 @@ int  wc_Des_SetKey(Des* des, const byte* key,
                                const byte* iv, int dir);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は、引数として与えられたDES構造体の初期化ベクトル（IV）を設定します。NULL IVを渡したら、初期化ベクトルを0に設定します。
     \return none  いいえ返します。
     \param des  IVを設定するためのDES構造へのポインタ
@@ -41,7 +41,7 @@ int  wc_Des_SetKey(Des* des, const byte* key,
 void wc_Des_SetIV(Des* des, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力メッセージを暗号化し、結果を出力バッファーに格納します。暗号ブロックチェーンチェーン（CBC）モードでDES暗号化を使用します。
     \return 0  与えられた入力メッセージの暗号化に成功したときに返されます
     \param des  暗号化に使用するDES構造へのポインタ
@@ -66,7 +66,7 @@ int  wc_Des_CbcEncrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力暗号文を復号化し、結果の平文を出力バッファーに出力します。暗号ブロックチェーンチェーン（CBC）モードでDES暗号化を使用します。
     \return 0  与えられた暗号文を正常に復号化したときに返されました
     \param des  復号化に使用するDES構造へのポインタ
@@ -91,7 +91,7 @@ int  wc_Des_CbcDecrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力メッセージを暗号化し、結果を出力バッファーに格納します。電子コードブック（ECB）モードでDES暗号化を使用します。
     \return 0:  与えられた平文を正常に暗号化すると返されます。
     \param des  暗号化に使用するDES構造へのポインタ
@@ -115,7 +115,7 @@ int  wc_Des_EcbEncrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力メッセージを暗号化し、結果を出力バッファーに格納します。電子コードブック（ECB）モードでDES3暗号化を使用します。警告：ほぼすべてのユースケースでECBモードは安全性が低いと考えられています。可能な限りECB APIを直接使用しないでください。
     \return 0  与えられた平文を正常に暗号化すると返されます
     \param des3  暗号化に使用するDES3構造へのポインタ
@@ -139,7 +139,7 @@ int wc_Des3_EcbEncrypt(Des3* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は、引数として与えられたDES3構造のキーと初期化ベクトル（IV）を設定します。また、これらがまだ初期化されていない場合は、暗号化と復号化に必要なバッファーのスペースを初期化して割り当てます。注：IVが指定されていない場合（i.e.iv == null）初期化ベクトルは、デフォルトのIV 0になります。
     \return 0  DES構造体のキーと初期化ベクトルを正常に設定する
     \param des3  初期化するDES3構造へのポインタ
@@ -165,7 +165,7 @@ int  wc_Des3_SetKey(Des3* des, const byte* key,
                                 const byte* iv,int dir);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は、引数として与えられたDES3構造の初期化ベクトル（IV）を設定します。NULL IVを渡したら、初期化ベクトルを0に設定します。
     \return none  いいえ返します。
     \param des  IVを設定するためのDES3構造へのポインタ
@@ -184,7 +184,7 @@ int  wc_Des3_SetKey(Des3* des, const byte* key,
 int  wc_Des3_SetIV(Des3* des, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力メッセージを暗号化し、結果を出力バッファーに格納します。暗号ブロックチェーン（CBC）モードでトリプルDES（3DES）暗号化を使用します。
     \return 0  与えられた入力メッセージの暗号化に成功したときに返されます
     \param des  暗号化に使用するDES3構造へのポインタ
@@ -209,7 +209,7 @@ int  wc_Des3_CbcEncrypt(Des3* des, byte* out,
                                     const byte* in,word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力暗号文を復号化し、結果の平文を出力バッファーに出力します。暗号ブロックチェーン（CBC）モードでトリプルDES（3DES）暗号化を使用します。
     \return 0  与えられた暗号文を正常に復号化したときに返されました
     \param des  復号化に使用するDES3構造へのポインタ
diff --git a/doc/dox_comments/header_files-ja/dh.h b/doc/dox_comments/header_files-ja/dh.h
index 45dda386bd..e8db7eae7c 100644
--- a/doc/dox_comments/header_files-ja/dh.h
+++ b/doc/dox_comments/header_files-ja/dh.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数は、Diffie-Hellman Exchangeプロトコルを使用して安全な秘密鍵を交渉するのに使用するためのDiffie-Hellmanキーを初期化します。
     \return none  いいえ返します。
     _Example_
@@ -13,7 +13,7 @@
 int wc_InitDhKey(DhKey* key);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数は、Diffie-Hellman Exchangeプロトコルを使用して安全な秘密鍵をネゴシエートするために使用された後にDiffie-Hellmanキーを解放します。
     \return none  いいえ返します。
     _Example_
@@ -28,7 +28,7 @@ int wc_InitDhKey(DhKey* key);
 void wc_FreeDhKey(DhKey* key);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数はdiffie-hellmanパブリックパラメータに基づいてパブリック/秘密鍵ペアを生成し、PRIVSの秘密鍵とPubの公開鍵を格納します。初期化されたDiffie-Hellmanキーと初期化されたRNG構造を取ります。
     \return BAD_FUNC_ARG  この関数への入力の1つを解析するエラーがある場合に返されます
     \return RNG_FAILURE_E  RNGを使用して乱数を生成するエラーが発生した場合
@@ -63,7 +63,7 @@ int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
                                  word32* privSz, byte* pub, word32* pubSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数は、ローカル秘密鍵と受信した公開鍵に基づいて合意された秘密鍵を生成します。交換の両側で完了した場合、この関数は対称通信のための秘密鍵の合意を生成します。共有秘密鍵の生成に成功すると、書かれた秘密鍵のサイズは仲間に保存されます。
     \return 0  合意された秘密鍵の生成に成功しました
     \return MP_INIT_E  共有秘密鍵の生成中にエラーが発生した場合に返却される可能性があります
@@ -100,7 +100,7 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
                        word32 pubSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この機能は、DERフォーマットのキーを含む与えられた入力バッファからDiffie-Hellmanキーをデコードします。結果をDHKEY構造体に格納します。
     \return 0  入力キーの復号に成功したときに返されます
     \return ASN_PARSE_E  入力のシーケンスを解析したエラーがある場合に返されます
@@ -128,7 +128,7 @@ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
                            word32);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数は、入力秘密鍵パラメータを使用してDHKEY構造体のキーを設定します。WC_DHKEYDECODEとは異なり、この関数は入力キーがDERフォーマットでフォーマットされ、代わりにPARSED入力パラメータP（Prime）とG（Base）を受け入れる必要はありません。
     \return 0  鍵の設定に成功しました
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLに評価された場合に返されます。
@@ -157,7 +157,7 @@ int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
                         word32 gSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数は、与えられた入力バッファからDiffie-HellmanパラメータP（Prime）とG（ベース）をフォーマットされています。
     \return 0  DHパラメータの抽出に成功しました
     \return ASN_PARSE_E  DERフォーマットのDH証明書の解析中にエラーが発生した場合に返されます。
@@ -187,7 +187,7 @@ int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
                             word32* pInOutSz, byte* g, word32* gInOutSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe4096_Get
     \sa wc_Dh_ffdhe6144_Get
@@ -196,7 +196,7 @@ int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
 const DhParams* wc_Dh_ffdhe2048_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe4096_Get
     \sa wc_Dh_ffdhe6144_Get
@@ -205,7 +205,7 @@ const DhParams* wc_Dh_ffdhe2048_Get(void);
 const DhParams* wc_Dh_ffdhe3072_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe6144_Get
@@ -214,7 +214,7 @@ const DhParams* wc_Dh_ffdhe3072_Get(void);
 const DhParams* wc_Dh_ffdhe4096_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe4096_Get
@@ -223,7 +223,7 @@ const DhParams* wc_Dh_ffdhe4096_Get(void);
 const DhParams* wc_Dh_ffdhe6144_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe4096_Get
@@ -232,13 +232,13 @@ const DhParams* wc_Dh_ffdhe6144_Get(void);
 const DhParams* wc_Dh_ffdhe8192_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
 */
 int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
                         const byte* priv, word32 privSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
 */
 int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 pubSz);
 
diff --git a/doc/dox_comments/header_files-ja/doxygen_groups.h b/doc/dox_comments/header_files-ja/doxygen_groups.h
index e3009c31ff..41c8495a94 100644
--- a/doc/dox_comments/header_files-ja/doxygen_groups.h
+++ b/doc/dox_comments/header_files-ja/doxygen_groups.h
@@ -154,7 +154,7 @@
       -# Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
       -# Derive SSV and auth data: wc_DeriveSakkeSSV()
       -# Free SAKKE Key: wc_FreeSakkeKey()
-    
+
     \defgroup SAKKE_Setup Setup SAKKE Key
     Operations for establishing a SAKKE key.
 
diff --git a/doc/dox_comments/header_files-ja/dsa.h b/doc/dox_comments/header_files-ja/dsa.h
index 64ae4733d0..066a0a2e56 100644
--- a/doc/dox_comments/header_files-ja/dsa.h
+++ b/doc/dox_comments/header_files-ja/dsa.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この関数は、デジタル署名アルゴリズム（DSA）を介した認証に使用するためにDSAKEYオブジェクトを初期化します。
     \return 0  成功に戻りました。
     \return BAD_FUNC_ARG  NULLキーが渡された場合に返されます。
@@ -14,7 +14,7 @@
 int wc_InitDsaKey(DsaKey* key);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この関数は、使用された後にdsakeyオブジェクトを解放します。
     \return none  いいえ返します。
     _Example_
@@ -29,7 +29,7 @@ int wc_InitDsaKey(DsaKey* key);
 void wc_FreeDsaKey(DsaKey* key);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この機能は入力ダイジェストに署名し、結果を出力バッファーに格納します。
     \return 0  入力ダイジェストに正常に署名したときに返されました
     \return MP_INIT_E  DSA署名の処理にエラーがある場合は返される可能性があります。
@@ -67,7 +67,7 @@ int wc_DsaSign(const byte* digest, byte* out,
                            DsaKey* key, WC_RNG* rng);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この関数は、秘密鍵を考えると、ダイジェストの署名を検証します。回答パラメータでキーが正しく検証されているかどうか、正常な検証に対応する1、および失敗した検証に対応する0が格納されます。
     \return 0  検証要求の処理に成功したときに返されます。注：これは、署名が検証されていることを意味するわけではなく、関数が成功したというだけです。
     \return MP_INIT_E  DSA署名の処理にエラーがある場合は返される可能性があります。
@@ -106,7 +106,7 @@ int wc_DsaVerify(const byte* digest, const byte* sig,
                              DsaKey* key, int* answer);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この機能は、DSA公開鍵を含むDERフォーマットの証明書バッファを復号し、与えられたDSakey構造体にキーを格納します。また、入力読み取りの長さに応じてINOUTIDXパラメータを設定します。
     \return 0  dsakeyオブジェクトの公開鍵を正常に設定する
     \return ASN_PARSE_E  証明書バッファを読みながらエンコーディングにエラーがある場合
@@ -133,7 +133,7 @@ int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx,
                                       DsaKey* key, word32 inSz);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この機能は、DSA秘密鍵を含むDERフォーマットの証明書バッファをデコードし、指定されたDSakey構造体にキーを格納します。また、入力読み取りの長さに応じてINOUTIDXパラメータを設定します。
     \return 0  dsakeyオブジェクトの秘密鍵を正常に設定するに返されました
     \return ASN_PARSE_E  証明書バッファを読みながらエンコーディングにエラーがある場合
@@ -160,7 +160,7 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
                                        DsaKey* key, word32 inSz);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  DSAKEYキーをDERフォーマット、出力への書き込み（Inlen）、書き込まれたバイトを返します。
     \return outLen  成功、書かれたバイト数
     \return BAD_FUNC_ARG  キーまたは出力はNULLまたはキー - >タイプがDSA_PRIVATEではありません。
@@ -187,7 +187,7 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
 int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  DSAキーを作成します。
     \return MP_OKAY  成功
     \return BAD_FUNC_ARG  RNGまたはDSAのどちらかがnullです。
@@ -212,7 +212,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  FIPS 186-4は、modulus_size値の有効な値を定義します（1024,160）（2048,256）（3072,256）
     \return 0  成功
     \return BAD_FUNC_ARG  RNGまたはDSAはNULLまたはMODULUS_SIZEが無効です。
diff --git a/doc/dox_comments/header_files-ja/ed448.h b/doc/dox_comments/header_files-ja/ed448.h
index d1f20f23d9..b75d27e374 100644
--- a/doc/dox_comments/header_files-ja/ed448.h
+++ b/doc/dox_comments/header_files-ja/ed448.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、秘密鍵からED448公開鍵を生成します。公開鍵をバッファPubkeyに格納し、Pubkeyszでこのバッファに書き込まれたバイトを設定します。
     \return 0  公開鍵の作成に成功したときに返されます。
     \return BAD_FUNC_ARG  IFIキーまたはPubKeyがNULLに評価された場合、または指定されたキーサイズが57バイトではない場合（ED448には57バイトのキーがあります）。
@@ -31,7 +31,7 @@ int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey,
                          word32 pubKeySz);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は新しいED448キーを生成し、それをキーに格納します。
     \return 0  ED448_Keyを正常に作成したときに返されます。
     \return BAD_FUNC_ARG  RNGまたはKeyがNULLに評価された場合、または指定されたキーサイズが57バイトではない場合（ED448には57バイトのキーがあります）。
@@ -58,7 +58,7 @@ int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey,
 int wc_ed448_make_key(WC_RNG* rng, int keysize, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Keyオブジェクトを使用したメッセージに正解を保証します。
     \return 0  メッセージの署名を正常に生成すると返されます。
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLに評価された場合、または出力バッファが小さすぎて生成された署名を保存する場合は返されます。
@@ -94,7 +94,7 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out,
                         word32 *outlen, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、Ed448_Keyオブジェクトを使用してメッセージダイジェストに署名して信頼性を保証します。コンテキストは署名されたデータの一部として含まれています。ハッシュは、署名計算前のプリハッシュメッセージです。メッセージダイジェストを作成するために使用されるハッシュアルゴリズムはShake-256でなければなりません。
     \return 0  メッセージダイジェストの署名を正常に生成すると返されます。
     \return BAD_FUNC_ARG  返された入力パラメータはNULLに評価されます。出力バッファが小さすぎて生成された署名を保存するには小さすぎます。
@@ -135,7 +135,7 @@ int wc_ed448ph_sign_hash(const byte* hash, word32 hashLen, byte* out,
                          const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Keyオブジェクトを使用したメッセージに正解を保証します。コンテキストは署名されたデータの一部として含まれています。署名計算の前にメッセージは事前にハッシュされています。
     \return 0  メッセージの署名を正常に生成すると返されます。
     \return BAD_FUNC_ARG  返された入力パラメータはNULLに評価されます。出力バッファが小さすぎて生成された署名を保存するには小さすぎます。
@@ -176,7 +176,7 @@ int wc_ed448ph_sign_msg(const byte* in, word32 inLen, byte* out,
                         byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、メッセージのED448署名を確認して信頼性を確保します。文脈はデータ検証済みの一部として含まれています。答えはRESを介して返され、有効な署名に対応する1、無効な署名に対応する0を返します。
     \return 0  署名検証と認証を正常に実行したときに返されます。
     \return BAD_FUNC_ARG  いずれかの入力パラメータがNULLに評価された場合、またはSIGLENが署名の実際の長さと一致しない場合に返されます。
@@ -214,7 +214,7 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg,
                           const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、メッセージのダイジェストのED448シグネチャを検証して、信頼性を確保します。文脈はデータ検証済みの一部として含まれています。ハッシュは、署名計算前のプリハッシュメッセージです。メッセージダイジェストを作成するために使用されるハッシュアルゴリズムはShake-256でなければなりません。答えはRESを介して返され、有効な署名に対応する1、無効な署名に対応する0を返します。
     \return 0  署名検証と認証を正常に実行したときに返されます。
     \return BAD_FUNC_ARG  いずれかの入力パラメータがNULLに評価された場合、またはSIGLENが署名の実際の長さと一致しない場合に返されます。
@@ -252,7 +252,7 @@ int wc_ed448ph_verify_hash(const byte* sig, word32 siglen, const byte* hash,
                           const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、メッセージのED448署名を確認して信頼性を確保します。文脈はデータ検証済みの一部として含まれています。検証前にメッセージがプリハッシュされています。答えはRESを介して返され、有効な署名に対応する1、無効な署名に対応する0を返します。
     \return 0  署名検証と認証を正常に実行したときに返されます。
     \return BAD_FUNC_ARG  いずれかの入力パラメータがNULLに評価された場合、またはSIGLENが署名の実際の長さと一致しない場合に返されます。
@@ -290,7 +290,7 @@ int wc_ed448ph_verify_msg(const byte* sig, word32 siglen, const byte* msg,
                           const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、メッセージ検証で将来の使用のためにED448_Keyオブジェクトを初期化します。
     \return 0  ED448_Keyオブジェクトの初期化に成功したら返されます。
     \return BAD_FUNC_ARG  キーがNULLの場合は返されます。
@@ -306,7 +306,7 @@ int wc_ed448ph_verify_msg(const byte* sig, word32 siglen, const byte* msg,
 int wc_ed448_init(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、それが使用された後にED448オブジェクトを解放します。
     _Example_
     \code
@@ -321,7 +321,7 @@ int wc_ed448_init(ed448_key* key);
 void wc_ed448_free(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、公開鍵を含むバッファからPublic ED448_Keyペアをインポートします。この関数は圧縮キーと非圧縮キーの両方を処理します。
     \return 0  ED448_Keyのインポートに成功しました。
     \return BAD_FUNC_ARG  INまたはKEYがNULLに評価されている場合、またはINLENがED448キーのサイズより小さい場合に返されます。
@@ -346,7 +346,7 @@ void wc_ed448_free(ed448_key* key);
 int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ed448秘密鍵をバッファからのみインポートします。
     \return 0  ED448秘密鍵のインポートに成功しました。
     \return BAD_FUNC_ARG  INまたはKEYがNULLに評価された場合、またはPRIVSZがED448_KEY_SIZEよりも小さい場合に返されます。
@@ -373,7 +373,7 @@ int wc_ed448_import_private_only(const byte* priv, word32 privSz,
                                  ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、一対のバッファからパブリック/プライベートED448キーペアをインポートします。この関数は圧縮キーと非圧縮キーの両方を処理します。
     \return 0  ED448キーのインポートに成功しました。
     \return BAD_FUNC_ARG  INまたはKEYがNULLに評価された場合、またはPROVSZがED448_KEY_SIZEまたはPUBSZのいずれかがeD448_PUB_KEY_SIZEよりも小さい場合に返されます。
@@ -404,7 +404,7 @@ int wc_ed448_import_private_key(const byte* priv, word32 privSz,
                                const byte* pub, word32 pubSz, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Key構造体から秘密鍵をエクスポートします。公開鍵をバッファアウトに格納し、ounterenでこのバッファに書き込まれたバイトを設定します。
     \return 0  公開鍵のエクスポートに成功したら返されます。
     \return BAD_FUNC_ARG  いずれかの入力値がNULLに評価された場合に返されます。
@@ -432,7 +432,7 @@ int wc_ed448_import_private_key(const byte* priv, word32 privSz,
 int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Key構造体からの秘密鍵のみをエクスポートします。秘密鍵をバッファアウトに格納し、outlenにこのバッファに書き込まれたバイトを設定します。
     \return 0  秘密鍵のエクスポートに成功したら返されます。
     \return ECC_BAD_ARG_E  いずれかの入力値がNULLに評価された場合に返されます。
@@ -459,7 +459,7 @@ int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen);
 int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Key構造体からキーペアをエクスポートします。キーペアをバッファOUTに格納し、ounterenでこのバッファに書き込まれたバイトを設定します。
     \return 0  キーペアのエクスポートに成功したら返されます。
     \return ECC_BAD_ARG_E  いずれかの入力値がNULLに評価された場合に返されます。
@@ -490,7 +490,7 @@ int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen);
 int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Key構造体とは別にプライベートキーと公開鍵をエクスポートします。秘密鍵をバッファーPrivに格納し、PRIVSZでこのバッファに書き込まれたバイトを設定します。公開鍵をバッファPUBに格納し、Pubszでこのバッファに書き込まれたバイトを設定します。
     \return 0  キーペアのエクスポートに成功したら返されます。
     \return ECC_BAD_ARG_E  いずれかの入力値がNULLに評価された場合に返されます。
@@ -524,7 +524,7 @@ int wc_ed448_export_key(ed448_key* key,
                           byte* pub, word32 *pubSz);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ed448_key構造体の公開鍵をチェックします。
     \return 0  プライベートキーと公開鍵が一致した場合に返されます。
     \return BAD_FUNC_ARGS  与えられたキーがNULLの場合に返されます。
@@ -549,7 +549,7 @@ int wc_ed448_check_key(ed448_key* key);
 
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448秘密鍵のサイズ -  57バイトを返します。
     \return ED448_KEY_SIZE  有効な秘密鍵のサイズ（57バイト）。
     \return BAD_FUNC_ARGS  与えられたキーがNULLの場合に返されます。
@@ -569,7 +569,7 @@ int wc_ed448_check_key(ed448_key* key);
 int wc_ed448_size(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、秘密鍵サイズ（secret + public）をバイト単位で返します。
     \return ED448_PRV_KEY_SIZE  秘密鍵のサイズ（114バイト）。
     \return BAD_FUNC_ARG  key引数がnullの場合は返します。
@@ -590,7 +590,7 @@ int wc_ed448_size(ed448_key* key);
 int wc_ed448_priv_size(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は圧縮鍵サイズをバイト単位で返します（公開鍵）。
     \return ED448_PUB_KEY_SIZE  圧縮公開鍵のサイズ（57バイト）。
     \return BAD_FUNC_ARG  key引数がnullの場合は返します。
@@ -610,7 +610,7 @@ int wc_ed448_priv_size(ed448_key* key);
 int wc_ed448_pub_size(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448シグネチャのサイズ（バイト数114）を返します。
     \return ED448_SIG_SIZE  ED448シグネチャ（114バイト）のサイズ。
     \return BAD_FUNC_ARG  key引数がnullの場合は返します。
diff --git a/doc/dox_comments/header_files-ja/error-crypt.h b/doc/dox_comments/header_files-ja/error-crypt.h
index c558c33be0..e660d1f32c 100644
--- a/doc/dox_comments/header_files-ja/error-crypt.h
+++ b/doc/dox_comments/header_files-ja/error-crypt.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Error 
+    \ingroup Error
     \brief  この関数は、特定のバッファ内の特定のエラーコードのエラー文字列を格納します。
     \return none  いいえ返します。
     \param error  文字列を取得するためのエラーコード
@@ -17,7 +17,7 @@
 void wc_ErrorString(int err, char* buff);
 
 /*!
-    \ingroup Error 
+    \ingroup Error
     \brief  この関数は、特定のエラーコードのエラー文字列を返します。
     \return string  エラーコードのエラー文字列を文字列リテラルとして返します。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/evp.h b/doc/dox_comments/header_files-ja/evp.h
index 93355400e6..d6fef8e5de 100644
--- a/doc/dox_comments/header_files-ja/evp.h
+++ b/doc/dox_comments/header_files-ja/evp.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  それぞれのwolfssl_evp_cipherポインタのゲッター関数。最初にプログラム内でwolfssl_evp_init（）を1回呼び出す必要があります。wolfssl_des_ecbマクロは、wolfssl_evp_des_ede3_ecb（）に対して定義する必要があります。
     \return pointer  DES EDE3操作のためのwolfssl_evp_cipherポインタを返します。
     _Example_
@@ -14,7 +14,7 @@
 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  それぞれのwolfssl_evp_cipherポインタのゲッター関数。最初にプログラム内でwolfssl_evp_init（）を1回呼び出す必要があります。wolfssl_des_ecbマクロは、wolfssl_evp_des_ecb（）に対して定義する必要があります。
     \return pointer  DES操作のためのwolfssl_evp_cipherポインタを返します。
     _Example_
@@ -28,7 +28,7 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_md_ctxを初期化する機能。この関数はwolfssl_engineがwolfssl_engineを使用しないため、wolfssl_evp_digestinit（）のラッパーです。
     \return SSL_SUCCESS  正常に設定されている場合。
     \return SSL_FAILURE  成功しなかった場合
@@ -56,7 +56,7 @@ int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
                                      WOLFSSL_ENGINE *impl);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctxを初期化する機能。この関数はwolfssl_engineがwolfssl_engineを使用しないため、wolfssl_ciphinit（）のラッパーです。
     \return SSL_SUCCESS  正常に設定されている場合。
     \return SSL_FAILURE  成功しなかった場合
@@ -96,7 +96,7 @@ int  wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     int enc);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctxを初期化する機能。WolfSSLはWOLFSSL_ENGINEを使用しないため、この関数はwolfssl_evp_ciphinit（）のラッパーです。暗号化フラグを暗号化するように設定します。
     \return SSL_SUCCESS  正常に設定されている場合。
     \return SSL_FAILURE  成功しなかった場合
@@ -128,7 +128,7 @@ int  wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     const unsigned char* iv);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctxを初期化する機能。WolfSSLはWOLFSSL_ENGINEを使用しないため、この関数はwolfssl_evp_ciphinit（）のラッパーです。暗号化フラグを復号化するように設定します。
     \return SSL_SUCCESS  正常に設定されている場合。
     \return SSL_FAILURE  成功しなかった場合
@@ -169,7 +169,7 @@ int  wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     const unsigned char* iv);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  データを暗号化/復号化する機能。バッファ内では暗号化または復号化され、OUTバッファが結果を保持します。OUTORは暗号化/復号化された情報の長さになります。
     \return SSL_SUCCESS  成功した場合
     \return SSL_FAILURE  成功しなかった場合
@@ -201,7 +201,7 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
                                    const unsigned char *in, int inl);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  この関数は、パディングを追加する最終暗号化操作を実行します。wolfssl_evp_ciph_no_paddingフラグがwolfssl_evp_cipher_ctx構造に設定されている場合、1が返され、暗号化/復号化は行われません。PADDING FLAGがSETIパディングを追加して暗号化すると、暗号化にCTXが設定されていると、復号化されたときにパディング値がチェックされます。
     \return 1  成功に戻りました。
     \return 0  失敗に遭遇した場合
@@ -221,7 +221,7 @@ int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
                                    unsigned char *out, int *outl);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  WolfSSL EVP_CIPHER_CTX構造キー長の設定機能
     \return SSL_SUCCESS  正常に設定されている場合。
     \return SSL_FAILURE  キーの長さを設定できなかった場合。
@@ -239,7 +239,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                                      int keylen);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  これはCTXブロックサイズのGetter関数です。
     \return size  ctx-> block_sizeを返します。
     _Example_
@@ -253,7 +253,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
 int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  これは暗号のブロックサイズのゲッター関数です。
     \return size  ブロックサイズを返します。
     _Example_
@@ -266,7 +266,7 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  WolfSSL evp_cipher_ctx構造の設定機能
     \return none  いいえ返します。
     \param ctx  フラグを設定する構造
@@ -283,7 +283,7 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher);
 void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  WolfSSL evp_cipher_ctx構造のクリア機能
     \return none  いいえ返します。
     \param ctx  フラグをクリアするための構造
@@ -300,7 +300,7 @@ void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
 void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctx構造のためのセッター機能パディングを使用する。
     \return SSL_SUCCESS  正常に設定されている場合。
     \return BAD_FUNC_ARG  NULL引数が渡された場合。
@@ -317,7 +317,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad);
 
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctx構造のゲッター関数廃止予定のV1.1.0
     \return unsigned  フラグ/モードの長い。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/hash.h b/doc/dox_comments/header_files-ja/hash.h
index e7ab99a7b6..82ca76b70e 100644
--- a/doc/dox_comments/header_files-ja/hash.h
+++ b/doc/dox_comments/header_files-ja/hash.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  この関数は提供されたwc_hashtypeのOIDを返します。
     \return OID  戻り値0を超えてください
     \return HASH_TYPE_E  ハッシュ型はサポートされていません。
@@ -18,7 +18,7 @@
 int wc_HashGetOID(enum wc_HashType hash_type);
 
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  この関数は、hash_typeのダイジェスト（出力）のサイズを返します。返品サイズは、WC_HASHに提供される出力バッファが十分に大きいことを確認するために使用されます。
     \return Success  正の戻り値は、ハッシュのダイジェストサイズを示します。
     \return Error  hash_typeがサポートされていない場合はhash_type_eを返します。
@@ -36,7 +36,7 @@ int wc_HashGetOID(enum wc_HashType hash_type);
 int wc_HashGetDigestSize(enum wc_HashType hash_type);
 
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  この関数は、提供されたデータバッファ上にハッシュを実行し、提供されたハッシュバッファにそれを返します。
     \return 0  そうでなければ、それ以外の誤り（bad_func_argやbuffer_eなど）。
     \param hash_type  "wc_hash_type_sha256"などの "enum wc_hashtype"からのハッシュ型。
@@ -61,7 +61,7 @@ int wc_Hash(enum wc_HashType hash_type,
     byte* hash, word32 hash_len);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  データを正常にハッシュしたときに返されます。
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
@@ -86,7 +86,7 @@ int wc_Hash(enum wc_HashType hash_type,
 int wc_Md5Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  うまく返されました...。
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
@@ -103,7 +103,7 @@ int wc_Md5Hash(const byte* data, word32 len, byte* hash);
 int wc_ShaHash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  うまく返されました...
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
@@ -120,7 +120,7 @@ int wc_ShaHash(const byte* data, word32 len, byte* hash);
 int wc_Sha256Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  成功
     \return <0  エラー
@@ -137,7 +137,7 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash);
 int wc_Sha224Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  入力されたデータを正常にハッシュしたときに返されます
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
@@ -154,7 +154,7 @@ int wc_Sha224Hash(const byte* data, word32 len, byte* hash);
 int wc_Sha512Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  データを正常にハッシュしたときに返されます
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
diff --git a/doc/dox_comments/header_files-ja/hmac.h b/doc/dox_comments/header_files-ja/hmac.h
index 7202e3c07f..7a60f4eb2d 100644
--- a/doc/dox_comments/header_files-ja/hmac.h
+++ b/doc/dox_comments/header_files-ja/hmac.h
@@ -3,8 +3,8 @@
     \brief  この関数はHMACオブジェクトを初期化し、その暗号化タイプ、キー、およびHMACの長さを設定します。
     \return 0  HMACオブジェクトの初期化に成功しました
     \return BAD_FUNC_ARG  入力タイプが無効な場合は返されます。有効なオプションは次のとおりです.MD5、SHA、SHA256、SHA384、SHA3-224、SHA3-256、SHA3-384、SHA3-512
-    \return MEMORY_E  ハッシュに使用する構造体の割り当てメモリの割り当てがある場合
-    \return HMAC_MIN_KEYLEN_E  FIPS実装を使用するときに返されることがあり、指定されたキー長は最小許容FIPS規格よりも短いです。
+    \return MEMORY_E  ハッシュに使用する構造体の割り当てメモリの割り当てエラーがある場合
+    \return HMAC_MIN_KEYLEN_E  FIPS実装を使用するときに、指定されたキーがFIPS規格の最小許容(14バイト)よりも短い
     \param hmac  初期化するHMACオブジェクトへのポインタ
     \param type  HMACオブジェクトを使用する暗号化方式を指定します。有効なオプションは次のとおりです.MD5、SHA、SHA256、SHA384、SHA3-224、SHA3-256、SHA3-384、SHA3-512
     \param key  HMACオブジェクトを初期化するキーを含むバッファへのポインタ
@@ -13,7 +13,7 @@
     Hmac hmac;
     byte key[] = { // initialize with key to use for encryption };
     if (wc_HmacSetKey(&hmac, MD5, key, sizeof(key)) != 0) {
-    	// error initializing Hmac object
+        // error initializing Hmac object
     }
     \endcode
     \sa wc_HmacUpdate
@@ -25,7 +25,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz);
     \ingroup HMAC
     \brief  この関数は、HMACを使用して認証するメッセージを更新します。HMACオブジェクトがWC_HMACSETKEYで初期化された後に呼び出されるべきです。この関数は、ハッシュへのメッセージを更新するために複数回呼び出されることがあります。必要に応じてwc_hmacupdateを呼び出した後、最終認証済みメッセージタグを取得するためにwc_hmacfinalを呼び出す必要があります。
     \return 0  認証するメッセージの更新に成功しました
-    \return MEMORY_E  ハッシュアルゴリズムで使用するためにメモリを割り当てるエラーがある場合
+    \return MEMORY_E  ハッシュアルゴリズムで使用するためのメモリ割り当てエラーがある場合
     \param hmac  メッセージを更新するHMACオブジェクトへのポインタ
     \param msg  追加するメッセージを含むバッファへのポインタ
     _Example_
diff --git a/doc/dox_comments/header_files-ja/iotsafe.h b/doc/dox_comments/header_files-ja/iotsafe.h
index 13f30fe5a4..3a839eff7f 100644
--- a/doc/dox_comments/header_files-ja/iotsafe.h
+++ b/doc/dox_comments/header_files-ja/iotsafe.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  この関数は与えられたコンテキストでのIoTセーフサポートを有効にします。
     \param ctx  IOTセーフサポートを有効にする必要があるWOLFSSL_CTXオブジェクトへのポインタ
     \return 0  成功した
@@ -19,7 +19,7 @@ int wolfSSL_CTX_iotsafe_enable(WOLFSSL_CTX *ctx);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  この関数は、IOT-SAFE TLSコールバックを特定のSSLセッションに接続します。
     \brief  スロットのIDが1バイトの長さの場合、SSLセッションをIoT-Safeアプレットに接続するように呼び出す必要があります。IOTセーフスロットのIDが2バイト以上の場合、\ REF WOLFSSL_IOTSAFE_ON_EX「WOLFSSL_IOTSAFE_ON_EX（）」を使用する必要があります。
     \param ssl  コールバックが有効になるWolfSSLオブジェクトへのポインタ
@@ -55,7 +55,7 @@ int wolfSSL_iotsafe_on(WOLFSSL *ssl, byte privkey_id,
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  この関数は、IOT-SAFE TLSコールバックを特定のSSLセッションに接続します。これは、IOTセーフスロットのIDを参照で渡すことができ、IDフィールドの長さをパラメータ "id_size"で指定できます。
     \param ssl  コールバックが有効になるWolfSSLオブジェクトへのポインタ
     \param privkey_id  ホストの秘密鍵を含むIoTセーフアプレットスロットのIDへのポインタ
@@ -100,7 +100,7 @@ int wolfSSL_iotsafe_on_ex(WOLFSSL *ssl, byte *privkey_id,
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  AT + CSIMコマンドのリードコールバックを関連付けます。この入力関数は通常、モデムと通信するUARTチャネルの読み取りイベントに関連付けられています。読み取りコールバックが関連付けられているのは、同時にIoT-Safeサポートを使用するすべてのコンテキストのグローバルと変更です。
     _Example_
     \code
@@ -116,7 +116,7 @@ int wolfSSL_iotsafe_on_ex(WOLFSSL *ssl, byte *privkey_id,
 void wolfIoTSafe_SetCSIM_read_cb(wolfSSL_IOTSafe_CSIM_read_cb rf);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  AT + CSIMコマンドの書き込みコールバックを関連付けます。この出力関数は通常、モデムと通信するUARTチャネル上のライトイベントに関連付けられています。Write Callbackが関連付けられているのは、同時にIoT-Safeサポートを使用するすべてのコンテキストのグローバルと変更です。
     _Example_
     \code
@@ -131,7 +131,7 @@ void wolfIoTSafe_SetCSIM_write_cb(wolfSSL_IOTSafe_CSIM_write_cb wf);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOTセーフ機能getrandomを使用して、指定されたサイズのランダムなバッファを生成します。この関数は、WolfCrypt RNGオブジェクトによって自動的に使用されます。
     \param out  ランダムなバイトシーケンスが格納されているバッファ。
     \param sz  生成するランダムシーケンスのサイズ（バイト単位）
@@ -140,7 +140,7 @@ int wolfIoTSafe_GetRandom(unsigned char* out, word32 sz);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOT-Safeアプレット上のファイルに保存されている証明書をインポートし、ローカルにメモリに保存します。1バイトのファイルIDフィールドで動作します。
     \param id  証明書が保存されているIOTセーフ・アプレットのファイルID
     \param output  証明書がインポートされるバッファー
@@ -171,7 +171,7 @@ int wolfIoTSafe_GetCert(uint8_t id, unsigned char *output, unsigned long sz);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOT-Safeアプレット上のファイルに保存されている証明書をインポートし、ローカルにメモリに保存します。\ ref wolfiotsafe_getcert "wolfiotsafe_getcert"と同等です。ただし、2バイト以上のファイルIDで呼び出すことができます。
     \param id  証明書が保存されているIOT-SAFEアプレットのファイルIDへのポインタ
     \param id_sz  ファイルIDのサイズ：バイト数
@@ -207,7 +207,7 @@ int wolfIoTSafe_GetCert(uint8_t id, unsigned char *output, unsigned long sz);
 int wolfIoTSafe_GetCert_ex(uint8_t *id, uint16_t id_sz, unsigned char *output, unsigned long sz);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOTセーフアプレットに格納されているECC 256ビットの公開鍵をECC_Keyオブジェクトにインポートします。
     \param key  IOT-SAFEアプレットからインポートされたキーを含むECC_KEYオブジェクト
     \param id  公開鍵が保存されているIOTセーフアプレットのキーID
@@ -218,7 +218,7 @@ int wolfIoTSafe_GetCert_ex(uint8_t *id, uint16_t id_sz, unsigned char *output, u
 int wc_iotsafe_ecc_import_public(ecc_key *key, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC_KEYオブジェクトからIOT-SAFEアプレットへの書き込み可能なパブリックキースロットにECC 256ビット公開鍵をエクスポートします。
     \param key  エクスポートする鍵を含むecc_keyオブジェクト
     \param id  公開鍵が保存されているIOTセーフアプレットのキーID
@@ -230,7 +230,7 @@ int wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC_KEYオブジェクトからIOT-SAFEアプレットへの書き込み可能なパブリックキースロットにECC 256ビット公開鍵をエクスポートします。\ ref WC_IOTSAFE_ECC_IMPORT_PUBLIC「WC_IOTSAFE_ECC_IMPORT_PUBLIC」と同等のものは、2バイト以上のキーIDで呼び出すことができる点を除きます。
     \param key  エクスポートする鍵を含むecc_keyオブジェクト
     \param id  公開鍵が保存されるIOTセーフアプレットのキーIDへのポインタ
@@ -242,7 +242,7 @@ int wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id);
 int wc_iotsafe_ecc_import_public_ex(ecc_key *key, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビットキーをECC_KEYオブジェクトからIOTセーフアプレットに書き込み可能なプライベートキースロットにエクスポートします。
     \param key  エクスポートする鍵を含むecc_keyオブジェクト
     \param id  秘密鍵が保存されるIOTセーフアプレットのキーID
@@ -254,7 +254,7 @@ int wc_iotsafe_ecc_import_public_ex(ecc_key *key, byte *key_id, word16 id_size);
 int wc_iotsafe_ecc_export_private(ecc_key *key, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビットキーをECC_KEYオブジェクトからIOTセーフアプレットに書き込み可能なプライベートキースロットにエクスポートします。\ ref WC_IOTSAFE_ECC_EXPORT_PRIVATE「WC_IOTSAFE_ECC_EXPORT_PRIVATE」を除き、2バイト以上のキーIDを呼び出すことができる点を除き、
     \param key  エクスポートする鍵を含むecc_keyオブジェクト
     \param id  秘密鍵が保存されるIOTセーフアプレットのキーIDへのポインタ
@@ -267,7 +267,7 @@ int wc_iotsafe_ecc_export_private(ecc_key *key, byte key_id);
 int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  事前計算された256ビットハッシュに署名して、IOT-SAFEアプレットに、以前に保存されたプライベートキー、またはプリプロビジョニングされています。
     \param in  サインするメッセージハッシュを含むバッファへのポインタ
     \param inlen  署名するメッセージの長さ
@@ -282,7 +282,7 @@ int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size)
 int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  事前計算された256ビットハッシュに署名して、IOT-SAFEアプレットに、以前に保存されたプライベートキー、またはプリプロビジョニングされています。\ ref wc_iotsafe_ecc_sign_hash "wc_iotsafe_ecc_sign_hash"と同等です。ただし、2バイト以上のキーIDで呼び出すことができます。
     \param in  サインするメッセージハッシュを含むバッファへのポインタ
     \param inlen  署名するメッセージの長さ
@@ -298,7 +298,7 @@ int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen,
 int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outlen, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  予め計算された256ビットハッシュに対するECCシグネチャを、IOT-SAFEアプレット内のプリプロビジョニング、またはプロビジョニングされたプリプロビジョニングを使用します。結果はRESに書き込まれます。1が有効で、0が無効です。注：有効なテストに戻り値を使用しないでください。Resのみを使用してください。
     \return 0  成功すると（署名が無効であっても）
     \return <  故障の場合は0
@@ -313,7 +313,7 @@ int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outle
 int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  予め計算された256ビットハッシュに対するECCシグネチャを、IOT-SAFEアプレット内のプリプロビジョニング、またはプロビジョニングされたプリプロビジョニングを使用します。結果はRESに書き込まれます。1が有効で、0が無効です。注：有効なテストに戻り値を使用しないでください。Resのみを使用してください。\ ref WC_IOTSAFE_ECC_VERIFY_HASH "WC_IOTSAFE_ECC_VERIFY_HASH"を除き、2バイト以上のキーIDで呼び出すことができる点を除きます。
     \return 0  成功すると（署名が無効であっても）
     \return <  故障の場合は0
@@ -329,7 +329,7 @@ int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hash
 int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビットのキーペアを生成し、それを（書き込み可能な）スロットにIOTセーフなアプレットに保存します。
     \param key_id  ECCキーペアがIOTセーフアプレットに格納されているスロットのID。
     \return 0  成功すると
@@ -340,7 +340,7 @@ int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, word32 h
 int wc_iotsafe_ecc_gen_k(byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビットのキーペアを生成し、それを（書き込み可能な）スロットにIOTセーフなアプレットに保存します。\ ref wc_iotsafe_ecc_gen_k "wc_iotsafe_ecc_gen_k"と同等です。ただし、2バイト以上のキーIDで呼び出すことができます。
     \param key_id  ECCキーペアがIOTセーフアプレットに格納されているスロットのID。
     \param id_size  キーIDサイズ
diff --git a/doc/dox_comments/header_files-ja/logging.h b/doc/dox_comments/header_files-ja/logging.h
index 1f6a57233c..47b61417ee 100644
--- a/doc/dox_comments/header_files-ja/logging.h
+++ b/doc/dox_comments/header_files-ja/logging.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Logging 
+    \ingroup Logging
     \brief  この関数は、WolfSSLログメッセージを処理するために使用されるロギングコールバックを登録します。デフォルトでは、システムがIT fprintf（）をSTDERRにサポートしている場合は、この関数を使用することによって、ユーザーによって何でも実行できます。
     \return Success  成功した場合、この関数は0を返します。
     \return BAD_FUNC_ARG  関数ポインタが提供されていない場合に返されるエラーです。
@@ -24,7 +24,7 @@
 int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
 
 /*!
-    \ingroup Debug 
+    \ingroup Debug
     \brief  ビルド時にロギングが有効になっている場合、この関数は実行時にロギングをオンにします。ビルド時にログ記録を有効にするには--enable-debugまたはdebug_wolfsslを定義します。
     \return 0  成功すると。
     \return NOT_COMPILED_IN  このビルドに対してロギングが有効になっていない場合は返されるエラーです。
@@ -38,7 +38,7 @@ int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
 int  wolfSSL_Debugging_ON(void);
 
 /*!
-    \ingroup Debug 
+    \ingroup Debug
     \brief  この関数はランタイムロギングメッセージをオフにします。彼らがすでに消えている場合は、行動はとられません。
     \return none  いいえ返します。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/md2.h b/doc/dox_comments/header_files-ja/md2.h
index b96f504525..07d8545027 100644
--- a/doc/dox_comments/header_files-ja/md2.h
+++ b/doc/dox_comments/header_files-ja/md2.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  この関数はMD2を初期化します。これはWC_MD2HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -20,7 +20,7 @@
 void wc_InitMd2(Md2*);
 
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param md2  暗号化に使用するMD2構造へのポインタ
@@ -46,7 +46,7 @@ void wc_InitMd2(Md2*);
 void wc_Md2Update(Md2* md2, const byte* data, word32 len);
 
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。
     \return 0  ファイナライズに成功したときに返されます。
     \param md2  暗号化に使用するMD2構造へのポインタ
@@ -71,7 +71,7 @@ void wc_Md2Update(Md2* md2, const byte* data, word32 len);
 void wc_Md2Final(Md2* md2, byte* hash);
 
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  データを正常にハッシュしたときに返されます。
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
diff --git a/doc/dox_comments/header_files-ja/md4.h b/doc/dox_comments/header_files-ja/md4.h
index b7a2033301..be9e537ee3 100644
--- a/doc/dox_comments/header_files-ja/md4.h
+++ b/doc/dox_comments/header_files-ja/md4.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup MD4 
+    \ingroup MD4
     \brief  この関数はMD4を初期化します。これはWC_MD4HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -20,7 +20,7 @@
 void wc_InitMd4(Md4*);
 
 /*!
-    \ingroup MD4 
+    \ingroup MD4
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param md4  暗号化に使用するMD4構造へのポインタ
@@ -46,7 +46,7 @@ void wc_InitMd4(Md4*);
 void wc_Md4Update(Md4* md4, const byte* data, word32 len);
 
 /*!
-    \ingroup MD4 
+    \ingroup MD4
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。
     \return 0  ファイナライズに成功したときに返されます。
     \param md4  暗号化に使用するMD4構造へのポインタ
diff --git a/doc/dox_comments/header_files-ja/md5.h b/doc/dox_comments/header_files-ja/md5.h
index 68c9b6e5d9..78bdb8bd6e 100644
--- a/doc/dox_comments/header_files-ja/md5.h
+++ b/doc/dox_comments/header_files-ja/md5.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  この関数はMD5を初期化します。これはWC_MD5HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます。
     \return BAD_FUNC_ARG  MD5構造がNULL値として渡された場合に返されます。
@@ -28,7 +28,7 @@
 int wc_InitMd5(wc_Md5*);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \return BAD_FUNC_ARG  MD5構造がNULLの場合、またはデータがNULLで、LENがゼロより大きい場合に返されます。DATAパラメーターがNULLでLENがゼロの場合、関数はエラーを返してはいけません。
@@ -61,7 +61,7 @@ int wc_InitMd5(wc_Md5*);
 int wc_Md5Update(wc_Md5* md5, const byte* data, word32 len);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。MD5構造体がリセットされます。注：この関数は、habe_intel_qaが定義されている場合にintelqasymmd5（）を呼び出す結果も返します。
     \return 0  ファイナライズに成功したときに返されます。
     \return BAD_FUNC_ARG  MD5構造またはハッシュポインタがNULLで渡された場合に返されます。
@@ -93,7 +93,7 @@ int wc_Md5Update(wc_Md5* md5, const byte* data, word32 len);
 int wc_Md5Final(wc_Md5* md5, byte* hash);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  MD5構造をリセットします。注：これは、wolfssl_ti_hashが定義されている場合にのみサポートされています。
     \return none  いいえ返します。
     _Example_
@@ -118,7 +118,7 @@ int wc_Md5Final(wc_Md5* md5, byte* hash);
 void wc_Md5Free(wc_Md5*);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  ハッシュデータを取得します。結果はハッシュに入れられます。MD5構造はリセットされません。
     \return none  いいえリターン
     \param md5  暗号化に使用するMD5構造へのポインタ。
diff --git a/doc/dox_comments/header_files-ja/memory.h b/doc/dox_comments/header_files-ja/memory.h
index ecad955aba..e7e838f73b 100644
--- a/doc/dox_comments/header_files-ja/memory.h
+++ b/doc/dox_comments/header_files-ja/memory.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この関数はmalloc（）と似ていますが、WolfSSLが使用するように構成されているメモリ割り当て関数を呼び出します。デフォルトでは、WolfSSLはmalloc（）を使用します。これは、WolfSSLメモリ抽象化レイヤを使用して変更できます -  wolfssl_setAllocator（）を参照してください。注WOLFSSL_MALLOCは、WOLFSSLによって直接呼び出されませんが、代わりにMacro XMallocによって呼び出されます。デフォルトのビルドの場合、size引数のみが存在します。wolfssl_static_memoryビルドを使用する場合は、ヒープとタイプ引数が含まれます。
     \return pointer  成功した場合、この関数は割り当てられたメモリへのポインタを返します。
     \return error  エラーがある場合は、NULLが返されます。
@@ -19,7 +19,7 @@
 void* wolfSSL_Malloc(size_t size, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この関数はfree（）と似ていますが、WolfSSLが使用するように構成されているメモリフリー機能を呼び出します。デフォルトでは、WolfSSLはfree（）を使用します。これは、WolfSSLメモリ抽象化レイヤを使用して変更できます -  wolfssl_setAllocator（）を参照してください。注WOLFSSL_FREEはWOLFSSLによって直接呼び出されませんが、代わりにマクロXFreeによって呼び出されます。デフォルトのビルドの場合、PTR引数のみが存在します。wolfssl_static_memoryビルドを使用する場合は、ヒープとタイプ引数が含まれます。
     \return none  いいえ返します。
     \param ptr  解放されるメモリへのポインタ。
@@ -43,7 +43,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type);
 void  wolfSSL_Free(void *ptr, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この関数はREALLOC（）と似ていますが、WolfSSLが使用するように構成されているメモリ再割り当て機能を呼び出します。デフォルトでは、WolfSSLはRealLoc（）を使用します。これは、WolfSSLメモリ抽象化レイヤを使用して変更できます -  wolfssl_setAllocator（）を参照してください。注WOLFSSL_REALLOCはWOLFSSLによって直接呼び出されませんが、代わりにマクロXreallocによって呼び出されます。デフォルトのビルドの場合、size引数のみが存在します。wolfssl_static_memoryビルドを使用する場合は、ヒープとタイプ引数が含まれます。
     \return pointer  成功した場合、この関数はマイポイントを再割り当てするためのポインタを返します。これはPTRと同じポインタ、または新しいポインタの場所であり得る。
     \return Null  エラーがある場合は、NULLが返されます。
@@ -65,7 +65,7 @@ void  wolfSSL_Free(void *ptr, void* heap, int type);
 void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この機能は、WolfSSLが使用する割り当て関数を登録します。デフォルトでは、システムがそれをサポートしている場合、Malloc / FreeとRealLocが使用されます。この機能を使用すると、実行時にユーザーは独自のメモリハンドラをインストールできます。
     \return Success  成功した場合、この関数は0を返します。
     \return BAD_FUNC_ARG  関数ポインタが提供されていない場合に返されるエラーです。
@@ -101,7 +101,7 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
                                       wolfSSL_Realloc_cb);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この機能は、静的メモリ機能が使用されている場合（--enable-staticMemory）の場合に使用できます。メモリの「バケット」に最適なバッファサイズを示します。これにより、パーティション化された後に追加の未使用のメモリが終了しないように、バッファサイズを計算する方法が可能になります。返された値は、正の場合、使用するコンピュータのバッファサイズです。
     \return Success  バッファサイズ計算を正常に完了すると、正の値が返されます。この返された値は最適なバッファサイズです。
     \return Failure  すべての負の値はエラーの場合と見なされます。
@@ -124,7 +124,7 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
 int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この機能は、静的メモリ機能が使用されている場合（--enable-staticMemory）の場合に使用できます。メモリの各パーティションに必要なパディングのサイズを示します。このパディングサイズは、メモリアライメントのために追加のメモリ管理構造を含む必要があるサイズになります。
     \return On  正常なメモリパディング計算戻り値は正の値になります
     \return All  負の値はエラーケースと見なされます。
diff --git a/doc/dox_comments/header_files-ja/pem.h b/doc/dox_comments/header_files-ja/pem.h
index 3b322644e4..e94085e7dc 100644
--- a/doc/dox_comments/header_files-ja/pem.h
+++ b/doc/dox_comments/header_files-ja/pem.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  この関数は、PEM形式のwolfssl_bio構造体にキーを書き込みます。
     \return SSL_SUCCESS  成功すると。
     \return SSL_FAILURE  失敗すると。
diff --git a/doc/dox_comments/header_files-ja/pkcs7.h b/doc/dox_comments/header_files-ja/pkcs7.h
index 85d1b68cfa..924ae4f3f8 100644
--- a/doc/dox_comments/header_files-ja/pkcs7.h
+++ b/doc/dox_comments/header_files-ja/pkcs7.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数は、DERフォーマットの証明書を使用してPKCS7構造を初期化します。空のPKCS7構造を初期化するには、NULL CERTとCERTSZの場合は0を渡すことができます。
     \return 0  PKCS7構造の初期化に成功しました
     \return MEMORY_E  xmallocでメモリを割り当てるエラーがある場合
@@ -33,7 +33,7 @@
 int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数は、PKCS7の初期化装置によって割り当てられたメモリを解放します。
     \return none  いいえ返します。
     _Example_
@@ -48,7 +48,7 @@ int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
 void wc_PKCS7_Free(PKCS7* pkcs7);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数はPKCS7データコンテンツタイプを構築し、PKCS7構造をパーセル可能なPKCS7データパケットを含むバッファにエンコードします。
     \return Success  PKCS7データをバッファに正常にエンコードすると、PKCS7構造内の索引を返します。このインデックスは、出力バッファに書き込まれたバイトにも対応しています。
     \return BUFFER_E  指定されたバッファがエンコードされた証明書を保持するのに十分な大きさでない場合に返されます
@@ -81,7 +81,7 @@ int  wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
                                        word32 outputSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数はPKCS7署名付きデータコンテンツタイプを構築し、PKCS7構造をPARSable PKCS7署名付きデータパケットを含むバッファにエンコードします。
     \return Success  PKCS7データをバッファに正常にエンコードすると、PKCS7構造内の索引を返します。このインデックスは、出力バッファに書き込まれたバイトにも対応しています。
     \return BAD_FUNC_ARG  PKCS7構造が署名付きデータパケットを生成するための1つ以上の要求要素が欠落している場合に返されます。
@@ -135,9 +135,9 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
                                        byte* output, word32 outputSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数は、PKCS7の署名付きデータコンテンツタイプを構築し、PKCS7構造をエンコードし、Parsable PKCS7署名付きデータパケットを含むヘッダーおよびフッターバッファにエンコードします。これにはコンテンツは含まれません。ハッシュを計算してデータに提供する必要があります
-    \return 0=Success 
+    \return 0=Success
     \return BAD_FUNC_ARG  PKCS7構造が署名付きデータパケットを生成するための1つ以上の要求要素が欠落している場合に返されます。
     \return MEMORY_E  メモリの割り当て中にエラーが発生した場合に返されます
     \return PUBLIC_KEY_E  公開鍵の解析中にエラーがある場合
@@ -194,7 +194,7 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         &pkcs7HeadSz, pkcs7FootBuff, &pkcs7FootSz);
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -205,12 +205,12 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_VerifySignedData_ex
 */
-int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, 
+int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot,
     word32* outputFootSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数は、送信されたPKCS7の署名付きデータメッセージを取り、証明書リストと証明書失効リストを抽出してから署名を検証します。与えられたPKCS7構造に抽出されたコンテンツを格納します。
     \return 0  メッセージから情報を抽出することに成功しました
     \return BAD_FUNC_ARG  入力パラメータの1つが無効な場合は返されます
@@ -263,7 +263,7 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
 
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この機能は、送信されたPKCS7署名付きデータメッセージをHASH /ヘッダー/フッターとして取り出してから、証明書リストと証明書失効リストを抽出してから、署名を検証します。与えられたPKCS7構造に抽出されたコンテンツを格納します。
     \return 0  メッセージから情報を抽出することに成功しました
     \return BAD_FUNC_ARG  入力パラメータの1つが無効な場合は返されます
@@ -321,7 +321,7 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         sizeof(pkcs7HeadBuff), pkcs7FootBuff, sizeof(pkcs7FootBuff));
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -332,12 +332,12 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_EncodeSignedData_ex
 */
-int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, 
+int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
     word32 pkiMsgFootSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数は、PKCS7構造を編集し、PKCS7構造を符号化し、Parsable PKCS7エンベロープデータパケットを含むバッファに編集します。
     \return Success  エンベロープデータ形式でメッセージを正常にエンコードする上で返信され、出力バッファに書き込まれたサイズを返します。
     \return BAD_FUNC_ARG:  入力パラメータの1つが無効な場合、またはPKCS7構造が必要な要素を欠落している場合
@@ -376,7 +376,7 @@ int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数はPKCS7エンベロープデータコンテンツタイプをアントラップして復号化し、メッセージを出力にデコードします。渡されたPKCS7オブジェクトの秘密鍵を使用してメッセージを復号化します。
     \return On  メッセージから情報を抽出するには、出力に書き込まれたバイト数を返します。
     \return BAD_FUNC_ARG  入力パラメータの1つが無効な場合は返されます
diff --git a/doc/dox_comments/header_files-ja/poly1305.h b/doc/dox_comments/header_files-ja/poly1305.h
index e7af5fbf2f..905a30025d 100644
--- a/doc/dox_comments/header_files-ja/poly1305.h
+++ b/doc/dox_comments/header_files-ja/poly1305.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  この関数は、Poly1305コンテキスト構造のキーを設定し、ハッシュに初期化します。注：セキュリティを確保するために、WC_POLY1305FINALでメッセージハッシュを生成した後に新しいキーを設定する必要があります。
     \return 0  キーを正常に設定し、Poly1305構造の初期化
     \return BAD_FUNC_ARG  与えられたキーが32バイトの長さでない場合、またはPoly1305コンテキストがNULLの場合
@@ -18,7 +18,7 @@ int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key,
                                   word32 kySz);
 
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  この関数は、Poly1305構造を持つハッシュにメッセージを更新します。
     \return 0  ハッシュへのメッセージの更新に成功しました
     \return BAD_FUNC_ARG  Poly1305構造がNULLの場合に返されます
@@ -42,7 +42,7 @@ int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key,
 int wc_Poly1305Update(Poly1305* poly1305, const byte* m, word32 bytes);
 
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  この関数は入力メッセージのハッシュを計算し、結果をMACに格納します。この後、キーをリセットする必要があります。
     \return 0  最後のMacの計算に成功した
     \return BAD_FUNC_ARG  Poly1305構造がNULLの場合に返されます
@@ -68,7 +68,7 @@ int wc_Poly1305Update(Poly1305* poly1305, const byte* m, word32 bytes);
 int wc_Poly1305Final(Poly1305* poly1305, byte* tag);
 
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  鍵がロードされ、最近のTLS AEADパディング方式を使用してMAC（タグ）を作成する初期化されたPoly1305構造体を取ります。
     \return 0  成功
     \return BAD_FUNC_ARG  CTX、INPUT、またはTAGがNULLの場合、または追加がNULLで、ADDSZが0より大きい場合、またはTAGSZがWC_POLY1305_MAC_SZより小さい場合に返されます。
diff --git a/doc/dox_comments/header_files-ja/psa.h b/doc/dox_comments/header_files-ja/psa.h
index fed655db96..15c359b84e 100644
--- a/doc/dox_comments/header_files-ja/psa.h
+++ b/doc/dox_comments/header_files-ja/psa.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  この関数は、与えられたコンテキストでのPSAサポートを可能にします。
     \param ctx  PSAサポートを有効にする必要があるWOLFSSL_CTXオブジェクトへのポインタ
     \return WOLFSSL_SUCCESS  成功した
@@ -19,7 +19,7 @@
 int wolfSSL_CTX_psa_enable(WOLFSSL_CTX *ctx);
 
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  与えられたSSLセッションのPSAコンテキストを設定する機能
     \param ssl  CTXが有効になるWolfSSLへのポインタ
     \param ctx  Struct PSA_SSL_CTXへのポインタ（SSLセッションに固有である必要があります）
@@ -41,14 +41,14 @@ int wolfSSL_CTX_psa_enable(WOLFSSL_CTX *ctx);
 int wolfSSL_set_psa_ctx(WOLFSSL *ssl, struct psa_ssl_ctx *ctx);
 
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  この関数はPSAコンテキストによって使用されるリソースを解放します
     \sa wolfSSL_set_psa_ctx
 */
 void wolfSSL_free_psa_ctx(struct psa_ssl_ctx *ctx);
 
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  この関数は、SSLセッションによって使用される秘密鍵を設定します
     \param ctx  構造体PSA_SSL_CTXへのポインタ
     _Example_
diff --git a/doc/dox_comments/header_files-ja/random.h b/doc/dox_comments/header_files-ja/random.h
index b513d6d5d7..3720147087 100644
--- a/doc/dox_comments/header_files-ja/random.h
+++ b/doc/dox_comments/header_files-ja/random.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  Init Global WhiteWood Netrandomのコンテキスト
     \return 0  成功
     \return BAD_FUNC_ARG  configfileがnullまたはタイムアウトのどちらかが否定的です。
@@ -21,7 +21,7 @@
 int  wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  無料のGlobal WhiteWood Netrandomコンテキスト。
     \return 0  成功
     \return BAD_MUTEX_E  Wnr_Mutexでミューテックスをロックするエラー
@@ -38,7 +38,7 @@ int  wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
 int  wc_FreeNetRandom(void);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  RNGのシード（OSから）とキー暗号を取得します。割り当てられたRNG-> DRBG（決定論的ランダムビットジェネレータ）が割り当てられます（WC_FREERNGで割り当てられている必要があります）。これはブロッキング操作です。
     \return 0  成功しています。
     \return MEMORY_E  XMallocに失敗しました
@@ -74,7 +74,7 @@ int  wc_FreeNetRandom(void);
 int  wc_InitRng(WC_RNG*);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  疑似ランダムデータのSZバイトを出力にコピーします。必要に応じてRNG（ブロッキング）します。
     \return 0  成功した
     \return BAD_FUNC_ARG  入力はNULLまたはSZがMAX_REQUEST_LENを超えています
@@ -106,7 +106,7 @@ int  wc_InitRng(WC_RNG*);
 int  wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  新しいWC_RNG構造を作成します。
     \return WC_RNG  成功の構造
     \return NULL  誤りに
@@ -130,7 +130,7 @@ int  wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz);
 WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap)
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  wc_rng_generateBlockを呼び出して、疑似ランダムデータのバイトをbにコピーします。必要に応じてRNGが再販されます。
     \return 0  成功した
     \return BAD_FUNC_ARG  入力はNULLまたはSZがMAX_REQUEST_LENを超えています
@@ -162,7 +162,7 @@ WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap)
 int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  RNGがDRGBを安全に解放するために必要なときに呼び出されるべきです。ゼロとXfrees RNG-DRBG。
     \return 0  成功した
     \return BAD_FUNC_ARG  RNGまたはRNG-> DRGB NULL
@@ -189,7 +189,7 @@ int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
 int  wc_FreeRng(WC_RNG*);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  RNGを安全に自由に解放するためにRNGが不要になったときに呼び出されるべきです。
     _Example_
     \code
@@ -212,7 +212,7 @@ int  wc_FreeRng(WC_RNG*);
 WC_RNG* wc_rng_free(WC_RNG* rng);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  DRBGの機能を作成しテストします。
     \return 0  成功した
     \return BAD_FUNC_ARG  ELTOPYAと出力はNULLにしないでください。Reseed Set EntropybがNULLでなければならない場合
diff --git a/doc/dox_comments/header_files-ja/ripemd.h b/doc/dox_comments/header_files-ja/ripemd.h
index 478171afe3..73f4e4402a 100644
--- a/doc/dox_comments/header_files-ja/ripemd.h
+++ b/doc/dox_comments/header_files-ja/ripemd.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup RIPEMD 
+    \ingroup RIPEMD
     \brief  この関数は、RIPemdのダイジェスト、バッファ、LOLEN ,HILENを初期化することによってRIPemd構造を初期化します。
     \return 0  機能の実行に成功したことに戻ります。RIPEMD構造が初期化されます。
     \return BAD_FUNC_ARG  RIPEMD構造がNULLの場合に返されます。
@@ -18,7 +18,7 @@
 int wc_InitRipeMd(RipeMd*);
 
 /*!
-    \ingroup RIPEMD 
+    \ingroup RIPEMD
     \brief  この関数はデータ入力のRIPemdダイジェストを生成し、結果をRIPemd-> Digestバッファに格納します。WC_RIPEMDUPDATEを実行した後、生成されたRIPemd-> Digestを既知の認証タグに比較してメッセージの信頼性を比較する必要があります。
     \return 0  機能の実行に成功したことに戻ります。
     \return BAD_FUNC_ARG  RIPEMD構造がNULLの場合、またはデータがNULLで、LENがゼロでない場合に返されます。データがNULLであり、LENが0の場合、この関数は実行されるはずです。
@@ -42,7 +42,7 @@ int wc_InitRipeMd(RipeMd*);
 int wc_RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len);
 
 /*!
-    \ingroup RIPEMD 
+    \ingroup RIPEMD
     \brief  この関数は計算されたダイジェストをハッシュにコピーします。無傷のブロックがある場合、この方法ではブロックを0Sでパッケージし、ハッシュにコピーする前にそのブロックのラウンドをダイジェストに含めます。RIPEMDの状態がリセットされます。
     \return 0  機能の実行に成功したことに戻ります。RIPEMD構造の状態がリセットされました。
     \return BAD_FUNC_ARG  RIPEMD構造体またはハッシュパラメータがNULLの場合に返されます。
diff --git a/doc/dox_comments/header_files-ja/sha.h b/doc/dox_comments/header_files-ja/sha.h
index be7e24aada..ce199690e8 100644
--- a/doc/dox_comments/header_files-ja/sha.h
+++ b/doc/dox_comments/header_files-ja/sha.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  この関数はSHAを初期化します。これは自動的にWC_Shahashによって呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -20,7 +20,7 @@
 int wc_InitSha(wc_Sha*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param sha  暗号化に使用するSHA構造へのポインタ
@@ -46,7 +46,7 @@ int wc_InitSha(wc_Sha*);
 int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。SHA構造体の状態をリセットします。
     \return 0  ファイナライズに成功したときに返されます。
     \param sha  暗号化に使用するSHA構造へのポインタ
@@ -71,7 +71,7 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len);
 int wc_ShaFinal(wc_Sha* sha, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  初期化されたSHA構造体によって使用されるメモリをクリーンアップするために使用されます。注：これは、wolfssl_ti_hashが定義されている場合にのみサポートされています。
     \return No  戻り値。
     _Example_
@@ -88,7 +88,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash);
 void wc_ShaFree(wc_Sha*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  ハッシュデータを取得します。結果はハッシュに入れられます。SHA構造体の状態をリセットしません。
     \return 0  ファイナライズに成功したときに返されます。
     \param sha  暗号化に使用するSHA構造へのポインタ
diff --git a/doc/dox_comments/header_files-ja/sha256.h b/doc/dox_comments/header_files-ja/sha256.h
index a717ee8681..6cedcec1e9 100644
--- a/doc/dox_comments/header_files-ja/sha256.h
+++ b/doc/dox_comments/header_files-ja/sha256.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  この関数はSHA256を初期化します。これはWC_SHA256HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -20,7 +20,7 @@
 int wc_InitSha256(wc_Sha256*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param sha256  暗号化に使用するSHA256構造へのポインタ
@@ -46,7 +46,7 @@ int wc_InitSha256(wc_Sha256*);
 int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。SHA256構造体の状態をリセットします。
     \return 0  ファイナライズに成功したときに返されます。
     \param sha256  暗号化に使用するSHA256構造へのポインタ
@@ -71,7 +71,7 @@ int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len);
 int wc_Sha256Final(wc_Sha256* sha256, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  SHA256構造をリセットします。注：これは、wolfssl_ti_hashが定義されている場合にのみサポートされています。
     \return none  いいえ返します。
     _Example_
@@ -96,7 +96,7 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash);
 void wc_Sha256Free(wc_Sha256*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  ハッシュデータを取得します。結果はハッシュに入れられます。SHA256構造体の状態をリセットしません。
     \return 0  ファイナライズに成功したときに返されます。
     \param sha256  暗号化に使用するSHA256構造へのポインタ
@@ -118,7 +118,7 @@ void wc_Sha256Free(wc_Sha256*);
 int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  SHA224構造を初期化するために使用されます。
     \return 0  成功
     \return 1  SHA224がNULLなので、エラーが返されました。
@@ -137,7 +137,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash);
 int wc_InitSha224(wc_Sha224*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  成功
     \return 1  関数が失敗した場合はエラーが返されます。
@@ -165,7 +165,7 @@ int wc_InitSha224(wc_Sha224*);
 int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。SHA224構造体の状態をリセットします。
     \return 0  成功
     \return <0  エラー
diff --git a/doc/dox_comments/header_files-ja/sha512.h b/doc/dox_comments/header_files-ja/sha512.h
index 50af2373aa..6d8a835d30 100644
--- a/doc/dox_comments/header_files-ja/sha512.h
+++ b/doc/dox_comments/header_files-ja/sha512.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  この関数はSHA512を初期化します。これはWC_SHA512HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -20,7 +20,7 @@
 int wc_InitSha512(wc_Sha512*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param sha512  暗号化に使用するSHA512構造へのポインタ
@@ -46,7 +46,7 @@ int wc_InitSha512(wc_Sha512*);
 int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。
     \return 0  ハッシュを確定するとうまく返されました。
     \param sha512  暗号化に使用するSHA512構造へのポインタ
@@ -71,7 +71,7 @@ int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len);
 int wc_Sha512Final(wc_Sha512* sha512, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  この関数はSHA384を初期化します。これはWC_SHA384HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -92,7 +92,7 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash);
 int wc_InitSha384(wc_Sha384*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param sha384  暗号化に使用するSHA384構造へのポインタ
@@ -118,7 +118,7 @@ int wc_InitSha384(wc_Sha384*);
 int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。
     \return 0  ファイナライズに成功したときに返されます。
     \param sha384  暗号化に使用するSHA384構造へのポインタ
diff --git a/doc/dox_comments/header_files-ja/signature.h b/doc/dox_comments/header_files-ja/signature.h
index b9c1a3c511..1017faf86b 100644
--- a/doc/dox_comments/header_files-ja/signature.h
+++ b/doc/dox_comments/header_files-ja/signature.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Signature 
+    \ingroup Signature
     \brief  この関数は、結果のシグネチャの最大サイズを返します。
     \return Returns  sig_type_e sig_typeがサポートされていない場合sig_typeが無効な場合はbad_func_argを返します。正の戻り値は、署名の最大サイズを示します。
     \param sig_type  wc_signature_type_eccまたはwc_signature_type_rsaなどの署名型列挙型値。
@@ -24,7 +24,7 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
     const void* key, word32 key_len);
 
 /*!
-    \ingroup Signature 
+    \ingroup Signature
     \brief  この関数は、データをハッシュし、結果のハッシュとキーを使用して署名を使用して署名を使用して署名を検証します。
     \return 0  成功
     \return SIG_TYPE_E  -231、署名タイプが有効/利用可能です
@@ -65,7 +65,7 @@ int wc_SignatureVerify(
     const void* key, word32 key_len);
 
 /*!
-    \ingroup Signature 
+    \ingroup Signature
     \brief  この関数は、キーを使用してデータから署名を生成します。まずデータのハッシュを作成し、キーを使用してハッシュに署名します。
     \return 0  成功
     \return SIG_TYPE_E  -231、署名タイプが有効/利用可能です
diff --git a/doc/dox_comments/header_files-ja/siphash.h b/doc/dox_comments/header_files-ja/siphash.h
index 2027a611ba..59cccf7765 100644
--- a/doc/dox_comments/header_files-ja/siphash.h
+++ b/doc/dox_comments/header_files-ja/siphash.h
@@ -1,6 +1,6 @@
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  この関数は、MacサイズのキーでSiphashを初期化します。
     \return 0  初期化に成功したときに返されます
     \return BAD_FUNC_ARG  SiphashまたはキーがNULLのときに返されます
@@ -31,7 +31,7 @@ int wc_InitSipHash(SipHash* siphash, const unsigned char* key,
     unsigned char outSz);
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  Macにデータを追加したら、返されます
     \return BAD_FUNC_ARG  Siphashがnullのとき返されました
@@ -62,7 +62,7 @@ int wc_SipHashUpdate(SipHash* siphash, const unsigned char* in,
     word32 inSz);
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  データのMacingを確定します。結果が出入りする。
     \return 0  ファイナライズに成功したときに返されます。
     \return BAD_FUNC_ARG  SiphashのOUTがNULLのときに返されます
@@ -93,7 +93,7 @@ int wc_SipHashFinal(SipHash* siphash, unsigned char* out,
     unsigned char outSz);
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  この機能はSiphashを使用してデータを1ショットして、キーに基づいてMACを計算します。
     \return 0  Macingに成功したときに返されました
     \return BAD_FUNC_ARG  キーまたはOUTがNULLのときに返されます
diff --git a/doc/dox_comments/header_files-ja/ssl.h b/doc/dox_comments/header_files-ja/ssl.h
index 5efe2b62f0..e3b55c7f3d 100644
--- a/doc/dox_comments/header_files-ja/ssl.h
+++ b/doc/dox_comments/header_files-ja/ssl.h
@@ -2464,9 +2464,9 @@ int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
     \ingroup Setup
     \brief  この関数はSSLセッションキャッシュ機能を有効または無効にします。
     動作はモードに使用される値によって異なります。
-    モードの値は次のとおりです：  
-    SSL_SESS_CACHE_OFF  - セッションキャッシングを無効にします。デフォルトでセッションキャッシングがオンになっています。  
-    SSL_SESS_CACHE_NO_AUTO_CLEAR  - セッションキャッシュのオートフラッシュを無効にします。デフォルトで自動フラッシングはオンになっています。  
+    モードの値は次のとおりです：
+    SSL_SESS_CACHE_OFF  - セッションキャッシングを無効にします。デフォルトでセッションキャッシングがオンになっています。
+    SSL_SESS_CACHE_NO_AUTO_CLEAR  - セッションキャッシュのオートフラッシュを無効にします。デフォルトで自動フラッシングはオンになっています。
 
     \return SSL_SUCCESS  成功に戻ります。
     \param ctx  wolfSSL_CTX_new()で作成されたSSLコンテキストへのポインタ。
@@ -10877,7 +10877,7 @@ WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap);
 WOLFSSL_METHOD *wolfTLSv1_3_method(void);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  この関数はクライアント側で呼び出される場合には、サーバー側にCertificateメッセージで送信できる証明書タイプを設定します。
  サーバー側で呼び出される場合には、受入れ可能なクライアント証明書タイプを設定します。
  Raw Public Key 証明書を送受信したい場合にはこの関数を使って証明書タイプを設定しなければなりません。
@@ -10910,7 +10910,7 @@ WOLFSSL_METHOD *wolfTLSv1_3_method(void);
 int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  この関数はサーバー側で呼び出される場合には、クライアント側にCertificateメッセージで送信できる証明書タイプを設定します。
  クライアント側で呼び出される場合には、受入れ可能なサーバー証明書タイプを設定します。
  Raw Public Key 証明書を送受信したい場合にはこの関数を使って証明書タイプを設定しなければなりません。
@@ -10944,7 +10944,7 @@ int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len)
 int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  この関数はクライアント側で呼び出される場合には、サーバー側にCertificateメッセージで送信できる証明書タイプを設定します。
  サーバー側で呼び出される場合には、受入れ可能なクライアント証明書タイプを設定します。
  Raw Public Key 証明書を送受信したい場合にはこの関数を使って証明書タイプを設定しなければなりません。
@@ -10978,7 +10978,7 @@ int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len)
 int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  この関数はサーバー側で呼び出される場合には、クライアント側にCertificateメッセージで送信できる証明書タイプを設定します。
  クライアント側で呼び出される場合には、受入れ可能なサーバー証明書タイプを設定します。
  Raw Public Key 証明書を送受信したい場合にはこの関数を使って証明書タイプを設定しなければなりません。
@@ -11012,7 +11012,7 @@ int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
 int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
 
 /*!
- \ingroup SSL 
+ \ingroup SSL
  \brief  この関数はハンドシェーク終了後に呼び出し、相手とのネゴシエーションの結果得られたクライアント証明書のタイプを返します。
  ネゴシエーションが発生しない場合には戻り値としてWOLFSSL_SUCCESSが返されますが、
  証明書タイプとしてはWOLFSSL_CERT_TYPE_UNKNOWNが返されます。
@@ -11040,7 +11040,7 @@ int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
 int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp);
 
 /*!
- \ingroup SSL 
+ \ingroup SSL
  \brief  この関数はハンドシェーク終了後に呼び出し、相手とのネゴシエーションの結果得られたサーバー証明書のタイプを返します。
  ネゴシエーションが発生しない場合には戻り値としてWOLFSSL_SUCCESSが返されますが、証明書タイプとしてはWOLFSSL_CERT_TYPE_UNKNOWNが返されます。
  \return WOLFSSL_SUCCESS 成功時にかえります。tpに返された証明書タイプはWOLFSSL_CERT_TYPE_X509,
@@ -11213,7 +11213,7 @@ int wolfSSL_dtls_cid_is_enabled(WOLFSSL* ssl);
 
  \brief このコネクションで他のピアに対してレコードを送信するためのコネクションIDをセットします。
  RFC9146とRFC9147を参照してください。コネクションIDは最大値がDTLS_CID_MAX_SIZEでなければなりません。
- DTLS_CID_MAX_SIZEはビルド時に値を指定が可能ですが255バイトをこえることはできません。 
+ DTLS_CID_MAX_SIZEはビルド時に値を指定が可能ですが255バイトをこえることはできません。
 
 
  \return WOLFSSL_SUCCESS コネクションIDがセットできた場合に返されます。それ以外はエラーコードが返されます。
diff --git a/doc/dox_comments/header_files-ja/tfm.h b/doc/dox_comments/header_files-ja/tfm.h
index 94facaf380..63412d026e 100644
--- a/doc/dox_comments/header_files-ja/tfm.h
+++ b/doc/dox_comments/header_files-ja/tfm.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Math 
+    \ingroup Math
     \brief  この関数は、整数の最大サイズのランタイムFastMath設定をチェックします。FP_SIZEが正しく機能するために、FP_SIZEが各ライブラリーに一致しなければならないため、ユーザーがWolfCryptライブラリを独立して使用している場合に重要です。このチェックはCheckFastMathSettings（）として定義されています。これは、CheckRuntimeFastMathとFP_SIZEを比較するだけで、ミスマッチがある場合は0を返します。
     \return FP_SIZE  数学ライブラリで利用可能な最大サイズに対応するFP_SIZEを返します。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/types.h b/doc/dox_comments/header_files-ja/types.h
index 1988f06f36..b8f64b5892 100644
--- a/doc/dox_comments/header_files-ja/types.h
+++ b/doc/dox_comments/header_files-ja/types.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  これは実際には関数ではなく、むしろプリプロセッサマクロであり、ユーザーは自分のMalloc、Realloc、および標準のCメモリ関数の代わりに自由な関数に置き換えることができます。外部メモリ機能を使用するには、xmalloc_userを定義します。これにより、メモリ機能をフォームの外部関数に置き換えます.extern void * xmalloc（size_t n、void * heap、int型）; extern void * XrealLoc（void * p、size_t n、void *ヒープ、int型）。 extern void xfree（void * p、void * heap、int型）; wolfssl_malloc、wolfssl_realloc、wolfssl_freeの代わりに基本的なCメモリ機能を使用するには、NO_WOLFSSL_MEMORYを定義します。これにより、メモリ関数が次のものに置き換えられます。#define Xmalloc（s、h、t）（（void）h、（void）t、malloc（（s）））#define xfree（p、h、t）{void * xp =（p）; if（（xp））free（（xp））; #define xrealloc（p、n、h、t）Realloc（（p）、（n））これらのオプションのどれも選択されていない場合、システムはデフォルトで使用されます。 WolfSSLメモリ機能ユーザーはコールバックフックを介してカスタムメモリ機能を設定できます（Wolfssl_Malloc、WolfSSL_Realloc、wolfssl_freeを参照）。このオプションは、メモリ関数を次のものに置き換えます。#define xmalloc（s、h、t）（（void）H、（Void）T、wolfssl_malloc（（s）））#define xfree（p、h、t）{void * XP =（P）; if（（xp））wolfssl_free（（xp））; #define xrealloc（p、n、h、t）wolfssl_realloc（（p）、（n））
     \return pointer  成功したメモリへのポインタを返します
 	\return NULL  失敗した
@@ -21,7 +21,7 @@
 void* XMALLOC(size_t n, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  これは実際には関数ではなく、むしろプリプロセッサマクロであり、ユーザーは自分のMalloc、Realloc、および標準のCメモリ関数の代わりに自由な関数に置き換えることができます。外部メモリ機能を使用するには、xmalloc_userを定義します。これにより、メモリ機能をフォームの外部関数に置き換えます.extern void * xmalloc（size_t n、void * heap、int型）; extern void * XrealLoc（void * p、size_t n、void *ヒープ、int型）。 extern void xfree（void * p、void * heap、int型）; wolfssl_malloc、wolfssl_realloc、wolfssl_freeの代わりに基本的なCメモリ機能を使用するには、NO_WOLFSSL_MEMORYを定義します。これにより、メモリ関数が次のものに置き換えられます。#define Xmalloc（s、h、t）（（void）h、（void）t、malloc（（s）））#define xfree（p、h、t）{void * xp =（p）; if（（xp））free（（xp））; #define xrealloc（p、n、h、t）Realloc（（p）、（n））これらのオプションのどれも選択されていない場合、システムはデフォルトで使用されます。 WolfSSLメモリ機能ユーザーはコールバックフックを介してカスタムメモリ機能を設定できます（Wolfssl_Malloc、WolfSSL_Realloc、wolfssl_freeを参照）。このオプションは、メモリ関数を次のものに置き換えます。#define xmalloc（s、h、t）（（void）H、（Void）T、wolfssl_malloc（（s）））#define xfree（p、h、t）{void * XP =（P）; if（（xp））wolfssl_free（（xp））; #define xrealloc（p、n、h、t）wolfssl_realloc（（p）、（n））
     \return Return  成功したメモリを割り当てるポインタ
 	\return NULL  失敗した
@@ -42,7 +42,7 @@ void* XMALLOC(size_t n, void* heap, int type);
 void* XREALLOC(void *p, size_t n, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  これは実際には関数ではなく、むしろプリプロセッサマクロであり、ユーザーは自分のMalloc、Realloc、および標準のCメモリ関数の代わりに自由な関数に置き換えることができます。外部メモリ機能を使用するには、xmalloc_userを定義します。これにより、メモリ機能をフォームの外部関数に置き換えます.extern void * xmalloc（size_t n、void * heap、int型）; extern void * XrealLoc（void * p、size_t n、void *ヒープ、int型）。 extern void xfree（void * p、void * heap、int型）; wolfssl_malloc、wolfssl_realloc、wolfssl_freeの代わりに基本的なCメモリ機能を使用するには、NO_WOLFSSL_MEMORYを定義します。これにより、メモリ関数が次のものに置き換えられます。#define Xmalloc（s、h、t）（（void）h、（void）t、malloc（（s）））#define xfree（p、h、t）{void * xp =（p）; if（（xp））free（（xp））; #define xrealloc（p、n、h、t）Realloc（（p）、（n））これらのオプションのどれも選択されていない場合、システムはデフォルトで使用されます。 WolfSSLメモリ機能ユーザーはコールバックフックを介してカスタムメモリ機能を設定できます（Wolfssl_Malloc、WolfSSL_Realloc、wolfssl_freeを参照）。このオプションは、メモリ関数を次のものに置き換えます。#define xmalloc（s、h、t）（（void）H、（Void）T、wolfssl_malloc（（s）））#define xfree（p、h、t）{void * XP =（P）; if（（xp））wolfssl_free（（xp））; #define xrealloc（p、n、h、t）wolfssl_realloc（（p）、（n））
     \return none  いいえ返します。
     \param p  無料のアドレスへのポインタ
@@ -63,7 +63,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type);
 void XFREE(void *p, void* heap, int type);
 
 /*!
-    \ingroup Math 
+    \ingroup Math
     \brief  この関数はコンパイル時クラスの設定をチェックします。設定が正しく機能するためのライブラリ間のライブラリ間で一致する必要があるため、ユーザーがWolfCryptライブラリを独立して使用している場合は重要です。このチェックはCheckCtcSettings（）として定義されています。これは、CheckRuntimeSettingsとCTC_Settingsを比較するだけで、ミスマッチがある場合は0、または1が一致した場合は1を返します。
     \return settings  実行時CTC_SETTINGS（コンパイル時設定）を返します。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/wc_encrypt.h b/doc/dox_comments/header_files-ja/wc_encrypt.h
index 2f0f230aff..e209928b27 100644
--- a/doc/dox_comments/header_files-ja/wc_encrypt.h
+++ b/doc/dox_comments/header_files-ja/wc_encrypt.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup AES 
+    \ingroup AES
     \brief  入力バッファーから暗号を復号化し、AESでCipher Block Chainingを使用して出力バッファに出力バッファーに入れます。この関数は、AES構造を初期化する必要はありません。代わりに、キーとIV（初期化ベクトル）を取り、これらを使用してAESオブジェクトを初期化してから暗号テキストを復号化します。
     \return 0  メッセージの復号化に成功しました
     \return BAD_ALIGN_E  ブロック整列エラーに戻りました
@@ -33,7 +33,7 @@ int  wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
                                          const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力暗号文を復号化し、結果の平文を出力バッファーに出力します。暗号ブロックチェーンチェーン（CBC）モードでDES暗号化を使用します。この関数は、wc_des_cbcdecryptの代わりに、ユーザーがDES構造体を直接インスタンス化せずにメッセージを復号化できるようにします。
     \return 0  与えられた暗号文を正常に復号化したときに返されました
     \return MEMORY_E  DES構造体の割り当てスペースが割り当てられている場合に返された
@@ -62,7 +62,7 @@ int  wc_Des_CbcDecryptWithKey(byte* out,
                                           const byte* key, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力平文を暗号化し、結果の暗号文を出力バッファーに出力します。暗号ブロックチェーンチェーン（CBC）モードでDES暗号化を使用します。この関数は、WC_DES_CBCENCRYPTの代わりになり、ユーザーがDES構造を直接インスタンス化せずにメッセージを暗号化できます。
     \return 0  データの暗号化に成功した後に返されます。
     \return MEMORY_E  DES構造体にメモリを割り当てるエラーがある場合は返されます。
@@ -90,7 +90,7 @@ int  wc_Des_CbcEncryptWithKey(byte* out,
                                           const byte* key, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力平文を暗号化し、結果の暗号文を出力バッファーに出力します。暗号ブロックチェーン（CBC）モードでトリプルDES（3DES）暗号化を使用します。この関数は、WC_DES3_CBCENCRYPTの代わりになり、ユーザーがDES3構造を直接インスタンス化せずにメッセージを暗号化できます。
     \return 0  データの暗号化に成功した後に返されます。
     \return MEMORY_E  DES構造体にメモリを割り当てるエラーがある場合は返されます。
@@ -121,7 +121,7 @@ int  wc_Des3_CbcEncryptWithKey(byte* out,
                                            const byte* key, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力暗号文を復号化し、結果の平文を出力バッファーに出力します。暗号ブロックチェーン（CBC）モードでトリプルDES（3DES）暗号化を使用します。この関数は、wc_des3_cbcdecryptの代わりに、ユーザーがDES3構造を直接インスタンス化せずにメッセージを復号化できるようにします。
     \return 0  与えられた暗号文を正常に復号化したときに返されました
     \return MEMORY_E  DES構造体の割り当てスペースが割り当てられている場合に返された
diff --git a/doc/dox_comments/header_files-ja/wc_port.h b/doc/dox_comments/header_files-ja/wc_port.h
index 9a725cdca8..9d0c370c61 100644
--- a/doc/dox_comments/header_files-ja/wc_port.h
+++ b/doc/dox_comments/header_files-ja/wc_port.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  WolfCryptによって使用されるリソースを初期化するために使用されます。
     \return 0  成功すると。
     \return <0  initリソースが失敗すると。
@@ -15,7 +15,7 @@
 int wolfCrypt_Init(void);
 
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  WolfCryptによって使用されるリソースをクリーンアップするために使用されます。
     \return 0  成功すると。
     \return <0  リソースのクリーンアップが失敗したとき。
diff --git a/doc/dox_comments/header_files-ja/wolfio.h b/doc/dox_comments/header_files-ja/wolfio.h
index 65e0a5cc3f..135af87aab 100644
--- a/doc/dox_comments/header_files-ja/wolfio.h
+++ b/doc/dox_comments/header_files-ja/wolfio.h
@@ -1,5 +1,5 @@
 /*!
-    \brief  
+    \brief
     \return Success  この関数は、読み取られたバイト数を返します。
     \return WOLFSSL_CBIO_ERR_WANT_READ  最後のエラーがsocket_ewouldbolcokまたはsocket_eagainであれば、メッセージを返されます。
     \return WOLFSSL_CBIO_ERR_TIMEOUT  "Socket Timeout"メッセージを返しました。
@@ -30,7 +30,7 @@
 int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 /*!
-    \brief  
+    \brief
     \return Success  この関数は送信されたバイト数を返します。
     \return WOLFSSL_CBIO_ERR_WANT_WRITE  最後のエラーがsocket_ewouldblockまたはsocket_eagainであれば、 "Block"メッセージを返します。
     \return WOLFSSL_CBIO_ERR_CONN_RST  最後のエラーがsocket_econnresetの場合、 "Connection Reset"メッセージで返されます。
@@ -58,7 +58,7 @@ int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 /*!
-    \brief  
+    \brief
     \return Success  この関数は、実行が成功した場合に読み込まれたNBバイトを返します。
     \return WOLFSSL_CBIO_ERR_WANT_READ  接続が拒否された場合、または「ブロック」エラーが発生した場合は機能にスローされました。
     \return WOLFSSL_CBIO_ERR_TIMEOUT  ソケットがタイムアウトした場合は返されます。
@@ -89,7 +89,7 @@ int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
 
 /*!
-    \brief  
+    \brief
     \return Success  この関数は送信されたバイト数を返します。
     \return WOLFSSL_CBIO_ERR_WANT_WRITE  最後のエラーがsocket_ewouldblockまたはsocket_eagainエラーの場合、 "Block"メッセージを返します。
     \return WOLFSSL_CBIO_ERR_CONN_RST  最後のエラーがsocket_econnresetの場合、 "Connection Reset"メッセージで返されます。
@@ -119,7 +119,7 @@ int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
 int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 /*!
-    \brief  
+    \brief
     \return Success  この関数は、バッファにコピーされたバイト数を返します。
     \return GEN_COOKIE_E  getPeernameがEmbedGenerateCookieに失敗した場合に返されます。
     \param ssl  wolfssl_new（）を使用して作成されたWolfSSL構造へのポインタ。
@@ -145,7 +145,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
                                            int sz, void*);
 
 /*!
-    \brief  
+    \brief
     \return none  いいえ返します。
     \param ctx  ヒープヒントへのvoidポインタ。
     _Example_
@@ -222,7 +222,7 @@ void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
 void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
 
 /*!
-    \ingroup IO 
+    \ingroup IO
     \brief  この関数は、WolfSSL構造体のIOCB_READCTXメンバーを返します。
     \return pointer  この関数は、wolfssl構造体のiocb_readctxメンバーへのvoidポインタを返します。
     \return NULL  wolfssl構造体がNULLの場合に返されます。
@@ -245,7 +245,7 @@ void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
 void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
 
 /*!
-    \ingroup IO 
+    \ingroup IO
     \brief  この関数は、WolfSSL構造のIOCB_WRITECTXメンバーを返します。
     \return pointer  この関数は、WolfSSL構造のIOCB_WRITECTXメンバーへのvoidポインタを返します。
     \return NULL  wolfssl構造体がNULLの場合に返されます。
@@ -303,7 +303,7 @@ void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
 void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
 /*!
-    \ingroup IO 
+    \ingroup IO
     \brief  この関数は、wolfssl構造内のnxctx構造体のNxSocketメンバーとNXWAITメンバーを設定します。
     \return none  いいえ返します。
     \param ssl  wolfssl_new（）を使用して作成されたWolfSSL構造へのポインタ。
@@ -347,7 +347,7 @@ void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket,
 void  wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX* ctx, CallbackGenCookie cb);
 
 /*!
-    \ingroup Setup 
+    \ingroup Setup
     \brief  この関数は、WolfSSL構造のIOCB_COOKIECTXメンバーを返します。
     \return pointer  この関数は、iocb_cookiectxに格納されているvoidポインタ値を返します。
     \return NULL  WolfSSL構造体がNULLの場合
@@ -369,7 +369,7 @@ void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
 
 
 /*!
-    \ingroup Setup 
+    \ingroup Setup
     \brief  この関数は、WolfSSLがWolfSSL_ISOTPでコンパイルされている場合に使用する場合は、WolfSSLの場合はISO-TPコンテキストを設定します。
     \return 0  成功すると、故障のwolfssl_cbio_err_general
     \param ssl  wolfsslコンテキスト
diff --git a/doc/dox_comments/header_files/asn_public.h b/doc/dox_comments/header_files/asn_public.h
index e7505e228b..30ea784b00 100644
--- a/doc/dox_comments/header_files/asn_public.h
+++ b/doc/dox_comments/header_files/asn_public.h
@@ -1662,7 +1662,7 @@ void wc_SetCert_Free(Cert* cert);
     \return Length of traditional private key on success.
     \return Negative values on failure.
 
-    \param input Buffer containing unencrypted PKCS#8 private key. 
+    \param input Buffer containing unencrypted PKCS#8 private key.
     \param inOutIdx Index into the input buffer. On input, it should be a byte
     offset to the beginning of the the PKCS#8 buffer. On output, it will be the
     byte offset to the traditional private key within the input buffer.
@@ -1691,7 +1691,7 @@ int wc_GetPkcs8TraditionalOffset(byte* input,
 
     \brief This function takes in a DER private key and converts it to PKCS#8
     format. Also used in creating PKCS#12 shrouded key bags. See RFC 5208.
-    
+
     \return The size of the PKCS#8 key placed into out on success.
     \return LENGTH_ONLY_E if out is NULL, with required output buffer size in
     outSz.
@@ -1840,7 +1840,7 @@ int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password,
 
     \brief This function takes a traditional, DER key, converts it to PKCS#8
      format, and encrypts it. It uses wc_CreatePKCS8Key and wc_EncryptPKCS8Key
-     to do this. 
+     to do this.
 
     \return The size of the encrypted key placed in out on success.
     \return LENGTH_ONLY_E if out is NULL, with required output buffer size in
@@ -2199,7 +2199,7 @@ int wc_Asn1PrintOptions_Init(Asn1PrintOptions* opts);
     \return  0 on success.
     \return  BAD_FUNC_ARG when asn1 is NULL.
     \return  BAD_FUNC_ARG when val is out of range for option.
- 
+
     \param opts  The ASN.1 options for printing.
     \param opt   An option to set value for.
     \param val   The value to set.
diff --git a/doc/dox_comments/header_files/cryptocb.h b/doc/dox_comments/header_files/cryptocb.h
index 152f8823e1..35cc88ef29 100644
--- a/doc/dox_comments/header_files/cryptocb.h
+++ b/doc/dox_comments/header_files/cryptocb.h
@@ -1,14 +1,14 @@
 /*!
     \ingroup CryptoCb
 
-    \brief This function registers a unique device identifier (devID) and 
-    callback function for offloading crypto operations to external 
+    \brief This function registers a unique device identifier (devID) and
+    callback function for offloading crypto operations to external
     hardware such as Key Store, Secure Element, HSM, PKCS11 or TPM.
 
     For STSAFE with Crypto Callbacks example see
     wolfcrypt/src/port/st/stsafe.c and the wolfSSL_STSAFE_CryptoDevCb function.
 
-    For TPM based crypto callbacks example see the wolfTPM2_CryptoDevCb 
+    For TPM based crypto callbacks example see the wolfTPM2_CryptoDevCb
     function in wolfTPM src/tpm2_wrap.c
 
     \return CRYPTOCB_UNAVAILABLE to fallback to using software crypto
@@ -90,7 +90,7 @@ int  wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
 /*!
     \ingroup CryptoCb
 
-    \brief This function un-registers a unique device identifier (devID) 
+    \brief This function un-registers a unique device identifier (devID)
     callback function.
 
     \return none No returns.
diff --git a/doc/dox_comments/header_files/doxygen_groups.h b/doc/dox_comments/header_files/doxygen_groups.h
index 709d462b1c..5cac25e2dd 100644
--- a/doc/dox_comments/header_files/doxygen_groups.h
+++ b/doc/dox_comments/header_files/doxygen_groups.h
@@ -154,7 +154,7 @@
       -# Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
       -# Derive SSV and auth data: wc_DeriveSakkeSSV()
       -# Free SAKKE Key: wc_FreeSakkeKey()
-    
+
     \defgroup SAKKE_Setup Setup SAKKE Key
     Operations for establishing a SAKKE key.
 
diff --git a/doc/dox_comments/header_files/ed25519.h b/doc/dox_comments/header_files/ed25519.h
index b4176da9b7..41705ce33a 100644
--- a/doc/dox_comments/header_files/ed25519.h
+++ b/doc/dox_comments/header_files/ed25519.h
@@ -8,7 +8,7 @@
     \return 0 Returned upon successfully making the public key.
     \return BAD_FUNC_ARG Returned if key or pubKey evaluate to NULL, or if the
     specified key size is not 32 bytes (Ed25519 has 32 byte keys).
-    \return ECC_PRIV_KEY_E returned if the ed25519_key object does not have 
+    \return ECC_PRIV_KEY_E returned if the ed25519_key object does not have
     the private key in it.
     \return MEMORY_E Returned if there is an error allocating memory
     during function execution.
diff --git a/doc/dox_comments/header_files/hmac.h b/doc/dox_comments/header_files/hmac.h
index a7c416828e..1db707a8b6 100644
--- a/doc/dox_comments/header_files/hmac.h
+++ b/doc/dox_comments/header_files/hmac.h
@@ -8,9 +8,9 @@
     \return BAD_FUNC_ARG Returned if the input type is invalid (see type param)
     \return MEMORY_E Returned if there is an error allocating memory for the
     structure to use for hashing
-    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    \return HMAC_MIN_KEYLEN_E Returned when using a FIPS implementation
     and the key length specified is shorter than the minimum acceptable
-    FIPS standard
+    FIPS standard of 14 bytes
 
     \param hmac pointer to the Hmac object to initialize
     \param type type specifying which encryption method the Hmac object
diff --git a/doc/dox_comments/header_files/memory.h b/doc/dox_comments/header_files/memory.h
index 02dbf4e41f..fbc2172fc5 100644
--- a/doc/dox_comments/header_files/memory.h
+++ b/doc/dox_comments/header_files/memory.h
@@ -4,9 +4,9 @@
     \brief This function is similar to malloc(), but calls the memory
     allocation function which wolfSSL has been configured to use. By default,
     wolfSSL uses malloc().  This can be changed using the wolfSSL memory
-    abstraction layer - see wolfSSL_SetAllocators(). Note wolfSSL_Malloc is not 
+    abstraction layer - see wolfSSL_SetAllocators(). Note wolfSSL_Malloc is not
     called directly by wolfSSL, but instead called by macro XMALLOC.
-    For the default build only the size argument exists. If using 
+    For the default build only the size argument exists. If using
     WOLFSSL_STATIC_MEMORY build then heap and type arguments are included.
 
     \return pointer If successful, this function returns a pointer to
@@ -37,9 +37,9 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type);
     \brief This function is similar to free(), but calls the memory free
     function which wolfSSL has been configured to use. By default, wolfSSL
     uses free(). This can be changed using the wolfSSL memory abstraction
-    layer - see wolfSSL_SetAllocators(). Note wolfSSL_Free is not 
+    layer - see wolfSSL_SetAllocators(). Note wolfSSL_Free is not
     called directly by wolfSSL, but instead called by macro XFREE.
-    For the default build only the ptr argument exists. If using 
+    For the default build only the ptr argument exists. If using
     WOLFSSL_STATIC_MEMORY build then heap and type arguments are included.
 
     \return none No returns.
@@ -73,8 +73,8 @@ void  wolfSSL_Free(void *ptr, void* heap, int type);
     \brief This function is similar to realloc(), but calls the memory
     re-allocation function which wolfSSL has been configured to use.
     By default, wolfSSL uses realloc().  This can be changed using the
-    wolfSSL memory abstraction layer - see wolfSSL_SetAllocators(). 
-    Note wolfSSL_Realloc is not called directly by wolfSSL, but instead called 
+    wolfSSL memory abstraction layer - see wolfSSL_SetAllocators().
+    Note wolfSSL_Realloc is not called directly by wolfSSL, but instead called
     by macro XREALLOC. For the default build only the size argument exists.
     If using WOLFSSL_STATIC_MEMORY build then heap and type arguments are included.
 
diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h
index 0a329085e9..5b70953efd 100644
--- a/doc/dox_comments/header_files/pkcs7.h
+++ b/doc/dox_comments/header_files/pkcs7.h
@@ -205,8 +205,8 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
 
     \brief This function builds the PKCS7 signed data content type, encoding
     the PKCS7 structure into a header and footer buffer containing a parsable PKCS7
-    signed data packet. This does not include the content. 
-    A hash must be computed and provided for the data 
+    signed data packet. This does not include the content.
+    A hash must be computed and provided for the data
 
     \return 0=Success
     \return BAD_FUNC_ARG Returned if the PKCS7 structure is missing one or
@@ -244,11 +244,11 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
     \param hashSz size of the digest
     \param outputHead pointer to the buffer in which to store the
     encoded certificate header
-    \param outputHeadSz pointer populated with size of output header buffer 
+    \param outputHeadSz pointer populated with size of output header buffer
     and returns actual size
     \param outputFoot pointer to the buffer in which to store the
     encoded certificate footer
-    \param outputFootSz pointer populated with size of output footer buffer 
+    \param outputFootSz pointer populated with size of output footer buffer
     and returns actual size
 
     _Example_
@@ -285,7 +285,7 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         &pkcs7HeadSz, pkcs7FootBuff, &pkcs7FootSz);
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -297,8 +297,8 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_VerifySignedData_ex
 */
-int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, 
+int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot,
     word32* outputFootSz);
 
 /*!
@@ -382,9 +382,9 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
 /*!
     \ingroup PKCS7
 
-    \brief This function takes in a transmitted PKCS7 signed data message as 
-    hash/header/footer, then extracts the certificate list and certificate 
-    revocation list, and then verifies the signature. It stores the extracted 
+    \brief This function takes in a transmitted PKCS7 signed data message as
+    hash/header/footer, then extracts the certificate list and certificate
+    revocation list, and then verifies the signature. It stores the extracted
     content in the given PKCS7 structure.
 
     \return 0 Returned on successfully extracting the information
@@ -426,10 +426,10 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
     certificates
     \param hashBuf pointer to computed hash for the content data
     \param hashSz size of the digest
-    \param pkiMsgHead pointer to the buffer containing the signed message header 
+    \param pkiMsgHead pointer to the buffer containing the signed message header
     to verify and decode
     \param pkiMsgHeadSz size of the signed message header
-    \param pkiMsgFoot pointer to the buffer containing the signed message footer 
+    \param pkiMsgFoot pointer to the buffer containing the signed message footer
     to verify and decode
     \param pkiMsgFootSz size of the signed message footer
 
@@ -463,7 +463,7 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         sizeof(pkcs7HeadBuff), pkcs7FootBuff, sizeof(pkcs7FootBuff));
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -475,8 +475,8 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_EncodeSignedData_ex
 */
-int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, 
+int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
     word32 pkiMsgFootSz);
 
 /*!
diff --git a/doc/dox_comments/header_files/rsa.h b/doc/dox_comments/header_files/rsa.h
index 9f099c1ed0..2245052f3c 100644
--- a/doc/dox_comments/header_files/rsa.h
+++ b/doc/dox_comments/header_files/rsa.h
@@ -333,6 +333,12 @@ int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
     if (ret < 0) {
         return -1;
     }
+    if (ret != inLen) {
+        return -1;
+    }
+    if (XMEMCMP(in, plain, ret) != 0) {
+        return -1;
+    }
     \endcode
 
     \sa wc_RsaPad
@@ -403,6 +409,12 @@ int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
     if (ret < 0) {
         return -1;
     }
+    if (ret != inLen) {
+        return -1;
+    }
+    if (XMEMCMP(in, plain, ret) != 0) {
+        return -1;
+    }
     \endcode
 
     \sa wc_RsaSSL_Sign
diff --git a/doc/dox_comments/header_files/types.h b/doc/dox_comments/header_files/types.h
index 65faa10a54..6f1ecee261 100644
--- a/doc/dox_comments/header_files/types.h
+++ b/doc/dox_comments/header_files/types.h
@@ -23,14 +23,14 @@
     #define XMALLOC(s, h, t) 	((void)h, (void)t, wolfSSL_Malloc((s)))
     #define XFREE(p, h, t)   	{void* xp = (p); if((xp)) wolfSSL_Free((xp));}
     #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
-    	
+
     \return pointer Return a pointer to allocated memory on success
 	\return NULL on failure
-	
+
 	\param s size of memory to allocate
-	\param h (used by custom XMALLOC function) pointer to the heap to use	
+	\param h (used by custom XMALLOC function) pointer to the heap to use
 	\param t memory allocation types for user hints. See enum in types.h
-	
+
 	_Example_
 	\code
 	int* tenInts = XMALLOC(sizeof(int)*10, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -39,7 +39,7 @@
 	    return MEMORY_E;
     }
 	\endcode
-	
+
 	\sa wolfSSL_Malloc
 	\sa wolfSSL_Realloc
 	\sa wolfSSL_Free
@@ -75,19 +75,19 @@ void* XMALLOC(size_t n, void* heap, int type);
 
     \return Return a pointer to allocated memory on success
 	\return NULL on failure
-	
+
 	\param p pointer to the address to reallocate
 	\param n size of memory to allocate
-	\param h (used by custom XREALLOC function) pointer to the heap to use	
+	\param h (used by custom XREALLOC function) pointer to the heap to use
 	\param t memory allocation types for user hints. See enum in types.h
-	
+
 	_Example_
 	\code
 	int* tenInts = (int*)XMALLOC(sizeof(int)*10, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     int* twentyInts = (int*)XREALLOC(tenInts, sizeof(int)*20, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
 	\endcode
-	
+
 	\sa wolfSSL_Malloc
 	\sa wolfSSL_Realloc
 	\sa wolfSSL_Free
@@ -123,9 +123,9 @@ void* XREALLOC(void *p, size_t n, void* heap, int type);
     \return none No returns.
 
     \param p pointer to the address to free
-	\param h (used by custom XFREE function) pointer to the heap to use	
+	\param h (used by custom XFREE function) pointer to the heap to use
 	\param t memory allocation types for user hints. See enum in types.h
-	
+
 	_Example_
 	\code
 	int* tenInts = XMALLOC(sizeof(int) * 10, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -134,7 +134,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type);
 	    return MEMORY_E;
     }
 	\endcode
-	
+
 	\sa wolfSSL_Malloc
 	\sa wolfSSL_Realloc
 	\sa wolfSSL_Free
diff --git a/doc/dox_comments/header_files/wolfio.h b/doc/dox_comments/header_files/wolfio.h
index a1404fbe62..5e52e3573b 100644
--- a/doc/dox_comments/header_files/wolfio.h
+++ b/doc/dox_comments/header_files/wolfio.h
@@ -422,9 +422,9 @@ void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
     flags parameter may include one or more of the following:
     #define MSG_OOB 0x1  // process out-of-band data,
     #define MSG_DONTROUTE  0x4  // bypass routing, use direct interface.
-    The flag MSG_OOB is used to send ``out-of-band'' data on sockets that
+    The flag MSG_OOB is used to send 'out-of-band' data on sockets that
     support this notion (e.g.  SOCK_STREAM); the underlying protocol must also
-    support ``out-of-band'' data.  MSG_DONTROUTE is usually used only by
+    support 'out-of-band' data.  MSG_DONTROUTE is usually used only by
     diagnostic or routing programs.”
 
     \return none No returns.
diff --git a/doc/formats/html/html_changes/customdoxygen.css b/doc/formats/html/html_changes/customdoxygen.css
index 2c553fdeaf..478f7cf541 100644
--- a/doc/formats/html/html_changes/customdoxygen.css
+++ b/doc/formats/html/html_changes/customdoxygen.css
@@ -418,7 +418,7 @@ p.formulaDsp {
 }
 
 img.formulaDsp {
-	
+
 }
 
 img.formulaInl {
diff --git a/doc/formats/html/html_changes/doxygen.css b/doc/formats/html/html_changes/doxygen.css
index c49b43f3ef..ee1bde225e 100644
--- a/doc/formats/html/html_changes/doxygen.css
+++ b/doc/formats/html/html_changes/doxygen.css
@@ -321,7 +321,7 @@ p.formulaDsp {
 }
 
 img.formulaDsp {
-	
+
 }
 
 img.formulaInl {
diff --git a/doc/generate_documentation.sh b/doc/generate_documentation.sh
index e5defefe30..7a7bbf9df5 100755
--- a/doc/generate_documentation.sh
+++ b/doc/generate_documentation.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+# This script depends on g++, cmake, git, and make to be installed
 
 POSIXLY_CORRECT=1
 
@@ -8,30 +9,6 @@ GEN_PDF=false
 GEN_ALL=false
 INSTALL_DOX=false
 
-command -v g++
-if [ $? -ne "0" ]; then
-echo "Please install g++"
-exit 1
-fi
-
-command -v cmake
-if [ $? -ne "0" ]; then
-echo "Please install cmake"
-exit 1
-fi
-
-command -v git
-if [ $? -ne "0" ]; then
-echo "Please install git"
-exit 1
-fi
-
-command -v make
-if [ $? -ne "0" ]; then
-echo "Please install make"
-exit 1
-fi
-
 # Checking arguments and setting appropriate option variables
 
 for var in "$@"
diff --git a/examples/asn1/asn1.c b/examples/asn1/asn1.c
index 4cf1d5b928..92a0a19528 100644
--- a/examples/asn1/asn1.c
+++ b/examples/asn1/asn1.c
@@ -1,6 +1,6 @@
 /* asn1.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/async/async_client.c b/examples/async/async_client.c
index a0df6a1465..52fafbd7bd 100644
--- a/examples/async/async_client.c
+++ b/examples/async/async_client.c
@@ -1,8 +1,8 @@
 /* async_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
  *
  * wolfSSL is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,12 +16,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
 /* TLS client demonstrating asynchronous cryptography features and optionally
  * using the crypto or PK callbacks */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 /* std */
 #include <stdlib.h>
 #include <stdio.h>
@@ -180,7 +184,7 @@ int client_async_test(int argc, char** argv)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0)
                 break;
@@ -188,7 +192,7 @@ int client_async_test(int argc, char** argv)
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         fprintf(stderr, "wolfSSL_connect error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -210,7 +214,7 @@ int client_async_test(int argc, char** argv)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0)
                 break;
@@ -218,7 +222,7 @@ int client_async_test(int argc, char** argv)
     #endif
         ret = wolfSSL_write(ssl, buff, (int)len);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != (int)len) {
         fprintf(stderr, "wolfSSL_write error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -232,7 +236,7 @@ int client_async_test(int argc, char** argv)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0)
                 break;
@@ -240,7 +244,7 @@ int client_async_test(int argc, char** argv)
     #endif
         ret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         fprintf(stderr, "wolfSSL_read error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
diff --git a/examples/async/async_server.c b/examples/async/async_server.c
index 41eaae86ec..122e0c37ec 100644
--- a/examples/async/async_server.c
+++ b/examples/async/async_server.c
@@ -1,8 +1,8 @@
 /* async_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
  *
  * wolfSSL is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,12 +16,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
 /* TLS server demonstrating asynchronous cryptography features and optionally
  * using the crypto or PK callbacks */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 /* std */
 #include <stdlib.h>
 #include <stdio.h>
@@ -244,7 +248,7 @@ int server_async_test(int argc, char** argv)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0)
                     break;
@@ -252,7 +256,7 @@ int server_async_test(int argc, char** argv)
         #endif
             ret = wolfSSL_accept(ssl);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != WOLFSSL_SUCCESS) {
             fprintf(stderr, "wolfSSL_accept error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -269,7 +273,7 @@ int server_async_test(int argc, char** argv)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0)
                     break;
@@ -277,7 +281,7 @@ int server_async_test(int argc, char** argv)
         #endif
             ret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0) {
             fprintf(stderr, "wolfSSL_read error %d: %s\n",
                     err, wolfSSL_ERR_error_string(err, errBuff));
@@ -304,7 +308,7 @@ int server_async_test(int argc, char** argv)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0)
                     break;
@@ -312,7 +316,7 @@ int server_async_test(int argc, char** argv)
         #endif
             ret = wolfSSL_write(ssl, buff, (int)len);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != (int)len) {
             fprintf(stderr, "wolfSSL_write error %d: %s\n",
                     err, wolfSSL_ERR_error_string(err, errBuff));
diff --git a/examples/async/async_tls.c b/examples/async/async_tls.c
index 1d4f68d530..ee7183042a 100644
--- a/examples/async/async_tls.c
+++ b/examples/async/async_tls.c
@@ -1,8 +1,8 @@
 /* async-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
  *
  * wolfSSL is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,9 +16,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef WOLFSSL_USER_SETTINGS
 #include <wolfssl/options.h>
 #endif
@@ -41,7 +45,7 @@
 /* This is where you would plug-in calls to your own hardware crypto */
 int AsyncTlsCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); /* bypass HW by default */
     AsyncTlsCryptoCbCtx* myCtx = (AsyncTlsCryptoCbCtx*)ctx;
 
     if (info == NULL)
diff --git a/examples/async/async_tls.h b/examples/async/async_tls.h
index d5403e24f2..43b249021c 100644
--- a/examples/async/async_tls.h
+++ b/examples/async/async_tls.h
@@ -1,6 +1,6 @@
 /* async-tls.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c
index 24901b7a22..609481a3e0 100644
--- a/examples/benchmark/tls_bench.c
+++ b/examples/benchmark/tls_bench.c
@@ -1,6 +1,6 @@
 /* tls_bench.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1816,7 +1816,9 @@ static int SetupSupportedGroups(int verbose)
                     printf("Will benchmark the following group: %s\n",
                        groups[i].name);
                 }
-            } else if (uks_ret == BAD_FUNC_ARG || uks_ret == NOT_COMPILED_IN) {
+            } else if (uks_ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG) ||
+                       uks_ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
+            {
                 groups[i].group = 0;
                 if (verbose) {
                     printf("Will NOT benchmark the following group: %s\n",
diff --git a/examples/benchmark/tls_bench.h b/examples/benchmark/tls_bench.h
index 6ed021b63d..67599cb1c5 100644
--- a/examples/benchmark/tls_bench.h
+++ b/examples/benchmark/tls_bench.h
@@ -1,6 +1,6 @@
 /* tls_bench.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/client/client.c b/examples/client/client.c
index cd0394f13d..b8adcc1924 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -1,6 +1,6 @@
 /* client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -183,10 +183,10 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
     while (ret != WOLFSSL_SUCCESS &&
         (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         #ifdef WOLFSSL_NONBLOCK_OCSP
-            || error == OCSP_WANT_READ
+            || error == WC_NO_ERR_TRACE(OCSP_WANT_READ)
         #endif
     )) {
         int currTimeout = 1;
@@ -197,7 +197,7 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
             printf("... client would write block\n");
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-        if (error == WC_PENDING_E) {
+        if (error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) break;
         }
@@ -221,10 +221,10 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
         if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
             || (select_ret == TEST_ERROR_READY)
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         #ifdef WOLFSSL_NONBLOCK_OCSP
-            || error == OCSP_WANT_READ
+            || error == WC_NO_ERR_TRACE(OCSP_WANT_READ)
         #endif
         ) {
         #ifndef WOLFSSL_CALLBACKS
@@ -324,12 +324,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X25519;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x25519");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else if (useX448) {
@@ -339,12 +339,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X448;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x448");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else {
@@ -355,12 +355,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SECP256R1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve secp256r1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #endif
         #ifdef WOLFSSL_SM2
             do {
@@ -368,12 +368,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SM2P256V1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve sm2p256v1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #endif
     #endif
         }
@@ -385,12 +385,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             if (ret == WOLFSSL_SUCCESS)
                 groups[count++] = WOLFSSL_FFDHE_2048;
         #ifdef WOLFSSL_ASYNC_CRYPT
-            else if (ret == WC_PENDING_E)
+            else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
         #endif
             else
                 err_sys("unable to use DH 2048-bit parameters");
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
     }
     #ifdef HAVE_PQC
@@ -398,24 +398,43 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
         if (usePqc) {
             int group = 0;
 
+        #ifndef WOLFSSL_NO_KYBER512
             if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
                 group = WOLFSSL_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
                 group = WOLFSSL_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
                 group = WOLFSSL_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER512
+            if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
                 group = WOLFSSL_P256_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
                 group = WOLFSSL_P384_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
                 group = WOLFSSL_P521_KYBER_LEVEL5;
-            } else {
+            }
+            else
+        #endif
+            {
                 err_sys("invalid post-quantum KEM specified");
             }
 
@@ -452,13 +471,13 @@ static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
         if (ret <= 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != msgSz) {
         LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err,
                                          wolfSSL_ERR_error_string((unsigned long)err, buffer));
@@ -564,14 +583,14 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
                 if (ret != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         /* returns the number of polled items or <0 for error */
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         #ifdef WOLFSSL_EARLY_DATA
             EarlyDataStatus(ssl);
         #endif
@@ -668,13 +687,13 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
         if (ret != WOLFSSL_SUCCESS) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret == WOLFSSL_SUCCESS) {
         /* Perform throughput test */
         char *tx_buffer, *rx_buffer;
@@ -720,13 +739,13 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
                         if (ret <= 0) {
                             err = wolfSSL_get_error(ssl, 0);
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
                         #endif
                         }
-                    } while (err == WC_PENDING_E);
+                    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
                     if (ret != len) {
                         LOG_ERROR("SSL_write bench error %d!\n", err);
                         if (!exitWithRet)
@@ -746,7 +765,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
                             if (ret <= 0) {
                                 err = wolfSSL_get_error(ssl, 0);
                             #ifdef WOLFSSL_ASYNC_CRYPT
-                                if (err == WC_PENDING_E) {
+                                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                     if (ret < 0) break;
                                 }
@@ -909,13 +928,13 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
         if (ret < 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != (int)XSTRLEN(starttlsCmd[5])) {
         err_sys("failed to send SMTP QUIT command\n");
     }
@@ -926,13 +945,13 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
         if (ret < 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         err_sys("failed to read SMTP closing down response\n");
     }
@@ -965,7 +984,7 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str
         if (ret <= 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
@@ -974,7 +993,7 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str
     } while (err == WOLFSSL_ERROR_WANT_WRITE ||
              err == WOLFSSL_ERROR_WANT_READ
     #ifdef WOLFSSL_ASYNC_CRYPT
-        || err == WC_PENDING_E
+        || err == WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     );
     if (ret != msgSz) {
@@ -1002,14 +1021,16 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
         if (ret <= 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
             else
         #endif
             if (err != WOLFSSL_ERROR_WANT_READ &&
-                    err != WOLFSSL_ERROR_WANT_WRITE && err != APP_DATA_READY) {
+                    err != WOLFSSL_ERROR_WANT_WRITE &&
+                    err != WC_NO_ERR_TRACE(APP_DATA_READY))
+            {
                 LOG_ERROR("SSL_read reply error %d, %s\n", err,
                                          wolfSSL_ERR_error_string((unsigned long)err, buffer));
                 if (!exitWithRet) {
@@ -1034,9 +1055,9 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
     } while ((mustRead && err == WOLFSSL_ERROR_WANT_READ)
         || err == WOLFSSL_ERROR_WANT_WRITE
     #ifdef WOLFSSL_ASYNC_CRYPT
-        || err == WC_PENDING_E
+        || err == WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
-        || err == APP_DATA_READY
+        || err == WC_NO_ERR_TRACE(APP_DATA_READY)
     );
     if (ret > 0) {
         reply[ret] = 0; /* null terminate */
@@ -1657,7 +1678,9 @@ static void Usage(void)
     printf("%s", msg[++msgid]); /* -D */
     printf("%s", msg[++msgid]); /* -e */
     printf("%s", msg[++msgid]); /* -g */
+#ifdef WOLFSSL_DTLS
     printf("%s", msg[++msgid]); /* -u */
+#endif
 #ifdef WOLFSSL_SCTP
     printf("%s", msg[++msgid]); /* -G */
 #endif
@@ -1772,7 +1795,6 @@ static void Usage(void)
     printf("%s", msg[++msgid]); /* --wolfsentry-config */
 #endif
     printf("%s", msg[++msgid]); /* -7 */
-    printf("%s", msg[++msgid]); /* Examples repo link */
 #ifdef HAVE_PQC
     printf("%s", msg[++msgid]);     /* --pqc */
 #endif
@@ -1821,7 +1843,7 @@ static int client_srtp_test(WOLFSSL *ssl, func_args *args)
 
     ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
                                                    &srtp_secret_length);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         LOG_ERROR("DTLS SRTP: Error getting keying material length\n");
         return ret;
     }
@@ -3203,7 +3225,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
                                                            defined(WOLFSSL_DTLS)
     if (dtlsMTU)
-        wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU);
+        wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU);
 #endif
 
 #ifndef NO_DH
@@ -3585,8 +3607,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif
 #endif
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
-    if (postHandAuth)
-        wolfSSL_CTX_allow_post_handshake_auth(ctx);
+    if (postHandAuth) {
+        if (wolfSSL_CTX_allow_post_handshake_auth(ctx) != 0) {
+            err_sys("unable to support post handshake auth");
+        }
+    }
 #endif
 
     if (benchmark) {
@@ -3958,13 +3983,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
             }
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     }
 #else
     timeoutConnect.tv_sec  = DEFAULT_TIMEOUT_SEC;
@@ -4145,7 +4170,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         if (err == WOLFSSL_SUCCESS)
             printf("Received ALPN protocol : %s (%d)\n",
                    protocol_name, protocol_nameSz);
-        else if (err == WOLFSSL_ALPN_NOT_FOUND)
+        else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
             printf("No ALPN response received (no match with server)\n");
         else
             printf("Getting ALPN protocol name failed\n");
@@ -4201,12 +4226,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                         else {
                             do {
                             #ifdef WOLFSSL_ASYNC_CRYPT
-                                if (err == WC_PENDING_E) {
+                                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                     if (ret < 0) break;
                                 }
                             #endif
-                                if (err == APP_DATA_READY) {
+                                if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
                                     if (wolfSSL_read(ssl, reply,
                                             sizeof(reply)-1) < 0) {
                                         err_sys("APP DATA should be present "
@@ -4222,9 +4247,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                                 }
                             } while (ret != WOLFSSL_SUCCESS &&
                                     (err == WOLFSSL_ERROR_WANT_READ ||
-                                        err == WOLFSSL_ERROR_WANT_WRITE ||
-                                        err == APP_DATA_READY ||
-                                        err == WC_PENDING_E));
+                                     err == WOLFSSL_ERROR_WANT_WRITE ||
+                                     err == WC_NO_ERR_TRACE(APP_DATA_READY) ||
+                                     err == WC_NO_ERR_TRACE(WC_PENDING_E)));
                         }
 
                         if (ret == WOLFSSL_SUCCESS) {
@@ -4251,12 +4276,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
 #ifdef WOLFSSL_ASYNC_CRYPT
-                    while (err == WC_PENDING_E) {
+                    while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         err = 0;
                         ret = wolfSSL_negotiate(ssl);
                         if (ret != WOLFSSL_SUCCESS) {
                             err = wolfSSL_get_error(ssl, 0);
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
@@ -4281,12 +4306,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 if ((ret = wolfSSL_SecureResume(ssl)) != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
 #ifdef WOLFSSL_ASYNC_CRYPT
-                    while (err == WC_PENDING_E) {
+                    while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         err = 0;
                         ret = wolfSSL_negotiate(ssl);
                         if (ret != WOLFSSL_SUCCESS) {
                             err = wolfSSL_get_error(ssl, 0);
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
@@ -4550,14 +4575,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 if (ret != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(sslResume, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(sslResume,
                                                     WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         }
 #else
         timeoutConnect.tv_sec  = DEFAULT_TIMEOUT_SEC;
@@ -4592,7 +4617,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             if (err == WOLFSSL_SUCCESS)
                 printf("Received ALPN protocol : %s (%d)\n",
                        protocol_name, protocol_nameSz);
-            else if (err == WOLFSSL_ALPN_NOT_FOUND)
+            else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
                 printf("Not received ALPN response (no match with server)\n");
             else
                 printf("Getting ALPN protocol name failed\n");
diff --git a/examples/client/client.h b/examples/client/client.h
index 3317670e59..09581fcac7 100644
--- a/examples/client/client.h
+++ b/examples/client/client.h
@@ -1,6 +1,6 @@
 /* client.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_EBSnet.h b/examples/configs/user_settings_EBSnet.h
index 3d1486998b..dacd02af0d 100644
--- a/examples/configs/user_settings_EBSnet.h
+++ b/examples/configs/user_settings_EBSnet.h
@@ -1,6 +1,6 @@
 /* user_settings_EBSnet.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_all.h b/examples/configs/user_settings_all.h
index c484b90bef..9340ea38c0 100644
--- a/examples/configs/user_settings_all.h
+++ b/examples/configs/user_settings_all.h
@@ -1,6 +1,6 @@
 /* user_settings_all.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,7 +46,7 @@ extern "C" {
 #define HAVE_EXT_CACHE
 #define ATOMIC_USER /* Enable Atomic Record Layer callbacks */
 #define HAVE_PK_CALLBACKS /* Enable public key callbacks */
-#define WOLFSSL_ALT_NAMES /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */
+#define WOLFSSL_ALT_CERT_CHAINS /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */
 #define HAVE_NULL_CIPHER /* Enable use of TLS cipher suites without cipher (clear text / no encryption) */
 #define WOLFSSL_HAVE_CERT_SERVICE
 #define WOLFSSL_JNI
@@ -126,6 +126,7 @@ extern "C" {
 #define WOLFSSL_CUSTOM_OID
 #define HAVE_OID_ENCODING
 #define WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_ALT_NAMES /* Support subject alternative names extension */
 
 /* Certificate Revocation */
 #define HAVE_OCSP
diff --git a/examples/configs/user_settings_arduino.h b/examples/configs/user_settings_arduino.h
index cf64c75d77..178511ed0f 100644
--- a/examples/configs/user_settings_arduino.h
+++ b/examples/configs/user_settings_arduino.h
@@ -1,6 +1,6 @@
 /* examples/configs/user_settings_arduino.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_fipsv2.h b/examples/configs/user_settings_fipsv2.h
index f6096341e4..b15b1283b2 100644
--- a/examples/configs/user_settings_fipsv2.h
+++ b/examples/configs/user_settings_fipsv2.h
@@ -1,6 +1,6 @@
 /* user_settings_fipsv2.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_fipsv5.h b/examples/configs/user_settings_fipsv5.h
index 9f6bbfd463..afc4b63c9b 100644
--- a/examples/configs/user_settings_fipsv5.h
+++ b/examples/configs/user_settings_fipsv5.h
@@ -1,6 +1,6 @@
 /* user_settings_fipsv5.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_min_ecc.h b/examples/configs/user_settings_min_ecc.h
index f052500331..e43fb08418 100644
--- a/examples/configs/user_settings_min_ecc.h
+++ b/examples/configs/user_settings_min_ecc.h
@@ -1,6 +1,6 @@
 /* user_settings_min_ecc.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_stm32.h b/examples/configs/user_settings_stm32.h
index 9f02cf2bf5..b0182ae447 100644
--- a/examples/configs/user_settings_stm32.h
+++ b/examples/configs/user_settings_stm32.h
@@ -1,7 +1,7 @@
 /* wolfSSL_conf.h (example of generated wolfSSL.I-CUBE-wolfSSL_conf.h using
  * default_conf.ftl and STM32CubeIDE or STM32CubeMX tool)
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -78,7 +78,7 @@ extern "C" {
 #define WOLF_CONF_CHAPOLY      1
 
 /*---------- WOLF_CONF_EDCURVE25519 -----------*/
-#define WOLF_CONF_EDCURVE25519      0
+#define WOLF_CONF_EDCURVE25519      1
 
 /*---------- WOLF_CONF_MD5 -----------*/
 #define WOLF_CONF_MD5      0
@@ -93,10 +93,10 @@ extern "C" {
 #define WOLF_CONF_SHA2_256      1
 
 /*---------- WOLF_CONF_SHA2_384 -----------*/
-#define WOLF_CONF_SHA2_384      0
+#define WOLF_CONF_SHA2_384      1
 
 /*---------- WOLF_CONF_SHA2_512 -----------*/
-#define WOLF_CONF_SHA2_512      0
+#define WOLF_CONF_SHA2_512      1
 
 /*---------- WOLF_CONF_SHA3 -----------*/
 #define WOLF_CONF_SHA3      0
@@ -122,6 +122,9 @@ extern "C" {
 /*---------- WOLF_CONF_PQM4 -----------*/
 #define WOLF_CONF_PQM4      0
 
+/*---------- WOLF_CONF_ARMASM -----------*/
+#define WOLF_CONF_ARMASM      1
+
 /* ------------------------------------------------------------------------- */
 /* Hardware platform */
 /* ------------------------------------------------------------------------- */
@@ -168,7 +171,7 @@ extern "C" {
     #undef  NO_STM32_HASH
     #undef  NO_STM32_CRYPTO
     #define HAL_CONSOLE_UART huart3
-#elif defined(STM32H723xx)
+#elif defined(STM32H723xx) || defined(STM32H725xx) || defined(STM32H743xx)
     #define WOLFSSL_STM32H7
     #define HAL_CONSOLE_UART huart3
 #elif defined(STM32L4A6xx)
@@ -209,11 +212,14 @@ extern "C" {
     #define HAL_CONSOLE_UART huart2
     #define NO_STM32_RNG
     #define WOLFSSL_GENSEED_FORTEST /* no HW RNG is available use test seed */
-#elif defined(STM32U575xx) || defined(STM32U585xx)
+#elif defined(STM32G491xx)
+    #define WOLFSSL_STM32G4
+    #define HAL_CONSOLE_UART hlpuart1
+#elif defined(STM32U575xx) || defined(STM32U585xx) || defined(STM32U5A9xx)
     #define HAL_CONSOLE_UART huart1
     #define WOLFSSL_STM32U5
     #define STM32_HAL_V2
-    #ifdef STM32U585xx
+    #if defined(STM32U585xx) || defined(STM32U5A9xx)
         #undef  NO_STM32_HASH
         #undef  NO_STM32_CRYPTO
         #define WOLFSSL_STM32_PKA
@@ -248,6 +254,7 @@ extern "C" {
     //#define STM32_HAL_V2
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Platform */
 /* ------------------------------------------------------------------------- */
@@ -255,12 +262,23 @@ extern "C" {
 #define WOLFSSL_GENERAL_ALIGNMENT 4
 #define WOLFSSL_STM32_CUBEMX
 #define WOLFSSL_SMALL_STACK
-#define WOLFSSL_USER_IO
-#define WOLFSSL_NO_SOCK
 #define WOLFSSL_IGNORE_FILE_WARN
 
 /* ------------------------------------------------------------------------- */
-/* Operating System */
+/* Network stack: 1=User IO (custom), 2=LWIP (posix), 3=LWIP (native) */
+/* ------------------------------------------------------------------------- */
+#if defined(WOLF_CONF_IO) && WOLF_CONF_IO == 2
+    #define WOLFSSL_LWIP
+#elif defined(WOLF_CONF_IO) && WOLF_CONF_IO == 3
+    #define WOLFSSL_LWIP_NATIVE
+#else /* custom */
+    #define WOLFSSL_USER_IO
+    #define WOLFSSL_NO_SOCK
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Operating System: 1=Bare-metal/Single threaded, 2=FREERTOS */
 /* ------------------------------------------------------------------------- */
 #if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
     #define FREERTOS
@@ -268,22 +286,32 @@ extern "C" {
     #define SINGLE_THREADED
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Math Configuration */
 /* ------------------------------------------------------------------------- */
-/* 1=Fast (stack)
- * 2=Normal (heap)
- * 3=Single Precision C (only common curves/key sizes)
- * 4=Single Precision ASM Cortex-M3+
- * 5=Single Precision ASM Cortex-M0 (Generic Thumb)
- * 6=Single Precision C all small
- * 7=Single Precision C all big
+/* 1=Fast (stack)                      (tfm.c)
+ * 2=Normal (heap)                     (integer.c)
+ * 3-5=Single Precision: only common curves/key sizes:
+ *                   (ECC 256/384/521 and RSA/DH 2048/3072/4096)
+ *   3=Single Precision C              (sp_c32.c)
+ *   4=Single Precision ASM Cortex-M3+ (sp_cortexm.c)
+ *   5=Single Precision ASM Cortex-M0  (sp_armthumb.c)
+ * 6=Wolf multi-precision C small      (sp_int.c)
+ * 7=Wolf multi-precision C big        (sp_int.c)
  */
+
 #if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH == 1
     /* fast (stack) math - tfm.c */
     #define USE_FAST_MATH
     #define TFM_TIMING_RESISTANT
 
+    #if !defined(NO_RSA) || !defined(NO_DH)
+        /* Maximum math bits (Max DH/RSA key bits * 2) */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     4096
+    #endif
+
     /* Optimizations (TFM_ARM, TFM_ASM or none) */
     //#define TFM_NO_ASM
     //#define TFM_ASM
@@ -298,19 +326,26 @@ extern "C" {
     #endif
     #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
         #define WOLFSSL_HAVE_SP_RSA
+        //#define WOLFSSL_SP_NO_2048
+        //#define WOLFSSL_SP_NO_3072
+        //#define WOLFSSL_SP_4096
     #endif
     #if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1
         #define WOLFSSL_HAVE_SP_DH
     #endif
     #if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1
         #define WOLFSSL_HAVE_SP_ECC
+        //#define WOLFSSL_SP_NO_256
+        #define WOLFSSL_SP_384
+        //#define WOLFSSL_SP_521
     #endif
     #if WOLF_CONF_MATH == 6 || WOLF_CONF_MATH == 7
         #define WOLFSSL_SP_MATH_ALL /* use sp_int.c multi precision math */
+        //#define WOLFSSL_SP_ARM_THUMB /* enable ARM Thumb ASM speedups */
     #else
         #define WOLFSSL_SP_MATH    /* disable non-standard curves / key sizes */
     #endif
-    #define SP_WORD_SIZE 32
+    #define SP_WORD_SIZE 32 /* force 32-bit mode */
 
     /* Enable to put all math on stack (no heap) */
     //#define WOLFSSL_SP_NO_MALLOC
@@ -328,6 +363,7 @@ extern "C" {
     #endif
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Enable Features */
 /* ------------------------------------------------------------------------- */
@@ -336,6 +372,8 @@ extern "C" {
 #define HAVE_SUPPORTED_CURVES
 #define HAVE_ENCRYPT_THEN_MAC
 #define HAVE_EXTENDED_MASTER
+#define WOLFSSL_ASN_TEMPLATE
+#define HAVE_SNI
 
 #if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1
     #define WOLFSSL_TLS13
@@ -367,18 +405,23 @@ extern "C" {
 #endif
 
 /* TLS Session Cache */
-#if 0
+#if defined(WOLF_CONF_RESUMPTION) && WOLF_CONF_RESUMPTION == 1
     #define SMALL_SESSION_CACHE
+    #define HAVE_SESSION_TICKET
 #else
     #define NO_SESSION_CACHE
 #endif
 
-/* Post Quantum
- * Note: PQM4 is compatible with STM32. The project can be found at:
- * https://github.com/mupq/pqm4
- */
-#if defined(WOLF_CONF_PQM4) && WOLF_CONF_PQM4 == 1
-    #define HAVE_PQM4
+/* TPM support */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLF_CRYPTO_CB
+    #define WOLFSSL_PUBLIC_MP
+    /* also AES CFB - enabled below */
+#endif
+
+/* TLS key callbacks */
+#if defined(WOLF_CONF_PK) && WOLF_CONF_PK == 1
+    #define HAVE_PK_CALLBACKS
 #endif
 
 /* ------------------------------------------------------------------------- */
@@ -387,12 +430,6 @@ extern "C" {
 /* RSA */
 #undef NO_RSA
 #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
-    #ifdef USE_FAST_MATH
-        /* Maximum math bits (Max RSA key bits * 2) */
-        #undef  FP_MAX_BITS
-        #define FP_MAX_BITS     4096
-    #endif
-
     /* half as much memory but twice as slow */
     #undef  RSA_LOW_MEM
     //#define RSA_LOW_MEM
@@ -420,7 +457,7 @@ extern "C" {
     //#define HAVE_ECC192
     //#define HAVE_ECC224
     #undef NO_ECC256
-    //#define HAVE_ECC384
+    #define HAVE_ECC384
     //#define HAVE_ECC521
 
     /* Fixed point cache (speeds repeated operations against same private key) */
@@ -446,8 +483,8 @@ extern "C" {
     //#define HAVE_COMP_KEY
 
     #ifdef USE_FAST_MATH
-        #ifdef NO_RSA
-            /* Custom fastmath size if not using RSA */
+        #if defined(NO_RSA) && defined(NO_DH)
+            /* Custom fastmath size if not using RSA/DH */
             /* MAX = ROUND32(ECC BITS) * 2 */
             #define FP_MAX_BITS     (256 * 2)
         #else
@@ -474,20 +511,31 @@ extern "C" {
 #endif
 
 /* AES */
-#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
+#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM >= 1
     #define HAVE_AESGCM
+    #define HAVE_AES_DECRYPT
+
     /* GCM Method: GCM_SMALL, GCM_WORD32, GCM_TABLE or GCM_TABLE_4BIT */
     /* GCM_TABLE is about 4K larger and 3x faster for GHASH */
-    #define GCM_SMALL
-    #define HAVE_AES_DECRYPT
+    #if WOLF_CONF_AESGCM == 2
+        #define GCM_TABLE_4BIT
+    #else
+        #define GCM_SMALL
+    #endif
 #endif
 
 #if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
     #define HAVE_AES_CBC
     #define HAVE_AES_DECRYPT
+#else
+    #define NO_AES_CBC
 #endif
 
 /* Other possible AES modes */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLFSSL_AES_CFB /* Used by TPM parameter encryption */
+#endif
+
 //#define WOLFSSL_AES_COUNTER
 //#define HAVE_AESCCM
 //#define WOLFSSL_AES_XTS
@@ -516,7 +564,7 @@ extern "C" {
     #define HAVE_ED25519
 
     /* Optionally use small math (less flash usage, but much slower) */
-    #define CURVED25519_SMALL
+    //#define CURVED25519_SMALL
 #endif
 
 /* ------------------------------------------------------------------------- */
@@ -576,6 +624,53 @@ extern "C" {
     #define NO_MD5
 #endif
 
+/* ------------------------------------------------------------------------- */
+/* Post-Quantum Crypto */
+/* ------------------------------------------------------------------------- */
+/* NOTE: this is after the hashing section to override the potential SHA3 undef
+ * above. */
+#if defined(WOLF_CONF_KYBER) && WOLF_CONF_KYBER == 1
+#undef  WOLFSSL_EXPERIMENTAL_SETTINGS
+#define WOLFSSL_EXPERIMENTAL_SETTINGS
+
+#undef  WOLFSSL_HAVE_KYBER
+#define WOLFSSL_HAVE_KYBER
+
+#undef  WOLFSSL_WC_KYBER
+#define WOLFSSL_WC_KYBER
+
+#undef  WOLFSSL_NO_SHAKE128
+#undef  WOLFSSL_SHAKE128
+#define WOLFSSL_SHAKE128
+
+#undef  WOLFSSL_NO_SHAKE256
+#undef  WOLFSSL_SHAKE256
+#define WOLFSSL_SHAKE256
+
+#undef  WOLFSSL_SHA3
+#define WOLFSSL_SHA3
+#endif /* WOLF_CONF_KYBER */
+
+/* ------------------------------------------------------------------------- */
+/* Crypto Acceleration */
+/* ------------------------------------------------------------------------- */
+/* This enables inline assembly speedups for SHA2, SHA3, AES,
+ * ChaCha20/Poly1305 and Ed/Curve25519. These settings work for Cortex M4/M7
+ * and the source code is located in wolfcrypt/src/port/arm/
+ */
+#if defined(WOLF_CONF_ARMASM) && WOLF_CONF_ARMASM == 1
+    #define WOLFSSL_ARMASM
+    #define WOLFSSL_ARMASM_INLINE
+    #define WOLFSSL_ARMASM_NO_HW_CRYPTO
+    #define WOLFSSL_ARMASM_NO_NEON
+    #define WOLFSSL_ARM_ARCH 7
+    /* Disable H/W offloading if accelerating S/W crypto */
+    #undef  NO_STM32_HASH
+    #define NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define NO_STM32_CRYPTO
+#endif
+
 /* ------------------------------------------------------------------------- */
 /* Benchmark / Test */
 /* ------------------------------------------------------------------------- */
@@ -584,6 +679,7 @@ extern "C" {
 #define USE_CERT_BUFFERS_2048
 #define USE_CERT_BUFFERS_256
 
+
 /* ------------------------------------------------------------------------- */
 /* Debugging */
 /* ------------------------------------------------------------------------- */
@@ -602,6 +698,7 @@ extern "C" {
     //#define NO_ERROR_STRINGS
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Port */
 /* ------------------------------------------------------------------------- */
@@ -610,6 +707,7 @@ extern "C" {
 /* Allows custom "custom_time()" function to be used for benchmark */
 #define WOLFSSL_USER_CURRTIME
 
+
 /* ------------------------------------------------------------------------- */
 /* RNG */
 /* ------------------------------------------------------------------------- */
@@ -622,6 +720,7 @@ extern "C" {
     #define WC_NO_RNG
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Disable Features */
 /* ------------------------------------------------------------------------- */
@@ -650,6 +749,8 @@ extern "C" {
 #define NO_RC4
 #define NO_MD4
 #define NO_DES3
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
 
 /* In-lining of misc.c functions */
 /* If defined, must include wolfcrypt/src/misc.c in build */
@@ -664,6 +765,7 @@ extern "C" {
     #define NO_ASN_TIME
 #endif
 
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/examples/configs/user_settings_template.h b/examples/configs/user_settings_template.h
index f8673fab34..680376ad2d 100644
--- a/examples/configs/user_settings_template.h
+++ b/examples/configs/user_settings_template.h
@@ -1,6 +1,6 @@
 /* user_settings_template.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -354,6 +354,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/examples/configs/user_settings_wolfboot_keytools.h b/examples/configs/user_settings_wolfboot_keytools.h
index f10482d3e0..7a1e975671 100644
--- a/examples/configs/user_settings_wolfboot_keytools.h
+++ b/examples/configs/user_settings_wolfboot_keytools.h
@@ -4,7 +4,7 @@
  * Enabled via WOLFSSL_USER_SETTINGS.
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -57,7 +57,6 @@
 #define WOLFSSL_SHAKE256
 
 /* RSA */
-#define HAVE_RSA
 #define WOLFSSL_HAVE_SP_RSA
 #define WC_RSA_BLINDING
 #define WOLFSSL_KEY_GEN
diff --git a/examples/configs/user_settings_wolftpm.h b/examples/configs/user_settings_wolftpm.h
index 20da890b30..960536cb30 100644
--- a/examples/configs/user_settings_wolftpm.h
+++ b/examples/configs/user_settings_wolftpm.h
@@ -1,6 +1,6 @@
 /* user_settings_wolftpm.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index e2c04af620..ec01e756be 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -1,6 +1,6 @@
 /* echoclient.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -248,13 +248,13 @@ void echoclient_test(void* args)
         if (ret != WOLFSSL_SUCCESS) {
             err = SSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         fprintf(stderr, "SSL_connect error %d, %s\n", err,
             ERR_error_string((unsigned long)err, buffer));
@@ -271,13 +271,13 @@ void echoclient_test(void* args)
             if (ret <= 0) {
                 err = SSL_get_error(ssl, 0);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
             }
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != sendSz) {
             fprintf(stderr, "SSL_write msg error %d, %s\n", err,
                 ERR_error_string((unsigned long)err, buffer));
@@ -306,13 +306,13 @@ void echoclient_test(void* args)
                 if (ret <= 0) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret > 0) {
                 reply[ret] = 0;
                 LIBCALL_CHECK_RET(fputs(reply, fout));
@@ -320,7 +320,9 @@ void echoclient_test(void* args)
                 sendSz -= ret;
             }
 #ifdef WOLFSSL_DTLS
-            else if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
+            else if (wolfSSL_dtls(ssl) &&
+                     err == WC_NO_ERR_TRACE(DECRYPT_ERROR))
+            {
                 /* This condition is OK. The packet should be dropped
                  * silently when there is a decrypt or MAC error on
                  * a DTLS record. */
@@ -346,13 +348,13 @@ void echoclient_test(void* args)
         if (ret <= 0) {
             err = SSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
 #else
     SSL_shutdown(ssl);
 #endif
diff --git a/examples/echoclient/echoclient.h b/examples/echoclient/echoclient.h
index 23c4597c3d..90fb387be7 100644
--- a/examples/echoclient/echoclient.h
+++ b/examples/echoclient/echoclient.h
@@ -1,6 +1,6 @@
 /* echoclient.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index a00049f8dc..2f4d004cbf 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -1,6 +1,6 @@
 /* echoserver.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -341,13 +341,13 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
             }
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != WOLFSSL_SUCCESS) {
             fprintf(stderr, "SSL_accept error = %d, %s\n", err,
                 wolfSSL_ERR_error_string((unsigned long)err, buffer));
@@ -381,13 +381,13 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                 if (ret <= 0) {
                     err = wolfSSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret <= 0) {
                 if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_ZERO_RETURN){
                     fprintf(stderr, "SSL_read echo error %d, %s!\n", err,
@@ -444,13 +444,13 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                     if (ret <= 0) {
                         err = wolfSSL_get_error(write_ssl, 0);
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (err == WC_PENDING_E) {
+                        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                             ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
                             if (ret < 0) break;
                         }
                     #endif
                     }
-                } while (err == WC_PENDING_E);
+                } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
                 if (ret != echoSz) {
                     fprintf(stderr, "SSL_write get error = %d, %s\n", err,
                         wolfSSL_ERR_error_string((unsigned long)err, buffer));
@@ -470,13 +470,13 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                 if (ret <= 0) {
                     err = wolfSSL_get_error(write_ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
 
             if (ret != echoSz) {
                 fprintf(stderr, "SSL_write echo error = %d, %s\n", err,
diff --git a/examples/echoserver/echoserver.h b/examples/echoserver/echoserver.h
index a73c549ea3..29ab5a9f1b 100644
--- a/examples/echoserver/echoserver.h
+++ b/examples/echoserver/echoserver.h
@@ -1,6 +1,6 @@
 /* echoserver.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/pem/pem.c b/examples/pem/pem.c
index a61637946f..a58314d6d1 100644
--- a/examples/pem/pem.c
+++ b/examples/pem/pem.c
@@ -1,6 +1,6 @@
 /* pem.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -555,7 +555,7 @@ static int EncryptDer(unsigned char* in, word32 in_len, char* password,
         ret = wc_CreateEncryptedPKCS8Key(in, in_len, NULL, enc_len, password,
             (int)strlen(password), pbe_ver, pbe, enc_alg_id, salt, salt_sz,
             (int)iterations, &rng, NULL);
-        if (ret == LENGTH_ONLY_E) {
+        if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             ret = 0;
         }
         else if (ret == 0) {
diff --git a/examples/sctp/sctp-client-dtls.c b/examples/sctp/sctp-client-dtls.c
index d38f5579af..2f925d10dc 100644
--- a/examples/sctp/sctp-client-dtls.c
+++ b/examples/sctp/sctp-client-dtls.c
@@ -1,6 +1,6 @@
 /* sctp-client-dtls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
 
 /* wolfssl */
 #ifndef WOLFSSL_USER_SETTINGS
diff --git a/examples/sctp/sctp-client.c b/examples/sctp/sctp-client.c
index fdabe43c4a..04e3c56b86 100644
--- a/examples/sctp/sctp-client.c
+++ b/examples/sctp/sctp-client.c
@@ -1,6 +1,6 @@
 /* sctp-client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef WOLFSSL_USER_SETTINGS
     #include <wolfssl/options.h>
 #endif
diff --git a/examples/sctp/sctp-server-dtls.c b/examples/sctp/sctp-server-dtls.c
index c02522f209..bbe9835a05 100644
--- a/examples/sctp/sctp-server-dtls.c
+++ b/examples/sctp/sctp-server-dtls.c
@@ -1,6 +1,6 @@
 /* sctp-server-dtls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 /* wolfssl */
 #ifndef WOLFSSL_USER_SETTINGS
     #include <wolfssl/options.h>
diff --git a/examples/sctp/sctp-server.c b/examples/sctp/sctp-server.c
index 3f8f6d803e..2f33ada327 100644
--- a/examples/sctp/sctp-server.c
+++ b/examples/sctp/sctp-server.c
@@ -1,6 +1,6 @@
 /* sctp-server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef WOLFSSL_USER_SETTINGS
     #include <wolfssl/options.h>
 #endif
diff --git a/examples/server/server.c b/examples/server/server.c
index cca853a14d..2f42a909e3 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -1,6 +1,6 @@
 /* server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -342,7 +342,7 @@ static int NonBlockingSSL_Accept(SSL* ssl)
     while (ret != WOLFSSL_SUCCESS &&
         (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
     )) {
         if (error == WOLFSSL_ERROR_WANT_READ) {
@@ -353,7 +353,7 @@ static int NonBlockingSSL_Accept(SSL* ssl)
         }
 
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (error == WC_PENDING_E) {
+        if (error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) break;
         }
@@ -378,7 +378,7 @@ static int NonBlockingSSL_Accept(SSL* ssl)
         if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
             || (select_ret == TEST_ERROR_READY)
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             #ifndef WOLFSSL_CALLBACKS
@@ -447,16 +447,17 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
                 if (ret <= 0) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                     else
                 #endif
                     if (err != WOLFSSL_ERROR_WANT_READ &&
-                                             err != WOLFSSL_ERROR_WANT_WRITE &&
-                                             err != WOLFSSL_ERROR_ZERO_RETURN &&
-                                             err != APP_DATA_READY) {
+                        err != WOLFSSL_ERROR_WANT_WRITE &&
+                        err != WOLFSSL_ERROR_ZERO_RETURN &&
+                        err != WC_NO_ERR_TRACE(APP_DATA_READY))
+                    {
                         LOG_ERROR("SSL_read echo error %d\n", err);
                         err_sys_ex(runWithErrors, "SSL_read failed");
                         break;
@@ -484,13 +485,13 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
                 if (ret <= 0) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret != (int)min((word32)len, (word32)rx_pos)) {
                 LOG_ERROR("SSL_write echo error %d\n", err);
                 err_sys_ex(runWithErrors, "SSL_write failed");
@@ -545,7 +546,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             err = SSL_get_error(ssl, ret);
 
         #ifdef HAVE_SECURE_RENEGOTIATION
-            if (err == APP_DATA_READY) {
+            if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
                 /* If we receive a message during renegotiation
                  * then just print it. We return the message sent
                  * after the renegotiation. */
@@ -563,14 +564,14 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             }
         #endif
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
             else
         #endif
         #ifdef WOLFSSL_DTLS
-            if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
+            if (wolfSSL_dtls(ssl) && err == WC_NO_ERR_TRACE(DECRYPT_ERROR)) {
                 LOG_ERROR("Dropped client's message due to a bad MAC\n");
             }
             else
@@ -579,7 +580,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
                     && err != WOLFSSL_ERROR_WANT_WRITE /* Can happen during
                                                         * handshake */
         #ifdef HAVE_SECURE_RENEGOTIATION
-                    && err != APP_DATA_READY
+                    && err != WC_NO_ERR_TRACE(APP_DATA_READY)
         #endif
             ) {
                 LOG_ERROR("SSL_read input error %d, %s\n", err,
@@ -595,14 +596,14 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             #endif
             do {
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
                 ret = wolfSSL_peek(ssl, buffer, 0);
                 err = SSL_get_error(ssl, ret);
-            } while (err == WC_PENDING_E
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E)
                 || err == WOLFSSL_ERROR_WANT_READ
                 || err == WOLFSSL_ERROR_WANT_WRITE);
             if (err < 0) {
@@ -611,7 +612,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             if (wolfSSL_pending(ssl))
                 err = WOLFSSL_ERROR_WANT_READ;
         }
-    } while (err == WC_PENDING_E
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E)
              || err == WOLFSSL_ERROR_WANT_READ
              || err == WOLFSSL_ERROR_WANT_WRITE);
     if (ret > 0) {
@@ -641,7 +642,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
             err = SSL_get_error(ssl, 0);
 
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
@@ -652,7 +653,8 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
             len = (outputLen -= ret);
             err = WOLFSSL_ERROR_WANT_WRITE;
         }
-    } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_WRITE);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+             err == WOLFSSL_ERROR_WANT_WRITE);
     if (ret != outputLen) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
         LOG_ERROR("SSL_write msg error %d, %s\n", err,
@@ -684,12 +686,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X25519;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x25519");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else if (useX448) {
@@ -699,35 +701,56 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X448;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x448");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else if (usePqc == 1) {
     #ifdef HAVE_PQC
             groups[count] = 0;
+        #ifndef WOLFSSL_NO_KYBER512
             if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER512
+            if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
                 groups[count] = WOLFSSL_P256_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
                 groups[count] = WOLFSSL_P384_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
                 groups[count] = WOLFSSL_P521_KYBER_LEVEL5;
             }
+            else
+        #endif
+            {
+                err_sys("invalid post-quantum KEM specified");
+            }
 
             if (groups[count] == 0) {
                 err_sys("invalid post-quantum KEM specified");
@@ -752,24 +775,24 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SECP256R1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve secp256r1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #elif defined(WOLFSSL_SM2)
             do {
                 ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SM2P256V1);
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SM2P256V1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve sm2p256r1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #endif
     #endif
         }
@@ -781,12 +804,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             if (ret == WOLFSSL_SUCCESS)
                 groups[count++] = WOLFSSL_FFDHE_2048;
         #ifdef WOLFSSL_ASYNC_CRYPT
-            else if (ret == WC_PENDING_E)
+            else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
         #endif
             else
                 err_sys("unable to use DH 2048-bit parameters");
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
     }
     if (count >= MAX_GROUP_NUMBER)
@@ -1365,7 +1388,7 @@ static int server_srtp_test(WOLFSSL *ssl, func_args *args)
 
     ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
                                                    &srtp_secret_length);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         LOG_ERROR("DTLS SRTP: Error getting key material length\n");
         return ret;
     }
@@ -2661,7 +2684,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
                                                            defined(WOLFSSL_DTLS)
     if (dtlsMTU)
-        wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU);
+        wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU);
 #endif
 
 #ifdef WOLFSSL_SCTP
@@ -3192,14 +3215,14 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 
                     }
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                    else if (ret == WC_PENDING_E) {
+                    else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     }
                     #endif
                     else {
                         err_sys("Failed wolfSSL_UseKeyShare in force-curve");
                     }
-                } while (ret == WC_PENDING_E);
+                } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
                 ret = wolfSSL_set_groups(ssl, &force_curve_group_id, 1);
                 if (WOLFSSL_SUCCESS != ret) {
                     err_sys("Failed wolfSSL_set_groups in force-curve");
@@ -3402,7 +3425,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                     if (ret <= 0) {
                         err = SSL_get_error(ssl, 0);
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (err == WC_PENDING_E) {
+                        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                             /* returns the number of polled items or <0 for
                              * error */
                             ret = wolfSSL_AsyncPoll(ssl,
@@ -3415,7 +3438,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                         input[ret] = 0; /* null terminate message */
                         printf("Early Data Client message: %s\n", input);
                     }
-                } while (err == WC_PENDING_E || ret > 0);
+                } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) || ret > 0);
             }
     #endif
             do {
@@ -3424,13 +3447,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 if (ret != WOLFSSL_SUCCESS) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         }
 #else
         if (nonBlocking) {
@@ -3533,10 +3556,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 
         size = wolfSSL_get_server_random(ssl, rnd, size);
         if (size == 0) {
-            if (rnd) {
-                XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                rnd = NULL;
-            }
+            XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            rnd = NULL;
             err_sys_ex(runWithErrors, "error getting server random buffer");
         }
 
@@ -3603,7 +3624,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             if (err == WOLFSSL_SUCCESS)
                 printf("Sent ALPN protocol : %s (%d)\n",
                        protocol_name, protocol_nameSz);
-            else if (err == WOLFSSL_ALPN_NOT_FOUND)
+            else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
                 printf("No ALPN response sent (no match)\n");
             else
                 printf("Getting ALPN protocol name failed\n");
@@ -3634,12 +3655,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                             err == WOLFSSL_ERROR_WANT_WRITE) {
                         do {
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
                         #endif
-                            if (err == APP_DATA_READY) {
+                            if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
                                 if (wolfSSL_read(ssl, input, sizeof(input)-1) < 0) {
                                     err_sys("APP DATA should be present but error returned");
                                 }
@@ -3651,9 +3672,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                             }
                         } while (ret != WOLFSSL_SUCCESS &&
                                 (err == WOLFSSL_ERROR_WANT_READ ||
-                                        err == WOLFSSL_ERROR_WANT_WRITE ||
-                                        err == APP_DATA_READY ||
-                                        err == WC_PENDING_E));
+                                 err == WOLFSSL_ERROR_WANT_WRITE ||
+                                 err == WC_NO_ERR_TRACE(APP_DATA_READY) ||
+                                 err == WC_NO_ERR_TRACE(WC_PENDING_E)));
 
                         if (ret == WOLFSSL_SUCCESS) {
                             printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
@@ -3674,12 +3695,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
 #ifdef WOLFSSL_ASYNC_CRYPT
                     err = wolfSSL_get_error(ssl, 0);
-                    while (err == WC_PENDING_E) {
+                    while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         err = 0;
                         ret = wolfSSL_negotiate(ssl);
                         if (ret != WOLFSSL_SUCCESS) {
                             err = wolfSSL_get_error(ssl, 0);
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
@@ -3713,8 +3734,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                                ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
                                 WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
 
-                wolfSSL_request_certificate(ssl);
-
+                if (wolfSSL_request_certificate(ssl) != WOLFSSL_SUCCESS) {
+                    LOG_ERROR("Request for post-hs certificate failed\n");
+                }
+                else {
+                    LOG_ERROR("Successfully requested post-hs certificate\n");
+                }
             }
 
     #endif
@@ -3746,11 +3771,16 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 ServerRead(ssl, input, sizeof(input)-1);
 #endif
         }
-        else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) {
+        else if (err == 0 ||
+                 err == WOLFSSL_ERROR_ZERO_RETURN)
+        {
             err = ServerEchoData(ssl, clientfd, echoData, block, throughput);
             /* Got close notify. Ignore it if not expecting a failure. */
-            if (err == WOLFSSL_ERROR_ZERO_RETURN && exitWithRet == 0)
+            if (err == WOLFSSL_ERROR_ZERO_RETURN &&
+                exitWithRet == 0)
+            {
                 err = 0;
+            }
             if (err != 0) {
                 SSL_free(ssl); ssl = NULL;
                 SSL_CTX_free(ctx); ctx = NULL;
diff --git a/examples/server/server.h b/examples/server/server.h
index e0c8ad7bab..0750f4ca99 100644
--- a/examples/server/server.h
+++ b/examples/server/server.h
@@ -1,6 +1,6 @@
 /* server.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/fips-check.sh b/fips-check.sh
index 4f57d2d040..a134bddabf 100755
--- a/fips-check.sh
+++ b/fips-check.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # fips-check.sh
 # This script checks the current revision of the code against the
diff --git a/fips-hash.sh b/fips-hash.sh
index 8bb6de4ecf..7ae25eeebd 100755
--- a/fips-hash.sh
+++ b/fips-hash.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 if test ! -x ./wolfcrypt/test/testwolfcrypt
 then
@@ -18,4 +18,3 @@ then
     cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
     sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c
 fi
-
diff --git a/gencertbuf.pl b/gencertbuf.pl
index 5bc018874c..a2612084b0 100755
--- a/gencertbuf.pl
+++ b/gencertbuf.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # gencertbuf.pl
 # version 1.1
diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild
index e294e45288..f322742a46 100644
--- a/linuxkm/Kbuild
+++ b/linuxkm/Kbuild
@@ -1,6 +1,6 @@
 # Linux kernel-native Makefile ("Kbuild") for libwolfssl.ko
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -18,7 +18,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 
-SHELL=/bin/bash
+SHELL=bash
 
 ifeq "$(WOLFSSL_OBJ_FILES)" ""
     $(error $$WOLFSSL_OBJ_FILES is unset.)
@@ -48,9 +48,17 @@ endif
 
 $(obj)/linuxkm/module_exports.o: $(WOLFSSL_OBJ_TARGETS)
 
+ifndef KERNEL_THREAD_STACK_SIZE
+    ifdef CROSS_COMPILE
+        KERNEL_THREAD_STACK_SIZE=16384
+    endif
+endif
+
 # this mechanism only works in kernel 5.x+ (fallback to hardcoded value)
-hostprogs := linuxkm/get_thread_size
-always-y := $(hostprogs)
+ifndef KERNEL_THREAD_STACK_SIZE
+    hostprogs := linuxkm/get_thread_size
+    always-y := $(hostprogs)
+endif
 
 HOST_EXTRACFLAGS += $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(KBUILD_CFLAGS) -static -fno-omit-frame-pointer
 
@@ -63,8 +71,10 @@ endif
 # this rule is needed to get build to succeed in 4.x (get_thread_size still doesn't get built)
 $(obj)/linuxkm/get_thread_size: $(src)/linuxkm/get_thread_size.c
 
-$(WOLFSSL_OBJ_TARGETS): | $(obj)/linuxkm/get_thread_size
-KERNEL_THREAD_STACK_SIZE=$(shell test -x $(obj)/linuxkm/get_thread_size && $(obj)/linuxkm/get_thread_size || echo 16384)
+ifndef KERNEL_THREAD_STACK_SIZE
+    $(WOLFSSL_OBJ_TARGETS): | $(obj)/linuxkm/get_thread_size
+    KERNEL_THREAD_STACK_SIZE=$(shell test -x $(obj)/linuxkm/get_thread_size && $(obj)/linuxkm/get_thread_size || echo 16384)
+endif
 MAX_STACK_FRAME_SIZE=$(shell echo $$(( $(KERNEL_THREAD_STACK_SIZE) / 4)))
 
 libwolfssl-y := $(WOLFSSL_OBJ_FILES) linuxkm/module_hooks.o linuxkm/module_exports.o
@@ -105,7 +115,8 @@ $(obj)/wolfcrypt/benchmark/benchmark.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS
 asflags-y := $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPUSIMD_DISABLE)
 
 # vectorized implementations that are kernel-safe are listed here.
-# these are known kernel-compatible, but they still irritate objtool.
+# these are known kernel-compatible, but need the vector instructions enabled in the assembler,
+# and most of them still irritate objtool.
 $(obj)/wolfcrypt/src/aes_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
 $(obj)/wolfcrypt/src/aes_asm.o: OBJECT_FILES_NON_STANDARD := y
 $(obj)/wolfcrypt/src/aes_gcm_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
@@ -124,6 +135,7 @@ $(obj)/wolfcrypt/src/chacha_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_
 $(obj)/wolfcrypt/src/chacha_asm.o: OBJECT_FILES_NON_STANDARD := y
 $(obj)/wolfcrypt/src/poly1305_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
 $(obj)/wolfcrypt/src/poly1305_asm.o: OBJECT_FILES_NON_STANDARD := y
+$(obj)/wolfcrypt/src/wc_kyber_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
 
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
 
@@ -181,8 +193,8 @@ endif
 # exclude symbols that don't match wc_* or wolf*.
 $(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS)
 	@cp $< $@
-	@readelf --symbols --wide $(WOLFSSL_OBJ_TARGETS) |				\
-		awk '/^ *[0-9]+: / {							\
+	@$(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) |				\
+		$(AWK) '/^ *[0-9]+: / {							\
 		  if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;}				\
 		  if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) {	\
 		    print "EXPORT_SYMBOL_NS_GPL(" $$8 ", WOLFSSL);";    		\
diff --git a/linuxkm/Makefile b/linuxkm/Makefile
index ccd5137e16..a4adad90da 100644
--- a/linuxkm/Makefile
+++ b/linuxkm/Makefile
@@ -1,6 +1,6 @@
 # libwolfssl Linux kernel module Makefile (wraps Kbuild-native makefile)
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -18,7 +18,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 
-SHELL=/bin/bash
+SHELL=bash
 
 all: libwolfssl.ko libwolfssl.ko.signed
 
@@ -58,20 +58,41 @@ endif
 
 export WOLFSSL_CFLAGS WOLFSSL_ASFLAGS WOLFSSL_OBJ_FILES WOLFCRYPT_PIE_FILES
 
+ifneq "$(host_triplet)" "$(build_triplet)"
+    CROSS_COMPILE := 'CROSS_COMPILE=$(host_triplet)-'
+endif
+
+OVERRIDE_PATHS :=
+
+ifdef CC
+    ifneq "$(CC)" "cc"
+        OVERRIDE_PATHS := $(OVERRIDE_PATHS) 'CC=$(CC)'
+    endif
+endif
+ifdef AS
+    ifneq "$(AS)" "as"
+        OVERRIDE_PATHS := $(OVERRIDE_PATHS) 'AS=$(AS)'
+    endif
+endif
+ifdef LD
+    ifneq "$(LD)" "ld"
+        OVERRIDE_PATHS := $(OVERRIDE_PATHS) 'LD=$(LD)'
+    endif
+endif
+
 libwolfssl.ko:
-	@if test -z "$(KERNEL_ROOT)"; then echo '$$KERNEL_ROOT is unset' >&2; exit 1; fi
-	@if test -z "$(AM_CFLAGS)$(CFLAGS)"; then echo '$$AM_CFLAGS and $$CFLAGS are both unset.' >&2; exit 1; fi
-	@if test -z "$(src_libwolfssl_la_OBJECTS)"; then echo '$$src_libwolfssl_la_OBJECTS is unset.' >&2; exit 1; fi
-	@if test ! -h $(SRC_TOP)/Kbuild; then ln -s $(MODULE_TOP)/Kbuild $(SRC_TOP)/Kbuild; fi
+	@if test -z '$(KERNEL_ROOT)'; then echo '$$KERNEL_ROOT is unset' >&2; exit 1; fi
+	@if test -z '$(AM_CFLAGS)$(CFLAGS)'; then echo '$$AM_CFLAGS and $$CFLAGS are both unset.' >&2; exit 1; fi
+	@if test -z '$(src_libwolfssl_la_OBJECTS)'; then echo '$$src_libwolfssl_la_OBJECTS is unset.' >&2; exit 1; fi
         # after commit 9a0ebe5011 (6.10), sources must be in $(obj).  work around this by making links to all needed sources:
-	@mkdir -p linuxkm
-	@cp --no-dereference --symbolic-link --no-clobber '$(MODULE_TOP)'/*.[ch] '$(MODULE_TOP)'/linuxkm/
-	@cp --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)'/wolfcrypt '$(MODULE_TOP)'/
-	@cp --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)'/src '$(MODULE_TOP)'/
+	@mkdir -p '$(MODULE_TOP)/linuxkm'
+	@test '$(MODULE_TOP)/module_hooks.c' -ef '$(MODULE_TOP)/linuxkm/module_hooks.c' || cp --no-dereference --symbolic-link --no-clobber '$(MODULE_TOP)'/*.[ch] '$(MODULE_TOP)/linuxkm/'
+	@test '$(SRC_TOP)/wolfcrypt/src/wc_port.c' -ef '$(MODULE_TOP)/wolfcrypt/src/wc_port.c' || cp --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/wolfcrypt' '$(MODULE_TOP)/'
+	@test '$(SRC_TOP)/src/wolfio.c' -ef '$(MODULE_TOP)/src/wolfio.c' || cp --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/src' '$(MODULE_TOP)/'
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
-	+$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE=
+	+$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE=
 else
-	+$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) $(KBUILD_EXTRA_FLAGS)
+	+$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS)
 endif
 
 libwolfssl.ko.signed: libwolfssl.ko
@@ -114,6 +135,9 @@ install modules_install:
 # note, must supply $(MODULE_TOP) as the src value for clean so that Kbuild is included, else
 # the top Makefile (which is not for the kernel build) would be included here.
 clean:
+	$(RM) -rf '$(MODULE_TOP)/linuxkm'
+	$(RM) -rf '$(MODULE_TOP)/wolfcrypt'
+	$(RM) -rf '$(MODULE_TOP)/src'
 	+$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(MODULE_TOP) clean
 
 .PHONY: check
diff --git a/linuxkm/get_thread_size.c b/linuxkm/get_thread_size.c
index ed273864e3..cf6172db5f 100644
--- a/linuxkm/get_thread_size.c
+++ b/linuxkm/get_thread_size.c
@@ -1,7 +1,7 @@
 /* get_thread_size.c -- trivial program to determine stack frame size
  * for a Linux kernel thread, given a configured source tree.
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/linuxkm/linuxkm_memory.c b/linuxkm/linuxkm_memory.c
index 584998779f..e2c4a0476e 100644
--- a/linuxkm/linuxkm_memory.c
+++ b/linuxkm/linuxkm_memory.c
@@ -1,6 +1,6 @@
 /* linuxkm_memory.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h
index dce26dc37f..1d53adc057 100644
--- a/linuxkm/linuxkm_wc_port.h
+++ b/linuxkm/linuxkm_wc_port.h
@@ -1,6 +1,6 @@
 /* linuxkm_wc_port.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -461,8 +461,17 @@
         struct Signer *GetCA(void *signers, unsigned char *hash);
         #ifndef NO_SKID
             struct Signer *GetCAByName(void* signers, unsigned char *hash);
-        #endif
-    #endif
+            #ifdef HAVE_OCSP
+                struct Signer* GetCAByKeyHash(void* vp, const unsigned char* keyHash);
+            #endif /* HAVE_OCSP */
+            #ifdef WOLFSSL_AKID_NAME
+                struct Signer* GetCAByAKID(void* vp, const unsigned char* issuer,
+                                           unsigned int issuerSz,
+                                           const unsigned char* serial,
+                                           unsigned int serialSz);
+            #endif
+        #endif /* NO_SKID */
+    #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
 
     #if defined(__PIE__) && !defined(USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE)
         #error "compiling -fPIE requires PIE redirect table."
@@ -533,7 +542,13 @@
 
         const unsigned char *_ctype;
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+        typeof(kmalloc_noprof) *kmalloc_noprof;
+        typeof(krealloc_noprof) *krealloc_noprof;
+        typeof(kzalloc_noprof) *kzalloc_noprof;
+        typeof(__kvmalloc_node_noprof) *__kvmalloc_node_noprof;
+        typeof(__kmalloc_cache_noprof) *__kmalloc_cache_noprof;
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
         typeof(kmalloc_noprof) *kmalloc_noprof;
         typeof(krealloc_noprof) *krealloc_noprof;
         typeof(kzalloc_noprof) *kzalloc_noprof;
@@ -623,7 +638,17 @@
         typeof(GetCA) *GetCA;
         #ifndef NO_SKID
         typeof(GetCAByName) *GetCAByName;
-        #endif
+        #ifdef HAVE_OCSP
+        typeof(GetCAByKeyHash) *GetCAByKeyHash;
+        #endif /* HAVE_OCSP */
+        #endif /* NO_SKID */
+        #ifdef WOLFSSL_AKID_NAME
+        typeof(GetCAByAKID) *GetCAByAKID;
+        #endif /* WOLFSSL_AKID_NAME */
+        #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
+        #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+        typeof(dump_stack) *dump_stack;
         #endif
 
         const void *_last_slot;
@@ -685,7 +710,14 @@
 
     #define _ctype (wolfssl_linuxkm_get_pie_redirect_table()->_ctype)
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+    /* see include/linux/alloc_tag.h and include/linux/slab.h */
+    #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof)
+    #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof)
+    #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof)
+    #define __kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kvmalloc_node_noprof)
+    #define __kmalloc_cache_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kmalloc_cache_noprof)
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
     /* see include/linux/alloc_tag.h and include/linux/slab.h */
     #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof)
     #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof)
@@ -761,7 +793,17 @@
         #define GetCA (wolfssl_linuxkm_get_pie_redirect_table()->GetCA)
         #ifndef NO_SKID
             #define GetCAByName (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByName)
+            #ifdef HAVE_OCSP
+                #define GetCAByKeyHash (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByKeyHash)
+            #endif /* HAVE_OCSP */
+        #endif /* NO_SKID */
+        #ifdef WOLFSSL_AKID_NAME
+            #define GetCAByAKID (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByAKID)
         #endif
+    #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
+    #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+        #define dump_stack (wolfssl_linuxkm_get_pie_redirect_table()->dump_stack)
     #endif
 
     #endif /* __PIE__ */
diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c
index 7b2c135f54..faf88fd56f 100644
--- a/linuxkm/lkcapi_glue.c
+++ b/linuxkm/lkcapi_glue.c
@@ -773,7 +773,7 @@ static int km_AesGcmDecrypt(struct aead_request *req)
         pr_err("%s: wc_AesGcmDecryptFinal failed with return code %d\n",
                crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
 
-        if (err == AES_GCM_AUTH_E) {
+        if (err == WC_NO_ERR_TRACE(AES_GCM_AUTH_E)) {
             return -EBADMSG;
         }
         else {
@@ -2025,7 +2025,7 @@ static int aes_xts_128_test(void)
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
@@ -2068,7 +2068,7 @@ static int aes_xts_128_test(void)
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
@@ -2090,7 +2090,7 @@ static int aes_xts_128_test(void)
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(cipher, 0, AES_XTS_128_TEST_BUF_SIZ);
     ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -2116,7 +2116,7 @@ static int aes_xts_128_test(void)
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -2139,7 +2139,7 @@ static int aes_xts_128_test(void)
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -2451,14 +2451,10 @@ static int aes_xts_128_test(void)
 
     test_xts_end:
 
-    if (enc2)
-        XFREE(enc2, NULL, DYNAMIC_TYPE_AES);
-    if (dec2)
-        XFREE(dec2, NULL, DYNAMIC_TYPE_AES);
-    if (src)
-        XFREE(src, NULL, DYNAMIC_TYPE_AES);
-    if (dst)
-        XFREE(dst, NULL, DYNAMIC_TYPE_AES);
+    XFREE(enc2, NULL, DYNAMIC_TYPE_AES);
+    XFREE(dec2, NULL, DYNAMIC_TYPE_AES);
+    XFREE(src, NULL, DYNAMIC_TYPE_AES);
+    XFREE(dst, NULL, DYNAMIC_TYPE_AES);
     if (req)
         skcipher_request_free(req);
     if (tfm)
@@ -2466,19 +2462,14 @@ static int aes_xts_128_test(void)
 
   out:
 
-    if (large_input)
-        XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (aes_inited)
         wc_AesXtsFree(aes);
 
-    if (buf)
-        XFREE(buf, NULL, DYNAMIC_TYPE_AES);
-    if (cipher)
-        XFREE(cipher, NULL, DYNAMIC_TYPE_AES);
-
-    if (aes)
-        XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    XFREE(buf, NULL, DYNAMIC_TYPE_AES);
+    XFREE(cipher, NULL, DYNAMIC_TYPE_AES);
+    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
 
 #undef AES_XTS_128_TEST_BUF_SIZ
 
@@ -2939,14 +2930,10 @@ static int aes_xts_256_test(void)
 
     test_xts_end:
 
-    if (enc2)
-        XFREE(enc2, NULL, DYNAMIC_TYPE_AES);
-    if (dec2)
-        XFREE(dec2, NULL, DYNAMIC_TYPE_AES);
-    if (src)
-        XFREE(src, NULL, DYNAMIC_TYPE_AES);
-    if (dst)
-        XFREE(dst, NULL, DYNAMIC_TYPE_AES);
+    XFREE(enc2, NULL, DYNAMIC_TYPE_AES);
+    XFREE(dec2, NULL, DYNAMIC_TYPE_AES);
+    XFREE(src, NULL, DYNAMIC_TYPE_AES);
+    XFREE(dst, NULL, DYNAMIC_TYPE_AES);
     if (req)
         skcipher_request_free(req);
     if (tfm)
@@ -2954,19 +2941,15 @@ static int aes_xts_256_test(void)
 
   out:
 
-    if (large_input)
-        XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (aes_inited)
         wc_AesXtsFree(aes);
 
-    if (buf)
-        XFREE(buf, NULL, DYNAMIC_TYPE_AES);
-    if (cipher)
-        XFREE(cipher, NULL, DYNAMIC_TYPE_AES);
+    XFREE(buf, NULL, DYNAMIC_TYPE_AES);
+    XFREE(cipher, NULL, DYNAMIC_TYPE_AES);
 
-    if (aes)
-        XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
 
 #undef AES_XTS_256_TEST_BUF_SIZ
 
diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template
index 5efa3e0c9f..77beef5bd1 100644
--- a/linuxkm/module_exports.c.template
+++ b/linuxkm/module_exports.c.template
@@ -1,7 +1,7 @@
 /* module_exports.c.template -- static preamble for dynamically generated
  * module_exports.c (see Kbuild)
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -171,6 +171,9 @@
     #include <wolfssl/wolfcrypt/wc_lms.h>
 #endif
 #endif
+#ifdef HAVE_DILITHIUM
+    #include <wolfssl/wolfcrypt/dilithium.h>
+#endif
 
 #ifdef OPENSSL_EXTRA
   #ifndef WOLFCRYPT_ONLY
diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c
index 3382d2c798..2972011919 100644
--- a/linuxkm/module_hooks.c
+++ b/linuxkm/module_hooks.c
@@ -1,6 +1,6 @@
 /* module_hooks.c -- module load/unload hooks for libwolfssl.ko
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -105,7 +105,7 @@ static void lkmFipsCb(int ok, int err, const char* hash)
 {
     if ((! ok) || (err != 0))
         pr_err("libwolfssl FIPS error: %s\n", wc_GetErrorString(err));
-    if (err == IN_CORE_FIPS_E) {
+    if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
         pr_err("In-core integrity hash check failure.\n"
                "Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n",
                hash ? hash : "<null>");
@@ -237,7 +237,7 @@ static int wolfssl_init(void)
     ret = wolfCrypt_GetStatus_fips();
     if (ret != 0) {
         pr_err("wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
-        if (ret == IN_CORE_FIPS_E) {
+        if (ret == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
             const char *newhash = wolfCrypt_GetCoreHash_fips();
             pr_err("Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n",
                    newhash ? newhash : "<null>");
@@ -459,7 +459,13 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 
     wolfssl_linuxkm_pie_redirect_table._ctype = _ctype;
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+    wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.__kvmalloc_node_noprof = __kvmalloc_node_noprof;
+    wolfssl_linuxkm_pie_redirect_table.__kmalloc_cache_noprof = __kmalloc_cache_noprof;
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
     wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof;
     wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof;
     wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
@@ -571,7 +577,17 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     wolfssl_linuxkm_pie_redirect_table.GetCA = GetCA;
 #ifndef NO_SKID
     wolfssl_linuxkm_pie_redirect_table.GetCAByName = GetCAByName;
-#endif
+#ifdef HAVE_OCSP
+    wolfssl_linuxkm_pie_redirect_table.GetCAByKeyHash = GetCAByKeyHash;
+#endif /* HAVE_OCSP */
+#endif /* NO_SKID */
+#ifdef WOLFSSL_AKID_NAME
+    wolfssl_linuxkm_pie_redirect_table.GetCAByAKID = GetCAByAKID;
+#endif /* WOLFSSL_AKID_NAME */
+#endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
+#ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+    wolfssl_linuxkm_pie_redirect_table.dump_stack = dump_stack;
 #endif
 
     /* runtime assert that the table has no null slots after initialization. */
@@ -797,16 +813,11 @@ static int updateFipsHash(void)
 
     if (tfm != NULL)
         crypto_free_shash(tfm);
-    if (desc != NULL)
-        XFREE(desc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (hash != NULL)
-        XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (base16_hash != NULL)
-        XFREE(base16_hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (binCoreKey != NULL)
-        XFREE(binCoreKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (binVerify != NULL)
-        XFREE(binVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(desc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(base16_hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(binCoreKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(binVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
diff --git a/linuxkm/pie_first.c b/linuxkm/pie_first.c
index aa2117bc6c..0bf1b1ae4f 100644
--- a/linuxkm/pie_first.c
+++ b/linuxkm/pie_first.c
@@ -1,6 +1,6 @@
 /* linuxkm/pie_first.c -- memory fenceposts for checking binary image stability
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/linuxkm/pie_last.c b/linuxkm/pie_last.c
index 35de6fc473..8d687f14cc 100644
--- a/linuxkm/pie_last.c
+++ b/linuxkm/pie_last.c
@@ -1,6 +1,6 @@
 /* linuxkm/pie_last.c -- memory fenceposts for checking binary image stability
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/linuxkm/pie_redirect_table.c b/linuxkm/pie_redirect_table.c
index c624b9efc8..9142ef49e2 100644
--- a/linuxkm/pie_redirect_table.c
+++ b/linuxkm/pie_redirect_table.c
@@ -1,6 +1,6 @@
 /* pie_redirect_table.c -- module load/unload hooks for libwolfssl.ko
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/m4/ax_atomic.m4 b/m4/ax_atomic.m4
index b1fa58753f..d8c8d0d2c8 100644
--- a/m4/ax_atomic.m4
+++ b/m4/ax_atomic.m4
@@ -9,18 +9,20 @@ AC_DEFUN([AC_C___ATOMIC],
       [[int
         main (int argc, char **argv)
         {
-          volatile unsigned long ul1 = 1, ul2 = 0, ul3 = 2;
+          volatile unsigned long ul1 = 1;
+          unsigned long ul2 = 0, ul3 = 2;
           __atomic_load_n(&ul1, __ATOMIC_SEQ_CST);
           __atomic_compare_exchange(&ul1, &ul2, &ul3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
           __atomic_fetch_add(&ul1, 1, __ATOMIC_SEQ_CST);
-          __atomic_fetch_sub(&ul3, 1, __ATOMIC_SEQ_CST);
+          __atomic_fetch_sub(&ul1, 1, __ATOMIC_SEQ_CST);
           __atomic_or_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
           __atomic_and_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
-          volatile unsigned long long ull1 = 1, ull2 = 0, ull3 = 2;
+          volatile unsigned long long ull1 = 1;
+          unsigned long long ull2 = 0, ull3 = 2;
           __atomic_load_n(&ull1, __ATOMIC_SEQ_CST);
           __atomic_compare_exchange(&ull1, &ull2, &ull3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
           __atomic_fetch_add(&ull1, 1, __ATOMIC_SEQ_CST);
-          __atomic_fetch_sub(&ull3, 1, __ATOMIC_SEQ_CST);
+          __atomic_fetch_sub(&ull1, 1, __ATOMIC_SEQ_CST);
           __atomic_or_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
           __atomic_and_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
           return 0;
diff --git a/m4/ax_debug.m4 b/m4/ax_debug.m4
index 94e4c9cb67..42808535b8 100644
--- a/m4/ax_debug.m4
+++ b/m4/ax_debug.m4
@@ -14,23 +14,23 @@
 #
 #  Copyright (C) 2012 Brian Aker
 #  All rights reserved.
-#  
+#
 #  Redistribution and use in source and binary forms, with or without
 #  modification, are permitted provided that the following conditions are
 #  met:
-#  
+#
 #      * Redistributions of source code must retain the above copyright
 #  notice, this list of conditions and the following disclaimer.
-#  
+#
 #      * Redistributions in binary form must reproduce the above
 #  copyright notice, this list of conditions and the following disclaimer
 #  in the documentation and/or other materials provided with the
 #  distribution.
-#  
+#
 #      * The names of its contributors may not be used to endorse or
 #  promote products derived from this software without specific prior
 #  written permission.
-#  
+#
 #  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 #  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 #  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4
index d9ae175c0d..d4377a70e1 100644
--- a/m4/ax_harden_compiler_flags.m4
+++ b/m4/ax_harden_compiler_flags.m4
@@ -19,23 +19,23 @@
 #
 #  Copyright (C) 2012 Brian Aker
 #  All rights reserved.
-#  
+#
 #  Redistribution and use in source and binary forms, with or without
 #  modification, are permitted provided that the following conditions are
 #  met:
-#  
+#
 #      * Redistributions of source code must retain the above copyright
 #  notice, this list of conditions and the following disclaimer.
-#  
+#
 #      * Redistributions in binary form must reproduce the above
 #  copyright notice, this list of conditions and the following disclaimer
 #  in the documentation and/or other materials provided with the
 #  distribution.
-#  
+#
 #      * The names of its contributors may not be used to endorse or
 #  promote products derived from this software without specific prior
 #  written permission.
-#  
+#
 #  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 #  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 #  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
diff --git a/m4/ax_linuxkm.m4 b/m4/ax_linuxkm.m4
index aebc2a6036..a3ba5ccaf1 100644
--- a/m4/ax_linuxkm.m4
+++ b/m4/ax_linuxkm.m4
@@ -1,6 +1,6 @@
 # ax_linuxkm.m4 -- macros for getting attributes of default configured kernel
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/m4/ax_vcs_checkout.m4 b/m4/ax_vcs_checkout.m4
index 4636b58ed8..63d5e9bea5 100644
--- a/m4/ax_vcs_checkout.m4
+++ b/m4/ax_vcs_checkout.m4
@@ -16,23 +16,23 @@
 #
 #  Copyright (C) 2012 Brian Aker
 #  All rights reserved.
-#  
+#
 #  Redistribution and use in source and binary forms, with or without
 #  modification, are permitted provided that the following conditions are
 #  met:
-#  
+#
 #      * Redistributions of source code must retain the above copyright
 #  notice, this list of conditions and the following disclaimer.
-#  
+#
 #      * Redistributions in binary form must reproduce the above
 #  copyright notice, this list of conditions and the following disclaimer
 #  in the documentation and/or other materials provided with the
 #  distribution.
-#  
+#
 #      * The names of its contributors may not be used to endorse or
 #  promote products derived from this software without specific prior
 #  written permission.
-#  
+#
 #  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 #  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 #  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
diff --git a/mcapi/crypto.c b/mcapi/crypto.c
index abfe65f783..aa5e430199 100644
--- a/mcapi/crypto.c
+++ b/mcapi/crypto.c
@@ -1,6 +1,6 @@
 /* crypto.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/mcapi/crypto.h b/mcapi/crypto.h
index 4511193076..dd95c1ca93 100644
--- a/mcapi/crypto.h
+++ b/mcapi/crypto.h
@@ -1,6 +1,6 @@
 /* crypto.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c
index 7e5acbc08f..16d929749b 100644
--- a/mcapi/mcapi_test.c
+++ b/mcapi/mcapi_test.c
@@ -1,6 +1,6 @@
 /* mcapi_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,7 +23,9 @@
 
 /* Tests Microchip CRYPTO API layer */
 
-
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
 
 /* mc api header */
 #include <wolfssl/wolfcrypt/settings.h>
diff --git a/mplabx/benchmark_main.c b/mplabx/benchmark_main.c
index ef4c82a914..8a9cf81427 100644
--- a/mplabx/benchmark_main.c
+++ b/mplabx/benchmark_main.c
@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/mplabx/test_main.c b/mplabx/test_main.c
index e072c08db5..64f3556a16 100644
--- a/mplabx/test_main.c
+++ b/mplabx/test_main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/mqx/wolfcrypt_test/Sources/main.c b/mqx/wolfcrypt_test/Sources/main.c
index 040a2bf3c2..0276c7c80e 100644
--- a/mqx/wolfcrypt_test/Sources/main.c
+++ b/mqx/wolfcrypt_test/Sources/main.c
@@ -58,7 +58,7 @@ typedef struct func_args {
 /*TASK*-----------------------------------------------------------------
  * Function Name  : Main_task
  * Comments       :
- *    This task opens the SD card device and runs the 
+ *    This task opens the SD card device and runs the
  *    wolfCrypt test functions located in test.c.
  *END------------------------------------------------------------------*/
 
@@ -69,7 +69,7 @@ void Main_task(uint32_t initial_data)
     char         filesystem_name[] = "a:";
     char         partman_name[]    = "pm:";
     MQX_FILE_PTR com_handle, sdcard_handle, filesystem_handle, partman_handle;
-    
+
     ret = sdcard_open(&com_handle, &sdcard_handle, &partman_handle,
                       &filesystem_handle, partman_name, filesystem_name);
     if (ret != 0) {
@@ -77,9 +77,9 @@ void Main_task(uint32_t initial_data)
         _mqx_exit(1);
     }
     printf("SD card installed to %s\n", filesystem_name);
-    
+
     wolfcrypt_test(&args);
-    
+
     ret = sdcard_close(&sdcard_handle, &partman_handle,
                        &filesystem_handle, partman_name, filesystem_name);
     if (ret != 0) {
@@ -87,7 +87,7 @@ void Main_task(uint32_t initial_data)
         _mqx_exit(1);
     }
     printf("SD card uninstalled.\n");
-    
+
     _mqx_exit(0);
 
 }
diff --git a/mqx/wolfssl_client/Sources/main.h b/mqx/wolfssl_client/Sources/main.h
index 1740ddcb49..beb1fdfa9e 100644
--- a/mqx/wolfssl_client/Sources/main.h
+++ b/mqx/wolfssl_client/Sources/main.h
@@ -15,7 +15,7 @@
 
 #include <wolfssl/ssl.h>
 
-#define MAIN_TASK 	1
+#define MAIN_TASK 1
 
 extern void Main_task(uint32_t);
 extern void setup_ethernet(void);
@@ -34,10 +34,10 @@ static inline void err_sys(const char* msg)
         _mqx_exit(1);
 }
 
-/* PPP device must be set manually and 
+/* PPP device must be set manually and
  * must be different from the default IO channel (BSP_DEFAULT_IO_CHANNEL)
  */
-#define PPP_DEVICE      "ittyb:" 
+#define PPP_DEVICE      "ittyb:"
 
 /*
  * Define PPP_DEVICE_DUN only when using PPP to communicate
@@ -54,7 +54,7 @@ static inline void err_sys(const char* msg)
     #define ENET_IPMASK   IPADDR(255,255,255,0)
 #endif
 
-#define GATE_IPADDR		  IPADDR(192,168,1,1)
+#define GATE_IPADDR       IPADDR(192,168,1,1)
 
 #endif /* __main_h_ */
 
diff --git a/pull_to_vagrant.sh b/pull_to_vagrant.sh
index 15d88d97d8..9cba08d69a 100755
--- a/pull_to_vagrant.sh
+++ b/pull_to_vagrant.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 SRC=vagrant
 DST=wolfssl
 
diff --git a/scripts/aria-cmake-build-test.sh b/scripts/aria-cmake-build-test.sh
index 0454fbb381..b501ac6fa3 100644
--- a/scripts/aria-cmake-build-test.sh
+++ b/scripts/aria-cmake-build-test.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # aria_cmake_build_test.sh
 #
diff --git a/scripts/benchmark_compare.sh b/scripts/benchmark_compare.sh
index b4ae1d603f..98c2d5a9b1 100755
--- a/scripts/benchmark_compare.sh
+++ b/scripts/benchmark_compare.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # This script is designed to compare the output of wolfcrypt/benchmark test
 # application. If the file has an extension ".csv", then it will parse the
 # comma separated format, otherwise it will use the standard output format. The
diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test
index da245d485f..fc193d369c 100755
--- a/scripts/crl-revoked.test
+++ b/scripts/crl-revoked.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #crl.test
 # if we can, isolate the network namespace to eliminate port collisions.
diff --git a/scripts/dertoc.pl b/scripts/dertoc.pl
index c02d7d3f35..cf5b1fa797 100755
--- a/scripts/dertoc.pl
+++ b/scripts/dertoc.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # dertoc.pl
 # version 1.0
diff --git a/scripts/dtls.test b/scripts/dtls.test
index 8229d31bdd..a563db5e08 100755
--- a/scripts/dtls.test
+++ b/scripts/dtls.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # This script can be run with several environment variables set dictating its
 # run. You can set the following to what you like:
diff --git a/scripts/dtlscid.test b/scripts/dtlscid.test
index f38bf4307e..127f728f5d 100755
--- a/scripts/dtlscid.test
+++ b/scripts/dtlscid.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # dtlscid.test
 # Copyright wolfSSL 2022-2024
diff --git a/scripts/external.test b/scripts/external.test
index 671f6f9a36..970f6ad6d0 100755
--- a/scripts/external.test
+++ b/scripts/external.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # external.test
 
@@ -16,24 +16,28 @@ if ! ./examples/client/client -V | grep -q 3; then
 fi
 
 # cloudflare seems to change CAs quickly, disabled by default
-if test -n "$WOLFSSL_EXTERNAL_TEST"; then
-
-    BUILD_FLAGS="$(./examples/client/client '-#')"
-    if echo "$BUILD_FLAGS" | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
-        echo 'skipping WOLFSSL_EXTERNAL_TEST because -DWOLFSSL_SNIFFER configuration of build is incompatible.'
-        exit 77
-    fi
-
-    if echo "$BUILD_FLAGS" | fgrep -v -q -e ' -DHAVE_ECC '; then
-        echo 'skipping WOLFSSL_EXTERNAL_TEST because -UHAVE_ECC configuration of build is incompatible.'
-        exit 77
-    fi
-
-    echo "WOLFSSL_EXTERNAL_TEST set, running test..."
-else
-    echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run"
+if ! test -n "$WOLFSSL_EXTERNAL_TEST"; then
+    echo "WOLFSSL_EXTERNAL_TEST not set, won't run"
     exit 77
 fi
+if test "$WOLFSSL_EXTERNAL_TEST" == "0"; then
+    echo "WOLFSSL_EXTERNAL_TEST is defined to zero, won't run"
+    exit 77
+fi
+
+
+BUILD_FLAGS="$(./examples/client/client '-#')"
+if echo "$BUILD_FLAGS" | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
+    echo 'skipping WOLFSSL_EXTERNAL_TEST because -DWOLFSSL_SNIFFER configuration of build is incompatible.'
+    exit 77
+fi
+
+if echo "$BUILD_FLAGS" | fgrep -v -q -e ' -DHAVE_ECC '; then
+    echo 'skipping WOLFSSL_EXTERNAL_TEST because -UHAVE_ECC configuration of build is incompatible.'
+    exit 77
+fi
+
+echo "WOLFSSL_EXTERNAL_TEST set, running test..."
 
 # is our desired server there?
 "${SCRIPT_DIR}"/ping.test $server 2
diff --git a/scripts/google.test b/scripts/google.test
index 6eacc4d4fe..5e3e8f0f96 100755
--- a/scripts/google.test
+++ b/scripts/google.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # google.test
 
@@ -6,6 +6,15 @@ server=www.google.com
 
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
+if ! test -n "$WOLFSSL_EXTERNAL_TEST"; then
+    echo "WOLFSSL_EXTERNAL_TEST not set, won't run"
+    exit 77
+fi
+if test "$WOLFSSL_EXTERNAL_TEST" == "0"; then
+    echo "WOLFSSL_EXTERNAL_TEST is defined to zero, won't run"
+    exit 77
+fi
+
 if ! ./examples/client/client -V | grep -q 3; then
     echo 'skipping google.test because TLS1.2 is not available.' 1>&2
     exit 77
diff --git a/scripts/makedistsmall.sh b/scripts/makedistsmall.sh
index 0b92e1ce86..88b5546339 100755
--- a/scripts/makedistsmall.sh
+++ b/scripts/makedistsmall.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #set -v
 
 # Script to produce a small source/header only package (with CMake support)
diff --git a/scripts/memtest.sh b/scripts/memtest.sh
index 34e6b07df7..5cb7c5a93c 100755
--- a/scripts/memtest.sh
+++ b/scripts/memtest.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Run this script from the wolfSSL root as `./scripts/memtest.sh`.
 
@@ -14,7 +14,7 @@ make
 
 for i in {1..1000}
 do
-    echo "Trying $i...\n"
+    echo -e "Trying ${i}...\n"
 
         ./tests/unit.test > ./scripts/memtest.txt 2>&1
 
diff --git a/scripts/ocsp-stapling-with-ca-as-responder.test b/scripts/ocsp-stapling-with-ca-as-responder.test
index 5ae2ef1068..d4137395b7 100755
--- a/scripts/ocsp-stapling-with-ca-as-responder.test
+++ b/scripts/ocsp-stapling-with-ca-as-responder.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # ocsp-stapling-with-ca-as-responder.test
 
diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test
index 04d8ce9ace..731334c3da 100755
--- a/scripts/ocsp-stapling.test
+++ b/scripts/ocsp-stapling.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # ocsp-stapling.test
 # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
@@ -11,6 +11,12 @@ if [[ -z "${RETRIES_REMAINING-}" ]]; then
     export RETRIES_REMAINING=2
 fi
 
+if test "$WOLFSSL_EXTERNAL_TEST" == "0"; then
+    echo 'skipping oscp-stapling.test because WOLFSSL_EXTERNAL_TEST is \
+    defined to the value 0.'
+    exit 77
+fi
+
 if ! ./examples/client/client -V | grep -q 3; then
     echo 'skipping ocsp-stapling.test because TLS1.2 is not available.' 1>&2
     exit 77
diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test
index 0b3f5b12f5..f18ee1a7c4 100755
--- a/scripts/ocsp-stapling2.test
+++ b/scripts/ocsp-stapling2.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # ocsp-stapling2.test
 # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2
diff --git a/scripts/ocsp.test b/scripts/ocsp.test
index 0131b0bfd6..74764de906 100755
--- a/scripts/ocsp.test
+++ b/scripts/ocsp.test
@@ -50,7 +50,7 @@ else
 fi
 
 server=www.google.com
-ca=${SCRIPT_DIR}/../certs/external/ca-google-root.pem
+ca=certs/external/ca-google-root.pem
 
 if [ "$AM_BWRAPPED" != "yes" ]; then
     # is our desired server there?
diff --git a/scripts/openssl.test b/scripts/openssl.test
index 0be450c135..b557bb69b2 100755
--- a/scripts/openssl.test
+++ b/scripts/openssl.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # openssl.test
 
diff --git a/scripts/openssl_srtp.test b/scripts/openssl_srtp.test
index 500ea5c147..509db8a6c7 100755
--- a/scripts/openssl_srtp.test
+++ b/scripts/openssl_srtp.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Test WolfSSL/OpenSSL srtp interoperability
 #
 # TODO: add OpenSSL client with WolfSSL server
diff --git a/scripts/pem.test b/scripts/pem.test
index 7c32f8b038..65720cd6df 100755
--- a/scripts/pem.test
+++ b/scripts/pem.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # pem.test
 # Copyright wolfSSL 2023-2023
diff --git a/scripts/ping.test b/scripts/ping.test
index c823492e33..3b8d5df204 100755
--- a/scripts/ping.test
+++ b/scripts/ping.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # ping.test
 
diff --git a/scripts/pkcallbacks.test b/scripts/pkcallbacks.test
index 7fcb697f08..d4bf4309d4 100755
--- a/scripts/pkcallbacks.test
+++ b/scripts/pkcallbacks.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #pkcallbacks.test
 
diff --git a/scripts/psk.test b/scripts/psk.test
index baeca0210b..58edace274 100755
--- a/scripts/psk.test
+++ b/scripts/psk.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # psk.test
 # copyright wolfSSL 2016
diff --git a/scripts/resume.test b/scripts/resume.test
index 49839b4dab..06f25be003 100755
--- a/scripts/resume.test
+++ b/scripts/resume.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #resume.test
 
diff --git a/scripts/sniffer-gen.sh b/scripts/sniffer-gen.sh
index eac160979c..4cc1207e59 100755
--- a/scripts/sniffer-gen.sh
+++ b/scripts/sniffer-gen.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #set -x
 
 # Run this script from the wolfSSL root
diff --git a/scripts/sniffer-testsuite.test b/scripts/sniffer-testsuite.test
index 0be4587fb2..e827da7547 100755
--- a/scripts/sniffer-testsuite.test
+++ b/scripts/sniffer-testsuite.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #sniffer-testsuite.test
 
diff --git a/scripts/stm32l4-v4_0_1_build.sh b/scripts/stm32l4-v4_0_1_build.sh
index b4eb3650ee..156ab8885a 100755
--- a/scripts/stm32l4-v4_0_1_build.sh
+++ b/scripts/stm32l4-v4_0_1_build.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 WOLF_ROOT=$(eval "pwd")
 echo "WOLF_ROOT set to: \"$WOLF_ROOT\""
 cd ../ || exit 5
diff --git a/scripts/tls13.test b/scripts/tls13.test
index aa53af901c..085ffc1806 100755
--- a/scripts/tls13.test
+++ b/scripts/tls13.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # tls13.test
 # Copyright wolfSSL 2016-2021
diff --git a/scripts/trusted_peer.test b/scripts/trusted_peer.test
index 3936e79de8..cdcca7b25b 100755
--- a/scripts/trusted_peer.test
+++ b/scripts/trusted_peer.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # trusted_peer.test
 # copyright wolfSSL 2016
diff --git a/src/bio.c b/src/bio.c
index 340cbfdac9..e8e66597e6 100644
--- a/src/bio.c
+++ b/src/bio.c
@@ -1,6 +1,6 @@
 /* bio.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,10 +24,9 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
-#if defined(OPENSSL_EXTRA) && !defined(_WIN32)
+#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE)
     /* turn on GNU extensions for XVASPRINTF with wolfSSL_BIO_printf */
-    #undef  _GNU_SOURCE
-    #define _GNU_SOURCE
+    #define _GNU_SOURCE 1
 #endif
 
 #if !defined(WOLFSSL_BIO_INCLUDED)
@@ -161,7 +160,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
                 bio->wrSz = 0;
                 bio->mem_buf->length = 0;
             }
-            bio->ptr = bio->mem_buf->data;
+            bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
         }
         else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD &&
                 !(bio->flags & BIO_FLAGS_MEM_RDONLY)) {
@@ -180,7 +179,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
                 return WOLFSSL_BIO_ERROR;
             }
             bio->mem_buf->length = (size_t)bio->wrSz;
-            bio->ptr = bio->mem_buf->data;
+            bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
         }
     }
     else {
@@ -217,11 +216,11 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
         return WOLFSSL_FATAL_ERROR;
 
     bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */
-    ret = wolfSSL_read((WOLFSSL*)bio->ptr, buf, len);
+    ret = wolfSSL_read(bio->ptr.ssl, buf, len);
     if (ret == 0)
         front->eof = 1;
     else if (ret < 0) {
-        int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0);
+        int err = wolfSSL_get_error(bio->ptr.ssl, 0);
         if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) {
             front->eof = 1;
         }
@@ -235,15 +234,15 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
 
 static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz)
 {
-    if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) {
-        if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf,
+    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) {
+        if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf,
                         (unsigned int)sz) != WOLFSSL_SUCCESS)
         {
             return WOLFSSL_FATAL_ERROR;
         }
     }
     else {
-        if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, (size_t)sz)
+        if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, buf, (size_t)sz)
                 != WOLFSSL_SUCCESS) {
             return WOLFSSL_FATAL_ERROR;
         }
@@ -290,6 +289,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
     }
 
     while (bio != NULL && ret >= 0) {
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        int inhibit_flow_increment = 0;
+#endif
         /* check for custom read */
         if (bio->method && bio->method->readCb) {
             ret = bio->method->readCb(bio, (char*)buf, len);
@@ -302,19 +304,22 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
                 break;
             case WOLFSSL_BIO_BIO: /* read BIOs */
                 ret = wolfSSL_BIO_BIO_read(bio, buf, len);
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+                inhibit_flow_increment = 1;
+#endif
                 break;
             case WOLFSSL_BIO_MEMORY:
                 ret = wolfSSL_BIO_MEMORY_read(bio, buf, len);
                 break;
             case WOLFSSL_BIO_FILE:
             #ifndef NO_FILESYSTEM
-                if (bio->ptr) {
-                    ret = (int)XFREAD(buf, 1, (size_t)len, (XFILE)bio->ptr);
+                if (bio->ptr.fh) {
+                    ret = (int)XFREAD(buf, 1, (size_t)len, bio->ptr.fh);
                 }
                 else {
                 #if defined(XREAD) && !defined(NO_WOLFSSL_DIR) && \
                     !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-                    ret = (int)XREAD(bio->num, buf, (size_t)len);
+                    ret = (int)XREAD(bio->num.fd, buf, (size_t)len);
                 #else
                     WOLFSSL_MSG("No file pointer and XREAD not enabled");
                     ret = NOT_COMPILED_IN;
@@ -345,14 +350,52 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
             #ifdef USE_WOLFSSL_IO
                 /* BIO requires built-in socket support
                  *  (cannot be used with WOLFSSL_USER_IO) */
-                ret = wolfIO_Recv(bio->num, (char*)buf, len, 0);
+                bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY;
+                ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0);
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
+                    bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
+                }
+                if (ret < 0) {
+                    ret = WOLFSSL_BIO_ERROR;
+                }
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+                break;
+
+            case WOLFSSL_BIO_DGRAM:
+            #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \
+                defined(USE_WOLFSSL_IO)
+                /* BIO requires built-in socket support
+                 *  (cannot be used with WOLFSSL_USER_IO) */
+                bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY;
+                if (bio->connected)
+                    ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0);
+                else {
+                    wolfSSL_BIO_ADDR_clear(&bio->peer_addr);
+                    ret = wolfIO_RecvFrom(bio->num.fd, &bio->peer_addr,
+                                          (char*)buf, len, 0);
+                }
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
+                    bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
+                }
+                if (ret < 0) {
+                    ret = WOLFSSL_BIO_ERROR;
+                }
             #else
                 ret = NOT_COMPILED_IN;
             #endif
                 break;
+
             } /* switch */
         }
 
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        if ((ret > 0) && (!inhibit_flow_increment)) {
+            bio->bytes_read += (word32)ret;
+        }
+#endif
+
         /* case where front of list is done */
         if (bio == front) {
             break; /* at front of list so be done */
@@ -409,8 +452,9 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data,
         }
     }
     else {
-        if (Base64_Encode((const byte*)data, inLen, NULL, &sz) !=
-            LENGTH_ONLY_E) {
+        if (Base64_Encode((const byte*)data, inLen, NULL, &sz)
+              != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        {
             WOLFSSL_MSG("Error with base64 get length");
             return WOLFSSL_FATAL_ERROR;
         }
@@ -468,16 +512,16 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data,
 
     WOLFSSL_ENTER("wolfSSL_BIO_SSL_write");
 
-    if (bio->ptr == NULL) {
+    if (bio->ptr.ssl == NULL) {
         return BAD_FUNC_ARG;
     }
 
     bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */
-    ret = wolfSSL_write((WOLFSSL*)bio->ptr, data, len);
+    ret = wolfSSL_write(bio->ptr.ssl, data, len);
     if (ret == 0)
         front->eof = 1;
     else if (ret < 0) {
-        int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0);
+        int err = wolfSSL_get_error(bio->ptr.ssl, 0);
         if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) {
             front->eof = 1;
         }
@@ -576,8 +620,8 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
     }
 
     XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len);
-    bio->ptr = bio->mem_buf->data;
-    bio->num = (int)bio->mem_buf->max;
+    bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
+    bio->num.length = bio->mem_buf->max;
     bio->wrSz += len;
     bio->wrIdx += len;
 
@@ -598,14 +642,14 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len)
         return BAD_FUNC_ARG;
     }
 
-    if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) {
-        if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data,
+    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) {
+        if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data,
                     (unsigned int)len) != WOLFSSL_SUCCESS) {
             ret = WOLFSSL_BIO_ERROR;
         }
     }
     else {
-        if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, (size_t)len)
+        if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, data, (size_t)len)
                 != WOLFSSL_SUCCESS) {
             ret =  WOLFSSL_BIO_ERROR;
         }
@@ -647,6 +691,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
     }
 
     while (bio != NULL && ret >= 0) {
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        int inhibit_flow_increment = 0;
+#endif
         /* check for custom write */
         if (bio->method && bio->method->writeCb) {
             ret = bio->method->writeCb(bio, (const char*)data, len);
@@ -672,19 +719,22 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
             }
             case WOLFSSL_BIO_BIO: /* write bios */
                 ret = wolfSSL_BIO_BIO_write(bio, data, len);
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+                inhibit_flow_increment = 1;
+#endif
                 break;
             case WOLFSSL_BIO_MEMORY:
                 ret = wolfSSL_BIO_MEMORY_write(bio, data, len);
                 break;
             case WOLFSSL_BIO_FILE:
             #ifndef NO_FILESYSTEM
-                if (bio->ptr) {
-                    ret = (int)XFWRITE(data, 1, (size_t)len, (XFILE)bio->ptr);
+                if (bio->ptr.fh) {
+                    ret = (int)XFWRITE(data, 1, (size_t)len, bio->ptr.fh);
                 }
                 else {
                 #if defined(XWRITE) && !defined(NO_WOLFSSL_DIR) && \
                     !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-                    ret = (int)XWRITE(bio->num, data, (size_t)len);
+                    ret = (int)XWRITE(bio->num.fd, data, (size_t)len);
                 #else
                     WOLFSSL_MSG("No file pointer and XWRITE not enabled");
                     ret = NOT_COMPILED_IN;
@@ -725,14 +775,50 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
             #ifdef USE_WOLFSSL_IO
                 /* BIO requires built-in socket support
                  *  (cannot be used with WOLFSSL_USER_IO) */
-                ret = wolfIO_Send(bio->num, (char*)data, len, 0);
+                bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY;
+                ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0);
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) {
+                    bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
+                }
+                if (ret < 0) {
+                    ret = WOLFSSL_BIO_ERROR;
+                }
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+                break;
+
+            case WOLFSSL_BIO_DGRAM:
+                #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \
+                    defined(USE_WOLFSSL_IO)
+                /* BIO requires built-in socket support
+                 *  (cannot be used with WOLFSSL_USER_IO) */
+                bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY;
+                if (bio->connected)
+                    ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0);
+                else if (bio->peer_addr.sa.sa_family == AF_UNSPEC)
+                    ret = SOCKET_ERROR_E;
+                else
+                    ret = wolfIO_SendTo(bio->num.fd, &bio->peer_addr, (char*)data, len, 0);
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) {
+                    bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
+                }
+                if (ret < 0) {
+                    ret = WOLFSSL_BIO_ERROR;
+                }
             #else
                 ret = NOT_COMPILED_IN;
             #endif
                 break;
+
             } /* switch */
         }
 
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        if ((ret > 0) && (! inhibit_flow_increment))
+            bio->bytes_written += (word32)ret;
+#endif
+
         /* advance to the next bio in list */
         bio = bio->next;
     }
@@ -748,9 +834,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
                                  (const char*)data, len, 0, ret);
     }
 
-    if (frmt != NULL) {
-        XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
 #ifdef WOLFSSL_BASE64_ENCODE
     if (retB64 > 0 && ret > 0)
@@ -793,6 +877,49 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg)
         case BIO_CTRL_RESET:
             ret = (long)wolfSSL_BIO_reset(bio);
             break;
+
+#ifdef WOLFSSL_HAVE_BIO_ADDR
+        case BIO_CTRL_DGRAM_CONNECT:
+        case BIO_CTRL_DGRAM_SET_PEER:
+        {
+            socklen_t addr_size;
+            if (parg == NULL) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+            addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg);
+            if (addr_size == 0) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+            XMEMCPY(&bio->peer_addr, parg, addr_size);
+            ret = WOLFSSL_SUCCESS;
+            break;
+        }
+
+        case BIO_CTRL_DGRAM_SET_CONNECTED:
+            if (parg == NULL) {
+                wolfSSL_BIO_ADDR_clear(&bio->peer_addr);
+                bio->connected = 0;
+            }
+            else {
+                socklen_t addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg);
+                if (addr_size == 0) {
+                    ret = WOLFSSL_FAILURE;
+                    break;
+                }
+                XMEMCPY(&bio->peer_addr, parg, addr_size);
+                bio->connected = 1;
+            }
+            ret = WOLFSSL_SUCCESS;
+            break;
+
+        case BIO_CTRL_DGRAM_QUERY_MTU:
+            ret = 0; /* not implemented */
+            break;
+
+#endif /* WOLFSSL_HAVE_BIO_ADDR */
+
         default:
             WOLFSSL_MSG("CMD not yet implemented");
             ret = WOLFSSL_FAILURE;
@@ -826,8 +953,51 @@ int wolfSSL_BIO_up_ref(WOLFSSL_BIO* bio)
 
     return WOLFSSL_FAILURE;
 }
+
+#ifdef WOLFSSL_HAVE_BIO_ADDR
+WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void) {
+    WOLFSSL_BIO_ADDR *addr =
+        (WOLFSSL_BIO_ADDR *)XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO);
+    if (addr)
+        addr->sa.sa_family = AF_UNSPEC;
+    return addr;
+}
+
+void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr) {
+    XFREE(addr, NULL, DYNAMIC_TYPE_BIO);
+}
+
+void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr) {
+    if (addr == NULL)
+        return;
+    XMEMSET(addr, 0, sizeof(*addr));
+    addr->sa.sa_family = AF_UNSPEC;
+}
+
+socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr) {
+    switch (addr->sa.sa_family) {
+#ifndef WOLFSSL_NO_BIO_ADDR_IN
+    case AF_INET:
+        return sizeof(addr->sa_in);
+#endif
+#ifdef WOLFSSL_IPV6
+    case AF_INET6:
+        return sizeof(addr->sa_in6);
+#endif
+#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN)
+    case AF_UNIX:
+        return sizeof(addr->sa_un);
 #endif
+    default:
+        /* must return zero if length can't be determined, to avoid buffer
+         * overruns in callers.
+         */
+        return 0;
+    }
+}
+#endif /* WOLFSSL_HAVE_BIO_ADDR */
 
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA */
 
 /* helper function for wolfSSL_BIO_gets
  * size till a newline is hit
@@ -888,15 +1058,15 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz)
     switch (bio->type) {
 #ifndef NO_FILESYSTEM
         case WOLFSSL_BIO_FILE:
-            if (((XFILE)bio->ptr) == XBADFILE) {
+            if (bio->ptr.fh == XBADFILE) {
                 return WOLFSSL_BIO_ERROR;
             }
 
             #if defined(MICRIUM) || defined(LSR_FS) || defined(EBSNET)
             WOLFSSL_MSG("XFGETS not ported for this system yet");
-            ret = XFGETS(buf, sz, (XFILE)bio->ptr);
+            ret = XFGETS(buf, sz, bio->ptr.fh);
             #else
-            if (XFGETS(buf, sz, (XFILE)bio->ptr) != NULL) {
+            if (XFGETS(buf, sz, bio->ptr.fh) != NULL) {
                 ret = (int)XSTRLEN(buf);
             }
             else {
@@ -972,13 +1142,13 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz)
 #ifndef WOLFCRYPT_ONLY
         /* call final on hash */
         case WOLFSSL_BIO_MD:
-            if (wolfSSL_EVP_MD_CTX_size((WOLFSSL_EVP_MD_CTX*)bio->ptr) > sz) {
+            if (wolfSSL_EVP_MD_CTX_size(bio->ptr.md_ctx) > sz) {
                 WOLFSSL_MSG("Output buffer was too small for digest");
                 ret = WOLFSSL_FAILURE;
             }
             else {
                 unsigned int szOut = 0;
-                ret = wolfSSL_EVP_DigestFinal((WOLFSSL_EVP_MD_CTX*)bio->ptr,
+                ret = wolfSSL_EVP_DigestFinal(bio->ptr.md_ctx,
                         (unsigned char*)buf, &szOut);
                 if (ret == WOLFSSL_SUCCESS) {
                     ret = (int)szOut;
@@ -1133,8 +1303,8 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
     }
 
 #ifndef WOLFCRYPT_ONLY
-    if (bio->type == WOLFSSL_BIO_SSL && bio->ptr != NULL) {
-        return (long)wolfSSL_pending((WOLFSSL*)bio->ptr);
+    if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) {
+        return (long)wolfSSL_pending(bio->ptr.ssl);
     }
 #endif
 
@@ -1208,8 +1378,8 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
 
         bio->wrSz = (int)bio->mem_buf->length;
         bio->wrSzReset = bio->wrSz;
-        bio->num = (int)bio->mem_buf->max;
-        bio->ptr = bio->mem_buf->data;
+        bio->num.length = bio->mem_buf->max;
+        bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
         bio->wrIdx = 0;
         bio->rdIdx = 0;
 
@@ -1242,15 +1412,16 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size)
         return WOLFSSL_FAILURE;
     }
 
-    if (bio->ptr != NULL) {
-        XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL);
+    if (bio->ptr.mem_buf_data != NULL) {
+        XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL);
     }
 
-    bio->ptr = (byte*)XMALLOC(size, bio->heap, DYNAMIC_TYPE_OPENSSL);
-    if (bio->ptr == NULL) {
+    bio->ptr.mem_buf_data = (byte*)XMALLOC(size, bio->heap,
+                                           DYNAMIC_TYPE_OPENSSL);
+    if (bio->ptr.mem_buf_data == NULL) {
         WOLFSSL_MSG("Memory allocation error");
         bio->wrSz  = 0;
-        bio->num = 0;
+        bio->num.length = 0;
         bio->wrIdx = 0;
         bio->rdIdx = 0;
         if (bio->mem_buf != NULL) {
@@ -1261,13 +1432,13 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size)
         return WOLFSSL_FAILURE;
     }
     bio->wrSz  = (int)size;
-    bio->num = (int)size;
+    bio->num.length = size;
     bio->wrIdx = 0;
     bio->rdIdx = 0;
     if (bio->mem_buf != NULL) {
-        bio->mem_buf->data = (char*)bio->ptr;
-        bio->mem_buf->length = (size_t)bio->num;
-        bio->mem_buf->max = (size_t)bio->num;
+        bio->mem_buf->data = (char*)bio->ptr.mem_buf_data;
+        bio->mem_buf->length = bio->num.length;
+        bio->mem_buf->max = bio->num.length;
     }
 
     return WOLFSSL_SUCCESS;
@@ -1295,12 +1466,12 @@ int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2)
     }
 
     /* set default write size if not already set */
-    if (b1->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b1,
+    if (b1->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b1,
                             WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
 
-    if (b2->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b2,
+    if (b2->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b2,
                             WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
@@ -1341,7 +1512,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf)
         WOLFSSL_BIO* pair = bio->pair;
 
         /* case where have wrapped around write buffer */
-        *buf = (char*)pair->ptr + pair->rdIdx;
+        *buf = (char*)pair->ptr.mem_buf_data + pair->rdIdx;
         if (pair->wrIdx > 0 && pair->rdIdx >= pair->wrIdx) {
             return pair->wrSz - pair->rdIdx;
         }
@@ -1373,7 +1544,7 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num)
     if (bio->pair != NULL) {
         /* special case if asking to read 0 bytes */
         if (num == 0) {
-            *buf = (char*)bio->pair->ptr + bio->pair->rdIdx;
+            *buf = (char*)bio->pair->ptr.mem_buf_data + bio->pair->rdIdx;
             return 0;
         }
 
@@ -1387,6 +1558,9 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num)
             sz = num;
         }
         bio->pair->rdIdx += sz;
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        bio->pair->bytes_read += (word32)sz;
+#endif
 
         /* check if have read to the end of the buffer and need to reset */
         if (bio->pair->rdIdx == bio->pair->wrSz) {
@@ -1424,7 +1598,7 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num)
 
     if (bio->pair != NULL) {
         if (num == 0) {
-            *buf = (char*)bio->ptr + bio->wrIdx;
+            *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx;
             return 0;
         }
 
@@ -1463,8 +1637,11 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num)
         if (num < sz) {
             sz = num;
         }
-        *buf = (char*)bio->ptr + bio->wrIdx;
+        *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx;
         bio->wrIdx += sz;
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        bio->bytes_written += (word32)sz;
+#endif
 
         /* if at the end of the buffer and space for wrap around then set
          * write index back to 0 */
@@ -1476,6 +1653,37 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num)
     return sz;
 }
 
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio)
+{
+    word64 ret = 0;
+    if (bio == NULL) {
+        WOLFSSL_MSG("NULL argument passed in");
+        return 0;
+    }
+    while (bio) {
+        ret += bio->bytes_read;
+        bio = bio->next;
+    }
+
+    return ret;
+}
+
+word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio)
+{
+    word64 ret = 0;
+    if (bio == NULL) {
+        WOLFSSL_MSG("NULL argument passed in");
+        return 0;
+    }
+    while (bio) {
+        ret += bio->bytes_written;
+        bio = bio->next;
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_BIO_HAVE_FLOW_STATS */
 
 /* Reset BIO to initial state */
 int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
@@ -1491,16 +1699,16 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
     switch (bio->type) {
         #ifndef NO_FILESYSTEM
         case WOLFSSL_BIO_FILE:
-            if (XFSEEK((XFILE)bio->ptr, 0, XSEEK_SET) != 0)
+            if (XFSEEK(bio->ptr.fh, 0, XSEEK_SET) != 0)
                 return WOLFSSL_BIO_ERROR;
             else
-                return 0;
+                return WOLFSSL_SUCCESS;
         #endif
 
         case WOLFSSL_BIO_BIO:
             bio->rdIdx = 0;
             bio->wrIdx = 0;
-            return 0;
+            return WOLFSSL_SUCCESS;
 
         case WOLFSSL_BIO_MEMORY:
             bio->rdIdx = 0;
@@ -1510,27 +1718,27 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
             }
             else {
                 bio->wrSz  = 0;
-                XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL);
-                bio->ptr = NULL;
-                bio->num = 0;
+                XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL);
+                bio->ptr.mem_buf_data = NULL;
+                bio->num.length = 0;
                 if (bio->mem_buf != NULL) {
                     bio->mem_buf->data = NULL;
                     bio->mem_buf->length = 0;
                     bio->mem_buf->max = 0;
                 }
             }
-            return 0;
+            return WOLFSSL_SUCCESS;
 
 #ifndef WOLFCRYPT_ONLY
         case WOLFSSL_BIO_MD:
-            if (bio->ptr != NULL) {
+            if (bio->ptr.md_ctx != NULL) {
                 const WOLFSSL_EVP_MD* md =
-                    wolfSSL_EVP_MD_CTX_md((WOLFSSL_EVP_MD_CTX*)bio->ptr);
-                wolfSSL_EVP_MD_CTX_cleanup((WOLFSSL_EVP_MD_CTX*)bio->ptr);
-                wolfSSL_EVP_MD_CTX_init((WOLFSSL_EVP_MD_CTX*)bio->ptr);
-                wolfSSL_EVP_DigestInit((WOLFSSL_EVP_MD_CTX*)bio->ptr, md);
+                    wolfSSL_EVP_MD_CTX_md(bio->ptr.md_ctx);
+                wolfSSL_EVP_MD_CTX_cleanup(bio->ptr.md_ctx);
+                wolfSSL_EVP_MD_CTX_init(bio->ptr.md_ctx);
+                wolfSSL_EVP_DigestInit(bio->ptr.md_ctx, md);
             }
-            return 0;
+            return WOLFSSL_SUCCESS;
 #endif /* WOLFCRYPT_ONLY */
 
         default:
@@ -1580,7 +1788,7 @@ long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c)
     }
 
     bio->shutdown = (byte)c;
-    bio->ptr = (XFILE)fp;
+    bio->ptr.fh = fp;
 
     return WOLFSSL_SUCCESS;
 }
@@ -1598,7 +1806,7 @@ long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp)
         return WOLFSSL_FAILURE;
     }
 
-    *fp = (XFILE)bio->ptr;
+    *fp = bio->ptr.fh;
 
     return WOLFSSL_SUCCESS;
 }
@@ -1613,8 +1821,8 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
     }
 
     if (bio->type == WOLFSSL_BIO_FILE) {
-        if (((XFILE)bio->ptr) != XBADFILE && bio->shutdown == BIO_CLOSE) {
-            XFCLOSE((XFILE)bio->ptr);
+        if (bio->ptr.fh != XBADFILE && bio->shutdown == BIO_CLOSE) {
+            XFCLOSE(bio->ptr.fh);
         }
 
         /* 'b' flag is ignored on POSIX targets, but on Windows it assures
@@ -1622,8 +1830,8 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
          * between the size and contents of the representation in memory and on
          * disk.
          */
-        bio->ptr = XFOPEN(name, "wb");
-        if (((XFILE)bio->ptr) == XBADFILE) {
+        bio->ptr.fh = XFOPEN(name, "wb");
+        if (bio->ptr.fh == XBADFILE) {
             return WOLFSSL_FAILURE;
         }
         bio->shutdown = BIO_CLOSE;
@@ -1640,13 +1848,13 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs)
       WOLFSSL_ENTER("wolfSSL_BIO_seek");
 
       if (bio == NULL) {
-          return -1;
+          return WOLFSSL_FATAL_ERROR;
       }
 
       /* offset ofs from beginning of file */
       if (bio->type == WOLFSSL_BIO_FILE &&
-              XFSEEK((XFILE)bio->ptr, ofs, SEEK_SET) < 0) {
-          return -1;
+              XFSEEK(bio->ptr.fh, ofs, SEEK_SET) < 0) {
+          return WOLFSSL_FATAL_ERROR;
       }
 
       return 0;
@@ -1663,16 +1871,16 @@ int wolfSSL_BIO_tell(WOLFSSL_BIO* bio)
     WOLFSSL_ENTER("wolfSSL_BIO_tell");
 
     if (bio == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (bio->type != WOLFSSL_BIO_FILE) {
         return 0;
     }
 
-    pos = (int)XFTELL((XFILE)bio->ptr);
+    pos = (int)XFTELL(bio->ptr.fh);
     if (pos < 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     else
         return pos;
 }
@@ -1799,15 +2007,16 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
     if (bio) {
         switch (bio->type) {
             case WOLFSSL_BIO_SOCKET:
+            case WOLFSSL_BIO_DGRAM:
             #ifdef XFCNTL
                 {
                     int ret;
-                    int flag = XFCNTL(bio->num, F_GETFL, 0);
+                    int flag = XFCNTL(bio->num.fd, F_GETFL, 0);
                     if (on) {
-                        ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK);
+                        ret = XFCNTL(bio->num.fd, F_SETFL, flag | O_NONBLOCK);
                     }
                     else {
-                        ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK);
+                        ret = XFCNTL(bio->num.fd, F_SETFL, flag & ~O_NONBLOCK);
                     }
 
                     if (ret == -1) {
@@ -1818,7 +2027,7 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
                 break;
             case WOLFSSL_BIO_SSL:
             #ifdef WOLFSSL_DTLS
-                wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on);
+                wolfSSL_dtls_set_using_nonblock(bio->ptr.ssl, (int)on);
             #endif
                 break;
 
@@ -1966,7 +2175,7 @@ int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, void* p)
     }
 
     if (p) {
-        *(byte**)p = (byte*)mem_bio->ptr + mem_bio->rdIdx;
+        *(byte**)p = mem_bio->ptr.mem_buf_data + mem_bio->rdIdx;
     }
 
     return mem_bio->wrSz - mem_bio->rdIdx;
@@ -1991,7 +2200,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
     }
     else if (bio->type == WOLFSSL_BIO_FILE) {
 #if !defined(NO_FILESYSTEM) && defined(XFFLUSH)
-        if (XFFLUSH((FILE *)bio->ptr) != 0)
+        if (XFFLUSH(bio->ptr.fh) != 0)
             return WOLFSSL_FAILURE;
 
 #endif /* !NO_FILESYSTEM && XFFLUSH */
@@ -2015,10 +2224,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
     /* return the context and initialize the BIO state */
     int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio, WOLFSSL_EVP_MD_CTX **mdcp)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         if ((bio != NULL) && (mdcp != NULL)) {
-            *mdcp = (WOLFSSL_EVP_MD_CTX*)bio->ptr;
+            *mdcp = bio->ptr.md_ctx;
             ret = WOLFSSL_SUCCESS;
         }
 
@@ -2110,11 +2319,39 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         if (bio) {
             bio->type  = WOLFSSL_BIO_SOCKET;
             bio->shutdown = (byte)closeF;
-            bio->num   = sfd;
+            bio->num.fd = (SOCKET_T)sfd;
         }
         return bio;
     }
 
+
+#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS)
+    WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void)
+    {
+        static WOLFSSL_BIO_METHOD meth =
+                WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_DGRAM);
+
+        WOLFSSL_ENTER("wolfSSL_BIO_s_datagram");
+
+        return &meth;
+    }
+
+
+    WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF)
+    {
+        WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_datagram());
+
+        WOLFSSL_ENTER("wolfSSL_BIO_new_dgram");
+        if (bio) {
+            bio->type  = WOLFSSL_BIO_DGRAM;
+            bio->shutdown = (byte)closeF;
+            bio->num.fd = (SOCKET_T)fd;
+        }
+        return bio;
+    }
+#endif
+
+
     /**
      * Create new socket BIO object. This is a pure TCP connection with
      * no SSL or TLS protection.
@@ -2231,7 +2468,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             return WOLFSSL_FAILURE;
         }
 
-        b->num = (int)sfd;
+        b->num.fd = sfd;
         b->shutdown = BIO_CLOSE;
         return WOLFSSL_SUCCESS;
     }
@@ -2255,17 +2492,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             return WOLFSSL_FAILURE;
         }
 
-        if (b->num == WOLFSSL_BIO_ERROR) {
+        if (b->num.fd == SOCKET_INVALID) {
             if (wolfIO_TcpBind(&sfd, b->port) < 0) {
                 WOLFSSL_MSG("wolfIO_TcpBind error");
                 return WOLFSSL_FAILURE;
             }
-            b->num = (int)sfd;
+            b->num.fd = sfd;
             b->shutdown = BIO_CLOSE;
         }
         else {
             WOLFSSL_BIO* new_bio;
-            int newfd = wolfIO_TcpAccept(b->num, NULL, NULL);
+            int newfd = wolfIO_TcpAccept(b->num.fd, NULL, NULL);
             if (newfd < 0) {
                 WOLFSSL_MSG("wolfIO_TcpBind error");
                 return WOLFSSL_FAILURE;
@@ -2322,8 +2559,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             WOLFSSL_MSG("Bad parameter");
             return WOLFSSL_FAILURE;
         }
-        if (b->type == WOLFSSL_BIO_SSL && b->ptr != NULL) {
-            return wolfSSL_negotiate((WOLFSSL*)b->ptr);
+        if (b->type == WOLFSSL_BIO_SSL && b->ptr.ssl != NULL) {
+            return wolfSSL_negotiate(b->ptr.ssl);
         }
         else {
             WOLFSSL_MSG("Not SSL BIO or no SSL object set");
@@ -2348,12 +2585,12 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             return;
         }
 
-        if (b->ptr != NULL) {
-            int rc = wolfSSL_shutdown((WOLFSSL*)b->ptr);
+        if (b->ptr.ssl != NULL) {
+            int rc = wolfSSL_shutdown(b->ptr.ssl);
             if (rc == SSL_SHUTDOWN_NOT_DONE) {
                 /* In this case, call again to give us a chance to read the
                  * close notify alert from the other end. */
-                wolfSSL_shutdown((WOLFSSL*)b->ptr);
+                wolfSSL_shutdown(b->ptr.ssl);
             }
         }
         else {
@@ -2368,7 +2605,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         WOLFSSL_ENTER("wolfSSL_BIO_set_ssl");
 
         if (b != NULL) {
-            b->ptr   = ssl;
+            b->ptr.ssl = ssl;
             b->shutdown = (byte)closeF;
             if (b->next != NULL)
                 wolfSSL_set_bio(ssl, b->next, b->next);
@@ -2396,7 +2633,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             return WOLFSSL_FAILURE;
         }
 
-        *ssl = (WOLFSSL*)bio->ptr;
+        *ssl = bio->ptr.ssl;
 
         return WOLFSSL_SUCCESS;
     }
@@ -2540,7 +2777,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         WOLFSSL_ENTER("wolfSSL_BIO_set_fd");
 
         if (b != NULL) {
-            b->num = fd;
+            b->num.fd = (SOCKET_T)fd;
             b->shutdown = (byte)closeF;
         }
 
@@ -2584,7 +2821,14 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             bio->method = method;
 #endif
             bio->shutdown = BIO_CLOSE; /* default to close things */
-            bio->num = WOLFSSL_BIO_ERROR;
+
+            if ((bio->type == WOLFSSL_BIO_SOCKET) ||
+                (bio->type == WOLFSSL_BIO_DGRAM))
+            {
+                bio->num.fd = SOCKET_INVALID;
+            } else {
+                bio->num.length = 0;
+            }
             bio->init = 1;
 
         #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
@@ -2616,8 +2860,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             }
 
             if (method->type == WOLFSSL_BIO_MD) {
-                bio->ptr = wolfSSL_EVP_MD_CTX_new();
-                if (bio->ptr == NULL) {
+                bio->ptr.md_ctx = wolfSSL_EVP_MD_CTX_new();
+                if (bio->ptr.md_ctx == NULL) {
                     WOLFSSL_MSG("Memory error");
                     wolfSSL_BIO_free(bio);
                     return NULL;
@@ -2656,11 +2900,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             return NULL;
         }
 
-        bio->num = (int)bio->mem_buf->max;
+        bio->num.length = bio->mem_buf->max;
         bio->wrSz = len;
-        bio->ptr = bio->mem_buf->data;
-        if (len > 0 && bio->ptr != NULL) {
-            XMEMCPY(bio->ptr, buf, len);
+        bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
+        if (len > 0 && bio->ptr.mem_buf_data != NULL) {
+            XMEMCPY(bio->ptr.mem_buf_data, buf, len);
             bio->flags |= BIO_FLAGS_MEM_RDONLY;
             bio->wrSzReset = bio->wrSz;
         }
@@ -2723,44 +2967,51 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
                 bio->pair->pair = NULL;
             }
 
-            if (bio->ip != NULL) {
-                XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL);
-            }
+            XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL);
 
             if (bio->shutdown) {
-                if (bio->type == WOLFSSL_BIO_SSL && bio->ptr)
-                    wolfSSL_free((WOLFSSL*)bio->ptr);
+                if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl)
+                    wolfSSL_free(bio->ptr.ssl);
             #ifdef CloseSocket
-                if ((bio->type == WOLFSSL_BIO_SOCKET) && (bio->num > 0))
-                    CloseSocket(bio->num);
+                if (((bio->type == WOLFSSL_BIO_SOCKET) ||
+                     (bio->type == WOLFSSL_BIO_DGRAM)) &&
+                    (bio->num.fd != SOCKET_INVALID))
+                {
+                    CloseSocket(bio->num.fd);
+                }
             #endif
             }
 
         #ifndef NO_FILESYSTEM
             if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) {
-                if (bio->ptr) {
-                    XFCLOSE((XFILE)bio->ptr);
+                if (bio->ptr.fh) {
+                    XFCLOSE(bio->ptr.fh);
                 }
             #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
                 && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-                else if (bio->num != WOLFSSL_BIO_ERROR) {
-                    XCLOSE(bio->num);
+                else if (bio->num.fd != SOCKET_INVALID) {
+                    XCLOSE(bio->num.fd);
                 }
             #endif
             }
         #endif
 
             if (bio->shutdown != BIO_NOCLOSE) {
-                if (bio->type == WOLFSSL_BIO_MEMORY && bio->ptr != NULL) {
+                if (bio->type == WOLFSSL_BIO_MEMORY &&
+                    bio->ptr.mem_buf_data != NULL)
+                {
                     if (bio->mem_buf != NULL) {
-                        if (bio->mem_buf->data != (char*)bio->ptr) {
-                            XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL);
-                            bio->ptr = NULL;
+                        if ((byte *)bio->mem_buf->data != bio->ptr.mem_buf_data)
+                        {
+                            XFREE(bio->ptr.mem_buf_data, bio->heap,
+                                  DYNAMIC_TYPE_OPENSSL);
+                            bio->ptr.mem_buf_data = NULL;
                         }
                     }
                     else {
-                        XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL);
-                        bio->ptr = NULL;
+                        XFREE(bio->ptr.mem_buf_data, bio->heap,
+                              DYNAMIC_TYPE_OPENSSL);
+                        bio->ptr.mem_buf_data = NULL;
                     }
                 }
                 if (bio->mem_buf != NULL) {
@@ -2770,7 +3021,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             }
 
             if (bio->type == WOLFSSL_BIO_MD) {
-                wolfSSL_EVP_MD_CTX_free((WOLFSSL_EVP_MD_CTX*)bio->ptr);
+                wolfSSL_EVP_MD_CTX_free(bio->ptr.md_ctx);
             }
 
             XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
@@ -2809,8 +3060,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         }
 
         /* SSL BIO's should use the next object in the chain for IO */
-        if (top->type == WOLFSSL_BIO_SSL && top->ptr)
-            wolfSSL_set_bio((WOLFSSL*)top->ptr, append, append);
+        if (top->type == WOLFSSL_BIO_SSL && top->ptr.ssl)
+            wolfSSL_set_bio(top->ptr.ssl, append, append);
 
         return top;
     }
@@ -2914,9 +3165,11 @@ int wolfSSL_BIO_get_fd(WOLFSSL_BIO *bio, int* fd)
     WOLFSSL_ENTER("wolfSSL_BIO_get_fd");
 
     if (bio != NULL) {
+        if (bio->num.fd == SOCKET_INVALID)
+            return WOLFSSL_BIO_ERROR;
         if (fd != NULL)
-            *fd = bio->num;
-        return bio->num;
+            *fd = (int)bio->num.fd;
+        return (int)bio->num.fd;
     }
 
     return WOLFSSL_BIO_ERROR;
@@ -2991,10 +3244,10 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
     switch (bio->type) {
 #if !defined(NO_FILESYSTEM)
         case WOLFSSL_BIO_FILE:
-            if (bio->ptr == NULL) {
-                return -1;
+            if (bio->ptr.fh == XBADFILE) {
+                return WOLFSSL_FATAL_ERROR;
             }
-            ret = XVFPRINTF((XFILE)bio->ptr, format, args);
+            ret = XVFPRINTF(bio->ptr.fh, format, args);
             break;
 #endif
 
@@ -3088,21 +3341,22 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length)
             return wolfSSL_BIO_write(bio, "\tNULL", 5);
         }
 
-        XSPRINTF(line, "%04x - ", lineOffset);
+        (void)XSNPRINTF(line, sizeof(line), "%04x - ", lineOffset);
         o = 7;
         for (i = 0; i < BIO_DUMP_LINE_LEN; i++) {
             if (i < length)
-                XSPRINTF(line + o,"%02x ", (unsigned char)buf[i]);
+                (void)XSNPRINTF(line + o, (int)sizeof(line) - o,
+                    "%02x ", (unsigned char)buf[i]);
             else
-                XSPRINTF(line + o, "   ");
+                (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "   ");
             if (i == 7)
-                XSPRINTF(line + o + 2, "-");
+                (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-");
             o += 3;
         }
-        XSPRINTF(line + o, "  ");
+        (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "  ");
         o += 2;
         for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) {
-            XSPRINTF(line + o, "%c",
+            (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c",
                      ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.');
             o++;
         }
diff --git a/src/conf.c b/src/conf.c
index d177da5c71..c9a35c12d2 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1,6 +1,6 @@
 /* conf.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -133,7 +133,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num)
             XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
             goto error;
         }
-        if (wolfSSL_sk_push(ret->data, strBuf) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_push(ret->data, strBuf) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_push error");
             XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
             goto error;
@@ -146,9 +146,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num)
         wolfSSL_TXT_DB_free(ret);
         ret = NULL;
     }
-    if (buf) {
-        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -228,7 +226,7 @@ int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row)
         return WOLFSSL_FAILURE;
     }
 
-    if (wolfSSL_sk_push(db->data, row) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_push(db->data, row) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_push error");
         return WOLFSSL_FAILURE;
     }
@@ -452,11 +450,11 @@ int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
     sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *)section->value;
     value->section = section->section;
 
-    if (wolfSSL_sk_CONF_VALUE_push(sk, value) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_CONF_VALUE_push(sk, value) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
         return WOLFSSL_FAILURE;
     }
-    if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
         wolfssl_sk_pop_type(sk, STACK_TYPE_CONF_VALUE);
         return WOLFSSL_FAILURE;
@@ -499,7 +497,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
 
     ret->value = (char*)sk;
 
-    if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
         goto error;
     }
@@ -793,8 +791,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section,
     return ret ? ret : str;
 
 expand_cleanup:
-    if (ret)
-        XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
     return NULL;
 }
 
@@ -803,7 +800,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section,
         {(idx)++;}
 int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_BIO *in = NULL;
     char* buf = NULL;
     char* idx = NULL;
@@ -961,8 +958,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
 cleanup:
     if (in)
         wolfSSL_BIO_free(in);
-    if (buf)
-        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (eline)
         *eline = line;
     return ret;
@@ -986,13 +982,11 @@ void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val)
         if (val->name) {
             /* Not a section. Don't free section as it is a shared pointer. */
             XFREE(val->name, NULL, DYNAMIC_TYPE_OPENSSL);
-            if (val->value)
-                XFREE(val->value, NULL, DYNAMIC_TYPE_OPENSSL);
+            XFREE(val->value, NULL, DYNAMIC_TYPE_OPENSSL);
         }
         else {
             /* Section so val->value is a stack */
-            if (val->section)
-                XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL);
+            XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL);
             /* Only free the stack structures. The contained conf values
              * will be freed in wolfSSL_NCONF_free */
             sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE)*)val->value;
@@ -1545,7 +1539,7 @@ static const conf_cmd_tbl* wolfssl_conf_find_cmd(WOLFSSL_CONF_CTX* cctx,
  */
 int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     const conf_cmd_tbl* confcmd = NULL;
     WOLFSSL_ENTER("wolfSSL_CONF_cmd");
 
diff --git a/src/crl.c b/src/crl.c
index 706c1f6489..5e359c7ae9 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -1,6 +1,6 @@
 /* crl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -121,7 +121,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
     wolfSSL_d2i_X509_NAME(&crle->issuer, (unsigned char**)&dcrl->issuer,
                           dcrl->issuerSz);
     if (crle->issuer == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 #ifdef CRL_STATIC_REVOKED_LIST
@@ -141,13 +141,13 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
         crle->toBeSigned = (byte*)XMALLOC(crle->tbsSz, heap,
                                           DYNAMIC_TYPE_CRL_ENTRY);
         if (crle->toBeSigned == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         crle->signature = (byte*)XMALLOC(crle->signatureSz, heap,
                                          DYNAMIC_TYPE_CRL_ENTRY);
         if (crle->signature == NULL) {
             XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
             crle->toBeSigned = NULL;
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
     #ifdef WC_RSA_PSS
@@ -160,7 +160,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
                 crle->toBeSigned = NULL;
                 XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
                 crle->signature = NULL;
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             XMEMCPY(crle->sigParams, buff + dcrl->sigParamsIndex,
                 crle->sigParamsSz);
@@ -219,13 +219,10 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap)
         tmp = next;
     }
 #endif
-    if (crle->signature != NULL)
-        XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
-    if (crle->toBeSigned != NULL)
-        XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
+    XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
+    XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
 #ifdef WC_RSA_PSS
-    if (crle->sigParams != NULL)
-        XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY);
+    XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY);
 #endif
 #if defined(OPENSSL_EXTRA)
     if (crle->issuer != NULL) {
@@ -426,7 +423,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
         #endif
             {
             #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
-                if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
+                if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, ASN_AFTER)) {
                     WOLFSSL_MSG("CRL next date is no longer valid");
                     nextDateValid = 0;
                 }
@@ -440,7 +437,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
                     break;
             }
             else if (foundEntry == 0) {
-                ret = ASN_AFTER_DATE_E;
+                ret = CRL_CERT_DATE_ERR;
             }
         }
     }
@@ -481,8 +478,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
     if (foundEntry == 0) {
         /* perform embedded lookup */
         if (crl->crlIOCb) {
-            ret = crl->crlIOCb(crl, (const char*)extCrlInfo, extCrlInfoSz);
-            if (ret == WOLFSSL_CBIO_ERR_WANT_READ) {
+            int cbRet = crl->crlIOCb(crl, (const char*)extCrlInfo,
+                                     extCrlInfoSz);
+            if (cbRet == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
                 ret = OCSP_WANT_READ;
             }
             else if (ret >= 0) {
@@ -505,9 +503,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
     /* When not set the folder or not use hash_dir, do nothing.             */
     if ((foundEntry == 0) && (ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
         if (crl->cm != NULL && crl->cm->x509_store_p != NULL) {
-            ret = LoadCertByIssuer(crl->cm->x509_store_p,
+            int loadRet = LoadCertByIssuer(crl->cm->x509_store_p,
                           (WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL);
-            if (ret == WOLFSSL_SUCCESS) {
+            if (loadRet == WOLFSSL_SUCCESS) {
                 /* try again */
                 ret = CheckCertCRLList(crl, issuerHash, serial, serialSz,
                         serialHash, &foundEntry);
@@ -538,6 +536,13 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
 
             crl->cm->cbMissingCRL(url);
         }
+
+        if (crl->cm != NULL && crl->cm->crlCb &&
+                crl->cm->crlCb(ret, crl, crl->cm, crl->cm->crlCbCtx)) {
+            if (ret != 0)
+                WOLFSSL_MSG("Overriding CRL error");
+            ret = 0;
+        }
     }
 
     return ret;
@@ -565,7 +570,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
     WOLFSSL_ENTER("AddCRL");
 
     if (crl == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     crle = crl->currentEntry;
 
@@ -580,7 +585,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
     if (InitCRL_Entry(crle, dcrl, buff, verified, crl->heap) < 0) {
         WOLFSSL_MSG("Init CRL Entry failed");
         CRL_Entry_free(crle, crl->heap);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wc_LockRwLock_Wr(&crl->crlLock) != 0) {
@@ -627,7 +632,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
         else {
             WOLFSSL_MSG("Pem to Der failed");
             FreeDer(&der);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #else
         ret = NOT_COMPILED_IN;
@@ -779,7 +784,8 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
     #endif
         if (dupl->toBeSigned == NULL || dupl->signature == NULL
         #ifdef WC_RSA_PSS
-            || dupl->sigParams == NULL
+            /* allow sigParamsSz is zero and malloc(0) to return NULL */
+            || (dupl->sigParams == NULL && dupl->sigParamsSz != 0)
         #endif
         ) {
             CRL_Entry_free(dupl, heap);
@@ -1020,7 +1026,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (crl->monitors[0].path) {
@@ -1031,7 +1037,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
             XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -1043,7 +1049,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
             XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -1053,7 +1059,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     newList = tmp->crlList;
@@ -1102,10 +1108,14 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
     struct kevent change;
 
     /* trigger custom shutdown */
+#if defined(NOTE_TRIGGER)
     EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
+#elif defined(EV_TRIGGER)
+    EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_TRIGGER, 0, 0, NULL);
+#endif
     if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
         WOLFSSL_MSG("kevent trigger customer event failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return 0;
@@ -1237,7 +1247,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
     /* write to our custom event */
     if (write(mfd, &w64, sizeof(w64)) < 0) {
         WOLFSSL_MSG("StopMonitor write failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return 0;
@@ -1380,7 +1390,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
 {
     if (SetEvent(mfd) == 0) {
         WOLFSSL_MSG("SetEvent custom event trigger failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     return 0;
 }
diff --git a/src/dtls.c b/src/dtls.c
index 52ace7ec24..1bdb7ce464 100644
--- a/src/dtls.c
+++ b/src/dtls.c
@@ -1,6 +1,6 @@
 /* dtls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -953,8 +953,13 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
             int tlsxFound;
             ret = FindExtByType(&ch.cookieExt, TLSX_COOKIE, ch.extension,
                                  &tlsxFound);
-            if (ret != 0)
+            if (ret != 0) {
+                if (isFirstCHFrag) {
+                    WOLFSSL_MSG("\t\tCookie probably missing from first "
+                                "fragment. Dropping.");
+                }
                 return ret;
+            }
         }
     }
 #endif
@@ -1150,10 +1155,8 @@ void TLSX_ConnectionID_Free(byte* ext, void* heap)
     info = DtlsCidGetInfoFromExt(ext);
     if (info == NULL)
         return;
-    if (info->rx != NULL)
-        XFREE(info->rx, heap, DYNAMIC_TYPE_TLSX);
-    if (info->tx != NULL)
-        XFREE(info->tx, heap, DYNAMIC_TYPE_TLSX);
+    XFREE(info->rx, heap, DYNAMIC_TYPE_TLSX);
+    XFREE(info->tx, heap, DYNAMIC_TYPE_TLSX);
     XFREE(info, heap, DYNAMIC_TYPE_TLSX);
     DtlsCidUnsetInfoFromExt(ext);
     XFREE(ext, heap, DYNAMIC_TYPE_TLSX);
@@ -1342,10 +1345,8 @@ int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, unsigned int size)
     if (cidInfo == NULL)
         return WOLFSSL_FAILURE;
 
-    if (cidInfo->rx != NULL) {
-        XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX);
-        cidInfo->rx = NULL;
-    }
+    XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX);
+    cidInfo->rx = NULL;
 
     /* empty CID */
     if (size == 0)
diff --git a/src/dtls13.c b/src/dtls13.c
index 0284ffe92c..c661dc94cc 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -1,6 +1,6 @@
 /* dtls13.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -71,6 +71,8 @@ typedef struct Dtls13HandshakeHeader {
     byte fragmentLength[3];
 } Dtls13HandshakeHeader;
 
+static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ);
+
 /**
  * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3
  * record
@@ -395,7 +397,8 @@ int Dtls13ProcessBufferedMessages(WOLFSSL* ssl)
          * from there, the message can be considered processed successfully.
          * WANT_WRITE means that we are done with processing the msg and we are
          * waiting to flush the output buffer. */
-        if ((ret == 0 || ret == WANT_WRITE) || (msg->type == certificate_request &&
+        if ((ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE)) ||
+                        (msg->type == certificate_request &&
                          ssl->options.handShakeDone &&
                          ret == WC_NO_ERR_TRACE(WC_PENDING_E))) {
             if (IsAtLeastTLSv1_3(ssl->version))
@@ -811,9 +814,7 @@ static void Dtls13MaybeSaveClientHello(WOLFSSL* ssl)
         while (r != NULL) {
             if (r->handshakeType == client_hello) {
                 Dtls13RtxRecordUnlink(ssl, prev_next, r);
-                if (ssl->dtls13ClientHello != NULL)
-                    XFREE(ssl->dtls13ClientHello, ssl->heap,
-                        DYNAMIC_TYPE_DTLS_MSG);
+                XFREE(ssl->dtls13ClientHello, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
                 ssl->dtls13ClientHello = r->data;
                 ssl->dtls13ClientHelloSz = r->length;
                 r->data = NULL;
@@ -921,7 +922,7 @@ static int Dtls13SendOneFragmentRtx(WOLFSSL* ssl,
         handshakeType, hashOutput, Dtls13SendNow(ssl, handshakeType));
 
     if (rtxRecord != NULL) {
-        if (ret == 0 || ret == WANT_WRITE)
+        if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE))
             Dtls13RtxAddRecord(&ssl->dtls13Rtx, rtxRecord);
         else
             Dtls13FreeRtxBufferRecord(ssl, rtxRecord);
@@ -981,7 +982,7 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl)
         ret = Dtls13SendOneFragmentRtx(ssl,
             (enum HandShakeType)ssl->dtls13FragHandshakeType,
             (word16)recordLength + MAX_MSG_EXTRA, output, (word32)recordLength, 0);
-        if (ret == WANT_WRITE) {
+        if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) {
             ssl->dtls13FragOffset += fragLength;
             return ret;
         }
@@ -1210,6 +1211,11 @@ int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output,
     return 0;
 }
 
+int Dtls13MinimumRecordLength(WOLFSSL* ssl)
+{
+    return Dtls13GetRlHeaderLength(ssl, 1) + DTLS13_MIN_CIPHERTEXT;
+}
+
 /**
  * Dtls13EncryptRecordNumber() - encrypt record number in the header
  * @ssl: ssl object
@@ -1226,9 +1232,15 @@ int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr, word16 recordLength)
     if (ssl == NULL || hdr == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef HAVE_NULL_CIPHER
+    /* Do not encrypt record numbers with null cipher. See RFC 9150 Sec 9 */
+    if (ssl->specs.bulk_cipher_algorithm == wolfssl_cipher_null)
+        return 0;
+#endif /*HAVE_NULL_CIPHER */
+
     /* we need at least a 16 bytes of ciphertext to encrypt record number see
        4.2.3*/
-    if (recordLength < Dtls13GetRlHeaderLength(ssl, 1) + DTLS13_MIN_CIPHERTEXT)
+    if (recordLength < Dtls13MinimumRecordLength(ssl))
         return BUFFER_ERROR;
 
     seqLength = (*hdr & DTLS13_LEN_BIT) ? DTLS13_SEQ_16_LEN : DTLS13_SEQ_8_LEN;
@@ -1454,17 +1466,22 @@ int Dtls13ParseUnifiedRecordLayer(WOLFSSL* ssl, const byte* input,
         hdrInfo->recordLength = inputSize - idx;
     }
 
-    /* minimum size for a dtls1.3 packet is 16 bytes (to have enough ciphertext
-       to create record number xor mask). (draft 43 - Sec 4.2.3) */
-    if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE)
-        return LENGTH_ERROR;
-    if (inputSize < idx + DTLS13_RN_MASK_SIZE)
-        return BUFFER_ERROR;
+    /* Do not encrypt record numbers with null cipher. See RFC 9150 Sec 9 */
+    if (ssl->specs.bulk_cipher_algorithm != wolfssl_cipher_null)
+    {
+        /* minimum size for a dtls1.3 packet is 16 bytes (to have enough
+         * ciphertext to create record number xor mask).
+         * (draft 43 - Sec 4.2.3) */
+        if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE)
+            return LENGTH_ERROR;
+        if (inputSize < idx + DTLS13_RN_MASK_SIZE)
+            return BUFFER_ERROR;
 
-    ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx,
-        DEPROTECT);
-    if (ret != 0)
-        return ret;
+        ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx,
+            DEPROTECT);
+        if (ret != 0)
+            return ret;
+    }
 
     if (seqLen == DTLS13_SEQ_16_LEN) {
         hdrInfo->seqHiPresent = 1;
@@ -1563,7 +1580,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl)
         ret = Dtls13SendFragment(ssl, output, (word16)sendSz, r->length + headerLength,
             (enum HandShakeType)r->handshakeType, 0,
             isLast || !ssl->options.groupMessages);
-        if (ret != 0 && ret != WANT_WRITE)
+        if (ret != 0 && ret != WC_NO_ERR_TRACE(WANT_WRITE))
             return ret;
 
         if (r->rnIdx >= DTLS13_RETRANS_RN_SIZE)
@@ -1577,7 +1594,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl)
         r->seq[r->rnIdx] = seq;
         r->rnIdx++;
 
-        if (ret == WANT_WRITE) {
+        if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) {
             /* this fragment will be sent eventually. Move it to the end of the
                list so next time we start with a new one. */
             Dtls13RtxMoveToEndOfList(ssl, prevNext, r);
@@ -1876,7 +1893,7 @@ int Dtls13HandshakeSend(WOLFSSL* ssl, byte* message, word16 outputSize,
     if (maxLen < maxFrag) {
         ret = Dtls13SendOneFragmentRtx(ssl, handshakeType, outputSize, message,
             length, hashOutput);
-        if (ret == 0 || ret == WANT_WRITE)
+        if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE))
             ssl->keys.dtls_handshake_number++;
     }
     else {
@@ -2586,7 +2603,7 @@ int Dtls13RtxTimeout(WOLFSSL* ssl)
 
     /* Increase timeout on long timeout */
     if (DtlsMsgPoolTimeout(ssl) != 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     return Dtls13RtxSendBuffered(ssl);
 }
diff --git a/src/include.am b/src/include.am
index 1679e3b567..c3d8376a1d 100644
--- a/src/include.am
+++ b/src/include.am
@@ -229,7 +229,14 @@ endif !BUILD_X86_ASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
 
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c
+endif BUILD_RISCV_ASM
+
 if BUILD_SHA512
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c
+else
 if BUILD_ARMASM_NEON
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
@@ -258,6 +265,7 @@ endif BUILD_INTELASM
 endif !BUILD_X86_ASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
+endif !BUILD_RISCV_ASM
 endif BUILD_SHA512
 
 if BUILD_SHA3
@@ -278,6 +286,9 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha3.c
+endif BUILD_RISCV_ASM
 if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
@@ -384,7 +395,14 @@ endif BUILD_INTELASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
 
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c
+endif BUILD_RISCV_ASM
+
 if BUILD_SHA512
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c
+else
 if BUILD_ARMASM_NEON
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
@@ -411,6 +429,7 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512_asm.S
 endif BUILD_INTELASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
+endif !BUILD_RISCV_ASM
 endif BUILD_SHA512
 
 if BUILD_SHA3
@@ -431,6 +450,9 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha3.c
+endif BUILD_RISCV_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
 endif
@@ -595,6 +617,11 @@ endif BUILD_INTELASM
 endif !BUILD_X86_ASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
+
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c
+endif BUILD_RISCV_ASM
+
 endif !BUILD_FIPS_CURRENT
 
 if BUILD_AFALG
@@ -725,6 +752,9 @@ endif !BUILD_FIPS_CURRENT
 
 if !BUILD_FIPS_CURRENT
 if BUILD_SHA512
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c
+else
 if BUILD_ARMASM_NEON
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
@@ -753,6 +783,7 @@ endif BUILD_INTELASM
 endif !BUILD_X86_ASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
+endif !BUILD_RISCV_ASM
 endif BUILD_SHA512
 endif !BUILD_FIPS_CURRENT
 
@@ -775,6 +806,9 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha3.c
+endif BUILD_RISCV_ASM
 if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
@@ -888,6 +922,15 @@ if !BUILD_FIPS_RAND
 if BUILD_POLY1305
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-poly1305.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305.c
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
+endif !BUILD_ARMASM_INLINE
+endif
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-poly1305.c
 endif
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/poly1305.c
 if !BUILD_X86_ASM
@@ -955,20 +998,31 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/blake2s.c
 endif
 
 if BUILD_CHACHA
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c
 if BUILD_ARMASM_NEON
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c
 else
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c
+if BUILD_ARMASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha.c
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm.S
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-chacha.c
+endif BUILD_RISCV_ASM
 if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha_asm.S
-endif
-endif
-endif
+endif BUILD_INTELASM
+endif !BUILD_X86_ASM
+endif !BUILD_ARMASM_NEON
 if BUILD_POLY1305
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha20_poly1305.c
-endif
-endif
+endif BUILD_POLY1305
+endif BUILD_CHACHA
 
 if !BUILD_INLINE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/misc.c
@@ -995,7 +1049,6 @@ if BUILD_SAKKE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sakke.c
 endif
 
-if !BUILD_FIPS_CURRENT
 if BUILD_WC_KYBER
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_poly.c
@@ -1005,7 +1058,6 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_asm.S
 endif
 endif
 endif
-endif
 
 if BUILD_DILITHIUM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c
diff --git a/src/internal.c b/src/internal.c
index 37809668dd..a5e47641ea 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1,6 +1,6 @@
 /* internal.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,8 +19,6 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -344,7 +342,7 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
     {
         wolfSSL_CTX_keylog_cb_func logCb = NULL;
         int msSz;
-        int hasVal;
+        int invalidCount;
         int i;
         const char* label = SSC_CR;
         int labelSz = sizeof(SSC_CR);
@@ -355,32 +353,34 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
         int ret;
         (void)ctx;
 
-        if (ssl == NULL || secret == NULL || *secretSz == 0)
+        if (ssl == NULL || secret == NULL || secretSz == NULL || *secretSz == 0)
             return BAD_FUNC_ARG;
         if (ssl->arrays == NULL)
             return BAD_FUNC_ARG;
 
-        /* get the user-callback func from CTX*/
+        /* get the user-callback func from CTX */
         logCb = ssl->ctx->keyLogCb;
-        if (logCb == NULL)
-            return 0;
+        if (logCb == NULL) {
+            return 0; /* no logging callback */
+        }
 
-        /* need to make sure the given master-secret has a meaningful value */
+        /* make sure the given master-secret has a meaningful value */
         msSz   = *secretSz;
-        hasVal = 0;
+        invalidCount = 0;
         for (i = 0; i < msSz; i++) {
-            if (*((byte*)secret) != 0) {
-                hasVal = 1;
-                break;
+            if (((byte*)secret)[i] == 0) {
+                invalidCount++;
             }
         }
-        if (hasVal == 0)
-            return 0; /* master-secret looks invalid */
+        if (invalidCount == *secretSz) {
+            WOLFSSL_MSG("master-secret is not valid");
+            return 0; /* ignore error */
+        }
 
         /* build up a hex-decoded keylog string
-           "CLIENT_RANDOM <hex-encoded client random> <hex-encoded master-secret>"
-           note that each keylog string does not have CR/LF.
-        */
+         * "CLIENT_RANDOM <hex-encoded client rand> <hex-encoded master-secret>"
+         * note that each keylog string does not have CR/LF.
+         */
         buffSz  = labelSz + (RAN_LEN * 2) + 1 + ((*secretSz) * 2) + 1;
         log     = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET);
         if (log == NULL)
@@ -410,8 +410,9 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
                     ret = 0;
                 }
             }
-            else
-                ret = MEMORY_E;
+            else {
+                ret = BUFFER_E;
+            }
         }
         /* Zero out Base16 encoded secret and other data. */
         ForceZero(log, buffSz);
@@ -2107,7 +2108,7 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz,
         if (type == WOLFSSL_EXPORT_TLS) {
             *sz += AES_BLOCK_SIZE*2;
         }
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (ret == 0) {
@@ -2562,7 +2563,7 @@ void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data)
 
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
 /* free all ech configs in the list */
-static void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap)
+void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap)
 {
     WOLFSSL_EchConfig* working_config = configs;
     WOLFSSL_EchConfig* next_config;
@@ -2573,8 +2574,7 @@ static void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap)
         XFREE(working_config->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(working_config->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER);
 
-        if (working_config->raw != NULL)
-            XFREE(working_config->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(working_config->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
 
         if (working_config->receiverPrivkey != NULL) {
             wc_HpkeFreeKey(NULL, working_config->kemId,
@@ -2621,10 +2621,8 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
     XFREE(ctx->method, heapAtCTXInit, DYNAMIC_TYPE_METHOD);
     ctx->method = NULL;
 
-    if (ctx->suites) {
-        XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
-        ctx->suites = NULL;
-    }
+    XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
+    ctx->suites = NULL;
 
 #ifndef NO_DH
     XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -2723,10 +2721,8 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
         XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL);
         ctx->alpn_cli_protos = NULL;
     }
-    if (ctx->param) {
-        XFREE(ctx->param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL);
-        ctx->param = NULL;
-    }
+    XFREE(ctx->param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL);
+    ctx->param = NULL;
 
     if (ctx->x509_store.param) {
         XFREE(ctx->x509_store.param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL);
@@ -3272,9 +3268,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     int    haveRSAsig = 1;
 
 #ifdef WOLFSSL_DTLS
-    /* If DTLS v1.2 or later than set tls1_2 flag */
-    if (pv.major == DTLS_MAJOR && pv.minor <= DTLSv1_2_MINOR) {
-        tls1_2 = 1;
+    if (pv.major == DTLS_MAJOR) {
+        dtls   = 1;
+        tls    = 1;
+        /* May be dead assignments dependent upon configuration */
+        (void) dtls;
+        (void) tls;
+        tls1_2 = pv.minor <= DTLSv1_2_MINOR;
     }
 #endif
 
@@ -3385,17 +3385,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     haveRSAsig = 0;    /* can't have RSA sig if don't have RSA */
 #endif
 
-#ifdef WOLFSSL_DTLS
-    if (pv.major == DTLS_MAJOR) {
-        dtls   = 1;
-        tls    = 1;
-        /* May be dead assignments dependent upon configuration */
-        (void) dtls;
-        (void) tls;
-        tls1_2 = pv.minor <= DTLSv1_2_MINOR;
-    }
-#endif
-
 #ifdef HAVE_RENEGOTIATION_INDICATION
     if (side == WOLFSSL_CLIENT_END) {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -4572,23 +4561,17 @@ void FreeX509(WOLFSSL_X509* x509)
         x509->authKeyId = NULL;
         XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
         x509->subjKeyId = NULL;
-        if (x509->authInfo != NULL) {
-            XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
-            x509->authInfo = NULL;
-        }
-        if (x509->rawCRLInfo != NULL) {
-            XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
-            x509->rawCRLInfo = NULL;
-        }
-        if (x509->CRLInfo != NULL) {
-            XFREE(x509->CRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
-            x509->CRLInfo = NULL;
-        }
+        wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr);
+        x509->subjKeyIdStr = NULL;
+        XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->authInfo = NULL;
+        XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->rawCRLInfo = NULL;
+        XFREE(x509->CRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->CRLInfo = NULL;
         #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
             defined(WOLFSSL_QT)
-        if (x509->authInfoCaIssuer != NULL) {
-            XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT);
-        }
+        XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT);
         if (x509->ext_sk != NULL) {
             wolfSSL_sk_X509_EXTENSION_pop_free(x509->ext_sk, NULL);
         }
@@ -4643,11 +4626,16 @@ void FreeX509(WOLFSSL_X509* x509)
         x509->altNames = NULL;
     }
 
-#ifdef WOLFSSL_DUAL_ALG_CERTS
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
     XFREE(x509->sapkiDer, x509->heap, DYNAMIC_TYPE_X509_EXT);
+    x509->sapkiDer = NULL;
     XFREE(x509->altSigAlgDer, x509->heap, DYNAMIC_TYPE_X509_EXT);
-    XFREE(x509->altSigValDer, x509->heap, DYNAMIC_TYPE_X509_EXT);
-#endif /* WOLFSSL_DUAL_ALG_CERTS */
+    x509->altSigAlgDer = NULL;
+    if (x509->altSigValDer) {
+        XFREE(x509->altSigValDer, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->altSigValDer= NULL;
+    }
+    #endif /* WOLFSSL_DUAL_ALG_CERTS */
 
     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
         wolfSSL_RefFree(&x509->ref);
@@ -6808,9 +6796,35 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif /* HAVE_RPK */
 
 #ifndef NO_CERTS
+#ifdef WOLFSSL_COPY_CERT
+    /* If WOLFSSL_COPY_CERT is defined, always copy the cert */
+    if (ctx->certificate != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer,
+            ctx->certificate->length, ctx->certificate->type,
+            ctx->certificate->heap);
+        if (ret != 0) {
+            return ret;
+        }
+
+        ssl->buffers.weOwnCert = 1;
+        ret = WOLFSSL_SUCCESS;
+    }
+    if (ctx->certChain != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer,
+            ctx->certChain->length, ctx->certChain->type,
+            ctx->certChain->heap);
+        if (ret != 0) {
+            return ret;
+        }
+
+        ssl->buffers.weOwnCertChain = 1;
+        ret = WOLFSSL_SUCCESS;
+    }
+#else
     /* ctx still owns certificate, certChain, key, dh, and cm */
     ssl->buffers.certificate = ctx->certificate;
     ssl->buffers.certChain = ctx->certChain;
+#endif
 #ifdef WOLFSSL_TLS13
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
@@ -6897,7 +6911,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         }
     }  /* writeDup check */
 
-    if (ctx->mask != 0 && wolfSSL_set_options(ssl, ctx->mask) == 0) {
+    if (ctx->mask != 0 && wolfSSL_set_options(ssl, (long)ctx->mask) == 0) {
         WOLFSSL_MSG("wolfSSL_set_options error");
         return BAD_FUNC_ARG;
     }
@@ -6920,12 +6934,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif
 #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
     /* Don't change recv callback if currently using BIO's */
-    if (ssl->CBIORecv != BioReceive)
+    if (ssl->CBIORecv != SslBioReceive)
 #endif
         ssl->CBIORecv = ctx->CBIORecv;
 #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
     /* Don't change send callback if currently using BIO's */
-    if (ssl->CBIOSend != BioSend)
+    if (ssl->CBIOSend != SslBioSend)
 #endif
         ssl->CBIOSend = ctx->CBIOSend;
     ssl->verifyDepth = ctx->verifyDepth;
@@ -7491,6 +7505,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
     ssl->options.disallowEncThenMac = ctx->disallowEncThenMac;
 #endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
+    ssl->options.disableECH         = ctx->disableECH;
+#endif
 
     /* default alert state (none) */
     ssl->alert_history.last_rx.code  = -1;
@@ -7554,7 +7571,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     /* requires valid arrays and suites unless writeDup ing */
     if ((ret = SetSSL_CTX(ssl, ctx, writeDup)) != WOLFSSL_SUCCESS
 #ifdef WOLFSSL_NO_INIT_CTX_KEY
-        && ret != NO_PRIVATE_KEY
+        && ret != WC_NO_ERR_TRACE(NO_PRIVATE_KEY)
 #endif
         ) {
         WOLFSSL_MSG_EX("SetSSL_CTX failed. err = %d", ret);
@@ -7796,7 +7813,7 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
 int AllocKey(WOLFSSL* ssl, int type, void** pKey)
 {
     int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
-    int sz = 0;
+    size_t sz = 0;
 #ifdef HAVE_ECC
     ecc_key* eccKey;
 #endif /* HAVE_ECC */
@@ -8078,7 +8095,7 @@ void FreeKeyExchange(WOLFSSL* ssl)
     }
 
     /* Free handshake key */
-    FreeKey(ssl, ssl->hsType, &ssl->hsKey);
+    FreeKey(ssl, (int)ssl->hsType, &ssl->hsKey);
 #ifdef WOLFSSL_DUAL_ALG_CERTS
     FreeKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
@@ -8364,9 +8381,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     }
 #endif
 #ifdef OPENSSL_EXTRA
-    if (ssl->param) {
-        XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
-    }
+    XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
 #endif
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
     while (ssl->certReqCtx != NULL) {
@@ -8909,8 +8924,7 @@ void DtlsMsgDelete(DtlsMsg* item, void* heap)
             DtlsMsgDestroyFragBucket(item->fragBucketList, heap);
             item->fragBucketList = next;
         }
-        if (item->raw != NULL)
-            XFREE(item->raw, heap, DYNAMIC_TYPE_DTLS_FRAG);
+        XFREE(item->raw, heap, DYNAMIC_TYPE_DTLS_FRAG);
         XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG);
     }
 }
@@ -10345,7 +10359,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
             fragSz = inputSz - ssl->fragOffset;
 
         /* check for available size */
-        outputSz = headerSz + fragSz;
+        outputSz = headerSz + (int)fragSz;
         if (IsEncryptionOn(ssl, 1))
             outputSz += cipherExtraData(ssl);
         if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
@@ -10403,7 +10417,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
             }
 #endif
         }
-        ssl->buffers.outputBuffer.length += outputSz;
+        ssl->buffers.outputBuffer.length += (word32)outputSz;
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
         if (ssl->hsInfoOn) {
             AddPacketName(ssl, packetName);
@@ -10453,14 +10467,14 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz)
 
     if (ssl->CBIORecv == NULL) {
         WOLFSSL_MSG("Your IO Recv callback is null, please set");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 retry:
     recvd = ssl->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
     if (recvd < 0) {
         switch (recvd) {
-            case WOLFSSL_CBIO_ERR_GENERAL:        /* general/unknown error */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL):
                 #ifdef WOLFSSL_APACHE_HTTPD
                 #ifndef NO_BIO
                     if (ssl->biord) {
@@ -10472,26 +10486,26 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz)
                     }
                 #endif
                 #endif
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_WANT_READ:      /* want read, would block */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ):
                 if (retryLimit > 0 && ssl->ctx->autoRetry &&
                         !ssl->options.handShakeDone && !ssl->options.dtls) {
                     retryLimit--;
                     goto retry;
                 }
-                return WANT_READ;
+                return WC_NO_ERR_TRACE(WANT_READ);
 
-            case WOLFSSL_CBIO_ERR_CONN_RST:       /* connection reset */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_RST):
                 #ifdef USE_WINDOWS_API
                 if (ssl->options.dtls) {
                     goto retry;
                 }
                 #endif
                 ssl->options.connReset = 1;
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_ISR:            /* interrupt */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_ISR): /* interrupt */
                 /* see if we got our timeout */
                 #ifdef WOLFSSL_CALLBACKS
                     if (ssl->toInfoOn) {
@@ -10511,11 +10525,11 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz)
                 #endif
                 goto retry;
 
-            case WOLFSSL_CBIO_ERR_CONN_CLOSE:     /* peer closed connection */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE):
                 ssl->options.isClosed = 1;
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_TIMEOUT:
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT):
             #ifdef WOLFSSL_DTLS
 #ifdef WOLFSSL_DTLS13
                 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
@@ -10523,7 +10537,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz)
                     if (Dtls13RtxTimeout(ssl) < 0) {
                         WOLFSSL_MSG(
                             "Error trying to retransmit DTLS buffered message");
-                        return -1;
+                        return WOLFSSL_FATAL_ERROR;
                     }
                     goto retry;
                 }
@@ -10538,7 +10552,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz)
                     goto retry;
                 }
             #endif
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
             default:
                 WOLFSSL_MSG("Unexpected recv return code");
@@ -10571,8 +10585,8 @@ void ShrinkOutputBuffer(WOLFSSL* ssl)
  * calls ShrinkInputBuffer itself when it is safe to do so. Don't overuse it. */
 void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
 {
-    int usedLength = ssl->buffers.inputBuffer.length -
-                     ssl->buffers.inputBuffer.idx;
+    int usedLength = (int)(ssl->buffers.inputBuffer.length -
+                     ssl->buffers.inputBuffer.idx);
     if (!forcedFree && (usedLength > STATIC_BUFFER_LEN ||
             ssl->buffers.clearOutputBuffer.length > 0))
         return;
@@ -10631,19 +10645,19 @@ int SendBuffered(WOLFSSL* ssl)
         if (sent < 0) {
             switch (sent) {
 
-                case WOLFSSL_CBIO_ERR_WANT_WRITE:        /* would block */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE):
                     if (retryLimit > 0 && ssl->ctx->autoRetry &&
                             !ssl->options.handShakeDone && !ssl->options.dtls) {
                         retryLimit--;
                         goto retry;
                     }
-                    return WANT_WRITE;
+                    return WC_NO_ERR_TRACE(WANT_WRITE);
 
-                case WOLFSSL_CBIO_ERR_CONN_RST:          /* connection reset */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_RST):
                     ssl->options.connReset = 1;
                     break;
 
-                case WOLFSSL_CBIO_ERR_ISR:               /* interrupt */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_ISR): /* interrupt */
                     /* see if we got our timeout */
                     #ifdef WOLFSSL_CALLBACKS
                         if (ssl->toInfoOn) {
@@ -10663,7 +10677,7 @@ int SendBuffered(WOLFSSL* ssl)
                     #endif
                     continue;
 
-                case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE): /* epipe */
                     ssl->options.connReset = 1;  /* treat same as reset */
                     break;
 
@@ -10679,8 +10693,8 @@ int SendBuffered(WOLFSSL* ssl)
             return SEND_OOB_READ_E;
         }
 
-        ssl->buffers.outputBuffer.idx += sent;
-        ssl->buffers.outputBuffer.length -= sent;
+        ssl->buffers.outputBuffer.idx += (word32)sent;
+        ssl->buffers.outputBuffer.length -= (word32)sent;
     }
 
     ssl->buffers.outputBuffer.idx = 0;
@@ -10803,7 +10817,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
         return BAD_FUNC_ARG;
     }
 
-    tmp = (byte*)XMALLOC(size + usedLength + align,
+    tmp = (byte*)XMALLOC((size_t)(size + usedLength + align),
                              ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
     WOLFSSL_MSG("growing input buffer");
 
@@ -10847,7 +10861,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
         ssl->buffers.inputBuffer.offset = 0;
 
     ssl->buffers.inputBuffer.buffer = tmp;
-    ssl->buffers.inputBuffer.bufferSize = size + usedLength;
+    ssl->buffers.inputBuffer.bufferSize = (word32)(size + usedLength);
     ssl->buffers.inputBuffer.idx    = 0;
     ssl->buffers.inputBuffer.length = (word32)usedLength;
 
@@ -11241,6 +11255,11 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     if (ret != 0)
         return ret;
 
+    if (ssl->dtls13CurRlLength > sizeof(ssl->dtls13CurRL)) {
+        WOLFSSL_MSG("Record header too long");
+        return SEQUENCE_ERROR;
+    }
+
     if (readSize < ssl->dtls13CurRlLength + DTLS13_RN_MASK_SIZE) {
         /* when using DTLS over a medium that does not guarantee that a full
          * message is received in a single read, we may end up without the full
@@ -11472,7 +11491,7 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
         }
 #endif /* WOLFSSL_DTLS13 */
         /* Don't care about protocol version being lower than expected on alerts
-         * sent back before version negotitation. */
+         * sent back before version negotiation. */
         else if (!(ssl->options.side == WOLFSSL_CLIENT_END &&
                             ssl->options.connectState == CLIENT_HELLO_SENT &&
                             rh->type == alert &&
@@ -12531,13 +12550,13 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
     while (altName) {
         WOLFSSL_MSG("\tindividual AltName check");
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
         if (altName->type == ASN_IP_TYPE) {
             buf = altName->ipString;
             len = (word32)XSTRLEN(buf);
         }
         else
-#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
+#endif /* WOLFSSL_IP_ALT_NAME */
         {
             buf = altName->name;
             len = (word32)altName->len;
@@ -12626,6 +12645,45 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,
 }
 #endif
 
+#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
+    defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(WOLFSSL_ACERT)
+    static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap)
+{
+    /* Copy from to the beginning of to */
+    DNS_entry** prev_next = to;
+    DNS_entry* next;
+
+    if (to == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    next = *to;
+
+    for (; from != NULL; from = from->next) {
+        DNS_entry* dnsEntry;
+
+        if (type != -1 && from->type != type)
+            continue;
+
+        dnsEntry = AltNameDup(from, heap);
+        if (dnsEntry == NULL) {
+            WOLFSSL_MSG("\tOut of Memory");
+            return MEMORY_E;
+        }
+
+        dnsEntry->next = next;
+        *prev_next = dnsEntry;
+        prev_next = &dnsEntry->next;
+    }
+
+    return 0;
+}
+#endif /* KEEP_PEER_CERT || SESSION_CERTS ||
+        * OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL ||
+        * WOLFSSL_ACERT */
+
+
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
@@ -12636,7 +12694,7 @@ void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
         name->dynamicName = 0;
     }
 
-    if (nameType == SUBJECT) {
+    if (nameType == ASN_SUBJECT) {
         XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX);
         name->name[ASN_NAME_MAX - 1] = '\0';
         name->sz = (int)XSTRLEN(name->name) + 1;
@@ -12660,38 +12718,6 @@ void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
     }
 }
 
-static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap)
-{
-    /* Copy from to the beginning of to */
-    DNS_entry** prev_next = to;
-    DNS_entry* next;
-
-    if (to == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    next = *to;
-
-    for (; from != NULL; from = from->next) {
-        DNS_entry* dnsEntry;
-
-        if (type != -1 && from->type != type)
-            continue;
-
-        dnsEntry = AltNameDup(from, heap);
-        if (dnsEntry == NULL) {
-            WOLFSSL_MSG("\tOut of Memory");
-            return MEMORY_E;
-        }
-
-        dnsEntry->next = next;
-        *prev_next = dnsEntry;
-        prev_next = &dnsEntry->next;
-    }
-
-    return 0;
-}
-
 #ifdef WOLFSSL_CERT_REQ
 static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
 {
@@ -12808,6 +12834,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
 int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 {
     int ret = 0;
+    int minSz;
 
     if (x509 == NULL || dCert == NULL ||
         dCert->subjectCNLen < 0)
@@ -12821,7 +12848,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 
     x509->version = dCert->version + 1;
 
-    CopyDecodedName(&x509->issuer, dCert, ISSUER);
+    CopyDecodedName(&x509->issuer, dCert, ASN_ISSUER);
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     if (dCert->issuerName != NULL) {
         wolfSSL_X509_set_issuer_name(x509,
@@ -12829,7 +12856,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
         x509->issuer.x509 = x509;
     }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
-    CopyDecodedName(&x509->subject, dCert, SUBJECT);
+    CopyDecodedName(&x509->subject, dCert, ASN_SUBJECT);
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     if (dCert->subjectName != NULL) {
         wolfSSL_X509_set_subject_name(x509,
@@ -12857,49 +12884,45 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 #endif /* WOLFSSL_CERT_REQ */
 
 #ifdef WOLFSSL_SEP
-    {
-        int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
-        if (minSz > 0) {
-            x509->deviceTypeSz = minSz;
-            XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
-        }
-        else
-            x509->deviceTypeSz = 0;
-        minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
-        if (minSz > 0) {
-            x509->hwTypeSz = minSz;
-            XMEMCPY(x509->hwType, dCert->hwType, minSz);
-        }
-        else
-            x509->hwTypeSz = 0;
-        minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
-        if (minSz > 0) {
-            x509->hwSerialNumSz = minSz;
-            XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
-        }
-        else
-            x509->hwSerialNumSz = 0;
+    minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
+    if (minSz > 0) {
+        x509->deviceTypeSz = minSz;
+        XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
+    }
+    else
+        x509->deviceTypeSz = 0;
+    minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
+    if (minSz > 0) {
+        x509->hwTypeSz = minSz;
+        XMEMCPY(x509->hwType, dCert->hwType, minSz);
     }
+    else
+        x509->hwTypeSz = 0;
+    minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
+    if (minSz > 0) {
+        x509->hwSerialNumSz = minSz;
+        XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
+    }
+    else
+        x509->hwSerialNumSz = 0;
 #endif /* WOLFSSL_SEP */
-    {
-        int minSz;
-        if (dCert->beforeDateLen > 0) {
-            minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ);
-            x509->notBefore.type = dCert->beforeDate[0];
-            x509->notBefore.length = minSz;
-            XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz);
-        }
-        else
-            x509->notBefore.length = 0;
-        if (dCert->afterDateLen > 0) {
-            minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ);
-            x509->notAfter.type = dCert->afterDate[0];
-            x509->notAfter.length = minSz;
-            XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz);
-        }
-        else
-            x509->notAfter.length = 0;
+
+    if (dCert->beforeDateLen > 0) {
+        minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ);
+        x509->notBefore.type = dCert->beforeDate[0];
+        x509->notBefore.length = minSz;
+        XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz);
+    }
+    else
+        x509->notBefore.length = 0;
+    if (dCert->afterDateLen > 0) {
+        minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ);
+        x509->notAfter.type = dCert->afterDate[0];
+        x509->notAfter.length = minSz;
+        XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz);
     }
+    else
+        x509->notAfter.length = 0;
 
     if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
         x509->pubKey.buffer = (byte*)XMALLOC(
@@ -13038,7 +13061,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
             ret = MEMORY_E;
         }
     }
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+    #ifdef WOLFSSL_ASN_CA_ISSUER
     if (dCert->extAuthInfoCaIssuer != NULL && dCert->extAuthInfoCaIssuerSz > 0) {
         x509->authInfoCaIssuer = (byte*)XMALLOC(dCert->extAuthInfoCaIssuerSz, x509->heap,
                 DYNAMIC_TYPE_X509_EXT);
@@ -13124,10 +13147,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
     #ifndef IGNORE_NETSCAPE_CERT_TYPE
     x509->nsCertType = dCert->nsCertType;
     #endif
-    #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+    #ifdef WOLFSSL_SEP
         x509->certPolicySet = dCert->extCertPolicySet;
         x509->certPolicyCrit = dCert->extCertPolicyCrit;
-    #endif /* WOLFSSL_SEP || WOLFSSL_QT */
+    #endif
     #ifdef WOLFSSL_CERT_EXT
         {
             int i;
@@ -13201,6 +13224,122 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 
 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
 
+#if defined(WOLFSSL_ACERT)
+/* Copy a DecodedAcert structure to an X509_ACERT.
+ *
+ * @param [out]     x509        the dst X509 acert structure
+ * @param [in]      dAcert      the src decoded acert structure
+ *
+ * @return  0   on success
+ * @return  < 0 on error
+ * */
+int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert)
+{
+    int ret = 0;
+
+    if (x509 == NULL || dAcert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Copy version and serial number. */
+    x509->version = dAcert->version + 1;
+
+    XMEMCPY(x509->serial, dAcert->serial, EXTERNAL_SERIAL_SIZE);
+    x509->serialSz = dAcert->serialSz;
+
+    if (dAcert->holderSerialSz > 0) {
+        /* This ACERT Holder field had a serial number. Copy it. */
+        XMEMCPY(x509->holderSerial, dAcert->holderSerial,
+                dAcert->holderSerialSz);
+        x509->holderSerialSz = dAcert->holderSerialSz;
+    }
+
+    /* Copy before and after dates. */
+    {
+        int minSz = 0;
+
+        if (dAcert->beforeDateLen > 0) {
+            minSz = (int)min(dAcert->beforeDate[1], MAX_DATE_SZ);
+            x509->notBefore.type = dAcert->beforeDate[0];
+            x509->notBefore.length = minSz;
+            XMEMCPY(x509->notBefore.data, &dAcert->beforeDate[2], minSz);
+        }
+        else {
+            x509->notBefore.length = 0;
+        }
+
+        if (dAcert->afterDateLen > 0) {
+            minSz = (int)min(dAcert->afterDate[1], MAX_DATE_SZ);
+            x509->notAfter.type = dAcert->afterDate[0];
+            x509->notAfter.length = minSz;
+            XMEMCPY(x509->notAfter.data, &dAcert->afterDate[2], minSz);
+        }
+        else {
+            x509->notAfter.length = 0;
+        }
+    }
+
+    /* Copy the signature. */
+    if (dAcert->signature != NULL && dAcert->sigLength != 0 &&
+            dAcert->sigLength <= MAX_ENCODED_SIG_SZ) {
+        x509->sig.buffer = (byte*)XMALLOC(
+                          dAcert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
+        if (x509->sig.buffer == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMCPY(x509->sig.buffer, dAcert->signature, dAcert->sigLength);
+            x509->sig.length = dAcert->sigLength;
+            x509->sigOID = (int)dAcert->signatureOID;
+        }
+    }
+
+    /* if der contains original source buffer then store for potential
+     * retrieval */
+    if (dAcert->source != NULL && dAcert->maxIdx > 0) {
+        if (AllocDer(&x509->derCert, dAcert->maxIdx, CERT_TYPE, x509->heap)
+                                                                         == 0) {
+            XMEMCPY(x509->derCert->buffer, dAcert->source, dAcert->maxIdx);
+        }
+        else {
+            ret = MEMORY_E;
+        }
+    }
+
+    /* Copy holder and att cert issuer names if present. */
+    if (CopyAltNames(&x509->holderIssuerName, dAcert->holderIssuerName,
+                ASN_DIR_TYPE, x509->heap) != 0) {
+        return MEMORY_E;
+    }
+
+    if (CopyAltNames(&x509->holderEntityName, dAcert->holderEntityName,
+                ASN_DIR_TYPE, x509->heap) != 0) {
+        return MEMORY_E;
+    }
+
+    if (CopyAltNames(&x509->AttCertIssuerName, dAcert->AttCertIssuerName,
+                ASN_DIR_TYPE, x509->heap) != 0) {
+        return MEMORY_E;
+    }
+
+    if (dAcert->rawAttr && dAcert->rawAttrLen > 0) {
+        /* Allocate space for the raw Attributes field, then copy it in. */
+        x509->rawAttr = (byte*)XMALLOC(dAcert->rawAttrLen, x509->heap,
+                                       DYNAMIC_TYPE_X509_EXT);
+        if (x509->rawAttr != NULL) {
+            XMEMCPY(x509->rawAttr, dAcert->rawAttr, dAcert->rawAttrLen);
+            x509->rawAttrLen = dAcert->rawAttrLen;
+        }
+        else {
+            ret = MEMORY_E;
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_ACERT */
+
+
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
      (defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12))
 static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
@@ -13254,12 +13393,9 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                                     DYNAMIC_TYPE_OCSP_REQUEST);
 
         if (status == NULL || single == NULL || response == NULL) {
-            if (status)
-                XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-            if (single)
-                XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-            if (response)
-                XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
+            XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
+            XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
 
             return MEMORY_ERROR;
         }
@@ -13548,8 +13684,7 @@ int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt,
     if (x509 != NULL)
         wolfSSL_X509_free(x509);
 #endif
-    if (domain != NULL)
-        XFREE(domain, heap, DYNAMIC_TYPE_STRING);
+    XFREE(domain, heap, DYNAMIC_TYPE_STRING);
     return MEMORY_E;
 }
 
@@ -13828,15 +13963,11 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
 
     (void)ssl;
 
-    if (args->certs) {
-        XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER);
-        args->certs = NULL;
-    }
+    XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER);
+    args->certs = NULL;
 #ifdef WOLFSSL_TLS13
-    if (args->exts) {
-        XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT);
-        args->exts = NULL;
-    }
+    XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT);
+    args->exts = NULL;
 #endif
     if (args->dCert) {
         if (args->dCertInit) {
@@ -13946,9 +14077,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
         /* / <hashvalue>.(r)N\0                                         */
         /*|1|     8    |1|1|1|1|           => 13                        */
         len = (int)XSTRLEN(entry->dir_name) + 13;
-        if (filename != NULL) {
-            XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
-        }
+        XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
 
         filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
         if (filename == NULL) {
@@ -14023,7 +14152,8 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
                         ph->hash_value = hash;
                         ph->last_suffix = suffix;
 
-                        ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph);
+                        ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph) > 0
+                                ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
                     }
                 }
                 wc_UnLockMutex(&lookup->dirs->lock);
@@ -14827,7 +14957,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 #ifdef HAVE_OCSP
                     #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
                         addToPendingCAs = 0;
-                        if (ssl->status_request_v2 && TLSX_CSR2_IsMulti(ssl->extensions)) {
+                        if (ssl->options.side == WOLFSSL_CLIENT_END &&
+                            ssl->status_request_v2 &&
+                            TLSX_CSR2_IsMulti(ssl->extensions)) {
                             ret = TLSX_CSR2_InitRequests(ssl->extensions,
                                                     args->dCert, 0, ssl->heap);
                             addToPendingCAs = 1;
@@ -15029,8 +15161,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         if (dCertAdd_inited)
                             FreeDecodedCert(dCertAdd);
 #ifdef WOLFSSL_SMALL_STACK
-                        if (dCertAdd)
-                            XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                        XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
                         if (ret != 0)
                             goto exit_ppc;
@@ -15372,9 +15503,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                             if (ssl->peerVerifyRet == 0) {
                                 /* Return first cert error here */
                                 ssl->peerVerifyRet =
-                                        ret == OCSP_CERT_REVOKED
-                                            ? WOLFSSL_X509_V_ERR_CERT_REVOKED
-                                            : WOLFSSL_X509_V_ERR_CERT_REJECTED;
+                                    ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED)
+                                    ? WOLFSSL_X509_V_ERR_CERT_REVOKED
+                                    : WOLFSSL_X509_V_ERR_CERT_REJECTED;
                             }
                         #endif
                         }
@@ -15403,7 +15534,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                             if (ssl->peerVerifyRet == 0) {
                                 /* Return first cert error here */
                                 ssl->peerVerifyRet =
-                                        ret == CRL_CERT_REVOKED
+                                        ret == WC_NO_ERR_TRACE(CRL_CERT_REVOKED)
                                             ? WOLFSSL_X509_V_ERR_CERT_REVOKED
                                             : WOLFSSL_X509_V_ERR_CERT_REJECTED;
                             }
@@ -16218,12 +16349,9 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                                              DYNAMIC_TYPE_OCSP_REQUEST);
 
                 if (status == NULL || single == NULL || response == NULL) {
-                    if (status)
-                        XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-                    if (single)
-                        XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-                    if (response)
-                        XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+                    XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
+                    XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
+                    XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
 
                     return MEMORY_ERROR;
                 }
@@ -17103,10 +17231,10 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     /* hello_request not hashed */
     if (type != hello_request
     #ifdef WOLFSSL_ASYNC_CRYPT
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     #ifdef WOLFSSL_NONBLOCK_OCSP
-            && ssl->error != OCSP_WANT_READ
+            && ssl->error != WC_NO_ERR_TRACE(OCSP_WANT_READ)
     #endif
     ) {
         ret = HashInput(ssl, input + *inOutIdx, (int)size);
@@ -20312,7 +20440,7 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
     /* 4th argument has potential to underflow, ssl->hmac function should
      * either increment the size by (macSz + padLen + 1) before use or check on
      * the size to make sure is valid. */
-    ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen,
+    ret = ssl->hmac(ssl, verify, input, (word32)(pLen - macSz - padLen - 1), padLen,
                                                         content, 1, PEER_ORDER);
     good |= MaskMac(input, pLen, ssl->specs.hash_size, verify);
 
@@ -20414,7 +20542,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
             ivExtra = AESGCM_EXP_IV_SZ;
     }
 
-    dataSz = msgSz - ivExtra - ssl->keys.padSz;
+    dataSz = (int)(msgSz - (word32)ivExtra - ssl->keys.padSz);
 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
     if (ssl->options.startedETMRead)
         dataSz -= MacSize(ssl);
@@ -20450,7 +20578,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
             if (dataSz < 0) return dataSz;
         }
 #endif
-        idx += rawSz;
+        idx += (word32)rawSz;
 
         ssl->buffers.clearOutputBuffer.buffer = rawData;
         ssl->buffers.clearOutputBuffer.length = (unsigned int)dataSz;
@@ -20676,7 +20804,11 @@ static void LogAlert(int type)
     typeStr = AlertTypeToString(type);
     if (typeStr != NULL) {
         char buff[60];
-        XSNPRINTF(buff, sizeof(buff), "Alert type: %s", typeStr);
+        if (XSNPRINTF(buff, sizeof(buff), "Alert type: %s", typeStr)
+            >= (int)sizeof(buff))
+        {
+            buff[sizeof(buff) - 1] = 0;
+        }
         WOLFSSL_MSG(buff);
     }
 #else
@@ -20707,7 +20839,7 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
     #endif
 
     if (IsEncryptionOn(ssl, 0)) {
-        int ivExtra = 0;
+        word32 ivExtra = 0;
 #ifndef WOLFSSL_AEAD_ONLY
         if (ssl->specs.cipher_type == block) {
             if (ssl->options.tls1_1)
@@ -20786,9 +20918,9 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
 
 
     /* check max input length */
-    usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
-    maxLength  = ssl->buffers.inputBuffer.bufferSize - usedLength;
-    inSz       = (int)(size - usedLength);      /* from last partial read */
+    usedLength = (int)(ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx);
+    maxLength  = (int)(ssl->buffers.inputBuffer.bufferSize - (word32)usedLength);
+    inSz       = (int)(size - (word32)usedLength);      /* from last partial read */
 
 #ifdef WOLFSSL_DTLS
     if (ssl->options.dtls && IsDtlsNotSctpMode(ssl)) {
@@ -20810,7 +20942,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
     }
 
     if (inSz > maxLength) {
-        if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
+        if (GrowInputBuffer(ssl, (int)(size + (word32)dtlsExtra), usedLength) < 0)
             return MEMORY_E;
     }
 
@@ -20830,8 +20962,8 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
                      ssl->buffers.inputBuffer.buffer +
                      ssl->buffers.inputBuffer.length,
                      (word32)inSz);
-        if (in == WANT_READ)
-            return WANT_READ;
+        if (in == WC_NO_ERR_TRACE(WANT_READ))
+            return WC_NO_ERR_TRACE(WANT_READ);
 
         if (in < 0) {
             WOLFSSL_ERROR_VERBOSE(SOCKET_ERROR_E);
@@ -20843,7 +20975,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
             return RECV_OVERFLOW_E;
         }
 
-        ssl->buffers.inputBuffer.length += in;
+        ssl->buffers.inputBuffer.length += (word32)in;
         inSz -= in;
 
     } while (ssl->buffers.inputBuffer.length < size);
@@ -20929,8 +21061,8 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
             if (!ssl->ctx->VerifyMacCb ||
                 ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
 #endif
-            ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra,
-                                  content);
+            ret = TimingPadVerify(ssl, input, (int)pad, (int)digestSz,
+                                  (int)(msgSz - (word32)ivExtra), content);
             if (ret != 0)
                 return ret;
         }
@@ -21070,15 +21202,17 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
         atomicUser = 1;
 #endif
 
-    if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE
+    if (ssl->error != 0 &&
+        ssl->error != WC_NO_ERR_TRACE(WANT_READ) &&
+        ssl->error != WC_NO_ERR_TRACE(WANT_WRITE)
     #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
-        && ssl->error != APP_DATA_READY
+        && ssl->error != WC_NO_ERR_TRACE(APP_DATA_READY)
     #endif
     #ifdef WOLFSSL_ASYNC_CRYPT
-        && ssl->error != WC_PENDING_E
+        && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     #ifdef WOLFSSL_NONBLOCK_OCSP
-        && ssl->error != OCSP_WANT_READ
+        && ssl->error != WC_NO_ERR_TRACE(OCSP_WANT_READ)
     #endif
         && (allowSocketErr != 1 ||
             ssl->error != WC_NO_ERR_TRACE(SOCKET_ERROR_E))
@@ -21312,7 +21446,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
             if (!ssl->options.dtls) {
                 if ((ret = GetInputData(ssl, ssl->curSize)) < 0) {
 #ifdef WOLFSSL_EXTRA_ALERTS
-                    if (ret != WANT_READ)
+                    if (ret != WC_NO_ERR_TRACE(WANT_READ))
                         SendAlert(ssl, alert_fatal, bad_record_mac);
 #endif
                     return ret;
@@ -21461,13 +21595,14 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
                                 /* Mask on indicates this is expected to be a
                                  * padding byte.
                                  */
-                                padding &= ctMaskLTE(i, ssl->keys.padSz);
+                                padding &= ctMaskLTE((int)i,
+                                                       (int)ssl->keys.padSz);
                                 /* When this is a padding byte and not equal
                                  * to length then mask is set.
                                  */
                                 invalid |= padding &
                                            ctMaskNotEq(in->buffer[off - i],
-                                                       ssl->keys.padSz);
+                                                       (int)ssl->keys.padSz);
                             }
                             /* If mask is set then there was an error. */
                             if (invalid) {
@@ -21835,7 +21970,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
                              * calling DtlsMsgPoolSend. This msg is done
                              * processing so let's move on. */
                         && (!ssl->options.dtls
-                            || ret != WANT_WRITE)
+                            || ret != WC_NO_ERR_TRACE(WANT_WRITE))
 #ifdef WOLFSSL_ASYNC_CRYPT
                     /* In async case, on pending, move onto next message.
                      * Current message should have been DtlsMsgStore'ed and
@@ -22281,7 +22416,7 @@ int SendChangeCipher(WOLFSSL* ssl)
                 return ret;
         }
     #endif
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
 #ifdef WOLFSSL_TLS13
     if (!ssl->options.tls1_3)
@@ -22697,7 +22832,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
         ssl->options.buildMsgState = BUILD_MSG_BEGIN;
         XMEMSET(args, 0, sizeof(BuildMsgArgs));
 
-        args->sz = RECORD_HEADER_SZ + inSz;
+        args->sz = RECORD_HEADER_SZ + (word32)inSz;
         args->idx  = RECORD_HEADER_SZ;
         args->headerSz = RECORD_HEADER_SZ;
     }
@@ -22855,7 +22990,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 args->idx += min(args->ivSz, MAX_IV_SZ);
             }
             XMEMCPY(output + args->idx, input, inSz);
-            args->idx += inSz;
+            args->idx += (word32)inSz;
 
             ssl->options.buildMsgState = BUILD_MSG_HASH;
         }
@@ -22867,7 +23002,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 goto exit_buildmsg;
 
             if (type == handshake && hashOutput) {
-                ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz);
+                ret = HashOutput(ssl, output,
+                        (int)(args->headerSz + (word32)inSz), (int)args->ivSz);
                 if (ret != 0)
                     goto exit_buildmsg;
             }
@@ -23082,7 +23218,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 {
                     ret = ssl->hmac(ssl, output + args->idx + args->pad + 1,
                                     output + args->headerSz,
-                                    args->ivSz + inSz + args->pad + 1, -1, type,
+                                    args->ivSz + (word32)inSz + args->pad + 1,
+                                    -1, type,
                                     0, epochOrder);
                 }
             }
@@ -23177,7 +23314,8 @@ int SendFinished(WOLFSSL* ssl)
 
     /* get output buffer */
     output = GetOutputBuffer(ssl);
-    AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
+    AddHandShakeHeader(input, (word32)finishedSz, 0,
+            (word32)finishedSz, finished, ssl);
 
     /* make finished hashes */
     hashes = (Hashes*)&input[headerSz];
@@ -23267,7 +23405,7 @@ int SendFinished(WOLFSSL* ssl)
         }
     #endif
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
     ret = SendBuffered(ssl);
 
@@ -23301,13 +23439,17 @@ int SendFinished(WOLFSSL* ssl)
  * Returns 0 on success
  */
 static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
-                             DecodedCert* cert, byte* certData, word32 length)
+                             DecodedCert* cert, byte* certData, word32 length,
+                             byte *ctxOwnsRequest)
 {
     int ret;
 
     if (request != NULL)
         XMEMSET(request, 0, sizeof(OcspRequest));
 
+    if (ctxOwnsRequest!= NULL)
+        *ctxOwnsRequest = 0;
+
     InitDecodedCert(cert, certData, length, ssl->heap);
     /* TODO: Setup async support here */
     ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl), NULL);
@@ -23321,8 +23463,11 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
         if (!ssl->buffers.weOwnCert) {
             wolfSSL_Mutex* ocspLock = &SSL_CM(ssl)->ocsp_stapling->ocspLock;
             if (wc_LockMutex(ocspLock) == 0) {
-                if (ssl->ctx->certOcspRequest == NULL)
+                if (ssl->ctx->certOcspRequest == NULL) {
                     ssl->ctx->certOcspRequest = request;
+                    if (ctxOwnsRequest!= NULL)
+                        *ctxOwnsRequest = 1;
+                }
                 wc_UnLockMutex(ocspLock);
             }
         }
@@ -23351,6 +23496,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
     int          ret = 0;
     OcspRequest* request = NULL;
     byte createdRequest  = 0;
+    byte ctxOwnsRequest = 0;
 
     if (ssl == NULL || ocspRequest == NULL || response == NULL)
         return BAD_FUNC_ARG;
@@ -23388,7 +23534,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
         createdRequest = 1;
         if (ret == 0) {
             ret = CreateOcspRequest(ssl, request, cert, der->buffer,
-                                                                   der->length);
+                      der->length, &ctxOwnsRequest);
         }
 
         if (ret != 0) {
@@ -23415,7 +23561,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
     }
 
     /* free request up if error case found otherwise return it */
-    if (ret != 0 && createdRequest) {
+    if (ret != 0 && createdRequest && !ctxOwnsRequest) {
         FreeOcspRequest(request);
         XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
     }
@@ -23691,7 +23837,7 @@ int SendCertificate(WOLFSSL* ssl)
             }
 
             if (inputSz > 0) {  /* clang thinks could be zero, let's help */
-                input = (byte*)XMALLOC(inputSz, ssl->heap,
+                input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
                                        DYNAMIC_TYPE_IN_BUFFER);
                 if (input == NULL)
                     return MEMORY_E;
@@ -23744,12 +23890,12 @@ int SendCertificate(WOLFSSL* ssl)
         }
     #endif
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
         if (!ssl->options.groupMessages)
             ret = SendBuffered(ssl);
     }
 
-    if (ret != WANT_WRITE) {
+    if (ret != WC_NO_ERR_TRACE(WANT_WRITE)) {
         /* Clean up the fragment offset. */
         ssl->options.buildingMsg = 0;
         ssl->fragOffset = 0;
@@ -23917,14 +24063,16 @@ int SendCertificateRequest(WOLFSSL* ssl)
                 return BUFFER_E;
             }
 
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
             XMEMCPY(input, output + recordHeaderSz, inputSz);
             #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl) &&
-                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, certificate_request)) != 0) {
+                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
+                                           certificate_request)) != 0) {
                 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
                 return ret;
             }
@@ -23939,7 +24087,8 @@ int SendCertificateRequest(WOLFSSL* ssl)
             sendSz = (int)i;
             #ifdef WOLFSSL_DTLS
                 if (IsDtlsNotSctpMode(ssl)) {
-                    if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, certificate_request)) != 0)
+                    if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz,
+                                    certificate_request)) != 0)
                         return ret;
                 }
                 if (ssl->options.dtls)
@@ -23960,7 +24109,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
                 return ret;
         }
     #endif
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
     if (ssl->options.groupMessages)
         ret = 0;
     else
@@ -24110,6 +24259,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
         {
             OcspRequest* request = ssl->ctx->certOcspRequest;
             buffer responses[1 + MAX_CHAIN_DEPTH];
+            byte ctxOwnsRequest = 0;
             int i = 0;
 
             XMEMSET(responses, 0, sizeof(responses));
@@ -24168,7 +24318,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
                             break;
 
                         ret = CreateOcspRequest(ssl, request, cert, der.buffer,
-                                                der.length);
+                                                der.length, &ctxOwnsRequest);
                         if (ret == 0) {
                             request->ssl = ssl;
                         ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling,
@@ -24183,12 +24333,13 @@ int SendCertificateStatus(WOLFSSL* ssl)
 
 
                             i++;
-                            FreeOcspRequest(request);
+                            if (!ctxOwnsRequest)
+                                FreeOcspRequest(request);
                         }
                     }
                 }
-
-                XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+                if (!ctxOwnsRequest)
+                    XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
             #ifdef WOLFSSL_SMALL_STACK
                 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
             #endif
@@ -24470,9 +24621,9 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
     int groupMsgs = 0;
 #endif
 
-    if (ssl->error == WANT_WRITE
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE)
     #ifdef WOLFSSL_ASYNC_CRYPT
-        || ssl->error == WC_PENDING_E
+        || ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
         ssl->error = 0;
@@ -24643,6 +24794,14 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
         if (IsEncryptionOn(ssl, 1) || ssl->options.tls1_3)
             outputSz += cipherExtraData(ssl);
 
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+        if (ssl->options.dtls) {
+            unsigned int cidSz = 0;
+            if (wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS)
+                outputSz += cidSz;
+        }
+#endif
+
         /* check for available size */
         if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
             return ssl->error = ret;
@@ -24692,7 +24851,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 #ifdef WOLFSSL_ASYNC_CRYPT
         FreeAsyncCtx(ssl, 0);
 #endif
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         if ( (ssl->error = SendBuffered(ssl)) < 0) {
             WOLFSSL_ERROR(ssl->error);
@@ -24729,7 +24888,9 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
     WOLFSSL_ENTER("ReceiveData");
 
     /* reset error state */
-    if (ssl->error == WANT_READ || ssl->error == WOLFSSL_ERROR_WANT_READ) {
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_READ) ||
+        ssl->error == WOLFSSL_ERROR_WANT_READ)
+    {
         ssl->error = 0;
     }
 
@@ -24746,12 +24907,12 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
     }
 #endif /* WOLFSSL_DTLS */
 
-    if (ssl->error != 0 && ssl->error != WANT_WRITE
+    if (ssl->error != 0 && ssl->error != WC_NO_ERR_TRACE(WANT_WRITE)
 #ifdef WOLFSSL_ASYNC_CRYPT
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
 #endif
 #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
-            && ssl->error != APP_DATA_READY
+            && ssl->error != WC_NO_ERR_TRACE(APP_DATA_READY)
 #endif
     ) {
         WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
@@ -24794,7 +24955,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
 
     while (ssl->buffers.clearOutputBuffer.length == 0) {
         if ( (ssl->error = ProcessReply(ssl)) < 0) {
-            if (ssl->error == ZERO_RETURN) {
+            if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
                 WOLFSSL_MSG("Zero return, no more data coming");
                 return 0; /* no more data coming */
             }
@@ -24867,12 +25028,12 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
 #endif
     }
 
-    size = min(sz, (int)ssl->buffers.clearOutputBuffer.length);
+    size = (int)min((word32)sz, ssl->buffers.clearOutputBuffer.length);
 
     XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
 
     if (peek == 0) {
-        ssl->buffers.clearOutputBuffer.length -= size;
+        ssl->buffers.clearOutputBuffer.length -= (word32)size;
         ssl->buffers.clearOutputBuffer.buffer += size;
     }
 
@@ -24946,7 +25107,7 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
         /* If CheckAvailableSize returned WANT_WRITE due to a blocking write
          * then discard pending output and just send the alert. */
         if (ssl->options.dtls) {
-            if (ret != WANT_WRITE || severity != alert_fatal)
+            if (ret != WC_NO_ERR_TRACE(WANT_WRITE) || severity != alert_fatal)
                 return ret;
             ShrinkOutputBuffer(ssl);
             if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) {
@@ -25043,7 +25204,21 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
         }
     #endif
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    /*
+     * We check if we are trying to send a
+     * CLOSE_NOTIFY alert.
+     * */
+    if (type == close_notify) {
+        if (!ssl->options.sentNotify) {
+            ssl->options.sentNotify = 1;
+        }
+        else {
+            /* CLOSE_NOTIFY already sent */
+            return 0;
+        }
+    }
+
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
     ret = SendBuffered(ssl);
 
@@ -25125,16 +25300,19 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     }
 
     /* pass to wolfCrypt */
-    if (error < MAX_CODE_E && error > MIN_CODE_E) {
+    if (error <= WC_FIRST_E && error >= WC_LAST_E) {
         return wc_GetErrorString(error);
     }
 
-    switch (error) {
-
+    if (error == 0) {
 #ifdef OPENSSL_EXTRA
-    case 0 :
         return "ok";
+#else
+        return "unknown error number";
 #endif
+    }
+
+    switch ((enum wolfSSL_ErrorCodes)error) {
 
     case UNSUPPORTED_SUITE :
         return "unsupported cipher suite";
@@ -25244,9 +25422,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case -WOLFSSL_ERROR_WANT_X509_LOOKUP:
         return "application client cert callback asked to be called again";
 
-    case -WOLFSSL_ERROR_SSL:
-        return "fatal TLS protocol error";
-
     case BUFFER_ERROR :
         return "malformed buffer input error";
 
@@ -25402,6 +25577,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case SESSION_TICKET_EXPECT_E:
         return "Session Ticket Error";
 
+    case SCR_DIFFERENT_CERT_E:
+        return "SCR Different cert error";
+
     case SESSION_SECRET_CB_E:
         return "Session Secret Callback Error";
 
@@ -25567,81 +25745,133 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case UNSUPPORTED_CERTIFICATE:
         return "Unsupported certificate type";
 
-#ifdef HAVE_HTTP_CLIENT
     case HTTP_TIMEOUT:
         return "HTTP timeout for OCSP or CRL req";
+
     case HTTP_RECV_ERR:
         return "HTTP Receive error";
+
     case HTTP_HEADER_ERR:
         return "HTTP Header error";
+
     case HTTP_PROTO_ERR:
         return "HTTP Protocol error";
+
     case HTTP_STATUS_ERR:
         return "HTTP Status error";
+
     case HTTP_VERSION_ERR:
         return "HTTP Version error";
+
     case HTTP_APPSTR_ERR:
         return "HTTP Application string error";
-#endif
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+
+    case UNSUPPORTED_PROTO_VERSION:
+        #ifdef OPENSSL_EXTRA
+        return "WRONG_SSL_VERSION";
+        #else
+        return "bad/unsupported protocol version";
+        #endif
+
+    case FALCON_KEY_SIZE_E:
+        return "Wrong key size for Falcon.";
+
+    case DILITHIUM_KEY_SIZE_E:
+        return "Wrong key size for Dilithium.";
+
+    case QUIC_TP_MISSING_E:
+        return "QUIC transport parameter not set";
+
+    case QUIC_WRONG_ENC_LEVEL:
+        return "QUIC data received at wrong encryption level";
+
+    case DTLS_CID_ERROR:
+        return "DTLS ConnectionID mismatch or missing";
+
+    case DTLS_TOO_MANY_FRAGMENTS_E:
+        return "Received too many fragmented messages from peer error";
+
+    case DUPLICATE_TLS_EXT_E:
+        return "Duplicate TLS extension in message.";
+
+    case WOLFSSL_ALPN_NOT_FOUND:
+        return "TLS extension not found";
+
+    case WOLFSSL_BAD_CERTTYPE:
+        return "Certificate type not supported";
+
+    case WOLFSSL_BAD_STAT:
+        return "bad status";
+
+    case WOLFSSL_BAD_PATH:
+        return "No certificates found at designated path";
+
+    case WOLFSSL_BAD_FILETYPE:
+        return "Data format not supported";
+
+    case WOLFSSL_BAD_FILE:
+        return "Input/output error on file";
+
+    case WOLFSSL_NOT_IMPLEMENTED:
+        return "Function not implemented";
+
+    case WOLFSSL_UNKNOWN:
+        return "Unknown algorithm (EVP)";
+
+    case WOLFSSL_FATAL_ERROR:
+        return "fatal error";
+    }
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+
+    switch (error) {
     /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with
-     *       -WOLFSSL_ERROR_WANT_CONNECT. */
+     *       -WOLFSSL_ERROR_WANT_CONNECT.
+     */
+
     case -WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID:
         return "certificate not yet valid";
+
     case -WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED:
         return "certificate has expired";
+
     case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
         return "certificate signature failure";
+
     case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
         return "format error in certificate's notAfter field";
+
     case -WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
         return "self-signed certificate in certificate chain";
+
     case -WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
         return "unable to get local issuer certificate";
+
     case -WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
         return "unable to verify the first certificate";
+
     case -WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG:
         return "certificate chain too long";
+
     case -WOLFSSL_X509_V_ERR_CERT_REVOKED:
         return "certificate revoked";
+
     case -WOLFSSL_X509_V_ERR_INVALID_CA:
         return "invalid CA certificate";
+
     case -WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED:
         return "path length constraint exceeded";
+
     case -WOLFSSL_X509_V_ERR_CERT_REJECTED:
         return "certificate rejected";
+
     case -WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
         return "subject issuer mismatch";
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */
-    case UNSUPPORTED_PROTO_VERSION:
-        #ifdef OPENSSL_EXTRA
-        return "WRONG_SSL_VERSION";
-        #else
-        return "bad/unsupported protocol version";
-        #endif
-
-    case FALCON_KEY_SIZE_E:
-        return "Wrong key size for Falcon.";
-    case DILITHIUM_KEY_SIZE_E:
-        return "Wrong key size for Dilithium.";
-
-#ifdef WOLFSSL_QUIC
-    case QUIC_TP_MISSING_E:
-        return "QUIC transport parameter not set";
-    case QUIC_WRONG_ENC_LEVEL:
-        return "QUIC data received at wrong encryption level";
-#endif
-    case DTLS_CID_ERROR:
-        return "DTLS ConnectionID mismatch or missing";
-    case DTLS_TOO_MANY_FRAGMENTS_E:
-        return "Received too many fragmented messages from peer error";
-
-    case DUPLICATE_TLS_EXT_E:
-        return "Duplicate TLS extension in message.";
-
-    default :
-        return "unknown error number";
     }
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */
+
+    return "unknown error number";
 
 #endif /* NO_ERROR_STRINGS */
 }
@@ -25718,7 +25948,7 @@ void SetErrorString(int error, char* str)
      */
 
     #ifndef NO_ERROR_STRINGS
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
+        #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
             defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
             #define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
             #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
@@ -25727,7 +25957,7 @@ void SetErrorString(int error, char* str)
             #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
         #endif
     #else
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
+        #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
             defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
             #define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
             #define SUITE_ALIAS(x,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
@@ -26521,7 +26751,7 @@ const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]) {
 
 /* Returns the number of bits based on the cipher enc string, or 0 on failure */
 int SetCipherBits(const char* enc) {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if ((XSTRCMP(enc,"AESGCM(256)") == 0) ||
         (XSTRCMP(enc,"AES(256)") == 0) ||
@@ -26589,13 +26819,16 @@ const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl)
 }
 
 int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
-                           byte* cipherSuite, int* flags)
+                       byte* cipherSuite, byte* major, byte* minor, int* flags)
 {
     int           ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     int           i;
     unsigned long len;
     const char*   nameDelim;
 
+    (void)major;
+    (void)minor;
+
     /* Support trailing : */
     nameDelim = XSTRSTR(name, ":");
     if (nameDelim)
@@ -26613,9 +26846,19 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
 #endif
 
         if (found) {
-            *cipherSuite0 = cipher_names[i].cipherSuite0;
-            *cipherSuite  = cipher_names[i].cipherSuite;
-            *flags = cipher_names[i].flags;
+            if (cipherSuite0 != NULL)
+                *cipherSuite0 = cipher_names[i].cipherSuite0;
+            if (cipherSuite != NULL)
+                *cipherSuite  = cipher_names[i].cipherSuite;
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
+    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
+            if (major != NULL)
+                *major = cipher_names[i].major;
+            if (minor != NULL)
+                *minor = cipher_names[i].minor;
+#endif
+            if (flags != NULL)
+                *flags = cipher_names[i].flags;
             ret = 0;
             break;
         }
@@ -27486,7 +27729,7 @@ static int CmpEccStrength(int hashAlgo, int curveSz)
 {
     int dgstSz = GetMacDigestSize((byte)hashAlgo);
     if (dgstSz <= 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return dgstSz - (curveSz & (~0x3));
 }
 #endif
@@ -28285,7 +28528,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
 #ifndef NO_RSA
     if (ssl->buffers.keyType == rsa_sa_algo || ssl->buffers.keyType == 0) {
         ssl->hsType = DYNAMIC_TYPE_RSA;
-        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+        ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
         if (ret != 0) {
             goto exit_dpk;
         }
@@ -28334,7 +28577,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
 
 #ifdef HAVE_ECC
 #ifndef NO_RSA
-    FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
+    FreeKey(ssl, (int)ssl->hsType, (void**)&ssl->hsKey);
 #endif /* !NO_RSA */
 
     if (ssl->buffers.keyType == ecc_dsa_sa_algo || ssl->buffers.keyType == 0
@@ -28343,7 +28586,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
     #endif
         ) {
         ssl->hsType = DYNAMIC_TYPE_ECC;
-        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+        ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
         if (ret != 0) {
             goto exit_dpk;
         }
@@ -29496,14 +29739,16 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             if (ssl->options.dtls)
                 recordHeaderSz += DTLS_RECORD_EXTRA;
             inputSz -= recordHeaderSz;
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
             XMEMCPY(input, output + recordHeaderSz, inputSz);
             #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl) &&
-                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, client_hello)) != 0) {
+                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
+                                          client_hello)) != 0) {
                 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
                 return ret;
             }
@@ -29547,7 +29792,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         ssl->options.buildingMsg = 0;
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         ret = SendBuffered(ssl);
 
@@ -29574,6 +29819,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 #ifdef WOLFSSL_DTLS
         if (ssl->options.dtls) {
             DtlsMsgPoolReset(ssl);
+#ifdef WOLFSSL_DTLS_CID
+            if (ssl->options.useDtlsCID)
+                DtlsCIDOnExtensionsParsed(ssl);
+#endif /* WOLFSSL_DTLS_CID */
         }
 #endif
 
@@ -30286,7 +30535,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
                 InitDecodedCert(cert, input + *inOutIdx, dnSz, ssl->heap);
 
-                ret = GetName(cert, SUBJECT, dnSz);
+                ret = GetName(cert, ASN_SUBJECT, dnSz);
 
                 if (ret == 0) {
                     if ((name = wolfSSL_X509_NAME_new_ex(cert->heap)) == NULL)
@@ -30294,12 +30543,12 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
                 }
 
                 if (ret == 0) {
-                    CopyDecodedName(name, cert, SUBJECT);
+                    CopyDecodedName(name, cert, ASN_SUBJECT);
                 }
 
                 if (ret == 0) {
                     if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
-                        == WOLFSSL_FAILURE)
+                        <= 0)
                     {
                         ret = MEMORY_ERROR;
                     }
@@ -30494,10 +30743,8 @@ static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs)
 
 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
                                                           defined(HAVE_CURVE448)
-    if (args->verifySig) {
-        XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
-        args->verifySig = NULL;
-    }
+    XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
+    args->verifySig = NULL;
 #endif
 }
 
@@ -31833,14 +32080,10 @@ static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs)
 
     (void)ssl;
 
-    if (args->encSecret) {
-        XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
-        args->encSecret = NULL;
-    }
-    if (args->input) {
-        XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
-        args->input = NULL;
-    }
+    XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
+    args->encSecret = NULL;
+    XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+    args->input = NULL;
 }
 
 /* handle generation client_key_exchange (16) */
@@ -32123,7 +32366,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     /* create ephemeral private key */
                     ssl->hsType = DYNAMIC_TYPE_ECC;
-                    ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+                    ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
                     if (ret != 0) {
                         goto exit_scke;
                     }
@@ -32642,7 +32885,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
@@ -32663,7 +32906,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE448,
@@ -32710,7 +32953,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
@@ -32731,7 +32974,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE448,
@@ -32754,7 +32997,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     if (!ssl->specs.static_ecdh
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                        && ret != WC_PENDING_E
+                        && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                 #endif
                      && !ssl->options.keepResources) {
                         FreeKey(ssl, DYNAMIC_TYPE_ECC,
@@ -32947,8 +33190,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                 if (ssl->options.dtls)
                     recordHeaderSz += DTLS_RECORD_EXTRA;
-                args->inputSz = idx - recordHeaderSz; /* buildmsg adds rechdr */
-                args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
+                args->inputSz = (int)idx - recordHeaderSz; /* buildmsg adds rechdr */
+                args->input = (byte*)XMALLOC((size_t)args->inputSz, ssl->heap,
                                                        DYNAMIC_TYPE_IN_BUFFER);
                 if (args->input == NULL) {
                     ERROR_OUT(MEMORY_E, exit_scke);
@@ -33011,12 +33254,12 @@ int SendClientKeyExchange(WOLFSSL* ssl)
             }
         #endif
 
-            ssl->buffers.outputBuffer.length += args->sendSz;
+            ssl->buffers.outputBuffer.length += (word32)args->sendSz;
 
             if (!ssl->options.groupMessages) {
                 ret = SendBuffered(ssl);
             }
-            if (ret == 0 || ret == WANT_WRITE) {
+            if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE)) {
                 int tmpRet = MakeMasterSecret(ssl);
                 if (tmpRet != 0) {
                     ret = tmpRet;   /* save WANT_WRITE unless more serious */
@@ -33046,7 +33289,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
 #ifdef WOLFSSL_ASYNC_IO
     /* Handle async operation */
-    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || ret == WANT_WRITE) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+        ret == WC_NO_ERR_TRACE(WANT_WRITE))
+    {
         if (ssl->options.buildingMsg)
             return ret;
         /* If we have completed all states then we will not enter this function
@@ -33105,15 +33350,11 @@ static void FreeScvArgs(WOLFSSL* ssl, void* pArgs)
     (void)ssl;
 
 #ifndef NO_RSA
-    if (args->verifySig) {
-        XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
-        args->verifySig = NULL;
-    }
+    XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
+    args->verifySig = NULL;
 #endif
-    if (args->input) {
-        XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
-        args->input = NULL;
-    }
+    XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+    args->input = NULL;
 }
 
 /* handle generation of certificate_verify (15) */
@@ -33193,7 +33434,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
             }
 
             /* Use tmp buffer */
-            args->input = (byte*)XMALLOC(args->sendSz,
+            args->input = (byte*)XMALLOC((size_t)args->sendSz,
                     ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
             if (args->input == NULL)
                 ERROR_OUT(MEMORY_E, exit_scv);
@@ -33603,9 +33844,9 @@ int SendCertificateVerify(WOLFSSL* ssl)
 
 #ifdef WOLFSSL_ASYNC_IO
     /* Handle async operation */
-    if (ret == WANT_WRITE
+    if (ret == WC_NO_ERR_TRACE(WANT_WRITE)
 #ifdef WOLFSSL_ASYNC_CRYPT
-            || ret == WC_PENDING_E
+            || ret == WC_NO_ERR_TRACE(WC_PENDING_E)
 #endif
             )
         return ret;
@@ -34128,7 +34369,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             if (ssl->options.dtls)
                 recordHeaderSz += DTLS_RECORD_EXTRA;
             inputSz -= recordHeaderSz;
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
@@ -34173,7 +34415,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
         ssl->options.serverState = SERVER_HELLO_COMPLETE;
         ssl->options.buildingMsg = 0;
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         if (ssl->options.groupMessages)
             ret = 0;
@@ -34196,7 +34438,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             return 0;
         }
 
-        return (byte)GetCurveByOID(key->dp->oidSum);
+        return (byte)GetCurveByOID((int)key->dp->oidSum);
     }
 
 #endif /* HAVE_ECC */
@@ -34232,16 +34474,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         (void)ssl;
 
     #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
-        if (args->exportBuf) {
-            XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER);
-            args->exportBuf = NULL;
-        }
+        XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER);
+        args->exportBuf = NULL;
     #endif
     #ifndef NO_RSA
-        if (args->verifySig) {
-            XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
-            args->verifySig = NULL;
-        }
+        XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
+        args->verifySig = NULL;
     #endif
         (void)args;
     }
@@ -35838,9 +36076,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     #ifdef WOLFSSL_ASYNC_IO
         /* Handle async operation */
-        if (ret == WANT_WRITE
+        if (ret == WC_NO_ERR_TRACE(WANT_WRITE)
         #ifdef WOLFSSL_ASYNC_CRYPT
-                || ret == WC_PENDING_E
+                || ret == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
                 )
             return ret;
@@ -37138,8 +37376,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ssl->clSuites = NULL;
 #endif
 #ifdef WOLFSSL_SMALL_STACK
-        if (clSuites != NULL)
-            XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
+        XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
 #endif
         WOLFSSL_LEAVE("DoClientHello", ret);
         WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO);
@@ -37674,7 +37911,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 inputSz += DTLS_HANDSHAKE_EXTRA;
             }
 
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
@@ -37719,7 +37957,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
         ssl->options.buildingMsg = 0;
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         ret = SendBuffered(ssl);
 
@@ -37910,7 +38148,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             itHash = HashObject((byte*)it, sizeof(*it), &error);
             if (error == 0) {
                 ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac,
-                        1, et->enc_ticket, sizeof(InternalTicket), &encLen,
+                        1, et->enc_ticket, WOLFSSL_INTERNAL_TICKET_LEN, &encLen,
                         SSL_TICKET_CTX(ssl));
             }
             else {
@@ -37925,7 +38163,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
             goto error;
         }
-        if (encLen < (int)sizeof(InternalTicket) ||
+        if (encLen < (int)WOLFSSL_INTERNAL_TICKET_LEN ||
                 encLen > (int)WOLFSSL_TICKET_ENC_SZ) {
             WOLFSSL_MSG("Bad user ticket encrypt size");
             ret = BAD_TICKET_KEY_CB_SZ;
@@ -38001,7 +38239,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         WOLFSSL_ENTER("DoDecryptTicket");
 
         if (len > SESSION_TICKET_LEN ||
-            len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) {
+            len < (word32)(WOLFSSL_INTERNAL_TICKET_LEN +
+                           WOLFSSL_TICKET_FIXED_SZ)) {
             WOLFSSL_ERROR_VERBOSE(BAD_TICKET_MSG_SZ);
             return WOLFSSL_TICKET_RET_REJECT;
         }
@@ -38049,7 +38288,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 return WOLFSSL_TICKET_RET_REJECT;
             }
         }
-        if (outLen > (int)inLen || outLen < (int)sizeof(InternalTicket)) {
+        if (outLen > (int)inLen || outLen < (int)WOLFSSL_INTERNAL_TICKET_LEN) {
             WOLFSSL_MSG("Bad user ticket decrypt len");
             WOLFSSL_ERROR_VERBOSE(BAD_TICKET_KEY_CB_SZ);
             return BAD_TICKET_KEY_CB_SZ;
@@ -38117,7 +38356,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         diff -= ticketSeen;
         if (diff > timeout * 1000 ||
             diff > (sword64)TLS13_MAX_TICKET_AGE * 1000)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #else
         sword64 diff;
         sword64 ticketSeen; /* Time ticket seen (ms) */
@@ -38135,7 +38374,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         diff -= ticketSeen;
         if (diff > timeout * 1000 ||
             diff > (sword64)TLS13_MAX_TICKET_AGE * 1000)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         ato32(psk->it->ageAdd, &ticketAdd);
         /* Subtract client's ticket age and unobfuscate. */
@@ -38145,7 +38384,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
          * Allow +/- 1000 milliseconds on ticket age.
          */
         if (diff < -1000 || diff - MAX_TICKET_AGE_DIFF * 1000 > 1000)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 
 #if !defined(WOLFSSL_PSK_ONE_ID) && !defined(WOLFSSL_PRIORITIZE_PSK)
         /* Check whether resumption is possible based on suites in SSL and
@@ -38153,18 +38392,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
          */
         (void)ssl;
         if (XMEMCMP(suite, psk->it->suite, SUITE_LEN) != 0)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #else
         (void)suite;
         if (!FindSuiteSSL(ssl, psk->it->suite))
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
 #ifdef OPENSSL_EXTRA
         if (ssl->sessionCtxSz > 0 &&
                (psk->it->sessionCtxSz != ssl->sessionCtxSz ||
                 XMEMCMP(psk->it->sessionCtx, ssl->sessionCtx,
                         ssl->sessionCtxSz) != 0))
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         return 0;
     }
@@ -38743,7 +38982,123 @@ static void TicketEncCbCtx_Free(TicketEncCbCtx* keyCtx)
     wc_FreeRng(&keyCtx->rng);
 }
 
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
+#ifdef WOLFSSL_TICKET_ENC_CBC_HMAC
+/* Ticket encryption/decryption implementation.
+ *
+ * @param [in]   key     Key for encryption/decryption and HMAC.
+ * @param [in]   keyLen  Length of key in bytes.
+ * @param [in]   iv      IV/Nonce for encryption/decryption.
+ * @param [in]   aad     Additional authentication data.
+ * @param [in]   aadSz   Length of additional authentication data.
+ * @param [in]   in      Data to encrypt/decrypt.
+ * @param [in]   inLen   Length of encrypted data.
+ * @param [out]  out     Resulting data from encrypt/decrypt.
+ * @param [out]  outLen  Size of resulting data.
+ * @param [in]   tag     Authentication tag for encrypted data.
+ * @param [in]   heap    Dynamic memory allocation data hint.
+ * @param [in]   enc     1 when encrypting, 0 when decrypting.
+ * @return  0 on success.
+ * @return  Other value when encryption/decryption fails.
+ */
+static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
+                        byte* in, int inLen, byte* out, int* outLen, byte* tag,
+                        void* heap, int enc)
+{
+    int ret;
+#ifdef WOLFSSL_SMALL_STACK
+    Aes*  aes;
+    Hmac* hmac;
+#else
+    Aes  aes[1];
+    Hmac hmac[1];
+#endif
+
+    (void)heap;
+
+#ifdef WOLFSSL_SMALL_STACK
+    aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (aes == NULL)
+        return MEMORY_E;
+    hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (hmac == NULL) {
+        XFREE(aes, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    XMEMSET(aes, 0, sizeof(Aes));
+    XMEMSET(hmac, 0, sizeof(Hmac));
+
+    ret = wc_HmacInit(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (ret == 0) {
+        ret = wc_HmacSetKey(hmac, WOLFSSL_TICKET_ENC_HMAC, key + keyLen -
+            WOLFSSL_TICKET_HMAC_KEY_SZ, WOLFSSL_TICKET_HMAC_KEY_SZ);
+    }
+    if (ret == 0) {
+        ret = wc_HmacUpdate(hmac, aad, aadSz);
+    }
+
+    if (ret == 0) {
+        if (enc) {
+            ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+            if (ret == 0) {
+                ret = wc_AesSetKey(aes, key,
+                    keyLen - WOLFSSL_TICKET_HMAC_KEY_SZ, iv, AES_ENCRYPTION);
+            }
+            if (ret == 0) {
+                ret = wc_HmacUpdate(hmac, in, inLen);
+            }
+            if (ret == 0) {
+                ret = wc_AesCbcEncrypt(aes, in, out, inLen);
+            }
+            if (ret == 0) {
+                XMEMSET(tag, 0, WOLFSSL_TICKET_MAC_SZ);
+                ret = wc_HmacFinal(hmac, tag);
+            }
+            wc_AesFree(aes);
+        }
+        else {
+            unsigned char calcTag[WOLFSSL_TICKET_MAC_SZ];
+
+            ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+            if (ret == 0) {
+                ret = wc_AesSetKey(aes, key,
+                    keyLen - WOLFSSL_TICKET_HMAC_KEY_SZ, iv, AES_DECRYPTION);
+            }
+            if (ret == 0) {
+                ret = wc_AesCbcDecrypt(aes, in, out, inLen);
+            }
+            if (ret == 0) {
+                ret = wc_HmacUpdate(hmac, out, inLen);
+            }
+            if (ret == 0) {
+                XMEMSET(calcTag, 0, WOLFSSL_TICKET_MAC_SZ);
+                ret = wc_HmacFinal(hmac, calcTag);
+            }
+            if (ret == 0) {
+                int i;
+                calcTag[0] ^= tag[0];
+                for (i = 1; i < WOLFSSL_TICKET_MAC_SZ; i++) {
+                    calcTag[0] |= calcTag[i] ^ tag[i];
+                }
+                /* Return a negative value when no match. */
+                ret = -calcTag[0];
+            }
+            wc_AesFree(aes);
+        }
+    }
+    wc_HmacFree(hmac);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(aes, heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    *outLen = inLen;
+
+    return ret;
+}
+#elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
     !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \
     !defined(WOLFSSL_TICKET_ENC_AES256_GCM)
 /* Ticket encryption/decryption implementation.
@@ -39038,7 +39393,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
 
     WOLFSSL_ENTER("DefTicketEncCb");
 
-    if ((!enc) && (inLen != sizeof(InternalTicket))) {
+    if ((!enc) && (inLen != WOLFSSL_INTERNAL_TICKET_LEN)) {
         return BUFFER_E;
     }
 
@@ -40164,7 +40519,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
 
                         lenErrMask = 0 - (SECRET_LEN != args->sigSz);
                         args->lastErr = (ret & (~lenErrMask)) |
-                            (RSA_PAD_E & lenErrMask);
+                            (WC_NO_ERR_TRACE(RSA_PAD_E) & lenErrMask);
                         ret = 0;
                         break;
                     } /* rsa_kea */
@@ -40319,7 +40674,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                         );
                         if (!ssl->specs.static_ecdh
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                     #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_ECC,
@@ -40880,7 +41235,7 @@ int wolfSSL_sk_BY_DIR_HASH_find(
         }
         next = next->next;
     }
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 /* return a number of WOLFSSL_BY_DIR_HASH in stack */
 int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
@@ -40888,7 +41243,7 @@ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
     WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num");
 
     if (sk == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return (int)sk->num;
 }
 /* return WOLFSSL_BY_DIR_HASH instance at i */
@@ -41049,9 +41404,7 @@ void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry)
         wolfSSL_sk_BY_DIR_HASH_free(entry->hashes);
     }
 
-    if (entry->dir_name != NULL) {
-        XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL);
-    }
+    XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL);
 
     XFREE(entry, NULL, DYNAMIC_TYPE_OPENSSL);
 }
@@ -41073,7 +41426,7 @@ int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk)
     WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num");
 
     if (sk == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return (int)sk->num;
 }
 /* return WOLFSSL_BY_DIR_entry instance at i */
@@ -41291,7 +41644,8 @@ static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs,
     }
 
     for (i = 0; i < totalCerts; i++) {
-        secCert = ConvertToSecCertificateRef(certs[i].buffer, certs[i].length);
+        secCert = ConvertToSecCertificateRef(certs[i].buffer,
+                (int)certs[i].length);
         if (!secCert) {
             WOLFSSL_MSG("Error: can't convert DER cert to SecCertificateRef");
             ret = 0;
diff --git a/src/keys.c b/src/keys.c
index f9f9e856b1..3123a610e0 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -1,6 +1,6 @@
 /* keys.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -3876,12 +3876,12 @@ int DeriveKeys(WOLFSSL* ssl)
 
     if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
         keyData   == NULL || md5      == NULL || sha      == NULL) {
-        if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (md5Input)  XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (shaInput)  XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (keyData)   XFREE(keyData,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (md5)       XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha)       XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
         return MEMORY_E;
     }
@@ -4013,11 +4013,11 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
 
     if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
                              md5      == NULL || sha      == NULL) {
-        if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (md5Input)  XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (shaInput)  XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (md5)       XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha)       XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
         return MEMORY_E;
     }
diff --git a/src/ocsp.c b/src/ocsp.c
index 4760c50989..41c038fd12 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -1,6 +1,6 @@
 /* ocsp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -90,8 +90,7 @@ static void FreeOcspEntry(OcspEntry* entry, void* heap)
     for (status = entry->status; status; status = next) {
         next = status->next;
 
-        if (status->rawOcspResponse)
-            XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS);
+        XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS);
 
 #ifdef OPENSSL_EXTRA
         if (status->serialInt) {
@@ -251,10 +250,10 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
     else if (*status) {
 #ifndef NO_ASN_TIME
         if (XVALIDATE_DATE((*status)->thisDate,
-                                             (*status)->thisDateFormat, BEFORE)
+                                         (*status)->thisDateFormat, ASN_BEFORE)
         &&  ((*status)->nextDate[0] != 0)
         &&  XVALIDATE_DATE((*status)->nextDate,
-                                             (*status)->nextDateFormat, AFTER))
+                                         (*status)->nextDateFormat, ASN_AFTER))
 #endif
         {
             ret = xstat2err((*status)->status);
@@ -284,7 +283,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
  * ocsp           Context object for OCSP status.
  * response       OCSP response message data.
  * responseSz     Length of OCSP response message data.
- * reponseBuffer  Buffer object to return the response with.
+ * responseBuffer Buffer object to return the response with.
  * status         The certificate status object.
  * entry          The OCSP entry for this certificate.
  * ocspRequest    Request corresponding to response.
@@ -318,9 +317,9 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
                                                        DYNAMIC_TYPE_OCSP_REQUEST);
 
     if (newStatus == NULL || newSingle == NULL || ocspResponse == NULL) {
-        if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS);
-        if (newSingle) XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
-        if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
+        XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS);
+        XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
+        XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
 
         WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
         return MEMORY_E;
@@ -375,10 +374,7 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
     }
 
     if (status != NULL) {
-        if (status->rawOcspResponse) {
-            XFREE(status->rawOcspResponse, ocsp->cm->heap,
-                  DYNAMIC_TYPE_OCSP_STATUS);
-        }
+        XFREE(status->rawOcspResponse, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS);
 
         /* Replace existing certificate entry with updated */
         ocspResponse->single->status->next = status->next;
@@ -493,8 +489,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
                 ret = wolfSSL_get_ocsp_response(ssl, &response);
                 ret = CheckOcspResponse(ocsp, response, ret, responseBuffer,
                                         status, entry, NULL, heap);
-                if (response != NULL)
-                    XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL);
+                XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL);
                 break;
             case SSL_TLSEXT_ERR_NOACK:
                 ret = OCSP_LOOKUP_FAIL;
@@ -538,7 +533,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
         responseSz = ocsp->cm->ocspIOCb(ioCtx, url, urlSz,
                                         request, requestSz, &response);
     }
-    if (responseSz == WOLFSSL_CBIO_ERR_WANT_READ) {
+    if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
         ret = OCSP_WANT_READ;
     }
 
@@ -668,8 +663,9 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp)
     return ret;
 }
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY)
+
+/* compatibility layer OCSP functions */
+#ifdef OPENSSL_EXTRA
 int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
     WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
     WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd,
@@ -695,10 +691,17 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
 
     if (status != NULL)
         *status = single->status->status;
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     if (thisupd != NULL)
         *thisupd = &single->status->thisDateParsed;
     if (nextupd != NULL)
         *nextupd = &single->status->nextDateParsed;
+#else
+    if (thisupd != NULL)
+        *thisupd = NULL;
+    if (nextupd != NULL)
+        *nextupd = NULL;
+#endif
 
     /* TODO: Not needed for Nginx or httpd */
     if (reason != NULL)
@@ -821,16 +824,15 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
     if (ret != 0) {
         if (derCert != NULL)
             FreeDer(&derCert);
-        if (certId != NULL) {
+        if (cm != NULL) {
             XFREE(certId, cm->heap, DYNAMIC_TYPE_OPENSSL);
             certId = NULL;
-        }
-        if (certStatus)
             XFREE(certStatus, cm->heap, DYNAMIC_TYPE_OPENSSL);
+        }
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (cert != NULL)
+    if (cm != NULL)
         XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
 #endif
 
@@ -850,7 +852,7 @@ void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse)
 int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
     WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags)
 {
-    int         ret = WOLFSSL_FAILURE;
+    int         ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert *cert;
 #else
@@ -872,10 +874,8 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
         return WOLFSSL_FAILURE;
 #endif
 
-#ifdef OPENSSL_EXTRA
     if (bs->verifyError != OCSP_VERIFY_ERROR_NONE)
         goto out;
-#endif
 
     if (flags & OCSP_TRUSTOTHER) {
         for (idx = 0; idx < wolfSSL_sk_X509_num(certs); idx++) {
@@ -922,8 +922,7 @@ void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response)
         XFREE(response->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
     }
 
-    if (response->source != NULL)
-        XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
 }
@@ -952,18 +951,18 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
         long fcur;
         long flen;
 
-        if (bio->ptr == NULL)
+        if (bio->ptr.fh == NULL)
             return NULL;
 
-        fcur = XFTELL((XFILE)bio->ptr);
+        fcur = XFTELL(bio->ptr.fh);
         if (fcur < 0)
             return NULL;
-        if(XFSEEK((XFILE)bio->ptr, 0, SEEK_END) != 0)
+        if(XFSEEK(bio->ptr.fh, 0, SEEK_END) != 0)
             return NULL;
-        flen = XFTELL((XFILE)bio->ptr);
+        flen = XFTELL(bio->ptr.fh);
         if (flen < 0)
             return NULL;
-        if (XFSEEK((XFILE)bio->ptr, fcur, SEEK_SET) != 0)
+        if (XFSEEK(bio->ptr.fh, fcur, SEEK_SET) != 0)
             return NULL;
 
         /* check calculated length */
@@ -1054,6 +1053,9 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
     if (GetSequence(*data, &idx, &length, (word32)len) >= 0)
         (*data) += (unsigned char) ((int)idx + length);
 
+    if (response != NULL && *response == NULL)
+        *response = resp;
+
     return resp;
 }
 
@@ -1106,10 +1108,8 @@ WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
                                     DYNAMIC_TYPE_OCSP_ENTRY);
     bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (bs->single == NULL || bs->source == NULL) {
-        if (bs->single) {
-            XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
-            bs->single = NULL;
-        }
+        XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
+        bs->single = NULL;
         wolfSSL_OCSP_RESPONSE_free(bs);
         bs = NULL;
     }
@@ -1143,6 +1143,9 @@ int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
 {
     int size;
 
+    if (request == NULL)
+        return BAD_FUNC_ARG;
+
     size = EncodeOcspRequest(request, NULL, 0);
     if (size <= 0 || data == NULL)
         return size;
@@ -1164,8 +1167,7 @@ WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
     XMEMCPY(req->issuerHash, cid->issuerHash, KEYID_SIZE);
     XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, KEYID_SIZE);
     if (cid->status->serialSz > req->serialSz) {
-        if (req->serial != NULL)
-            XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
+        XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
         req->serial = (byte*)XMALLOC((size_t)cid->status->serialSz,
                 req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
         if (req->serial == NULL)
@@ -1191,9 +1193,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID* id)
     }
     return certId;
 }
-#endif
 
-#if defined(OPENSSL_ALL) || defined(APACHE_HTTPD) || defined(WOLFSSL_HAPROXY)
 #ifndef NO_BIO
 int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
         WOLFSSL_OCSP_REQUEST *req)
@@ -1295,7 +1295,8 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
     return NULL;
 }
 
-const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single)
+const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(
+    const WOLFSSL_OCSP_SINGLERESP *single)
 {
     return single;
 }
@@ -1343,11 +1344,17 @@ int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
     if (single == NULL)
         return WOLFSSL_FAILURE;
 
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     if (thisupd != NULL)
         *thisupd = &single->status->thisDateParsed;
     if (nextupd != NULL)
         *nextupd = &single->status->nextDateParsed;
-
+#else
+    if (thisupd != NULL)
+        *thisupd = NULL;
+    if (nextupd != NULL)
+        *nextupd = NULL;
+#endif
     if (reason != NULL)
         *reason = 0;
     if (revtime != NULL)
@@ -1392,9 +1399,325 @@ WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int
     return single;
 }
 
-#endif /* OPENSSL_ALL || APACHE_HTTPD || WOLFSSL_HAPROXY */
+#endif /* OPENSSL_EXTRA */
+
+#ifdef OPENSSL_ALL
+
+/*******************************************************************************
+ * START OF WOLFSSL_OCSP_REQ_CTX API
+ ******************************************************************************/
+
+enum ocspReqStates {
+    ORS_INVALID = 0,
+    ORS_HEADER_ADDED,
+    ORS_REQ_DONE
+};
+
+enum ocspReqIOStates {
+    ORIOS_INVALID = 0,
+    ORIOS_WRITE,
+    ORIOS_READ
+};
+
+WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio, int maxline)
+{
+    WOLFSSL_OCSP_REQ_CTX* ret = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_new");
+
+    if (maxline <= 0)
+        maxline = OCSP_MAX_REQUEST_SZ;
+
+    ret = (WOLFSSL_OCSP_REQ_CTX*)XMALLOC(sizeof(*ret), NULL,
+            DYNAMIC_TYPE_OPENSSL);
+    if (ret != NULL) {
+        XMEMSET(ret, 0, sizeof(*ret));
+        ret->buf = (byte*)XMALLOC((word32)maxline, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (ret->buf == NULL)
+            goto error;
+        ret->reqResp = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
+        ret->bufLen = maxline;
+        ret->bio = bio;
+        ret->ioState = ORIOS_WRITE;
+    }
+
+    return ret;
+error:
+    wolfSSL_OCSP_REQ_CTX_free(ret);
+    return NULL;
+}
+
+void wolfSSL_OCSP_REQ_CTX_free(WOLFSSL_OCSP_REQ_CTX *ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_free");
+    if (ctx != NULL) {
+        if (ctx->buf != NULL)
+            XFREE(ctx->buf, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (ctx->reqResp != NULL)
+            wolfSSL_BIO_free(ctx->reqResp);
+        XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
+}
+
+WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_sendreq_new(WOLFSSL_BIO *bio,
+        const char *path, OcspRequest *req, int maxline)
+{
+    WOLFSSL_OCSP_REQ_CTX* ret = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_new");
+
+    ret = wolfSSL_OCSP_REQ_CTX_new(bio, maxline);
+    if (ret == NULL)
+        return NULL;
+
+    if (wolfSSL_OCSP_REQ_CTX_http(ret, "POST", path) != WOLFSSL_SUCCESS)
+        goto error;
+
+    if (req != NULL &&
+            wolfSSL_OCSP_REQ_CTX_set1_req(ret, req) != WOLFSSL_SUCCESS)
+        goto error;
+
+    return ret;
+error:
+    wolfSSL_OCSP_REQ_CTX_free(ret);
+    return NULL;
+}
+
+int wolfSSL_OCSP_REQ_CTX_add1_header(WOLFSSL_OCSP_REQ_CTX *ctx,
+                             const char *name, const char *value)
+{
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_add1_header");
+
+    if (name == NULL) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
+    }
+    if (wolfSSL_BIO_puts(ctx->reqResp, name) <= 0) {
+        WOLFSSL_MSG("wolfSSL_BIO_puts error");
+        return WOLFSSL_FAILURE;
+    }
+    if (value != NULL) {
+        if (wolfSSL_BIO_write(ctx->reqResp, ": ", 2) != 2) {
+            WOLFSSL_MSG("wolfSSL_BIO_write error");
+            return WOLFSSL_FAILURE;
+        }
+        if (wolfSSL_BIO_puts(ctx->reqResp, value) <= 0) {
+            WOLFSSL_MSG("wolfSSL_BIO_puts error");
+            return WOLFSSL_FAILURE;
+        }
+    }
+    if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) {
+        WOLFSSL_MSG("wolfSSL_BIO_write error");
+        return WOLFSSL_FAILURE;
+    }
+
+    ctx->state = ORS_HEADER_ADDED;
+
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_OCSP_REQ_CTX_http(WOLFSSL_OCSP_REQ_CTX *ctx, const char *op,
+        const char *path)
+{
+    static const char http_hdr[] = "%s %s HTTP/1.0\r\n";
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_http");
+
+    if (ctx == NULL || op == NULL) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (path == NULL)
+        path = "/";
+
+    if (wolfSSL_BIO_printf(ctx->reqResp, http_hdr, op, path) <= 0) {
+        WOLFSSL_MSG("WOLFSSL_OCSP_REQ_CTX: wolfSSL_BIO_printf error");
+        return WOLFSSL_FAILURE;
+    }
+
+    ctx->state = ORS_HEADER_ADDED;
+
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_OCSP_REQ_CTX_set1_req(WOLFSSL_OCSP_REQ_CTX *ctx, OcspRequest *req)
+{
+    static const char req_hdr[] =
+        "Content-Type: application/ocsp-request\r\n"
+        "Content-Length: %d\r\n\r\n";
+    /* Should be enough to hold Content-Length */
+    char req_hdr_buf[sizeof(req_hdr) + 10];
+    int req_hdr_buf_len;
+    int req_len = wolfSSL_i2d_OCSP_REQUEST(req, NULL);
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_set1_req");
+
+    if (ctx == NULL || req == NULL) {
+        WOLFSSL_MSG("Bad parameters");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (req_len <= 0) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request len error");
+        return WOLFSSL_FAILURE;
+    }
+
+    req_hdr_buf_len =
+            XSNPRINTF(req_hdr_buf, sizeof(req_hdr_buf), req_hdr, req_len);
+    if (req_hdr_buf_len >= (int)sizeof(req_hdr_buf)) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request too long");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(ctx->reqResp, req_hdr_buf, req_hdr_buf_len) <= 0) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: wolfSSL_BIO_write error");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_i2d_OCSP_REQUEST_bio(ctx->reqResp, req) <= 0) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request i2d error");
+        return WOLFSSL_FAILURE;
+    }
+
+    ctx->state = ORS_REQ_DONE;
+
+    return WOLFSSL_SUCCESS;
+}
+
+static int OCSP_REQ_CTX_bio_cb(char *buf, int sz, void *ctx)
+{
+    return BioReceiveInternal((WOLFSSL_BIO*)ctx, NULL, buf, sz);
+}
+
+int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_nbio");
+
+    if (ctx == NULL) {
+        WOLFSSL_MSG("Bad parameters");
+        return WOLFSSL_FAILURE;
+    }
+
+    switch ((enum ocspReqIOStates)ctx->ioState) {
+        case ORIOS_WRITE:
+        case ORIOS_READ:
+            break;
+        case ORIOS_INVALID:
+        default:
+            WOLFSSL_MSG("Invalid ctx->ioState state");
+            return WOLFSSL_FAILURE;
+    }
+
+    if (ctx->ioState == ORIOS_WRITE) {
+        switch ((enum ocspReqStates)ctx->state) {
+            case ORS_HEADER_ADDED:
+                /* Write final new line to complete http header */
+                if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) {
+                    WOLFSSL_MSG("wolfSSL_BIO_write error");
+                    return WOLFSSL_FAILURE;
+                }
+                break;
+            case ORS_REQ_DONE:
+                break;
+            case ORS_INVALID:
+            default:
+                WOLFSSL_MSG("Invalid WOLFSSL_OCSP_REQ_CTX state");
+                return WOLFSSL_FAILURE;
+        }
+    }
+
+    switch ((enum ocspReqIOStates)ctx->ioState) {
+        case ORIOS_WRITE:
+        {
+            const unsigned char *req;
+            int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, &req);
+            if (reqLen <= 0) {
+                WOLFSSL_MSG("wolfSSL_BIO_get_mem_data error");
+                return WOLFSSL_FAILURE;
+            }
+            while (ctx->sent < reqLen) {
+                int sent = wolfSSL_BIO_write(ctx->bio, req + ctx->sent,
+                        reqLen - ctx->sent);
+                if (sent <= 0) {
+                    if (wolfSSL_BIO_should_retry(ctx->bio))
+                        return WOLFSSL_FATAL_ERROR;
+                    WOLFSSL_MSG("wolfSSL_BIO_write error");
+                    ctx->ioState = ORIOS_INVALID;
+                    return 0;
+                }
+                ctx->sent += sent;
+            }
+            ctx->sent = 0;
+            ctx->ioState = ORIOS_READ;
+            (void)wolfSSL_BIO_reset(ctx->reqResp);
+            FALL_THROUGH;
+        }
+        case ORIOS_READ:
+        {
+            byte* resp = NULL;
+            int respLen;
+            int ret;
+
+            if (ctx->buf == NULL) /* Should be allocated in new call */
+                return WOLFSSL_FAILURE;
+
+            ret = wolfIO_HttpProcessResponseOcspGenericIO(OCSP_REQ_CTX_bio_cb,
+                    ctx->bio, &resp, ctx->buf, ctx->bufLen, NULL);
+            if (ret <= 0) {
+                if (resp != NULL)
+                    XFREE(resp, NULL, DYNAMIC_TYPE_OCSP);
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) ||
+                    ret == WC_NO_ERR_TRACE(OCSP_WANT_READ))
+                {
+                    return WOLFSSL_FATAL_ERROR;
+                }
+                return WOLFSSL_FAILURE;
+            }
+            respLen = ret;
+            ret = wolfSSL_BIO_write(ctx->reqResp, resp, respLen);
+            XFREE(resp, NULL, DYNAMIC_TYPE_OCSP);
+            if (ret != respLen) {
+                WOLFSSL_MSG("wolfSSL_BIO_write error");
+                return WOLFSSL_FAILURE;
+            }
+            break;
+        }
+        case ORIOS_INVALID:
+        default:
+            WOLFSSL_MSG("Invalid ctx->ioState state");
+            return WOLFSSL_FAILURE;
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp, WOLFSSL_OCSP_REQ_CTX *ctx)
+{
+    int ret;
+    int len;
+    const unsigned char *resp = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_nbio");
+
+    if (presp == NULL)
+        return WOLFSSL_FAILURE;
+
+    ret = wolfSSL_OCSP_REQ_CTX_nbio(ctx);
+    if (ret != WOLFSSL_SUCCESS)
+        return ret;
+
+    len = wolfSSL_BIO_get_mem_data(ctx->reqResp, &resp);
+    if (len <= 0)
+        return WOLFSSL_FAILURE;
+    return wolfSSL_d2i_OCSP_RESPONSE(presp, &resp, len) != NULL
+            ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+
+/*******************************************************************************
+ * END OF WOLFSSL_OCSP_REQ_CTX API
+ ******************************************************************************/
 
-#ifdef OPENSSL_EXTRA
 #ifndef NO_WOLFSSL_STUB
 int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext,
         int idx)
@@ -1467,12 +1790,14 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name,
 
         #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
             /* Serial number starts at 0 index of ser->data */
-            XMEMCPY(&ser->data[i], cid->status->serial, (size_t)cid->status->serialSz);
+            XMEMCPY(&ser->data[i], cid->status->serial,
+                (size_t)cid->status->serialSz);
             ser->length = cid->status->serialSz;
         #else
             ser->data[i++] = ASN_INTEGER;
             i += SetLength(cid->status->serialSz, ser->data + i);
-            XMEMCPY(&ser->data[i], cid->status->serial, (size_t)cid->status->serialSz);
+            XMEMCPY(&ser->data[i], cid->status->serial,
+                (size_t)cid->status->serialSz);
             ser->length = i + cid->status->serialSz;
         #endif
 
@@ -1573,7 +1898,7 @@ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs)
 
     /* nonce present in req only */
     if (reqNonce != NULL && rspNonce == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     /* nonces are present and equal, return 1. Extra NULL check for fixing
         scan-build warning. */
@@ -1585,7 +1910,8 @@ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs)
     /* nonces are present but not equal */
     return 0;
 }
-#endif /* OPENSSL_EXTRA */
+
+#endif /* OPENSSL_ALL */
 
 #else /* HAVE_OCSP */
 
diff --git a/src/pk.c b/src/pk.c
index 1ec9a00ce0..e99ef80a06 100644
--- a/src/pk.c
+++ b/src/pk.c
@@ -1,6 +1,6 @@
 /* pk.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -397,7 +397,7 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
         /* Generate a random salt. */
         if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != 1) {
             WOLFSSL_MSG("generate iv failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -1790,7 +1790,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
     if ((rsa == NULL) || (rsa->internal == NULL) || (derBuf == NULL) ||
             (derSz <= 0)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -1809,7 +1809,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
             /* Something went wrong while decoding. */
             WOLFSSL_ERROR_MSG("Unexpected error with trying to remove PKCS#8 "
                               "header");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -1831,13 +1831,13 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
                  WOLFSSL_ERROR_MSG("RsaPublicKeyDecode failed");
             }
             WOLFSSL_ERROR_VERBOSE(res);
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
         /* Set external RSA key data from wolfCrypt key. */
         if (SetRsaExternal(rsa) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         else {
             rsa->inSet = 1;
@@ -2052,6 +2052,32 @@ WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
     }
     return rsa;
 }
+
+WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
+{
+    char* data = NULL;
+    int dataSz = 0;
+    int memAlloced = 0;
+    WOLFSSL_RSA* rsa = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_RSA_PUBKEY_bio");
+
+    if (bio == NULL)
+        return NULL;
+
+    if (wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
+        if (memAlloced)
+            XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return NULL;
+    }
+
+    rsa = wolfssl_rsa_d2i(out, (const unsigned char*)data, dataSz,
+            WOLFSSL_RSA_LOAD_PUBLIC);
+    if (memAlloced)
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return rsa;
+}
 #endif /* !NO_BIO */
 
 #ifndef NO_FILESYSTEM
@@ -2452,7 +2478,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
 
     /* Validate parameters. */
     if ((bio == NULL) || (rsa == NULL) || (indent > PRINT_NUM_MAX_INDENT)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -2552,7 +2578,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
     /* Validate parameters. */
     if ((rsa == NULL) || (rsa->internal == NULL)) {
         WOLFSSL_ERROR_MSG("rsa key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -2648,7 +2674,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
     /* Validate parameters. */
     if ((rsa == NULL) || (rsa->internal == NULL)) {
         WOLFSSL_ERROR_MSG("rsa key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -2657,14 +2683,14 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
         /* Copy down modulus if available. */
         if ((rsa->n != NULL) && (wolfssl_bn_get_value(rsa->n, &key->n) != 1)) {
             WOLFSSL_ERROR_MSG("rsa n key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down public exponent if available. */
         if ((ret == 1) && (rsa->e != NULL) &&
                 (wolfssl_bn_get_value(rsa->e, &key->e) != 1)) {
             WOLFSSL_ERROR_MSG("rsa e key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Enough numbers for public key */
@@ -2674,7 +2700,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
         if ((ret == 1) && (rsa->d != NULL)) {
             if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) {
                 WOLFSSL_ERROR_MSG("rsa d key error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             else {
                 /* Enough numbers for private key */
@@ -2686,14 +2712,14 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
         if ((ret == 1) && (rsa->p != NULL) &&
                 (wolfssl_bn_get_value(rsa->p, &key->p) != 1)) {
             WOLFSSL_ERROR_MSG("rsa p key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down second prime if available. */
         if ((ret == 1) && (rsa->q != NULL) &&
                 (wolfssl_bn_get_value(rsa->q, &key->q) != 1)) {
             WOLFSSL_ERROR_MSG("rsa q key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
     #ifndef RSA_LOW_MEM
@@ -2701,21 +2727,21 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
         if ((ret == 1) && (rsa->dmp1 != NULL) &&
                 (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) {
             WOLFSSL_ERROR_MSG("rsa dP key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down d mod q-1 if available. */
         if ((ret == 1) && (rsa->dmq1 != NULL) &&
                 (wolfssl_bn_get_value(rsa->dmq1, &key->dQ) != 1)) {
             WOLFSSL_ERROR_MSG("rsa dQ key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down 1/q mod p if available. */
         if ((ret == 1) && (rsa->iqmp != NULL) &&
                 (wolfssl_bn_get_value(rsa->iqmp, &key->u) != 1)) {
             WOLFSSL_ERROR_MSG("rsa u key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #endif /* !RSA_LOW_MEM */
 
@@ -4239,7 +4265,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4260,7 +4286,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
         default:
             WOLFSSL_ERROR_MSG("RSA_public_encrypt doesn't support padding "
                               "scheme");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #else
         /* Check for supported padding schemes in FIPS. */
@@ -4268,14 +4294,14 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
         if (padding != RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in "
                               "FIPS");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #endif
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4283,7 +4309,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
         outLen = wolfSSL_RSA_size(rsa);
         if (outLen == 0) {
             WOLFSSL_ERROR_MSG("Bad RSA size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4291,7 +4317,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
         /* Get an RNG. */
         rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
         if (rng == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4317,7 +4343,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_public_encrypt", ret);
     return ret;
@@ -4352,7 +4378,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4371,7 +4397,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
             break;
         default:
             WOLFSSL_ERROR_MSG("RSA_private_decrypt unsupported padding");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #else
         /* Check for supported padding schemes in FIPS. */
@@ -4379,14 +4405,14 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
         if (padding != RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in "
                               "FIPS");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #endif
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4394,7 +4420,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
         outLen = wolfSSL_RSA_size(rsa);
         if (outLen == 0) {
             WOLFSSL_ERROR_MSG("Bad RSA size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4412,7 +4438,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_private_decrypt", ret);
     return ret;
@@ -4443,7 +4469,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4458,20 +4484,20 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
         /* TODO: RSA_X931_PADDING not supported */
         default:
             WOLFSSL_ERROR_MSG("RSA_public_decrypt unsupported padding");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #else
         if (padding != RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_decrypt pad type not supported in "
                               "FIPS");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #endif
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4479,7 +4505,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
         outLen = wolfSSL_RSA_size(rsa);
         if (outLen == 0) {
             WOLFSSL_ERROR_MSG("Bad RSA size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4498,7 +4524,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_public_decrypt", ret);
     return ret;
@@ -4535,7 +4561,7 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4548,20 +4574,20 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
         /* TODO: RSA_X931_PADDING not supported */
         default:
             WOLFSSL_ERROR_MSG("RSA_private_encrypt unsupported padding");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
         /* Get an RNG. */
         rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
         if (rng == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4594,7 +4620,7 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", ret);
     return ret;
@@ -4629,7 +4655,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
     if ((rsa == NULL) || (rsa->p == NULL) || (rsa->q == NULL) ||
             (rsa->d == NULL) || (rsa->dmp1 == NULL) || (rsa->dmq1 == NULL)) {
         WOLFSSL_ERROR_MSG("rsa no init error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -4638,7 +4664,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
                                      DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             WOLFSSL_ERROR_MSG("Memory allocation failure");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -4647,7 +4673,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
         /* Initialize temp MP integer. */
         if (mp_init(tmp) != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_init error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4658,7 +4684,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
         err = mp_sub_d((mp_int*)rsa->p->internal, 1, tmp);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_sub_d error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -4667,7 +4693,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
             (mp_int*)rsa->dmp1->internal);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_mod error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -4675,7 +4701,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
         err = mp_sub_d((mp_int*)rsa->q->internal, 1, tmp);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_sub_d error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -4684,15 +4710,16 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
             (mp_int*)rsa->dmq1->internal);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_mod error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
     mp_clear(t);
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (tmp != NULL)
+    if (rsa != NULL) {
         XFREE(tmp, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
 #endif
 
     return ret;
@@ -4865,34 +4892,34 @@ int SetDsaExternal(WOLFSSL_DSA* dsa)
 
     if (dsa == NULL || dsa->internal == NULL) {
         WOLFSSL_MSG("dsa key NULL error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     key = (DsaKey*)dsa->internal;
 
     if (wolfssl_bn_set_value(&dsa->p, &key->p) != 1) {
         WOLFSSL_MSG("dsa p key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->q, &key->q) != 1) {
         WOLFSSL_MSG("dsa q key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->g, &key->g) != 1) {
         WOLFSSL_MSG("dsa g key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->pub_key, &key->y) != 1) {
         WOLFSSL_MSG("dsa y key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->priv_key, &key->x) != 1) {
         WOLFSSL_MSG("dsa x key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     dsa->exSet = 1;
@@ -4910,7 +4937,7 @@ int SetDsaInternal(WOLFSSL_DSA* dsa)
 
     if (dsa == NULL || dsa->internal == NULL) {
         WOLFSSL_MSG("dsa key NULL error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     key = (DsaKey*)dsa->internal;
@@ -4918,25 +4945,25 @@ int SetDsaInternal(WOLFSSL_DSA* dsa)
     if (dsa->p != NULL &&
         wolfssl_bn_get_value(dsa->p, &key->p) != 1) {
         WOLFSSL_MSG("rsa p key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->q != NULL &&
         wolfssl_bn_get_value(dsa->q, &key->q) != 1) {
         WOLFSSL_MSG("rsa q key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->g != NULL &&
         wolfssl_bn_get_value(dsa->g, &key->g) != 1) {
         WOLFSSL_MSG("rsa g key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->pub_key != NULL) {
         if (wolfssl_bn_get_value(dsa->pub_key, &key->y) != 1) {
             WOLFSSL_MSG("rsa pub_key error");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         /* public key */
@@ -4946,7 +4973,7 @@ int SetDsaInternal(WOLFSSL_DSA* dsa)
     if (dsa->priv_key != NULL) {
         if (wolfssl_bn_get_value(dsa->priv_key, &key->x) != 1) {
             WOLFSSL_MSG("rsa priv_key error");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         /* private key */
@@ -4994,7 +5021,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
 #ifdef WOLFSSL_SMALL_STACK
         tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
         if (tmpRng == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         if (wc_InitRng(tmpRng) == 0) {
             rng = tmpRng;
@@ -5098,7 +5125,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
 #ifdef WOLFSSL_SMALL_STACK
         tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
         if (tmpRng == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         if (wc_InitRng(tmpRng) == 0) {
             rng = tmpRng;
@@ -5270,20 +5297,20 @@ int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out)
     if (sig == NULL || sig->r == NULL || sig->s == NULL ||
             out == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (StoreECC_DSA_Sig(buf, &bufLen,
             (mp_int*)sig->r->internal, (mp_int*)sig->s->internal) != 0) {
         WOLFSSL_MSG("StoreECC_DSA_Sig error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out == NULL) {
         byte* tmp = (byte*)XMALLOC(bufLen, NULL, DYNAMIC_TYPE_ASN1);
         if (tmp == NULL) {
             WOLFSSL_MSG("malloc error");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         *out = tmp;
     }
@@ -5413,7 +5440,7 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig,
 int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
                        WOLFSSL_DSA* dsa)
 {
-    int     ret = -1;
+    int     ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     int     initTmpRng = 0;
     WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
@@ -5426,21 +5453,21 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
 
     if (d == NULL || sigRet == NULL || dsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-        return ret;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->inSet == 0) {
         WOLFSSL_MSG("No DSA internal set, do it");
         if (SetDsaInternal(dsa) != 1) {
             WOLFSSL_MSG("SetDsaInternal failed");
-            return ret;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
 #ifdef WOLFSSL_SMALL_STACK
     tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
     if (tmpRng == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 #endif
 
     if (wc_InitRng(tmpRng) == 0) {
@@ -5449,14 +5476,22 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     }
     else {
         WOLFSSL_MSG("Bad RNG Init, trying global");
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
+        tmpRng = NULL;
+#endif
         rng = wolfssl_get_global_rng();
+        if (! rng)
+            return WOLFSSL_FATAL_ERROR;
     }
 
     if (rng) {
-        if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
+        if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
             WOLFSSL_MSG("DsaSign failed");
+            ret = WOLFSSL_FATAL_ERROR;
+        }
         else
-            ret = 1;
+            ret = WOLFSSL_SUCCESS;
     }
 
     if (initTmpRng)
@@ -5507,13 +5542,13 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
 int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
                         WOLFSSL_DSA* dsa, int *dsacheck)
 {
-    int    ret = -1;
+    int    ret;
 
     WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
 
     if (d == NULL || sig == NULL || dsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (dsa->inSet == 0)
     {
@@ -5521,7 +5556,7 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
 
         if (SetDsaInternal(dsa) != 1) {
             WOLFSSL_MSG("SetDsaInternal failed");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -5914,8 +5949,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
     if (tmp == NULL) {
         WOLFSSL_MSG("malloc failed");
         XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
-        if (cipherInfo != NULL)
-            XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
+        XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
         return 0;
     }
 
@@ -5926,13 +5960,11 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
         WOLFSSL_MSG("wc_DerToPemEx failed");
         XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
         XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
-        if (cipherInfo != NULL)
-            XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
+        XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
         return 0;
     }
     XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
-    if (cipherInfo != NULL)
-        XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
+    XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
 
     *pem = (byte*)XMALLOC((size_t)((*pLen)+1), NULL, DYNAMIC_TYPE_KEY);
     if (*pem == NULL) {
@@ -6108,19 +6140,19 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz
 
     if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal,
         (word32)derSz);
     if (ret < 0) {
         WOLFSSL_MSG("DsaPrivateKeyDecode failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (SetDsaExternal(dsa) != 1) {
         WOLFSSL_MSG("SetDsaExternal failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     dsa->inSet = 1;
@@ -6140,7 +6172,7 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf,
 
     if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (opt == WOLFSSL_DSA_LOAD_PRIVATE) {
@@ -6155,17 +6187,17 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf,
     if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PRIVATE) {
         WOLFSSL_ERROR_VERBOSE(ret);
         WOLFSSL_MSG("DsaPrivateKeyDecode failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     else if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PUBLIC) {
         WOLFSSL_ERROR_VERBOSE(ret);
         WOLFSSL_MSG("DsaPublicKeyDecode failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (SetDsaExternal(dsa) != 1) {
         WOLFSSL_MSG("SetDsaExternal failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     dsa->inSet = 1;
@@ -7283,7 +7315,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn)
 
 #ifndef NO_CERTS
 
-/* Load the DER encoded DH parameters/key into DH key.
+/* Load the DER encoded DH parameters into DH key.
  *
  * @param [in, out] dh      DH key to load parameters into.
  * @param [in]      der     Buffer holding DER encoded parameters data.
@@ -7294,7 +7326,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn)
  * @return  0 on success.
  * @return  1 when decoding DER or setting the external key fails.
  */
-static int wolfssl_dh_load_key(WOLFSSL_DH* dh, const unsigned char* der,
+static int wolfssl_dh_load_params(WOLFSSL_DH* dh, const unsigned char* der,
     word32* idx, word32 derSz)
 {
     int err = 0;
@@ -7407,7 +7439,7 @@ WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH** dh, const unsigned char** pp,
         WOLFSSL_ERROR_MSG("wolfSSL_DH_new() failed");
         err = 1;
     }
-    if ((!err) && (wolfssl_dh_load_key(newDh, *pp, &idx,
+    if ((!err) && (wolfssl_dh_load_params(newDh, *pp, &idx,
             (word32)length) != 0)) {
         WOLFSSL_ERROR_MSG("Loading DH parameters failed");
         err = 1;
@@ -7564,13 +7596,13 @@ int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz)
     if ((dh == NULL) || (dh->internal == NULL) || (derBuf == NULL) ||
             (derSz <= 0)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
-    if ((ret == 1) && (wolfssl_dh_load_key(dh, derBuf, &idx,
+    if ((ret == 1) && (wolfssl_dh_load_params(dh, derBuf, &idx,
             (word32)derSz) != 0)) {
         WOLFSSL_ERROR_MSG("DH key decode failed");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -7758,7 +7790,7 @@ WOLFSSL_DH* wolfSSL_PEM_read_DHparams(XFILE fp, WOLFSSL_DH** dh,
 static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out,
     void* heap)
 {
-    int ret = -1;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     int err = 0;
     byte* der = NULL;
     word32 derSz;
@@ -7802,9 +7834,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out,
         *out = der;
         der = NULL;
     }
-    if (der != NULL) {
-        XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -7889,7 +7919,7 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm)
     /* Validate parameters. */
     if ((dh == NULL) || (dh->internal == NULL)) {
         WOLFSSL_ERROR_MSG("dh key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -7901,21 +7931,21 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm)
         /* Set the prime. */
         if (wolfssl_bn_set_value(&dh->p, &key->p) != 1) {
             WOLFSSL_ERROR_MSG("dh param p error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if ((ret == 1) && (elm & ELEMENT_G)) {
         /* Set the generator. */
         if (wolfssl_bn_set_value(&dh->g, &key->g) != 1) {
             WOLFSSL_ERROR_MSG("dh param g error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if ((ret == 1) && (elm & ELEMENT_Q)) {
         /* Set the order. */
         if (wolfssl_bn_set_value(&dh->q, &key->q) != 1) {
             WOLFSSL_ERROR_MSG("dh param q error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #ifdef WOLFSSL_DH_EXTRA
@@ -7923,14 +7953,14 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm)
         /* Set the private key. */
         if (wolfssl_bn_set_value(&dh->priv_key, &key->priv) != 1) {
             WOLFSSL_ERROR_MSG("No DH Private Key");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if ((ret == 1) && (elm & ELEMENT_PUB)) {
         /* Set the public key. */
         if (wolfssl_bn_set_value(&dh->pub_key, &key->pub) != 1) {
             WOLFSSL_ERROR_MSG("No DH Public Key");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif /* WOLFSSL_DH_EXTRA */
@@ -7975,7 +8005,7 @@ int SetDhInternal(WOLFSSL_DH* dh)
     /* Validate parameters. */
     if ((dh == NULL) || (dh->p == NULL) || (dh->g == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 1) {
         /* Get the wolfSSL DH key. */
@@ -7984,26 +8014,26 @@ int SetDhInternal(WOLFSSL_DH* dh)
         /* Clear out key and initialize. */
         wc_FreeDhKey(key);
         if (wc_InitDhKey(key) != 0) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
         /* Transfer prime. */
         if (wolfssl_bn_get_value(dh->p, &key->p) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
         /* Transfer generator. */
         if (wolfssl_bn_get_value(dh->g, &key->g) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #ifdef HAVE_FFDHE_Q
     /* Transfer order if available. */
     if ((ret == 1) && (dh->q != NULL)) {
         if (wolfssl_bn_get_value(dh->q, &key->q) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -8012,14 +8042,14 @@ int SetDhInternal(WOLFSSL_DH* dh)
     if ((ret == 1) && (dh->priv_key != NULL) &&
             (!wolfSSL_BN_is_zero(dh->priv_key))) {
         if (wolfssl_bn_get_value(dh->priv_key, &key->priv) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Transfer public key if available. */
     if ((ret == 1) && (dh->pub_key != NULL) &&
             (!wolfSSL_BN_is_zero(dh->pub_key))) {
         if (wolfssl_bn_get_value(dh->pub_key, &key->pub) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif /* WOLFSSL_DH_EXTRA */
@@ -8042,17 +8072,14 @@ int SetDhInternal(WOLFSSL_DH* dh)
  */
 int wolfSSL_DH_size(WOLFSSL_DH* dh)
 {
-    int ret = -1;
-
     WOLFSSL_ENTER("wolfSSL_DH_size");
 
-    /* Validate parameter. */
-    if (dh != NULL) {
-        /* Size of key is size of prime in bytes. */
-        ret = wolfSSL_BN_num_bytes(dh->p);
-    }
+    if (dh == NULL)
+        return WOLFSSL_FATAL_ERROR;
 
-    return ret;
+    /* Validate parameter. */
+    /* Size of key is size of prime in bytes. */
+    return wolfSSL_BN_num_bytes(dh->p);
 }
 
 /**
@@ -8645,20 +8672,8 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
 }
 
 
-/* Compute the shared key from the private key and peer's public key.
- *
- * Return code compliant with OpenSSL.
- * OpenSSL returns 0 when number of bits in p are smaller than minimum
- * supported.
- *
- * @param [out] key       Buffer to place shared key.
- * @param [in]  otherPub  Peer's public key.
- * @param [in]  dh        DH key containing private key.
- * @return  -1 on error.
- * @return  Size of shared secret in bytes on success.
- */
-int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
-    WOLFSSL_DH* dh)
+static int _DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
+    WOLFSSL_DH* dh, int ct)
 {
     int            ret    = 0;
     word32         keySz  = 0;
@@ -8678,19 +8693,19 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
     /* Validate parameters. */
     if ((dh == NULL) || (dh->priv_key == NULL) || (otherPub == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Get the maximum size of computed DH key. */
     if ((ret == 0) && ((keySz = (word32)DH_size(dh)) == 0)) {
         WOLFSSL_ERROR_MSG("Bad DH_size");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 0) {
         /* Validate the size of the private key. */
         sz = wolfSSL_BN_num_bytes(dh->priv_key);
         if (sz > (int)privSz) {
             WOLFSSL_ERROR_MSG("Bad priv internal size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
@@ -8703,7 +8718,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
         sz = wolfSSL_BN_num_bytes(otherPub);
         if (sz > pubSz) {
             WOLFSSL_ERROR_MSG("Bad otherPub size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -8713,14 +8728,14 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
         pub = (unsigned char*)XMALLOC((size_t)sz, NULL,
             DYNAMIC_TYPE_PUBLIC_KEY);
         if (pub == NULL)
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 0) {
         /* Allocate memory for the private key array. */
         priv = (unsigned char*)XMALLOC((size_t)privSz, NULL,
             DYNAMIC_TYPE_PRIVATE_KEY);
         if (priv == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
@@ -8728,28 +8743,57 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
         /* Get the private key into the array. */
         privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv);
         if (privSz <= 0) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
         /* Get the public key into the array. */
         pubSz  = wolfSSL_BN_bn2bin(otherPub, pub);
         if (pubSz <= 0) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Synchronize the external into the internal parameters. */
     if ((ret == 0) && ((dh->inSet == 0) && (SetDhInternal(dh) != 1))) {
         WOLFSSL_ERROR_MSG("Bad DH set internal");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     PRIVATE_KEY_UNLOCK();
     /* Calculate shared secret from private and public keys. */
-    if ((ret == 0) && (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv,
-            (word32)privSz, pub, (word32)pubSz) < 0)) {
-        WOLFSSL_ERROR_MSG("wc_DhAgree failed");
-        ret = -1;
+    if (ret == 0) {
+        word32 padded_keySz = keySz;
+#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && !defined(HAVE_SELFTEST)
+        if (ct) {
+            if (wc_DhAgree_ct((DhKey*)dh->internal, key, &keySz, priv,
+                           (word32)privSz, pub, (word32)pubSz) < 0) {
+                WOLFSSL_ERROR_MSG("wc_DhAgree_ct failed");
+                ret = WOLFSSL_FATAL_ERROR;
+            }
+        }
+        else
+#endif /* (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && !HAVE_SELFTEST */
+        {
+            if (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv,
+                           (word32)privSz, pub, (word32)pubSz) < 0) {
+                WOLFSSL_ERROR_MSG("wc_DhAgree failed");
+                ret = WOLFSSL_FATAL_ERROR;
+            }
+        }
+
+        if ((ret == 0) && ct) {
+            /* Arrange for correct fixed-length, right-justified key, even if
+             * the crypto back end doesn't support it.  With some crypto back
+             * ends this forgoes formal constant-timeness on the key agreement,
+             * but assured that wolfSSL_DH_compute_key_padded() functions
+             * correctly.
+             */
+            if (keySz < padded_keySz) {
+                XMEMMOVE(key, key + (padded_keySz - keySz),
+                         padded_keySz - keySz);
+                XMEMSET(key, 0, padded_keySz - keySz);
+            }
+        }
     }
     if (ret == 0) {
         /* Return actual length. */
@@ -8773,6 +8817,45 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
 
     return ret;
 }
+
+/* Compute the shared key from the private key and peer's public key.
+ *
+ * Return code compliant with OpenSSL.
+ * OpenSSL returns 0 when number of bits in p are smaller than minimum
+ * supported.
+ *
+ * @param [out] key       Buffer to place shared key.
+ * @param [in]  otherPub  Peer's public key.
+ * @param [in]  dh        DH key containing private key.
+ * @return  -1 on error.
+ * @return  Size of shared secret in bytes on success.
+ */
+int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
+    WOLFSSL_DH* dh)
+{
+    return _DH_compute_key(key, otherPub, dh, 0);
+}
+
+/* Compute the shared key from the private key and peer's public key as in
+ * wolfSSL_DH_compute_key, but using constant time processing, with an output
+ * key length fixed at the nominal DH key size.  Leading zeros are retained.
+ *
+ * Return code compliant with OpenSSL.
+ * OpenSSL returns 0 when number of bits in p are smaller than minimum
+ * supported.
+ *
+ * @param [out] key       Buffer to place shared key.
+ * @param [in]  otherPub  Peer's public key.
+ * @param [in]  dh        DH key containing private key.
+ * @return  -1 on error.
+ * @return  Size of shared secret in bytes on success.
+ */
+int wolfSSL_DH_compute_key_padded(unsigned char* key,
+    const WOLFSSL_BIGNUM* otherPub, WOLFSSL_DH* dh)
+{
+    return _DH_compute_key(key, otherPub, dh, 1);
+}
+
 #endif /* !HAVE_FIPS || (HAVE_FIPS && !WOLFSSL_DH_EXTRA) ||
         * HAVE_FIPS_VERSION > 2 */
 
@@ -8960,7 +9043,7 @@ int EccEnumToNID(int n)
     #endif
         default:
             WOLFSSL_MSG("NID not found");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
     }
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
@@ -8976,8 +9059,7 @@ int EccEnumToNID(int n)
  */
 int NIDToEccEnum(int nid)
 {
-    /* -1 on error. */
-    int id = -1;
+    int id;
 
     WOLFSSL_ENTER("NIDToEccEnum");
 
@@ -9065,6 +9147,8 @@ int NIDToEccEnum(int nid)
             break;
         default:
             WOLFSSL_MSG("NID not found");
+            /* -1 on error. */
+            id = WOLFSSL_FATAL_ERROR;
     }
 
     return id;
@@ -9176,13 +9260,19 @@ void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
  * @return  NULL on error.
  */
 static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
-    const unsigned char* in, long inSz)
+    const unsigned char** in_pp, long inSz)
 {
     int err = 0;
     WOLFSSL_EC_GROUP* ret = NULL;
     word32 idx = 0;
     word32 oid = 0;
     int id = 0;
+    const unsigned char* in;
+
+    if (in_pp == NULL || *in_pp == NULL)
+        return NULL;
+
+    in = *in_pp;
 
     /* Use the group passed in. */
     if ((group != NULL) && (*group != NULL)) {
@@ -9231,6 +9321,9 @@ static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
         }
         ret = NULL;
     }
+    else {
+        *in_pp += idx;
+    }
     return ret;
 }
 
@@ -9262,7 +9355,8 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
     }
     if (!err) {
         /* Create EC group from DER encoding. */
-        ret = wolfssl_ec_group_d2i(group, der->buffer, der->length);
+        const byte** p = (const byte**)&der->buffer;
+        ret = wolfssl_ec_group_d2i(group, p, der->length);
         if (ret == NULL) {
             WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_GROUP");
         }
@@ -9273,6 +9367,11 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
     return ret;
 }
 
+WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
+        const unsigned char **in, long len)
+{
+    return wolfssl_ec_group_d2i(out, in, len);
+}
 #endif /* !NO_BIO */
 
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
@@ -9341,7 +9440,7 @@ int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
     if ((a == NULL) || (b == NULL)) {
         WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
         /* Return error value. */
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Compare NID and wolfSSL curve index. */
     else {
@@ -9492,7 +9591,7 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group)
     /* Validate parameter. */
     if ((group == NULL) || (group->curve_idx < 0)) {
         WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -9501,7 +9600,7 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group)
         order = (mp_int *)XMALLOC(sizeof(*order), NULL,
             DYNAMIC_TYPE_TMP_BUFFER);
         if (order == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -9608,7 +9707,7 @@ static int ec_point_internal_set(WOLFSSL_EC_POINT *p)
     /* Validate parameter. */
     if ((p == NULL) || (p->internal == NULL)) {
         WOLFSSL_MSG("ECPoint NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Get internal point as a wolfCrypt EC point. */
@@ -9617,19 +9716,19 @@ static int ec_point_internal_set(WOLFSSL_EC_POINT *p)
         /* Set X ordinate if available. */
         if ((p->X != NULL) && (wolfssl_bn_get_value(p->X, point->x) != 1)) {
             WOLFSSL_MSG("ecc point X error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Y ordinate if available. */
         if ((ret == 1) && (p->Y != NULL) && (wolfssl_bn_get_value(p->Y,
                 point->y) != 1)) {
             WOLFSSL_MSG("ecc point Y error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Z ordinate if available. */
         if ((ret == 1) && (p->Z != NULL) && (wolfssl_bn_get_value(p->Z,
                 point->z) != 1)) {
             WOLFSSL_MSG("ecc point Z error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Internal values set when operations succeeded. */
         p->inSet = (ret == 1);
@@ -9655,7 +9754,7 @@ static int ec_point_external_set(WOLFSSL_EC_POINT *p)
     /* Validate parameter. */
     if ((p == NULL) || (p->internal == NULL)) {
         WOLFSSL_MSG("ECPoint NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Get internal point as a wolfCrypt EC point. */
@@ -9664,17 +9763,17 @@ static int ec_point_external_set(WOLFSSL_EC_POINT *p)
         /* Set X ordinate. */
         if (wolfssl_bn_set_value(&p->X, point->x) != 1) {
             WOLFSSL_MSG("ecc point X error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Y ordinate. */
         if ((ret == 1) && (wolfssl_bn_set_value(&p->Y, point->y) != 1)) {
             WOLFSSL_MSG("ecc point Y error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Z ordinate. */
         if ((ret == 1) && (wolfssl_bn_set_value(&p->Z, point->z) != 1)) {
             WOLFSSL_MSG("ecc point Z error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* External values set when operations succeeded. */
         p->exSet = (ret == 1);
@@ -10320,7 +10419,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
             /* Check return. When buf is NULL, return will be length only
              * error.
              */
-            if (ret != ((buf != NULL) ? MP_OKAY : LENGTH_ONLY_E)) {
+            if (ret != ((buf != NULL) ? MP_OKAY : WC_NO_ERR_TRACE(LENGTH_ONLY_E))) {
                 err = 1;
             }
         }
@@ -11354,43 +11453,43 @@ static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group,
     /* Check that the big numbers were allocated. */
     if ((at == NULL) || (bt == NULL) || (az == NULL) || (bz == NULL) ||
             (mod == NULL)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Get the modulus for the curve. */
     if ((ret == 0) &&
             (BN_hex2bn(&mod, ecc_sets[group->curve_idx].prime) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 0) {
         /* bt = Bx * (Az ^ 2). When Az is one then just copy. */
         if (BN_is_one(a->Z)) {
             if (BN_copy(bt, b->X) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* az = Az ^ 2 */
         else if ((BN_mod_mul(az, a->Z, a->Z, mod, ctx) != 1)) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* bt = Bx * az = Bx * (Az ^ 2) */
         else if (BN_mod_mul(bt, b->X, az, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
         /* at = Ax * (Bz ^ 2). When Bz is one then just copy. */
         if (BN_is_one(b->Z)) {
             if (BN_copy(at, a->X) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* bz = Bz ^ 2 */
         else if (BN_mod_mul(bz, b->Z, b->Z, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* at = Ax * bz = Ax * (Bz ^ 2) */
         else if (BN_mod_mul(at, a->X, bz, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Compare x-ordinates. */
@@ -11401,32 +11500,32 @@ static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group,
         /* bt = By * (Az ^ 3). When Az is one then just copy. */
         if (BN_is_one(a->Z)) {
             if (BN_copy(bt, b->Y) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* az = az * Az = Az ^ 3 */
         else if ((BN_mod_mul(az, az, a->Z, mod, ctx) != 1)) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* bt = By * az = By * (Az ^ 3) */
         else if (BN_mod_mul(bt, b->Y, az, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
         /* at = Ay * (Bz ^ 3). When Bz is one then just copy. */
         if (BN_is_one(b->Z)) {
             if (BN_copy(at, a->Y) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* bz = bz * Bz = Bz ^ 3 */
         else if (BN_mod_mul(bz, bz, b->Z, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* at = Ay * bz = Ay * (Bz ^ 3) */
         else if (BN_mod_mul(at, a->Y, bz, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Compare y-ordinates. */
@@ -11466,7 +11565,7 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
     if ((group == NULL) || (a == NULL) || (a->internal == NULL) ||
             (b == NULL) || (b->internal == NULL)) {
         WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret != -1) {
     #ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN
@@ -12243,11 +12342,11 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
     if ((key == NULL) || (key->internal == NULL) || (derBuf == NULL) ||
             (derSz <= 0)) {
         WOLFSSL_MSG("Bad function arguments");
-        res = -1;
+        res = WOLFSSL_FATAL_ERROR;
     }
     if ((res == 1) && (opt != WOLFSSL_EC_KEY_LOAD_PRIVATE) &&
             (opt != WOLFSSL_EC_KEY_LOAD_PUBLIC)) {
-        res = -1;
+        res = WOLFSSL_FATAL_ERROR;
     }
 
     if (res == 1) {
@@ -12266,7 +12365,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
         /* Error out on parsing error. */
         else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
             WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header");
-            res = -1;
+            res = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -12283,7 +12382,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
                 ecc_key *tmp = (ecc_key*)XMALLOC(sizeof(ecc_key),
                     ((ecc_key*)key->internal)->heap, DYNAMIC_TYPE_ECC);
                 if (tmp == NULL) {
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
                 else {
                     /* We now try again as x.963 [point type][x][opt y]. */
@@ -12315,7 +12414,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
             else {
                 WOLFSSL_MSG("wc_EccPublicKeyDecode failed");
             }
-            res = -1;
+            res = WOLFSSL_FATAL_ERROR;
         }
 
         /* Internal key updated - update whether it is a valid key. */
@@ -12325,12 +12424,62 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
     /* Set the external EC key based on value in internal. */
     if ((res == 1) && (SetECKeyExternal(key) != 1)) {
         WOLFSSL_MSG("SetECKeyExternal failed");
-        res = -1;
+        res = WOLFSSL_FATAL_ERROR;
     }
 
     return res;
 }
 
+
+#ifndef NO_BIO
+
+WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
+        WOLFSSL_EC_KEY **out)
+{
+    char* data = NULL;
+    int dataSz = 0;
+    int memAlloced = 0;
+    WOLFSSL_EC_KEY* ec = NULL;
+    int err = 0;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio");
+
+    if (bio == NULL)
+        return NULL;
+
+    if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
+        WOLFSSL_ERROR_MSG("wolfssl_read_bio failed");
+        err = 1;
+    }
+
+    if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) {
+        WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed");
+        err = 1;
+    }
+
+    /* Load the EC key with the public key from the DER encoding. */
+    if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data,
+            dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) {
+        WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed");
+        err = 1;
+    }
+
+    if (memAlloced)
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (err) { /* on error */
+        wolfSSL_EC_KEY_free(ec);
+        ec = NULL;
+    }
+    else { /* on success */
+        if (out != NULL)
+            *out = ec;
+    }
+
+    return ec;
+}
+
+#endif /* !NO_BIO */
+
 /*
  * EC key PEM APIs
  */
@@ -12919,7 +13068,7 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
     /* Validate parameter. */
     if ((eckey == NULL) || (eckey->internal == NULL)) {
         WOLFSSL_MSG("ec key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         ecc_key* key = (ecc_key*)eckey->internal;
@@ -12934,13 +13083,13 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
             if (wc_ecc_copy_point(&key->pubkey,
                     (ecc_point*)eckey->pub_key->internal) != MP_OKAY) {
                 WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
 
             /* Set external public key from internal wolfCrypt, public key. */
             if ((ret == 1) && (ec_point_external_set(eckey->pub_key) != 1)) {
                 WOLFSSL_MSG("SetECKeyExternal ec_point_external_set failed");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
 
@@ -12949,7 +13098,7 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
                 (wolfssl_bn_set_value(&eckey->priv_key,
                 wc_ecc_key_get_priv(key)) != 1)) {
             WOLFSSL_MSG("ec priv key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* External values set when operations succeeded. */
@@ -12977,7 +13126,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
     if ((eckey == NULL) || (eckey->internal == NULL) ||
             (eckey->group == NULL)) {
         WOLFSSL_MSG("ec key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         ecc_key* key = (ecc_key*)eckey->internal;
@@ -12987,7 +13136,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
         if ((eckey->group->curve_idx < 0) ||
             (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) {
             WOLFSSL_MSG("invalid curve idx");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         if (ret == 1) {
@@ -13000,14 +13149,14 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
         if ((ret == 1) && pubSet) {
             if (ec_point_internal_set(eckey->pub_key) != 1) {
                 WOLFSSL_MSG("ec key pub error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             /* Copy public point to key. */
             if ((ret == 1) && (wc_ecc_copy_point(
                     (ecc_point*)eckey->pub_key->internal, &key->pubkey) !=
                     MP_OKAY)) {
                 WOLFSSL_MSG("wc_ecc_copy_point error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
 
             if (ret == 1) {
@@ -13021,7 +13170,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
             if (wolfssl_bn_get_value(eckey->priv_key,
                     wc_ecc_key_get_priv(key)) != 1) {
                 WOLFSSL_MSG("ec key priv error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             /* private key */
             if ((ret == 1) && (!mp_iszero(wc_ecc_key_get_priv(key)))) {
@@ -13049,13 +13198,9 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
  */
 point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key)
 {
-    int ret = -1;
-
-    if (key != NULL) {
-        ret = key->form;
-    }
-
-    return ret;
+    if (key == NULL)
+        return WOLFSSL_FATAL_ERROR;
+    return key->form;
 }
 
 /* Set point conversion format into EC key.
@@ -13906,7 +14051,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
     if ((dgst == NULL) || (sig == NULL) || (key == NULL) ||
             (key->internal == NULL)) {
         WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Ensure internal EC key is set from external. */
@@ -13915,7 +14060,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
 
         if (SetECKeyInternal(key) != 1) {
             WOLFSSL_MSG("SetECKeyInternal failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -13926,7 +14071,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
                 (mp_int*)sig->s->internal, dgst, (word32)dLen, &verified,
                 (ecc_key *)key->internal) != MP_OKAY) {
             WOLFSSL_MSG("wc_ecc_verify_hash failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         else if (verified == 0) {
             WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
@@ -13940,7 +14085,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
                 (word32)dLen, &verified, (ecc_key*)key->internal);
             if (ret != MP_OKAY) {
                 WOLFSSL_MSG("wc_ecc_verify_hash failed");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             else if (verified == 0) {
                 WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
@@ -15452,7 +15597,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
 
     if (!err) {
         const unsigned char* ptr = der->buffer;
-        int type = -1;
+        int type;
 
         /* Set key type based on format returned. */
         switch (keyFormat) {
@@ -15471,6 +15616,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
                 type = EVP_PKEY_DH;
                 break;
             default:
+                type = WOLFSSL_FATAL_ERROR;
                 break;
         }
 
@@ -15590,7 +15736,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key,
 
     if (!err) {
         const unsigned char* ptr = der->buffer;
-        int type = -1;
+        int type;
 
         /* Set key type based on format returned. */
         switch (keyFormat) {
@@ -15609,6 +15755,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key,
                 type = EVP_PKEY_DH;
                 break;
             default:
+                type = WOLFSSL_FATAL_ERROR;
                 break;
         }
 
diff --git a/src/quic.c b/src/quic.c
index 117bb4373d..f709ea6935 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -1,6 +1,6 @@
 /* quic.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -200,7 +200,7 @@ static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
 
     /* We check if the buf is at least RECORD_HEADER_SZ */
     if (sz < RECORD_HEADER_SZ) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (qr->rec_hdr_remain == 0) {
@@ -614,7 +614,7 @@ int wolfSSL_quic_do_handshake(WOLFSSL* ssl)
             else {
                 ret = wolfSSL_read_early_data(ssl, tmpbuffer,
                                               sizeof(tmpbuffer), &len);
-                if (ret < 0 && ssl->error == ZERO_RETURN) {
+                if (ret < 0 && ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
                     /* this is expected, since QUIC handles the actual early
                      * data separately. */
                     ret = WOLFSSL_SUCCESS;
@@ -634,7 +634,9 @@ int wolfSSL_quic_do_handshake(WOLFSSL* ssl)
 cleanup:
     if (ret <= 0
         && ssl->options.handShakeState == HANDSHAKE_DONE
-        && (ssl->error == ZERO_RETURN || ssl->error == WANT_READ)) {
+        && (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN) ||
+            ssl->error == WC_NO_ERR_TRACE(WANT_READ)))
+    {
         ret = WOLFSSL_SUCCESS;
     }
     if (ret == WOLFSSL_SUCCESS) {
@@ -783,7 +785,7 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
 
             /* record too small to be fit into a RecordLayerHeader struct. */
             if (n == -1) {
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             if (quic_record_done(ssl->quic.input_head)) {
                 QuicRecord* qr = ssl->quic.input_head;
diff --git a/src/sniffer.c b/src/sniffer.c
index 94b2a9fcc1..7be98cdef0 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1,6 +1,6 @@
 /* sniffer.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -851,14 +851,11 @@ static void FreeSnifferSession(SnifferSession* session)
         XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES);
 #endif
 #ifdef WOLFSSL_TLS13
-        if (session->cliKeyShare)
-            XFREE(session->cliKeyShare, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(session->cliKeyShare, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #ifdef HAVE_MAX_FRAGMENT
-        if (session->tlsFragBuf) {
-            XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            session->tlsFragBuf = NULL;
-        }
+        XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        session->tlsFragBuf = NULL;
 #endif
     }
     XFREE(session, NULL, DYNAMIC_TYPE_SNIFFER_SESSION);
@@ -1659,31 +1656,31 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
     int ret = -1;
 
     if (keyBuf == NULL || keyBufSz == NULL || keyFile == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (keySz == 0) {
         /* load from file */
         file = XFOPEN(keyFile, "rb");
-        if (file == XBADFILE) return -1;
+        if (file == XBADFILE) return WOLFSSL_FATAL_ERROR;
         if(XFSEEK(file, 0, XSEEK_END) != 0) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         fileSz = XFTELL(file);
         if (fileSz > MAX_WOLFSSL_FILE_SIZE || fileSz < 0) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         if(XFSEEK(file, 0, XSEEK_SET) != 0) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         loadBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_FILE);
         if (loadBuf == NULL) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         ret = (int)XFREAD(loadBuf, 1, fileSz, file);
@@ -1691,14 +1688,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
 
         if (ret != fileSz) {
             XFREE(loadBuf, NULL, DYNAMIC_TYPE_FILE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
     else {
         /* use buffer directly */
         loadBuf = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_FILE);
         if (loadBuf == NULL) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         fileSz = keySz;
         XMEMCPY(loadBuf, keyFile, fileSz);
@@ -1735,7 +1732,7 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
     }
 
     if (ret < 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -1754,14 +1751,14 @@ static int CreateWatchSnifferServer(char* error)
             DYNAMIC_TYPE_SNIFFER_SERVER);
     if (sniffer == NULL) {
         SetError(MEMORY_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     InitSnifferServer(sniffer);
     sniffer->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
     if (!sniffer->ctx) {
         SetError(MEMORY_STR, error, NULL, 0);
         FreeSnifferServer(sniffer);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
     if (CryptoDeviceId != INVALID_DEVID)
@@ -1803,7 +1800,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
                 NULL, DYNAMIC_TYPE_SNIFFER_NAMED_KEY);
         if (namedKey == NULL) {
             SetError(MEMORY_STR, error, NULL, 0);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         XMEMSET(namedKey, 0, sizeof(NamedKey));
 
@@ -1818,7 +1815,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
         if (ret < 0) {
             SetError(KEY_FILE_STR, error, NULL, 0);
             FreeNamedKey(namedKey);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -1852,7 +1849,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
 #ifdef HAVE_SNI
             FreeNamedKey(namedKey);
 #endif
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         InitSnifferServer(sniffer);
 
@@ -1868,7 +1865,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
             FreeNamedKey(namedKey);
 #endif
             FreeSnifferServer(sniffer);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
         if (CryptoDeviceId != INVALID_DEVID)
@@ -1909,7 +1906,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
             SetError(KEY_FILE_STR, error, NULL, 0);
             if (isNew)
                 FreeSnifferServer(sniffer);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #ifdef WOLF_CRYPTO_CB
         wolfSSL_CTX_SetDevId(sniffer->ctx, CryptoDeviceId);
@@ -2127,7 +2124,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
 
     if (version != IPV6) {
         SetError(BAD_IPVER_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* Here, we need to move onto next header if not TCP. */
@@ -2137,7 +2134,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
             int hdrsz = (exthdr->length + 1) * 8;
             if (hdrsz > length - exthdrsz) {
                 SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             exthdrsz += hdrsz;
             exthdr = (Ip6ExtHdr*)((byte*)exthdr + hdrsz);
@@ -2149,7 +2146,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
 #ifndef WOLFSSL_SNIFFER_WATCH
     if (!IsServerRegistered6(iphdr->src) && !IsServerRegistered6(iphdr->dst)) {
         SetError(SERVER_NOT_REG_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -2183,12 +2180,12 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error,
 
     if (version != IPV4) {
         SetError(BAD_IPVER_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (iphdr->protocol != TCP_PROTOCOL) {
         SetError(BAD_PROTO_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     info->length  = IP_HL(iphdr);
@@ -2580,7 +2577,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
             }
 
@@ -2803,7 +2800,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
 
                 /* if curve not provided in key share data, then use private
@@ -2896,7 +2893,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
             }
             if (ret == 0) {
@@ -2979,7 +2976,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
             }
             if (ret == 0) {
@@ -3165,13 +3162,13 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
         if (SetCipherSpecs(session->sslServer) != 0) {
             SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
             session->verboseErr = 1;
-            ret = -1; break;
+            ret = WOLFSSL_FATAL_ERROR; break;
         }
 
         if (SetCipherSpecs(session->sslClient) != 0) {
             SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
             session->verboseErr = 1;
-            ret = -1; break;
+            ret = WOLFSSL_FATAL_ERROR; break;
         }
 
     #ifdef WOLFSSL_TLS13
@@ -3203,7 +3200,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
         }
         if (ret != 0) {
             SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
-            ret = -1; break;
+            ret = WOLFSSL_FATAL_ERROR; break;
         }
 
     #ifdef SHOW_SECRETS
@@ -3263,7 +3260,7 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
         session->sslServer->buffers.key->length == 0) {
 
         SetError(RSA_KEY_MISSING_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -3291,7 +3288,7 @@ static int ProcessKeyShare(KeyShareInfo* info, const byte* input, int len,
             info->key_len = (word16)((input[index] << 8) | input[index+1]);
             index += OPAQUE16_LEN;
             if (info->key_len == 0 || info->key_len > len - index) {
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             info->key = &input[index];
             index += info->key_len;
@@ -3395,7 +3392,7 @@ static int ProcessServerKeyShare(SnifferSession* session, const byte* input, int
     }
     if (ret != 0) {
         SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -3420,7 +3417,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     /* make sure can read through hint len */
     if (TICKET_HINT_LEN > *sslBytes) {
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     input     += TICKET_HINT_LEN; /* skip over hint len */
     *sslBytes -= TICKET_HINT_LEN;
@@ -3431,7 +3428,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
         /* make sure can read through hint age and nonce len */
         if (TICKET_HINT_AGE_LEN + 1 > *sslBytes) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         input     += TICKET_HINT_AGE_LEN; /* skip over hint age */
         *sslBytes -= TICKET_HINT_AGE_LEN;
@@ -3440,7 +3437,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
         len = input[0];
         if (len > MAX_TICKET_NONCE_STATIC_SZ) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         input += OPAQUE8_LEN;
         *sslBytes -= OPAQUE8_LEN;
@@ -3458,7 +3455,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     /* make sure can read through len */
     if (OPAQUE16_LEN > *sslBytes) {
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     len = (word16)((input[0] << 8) | input[1]);
@@ -3468,7 +3465,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     /* make sure can read through ticket */
     if (len > *sslBytes) {
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_TLS13
@@ -3478,7 +3475,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     #ifdef HAVE_SESSION_TICKET
         if (SetTicket(session->sslServer, input, len) != 0) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         /* set haveSessionId to use the wolfSession cache */
@@ -3505,7 +3502,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
         /* capture last part of sessionID as macID (32 bytes) */
         if (len < ID_LEN) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         /* store session with macID as sessionID */
         session->sslServer->options.haveSessionId = 1;
@@ -3549,7 +3546,7 @@ static int DoResume(SnifferSession* session, char* error)
             INC_STAT(SnifferStats.sslResumeMisses);
         #endif
             SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -3574,13 +3571,13 @@ static int DoResume(SnifferSession* session, char* error)
     if (SetCipherSpecs(session->sslServer) != 0) {
         SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (SetCipherSpecs(session->sslClient) != 0) {
         SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_TLS13
@@ -3619,7 +3616,7 @@ static int DoResume(SnifferSession* session, char* error)
 
     if (ret != 0) {
         SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -3648,7 +3645,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     /* make sure can read through session len */
     if (toRead > *sslBytes) {
         SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     XMEMCPY(&pv, input, VERSION_SZ);
@@ -3673,7 +3670,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     /* make sure can read through compression */
     if ( (b + SUITE_LEN + ENUM_LEN) > *sslBytes) {
         SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (b) {
     #ifdef WOLFSSL_TLS13
@@ -3721,7 +3718,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
 
     if (b) {
         SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* extensions */
@@ -3732,7 +3729,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
         /* make sure can read len */
         if (SUITE_LEN > *sslBytes) {
             SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         len = (word16)((input[0] << 8) | input[1]);
         input     += SUITE_LEN;
@@ -3740,7 +3737,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
         /* make sure can read through all extensions */
         if (len > *sslBytes) {
             SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
@@ -3759,7 +3756,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
             if (extLen > *sslBytes) {
                 SetError(SERVER_HELLO_INPUT_STR, error, session,
                          FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
         #ifdef DEBUG_SNIFFER
             printf("\tserver_hello ext: 0x%02x (len %d)\n", extType, extLen);
@@ -3772,7 +3769,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
                 if (ret != 0) {
                     SetError(SERVER_HELLO_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
                 break;
         #endif
@@ -3838,14 +3835,14 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
 #ifndef WOLFSSL_TLS13
         SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 #endif
     }
     else {
 #ifdef WOLFSSL_NO_TLS12
         SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 #endif
     }
 
@@ -4010,7 +4007,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read up to session len */
     if (toRead > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* skip, get negotiated one from server hello */
@@ -4032,7 +4029,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     if (bLen) {
         if (ID_LEN > *sslBytes) {
             SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         Trace(CLIENT_RESUME_TRY_STR);
 #ifdef WOLFSSL_TLS13
@@ -4058,7 +4055,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read len */
     if (SUITE_LEN > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     len = (word16)((input[0] << 8) | input[1]);
     input     += SUITE_LEN;
@@ -4066,7 +4063,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read suites + comp len */
     if (len + ENUM_LEN > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     input     += len;
     *sslBytes -= len;
@@ -4077,7 +4074,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read len */
     if (bLen > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     input     += bLen;
     *sslBytes -= bLen;
@@ -4091,7 +4088,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read len */
     if (SUITE_LEN > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     len = (word16)((input[0] << 8) | input[1]);
     input     += SUITE_LEN;
@@ -4099,7 +4096,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read through all extensions */
     if (len > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
@@ -4117,7 +4114,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
         /* make sure can read through individual extension */
         if (extLen > *sslBytes) {
             SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
     #ifdef DEBUG_SNIFFER
@@ -4166,7 +4163,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             word16 ksLen = (word16)((input[0] << 8) | input[1]);
             if (ksLen + OPAQUE16_LEN > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             /* cache key share data till server_hello */
             session->cliKeyShareSz = ksLen;
@@ -4190,7 +4187,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             idsLen = (word16)((input[idx] << 8) | input[idx+1]);
             if (idsLen + OPAQUE16_LEN + idx > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             idx += OPAQUE16_LEN;
 
@@ -4198,7 +4195,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             idLen = (word16)((input[idx] << 8) | input[idx+1]);
             if (idLen + OPAQUE16_LEN + idx > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             idx += OPAQUE16_LEN;
             identity = &input[idx];
@@ -4214,7 +4211,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             bindersLen = (word16)((input[idx] << 8) | input[idx+1]);
             if (bindersLen + OPAQUE16_LEN + idx > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             idx += OPAQUE16_LEN;
             binders = &input[idx];
@@ -4249,7 +4246,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             if (extLen && extLen < ID_LEN) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session,
                          FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             if (extLen) {
                 if (session->ticketID == NULL) {
@@ -4258,7 +4255,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
                     if (session->ticketID == 0) {
                         SetError(MEMORY_STR, error, session,
                                  FATAL_ERROR_STATE);
-                        return -1;
+                        return WOLFSSL_FATAL_ERROR;
                     }
                 }
 
@@ -4300,7 +4297,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
 
     if (WatchCb == NULL) {
         SetError(WATCH_CB_MISSING_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = wc_InitSha256(&sha);
@@ -4310,7 +4307,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
         ret = wc_Sha256Final(&sha, digest);
     if (ret != 0) {
         SetError(WATCH_HASH_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = WatchCb((void*)session, digest, sizeof(digest),
@@ -4320,7 +4317,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
         INC_STAT(SnifferStats.sslKeysUnmatched);
 #endif
         SetError(WATCH_FAIL_STR, error, session, FATAL_ERROR_STATE);
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
 #ifdef WOLFSSL_SNIFFER_STATS
@@ -4344,7 +4341,7 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
 
     if (*sslBytes < CERT_HEADER_SZ) {
         SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_TLS13
@@ -4361,14 +4358,14 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
 
     if (*sslBytes < (int)certChainSz) {
         SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ato24(input, &certSz);
     input += OPAQUE24_LEN;
     if (*sslBytes < (int)certSz) {
         SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     *sslBytes -= certChainSz;
@@ -4446,7 +4443,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
 
             if (ret != 0) {
                 SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
 
             session->flags.gotFinished = 1;
@@ -4482,7 +4479,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
 
         if (ret != 0) {
             SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -4532,7 +4529,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
 
     if (*sslBytes < HANDSHAKE_HEADER_SZ) {
         SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     type = input[0];
     size = (input[1] << 16) | (input[2] << 8) | input[3];
@@ -4598,7 +4595,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
         if (HashUpdate(session->hash, input, size) != 0) {
             SetError(EXTENDED_MASTER_HASH_STR, error,
                      session, FATAL_ERROR_STATE);
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
             goto exit;
         }
     }
@@ -4632,7 +4629,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
                 /* can't know temp key passively */
                 SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
                 session->verboseErr = 1;
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
 
 #if defined(WOLFSSL_SNIFFER_STATS)
                 INC_STAT(SnifferStats.sslEphemeralMisses);
@@ -4683,7 +4680,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
                     else {
                         SetError(EXTENDED_MASTER_HASH_STR, error,
                                 session, FATAL_ERROR_STATE);
-                        ret = -1;
+                        ret = WOLFSSL_FATAL_ERROR;
                     }
                     XMEMSET(session->hash, 0, sizeof(HsHashes));
                     XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES);
@@ -4715,7 +4712,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
             break;
         default:
             SetError(GOT_UNKNOWN_HANDSHAKE_STR, error, session, 0);
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
             break;
     }
 
@@ -4723,10 +4720,8 @@ static int DoHandShake(const byte* input, int* sslBytes,
 exit:
 #endif
 #ifdef HAVE_MAX_FRAGMENT
-    if (session->tlsFragBuf) {
-        XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        session->tlsFragBuf = NULL;
-    }
+    XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    session->tlsFragBuf = NULL;
 #endif
 
     *sslBytes = startBytes - size;  /* actual bytes of full process */
@@ -5251,14 +5246,14 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame,
 
     if (*rhSize > *sslBytes) {
         SetError(OLD_CLIENT_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
                                 (word16)*rhSize);
     if (ret < 0 && ret != WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)) {
         SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     Trace(OLD_CLIENT_OK_STR);
@@ -5324,7 +5319,7 @@ static int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen,
     /* field, but tcp checksum offloading could negate calculation */
     if (checksum == 0)
         return 0;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 #endif
 
@@ -5347,7 +5342,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
     /* ip header */
     if (length < IP_HDR_SZ) {
         SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     version = IP_V(iphdr);
@@ -5361,31 +5356,31 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
     }
 
     if (CheckIpHdr(iphdr, ipInfo, length, error, trace) != 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
 #ifndef WOLFSSL_SNIFFER_WATCH
     if (checkReg &&
            !IsServerRegistered(iphdr->src) && !IsServerRegistered(iphdr->dst)) {
         SetError(SERVER_NOT_REG_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
     /* tcp header */
     if (length < (ipInfo->length + TCP_HDR_SZ)) {
         SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     tcphdr = (TcpHdr*)(packet + ipInfo->length);
     if (CheckTcpHdr(tcphdr, tcpInfo, error, trace) != 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
 #ifndef WOLFSSL_SNIFFER_WATCH
     if (checkReg &&
          !IsPortRegistered(tcpInfo->srcPort) &&
             !IsPortRegistered(tcpInfo->dstPort)) {
         SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -5393,7 +5388,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
     *sslFrame = packet + ipInfo->length + tcpInfo->length;
     if (*sslFrame > packet + length) {
         SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* We only care about the data in the TCP/IP record. There may be extra
@@ -5435,7 +5430,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
                 return 1;
 
             SetError(MEMORY_STR, error, NULL, 0);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         return 1;
     }
@@ -5458,7 +5453,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
 #endif
 
             SetError(BAD_SESSION_STR, error, NULL, 0);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
     return 0;
@@ -5519,12 +5514,12 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
         if (MaxRecoveryMemory != -1 &&
                       (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
             SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add = CreateBuffer(&seq, seq + sslBytes - 1, sslFrame, &bytesLeft);
         if (add == NULL) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         *front = add;
         *reassemblyMemory += sslBytes;
@@ -5541,12 +5536,12 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
         if (MaxRecoveryMemory -1 &&
                       (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
             SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add = CreateBuffer(&seq, end, sslFrame, &bytesLeft);
         if (add == NULL) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add->next = curr;
         *front = add;
@@ -5583,13 +5578,13 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
         if (MaxRecoveryMemory != -1 &&
                          (int)(*reassemblyMemory + added) > MaxRecoveryMemory) {
             SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add = CreateBuffer(&seq, seq + added - 1, &sslFrame[seq - startSeq],
                            &bytesLeft);
         if (add == NULL) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add->next  = prev->next;
         prev->next = add;
@@ -5859,7 +5854,7 @@ static int FindNextRecordInAssembly(SnifferSession* session,
             if ( *sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
                 if (GrowInputBuffer(ssl, *sslBytes, 0) < 0) {
                     SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
             }
 
@@ -5951,7 +5946,7 @@ static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
         TraceAck(real, expected);
 
         if (real > expected)
-            return -1;  /* we missed a packet, ACKing data we never saw */
+            return WOLFSSL_FATAL_ERROR;  /* we missed a packet, ACKing data we never saw */
     }
     return 0;
 }
@@ -6000,7 +5995,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
             UpdateMissedDataSessions();
         #endif
             SetError(ACK_MISSED_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         else {
             SetError(ACK_MISSED_STR, error, session, 0);
@@ -6071,13 +6066,13 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
 
     if (session->flags.fatalError == FATAL_ERROR_STATE) {
         SetError(FATAL_ERROR_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (skipPartial) {
         if (FindNextRecordInAssembly(session,
                                      sslFrame, sslBytes, end, error) < 0) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -6095,7 +6090,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
         if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
             if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
                 SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
         }
         if (vChain == NULL) {
@@ -6118,7 +6113,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
             if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
                 if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
                     SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
             }
 
@@ -6156,7 +6151,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
 #ifdef OLD_HELLO_ALLOWED
         int ret = DoOldHello(session, *sslFrame, &rhSize, sslBytes, error);
         if (ret < 0)
-            return -1;  /* error already set */
+            return WOLFSSL_FATAL_ERROR;  /* error already set */
         if (*sslBytes <= 0)
             return 1;
 #endif
@@ -6267,7 +6262,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
     rhSize = 0;
     if (sslBytes < 0) {
         SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (sslBytes >= RECORD_HEADER_SZ) {
         if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
@@ -6289,7 +6284,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
             if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
                 if (GrowInputBuffer(ssl, sslBytes, 0) < 0) {
                     SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
             }
             XMEMMOVE(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes);
@@ -6327,11 +6322,11 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
         }
         if (ssl->decrypt.setup != 1) {
             SetError(DECRYPT_KEYS_NOT_SETUP, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         if (CheckAvailableSize(ssl, rhSize) < 0) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         sslFrame = DecryptMessage(ssl, sslFrame, rhSize,
@@ -6355,7 +6350,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
         if (errCode != 0) {
             if ((enum ContentType)rh.type == application_data) {
                 SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             /* do not end session for failures on handshake packets */
             return 0;
@@ -6380,7 +6375,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
                     if (session->flags.fatalError == 0)
                         SetError(BAD_HANDSHAKE_STR, error, session,
                                  FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
 
                 /* DoHandShake now fully decrements sslBytes to remaining */
@@ -6434,7 +6429,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
                                 *data = NULL;
                                 SetError(MEMORY_STR, error, session,
                                          FATAL_ERROR_STATE);
-                                return -1;
+                                return WOLFSSL_FATAL_ERROR;
                             }
                             *data = tmpData;
                             XMEMCPY(*data + decoded,
@@ -6454,7 +6449,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
                                     stored = StoreDataCb(buf, bufSz, offset,
                                             ctx);
                                     if (stored <= 0) {
-                                        return -1;
+                                        return WOLFSSL_FATAL_ERROR;
                                     }
                                     offset += stored;
                                 } while (offset < bufSz);
@@ -6462,13 +6457,13 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
                             else {
                                 SetError(STORE_DATA_CB_MISSING_STR, error,
                                         session, FATAL_ERROR_STATE);
-                                return -1;
+                                return WOLFSSL_FATAL_ERROR;
                             }
 #else
                             (void)ctx;
                             SetError(NO_DATA_DEST_STR, error, session,
                                     FATAL_ERROR_STATE);
-                            return -1;
+                            return WOLFSSL_FATAL_ERROR;
 #endif
                         }
                         TraceAddedData(ret, decoded);
@@ -6479,7 +6474,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
                 else {
                     /* set error, but do not treat fatal */
                     SetError(BAD_APP_DATA_STR, error,session, 0);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
                 if (ssl->buffers.outputBuffer.dynamicFlag)
                     ShrinkOutputBuffer(ssl);
@@ -6503,7 +6498,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
         case no_type:
         default:
             SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
     }
 
     /* do we have another msg in record ? */
@@ -6851,7 +6846,7 @@ int ssl_FreeZeroDecodeBuffer(byte** data, int sz, char* error)
     (void)error;
 
     if (sz < 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (data != NULL) {
@@ -6874,7 +6869,7 @@ int ssl_Trace(const char* traceFile, char* error)
             TraceFile = XFOPEN(traceFile, "a");
             if (!TraceFile) {
                 SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
              }
             TraceOn = 1;
         }
@@ -6944,7 +6939,7 @@ int ssl_GetSessionStats(unsigned int* active,     unsigned int* total,
         return 0;
     else {
         SetError(BAD_SESSION_STATS, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 }
 
@@ -6985,7 +6980,7 @@ int ssl_ResetStatistics(void)
 int ssl_ReadStatistics(SSLStats* stats)
 {
     if (stats == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     LOCK_STAT();
     XMEMCPY(stats, &SnifferStats, sizeof(SSLStats));
@@ -6999,7 +6994,7 @@ int ssl_ReadStatistics(SSLStats* stats)
 int ssl_ReadResetStatistics(SSLStats* stats)
 {
     if (stats == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     LOCK_STAT();
     XMEMCPY(stats, &SnifferStats, sizeof(SSLStats));
@@ -7045,10 +7040,10 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
     int ret;
 
     if (vSniffer == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (key == NULL || keySz == 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     sniffer = (SnifferSession*)vSniffer;
@@ -7077,7 +7072,7 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
 
     if (ret != WOLFSSL_SUCCESS) {
         SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return 0;
@@ -7091,10 +7086,10 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType,
     int ret;
 
     if (vSniffer == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (keyFile == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* Remap the keyType from what the user can use to
@@ -7106,7 +7101,7 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType,
     if (ret < 0) {
         SetError(KEY_FILE_STR, error, NULL, 0);
         XFREE(keyBuf, NULL, DYNAMIC_TYPE_X509);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = ssl_SetWatchKey_buffer(vSniffer, keyBuf, keyBufSz, FILETYPE_DER,
diff --git a/src/ssl.c b/src/ssl.c
index c0e3e54aae..25de9cd141 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1,6 +1,6 @@
 /* ssl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,10 +25,9 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
-#if defined(OPENSSL_EXTRA) && !defined(_WIN32)
+#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE)
     /* turn on GNU extensions for XISASCII */
-    #undef  _GNU_SOURCE
-    #define _GNU_SOURCE
+    #define _GNU_SOURCE 1
 #endif
 
 #if !defined(WOLFCRYPT_ONLY) || defined(OPENSSL_EXTRA) || \
@@ -553,6 +552,18 @@ int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output,
     return GetEchConfigsEx(ctx->echConfigs, output, outputLen);
 }
 
+void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable)
+{
+    if (ctx != NULL) {
+        ctx->disableECH = !enable;
+        if (ctx->disableECH) {
+            TLSX_Remove(&ctx->extensions, TLSX_ECH, ctx->heap);
+            FreeEchConfigs(ctx->echConfigs, ctx->heap);
+            ctx->echConfigs = NULL;
+        }
+    }
+}
+
 /* set the ech config from base64 for our client ssl object, base64 is the
  * format ech configs are sent using dns records */
 int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64,
@@ -841,7 +852,7 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
 
     if (output == NULL) {
         *outputLen = totalLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (totalLen > *outputLen) {
@@ -942,6 +953,18 @@ int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* output, word32* outputLen)
     return GetEchConfigsEx(ssl->echConfigs, output, outputLen);
 }
 
+void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable)
+{
+    if (ssl != NULL) {
+        ssl->options.disableECH = !enable;
+        if (ssl->options.disableECH) {
+            TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap);
+            FreeEchConfigs(ssl->echConfigs, ssl->heap);
+            ssl->echConfigs = NULL;
+        }
+    }
+}
+
 /* get the raw ech configs from our linked list of ech config structs */
 int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
 {
@@ -986,7 +1009,7 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
 
     if (output == NULL) {
         *outputLen = totalLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (totalLen > *outputLen) {
@@ -1034,9 +1057,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
         if (ret != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("wolfSSL_Init failed");
             WOLFSSL_LEAVE("wolfSSL_CTX_new_ex", 0);
-            if (method != NULL) {
-                XFREE(method, heap, DYNAMIC_TYPE_METHOD);
-            }
+            XFREE(method, heap, DYNAMIC_TYPE_METHOD);
             return NULL;
         }
     }
@@ -1132,10 +1153,8 @@ void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)
 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
 && !defined(NO_SHA256) && !defined(WC_NO_RNG)
         if (ctx->srp != NULL) {
-            if (ctx->srp_password != NULL){
-                XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);
-                ctx->srp_password = NULL;
-            }
+            XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);
+            ctx->srp_password = NULL;
             wc_SrpTerm(ctx->srp);
             XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP);
             ctx->srp = NULL;
@@ -1688,7 +1707,7 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len)
         return NULL;
 
     cipher = wolfSSL_get_cipher_name_iana(ssl);
-    len = (int)min((word32)len, (int)(XSTRLEN(cipher) + 1));
+    len = (int)min((word32)len, (word32)(XSTRLEN(cipher) + 1));
     XMEMCPY(buf, cipher, len);
     return buf;
 }
@@ -1954,6 +1973,15 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
     return WOLFSSL_SUCCESS;
 }
 
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu) {
+    if (wolfSSL_dtls_set_mtu(ssl, mtu) == 0)
+        return SSL_SUCCESS;
+    else
+        return SSL_FAILURE;
+}
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA */
+
 #endif /* WOLFSSL_DTLS && (WOLFSSL_SCTP || WOLFSSL_DTLS_MTU) */
 
 #ifdef WOLFSSL_SRTP
@@ -2041,7 +2069,7 @@ static int DtlsSrtpSelProfiles(word16* id, const char* profile_str)
 
 int wolfSSL_CTX_set_tlsext_use_srtp(WOLFSSL_CTX* ctx, const char* profile_str)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL) {
         ret = DtlsSrtpSelProfiles(&ctx->dtlsSrtpProfiles, profile_str);
     }
@@ -2049,7 +2077,7 @@ int wolfSSL_CTX_set_tlsext_use_srtp(WOLFSSL_CTX* ctx, const char* profile_str)
 }
 int wolfSSL_set_tlsext_use_srtp(WOLFSSL* ssl, const char* profile_str)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ssl != NULL) {
         ret = DtlsSrtpSelProfiles(&ssl->dtlsSrtpProfiles, profile_str);
     }
@@ -2094,7 +2122,7 @@ int wolfSSL_export_dtls_srtp_keying_material(WOLFSSL* ssl,
     }
     if (out == NULL) {
         *olen = (size_t)profile->kdfBits;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (*olen < (size_t)profile->kdfBits) {
@@ -2303,7 +2331,7 @@ int wolfSSL_mcast_peer_add(WOLFSSL* ssl, word16 peerId, int sub)
         }
         else {
             WOLFSSL_MSG("No room in peer list.");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     else {
@@ -2394,7 +2422,7 @@ int wolfSSL_mcast_set_highwater_ctx(WOLFSSL* ssl, void* ctx)
 /* return underlying connect or accept, WOLFSSL_SUCCESS on ok */
 int wolfSSL_negotiate(WOLFSSL* ssl)
 {
-    int err = WOLFSSL_FATAL_ERROR;
+    int err = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
 
     WOLFSSL_ENTER("wolfSSL_negotiate");
 
@@ -2876,8 +2904,9 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
     /* make sure bidirectional TLS shutdown completes */
     if (ssl->error == WOLFSSL_ERROR_SYSCALL || ssl->options.shutdownDone) {
         /* ask the underlying transport the connection is closed */
-        if (ssl->CBIORecv(ssl, (char*)data, 0, ssl->IOCB_ReadCtx) ==
-                                            WOLFSSL_CBIO_ERR_CONN_CLOSE) {
+        if (ssl->CBIORecv(ssl, (char*)data, 0, ssl->IOCB_ReadCtx)
+            == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE))
+        {
             ssl->options.isClosed = 1;
             ssl->error = WOLFSSL_ERROR_ZERO_RETURN;
         }
@@ -2900,9 +2929,9 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
 
 #ifdef HAVE_WRITE_DUP
     if (ssl->dupWrite) {
-        if (ssl->error != 0 && ssl->error != WANT_READ
+        if (ssl->error != 0 && ssl->error != WC_NO_ERR_TRACE(WANT_READ)
         #ifdef WOLFSSL_ASYNC_CRYPT
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             int notifyErr;
@@ -3395,7 +3424,7 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
     char    *list, *ptr, **token;
     word16  len;
     int     idx = 0;
-    int     ret = WOLFSSL_FAILURE;
+    int     ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_UseALPN");
 
@@ -3623,7 +3652,7 @@ static int _Rehandshake(WOLFSSL* ssl)
 
         ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;
 
-#if !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_TLS12)
         if (ssl->options.side == WOLFSSL_SERVER_END) {
             ret = SendHelloRequest(ssl);
             if (ret != 0) {
@@ -3631,7 +3660,7 @@ static int _Rehandshake(WOLFSSL* ssl)
                 return WOLFSSL_FATAL_ERROR;
             }
         }
-#endif /* !NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !WOLFSSL_NO_TLS12 */
 
         ret = InitHandshakeHashes(ssl);
         if (ret != 0) {
@@ -3975,7 +4004,7 @@ int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
 
 int wolfSSL_SendUserCanceled(WOLFSSL* ssl)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_recv");
 
     if (ssl != NULL) {
@@ -3997,7 +4026,7 @@ int wolfSSL_SendUserCanceled(WOLFSSL* ssl)
 WOLFSSL_ABI
 int wolfSSL_shutdown(WOLFSSL* ssl)
 {
-    int  ret = WOLFSSL_FATAL_ERROR;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     WOLFSSL_ENTER("wolfSSL_shutdown");
 
     if (ssl == NULL)
@@ -4039,7 +4068,7 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
         /* call wolfSSL_shutdown again for bidirectional shutdown */
         if (ssl->options.sentNotify && !ssl->options.closeNotify) {
             ret = ProcessReply(ssl);
-            if ((ret == ZERO_RETURN) ||
+            if ((ret == WC_NO_ERR_TRACE(ZERO_RETURN)) ||
                 (ret == WC_NO_ERR_TRACE(SOCKET_ERROR_E))) {
                 /* simulate OpenSSL behavior */
                 ssl->options.shutdownDone = 1;
@@ -4097,13 +4126,16 @@ int wolfSSL_get_error(WOLFSSL* ssl, int ret)
     WOLFSSL_LEAVE("wolfSSL_get_error", ssl->error);
 
     /* make sure converted types are handled in SetErrorString() too */
-    if (ssl->error == WANT_READ)
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_READ))
         return WOLFSSL_ERROR_WANT_READ;         /* convert to OpenSSL type */
-    else if (ssl->error == WANT_WRITE)
+    else if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
         return WOLFSSL_ERROR_WANT_WRITE;        /* convert to OpenSSL type */
-    else if (ssl->error == ZERO_RETURN || ssl->options.shutdownDone)
+    else if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN) ||
+             ssl->options.shutdownDone)
         return WOLFSSL_ERROR_ZERO_RETURN;       /* convert to OpenSSL type */
 #ifdef OPENSSL_EXTRA
+    else if (ssl->error == WC_NO_ERR_TRACE(MATCH_SUITE_ERROR))
+        return WOLFSSL_ERROR_SYSCALL;           /* convert to OpenSSL type */
     else if (ssl->error == WC_NO_ERR_TRACE(SOCKET_PEER_CLOSED_E))
         return WOLFSSL_ERROR_SYSCALL;           /* convert to OpenSSL type */
 #endif
@@ -4126,9 +4158,9 @@ int wolfSSL_want(WOLFSSL* ssl)
 {
     int rw_state = SSL_NOTHING;
     if (ssl) {
-        if (ssl->error == WANT_READ)
+        if (ssl->error == WC_NO_ERR_TRACE(WANT_READ))
             rw_state = SSL_READING;
-        else if (ssl->error == WANT_WRITE)
+        else if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
             rw_state = SSL_WRITING;
     }
     return rw_state;
@@ -4139,7 +4171,7 @@ int wolfSSL_want(WOLFSSL* ssl)
 int wolfSSL_want_read(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_want_read");
-    if (ssl->error == WANT_READ)
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_READ))
         return 1;
 
     return 0;
@@ -4150,7 +4182,7 @@ int wolfSSL_want_read(WOLFSSL* ssl)
 int wolfSSL_want_write(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_want_write");
-    if (ssl->error == WANT_WRITE)
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
         return 1;
 
     return 0;
@@ -4549,7 +4581,7 @@ int wolfSSL_GetCipherType(WOLFSSL* ssl)
     if (ssl->specs.cipher_type == aead)
         return WOLFSSL_AEAD_TYPE;
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 
@@ -4665,7 +4697,7 @@ int wolfSSL_pending(WOLFSSL* ssl)
     if (ssl == NULL)
         return WOLFSSL_FAILURE;
 
-    return ssl->buffers.clearOutputBuffer.length;
+    return (int)ssl->buffers.clearOutputBuffer.length;
 }
 
 int wolfSSL_has_pending(const WOLFSSL* ssl)
@@ -5094,6 +5126,42 @@ Signer* GetCA(void* vp, byte* hash)
     return ret;
 }
 
+#if defined(HAVE_OCSP)
+Signer* GetCAByKeyHash(void* vp, const byte* keyHash)
+{
+    WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
+    Signer* ret = NULL;
+    Signer* signers;
+    int row;
+
+    if (cm == NULL || keyHash == NULL)
+        return NULL;
+
+    /* try lookup using keyHash as subjKeyID first */
+    ret = GetCA(vp, (byte*)keyHash);
+    if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
+        return ret;
+    }
+
+    /* if we can't find the cert, we have to scan the full table */
+    if (wc_LockMutex(&cm->caLock) != 0)
+        return NULL;
+
+    /* Unfortunately we need to look through the entire table */
+    for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
+        for (signers = cm->caTable[row]; signers != NULL;
+                signers = signers->next) {
+            if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
+                ret = signers;
+                break;
+            }
+        }
+    }
+
+    wc_UnLockMutex(&cm->caLock);
+    return ret;
+}
+#endif
 #ifdef WOLFSSL_AKID_NAME
 Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz,
         const byte* serial, word32 serialSz)
@@ -5349,6 +5417,13 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 #endif
 
     InitDecodedCert(cert, der->buffer, der->length, cm->heap);
+
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    if (cm->unknownExtCallback != NULL) {
+        wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
+    }
+#endif
+
     ret = ParseCert(cert, CA_TYPE, verify, cm);
     WOLFSSL_MSG("\tParsed new CA");
 
@@ -5932,6 +6007,17 @@ int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
         return BAD_FUNC_ARG;
 }
 
+int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb, void* ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
+    if (ssl) {
+        SSL_CM_WARNING(ssl);
+        return wolfSSL_CertManagerSetCRL_ErrorCb(SSL_CM(ssl), cb, ctx);
+    }
+    else
+        return BAD_FUNC_ARG;
+}
+
 #ifdef HAVE_CRL_IO
 int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb)
 {
@@ -5997,6 +6083,15 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
         return BAD_FUNC_ARG;
 }
 
+int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb, void* cbCtx)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_ErrorCb");
+    if (ctx)
+        return wolfSSL_CertManagerSetCRL_ErrorCb(ctx->cm, cb, cbCtx);
+    else
+        return BAD_FUNC_ARG;
+}
+
 #ifdef HAVE_CRL_IO
 int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb)
 {
@@ -6194,7 +6289,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
 #endif
     word32 size;
     byte*  buff;
-    int    ret = WOLFSSL_FAILURE;
+    int    ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("check_cert_key");
 
@@ -6482,7 +6577,7 @@ static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 #endif
 
     if (!isRsaKey) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6566,7 +6661,7 @@ static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 #endif
 
     if (!isEccKey) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6654,7 +6749,7 @@ static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 
     /* test if DSA key */
     if (!isDsaKey) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6738,7 +6833,7 @@ static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 
     /* test if DH key */
     if (!isDhKey) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6822,7 +6917,7 @@ static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 #endif
 
     if (ret != 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6937,7 +7032,7 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 #endif
 
     if (!isFalcon) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -7022,7 +7117,7 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 #endif
 
     if (!isDilithium) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -8337,6 +8432,8 @@ static int CheckcipherList(const char* list)
         char   name[MAX_SUITE_NAME + 1];
         word32 length = MAX_SUITE_NAME;
         word32 current_length;
+        byte major = INVALID_BYTE;
+        byte minor = INVALID_BYTE;
 
         next   = XSTRSTR(next, ":");
 
@@ -8361,10 +8458,10 @@ static int CheckcipherList(const char* list)
             break;
         }
 
-        ret = wolfSSL_get_cipher_suite_from_name(name, &cipherSuite0,
-                                                        &cipherSuite1, &flags);
+        ret = GetCipherSuiteFromName(name, &cipherSuite0,
+                &cipherSuite1, &major, &minor, &flags);
         if (ret == 0) {
-            if (cipherSuite0 == TLS13_BYTE) {
+            if (cipherSuite0 == TLS13_BYTE || minor == TLSv1_3_MINOR) {
                 /* TLSv13 suite */
                 findTLSv13Suites = 1;
             }
@@ -8465,10 +8562,6 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     }
 
     /* list contains ciphers either only for TLS 1.3 or <= TLS 1.2 */
-    if (suites->suiteSz == 0) {
-        WOLFSSL_MSG("Warning suites->suiteSz = 0 set to WOLFSSL_MAX_SUITE_SZ");
-        suites->suiteSz = WOLFSSL_MAX_SUITE_SZ;
-    }
 #ifdef WOLFSSL_SMALL_STACK
     if (suites->suiteSz > 0) {
         suitesCpy = (byte*)XMALLOC(suites->suiteSz, NULL,
@@ -8495,6 +8588,12 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         return WOLFSSL_FAILURE;
     }
 
+    /* The idea in this section is that OpenSSL has two API to set ciphersuites.
+     *   - SSL_CTX_set_cipher_list for setting TLS <= 1.2 suites
+     *   - SSL_CTX_set_ciphersuites for setting TLS 1.3 suites
+     * Since we direct both API here we attempt to provide API compatibility. If
+     * we only get suites from <= 1.2 or == 1.3 then we will only update those
+     * suites and keep the suites from the other group. */
     for (i = 0; i < suitesCpySz &&
                 suites->suiteSz <= (WOLFSSL_MAX_SUITE_SZ - SUITE_LEN); i += 2) {
         /* Check for duplicates */
@@ -8891,7 +8990,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
     if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
         result = Dtls13RtxTimeout(ssl);
         if (result < 0) {
-            if (result == WANT_WRITE)
+            if (result == WC_NO_ERR_TRACE(WANT_WRITE))
                 ssl->dtls13SendingAckOrRtx = 1;
             ssl->error = result;
             WOLFSSL_ERROR(result);
@@ -9231,7 +9330,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* do not send buffered or advance state if last error was an
                 async pending operation */
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             ret = SendBuffered(ssl);
@@ -9330,7 +9429,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                      * should just ignore the message */
                     ssl->dtls13Rtx.sendAcks = 0;
                     if ((ssl->error = SendDtls13Ack(ssl)) < 0) {
-                        if (ssl->error == WANT_WRITE)
+                        if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
                             ssl->dtls13SendingAckOrRtx = 1;
                         WOLFSSL_ERROR(ssl->error);
                         return WOLFSSL_FATAL_ERROR;
@@ -9431,7 +9530,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                     ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
                 #endif
 #ifdef WOLFSSL_EXTRA_ALERTS
-                    if (ssl->error == NO_PEER_KEY ||
+                    if (ssl->error == WC_NO_ERR_TRACE(NO_PEER_KEY) ||
                         ssl->error == WC_NO_ERR_TRACE(PSK_KEY_ERROR)) {
                         SendAlert(ssl, alert_fatal, handshake_failure);
                     }
@@ -9782,7 +9881,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* do not send buffered or advance state if last error was an
                 async pending operation */
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             ret = SendBuffered(ssl);
@@ -10315,6 +10414,25 @@ int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn)
     }
 }
 
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+const char *wolfSSL_get0_peername(WOLFSSL *ssl) {
+    if (ssl == NULL) {
+        return NULL;
+    }
+
+    if (ssl->buffers.domainName.buffer)
+        return (const char *)ssl->buffers.domainName.buffer;
+    else if (ssl->session && ssl->session->peer)
+        return ssl->session->peer->subjectCN;
+    else if (ssl->peerCert.subjectCN[0])
+        return ssl->peerCert.subjectCN;
+    else {
+        ssl->error = NO_PEER_CERT;
+        return NULL;
+    }
+}
+
+#endif /* SESSION_CERTS && OPENSSL_EXTRA */
 
 /* turn on wolfSSL zlib compression
    returns WOLFSSL_SUCCESS for success, else error (not built in)
@@ -10357,7 +10475,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                 sending += (int)iov[i].iov_len;
 
             if (sending > (int)sizeof(staticBuffer)) {
-                myBuffer = (byte*)XMALLOC(sending, ssl->heap,
+                myBuffer = (byte*)XMALLOC((size_t)sending, ssl->heap,
                                                            DYNAMIC_TYPE_WRITEV);
                 if (!myBuffer)
                     return MEMORY_ERROR;
@@ -10432,7 +10550,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb,
                                  TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout)
     {
-        int       ret        = WOLFSSL_FATAL_ERROR;
+        int       ret        = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
         int       oldTimerOn = 0;   /* was timer already on */
         WOLFSSL_TIMEVAL startTime;
         WOLFSSL_TIMEVAL endTime;
@@ -10887,8 +11005,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     {
         WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_noconf");
 
-        if  (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR)
+        if  (wolfSSL_add_all_algorithms() ==
+             WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR))
+        {
             return WOLFSSL_FATAL_ERROR;
+        }
 
         return  WOLFSSL_SUCCESS;
     }
@@ -10901,7 +11022,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         the use of a wolfssl.cnf type configuration file and is only used for
         OpenSSL compatibility. */
 
-        if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) {
+        if (wolfSSL_add_all_algorithms() ==
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR))
+        {
             return WOLFSSL_FATAL_ERROR;
         }
         return WOLFSSL_SUCCESS;
@@ -10930,7 +11053,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
 #ifdef OPENSSL_EXTRA
 #ifndef NO_BIO
-    void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr)
+    static void ssl_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr, int flags)
     {
         WOLFSSL_ENTER("wolfSSL_set_bio");
 
@@ -10941,8 +11064,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
         /* free any existing WOLFSSL_BIOs in use but don't free those in
          * a chain */
-        if (ssl->biord != NULL) {
-            if (ssl->biord != ssl->biowr) {
+        if ((flags & WOLFSSL_BIO_FLAG_READ) && (ssl->biord != NULL)) {
+            if ((flags & WOLFSSL_BIO_FLAG_WRITE) && (ssl->biord != ssl->biowr)) {
                 if (ssl->biowr != NULL && ssl->biowr->prev != NULL)
                     wolfSSL_BIO_free(ssl->biowr);
                 ssl->biowr = NULL;
@@ -10951,21 +11074,33 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                 wolfSSL_BIO_free(ssl->biord);
             ssl->biord = NULL;
         }
+        else if ((flags & WOLFSSL_BIO_FLAG_WRITE) && (ssl->biowr != NULL)) {
+            if (ssl->biowr->prev != NULL)
+                wolfSSL_BIO_free(ssl->biowr);
+            ssl->biowr = NULL;
+        }
+
         /* set flag obviously */
         if (rd && !(rd->flags & WOLFSSL_BIO_FLAG_READ))
             rd->flags |= WOLFSSL_BIO_FLAG_READ;
         if (wr && !(wr->flags & WOLFSSL_BIO_FLAG_WRITE))
             wr->flags |= WOLFSSL_BIO_FLAG_WRITE;
 
-        ssl->biord = rd;
-        ssl->biowr = wr;
+        if (flags & WOLFSSL_BIO_FLAG_READ)
+            ssl->biord = rd;
+        if (flags & WOLFSSL_BIO_FLAG_WRITE)
+            ssl->biowr = wr;
 
         /* set SSL to use BIO callbacks instead */
-        if (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0)) {
-            ssl->CBIORecv = BioReceive;
+        if ((flags & WOLFSSL_BIO_FLAG_READ) &&
+            (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0)))
+        {
+            ssl->CBIORecv = SslBioReceive;
         }
-        if (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0)) {
-            ssl->CBIOSend = BioSend;
+        if ((flags & WOLFSSL_BIO_FLAG_WRITE) &&
+            (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0)))
+        {
+            ssl->CBIOSend = SslBioSend;
         }
 
         /* User programs should always retry reading from these BIOs */
@@ -10978,6 +11113,22 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             BIO_set_retry_read(wr);
         }
     }
+
+    void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr)
+    {
+        ssl_set_bio(ssl, rd, wr, WOLFSSL_BIO_FLAG_READ | WOLFSSL_BIO_FLAG_WRITE);
+    }
+
+    void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd)
+    {
+        ssl_set_bio(ssl, rd, NULL, WOLFSSL_BIO_FLAG_READ);
+    }
+
+    void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr)
+    {
+        ssl_set_bio(ssl, NULL, wr, WOLFSSL_BIO_FLAG_WRITE);
+    }
+
 #endif /* !NO_BIO */
 #endif /* OPENSSL_EXTRA */
 
@@ -11272,8 +11423,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             return WOLFSSL_FAILURE;
         }
 
-        if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) !=
-                WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
             wolfSSL_X509_NAME_free(nameCopy);
             return WOLFSSL_FAILURE;
@@ -11328,8 +11478,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                 */
                 nameCopy->x509 = NULL;
 
-                if (wolfSSL_sk_X509_NAME_push(list, nameCopy) !=
-                        WOLFSSL_SUCCESS) {
+                if (wolfSSL_sk_X509_NAME_push(list, nameCopy) <= 0) {
                     WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
                     /* Do free in loop because nameCopy is now responsibility
                      * of list to free and adding jumps to cleanup after this
@@ -11490,16 +11639,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                 wc_FreeRng(&rng);
                 return WOLFSSL_FAILURE;
             }
-            if (ctx->srp_password != NULL){
-                XFREE(ctx->srp_password,NULL,
-                      DYNAMIC_TYPE_SRP);
-                ctx->srp_password = NULL;
-            }
+            XFREE(ctx->srp_password, NULL, DYNAMIC_TYPE_SRP);
+            ctx->srp_password = NULL;
             wc_FreeRng(&rng);
         } else {
             /* save password for wolfSSL_set_srp_username */
-            if (ctx->srp_password != NULL)
-                XFREE(ctx->srp_password,ctx->heap, DYNAMIC_TYPE_SRP);
+            XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);
 
             ctx->srp_password = (byte*)XMALLOC(XSTRLEN(password) + 1, ctx->heap,
                                                DYNAMIC_TYPE_SRP);
@@ -11673,7 +11818,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         WOLFSSL_MSG("wolfSSL options are set through API calls and macros");
         if(ctx == NULL)
             return BAD_FUNC_ARG;
-        return ctx->mask;
+        return (long)ctx->mask;
     }
 
     /* forward declaration */
@@ -11686,7 +11831,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         if (ctx == NULL)
             return BAD_FUNC_ARG;
 
-        ctx->mask = wolf_set_options(ctx->mask, opt);
+        ctx->mask = (unsigned long)wolf_set_options((long)ctx->mask, opt);
 #if defined(HAVE_SESSION_TICKET) && (defined(OPENSSL_EXTRA) \
         || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL))
         if ((ctx->mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) {
@@ -11702,7 +11847,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         #endif
         */
 #endif
-        return ctx->mask;
+        return (long)ctx->mask;
     }
 
     long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
@@ -11710,8 +11855,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         WOLFSSL_ENTER("wolfSSL_CTX_clear_options");
         if(ctx == NULL)
             return BAD_FUNC_ARG;
-        ctx->mask &= ~opt;
-        return ctx->mask;
+        ctx->mask &= (unsigned long)~opt;
+        return (long)ctx->mask;
     }
 
 #ifdef OPENSSL_EXTRA
@@ -12129,8 +12274,9 @@ int wolfSSL_get_peer_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey)
         int sz;
 
         PRIVATE_KEY_UNLOCK();
-        if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz) !=
-                LENGTH_ONLY_E) {
+        if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz)
+              != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        {
             WOLFSSL_MSG("get ecc der size failed");
             PRIVATE_KEY_LOCK();
             return WOLFSSL_FAILURE;
@@ -12530,7 +12676,7 @@ static int Set_CTX_max_proto_version(WOLFSSL_CTX* ctx, int ver)
 int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version)
 {
     int i;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int minProto;
 
     WOLFSSL_ENTER("wolfSSL_CTX_set_max_proto_version");
@@ -12651,7 +12797,7 @@ static int Set_SSL_min_proto_version(WOLFSSL* ssl, int ver)
 int wolfSSL_set_min_proto_version(WOLFSSL* ssl, int version)
 {
     int i;
-    int ret = WOLFSSL_FAILURE;;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);;
 
     WOLFSSL_ENTER("wolfSSL_set_min_proto_version");
 
@@ -12719,7 +12865,7 @@ static int Set_SSL_max_proto_version(WOLFSSL* ssl, int ver)
 int wolfSSL_set_max_proto_version(WOLFSSL* ssl, int version)
 {
     int i;
-    int ret = WOLFSSL_FAILURE;;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);;
 
     WOLFSSL_ENTER("wolfSSL_set_max_proto_version");
 
@@ -12857,7 +13003,7 @@ int wolfSSL_CTX_get_max_proto_version(WOLFSSL_CTX* ctx)
 
     WOLFSSL_LEAVE("wolfSSL_CTX_get_max_proto_version", ret);
 
-    if (ret == WOLFSSL_FATAL_ERROR) {
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
         WOLFSSL_MSG("Error getting max proto version");
         ret = 0; /* setting ret to 0 to match compat return */
     }
@@ -13074,7 +13220,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         }
 
         /* SSL_MODE_AUTO_RETRY
-         * Should not return -1 with renegotiation on read/write */
+         * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */
 
         return mode;
     }
@@ -13101,7 +13247,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         }
 
         /* SSL_MODE_AUTO_RETRY
-         * Should not return -1 with renegotiation on read/write */
+         * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */
 
         return 0;
     }
@@ -13410,7 +13556,7 @@ static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm,
     i--;
     for (; i >= 0; i--) {
         if (push) {
-            if (wolfSSL_sk_X509_push(sk, issuer[i]) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_push(sk, issuer[i]) <= 0) {
                 wolfSSL_X509_free(issuer[i]);
                 ret = WOLFSSL_FATAL_ERROR;
                 push = 0; /* Free the rest of the unpushed certs */
@@ -13456,13 +13602,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
              * first if we have one for this cert */
             SSL_CM_WARNING(ssl);
             if (PushCAx509Chain(SSL_CM(ssl), x509, sk)
-                    == WOLFSSL_FATAL_ERROR) {
+                    == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
                 ret = WOLFSSL_FATAL_ERROR;
             }
         }
 #endif
 
-        if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
+        if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) <= 0) {
             WOLFSSL_MSG("Error decoding cert");
             wolfSSL_X509_free(x509);
             wolfSSL_sk_X509_pop_free(sk, NULL);
@@ -13552,71 +13698,85 @@ static WC_INLINE int compare_WOLFSSL_CIPHER(
         (a->bits == b->bits))
         return 0;
     else
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 }
 #endif /* OPENSSL_ALL || WOLFSSL_QT */
 
 
-/* return 1 on success 0 on fail */
+/* return number of elements on success 0 on fail */
 int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
+{
+    WOLFSSL_ENTER("wolfSSL_sk_push");
+
+    return wolfSSL_sk_insert(sk, data, 0);
+}
+
+/* return number of elements on success 0 on fail */
+int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx)
 {
     WOLFSSL_STACK* node;
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
     WOLFSSL_CIPHER ciph;
 #endif
-    WOLFSSL_ENTER("wolfSSL_sk_push");
+    WOLFSSL_ENTER("wolfSSL_sk_insert");
 
-    if (!sk) {
+    if (!sk)
+        return WOLFSSL_FATAL_ERROR;
+    if (!data)
         return WOLFSSL_FAILURE;
-    }
 
-    /* Check if empty data */
-    switch (sk->type) {
-        case STACK_TYPE_CIPHER:
+    if (idx == 0 || sk->num == 0) {
+        /* Check if empty data */
+        switch (sk->type) {
+            case STACK_TYPE_CIPHER:
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-            /* check if entire struct is zero */
-            XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
-            if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) {
-                sk->data.cipher = *(WOLFSSL_CIPHER*)data;
-                sk->num = 1;
-                if (sk->hash_fn) {
-                    sk->hash = sk->hash_fn(&sk->data.cipher);
+                /* check if entire struct is zero */
+                XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
+                if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) {
+                    sk->data.cipher = *(WOLFSSL_CIPHER*)data;
+                    sk->num = 1;
+                    if (sk->hash_fn) {
+                        sk->hash = sk->hash_fn(&sk->data.cipher);
+                    }
+                    return (int)sk->num;
                 }
-                return WOLFSSL_SUCCESS;
-            }
-            break;
+                if (sk->num == 0)
+                    sk->num = 1; /* confirmed at least one element */
+                break;
 #endif
-        case STACK_TYPE_X509:
-        case STACK_TYPE_GEN_NAME:
-        case STACK_TYPE_BIO:
-        case STACK_TYPE_OBJ:
-        case STACK_TYPE_STRING:
-        case STACK_TYPE_ACCESS_DESCRIPTION:
-        case STACK_TYPE_X509_EXT:
-        case STACK_TYPE_X509_REQ_ATTR:
-        case STACK_TYPE_NULL:
-        case STACK_TYPE_X509_NAME:
-        case STACK_TYPE_X509_NAME_ENTRY:
-        case STACK_TYPE_CONF_VALUE:
-        case STACK_TYPE_X509_INFO:
-        case STACK_TYPE_BY_DIR_entry:
-        case STACK_TYPE_BY_DIR_hash:
-        case STACK_TYPE_X509_OBJ:
-        case STACK_TYPE_DIST_POINT:
-        case STACK_TYPE_X509_CRL:
-        default:
-            /* All other types are pointers */
-            if (!sk->data.generic) {
-                sk->data.generic = (void*)data;
-                sk->num = 1;
+            case STACK_TYPE_X509:
+            case STACK_TYPE_GEN_NAME:
+            case STACK_TYPE_BIO:
+            case STACK_TYPE_OBJ:
+            case STACK_TYPE_STRING:
+            case STACK_TYPE_ACCESS_DESCRIPTION:
+            case STACK_TYPE_X509_EXT:
+            case STACK_TYPE_X509_REQ_ATTR:
+            case STACK_TYPE_NULL:
+            case STACK_TYPE_X509_NAME:
+            case STACK_TYPE_X509_NAME_ENTRY:
+            case STACK_TYPE_CONF_VALUE:
+            case STACK_TYPE_X509_INFO:
+            case STACK_TYPE_BY_DIR_entry:
+            case STACK_TYPE_BY_DIR_hash:
+            case STACK_TYPE_X509_OBJ:
+            case STACK_TYPE_DIST_POINT:
+            case STACK_TYPE_X509_CRL:
+            default:
+                /* All other types are pointers */
+                if (!sk->data.generic) {
+                    sk->data.generic = (void*)data;
+                    sk->num = 1;
 #ifdef OPENSSL_ALL
-                if (sk->hash_fn) {
-                    sk->hash = sk->hash_fn(sk->data.generic);
-                }
+                    if (sk->hash_fn)
+                        sk->hash = sk->hash_fn(sk->data.generic);
 #endif
-                return WOLFSSL_SUCCESS;
-            }
-            break;
+                    return (int)sk->num;
+                }
+                if (sk->num == 0)
+                    sk->num = 1; /* confirmed at least one element */
+                break;
+        }
     }
 
     /* stack already has value(s) create a new node and add more */
@@ -13625,26 +13785,71 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
         WOLFSSL_MSG("Memory error");
         return WOLFSSL_FAILURE;
     }
-
-    /* push new x509 onto head of stack */
-    node->next      = sk->next;
     node->type      = sk->type;
-    sk->next        = node;
     sk->num        += 1;
-
 #ifdef OPENSSL_ALL
     node->hash_fn = sk->hash_fn;
-    node->hash = sk->hash;
-    sk->hash = 0;
 #endif
+
+    if (idx == 0) {
+        /* Special case where we need to change the values in the head element
+         * to avoid changing the initial pointer. */
+        /* push new item onto head of stack */
+        node->next      = sk->next;
+        sk->next        = node;
+#ifdef OPENSSL_ALL
+        node->hash = sk->hash;
+        sk->hash = 0;
+#endif
+        switch (sk->type) {
+            case STACK_TYPE_CIPHER:
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+                node->data.cipher = sk->data.cipher;
+                sk->data.cipher = *(WOLFSSL_CIPHER*)data;
+                if (sk->hash_fn) {
+                    sk->hash = sk->hash_fn(&sk->data.cipher);
+                }
+                break;
+#endif
+            case STACK_TYPE_X509:
+            case STACK_TYPE_GEN_NAME:
+            case STACK_TYPE_BIO:
+            case STACK_TYPE_OBJ:
+            case STACK_TYPE_STRING:
+            case STACK_TYPE_ACCESS_DESCRIPTION:
+            case STACK_TYPE_X509_EXT:
+            case STACK_TYPE_X509_REQ_ATTR:
+            case STACK_TYPE_NULL:
+            case STACK_TYPE_X509_NAME:
+            case STACK_TYPE_X509_NAME_ENTRY:
+            case STACK_TYPE_CONF_VALUE:
+            case STACK_TYPE_X509_INFO:
+            case STACK_TYPE_BY_DIR_entry:
+            case STACK_TYPE_BY_DIR_hash:
+            case STACK_TYPE_X509_OBJ:
+            case STACK_TYPE_DIST_POINT:
+            case STACK_TYPE_X509_CRL:
+            default:
+                /* All other types are pointers */
+                node->data.generic = sk->data.generic;
+                sk->data.generic = (void*)data;
+#ifdef OPENSSL_ALL
+                if (sk->hash_fn)
+                    sk->hash = sk->hash_fn(sk->data.generic);
+#endif
+                break;
+        }
+
+        return (int)sk->num;
+    }
+
+    /* populate node */
     switch (sk->type) {
         case STACK_TYPE_CIPHER:
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-            node->data.cipher = sk->data.cipher;
-            sk->data.cipher = *(WOLFSSL_CIPHER*)data;
-            if (sk->hash_fn) {
-                sk->hash = sk->hash_fn(&sk->data.cipher);
-            }
+            node->data.cipher = *(WOLFSSL_CIPHER*)data;
+            if (node->hash_fn)
+                node->hash = node->hash_fn(&node->data.cipher);
             break;
 #endif
         case STACK_TYPE_X509:
@@ -13667,17 +13872,25 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
         case STACK_TYPE_X509_CRL:
         default:
             /* All other types are pointers */
-            node->data.generic = sk->data.generic;
-            sk->data.generic = (void*)data;
+            node->data.generic = (void*)data;
 #ifdef OPENSSL_ALL
-            if (sk->hash_fn) {
-                sk->hash = sk->hash_fn(sk->data.generic);
-            }
+            if (node->hash_fn)
+                node->hash = node->hash_fn(node->data.generic);
 #endif
             break;
     }
+    {
+        /* insert node into stack. not using sk since we return sk->num after */
+        WOLFSSL_STACK* prev_node = sk;
+        while (idx != 0 && prev_node->next != NULL) {
+            prev_node = prev_node->next;
+            idx--;
+        }
+        node->next = prev_node->next;
+        prev_node->next = node;
+    }
 
-    return WOLFSSL_SUCCESS;
+    return (int)sk->num;
 }
 
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
@@ -14106,7 +14319,8 @@ int wolfSSL_get_cipher_suite_from_name(const char* name, byte* cipherSuite0,
         (cipherSuite == NULL) ||
         (flags == NULL))
         return BAD_FUNC_ARG;
-    return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, flags);
+    return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, NULL, NULL,
+                                  flags);
 }
 
 
@@ -14149,7 +14363,7 @@ word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher)
     WOLFSSL_ENTER("wolfSSL_CIPHER_get_id");
 
     if (cipher && cipher->ssl) {
-        cipher_id = (cipher->ssl->options.cipherSuite0 << 8) |
+        cipher_id = (word16)(cipher->ssl->options.cipherSuite0 << 8) |
                      cipher->ssl->options.cipherSuite;
     }
 
@@ -14247,9 +14461,6 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
             return "P384_KYBER_LEVEL3";
         case WOLFSSL_P521_KYBER_LEVEL5:
             return "P521_KYBER_LEVEL5";
-#elif defined(HAVE_PQM4)
-        case WOLFSSL_KYBER_LEVEL1:
-            return "KYBER_LEVEL1";
 #elif defined(WOLFSSL_WC_KYBER)
     #ifdef WOLFSSL_KYBER512
         case WOLFSSL_KYBER_LEVEL1:
@@ -14549,7 +14760,9 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
     authStr = GetCipherAuthStr(n);
     /* encStr */
     encStr = GetCipherEncStr(n);
-    if ((cipher->bits = SetCipherBits(encStr)) == WOLFSSL_FAILURE) {
+    if ((cipher->bits = SetCipherBits(encStr)) ==
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+    {
        WOLFSSL_MSG("Cipher Bits Not Set.");
     }
     /* macStr */
@@ -14894,20 +15107,80 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
     return ret;
 }
 
-
-#ifndef NO_WOLFSSL_STUB
-int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
-                   int* ssl)
+int wolfSSL_OCSP_parse_url(const char* url, char** host, char** port,
+        char** path, int* ssl)
 {
-    (void)url;
-    (void)host;
-    (void)port;
-    (void)path;
-    (void)ssl;
-    WOLFSSL_STUB("OCSP_parse_url");
-    return 0;
+    const char* u = url;
+    const char* upath; /* path in u */
+    const char* uport; /* port in u */
+    const char* hostEnd;
+
+    WOLFSSL_ENTER("OCSP_parse_url");
+
+    *host = NULL;
+    *port = NULL;
+    *path = NULL;
+    *ssl = 0;
+
+    if (*(u++) != 'h') goto err;
+    if (*(u++) != 't') goto err;
+    if (*(u++) != 't') goto err;
+    if (*(u++) != 'p') goto err;
+    if (*u == 's') {
+        *ssl = 1;
+        u++;
+        *port = CopyString("443", -1, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
+    else if (*u == ':') {
+        *ssl = 0;
+        *port = CopyString("80", -1, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
+    else
+        goto err;
+    if (*port == NULL)
+        goto err;
+    if (*(u++) != ':') goto err;
+    if (*(u++) != '/') goto err;
+    if (*(u++) != '/') goto err;
+
+    /* Look for path */
+    upath = XSTRSTR(u, "/");
+    *path = CopyString(upath == NULL ? "/" : upath, -1, NULL,
+                       DYNAMIC_TYPE_OPENSSL);
+
+    /* Look for port */
+    uport = XSTRSTR(u, ":");
+    if (uport != NULL) {
+        if (*(++uport) == '\0')
+            goto err;
+        /* port must be before path */
+        if (upath != NULL && uport >= upath)
+            goto err;
+        XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL);
+        *port = CopyString(uport, upath != NULL ? (int)(upath - uport) : -1,
+                           NULL, DYNAMIC_TYPE_OPENSSL);
+        if (*port == NULL)
+            goto err;
+        hostEnd = uport - 1;
+    }
+    else
+        hostEnd = upath;
+
+    *host = CopyString(u, hostEnd != NULL ? (int)(hostEnd - u) : -1, NULL,
+                       DYNAMIC_TYPE_OPENSSL);
+    if (*host == NULL)
+        goto err;
+
+    return WOLFSSL_SUCCESS;
+err:
+    XFREE(*host, NULL, DYNAMIC_TYPE_OPENSSL);
+    *host = NULL;
+    XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL);
+    *port = NULL;
+    XFREE(*path, NULL, DYNAMIC_TYPE_OPENSSL);
+    *path = NULL;
+    return WOLFSSL_FAILURE;
 }
-#endif
 
 #ifndef NO_WOLFSSL_STUB
 WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)
@@ -14915,17 +15188,13 @@ WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)
     WOLFSSL_STUB("COMP_zlib");
     return 0;
 }
-#endif
 
-#ifndef NO_WOLFSSL_STUB
 WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void)
 {
     WOLFSSL_STUB("COMP_rle");
     return 0;
 }
-#endif
 
-#ifndef NO_WOLFSSL_STUB
 int wolfSSL_COMP_add_compression_method(int method, void* data)
 {
     (void)method;
@@ -14933,10 +15202,18 @@ int wolfSSL_COMP_add_compression_method(int method, void* data)
     WOLFSSL_STUB("COMP_add_compression_method");
     return 0;
 }
-#endif
 
-#ifndef NO_WOLFSSL_STUB
-const char* wolfSSL_COMP_get_name(const void* comp)
+const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl) {
+    (void)ssl;
+    return NULL;
+}
+
+const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl) {
+    (void)ssl;
+    return NULL;
+}
+
+const char* wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp)
 {
     static const char ret[] = "not supported";
 
@@ -15287,7 +15564,7 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
     /* Nginx looks for this error to know to stop parsing certificates.
      * Same for HAProxy. */
     if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE) ||
-       ((err & 0xFFFFFFL) == -ASN_NO_PEM_HEADER) ||
+       ((err & 0xFFFFFFL) == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) ||
        ((err & 0xFFFL) == PEM_R_NO_START_LINE ))
         return PEM_R_NO_START_LINE;
     if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST))
@@ -15302,7 +15579,9 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
     ret = 0 - ret; /* setting as negative value */
     /* wolfCrypt range is less than MAX (-100)
        wolfSSL range is MIN (-300) and lower */
-    if (ret < MAX_CODE_E && ret > MIN_CODE_E) {
+    if ((ret <= WC_FIRST_E && ret >=  WC_LAST_E) ||
+        (ret <= WOLFSSL_FIRST_E && ret >= WOLFSSL_LAST_E))
+    {
         return ret;
     }
     else {
@@ -15774,7 +16053,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
         return 0;
     }
 
-    ssl->options.mask = wolf_set_options(ssl->options.mask, op);
+    ssl->options.mask = (unsigned long)wolf_set_options((long)ssl->options.mask, op);
 
     if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) {
         WOLFSSL_MSG("Disabling TLS 1.3");
@@ -15877,7 +16156,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
         }
     }
 
-    return ssl->options.mask;
+    return (long)ssl->options.mask;
 }
 
 
@@ -15886,7 +16165,7 @@ long wolfSSL_get_options(const WOLFSSL* ssl)
     WOLFSSL_ENTER("wolfSSL_get_options");
     if(ssl == NULL)
         return WOLFSSL_FAILURE;
-    return ssl->options.mask;
+    return (long)ssl->options.mask;
 }
 
 #if defined(HAVE_SECURE_RENEGOTIATION) \
@@ -16844,7 +17123,7 @@ int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk)
 #if defined(HAVE_EX_DATA) && !defined(NO_FILESYSTEM)
 int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
 {
-    int ret = WOLFSSL_FATAL_ERROR;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
 
     WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file");
     if (ssl != NULL && fname != NULL)
@@ -17826,7 +18105,7 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
                     NULL, &szNeeded) != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             return WOLFSSL_FAILURE;
         *outLen = szNeeded + headerLen + footerLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* don't even try if inLen too short */
@@ -18838,7 +19117,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
 #endif
 
         if (o == NULL) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         #ifdef WOLFSSL_QT
@@ -18858,7 +19137,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
                 byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 if (!buf) {
                     WOLFSSL_MSG("malloc error");
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
                 idx = SetObjectId(o->objSz, buf);
                 XMEMCPY(buf + idx, o->obj, o->objSz);
@@ -18867,12 +19146,12 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
                 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 if (ret < 0) {
                     WOLFSSL_MSG("Issue getting OID of object");
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
             }
             else {
                 WOLFSSL_MSG("Issue getting OID of object");
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
         }
 
@@ -19137,11 +19416,11 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
         }
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) \
         || defined(WOLFSSL_HAPROXY)
-        if (ret == -ASN_NO_PEM_HEADER)
+        if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))
             return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
     #endif
     #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
-        if (ret == ASN1_R_HEADER_TOO_LONG) {
+        if (ret == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) {
             return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG;
         }
     #endif
@@ -19168,7 +19447,7 @@ static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr,
     CRYPTO_EX_cb_ctx* new_ctx = (CRYPTO_EX_cb_ctx*)XMALLOC(
             sizeof(CRYPTO_EX_cb_ctx), NULL, DYNAMIC_TYPE_OPENSSL);
     if (new_ctx == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     new_ctx->ctx_l = ctx_l;
     new_ctx->ctx_ptr = ctx_ptr;
     new_ctx->new_func = new_func;
@@ -19272,7 +19551,7 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr,
         case WOLF_CRYPTO_EX_INDEX_SSL_SESSION:
             if (crypto_ex_cb_new(&crypto_ex_cb_ctx_session, ctx_l, ctx_ptr,
                     new_func, dup_func, free_func) != 0)
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             idx = ssl_session_idx++;
             break;
 
@@ -19293,7 +19572,7 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr,
             break;
     }
     if (idx >= MAX_EX_DATA)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return idx;
 }
 #endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */
@@ -19971,7 +20250,7 @@ int wolfSSL_FIPS_mode_set(int r)
 
 int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits");
 
     #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
@@ -20092,9 +20371,41 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->ctx = ctx;
 
 #ifndef NO_CERTS
+#ifdef WOLFSSL_COPY_CERT
+    /* If WOLFSSL_COPY_CERT defined, always make new copy of cert from ctx */
+    if (ctx->certificate != NULL) {
+        if (ssl->buffers.certificate != NULL) {
+            FreeDer(&ssl->buffers.certificate);
+        }
+        ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer,
+            ctx->certificate->length, ctx->certificate->type,
+            ctx->certificate->heap);
+        if (ret != 0) {
+            return NULL;
+        }
+
+        ssl->buffers.weOwnCert = 1;
+        ret = WOLFSSL_SUCCESS;
+    }
+    if (ctx->certChain != NULL) {
+        if (ssl->buffers.certChain != NULL) {
+            FreeDer(&ssl->buffers.certChain);
+        }
+        ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer,
+            ctx->certChain->length, ctx->certChain->type,
+            ctx->certChain->heap);
+        if (ret != 0) {
+            return NULL;
+        }
+
+        ssl->buffers.weOwnCertChain = 1;
+        ret = WOLFSSL_SUCCESS;
+    }
+#else
     /* ctx owns certificate, certChain and key */
     ssl->buffers.certificate = ctx->certificate;
     ssl->buffers.certChain = ctx->certChain;
+#endif
 #ifdef WOLFSSL_TLS13
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
@@ -20168,7 +20479,7 @@ VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx)
 }
 
 #ifdef HAVE_SNI
-/* this is a compatibily function, consider using
+/* this is a compatibility function, consider using
  * wolfSSL_CTX_set_servername_callback */
 int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx,
                                                CallbackSniRecv cb)
@@ -20260,10 +20571,10 @@ unsigned long wolfSSL_ERR_peek_last_error(void)
             WOLFSSL_MSG("Issue peeking at error node in queue");
             return 0;
         }
-        if (ret == -ASN_NO_PEM_HEADER)
+        if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))
             return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
     #if defined(WOLFSSL_PYTHON)
-        if (ret == ASN1_R_HEADER_TOO_LONG)
+        if (ret == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG))
             return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG;
     #endif
         return (unsigned long)ret;
@@ -21249,8 +21560,7 @@ void wolfSSL_WOLFSSL_STRING_free(WOLFSSL_STRING s)
 {
     WOLFSSL_ENTER("wolfSSL_WOLFSSL_STRING_free");
 
-    if (s != NULL)
-        XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
 void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk)
@@ -22646,7 +22956,7 @@ int oid2nid(word32 oid, int grp)
         }
     }
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* frees all nodes in the current threads error queue
@@ -22663,7 +22973,7 @@ void wolfSSL_ERR_remove_state(unsigned long id)
     }
 }
 
-#endif  /* OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA */
 
 #ifdef OPENSSL_ALL
 
@@ -23240,6 +23550,18 @@ int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff)
     return WOLFSSL_SUCCESS;
 }
 
+/* wolfSSL_CTX_set_dh_auto is provided as compatible API with
+ * SSL_CTX_set_dh_auto to enable auto dh selection functionality.
+ * Since this functionality is enabled by default in wolfSSL,
+ * this API exists as a stub.
+ */
+int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff)
+{
+    (void)ctx;
+    (void)onoff;
+    return WOLFSSL_SUCCESS;
+}
+
 /**
  * set security level (wolfSSL doesn't support security level)
  * @param ctx  a pointer to WOLFSSL_EVP_PKEY_CTX structure
@@ -23273,7 +23595,7 @@ void wolfSSL_CTX_set_keylog_callback(WOLFSSL_CTX* ctx,
     wolfSSL_CTX_keylog_cb_func cb)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_set_keylog_callback");
-  /* stores the callback into WOLFSSL_CTX */
+    /* stores the callback into WOLFSSL_CTX */
     if (ctx != NULL) {
         ctx->keyLogCb = cb;
     }
@@ -23284,8 +23606,7 @@ wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback(
     WOLFSSL_ENTER("wolfSSL_CTX_get_keylog_callback");
     if (ctx != NULL)
         return ctx->keyLogCb;
-    else
-        return NULL;
+    return NULL;
 }
 #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
 
@@ -23561,10 +23882,8 @@ int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len)
 void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf)
 {
     if (buf) {
-        if (buf->data) {
-            XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL);
-            buf->data = NULL;
-        }
+        XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL);
+        buf->data = NULL;
         buf->max = 0;
         buf->length = 0;
         XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -23609,7 +23928,7 @@ static int wolfSSL_RAND_InitMutex(void)
  */
 int wolfSSL_RAND_Init(void)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifdef HAVE_GLOBAL_RNG
     if (wc_LockMutex(&globalRNGMutex) == 0) {
         if (initGlobalRNG == 0) {
@@ -24139,8 +24458,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
     if (initTmpRng)
         wc_FreeRng(tmpRNG);
 #ifdef WOLFSSL_SMALL_STACK
-    if (tmpRNG)
-        XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
+    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
 #endif
 
     return ret;
@@ -24626,7 +24944,7 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
 #if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG)
 int wolfSSL_FIPS_drbg_init(WOLFSSL_DRBG_CTX *ctx, int type, unsigned int flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL) {
         XMEMSET(ctx, 0, sizeof(WOLFSSL_DRBG_CTX));
         ctx->type = type;
@@ -24638,7 +24956,7 @@ int wolfSSL_FIPS_drbg_init(WOLFSSL_DRBG_CTX *ctx, int type, unsigned int flags)
 }
 WOLFSSL_DRBG_CTX* wolfSSL_FIPS_drbg_new(int type, unsigned int flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_DRBG_CTX* ctx = (WOLFSSL_DRBG_CTX*)XMALLOC(sizeof(WOLFSSL_DRBG_CTX),
         NULL, DYNAMIC_TYPE_OPENSSL);
     ret = wolfSSL_FIPS_drbg_init(ctx, type, flags);
@@ -24655,7 +24973,7 @@ WOLFSSL_DRBG_CTX* wolfSSL_FIPS_drbg_new(int type, unsigned int flags)
 int wolfSSL_FIPS_drbg_instantiate(WOLFSSL_DRBG_CTX* ctx,
     const unsigned char* pers, size_t perslen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL && ctx->rng == NULL) {
     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
         (defined(HAVE_FIPS) && FIPS_VERSION_GE(5,0)))
@@ -24689,7 +25007,7 @@ int wolfSSL_FIPS_drbg_set_callbacks(WOLFSSL_DRBG_CTX* ctx,
     size_t entropy_blocklen,
     drbg_nonce_get none_get, drbg_nonce_clean nonce_clean)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL) {
         ctx->entropy_get = entropy_get;
         ctx->entropy_clean = entropy_clean;
@@ -24710,7 +25028,7 @@ void wolfSSL_FIPS_rand_add(const void* buf, int num, double entropy)
 int wolfSSL_FIPS_drbg_reseed(WOLFSSL_DRBG_CTX* ctx, const unsigned char* adin,
     size_t adinlen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL && ctx->rng != NULL) {
     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
         (defined(HAVE_FIPS) && FIPS_VERSION_GE(2,0)))
@@ -24729,7 +25047,7 @@ int wolfSSL_FIPS_drbg_generate(WOLFSSL_DRBG_CTX* ctx, unsigned char* out,
     size_t outlen, int prediction_resistance, const unsigned char* adin,
     size_t adinlen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL && ctx->rng != NULL) {
         ret = wc_RNG_GenerateBlock(ctx->rng, out, (word32)outlen);
         if (ret == 0) {
diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c
index b93d8d5b0b..d1b036c3e0 100644
--- a/src/ssl_asn1.c
+++ b/src/ssl_asn1.c
@@ -1,6 +1,6 @@
 /* ssl_asn1.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,212 +46,197 @@
 
 #ifdef OPENSSL_ALL
 
-/* Create an ASN1 item of the specified type.
- *
- * @param [out] item  Pointer to location to place new ASN1 item.
- * @param [in]  type  Type of ASN1 item to create.
- * @return  0 on success.
- * @return  1 when item type not supported.
- * @return  1 when item type allocation fails.
- */
-static int wolfssl_asn1_item_new(void** item, int type)
+/* Provides access to the member of the obj offset by offset */
+#define asn1Mem(obj, offset) (*(void**)(((byte*)(obj)) + (offset)))
+#define asn1Type(obj, offset) (*(int*)(((byte*)(obj)) + (offset)))
+
+static void* asn1_new_tpl(const WOLFSSL_ASN1_TEMPLATE *mem)
 {
-    int err = 0;
+    if (mem->sequence)
+        return wolfSSL_sk_new_null();
+    else
+        return mem->new_func();
+}
 
-    switch (type) {
-        case WOLFSSL_X509_ALGOR_ASN1:
-            *(WOLFSSL_X509_ALGOR**)item = wolfSSL_X509_ALGOR_new();
+static void* asn1_item_alloc(const WOLFSSL_ASN1_ITEM* item)
+{
+    void* ret = NULL;
+
+    /* allocation */
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+        case WOLFSSL_ASN1_CHOICE:
+            ret = (void *)XMALLOC(item->size, NULL, DYNAMIC_TYPE_OPENSSL);
+            if (ret != NULL)
+                XMEMSET(ret, 0, item->size);
             break;
-        case WOLFSSL_ASN1_BIT_STRING_ASN1:
-            *(WOLFSSL_ASN1_BIT_STRING**)item = wolfSSL_ASN1_BIT_STRING_new();
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            if (item->mcount != 1 || item->members->offset) {
+                WOLFSSL_MSG("incorrect member count or offset");
+                return NULL;
+            }
+            ret = asn1_new_tpl(item->members);
             break;
-        case WOLFSSL_ASN1_INTEGER_ASN1:
-           *(WOLFSSL_ASN1_INTEGER**)item = wolfSSL_ASN1_INTEGER_new();
-           break;
         default:
-            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_new");
-            *(void**)item = NULL;
+            WOLFSSL_MSG("ASN1 type not implemented");
+            return NULL;
     }
-    /* Check whether an item was put in. */
-    if (*(void**)item == NULL) {
-        err = 1;
+
+    return ret;
+}
+
+static int asn1_item_init(void* obj, const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
+    size_t i;
+    int ret = 0;
+
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+            for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+                asn1Mem(obj, mem->offset) = asn1_new_tpl(mem);
+                if (asn1Mem(obj, mem->offset) == NULL) {
+                    ret = WOLFSSL_FATAL_ERROR;
+                    break;
+                }
+            }
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            /* Initialized by new_func. Nothing to do. */
+            break;
+        case WOLFSSL_ASN1_CHOICE:
+            asn1Type(obj, item->toffset) = -1;
+            /* We don't know what to initialize. Nothing to do. */
+            break;
+        default:
+            WOLFSSL_MSG("ASN1 type not implemented");
+            ret = WOLFSSL_FATAL_ERROR;
+            break;
     }
 
-    return err;
+    return ret;
 }
 
 /* Create a new ASN1 item based on a template.
  *
- * @param [in] tpl  Template of ASN1 items.
+ * @param [in] item  Info about ASN1 items.
  * @return  A new ASN1 item on success.
- * @return  NULL when tpl is NULL, dynamic memory allocation fails or ASN1
+ * @return  NULL when item is NULL, dynamic memory allocation fails or ASN1
  *          item type not supported.
  */
-void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* tpl)
+void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* item)
 {
-    int err = 0;
     void* ret = NULL;
-    const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
-    size_t i;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_item_new");
 
-    if (tpl != NULL) {
-        ret = (void *)XMALLOC(tpl->size, NULL, DYNAMIC_TYPE_OPENSSL);
-    }
+    if (item == NULL)
+        return NULL;
 
-    if (ret != NULL) {
-        XMEMSET(ret, 0, tpl->size);
-        for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) {
-            if ((err = wolfssl_asn1_item_new(
-                    (void**)(((byte*)ret) + mem->offset), mem->type))) {
-                break;
-            }
-        }
-    }
+    /* allocation */
+    ret = asn1_item_alloc(item);
+    if (ret == NULL)
+        return NULL;
 
-    if (err) {
-        wolfSSL_ASN1_item_free(ret, tpl);
+    /* initialization */
+    if (asn1_item_init(ret, item) != 0) {
+        wolfSSL_ASN1_item_free(ret, item);
         ret = NULL;
     }
+
     return ret;
 }
 
-/* Dispose of an ASN1 item of the specified type.
- *
- * @param [in, out] item  Pointer to an anonymized ASN1 item to free.
- * @param [in]      type  Type of ASN1 item to free.
- */
-static void wolfssl_asn1_item_free(void** item, int type)
+static void asn1_free_tpl(void *obj, const WOLFSSL_ASN1_TEMPLATE *mem)
 {
-    switch (type) {
-        case WOLFSSL_X509_ALGOR_ASN1:
-            wolfSSL_X509_ALGOR_free(*(WOLFSSL_X509_ALGOR**)item);
-            break;
-        case WOLFSSL_ASN1_BIT_STRING_ASN1:
-            wolfSSL_ASN1_BIT_STRING_free(*(WOLFSSL_ASN1_BIT_STRING**)item);
-            break;
-        case WOLFSSL_ASN1_INTEGER_ASN1:
-            wolfSSL_ASN1_INTEGER_free(*(WOLFSSL_ASN1_INTEGER**)item);
-            break;
-        default:
-            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_free");
+    if (obj != NULL) {
+        if (mem->sequence)
+            wolfSSL_sk_pop_free((WOLFSSL_STACK *)obj, mem->free_func);
+        else
+            mem->free_func(obj);
     }
 }
 
 /* Dispose of ASN1 item based on a template.
  *
  * @param [in, out] val  ASN item to free.
- * @param [in,      tpl  Template of ASN1 items.
+ * @param [in,      item Info about ASN1 items.
  */
-void wolfSSL_ASN1_item_free(void *items, const WOLFSSL_ASN1_ITEM *tpl)
+void wolfSSL_ASN1_item_free(void *obj, const WOLFSSL_ASN1_ITEM *item)
 {
     const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
     size_t i;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_item_free");
 
-    if (items != NULL) {
-        for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) {
-            wolfssl_asn1_item_free((void**)(((byte*)items) + mem->offset),
-                mem->type);
+    if (obj != NULL) {
+        switch (item->type) {
+            case WOLFSSL_ASN1_SEQUENCE:
+                for (mem = item->members, i = 0; i < item->mcount; mem++, i++)
+                    asn1_free_tpl(asn1Mem(obj, mem->offset), mem);
+                XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
+                break;
+            case WOLFSSL_ASN1_CHOICE:
+                if (asn1Type(obj, item->toffset) < 0)
+                    break; /* type not set */
+                for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+                    if (asn1Type(obj, item->toffset) == mem->tag) {
+                        asn1_free_tpl(asn1Mem(obj, mem->offset), mem);
+                        break;
+                    }
+                }
+                XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
+                break;
+            case WOLFSSL_ASN1_OBJECT_TYPE:
+                asn1_free_tpl(obj, item->members);
+                break;
+            default:
+                WOLFSSL_MSG("ASN1 type not implemented");
+                break;
         }
     }
-    XFREE(items, NULL, DYNAMIC_TYPE_OPENSSL);
-}
-
-/* Offset buf if not NULL or NULL. */
-#define bufLenOrNull(buf, len) (((buf) != NULL) ? ((buf) + (len)) : NULL)
-
-/* Encode X509 algorithm as DER.
- *
- * @param [in]      algor  X509 algorithm object.
- * @param [in, out] buf    Buffer to encode into. May be NULL.
- * @return  Length of DER encoding on success.
- * @return  0 on failure.
- */
-static int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* algor, byte* buf)
-{
-    int ret;
-    word32 oid = 0;
-    word32 idx = 0;
-
-    if (algor->algorithm == 0) {
-        WOLFSSL_MSG("X509_ALGOR algorithm not set");
-        ret = 0;
-    }
-    else if (GetObjectId(algor->algorithm->obj, &idx, &oid,
-            (word32)algor->algorithm->grp, algor->algorithm->objSz) < 0) {
-        WOLFSSL_MSG("Issue getting OID of object");
-        ret = 0;
-    }
-    else {
-        ret = (int)SetAlgoID((int)oid, buf, algor->algorithm->grp, 0);
-    }
-
-    return ret;
 }
 
-/* Encode ASN.1 BIT_STRING as DER.
- *
- * @param [in]      bit_str  BIT_STRING object.
- * @param [in, out] buf      Buffer to encode into. May be NULL.
- * @return  Length of DER encoding on success.
- */
-static int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bit_str,
-    byte* buf)
+static int i2d_asn1_items(const void* obj, byte** buf,
+        const WOLFSSL_ASN1_TEMPLATE* mem)
 {
-    int len;
-
-    len = (int)SetBitString((word32)bit_str->length, 0, buf);
-    if ((buf != NULL) && (bit_str->data != NULL)) {
-        XMEMCPY(buf + len, bit_str->data, (size_t)bit_str->length);
-    }
-
-    return len + bit_str->length;
-}
-
-/* Encode ASN item as DER.
- *
- * @param [in]      item  Pointer to anonymized ASN item.
- * @param [in, out] buf   Buffer to encode into. May be NULL.
- * @return  Length of DER encoding on success.
- * @return  0 on failure.
- */
-static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf)
-{
-    int len;
-
-    switch (type) {
-        case WOLFSSL_X509_ALGOR_ASN1:
-            len = wolfSSL_i2d_X509_ALGOR(*(const WOLFSSL_X509_ALGOR**)item,
-                buf);
-            break;
-        case WOLFSSL_ASN1_BIT_STRING_ASN1:
-            len = wolfSSL_i2d_ASN1_BIT_STRING(
-                *(const WOLFSSL_ASN1_BIT_STRING**)item, buf);
-            break;
-        case WOLFSSL_ASN1_INTEGER_ASN1:
-        {
-            byte *tmp_buf = buf;
-            len = wolfSSL_i2d_ASN1_INTEGER(
-                *(const WOLFSSL_ASN1_INTEGER**)item, &tmp_buf);
-            if ((buf == NULL) && (tmp_buf != NULL)) {
-                XFREE(tmp_buf, NULL, DYNAMIC_TYPE_ASN1);
-                tmp_buf = NULL;
+    int len = 0;
+    int ret = 0;
+    if (mem->sequence) {
+        const WOLFSSL_STACK* sk = (WOLFSSL_STACK *)asn1Mem(obj, mem->offset);
+        int ski; /* stack index */
+        int innerLen = 0;
+        /* Figure out the inner length first */
+        for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) {
+            ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), NULL);
+            if (ret <= 0)
+                break;
+            innerLen += ret;
+        }
+        if (ret <= 0)
+            return 0;
+        if (buf != NULL && *buf != NULL) {
+            /* Now write it out */
+            int writeLen = 0;
+            *buf += SetSequence((word32)innerLen, *buf);
+            for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) {
+                ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), buf);
+                if (ret <= 0)
+                    break;
+                writeLen += ret;
             }
+            if (ret <= 0 || writeLen != innerLen)
+                return 0;
         }
-        break;
-        default:
-            WOLFSSL_MSG("Type not support in processMembers");
-            len = 0;
+        len = (int)SetSequence((word32)innerLen, NULL) + innerLen;
     }
-
-    if (len < 0) {
-        len = 0; /* wolfSSL_i2d_ASN1_INTEGER can return a value less than 0
-                  * on error */
+    else {
+        ret = mem->i2d_func(asn1Mem(obj, mem->offset),
+                buf != NULL && *buf != NULL ? buf : NULL);
+        if (ret <= 0)
+            return 0;
+        len = ret;
     }
-
     return len;
 }
 
@@ -264,7 +249,7 @@ static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf)
  * @return  Length of DER encoding on success.
  * @return  0 on failure.
  */
-static int wolfssl_i2d_asn1_items(const void* src, byte*buf,
+static int wolfssl_i2d_asn1_items(const void* obj, byte* buf,
     const WOLFSSL_ASN1_TEMPLATE* members, size_t mcount)
 {
     const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
@@ -275,12 +260,34 @@ static int wolfssl_i2d_asn1_items(const void* src, byte*buf,
     WOLFSSL_ENTER("wolfssl_i2d_asn1_items");
 
     for (mem = members, i = 0; i < mcount; mem++, i++) {
-        ret = wolfssl_i2d_asn1_item((void**)(((byte*)src) + mem->offset),
-            mem->type, bufLenOrNull(buf, len));
-        if (ret == 0) {
+        byte* tmp = buf;
+        if (mem->ex && mem->tag >= 0) {
+            /* Figure out the inner length */
+            int innerLen = 0;
+            int hdrLen = 0;
+            ret = i2d_asn1_items(obj, NULL, mem);
+            if (ret <= 0) {
+                len = 0;
+                break;
+            }
+            innerLen = ret;
+            hdrLen = SetExplicit((byte)mem->tag, (word32)innerLen, buf, 0);
+            len += hdrLen;
+            if (buf != NULL)
+                buf += hdrLen;
+        }
+
+        ret = i2d_asn1_items(obj, &buf, mem);
+        if (ret <= 0) {
             len = 0;
             break;
         }
+        if (buf != NULL && !mem->ex && mem->tag >= 0) {
+            /* Encode the implicit tag */
+            byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ];
+            SetImplicit(tmp[0], mem->tag, 0, imp, 0);
+            tmp[0] = imp[0];
+        }
         len += ret;
     }
 
@@ -297,25 +304,55 @@ static int wolfssl_i2d_asn1_items(const void* src, byte*buf,
  * @return  Length of DER encoding on success.
  * @return  0 on failure.
  */
-static int i2d_ASN_SEQUENCE(const void* src, byte* buf,
-    const WOLFSSL_ASN1_ITEM* tpl)
+static int i2d_ASN_SEQUENCE(const void* obj, byte* buf,
+    const WOLFSSL_ASN1_ITEM* item)
 {
     word32 seq_len;
     word32 len = 0;
 
-    seq_len = (word32)wolfssl_i2d_asn1_items(src, NULL, tpl->members,
-        tpl->mcount);
+    seq_len = (word32)wolfssl_i2d_asn1_items(obj, NULL, item->members,
+        item->mcount);
     if (seq_len != 0) {
         len = SetSequence(seq_len, buf);
         if (buf != NULL) {
-            wolfssl_i2d_asn1_items(src, buf + len, tpl->members, tpl->mcount);
+            if (wolfssl_i2d_asn1_items(obj, buf + len, item->members,
+                    item->mcount) > 0)
+                len += seq_len; /* success */
+            else
+                len = 0; /* error */
         }
-        len += seq_len;
+        else
+            len += seq_len;
     }
 
     return (int)len;
 }
 
+static int i2d_ASN_CHOICE(const void* obj, byte* buf,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
+    size_t i;
+
+    if (asn1Type(obj, item->toffset) < 0)
+        return 0; /* type not set */
+    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+        if (asn1Type(obj, item->toffset) == mem->tag) {
+            return wolfssl_i2d_asn1_items(obj, buf, mem, 1);
+        }
+    }
+    return 0;
+}
+
+static int i2d_ASN_OBJECT_TYPE(const void* obj, byte* buf,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    /* To be able to use wolfssl_i2d_asn1_items without any modifications,
+     * pass in a pointer to obj so that asn1Mem uses the correct pointer. */
+    const void ** obj_pp = &obj;
+    return wolfssl_i2d_asn1_items(obj_pp, buf, item->members, item->mcount);
+}
+
 /* Encode ASN1 template item.
  *
  * @param [in]      src  ASN1 items to encode.
@@ -324,14 +361,20 @@ static int i2d_ASN_SEQUENCE(const void* src, byte* buf,
  * @return  Length of DER encoding on success.
  * @return  0 on failure.
  */
-static int wolfssl_asn1_item_encode(const void* src, byte* buf,
-    const WOLFSSL_ASN1_ITEM* tpl)
+static int wolfssl_asn1_item_encode(const void* obj, byte* buf,
+    const WOLFSSL_ASN1_ITEM* item)
 {
     int len;
 
-    switch (tpl->type) {
-        case ASN_SEQUENCE:
-            len = i2d_ASN_SEQUENCE(src, buf, tpl);
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+            len = i2d_ASN_SEQUENCE(obj, buf, item);
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            len = i2d_ASN_OBJECT_TYPE(obj, buf, item);
+            break;
+        case WOLFSSL_ASN1_CHOICE:
+            len = i2d_ASN_CHOICE(obj, buf, item);
             break;
         default:
             WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_i2d");
@@ -347,10 +390,10 @@ static int wolfssl_asn1_item_encode(const void* src, byte* buf,
  * @param [in, out] dest  Pointer to buffer to encode into. May be NULL.
  * @param [in]      tpl   Template of ASN1 items.
  * @return  Length of DER encoding on success.
- * @return  0 on failure.
+ * @return  WOLFSSL_FATAL_ERROR on failure.
  */
-int wolfSSL_ASN1_item_i2d(const void* src, byte** dest,
-    const WOLFSSL_ASN1_ITEM* tpl)
+int wolfSSL_ASN1_item_i2d(const void* obj, byte** dest,
+    const WOLFSSL_ASN1_ITEM* item)
 {
     int ret = 1;
     int len = 0;
@@ -359,35 +402,319 @@ int wolfSSL_ASN1_item_i2d(const void* src, byte** dest,
     WOLFSSL_ENTER("wolfSSL_ASN1_item_i2d");
 
     /* Validate parameters. */
-    if ((src == NULL) || (tpl == NULL)) {
+    if ((obj == NULL) || (item == NULL)) {
         ret = 0;
     }
 
-    if ((ret == 1) && ((len = wolfssl_asn1_item_encode(src, NULL, tpl)) == 0)) {
+    if ((ret == 1) && ((len = wolfssl_asn1_item_encode(obj, NULL, item)) == 0))
         ret = 0;
-    }
 
     if ((ret == 1) && (dest != NULL)) {
         if (*dest == NULL) {
             buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
             if (buf == NULL)
                 ret = 0;
-            *dest = buf;
+        }
+        else
+            buf = *dest;
+
+        if (ret == 1) {
+            len = wolfssl_asn1_item_encode(obj, buf, item);
+            if (len <= 0)
+                ret = 0;
         }
 
         if (ret == 1) {
-            len = wolfssl_asn1_item_encode(src, *dest, tpl);
+            if (*dest == NULL)
+                *dest = buf;
+            else
+                *dest += len;
         }
     }
 
     if (ret == 0) {
-        XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
-        len = 0;
+        if (*dest == NULL)
+            XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
+        len = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", len);
     return len;
 }
 
+static void* d2i_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
+        long* len)
+{
+    void* ret;
+    const byte* tmp = *src;
+    ret = mem->d2i_func(NULL, &tmp, *len);
+    if (ret == NULL) {
+        WOLFSSL_MSG("d2i error");
+        return NULL;
+    }
+    if (tmp <= *src) {
+        WOLFSSL_MSG("ptr not advanced");
+        mem->free_func(ret); /* never a stack so we can call this directly */
+        return NULL;
+    }
+    *len -= (tmp - *src);
+    *src = tmp;
+    return ret;
+}
+
+static void* d2i_generic_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
+        long* len)
+{
+    void* ret = NULL;
+    if (mem->sequence) {
+        long skl = 0;
+        int slen = 0;
+        WOLFSSL_STACK* sk = NULL;
+        word32 idx = 0;
+        const byte* tmp = *src;
+        if (GetSequence(tmp, &idx, &slen, (word32)*len) < 0)
+            goto error;
+        skl = (long)slen;
+        tmp += idx;
+        ret = sk = wolfSSL_sk_new_null();
+        while (skl > 0) {
+            void* new_obj = d2i_obj(mem, &tmp, &skl);
+            if (new_obj == NULL) {
+                WOLFSSL_MSG("d2i_obj failed");
+                goto error;
+            }
+            if (wolfSSL_sk_insert(sk, new_obj, -1) <= 0) {
+                mem->free_func(new_obj);
+                WOLFSSL_MSG("push failed");
+                goto error;
+            }
+        }
+        if (skl != 0) {
+            WOLFSSL_MSG("l not zero after sequence");
+            goto error;
+        }
+        *len -= (long)slen;
+        *src = tmp;
+    }
+    else {
+        ret = d2i_obj(mem, src, len);
+    }
+    return ret;
+error:
+    asn1_free_tpl(ret, mem);
+    return NULL;
+}
+
+static int d2i_handle_tags(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
+        long* len, byte** impBuf, int* asnLen)
+{
+    if (mem->tag >= 0) {
+        byte tag = 0;
+        word32 idx = 0;
+        if (mem->ex) {
+            if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 ||
+                    (byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | mem->tag)
+                        != tag ||
+                    GetLength(*src, &idx, asnLen, (word32)*len) < 0) {
+                WOLFSSL_MSG("asn tag error");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            *len -= idx;
+            *src += idx;
+        }
+        else {
+            /* Underlying d2i functions won't be able to handle the implicit
+             * tag so we substitute it for the expected tag. */
+            if (mem->first_byte == 0) {
+                WOLFSSL_MSG("first byte not set");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 ||
+                    (byte)mem->tag != (tag & ASN_TYPE_MASK) ||
+                    GetLength(*src, &idx, asnLen, (word32)*len) < 0) {
+                WOLFSSL_MSG("asn tag error");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            *asnLen += idx; /* total buffer length */
+            *impBuf = (byte*)XMALLOC(*asnLen, NULL,
+                    DYNAMIC_TYPE_TMP_BUFFER);
+            if (*impBuf == NULL) {
+                WOLFSSL_MSG("malloc error");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            XMEMCPY(*impBuf, *src, *asnLen);
+            (*impBuf)[0] = mem->first_byte;
+        }
+    }
+    return 0;
+}
+
+static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem,
+        const byte** src, long* len)
+{
+    int asnLen = -1;
+    const byte *tmp = NULL;
+    void* ret = NULL;
+    byte* impBuf = NULL;
+    long l;
+
+    if (*len <= 0) {
+        WOLFSSL_MSG("buffer too short");
+        return NULL;
+    }
+
+    if (d2i_handle_tags(mem, src, len, &impBuf, &asnLen) != 0) {
+        WOLFSSL_MSG("tags error");
+        goto error;
+    }
+
+    if (impBuf != NULL)
+        tmp = impBuf;
+    else
+        tmp = *src;
+    l = (long)(asnLen >= 0 ? asnLen : *len);
+    ret = d2i_generic_obj(mem, &tmp, &l);
+    if (l < 0) {
+        WOLFSSL_MSG("ptr advanced too far");
+        goto error;
+    }
+    if (impBuf != NULL) {
+        tmp = *src + (tmp - impBuf); /* for the next calculation */
+        XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (asnLen >= 0 && (int)(tmp - *src) != asnLen) {
+        WOLFSSL_MSG("ptr not advanced enough");
+        goto error;
+    }
+    *len -= tmp - *src;
+    *src = tmp;
+    return ret;
+error:
+    asn1_free_tpl(ret, mem);
+    if (impBuf != NULL)
+        XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return NULL;
+}
+
+static int d2i_ASN_SEQUENCE(void* obj, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
+    int err;
+    word32 idx = 0;
+    int slen = 0;
+    size_t i;
+    const byte* s = *src;
+
+    err = GetSequence(s, &idx, &slen, (word32)len);
+    if (err <= 0) {
+        WOLFSSL_MSG("GetSequence error");
+        return WOLFSSL_FATAL_ERROR;
+    }
+    s += idx;
+    len -= idx;
+
+    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+        asn1Mem(obj, mem->offset) = d2i_generic(mem, &s, &len);
+        if (asn1Mem(obj, mem->offset) == NULL) {
+            WOLFSSL_MSG("d2i error");
+            return WOLFSSL_FATAL_ERROR;
+        }
+    }
+    *src = s;
+    return 0;
+}
+
+static int d2i_ASN_CHOICE(void* obj, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
+    size_t i;
+
+    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+        asn1Mem(obj, mem->offset) = d2i_generic(mem, src, &len);
+        if (asn1Mem(obj, mem->offset) != NULL) {
+            asn1Type(obj, item->toffset) = mem->tag;
+            return 0;
+        }
+    }
+    WOLFSSL_MSG("der does not decode with any CHOICE");
+    return WOLFSSL_FATAL_ERROR;
+}
+
+static void* d2i_ASN_OBJECT_TYPE(const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    return d2i_generic(item->members, src, &len);
+}
+
+void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    void* obj = NULL;
+    int err = 0;
+    const byte *tmp;
+
+    WOLFSSL_ENTER("wolfSSL_ASN1_item_d2i");
+
+    if (src == NULL || *src == NULL || len <= 0 || item == NULL) {
+        WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", 0);
+        return NULL;
+    }
+
+    tmp = *src;
+
+    /* Create an empty object. */
+
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+        case WOLFSSL_ASN1_CHOICE:
+            obj = asn1_item_alloc(item);
+            if (obj == NULL)
+                return NULL;
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            /* allocated later */
+            break;
+        default:
+            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i");
+            return NULL;
+    }
+
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+            err = d2i_ASN_SEQUENCE(obj, &tmp, len, item);
+            break;
+        case WOLFSSL_ASN1_CHOICE:
+            err = d2i_ASN_CHOICE(obj, &tmp, len, item);
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            obj = d2i_ASN_OBJECT_TYPE(&tmp, len, item);
+            if (obj == NULL)
+                err = WOLFSSL_FATAL_ERROR;
+            break;
+        default:
+            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i");
+            err = WOLFSSL_FATAL_ERROR;
+            break;
+    }
+
+    if (err == 0)
+        *src = tmp;
+    else {
+        wolfSSL_ASN1_item_free(obj, item);
+        obj = NULL;
+    }
+
+    if (dst != NULL && obj != NULL) {
+        if (*dst != NULL)
+            wolfSSL_ASN1_item_free(*dst, item);
+        *dst = obj;
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", obj != NULL);
+    return obj;
+}
+
 #endif /* OPENSSL_ALL */
 
 #endif /* OPENSSL_EXTRA */
@@ -453,9 +780,6 @@ int wolfSSL_ASN1_BIT_STRING_get_bit(const WOLFSSL_ASN1_BIT_STRING* bitStr,
 
     return bit;
 }
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
-
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
 
 /* Grow data to require length.
  *
@@ -478,7 +802,8 @@ static int wolfssl_asn1_bit_string_grow(WOLFSSL_ASN1_BIT_STRING* bitStr,
     }
     else {
         /* Clear out new, top bytes. */
-        XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length));
+        if (len > bitStr->length)
+            XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length));
         bitStr->data = tmp;
         bitStr->length = len;
     }
@@ -527,7 +852,99 @@ int wolfSSL_ASN1_BIT_STRING_set_bit(WOLFSSL_ASN1_BIT_STRING* bitStr, int idx,
     return ret;
 }
 
-#endif /* OPENSSL_ALL && !NO_CERTS */
+/* Serialize object to DER encoding
+ *
+ * @param bstr Object to serialize
+ * @param pp  Output
+ * @return Length on success
+ *         Negative number on failure
+ */
+int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bstr,
+        unsigned char** pp)
+{
+    int len;
+    unsigned char* buf;
+
+    if (bstr == NULL || (bstr->data == NULL && bstr->length != 0))
+        return WOLFSSL_FATAL_ERROR;
+
+    len = (int)SetBitString((word32)bstr->length, 0, NULL) + bstr->length;
+    if (pp != NULL) {
+        word32 idx;
+
+        if (*pp != NULL)
+            buf = *pp;
+        else {
+            buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
+            if (buf == NULL)
+                return WOLFSSL_FATAL_ERROR;
+        }
+
+        idx = SetBitString((word32)bstr->length, 0, buf);
+        if (bstr->length > 0)
+            XMEMCPY(buf + idx, bstr->data, (size_t)bstr->length);
+
+        if (*pp != NULL)
+            *pp += len;
+        else
+            *pp = buf;
+    }
+
+    return len;
+}
+
+WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING(
+        WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len)
+{
+    WOLFSSL_ASN1_BIT_STRING* ret = NULL;
+#ifdef WOLFSSL_ASN_TEMPLATE
+    word32 idx = 0;
+    byte tag = 0;
+    int length = 0;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_BIT_STRING");
+
+    if (src == NULL || *src == NULL || len == 0)
+        return NULL;
+
+    if (GetASNTag(*src, &idx, &tag, (word32)len) < 0)
+        return NULL;
+    if (tag != ASN_BIT_STRING)
+        return NULL;
+    if (GetLength(*src, &idx, &length, (word32)len) < 0)
+        return NULL;
+    if (GetASN_BitString(*src, idx, length) != 0)
+        return NULL;
+    idx++; /* step over unused bits */
+    length--;
+
+    ret = wolfSSL_ASN1_BIT_STRING_new();
+    if (ret == NULL)
+        return NULL;
+
+    if (wolfssl_asn1_bit_string_grow(ret, length) != 1) {
+        wolfSSL_ASN1_BIT_STRING_free(ret);
+        return NULL;
+    }
+
+    XMEMCPY(ret->data, *src + idx, length);
+    *src += idx + (word32)length;
+
+    if (out != NULL) {
+        if (*out != NULL)
+            wolfSSL_ASN1_BIT_STRING_free(*out);
+        *out = ret;
+    }
+#else
+    WOLFSSL_MSG("d2i_ASN1_BIT_STRING needs --enable-asn=template");
+    (void)out;
+    (void)src;
+    (void)len;
+#endif
+    return ret;
+}
+
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 /*******************************************************************************
  * ASN1_INTEGER APIs
@@ -706,7 +1123,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
  * @return Negative value when a is less than b.
  * @return 0 when a equals b.
  * @return Positive value when a is greater than b.
- * @return -1 when a or b is NULL.
+ * @return WOLFSSL_FATAL_ERROR when a or b is NULL.
  */
 int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
     const WOLFSSL_ASN1_INTEGER* b)
@@ -718,11 +1135,11 @@ int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
     /* Validate parameters. */
     if ((a == NULL) || (b == NULL)) {
         WOLFSSL_MSG("Bad parameter.");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Negative value < Positive value */
     else if (a->negative && !b->negative) {
-        ret = -1;
+        ret = -2; /* avoid collision with WOLFSSL_FATAL_ERROR */
     }
     /* Positive value > Negative value */
     else if (!a->negative && b->negative) {
@@ -772,7 +1189,7 @@ static void wolfssl_twos_compl(byte* data, int length)
 
 /* Calculate 2's complement of DER encoding.
  *
- * @param [in]  data    Array that is number.
+ * @param [in|out] data Array that is number.
  * @param [in]  length  Number of bytes in array.
  * @param [out] neg     When NULL, 2's complement data.
  *                      When not NULL, check for negative first and return.
@@ -787,7 +1204,7 @@ static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg)
 
     /* Get length from DER header. */
     if (GetLength(data, &idx, &len, (word32)length) < 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         if (neg != NULL) {
@@ -811,60 +1228,48 @@ static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg)
  * @return  -1 when a is NULL or no data, out is NULL, dynamic memory allocation
  *          fails or encoding length fails.
  */
-int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** out)
+int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** pp)
 {
-    int ret = 0;
-    byte* buf = NULL;
-
     WOLFSSL_ENTER("wolfSSL_i2d_ASN1_INTEGER");
 
     /* Validate parameters. */
-    if ((a == NULL) || (a->data == NULL) || (a->length <= 0) || (out == NULL)) {
+    if (a == NULL || a->data == NULL || a->length <= 0) {
         WOLFSSL_MSG("Bad parameter.");
-        ret = -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
-    if ((ret == 0) && (*out == NULL)) {
-        /* Allocate buffer to hold encoding. */
-        buf = (unsigned char*)XMALLOC((size_t)a->length, NULL,
-            DYNAMIC_TYPE_ASN1);
-        if (buf == NULL) {
-            WOLFSSL_MSG("Failed to allocate output buffer.");
-            ret = -1;
+    if (pp != NULL) {
+        byte* buf;
+
+        if (*pp != NULL)
+            buf = *pp;
+        else {
+            buf = (byte*)XMALLOC((size_t)a->length, NULL, DYNAMIC_TYPE_ASN1);
+            if (buf == NULL)
+                return WOLFSSL_FATAL_ERROR;
         }
-        /* Return any allocated buffer. */
-        *out = buf;
-    }
-    if (ret == 0) {
+
         /* Copy the data (including tag and length) into output buffer. */
-        XMEMCPY(*out, a->data, (size_t)a->length);
+        XMEMCPY(buf, a->data, (size_t)a->length);
         /* Only magnitude of the number stored (i.e. the sign isn't encoded).
          * The "negative" field is 1 if the value must be interpreted as
          * negative and we need to output the 2's complement of the value in
          * the DER output.
          */
-        if (a->negative) {
-            ret = wolfssl_asn1_int_twos_compl(*out, a->length, NULL);
-        }
-    }
-    if (ret == 0) {
-        ret = a->length;
-        /* Move pointer on passed encoding when buffer passed in. */
-        if (buf == NULL) {
-            *out += a->length;
+        if (a->negative &&
+                wolfssl_asn1_int_twos_compl(buf, a->length, NULL) != 0) {
+            if (*pp == NULL)
+                XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
+            return WOLFSSL_FATAL_ERROR;
         }
-    }
-    /* Dispose of any dynamically allocated data on error. */
-    else if (buf != NULL) {
-        /* Dispose of buffer allocated locally on error. */
-        XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
-        /* Don't return freed buffer. */
-        *out = NULL;
-    }
 
-    WOLFSSL_LEAVE("wolfSSL_i2d_ASN1_INTEGER", ret);
+        if (*pp != NULL)
+            *pp += a->length;
+        else
+            *pp = buf;
+    }
 
-    return ret;
+    return a->length;
 }
 
 /* Decode DER encoding of ASN.1 INTEGER.
@@ -1427,7 +1832,7 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a)
         /* Create a big number from the DER encoding. */
         bn = wolfSSL_ASN1_INTEGER_to_BN(a, NULL);
         if (bn == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret > 0) {
@@ -1700,6 +2105,36 @@ int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
     return ret;
 }
 
+int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len,
+        int addHdr)
+{
+    word32 idx = 0;
+
+    if (obj == NULL || der == NULL || len == 0)
+        return WOLFSSL_FAILURE;
+
+    if (addHdr)
+        idx = SetHeader(ASN_OBJECT_ID, (word32)len, NULL, 0);
+
+    if (obj->obj != NULL) {
+        XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
+        obj->obj = NULL;
+        obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
+    }
+
+    obj->obj =(unsigned char*)XMALLOC(idx + len, obj->heap, DYNAMIC_TYPE_ASN1);
+    if (obj->obj == NULL)
+        return WOLFSSL_FAILURE;
+
+    if (addHdr)
+        SetHeader(ASN_OBJECT_ID, (word32)len, (byte*)obj->obj, 0);
+
+    XMEMCPY((byte*)obj->obj + idx, der, len);
+    obj->objSz = (unsigned int)(idx + len);
+    obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
+    return WOLFSSL_SUCCESS;
+}
+
 /* Creates and ASN.1 OBJECT_ID object from DER encoding.
  *
  * @param [out]     a       Pointer to return new ASN.1 OBJECT_ID through.
@@ -1714,38 +2149,43 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
     const unsigned char **der, long length)
 {
     WOLFSSL_ASN1_OBJECT* ret = NULL;
-    int err = 0;
-    const unsigned char *d;
-    long len = 0;
-    int tag = 0;
-    int cls;
+    int len = 0;
+    word32 idx = 0;
 
     WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT");
 
     /* Validate parameters. */
     if ((der == NULL) || (*der == NULL) || (length <= 0)) {
         WOLFSSL_MSG("Bad parameter");
-        err = 1;
+        return NULL;
     }
-    if (!err) {
-        /* Get pointer to be modified along the way. */
-        d = *der;
 
-        /* Move d to value and get length and tag. */
-        if (wolfSSL_ASN1_get_object(&d, &len, &tag, &cls, length) & 0x80) {
-            WOLFSSL_MSG("wolfSSL_ASN1_get_object error");
-            err = 1;
-        }
+    if (GetASNHeader(*der, ASN_OBJECT_ID, &idx, &len, (word32)length) < 0) {
+        WOLFSSL_MSG("error getting tag");
+        return NULL;
     }
-    /* Check it DER encoding is of an OBJECT_ID. */
-    if ((!err) && (tag != ASN_OBJECT_ID)) {
-        WOLFSSL_MSG("Not an ASN object");
-        err = 1;
+
+    if (len <= 0) {
+        WOLFSSL_MSG("zero length");
+        return NULL;
     }
-    /* Create an ASN.1 OBJECT_ID_object from value. TODO: not DER encoding? */
-    if ((!err) && ((ret = wolfSSL_c2i_ASN1_OBJECT(a, &d, len)) != NULL)) {
-        /* Update pointer to after decoded bytes. */
-        *der = d;
+
+    ret = wolfSSL_ASN1_OBJECT_new();
+    if (ret == NULL) {
+        WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
+        return NULL;
+    }
+
+    if (wolfssl_asn1_obj_set(ret, *der, idx + len, 0) != WOLFSSL_SUCCESS) {
+        wolfSSL_ASN1_OBJECT_free(ret);
+        return NULL;
+    }
+
+    *der += idx + len;
+    if (a != NULL) {
+        if (*a != NULL)
+            wolfSSL_ASN1_OBJECT_free(*a);
+        *a = ret;
     }
 
     return ret;
@@ -1821,7 +2261,6 @@ int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp)
 WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
         const unsigned char **pp, long len)
 {
-    int err = 0;
     WOLFSSL_ASN1_OBJECT* ret = NULL;
 
     WOLFSSL_ENTER("wolfSSL_c2i_ASN1_OBJECT");
@@ -1829,40 +2268,29 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
     /* Validate parameters. */
     if ((pp == NULL) || (*pp == NULL) || (len <= 0)) {
         WOLFSSL_MSG("Bad parameter");
-        err = 1;
+        return NULL;
     }
 
     /* Create a new ASN.1 OBJECT_ID object. */
-    if ((!err) && ((ret = wolfSSL_ASN1_OBJECT_new()) == NULL)) {
+    ret = wolfSSL_ASN1_OBJECT_new();
+    if (ret == NULL) {
         WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
-        err = 1;
+        return NULL;
     }
 
-    if (!err) {
-        /* Allocate memory for content octets. */
-        ret->obj = (const unsigned char*)XMALLOC((size_t)len, NULL,
-            DYNAMIC_TYPE_ASN1);
-        if (ret->obj == NULL) {
-            WOLFSSL_MSG("error allocating asn data memory");
-            wolfSSL_ASN1_OBJECT_free(ret);
-            ret = NULL;
-            err = 1;
-        }
+    if (wolfssl_asn1_obj_set(ret, *pp, (word32)len, 1) != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("wolfssl_asn1_obj_set error");
+        wolfSSL_ASN1_OBJECT_free(ret);
+        return NULL;
     }
 
-    if (!err) {
-        /* Content octets buffer was dynamically allocated. */
-        ret->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
-        /* Copy in content octets and set size. */
-        XMEMCPY((byte*)ret->obj, *pp, (size_t)len);
-        ret->objSz = (unsigned int)len;
-
-        /* Move pointer to after data copied out. */
-        *pp += len;
-        /* Return ASN.1 OBJECT_ID object through a if required. */
-        if (a != NULL) {
-            *a = ret;
-        }
+    /* Move pointer to after data copied out. */
+    *pp += len;
+    /* Return ASN.1 OBJECT_ID object through a if required. */
+    if (a != NULL) {
+        if (*a != NULL)
+            wolfSSL_ASN1_OBJECT_free(*a);
+        *a = ret;
     }
 
     return ret;
@@ -1992,16 +2420,9 @@ void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
 int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
     WOLFSSL_ASN1_OBJECT* obj)
 {
-    int ret = 0;
-
     WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_push");
 
-    /* Push on when we have a stack and object to work with. */
-    if ((sk != NULL) && (obj != NULL)) {
-        ret = wolfSSL_sk_push(sk, obj);
-    }
-
-    return ret;
+    return wolfSSL_sk_push(sk, obj);
 }
 
 /* Pop off a WOLFSSL_ASN1_OBJECT from the stack.
@@ -2163,7 +2584,7 @@ WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1)
  * @return Negative value when a is less than b.
  * @return 0 when a equals b.
  * @return Positive value when a is greater than b.
- * @return -1 when a or b is NULL.
+ * @return WOLFSSL_FATAL_ERROR when a or b is NULL.
  */
 int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a,
     const WOLFSSL_ASN1_STRING *b)
@@ -2173,7 +2594,7 @@ int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a,
 
     /* Validate parameters. */
     if ((a == NULL) || (b == NULL)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Compare length of data. */
     else if (a->length != b->length) {
@@ -2296,7 +2717,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
         len = wolfSSL_ASN1_STRING_length(asn1);
         /* Check data and length are usable. */
         if ((data == NULL) || (len < 0)) {
-            len = -1;
+            len = WOLFSSL_FATAL_ERROR;
         }
     }
     if (len != -1) {
@@ -2304,7 +2725,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
         buf = (unsigned char*)XMALLOC((size_t)(len + 1), NULL,
             DYNAMIC_TYPE_OPENSSL);
         if (buf == NULL) {
-            len = -1;
+            len = WOLFSSL_FATAL_ERROR;
         }
     }
     if (len != -1) {
@@ -2318,7 +2739,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
-#if defined(OPENSSL_EXTRA)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 
 /* Encode ASN.1 STRING data as hex digits separated by colon.
  *
@@ -2397,7 +2818,155 @@ char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
 
     return ret;
 }
-#endif /* OPENSSL_EXTRA */
+
+static int i2d_ASN1_STRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp, byte tag)
+{
+    int idx;
+    int len;
+    unsigned char* out;
+
+    if (s == NULL || s->data == NULL || s->length == 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    len = SetHeader(tag, s->length, NULL, 0) + s->length;
+
+    if (pp == NULL)
+        return len;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    idx = (int)SetHeader(tag, s->length, out, 0);
+    XMEMCPY(out + idx, s->data, s->length);
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += len;
+
+    return len;
+}
+
+int wolfSSL_i2d_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
+{
+    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_GENERALSTRING");
+
+    return i2d_ASN1_STRING(s, pp, ASN_GENERALSTRING);
+}
+
+int wolfSSL_i2d_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
+{
+    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_OCTET_STRING");
+
+    return i2d_ASN1_STRING(s, pp, ASN_OCTET_STRING);
+}
+
+int wolfSSL_i2d_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
+{
+    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_UTF8STRING");
+
+    return i2d_ASN1_STRING(s, pp, ASN_UTF8STRING);
+}
+
+int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp)
+{
+    unsigned char* out;
+
+    if (s == NULL || s->data == NULL || s->length == 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    if (pp == NULL)
+        return s->length;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC(s->length, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    XMEMCPY(out, s->data, s->length);
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += s->length;
+
+    return s->length;
+}
+
+static WOLFSSL_ASN1_STRING* d2i_ASN1_STRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len, byte expTag)
+{
+    WOLFSSL_ASN1_STRING* ret = NULL;
+    word32 idx = 0;
+    byte tag = 0;
+    int length = 0;
+
+    WOLFSSL_ENTER("d2i_ASN1_GENERALSTRING");
+
+    if (src == NULL || *src == NULL || len == 0)
+        return NULL;
+
+    if (GetASNTag(*src, &idx, &tag, (word32)len) < 0)
+        return NULL;
+    if (tag != expTag)
+        return NULL;
+    if (GetLength(*src, &idx, &length, (word32)len) < 0)
+        return NULL;
+
+    ret = wolfSSL_ASN1_STRING_new();
+    if (ret == NULL)
+        return NULL;
+
+    if (wolfSSL_ASN1_STRING_set(ret, *src + idx, length) != 1) {
+        wolfSSL_ASN1_STRING_free(ret);
+        return NULL;
+    }
+
+    if (out != NULL) {
+        if (*out != NULL)
+            wolfSSL_ASN1_STRING_free(*out);
+        *out = ret;
+    }
+    *src += idx + length;
+
+    return ret;
+}
+
+WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_GENERALSTRING");
+
+    return d2i_ASN1_STRING(out, src, len, ASN_GENERALSTRING);
+}
+
+WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OCTET_STRING");
+
+    return d2i_ASN1_STRING(out, src, len, ASN_OCTET_STRING);
+}
+
+WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_UTF8STRING");
+
+    return d2i_ASN1_STRING(out, src, len, ASN_UTF8STRING);
+}
+
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 #endif /* NO_ASN */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@@ -2470,7 +3039,7 @@ unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
  * @return  String length on success.
  * @return  0 when asn is NULL or no data set.
  */
-int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
+int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn)
 {
     int len = 0;
 
@@ -2820,7 +3389,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
 
     /* Write out hash character to indicate hex string. */
     if (wolfSSL_BIO_write(bio, hash, 1) != 1) {
-        str_len = -1;
+        str_len = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Check if we are to write out DER header. */
@@ -2832,7 +3401,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
             str_len += 4;
             /* Write out tag and length as hex digits. */
             if (wolfSSL_BIO_write(bio, hex_tmp, 4) != 4) {
-                str_len = -1;
+                str_len = WOLFSSL_FATAL_ERROR;
             }
         }
     }
@@ -2850,7 +3419,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
             str_len += 2;
             /* Write out character as hex digites. */
             if (wolfSSL_BIO_write(bio, hex_tmp, 2) != 2) {
-                str_len = -1;
+                str_len = WOLFSSL_FATAL_ERROR;
                 break;
             }
         }
@@ -2905,7 +3474,7 @@ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio,
             str_len++;
             /* Write out escaping character. */
             if (wolfSSL_BIO_write(bio,"\\", 1) != 1) {
-                str_len = -1;
+                str_len = WOLFSSL_FATAL_ERROR;
                 break;
             }
         }
@@ -2913,7 +3482,7 @@ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio,
         str_len++;
         /* Write out character. */
         if (wolfSSL_BIO_write(bio, p, 1) != 1) {
-            str_len = -1;
+            str_len = WOLFSSL_FATAL_ERROR;
             break;
         }
     }
@@ -3002,9 +3571,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
 void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time)
 {
     WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free");
-    if (asn1Time != NULL) {
-        XFREE(asn1Time, NULL, DYNAMIC_TYPE_OPENSSL);
-    }
+    XFREE(asn1Time, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
 #ifndef NO_BIO
@@ -3419,7 +3986,7 @@ unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t)
  */
 int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
 {
-    int ret = 1;
+    int ret = WOLFSSL_SUCCESS;
     char buf[MAX_TIME_STRING_SZ];
 
     WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");
@@ -3427,7 +3994,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
     /* If can convert to human readable then format good. */
     if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
             MAX_TIME_STRING_SZ) == NULL) {
-        ret = 0;
+        ret = WOLFSSL_FAILURE;
     }
 
     return ret;
@@ -3445,7 +4012,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
  */
 int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
 {
-    int ret = 1;
+    int ret = WOLFSSL_SUCCESS;
     int slen = 0;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string");
@@ -3454,15 +4021,15 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
         WOLFSSL_MSG("Bad parameter");
         ret = 0;
     }
-    if (ret == 1) {
+    if (ret == WOLFSSL_SUCCESS) {
         /* Get length of string including NUL terminator. */
         slen = (int)XSTRLEN(str) + 1;
         if (slen > CTC_DATE_SIZE) {
             WOLFSSL_MSG("Date string too long");
-            ret = 0;
+            ret = WOLFSSL_FAILURE;
         }
     }
-    if ((ret == 1) && (t != NULL)) {
+    if ((ret == WOLFSSL_SUCCESS) && (t != NULL)) {
         /* Copy in string including NUL terminator. */
         XMEMCPY(t->data, str, (size_t)slen);
         /* Do not include NUL terminator in length. */
@@ -3475,6 +4042,21 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
     return ret;
 }
 
+int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string_X509");
+
+    if (t == NULL)
+        ret = WOLFSSL_FAILURE;
+    if (ret == WOLFSSL_SUCCESS)
+        ret = wolfSSL_ASN1_TIME_set_string(t, str);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = wolfSSL_ASN1_TIME_check(t);
+    return ret;
+}
+
 /* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object.
  *
  * @param [in]      t    ASN.1 TIME object.
@@ -3547,6 +4129,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
     return ret;
 }
 
+#if !defined(USER_TIME) && !defined(TIME_OVERRIDES)
 WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t)
 {
     WOLFSSL_ASN1_TIME* ret = s;
@@ -3572,7 +4155,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t)
 
     return ret;
 }
-
+#endif /* !USER_TIME && !TIME_OVERRIDES */
 #endif /* OPENSSL_EXTRA */
 
 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
@@ -4006,6 +4589,7 @@ static void wolfssl_asn1_type_free_value(WOLFSSL_ASN1_TYPE* at)
         #endif
             break;
         case V_ASN1_UTF8STRING:
+        case V_ASN1_OCTET_STRING:
         case V_ASN1_PRINTABLESTRING:
         case V_ASN1_T61STRING:
         case V_ASN1_IA5STRING:
@@ -4033,6 +4617,41 @@ void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
     XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
+int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+
+    if (at == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    switch (at->type) {
+        case V_ASN1_NULL:
+            break;
+        case V_ASN1_OBJECT:
+            ret = wolfSSL_i2d_ASN1_OBJECT(at->value.object, pp);
+            break;
+        case V_ASN1_UTF8STRING:
+            ret = wolfSSL_i2d_ASN1_UTF8STRING(at->value.utf8string, pp);
+            break;
+        case V_ASN1_GENERALIZEDTIME:
+            ret = wolfSSL_i2d_ASN1_GENERALSTRING(at->value.utf8string, pp);
+            break;
+        case V_ASN1_SEQUENCE:
+            ret = wolfSSL_i2d_ASN1_SEQUENCE(at->value.sequence, pp);
+            break;
+        case V_ASN1_UTCTIME:
+        case V_ASN1_PRINTABLESTRING:
+        case V_ASN1_T61STRING:
+        case V_ASN1_IA5STRING:
+        case V_ASN1_UNIVERSALSTRING:
+        default:
+            WOLFSSL_MSG("asn1 i2d type not supported");
+            break;
+    }
+
+    return ret;
+}
+
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS) || \
@@ -4070,6 +4689,7 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
             case V_ASN1_UTCTIME:
             case V_ASN1_GENERALIZEDTIME:
             case V_ASN1_UTF8STRING:
+            case V_ASN1_OCTET_STRING:
             case V_ASN1_PRINTABLESTRING:
             case V_ASN1_T61STRING:
             case V_ASN1_IA5STRING:
@@ -4089,6 +4709,14 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
     }
 }
 
+int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a)
+{
+    if (a != NULL && (a->type == V_ASN1_BOOLEAN || a->type == V_ASN1_NULL
+            || a->value.ptr != NULL))
+        return a->type;
+    return 0;
+}
+
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_WPAS */
 
 #endif /* !NO_ASN */
diff --git a/src/ssl_bn.c b/src/ssl_bn.c
index c025755f99..e45e19da50 100644
--- a/src/ssl_bn.c
+++ b/src/ssl_bn.c
@@ -1,6 +1,6 @@
 /* ssl_bn.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -64,7 +64,7 @@ static int wolfssl_bn_set_neg(WOLFSSL_BIGNUM* bn, int neg)
 
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE)
     else if (neg) {
@@ -102,17 +102,17 @@ int wolfssl_bn_get_value(WOLFSSL_BIGNUM* bn, mp_int* mpi)
     /* Validate parameters. */
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else if (mpi == NULL) {
         WOLFSSL_MSG("mpi NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Copy the internal representation into MP integer. */
     if ((ret == 1) && mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
         WOLFSSL_MSG("mp_copy error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -145,7 +145,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
     /* Validate parameters. */
     if ((bn == NULL) || (mpi == NULL)) {
         WOLFSSL_MSG("mpi or bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Allocate a new big number if one not passed in. */
@@ -153,7 +153,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
         a = wolfSSL_BN_new();
         if (a == NULL) {
             WOLFSSL_MSG("wolfssl_bn_set_value alloc failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         *bn = a;
     }
@@ -161,7 +161,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
     /* Copy MP integer value into internal representation of big number. */
     if ((ret == 1) && (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY)) {
         WOLFSSL_MSG("mp_copy error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Dispose of any allocated big number on error. */
@@ -455,7 +455,7 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
     /* Validate parameters. */
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("NULL bn error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Get the length of the encoding. */
@@ -464,7 +464,7 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
         if ((r != NULL) && (mp_to_unsigned_bin((mp_int*)bn->internal, r) !=
                 MP_OKAY)) {
             WOLFSSL_MSG("mp_to_unsigned_bin error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -492,7 +492,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
     WOLFSSL_ENTER("wolfSSL_BN_bin2bn");
 
     /* Validate parameters. */
-    if ((data == NULL) || (len < 0)) {
+    if (len < 0) {
         ret = NULL;
     }
     /* Allocate a new big number when ret is NULL. */
@@ -507,7 +507,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
         if (ret->internal == NULL) {
             ret = NULL;
         }
-        else {
+        else if (data != NULL) {
             /* Decode into big number. */
             if (mp_read_unsigned_bin((mp_int*)ret->internal, data, (word32)len)
                     != 0) {
@@ -520,6 +520,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
                 bn = NULL;
             }
         }
+        else if (data == NULL) {
+            wolfSSL_BN_zero(ret);
+        }
     }
 
     /* Dispose of allocated BN not being returned. */
@@ -1129,8 +1132,7 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
             ret = 0;
         }
         else {
-            /* NULL less than not NULL. */
-            ret = -1;
+            ret = -1; /* NULL less than not NULL. */
         }
     }
     else if (bIsNull) {
@@ -1147,9 +1149,12 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
         else if (ret == MP_GT) {
             ret = 1;
         }
-        else {
+        else if (ret == MP_LT) {
             ret = -1;
         }
+        else {
+            ret = WOLFSSL_FATAL_ERROR; /* also -1 */
+        }
     }
 
     return ret;
@@ -2268,18 +2273,18 @@ int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int checks,
 
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Create a new RNG or use global. */
     if ((ret == 1) && ((rng = wolfssl_make_rng(tmpRng, &localRng)) == NULL)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if ((ret == 1) && (mp_prime_is_prime_ex((mp_int*)bn->internal, checks, &res,
             rng) != MP_OKAY)) {
         WOLFSSL_MSG("mp_prime_is_prime_ex error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (localRng) {
diff --git a/src/ssl_certman.c b/src/ssl_certman.c
index e666059352..a5b622dede 100644
--- a/src/ssl_certman.c
+++ b/src/ssl_certman.c
@@ -1,6 +1,6 @@
 /* ssl_certman.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -398,7 +398,7 @@ WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
         }
 
         /* Decode certificate. */
-        if ((!err) && (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS)) {
+        if ((!err) && (wolfSSL_sk_X509_push(sk, x509) <= 0)) {
             wolfSSL_X509_free(x509);
             err = 1;
         }
@@ -609,8 +609,7 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc)
 }
 #endif /* NO_WOLFSSL_CM_VERIFY */
 
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
+#ifdef WC_ASN_UNKNOWN_EXT_CB
 void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm,
         wc_UnknownExtCallback cb)
 {
@@ -620,7 +619,7 @@ void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm,
     }
 
 }
-#endif /* WOLFSSL_CUSTOM_OID && WOLFSSL_ASN_TEMPLATE && HAVE_OID_DECODING */
+#endif /* WC_ASN_UNKNOWN_EXT_CB */
 
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
 /* Verify the certificate.
@@ -690,8 +689,7 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff,
         /* Create a decoded certificate with DER buffer. */
         InitDecodedCert(cert, buff, (word32)sz, cm->heap);
 
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
+#ifdef WC_ASN_UNKNOWN_EXT_CB
         if (cm->unknownExtCallback != NULL)
             wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
 #endif
@@ -1384,9 +1382,7 @@ int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
                 ret = FWRITE_ERROR;
             }
         }
-        if (mem != NULL) {
-            XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
         /* Unlock CA table. */
         wc_UnLockMutex(&cm->caLock);
@@ -1862,6 +1858,26 @@ int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb)
     return ret;
 }
 
+int wolfSSL_CertManagerSetCRL_ErrorCb(WOLFSSL_CERT_MANAGER* cm, crlErrorCb cb,
+                                      void* ctx)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb");
+
+    /* Validate parameters. */
+    if (cm == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Store callback. */
+        cm->crlCb = cb;
+        cm->crlCbCtx = ctx;
+    }
+
+    return ret;
+}
+
 #ifdef HAVE_CRL_IO
 /* Set the CRL I/O callback.
  *
diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c
index 5a05324c31..fba578c508 100644
--- a/src/ssl_crypto.c
+++ b/src/ssl_crypto.c
@@ -1,6 +1,6 @@
 /* ssl_crypto.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,8 +45,7 @@
 void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4)
 {
     /* Ensure WOLFSSL_MD4_CTX is big enough for wolfCrypt Md4. */
-    typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
-    (void)sizeof(ok);
+    WOLFSSL_ASSERT_SIZEOF_GE(md4->buffer, Md4);
 
     WOLFSSL_ENTER("MD4_Init");
 
@@ -97,8 +96,7 @@ void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
 int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5)
 {
     /* Ensure WOLFSSL_MD5_CTX is big enough for wolfCrypt wc_Md5. */
-    typedef char md5_test[sizeof(WOLFSSL_MD5_CTX) >= sizeof(wc_Md5) ? 1 : -1];
-    (void)sizeof(md5_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_MD5_CTX, wc_Md5);
 
     WOLFSSL_ENTER("MD5_Init");
 
@@ -212,8 +210,7 @@ unsigned char* wolfSSL_MD5(const unsigned char* data, size_t len,
 int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
 {
     /* Ensure WOLFSSL_SHA_CTX is big enough for wolfCrypt wc_Sha. */
-    typedef char sha_test[sizeof(WOLFSSL_SHA_CTX) >= sizeof(wc_Sha) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA_CTX, wc_Sha);
 
     WOLFSSL_ENTER("SHA_Init");
 
@@ -362,8 +359,7 @@ int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data)
 int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha224)
 {
     /* Ensure WOLFSSL_SHA224_CTX is big enough for wolfCrypt wc_Sha224. */
-    typedef char sha_test[sizeof(SHA224_CTX) >= sizeof(wc_Sha224) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(SHA224_CTX, wc_Sha224);
 
     WOLFSSL_ENTER("SHA224_Init");
 
@@ -422,8 +418,7 @@ int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha224)
 int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
 {
     /* Ensure WOLFSSL_SHA256_CTX is big enough for wolfCrypt wc_Sha256. */
-    typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(wc_Sha256) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(SHA256_CTX, wc_Sha256);
 
     WOLFSSL_ENTER("SHA256_Init");
 
@@ -512,8 +507,7 @@ int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
 int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha384)
 {
     /* Ensure WOLFSSL_SHA384_CTX is big enough for wolfCrypt wc_Sha384. */
-    typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(wc_Sha384) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(SHA384_CTX, wc_Sha384);
 
     WOLFSSL_ENTER("SHA384_Init");
 
@@ -572,8 +566,7 @@ int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha384)
 int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha512)
 {
     /* Ensure WOLFSSL_SHA512_CTX is big enough for wolfCrypt wc_Sha512. */
-    typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(wc_Sha512) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(SHA512_CTX, wc_Sha512);
 
     WOLFSSL_ENTER("SHA512_Init");
 
@@ -809,8 +802,7 @@ int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
 int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha3_224)
 {
     /* Ensure WOLFSSL_SHA3_224_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_224_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(SHA3_224_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_224_Init");
 
@@ -869,8 +861,7 @@ int wolfSSL_SHA3_224_Final(byte* output, WOLFSSL_SHA3_224_CTX* sha3)
 int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha3_256)
 {
     /* Ensure WOLFSSL_SHA3_256_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_256_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(SHA3_256_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_256_Init");
 
@@ -929,8 +920,7 @@ int wolfSSL_SHA3_256_Final(byte* output, WOLFSSL_SHA3_256_CTX* sha3)
 int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha3_384)
 {
     /* Ensure WOLFSSL_SHA3_384_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_384_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(SHA3_384_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_384_Init");
 
@@ -989,8 +979,7 @@ int wolfSSL_SHA3_384_Final(byte* output, WOLFSSL_SHA3_384_CTX* sha3)
 int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha3_512)
 {
     /* Ensure WOLFSSL_SHA3_512_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_512_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(SHA3_512_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_512_Init");
 
@@ -2442,7 +2431,7 @@ int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* key,
     /* Check key parity is odd. */
     if ((ret == 0) && (!wolfSSL_DES_check_key_parity(key))) {
         WOLFSSL_MSG("Odd parity test fail");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Check whether key is weak. */
     if ((ret == 0) && wolfSSL_DES_is_weak_key(key)) {
@@ -2940,19 +2929,19 @@ static int wolfssl_aes_set_key(const unsigned char *key, const int bits,
     /* Validate parameters. */
     if ((key == NULL) || (aes == NULL)) {
         WOLFSSL_MSG("Null argument passed in");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     XMEMSET(aes, 0, sizeof(AES_KEY));
 
     if (wc_AesInit((Aes*)aes, NULL, INVALID_DEVID) != 0) {
         WOLFSSL_MSG("Error in initting AES key");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, enc) != 0) {
         WOLFSSL_MSG("Error in setting AES key");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     return 0;
 }
diff --git a/src/ssl_load.c b/src/ssl_load.c
index 60eb72167d..f20de2c34d 100644
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -1,6 +1,6 @@
 /* ssl_load.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -137,26 +137,16 @@ static int DataToDerBuffer(const unsigned char* buff, word32 len, int format,
             FreeDer(der);
         }
     #else
+        (void)algId;
         ret = NOT_COMPILED_IN;
     #endif
     }
     /* Data in buffer is ASN.1 format - get first SEQ or OCT into der. */
     else {
-        int length;
-        word32 inOutIdx = 0;
-
         /* Get length of SEQ including header. */
         if ((info->consumed = wolfssl_der_length(buff, (int)len)) > 0) {
             ret = 0;
         }
-        /* Private keys may be wrapped in OCT when PKCS#8 wrapper removed.
-         * TODO: is this really needed? */
-        else if ((type == PRIVATEKEY_TYPE) &&
-                (GetOctetString(buff, &inOutIdx, &length, len) >= 0)) {
-            /* Include octet string DER header. */
-            info->consumed = length + inOutIdx;
-            ret = 0;
-        }
         else {
             ret = ASN_PARSE_E;
         }
@@ -302,22 +292,11 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 
     WOLFSSL_ENTER("ProcessUserChain");
 
-    /* Validate parameters. */
-    if ((type == CA_TYPE) && (ctx == NULL)) {
-        WOLFSSL_MSG("Need context for CA load");
-        ret = BAD_FUNC_ARG;
-    }
-
-    /* Ignore non-certificate types. */
-    if ((ret == 0) && (type != CERT_TYPE) && (type != CHAIN_CERT_TYPE) &&
-            (type != CA_TYPE)) {
-        WOLFSSL_MSG("File type not a certificate");
-    }
     /* Check we haven't consumed all the data. */
-    else if ((ret == 0) && (info->consumed >= sz)) {
+    if (info->consumed >= sz) {
         WOLFSSL_MSG("Already consumed data");
     }
-    else if (ret == 0) {
+    else {
     #ifndef WOLFSSL_SMALL_STACK
         byte stackBuffer[FILE_BUFFER_SIZE];
     #endif
@@ -884,17 +863,17 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     ret = wc_falcon_init(key);
     if (ret == 0) {
         /* Set up key to parse the format specified. */
-        if (*keyFormat == FALCON_LEVEL1k) {
+        if ((*keyFormat == FALCON_LEVEL1k) || ((*keyFormat == 0) &&
+                ((der->length == FALCON_LEVEL1_KEY_SIZE) ||
+                 (der->length == FALCON_LEVEL1_PRV_KEY_SIZE)))) {
             ret = wc_falcon_set_level(key, 1);
         }
-        else if (*keyFormat == FALCON_LEVEL5k) {
+        else if ((*keyFormat == FALCON_LEVEL5k) || ((*keyFormat == 0) &&
+                 ((der->length == FALCON_LEVEL5_KEY_SIZE) ||
+                  (der->length == FALCON_LEVEL5_PRV_KEY_SIZE)))) {
             ret = wc_falcon_set_level(key, 5);
         }
         else {
-            /* What if *keyformat is 0? We might want to do something more
-             * graceful here. */
-            /* TODO: get the size of the private key for different formats and
-             * compare with DER length. */
             wc_falcon_free(key);
             ret = ALGO_ID_E;
         }
@@ -935,6 +914,11 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         /* Free dynamically allocated data in key. */
         wc_falcon_free(key);
     }
+    else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) {
+        WOLFSSL_MSG("Not a Falcon key");
+        /* Format unknown so keep trying. */
+        ret = 0;
+    }
 
     /* Dispose of allocated key. */
     XFREE(key, heap, DYNAMIC_TYPE_FALCON);
@@ -977,20 +961,22 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     ret = wc_dilithium_init(key);
     if (ret == 0) {
         /* Set up key to parse the format specified. */
-        if (*keyFormat == DILITHIUM_LEVEL2k) {
+        if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) &&
+            ((der->length == DILITHIUM_LEVEL2_KEY_SIZE) ||
+             (der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) {
             ret = wc_dilithium_set_level(key, 2);
         }
-        else if (*keyFormat == DILITHIUM_LEVEL3k) {
+        else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) &&
+            ((der->length == DILITHIUM_LEVEL3_KEY_SIZE) ||
+             (der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) {
             ret = wc_dilithium_set_level(key, 3);
         }
-        else if (*keyFormat == DILITHIUM_LEVEL5k) {
+        else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) &&
+            ((der->length == DILITHIUM_LEVEL5_KEY_SIZE) ||
+             (der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) {
             ret = wc_dilithium_set_level(key, 5);
         }
         else {
-            /* What if *keyformat is 0? We might want to do something more
-             * graceful here. */
-            /* TODO: get the size of the private key for different formats and
-             * compare with DER length. */
             wc_dilithium_free(key);
             ret = ALGO_ID_E;
         }
@@ -1036,6 +1022,11 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         /* Free dynamically allocated data in key. */
         wc_dilithium_free(key);
     }
+    else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) {
+        WOLFSSL_MSG("Not a Dilithium key");
+        /* Format unknown so keep trying. */
+        ret = 0;
+    }
 
     /* Dispose of allocated key. */
     XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);
@@ -1353,24 +1344,10 @@ static int ProcessBufferPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     int algId)
 {
     int ret;
-#if (defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)) || \
-     defined(HAVE_PKCS8)
-    word32 p8AlgId = 0;
-#endif
 
     (void)info;
     (void)format;
 
-#ifdef HAVE_PKCS8
-    /* Try and remove PKCS8 header and get algorithm id. */
-    ret = ToTraditional_ex(der->buffer, der->length, &p8AlgId);
-    if (ret > 0) {
-        /* Header stripped inline. */
-        der->length = (word32)ret;
-        algId = p8AlgId;
-    }
-#endif
-
     /* Put the data into the SSL or SSL context object. */
     ret = ProcessBufferPrivKeyHandleDer(ctx, ssl, &der, type);
     if (ret == 0) {
@@ -1584,7 +1561,9 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     }
     #endif
 #ifndef WC_STRICT_SIG
-    wolfssl_set_have_from_key_oid(ctx, ssl, cert->keyOID);
+    if ((ctx != NULL) || (ssl != NULL)) {
+        wolfssl_set_have_from_key_oid(ctx, ssl, (int)cert->keyOID);
+    }
 #else
     /* Set whether ECC is available based on signature available. */
     if (ssl != NULL) {
@@ -2391,7 +2370,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
     if (ret == 0) {
         ret = 1;
     }
-    else if (ret == WOLFSSL_FATAL_ERROR) {
+    else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
         ret = 0;
     }
     WOLFSSL_LEAVE("ProcessBuffer", ret);
@@ -2880,6 +2859,41 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
     return WS_RETURN_CODE(ret, 0);
 }
 
+/* Load a file and/or files in path, with OpenSSL-compatible semantics.
+ *
+ * No c_rehash.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      file   Name of file to load. May be NULL.
+ * @param [in]      path   Path to directory containing PEM CA files.
+ *                         May be NULL.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_load_verify_locations_compat(WOLFSSL_CTX* ctx, const char* file,
+                                     const char* path)
+{
+    /* We want to keep trying to load more CA certs even if one cert in the
+     * directory is bad and can't be used (e.g. if one is expired), and we
+     * want to return success if any were successfully loaded (mimicking
+     * OpenSSL SSL_CTX_load_verify_locations() semantics), so we use
+     * WOLFSSL_LOAD_FLAG_IGNORE_ERR.  OpenSSL (as of v3.3.2) actually
+     * returns success even if no certs are loaded (e.g. because the
+     * supplied "path" doesn't exist or access is prohibited), and only
+     * returns failure if the "file" is non-null and fails to load.
+     *
+     * Note that if a file is supplied and can't be successfully loaded, the
+     * overall call fails and the path is never even evaluated.  This is
+     * consistent with OpenSSL behavior.
+     */
+
+    int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS | WOLFSSL_LOAD_FLAG_IGNORE_ERR);
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RETURN_CODE(ret, 0);
+}
+
 #ifdef WOLFSSL_SYS_CA_CERTS
 
 #ifdef USE_WINDOWS_API
@@ -4798,7 +4812,8 @@ int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
         }
         if (ret == 1) {
             /* Push the X509 object onto stack. */
-            ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509);
+            ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509) > 0
+                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         }
 
         if (ret != 1) {
@@ -4825,8 +4840,7 @@ int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
     WOLFSSL_ENTER("wolfSSL_add0_chain_cert");
 
     /* Validate parameters. */
-    if ((ssl == NULL) || (ssl->ctx == NULL) || (x509 == NULL) ||
-            (x509->derCert == NULL)) {
+    if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) {
         ret = 0;
     }
 
@@ -4863,7 +4877,8 @@ int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
         }
         if (ret == 1) {
             /* Push X509 object onto stack to be freed. */
-            ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509);
+            ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509) > 0
+                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
             if (ret != 1) {
                 /* Free it now on error. */
                 wolfSSL_X509_free(x509);
@@ -4889,8 +4904,7 @@ int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
     WOLFSSL_ENTER("wolfSSL_add1_chain_cert");
 
     /* Validate parameters. */
-    if ((ssl == NULL) || (ssl->ctx == NULL) || (x509 == NULL) ||
-            (x509->derCert == NULL)) {
+    if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) {
         ret = 0;
     }
 
@@ -5086,9 +5100,9 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
 {
     int ret;
 #ifdef XGETENV
-    char* certDir;
-    char* certFile;
-    word32 flags;
+    char* certDir = NULL;
+    char* certFile = NULL;
+    word32 flags = 0;
 #elif !defined(WOLFSSL_SYS_CA_CERTS)
     (void)ctx;
 #endif
@@ -5096,8 +5110,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
     WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths");
 
 #ifdef XGETENV
-    certDir = XGETENV("SSL_CERT_DIR");
-    certFile = XGETENV("SSL_CERT_FILE");
+    certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER);
+    certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER);
     flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY;
 
     if ((certDir != NULL) || (certFile != NULL)) {
@@ -5130,7 +5144,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
     #elif defined(WOLFSSL_SYS_CA_CERTS)
         /* Load the system CA certificates. */
         ret = wolfSSL_CTX_load_system_CA_certs(ctx);
-        if (ret == WOLFSSL_BAD_PATH) {
+        if (ret == WC_NO_ERR_TRACE(WOLFSSL_BAD_PATH)) {
             /* OpenSSL doesn't treat the lack of a system CA cert directory as a
              * failure. We do the same here.
              */
@@ -5143,6 +5157,10 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
     #endif
     }
 
+#ifdef XGETENV
+    XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
     WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret);
 
     return ret;
@@ -5255,9 +5273,10 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
 
     if (ret == 1) {
         /* Allocate buffers for p and g to be assigned into SSL. */
-        pAlloc = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        gAlloc = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         if ((pAlloc == NULL) || (gAlloc == NULL)) {
+            /* Memory will be freed below in the (ret != 1) block */
             ret = MEMORY_E;
         }
     }
@@ -5314,7 +5333,7 @@ static int wolfssl_check_dh_key(unsigned char* p, int pSz, unsigned char* g,
         /* Initialize a DH object. */
         if ((ret = wc_InitDhKey(checkKey)) == 0) {
             /* Check DH parameters. */
-            ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, gSz, NULL, 0, 0, &rng);
+            ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz, NULL, 0, 0, &rng);
             /* Dispose of DH object. */
             wc_FreeDhKey(checkKey);
         }
@@ -5413,13 +5432,9 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
 
     if (ret == 1) {
         /* Allocate buffers for p and g to be assigned into SSL context. */
-        pAlloc = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        gAlloc = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         if ((pAlloc == NULL) || (gAlloc == NULL)) {
-            XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            pAlloc = NULL;
-            XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            gAlloc = NULL;
             ret = MEMORY_E;
         }
     }
@@ -5432,12 +5447,10 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
         ret = wolfssl_ctx_set_tmp_dh(ctx, pAlloc, pSz, gAlloc, gSz);
     }
 
-    if (ret != 1) {
+    if ((ret != 1) && (ctx != NULL)) {
         /* Free the allocated buffers if not assigned into SSL context. */
-        if (pAlloc)
-            XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        if (gAlloc)
-            XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
     }
     return ret;
 }
@@ -5470,7 +5483,7 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
     }
 
     if (ret == 1) {
-        /* Get needed size for p and g. */
+        /* Get sizes of p and g. */
         pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
         gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
         /* Validate p and g size. */
@@ -5501,7 +5514,7 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
         ret = wolfssl_set_tmp_dh(ssl, p, pSz, g, gSz);
     }
 
-    if (ret != 1 && ssl != NULL) {
+    if ((ret != 1) && (ssl != NULL)) {
         /* Free the allocated buffers if not assigned into SSL. */
         XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -5536,7 +5549,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
     }
 
     if (ret == 1) {
-        /* Get needed size for p and g. */
+        /* Get sizes of p and g. */
         pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
         gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
         /* Validate p and g size. */
@@ -5675,11 +5688,11 @@ static int ws_ctx_ssl_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         }
         else if (ssl != NULL) {
             /* Set p and g into SSL. */
-            res = wolfssl_set_tmp_dh(ssl, p, (int)pSz, g, gSz);
+            res = wolfssl_set_tmp_dh(ssl, p, (int)pSz, g, (int)gSz);
         }
         else {
             /* Set p and g into SSL context. */
-            res = wolfssl_ctx_set_tmp_dh(ctx, p, (int)pSz, g, gSz);
+            res = wolfssl_ctx_set_tmp_dh(ctx, p, (int)pSz, g, (int)gSz);
         }
     }
 
diff --git a/src/ssl_misc.c b/src/ssl_misc.c
index d52c2cd4a1..9a5f4b042a 100644
--- a/src/ssl_misc.c
+++ b/src/ssl_misc.c
@@ -1,6 +1,6 @@
 /* ssl_misc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -165,7 +165,15 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz,
     if (bio->type == WOLFSSL_BIO_MEMORY) {
         ret = wolfSSL_BIO_get_mem_data(bio, data);
         if (ret > 0) {
-            bio->rdIdx += ret;
+            /* Advance the write index in the memory bio */
+            WOLFSSL_BIO* mem_bio = bio;
+            for (; mem_bio != NULL; mem_bio = mem_bio->next) {
+                if (mem_bio->type == WOLFSSL_BIO_MEMORY)
+                    break;
+            }
+            if (mem_bio == NULL)
+                mem_bio = bio; /* Default to input */
+            mem_bio->rdIdx += ret;
         }
         *memAlloced = 0;
     }
diff --git a/src/ssl_p7p12.c b/src/ssl_p7p12.c
index 11b6c40a9a..fba27676db 100644
--- a/src/ssl_p7p12.c
+++ b/src/ssl_p7p12.c
@@ -94,8 +94,7 @@ void wolfSSL_PKCS7_free(PKCS7* pkcs7)
     WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
 
     if (p7 != NULL) {
-        if (p7->data != NULL)
-            XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7);
+        XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7);
         wc_PKCS7_Free(&p7->pkcs7);
         if (p7->certs)
             wolfSSL_sk_pop_free(p7->certs, NULL);
@@ -230,7 +229,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
         if (!ret)
             ret = wolfSSL_sk_X509_new_null();
         if (x509) {
-            if (wolfSSL_sk_X509_push(ret, x509) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_push(ret, x509) <= 0) {
                 wolfSSL_X509_free(x509);
                 WOLFSSL_MSG("wolfSSL_sk_X509_push error");
                 goto error;
@@ -295,7 +294,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
         return NULL;
     }
 
-    if (wolfSSL_sk_X509_push(signers, x509) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_X509_push(signers, x509) <= 0) {
         wolfSSL_sk_X509_pop_free(signers, NULL);
         return NULL;
     }
@@ -352,7 +351,7 @@ int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out)
     int localBuf = 0;
     int len;
     WC_RNG rng;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_i2d_PKCS7");
 
     if (!out || !p7) {
@@ -397,9 +396,9 @@ int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out)
         wc_FreeRng(&rng);
         p7->rng = NULL;
     }
-    if (ret == WOLFSSL_FAILURE && localBuf && output)
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE) && localBuf)
         XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (ret != WOLFSSL_FAILURE)
+    if (ret != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
         *out = output;
     return ret;
 }
@@ -408,7 +407,7 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
 {
     byte* output = NULL;
     int len;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio");
 
     if (!bio || !p7) {
@@ -416,7 +415,9 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
         return WOLFSSL_FAILURE;
     }
 
-    if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == WOLFSSL_FAILURE) {
+    if ((len = wolfSSL_i2d_PKCS7(p7, &output)) ==
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+    {
         WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error");
         goto cleanup;
     }
@@ -428,8 +429,7 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
 
     ret = WOLFSSL_SUCCESS;
 cleanup:
-    if (output)
-        XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -602,7 +602,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
             canonLineLen = (word32)lineLen;
             if ((canonLine = wc_MIME_single_canonicalize(
                                 line, &canonLineLen)) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
             }
 
@@ -612,7 +612,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
             }
 
             if (wolfSSL_BIO_write(out, canonLine, (int)canonLineLen) < 0) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
             }
             XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
@@ -621,15 +621,13 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
         else {
             /* no line ending in current line, write direct to out */
             if (wolfSSL_BIO_write(out, line, lineLen) < 0) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
             }
         }
     }
 
-    if (canonLine != NULL) {
-        XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
-    }
+    XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(line, in->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -718,9 +716,7 @@ int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags)
                 }
             }
 
-            if (mem != NULL) {
-                XFREE(mem, in->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            }
+            XFREE(mem, in->heap, DYNAMIC_TYPE_TMP_BUFFER);
         }
         else {
     #ifdef HAVE_SMIME
@@ -746,9 +742,7 @@ int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags)
     }
 
     if (ret == 1) {
-        if (p7->data != NULL) {
-            XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7);
-        }
+        XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7);
         p7->data = (byte*)XMALLOC(memSz, NULL, DYNAMIC_TYPE_PKCS7);
         if (p7->data == NULL) {
             ret = 0;
@@ -1040,19 +1034,11 @@ int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
 
 error:
 #ifdef WOLFSSL_SMALL_STACK
-    if (outputHead) {
-        XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (outputFoot) {
-        XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-    if (output) {
-        XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (pem) {
-        XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
     return WOLFSSL_FAILURE;
 }
 
@@ -1168,7 +1154,8 @@ PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
             }
             XMEMSET(boundary, 0, (word32)(boundLen+1));
             boundary[0] = boundary[1] = '-';
-            XSTRNCPY(&boundary[2], curParam->value, boundLen-2);
+            /* analyzers have issues with using strncpy and strcpy here */
+            XMEMCPY(&boundary[2], curParam->value, boundLen - 2);
 
             /* Parse up to first boundary, ignore everything here. */
             lineLen = wolfSSL_BIO_gets(in, section, remainLen);
@@ -1387,10 +1374,8 @@ PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
     XFREE(boundary, NULL, DYNAMIC_TYPE_PKCS7);
     XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7);
     XFREE(section, NULL, DYNAMIC_TYPE_PKCS7);
-    if (canonSection != NULL)
-        XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7);
-    if (canonLine != NULL)
-        XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
     if (bcont) {
         wolfSSL_BIO_free(*bcont);
         *bcont = NULL; /* reset 'bcount' pointer to NULL on failure */
@@ -1491,7 +1476,9 @@ int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in,
 
     if (ret > 0) {
         /* Generate signedData bundle, DER in output (dynamic) */
-        if ((len = wolfSSL_i2d_PKCS7((PKCS7*)p7, &p7out)) == WOLFSSL_FAILURE) {
+        if ((len = wolfSSL_i2d_PKCS7((PKCS7*)p7, &p7out)) ==
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             WOLFSSL_MSG("Error in wolfSSL_i2d_PKCS7");
             ret = 0;
         }
@@ -1607,12 +1594,8 @@ int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in,
         }
     }
 
-    if (p7out != NULL) {
-        XFREE(p7out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (sigBase64 != NULL) {
-        XFREE(sigBase64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(p7out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(sigBase64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (ret > 0) {
         return WOLFSSL_SUCCESS;
@@ -1704,8 +1687,7 @@ WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
     }
 
     /* cleanup */
-    if (mem != NULL)
-        XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (ret < 0 && localPkcs12 != NULL) {
         wc_PKCS12_free(localPkcs12);
         localPkcs12 = NULL;
@@ -1725,7 +1707,7 @@ WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
  */
 int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_i2d_PKCS12_bio");
 
@@ -1740,9 +1722,7 @@ int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12)
             }
         }
 
-        if (certDer != NULL) {
-            XFREE(certDer, NULL, DYNAMIC_TYPE_PKCS);
-        }
+        XFREE(certDer, NULL, DYNAMIC_TYPE_PKCS);
     }
 
     return ret;
@@ -1904,12 +1884,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
         *ca = (WOLF_STACK_OF(WOLFSSL_X509)*)XMALLOC(
             sizeof(WOLF_STACK_OF(WOLFSSL_X509)), heap, DYNAMIC_TYPE_X509);
         if (*ca == NULL) {
-            if (pk != NULL) {
-                XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            }
-            if (certData != NULL) {
-                XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
-            }
+            XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+            XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
             /* Free up WC_DerCertList and move on */
             while (current != NULL) {
                 WC_DerCertList* next = current->next;
@@ -1943,12 +1919,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
                     FreeDecodedCert(DeCert);
                     wolfSSL_X509_free(x509);
                     wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
-                    if (pk != NULL) {
-                        XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-                    }
-                    if (certData != NULL) {
-                        XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
-                    }
+                    XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+                    XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
                     /* Free up WC_DerCertList */
                     while (current != NULL) {
                         WC_DerCertList* next = current->next;
@@ -1962,16 +1934,12 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
                 }
                 FreeDecodedCert(DeCert);
 
-                if (wolfSSL_sk_X509_push(*ca, x509) != 1) {
+                if (wolfSSL_sk_X509_push(*ca, x509) <= 0) {
                     WOLFSSL_MSG("Failed to push x509 onto stack");
                     wolfSSL_X509_free(x509);
                     wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
-                    if (pk != NULL) {
-                        XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-                    }
-                    if (certData != NULL) {
-                        XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
-                    }
+                    XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+                    XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
 
                     /* Free up WC_DerCertList */
                     while (current != NULL) {
@@ -1997,9 +1965,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
         *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
             DYNAMIC_TYPE_X509);
         if (*cert == NULL) {
-            if (pk != NULL) {
-                XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            }
+            XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
             if (ca != NULL) {
                 wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
             }
@@ -2015,9 +1981,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
         if (CopyDecodedToX509(*cert, DeCert) != 0) {
             WOLFSSL_MSG("Failed to copy decoded cert");
             FreeDecodedCert(DeCert);
-            if (pk != NULL) {
-                XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            }
+            XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
             if (ca != NULL) {
                 wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
             }
@@ -2064,8 +2028,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
             }
         }
     #endif /* HAVE_ECC */
-        if (pk != NULL)
-            XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
+        XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
         if (ret != 0) { /* if is in fail state and no PKEY then fail */
             wolfSSL_X509_free(*cert); *cert = NULL;
             if (ca != NULL) {
diff --git a/src/ssl_sess.c b/src/ssl_sess.c
index 43ce1f54a7..91f2c8473f 100644
--- a/src/ssl_sess.c
+++ b/src/ssl_sess.c
@@ -1004,7 +1004,7 @@ WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
 #else
         current = &sessRow->Sessions[clSess[idx].serverIdx];
 #endif
-        if (current && XMEMCMP(current->serverID, id, len) == 0) {
+        if (current && XMEMCMP(current->serverID, id, (unsigned long)len) == 0) {
             WOLFSSL_MSG("Found a serverid match for client");
             if (LowResTimer() < (current->bornOn + current->timeout)) {
                 WOLFSSL_MSG("Session valid");
@@ -1309,8 +1309,7 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
             output->ticketLenAlloc = 0;
         }
 #ifdef WOLFSSL_SMALL_STACK
-        if (tmpTicket != NULL)
-            XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
         return WOLFSSL_FAILURE;
     }
@@ -1330,16 +1329,12 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
             output->ticketLenAlloc = 0;
         }
 #ifdef WOLFSSL_TLS13
-        if (preallocNonce != NULL) {
-            XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK);
-            preallocNonce = NULL;
-        }
+        XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+        preallocNonce = NULL;
 #endif /* WOLFSSL_TLS13 */
 #ifdef WOLFSSL_SMALL_STACK
-        if (tmpTicket != NULL) {
-            XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            tmpTicket = NULL;
-        }
+        XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        tmpTicket = NULL;
 #endif
 #endif
     }
@@ -1413,12 +1408,11 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
             output->ticketLen = 0;
         }
         if (error == WOLFSSL_SUCCESS) {
-            XMEMCPY(output->ticket, tmpTicket, output->ticketLen);
+            XMEMCPY(output->ticket, tmpTicket, output->ticketLen); /* cppcheck-suppress uninitvar */
         }
     }
 #ifdef WOLFSSL_SMALL_STACK
-    if (tmpTicket != NULL)
-        XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
@@ -1455,8 +1449,7 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
             preallocNonce = NULL;
         }
     }
-    if (preallocNonce != NULL)
-        XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+    XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK);
 #endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
 
 #endif
@@ -1632,7 +1625,7 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx,
                     ID_LEN, &error) % CLIENT_SESSION_ROWS;
         }
         else {
-            error = -1;
+            error = WOLFSSL_FATAL_ERROR;
         }
         if (error == 0 && wc_LockMutex(&clisession_mutex) == 0) {
             clientIdx = (word32)ClientCache[clientRow].nextIdx;
@@ -1651,7 +1644,7 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx,
                 }
             }
             else {
-                error = -1;
+                error = WOLFSSL_FATAL_ERROR;
                 ClientCache[clientRow].nextIdx = 0; /* reset index as safety */
                 WOLFSSL_MSG("Invalid client cache index! "
                             "Possible corrupted memory");
@@ -1716,14 +1709,14 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
         if (clientSession->serverRow >= SESSION_ROWS ||
                 clientSession->serverIdx >= SESSIONS_PER_ROW) {
             WOLFSSL_MSG("Client cache serverRow or serverIdx invalid");
-            error = -1;
+            error = WOLFSSL_FATAL_ERROR;
         }
-        /* Prevent memory access before clientSession->serverRow and
-         * clientSession->serverIdx are sanitized. */
-        XFENCE();
         if (error == 0) {
             /* Lock row */
             sessRow = &SessionCache[clientSession->serverRow];
+            /* Prevent memory access before clientSession->serverRow and
+             * clientSession->serverIdx are sanitized. */
+            XFENCE();
             error = SESSION_ROW_RD_LOCK(sessRow);
             if (error != 0) {
                 WOLFSSL_MSG("Session cache row lock failure");
@@ -1736,10 +1729,12 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
 #else
             cacheSession = &sessRow->Sessions[clientSession->serverIdx];
 #endif
+            /* Prevent memory access */
+            XFENCE();
             if (cacheSession && cacheSession->sessionIDSz == 0) {
                 cacheSession = NULL;
                 WOLFSSL_MSG("Session cache entry not set");
-                error = -1;
+                error = WOLFSSL_FATAL_ERROR;
             }
         }
         if (error == 0) {
@@ -1839,8 +1834,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
         preallocNonce = (byte*)XMALLOC(addSession->ticketNonce.len,
             addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
         if (preallocNonce == NULL) {
-            if (ticBuff != NULL)
-                XFREE(ticBuff, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
+            XFREE(ticBuff, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
             return MEMORY_E;
         }
         preallocNonceLen = addSession->ticketNonce.len;
@@ -1855,7 +1849,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
         WOLFSSL_MSG("Hash session failed");
     #ifdef HAVE_SESSION_TICKET
         XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC)
+    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&      \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
         XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
     #endif
     #endif
@@ -1866,7 +1861,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
     if (SESSION_ROW_WR_LOCK(sessRow) != 0) {
     #ifdef HAVE_SESSION_TICKET
         XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC)
+    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
         XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
     #endif
     #endif
@@ -1905,7 +1901,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
         if (cacheSession == NULL) {
         #ifdef HAVE_SESSION_TICKET
             XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-        #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC)
+        #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+        (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
             XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
         #endif
         #endif
@@ -1994,10 +1991,12 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
 #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) &&                  \
     defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                   \
     (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    ret = wolfSSL_DupSessionEx(addSession, cacheSession, 1, preallocNonce,
-        &preallocNonceLen, &preallocNonceUsed) == WOLFSSL_FAILURE;
+    ret = (wolfSSL_DupSessionEx(addSession, cacheSession, 1, preallocNonce,
+                                &preallocNonceLen, &preallocNonceUsed)
+           == WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #else
-    ret = wolfSSL_DupSession(addSession, cacheSession, 1) == WOLFSSL_FAILURE;
+    ret = (wolfSSL_DupSession(addSession, cacheSession, 1)
+           == WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC
           && FIPS_VERSION_GE(5,3)*/
 #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
@@ -3906,8 +3905,7 @@ static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input,
             }
         }
         else {
-            if (ticBuff != NULL)
-                XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+            XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
             output->ticket = output->staticTicket;
             output->ticketLenAlloc = 0;
         }
@@ -4237,7 +4235,7 @@ const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)
 
 int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
 #ifdef HAVE_EX_DATA
     session = ClientSessionToSession(session);
diff --git a/src/tls.c b/src/tls.c
index 65292169e0..0aff791697 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1,6 +1,6 @@
 /* tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -52,7 +52,7 @@
     #include <wolfssl/wolfcrypt/kyber.h>
 #ifdef WOLFSSL_WC_KYBER
     #include <wolfssl/wolfcrypt/wc_kyber.h>
-#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
+#elif defined(HAVE_LIBOQS)
     #include <wolfssl/wolfcrypt/ext_kyber.h>
 #endif
 #endif
@@ -1056,7 +1056,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
             hashBlock[j] = b;
         }
 
-        ret = Hmac_HashUpdate(hmac, hashBlock, (word32)blockSz);
+        ret = Hmac_HashUpdate(hmac, hashBlock, (word32)blockSz); /* cppcheck-suppress uninitvar */
         if (ret != 0)
             return ret;
         ret = Hmac_HashFinalRaw(hmac, hashBlock);
@@ -1830,7 +1830,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
                                  byte isRequest)
 {
     word16  size = 0, offset = 0, wlen;
-    int     r = BUFFER_ERROR;
+    int     r = WC_NO_ERR_TRACE(BUFFER_ERROR);
     const byte *s;
 
     if (OPAQUE16_LEN > length)
@@ -2682,8 +2682,7 @@ static void TLSX_TCA_Free(TCA* tca, void* heap)
     (void)heap;
 
     if (tca) {
-        if (tca->id)
-            XFREE(tca->id, heap, DYNAMIC_TYPE_TLSX);
+        XFREE(tca->id, heap, DYNAMIC_TYPE_TLSX);
         XFREE(tca, heap, DYNAMIC_TYPE_TLSX);
     }
 }
@@ -3887,7 +3886,7 @@ int TLSX_CSR2_AddPendingSigner(TLSX *extensions, Signer *s)
 
     csr2 = TLSX_CSR2_GetMulti(extensions);
     if (!csr2)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     s->next = csr2->pendingSigners;
     csr2->pendingSigners = s;
@@ -5975,9 +5974,7 @@ static TlsxSrtp* TLSX_UseSRTP_New(word16 ids, void* heap)
 
 static void TLSX_UseSRTP_Free(TlsxSrtp *srtp, void* heap)
 {
-    if (srtp != NULL) {
-        XFREE(srtp, heap, DYNAMIC_TYPE_TLSX);
-    }
+    XFREE(srtp, heap, DYNAMIC_TYPE_TLSX);
     (void)heap;
 }
 
@@ -6594,8 +6591,7 @@ static void TLSX_Cookie_FreeAll(Cookie* cookie, void* heap)
 {
     (void)heap;
 
-    if (cookie != NULL)
-        XFREE(cookie, heap, DYNAMIC_TYPE_TLSX);
+    XFREE(cookie, heap, DYNAMIC_TYPE_TLSX);
 }
 
 /* Get the size of the encoded Cookie extension.
@@ -6748,8 +6744,7 @@ int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data, word16 len, byte* mac,
     if (mac != NULL)
         XMEMCPY(cookie->data + len, mac, macSz);
 
-    if (extension->data != NULL)
-        XFREE(extension->data, ssl->heap, DYNAMIC_TYPE_TLSX);
+    XFREE(extension->data, ssl->heap, DYNAMIC_TYPE_TLSX);
 
     extension->data = (void*)cookie;
     extension->resp = (byte)resp;
@@ -6907,16 +6902,15 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
             InitDecodedCert(cert, input + idx, extLen, ssl->heap);
             didInit = TRUE;
             idx += extLen;
-            ret = GetName(cert, SUBJECT, extLen);
+            ret = GetName(cert, ASN_SUBJECT, extLen);
         }
 
         if (ret == 0 && (name = wolfSSL_X509_NAME_new()) == NULL)
             ret = MEMORY_ERROR;
 
         if (ret == 0) {
-            CopyDecodedName(name, cert, SUBJECT);
-            if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
-                    == WOLFSSL_FAILURE)
+            CopyDecodedName(name, cert, ASN_SUBJECT);
+            if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) <= 0)
                 ret = MEMORY_ERROR;
         }
 
@@ -7392,21 +7386,15 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse)
      * The DhKey will be setup again in TLSX_KeyShare_ProcessDh */
     if (dhKey != NULL)
         wc_FreeDhKey(dhKey);
-    if (kse->key != NULL) {
-        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_DH);
-        kse->key = NULL;
-    }
+    XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_DH);
+    kse->key = NULL;
 
     if (ret != 0) {
         /* Cleanup on error, otherwise data owned by key share entry */
-        if (kse->privKey != NULL) {
-            XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-            kse->privKey = NULL;
-        }
-        if (kse->pubKey != NULL) {
-            XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            kse->pubKey = NULL;
-        }
+        XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->privKey = NULL;
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
     }
 #else
     (void)ssl;
@@ -7488,16 +7476,12 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse)
 
     if (ret != 0) {
         /* Data owned by key share entry otherwise. */
-        if (kse->pubKey != NULL) {
-            XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            kse->pubKey = NULL;
-        }
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
         if (key != NULL)
             wc_curve25519_free(key);
-        if (kse->key != NULL) {
-            XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-            kse->key = NULL;
-        }
+        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = NULL;
     }
 #else
     (void)ssl;
@@ -7576,16 +7560,12 @@ static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse)
 
     if (ret != 0) {
         /* Data owned by key share entry otherwise. */
-        if (kse->pubKey != NULL) {
-            XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            kse->pubKey = NULL;
-        }
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
         if (key != NULL)
             wc_curve448_free(key);
-        if (kse->key != NULL) {
-            XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-            kse->key = NULL;
-        }
+        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = NULL;
     }
 #else
     (void)ssl;
@@ -7739,16 +7719,12 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
 
     if (ret != 0) {
         /* Cleanup on error, otherwise data owned by key share entry */
-        if (kse->pubKey != NULL) {
-            XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            kse->pubKey = NULL;
-        }
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
         if (eccKey != NULL)
             wc_ecc_free(eccKey);
-        if (kse->key != NULL) {
-            XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-            kse->key = NULL;
-        }
+        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = NULL;
     }
 #else
     (void)ssl;
@@ -7957,10 +7933,8 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
 
     wc_KyberKey_Free(kem);
     TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
-    if (pubKey != NULL)
-        XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    if (privKey != NULL)
-        XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
 
     return ret;
 }
@@ -8024,10 +7998,8 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
             if (current->key != NULL) {
                 ForceZero((byte*)current->key, current->keyLen);
             }
-            if (current->pubKey != NULL) {
-                XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-                current->pubKey = NULL;
-            }
+            XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+            current->pubKey = NULL;
             if (current->privKey != NULL) {
                 ForceZero(current->privKey, current->privKeyLen);
                 XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY);
@@ -8246,18 +8218,12 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     /* done with key share, release resources */
     if (dhKey)
         wc_FreeDhKey(dhKey);
-    if (keyShareEntry->key) {
-        XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH);
-        keyShareEntry->key = NULL;
-    }
-    if (keyShareEntry->privKey != NULL) {
-        XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-        keyShareEntry->privKey = NULL;
-    }
-    if (keyShareEntry->pubKey != NULL) {
-        XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        keyShareEntry->pubKey = NULL;
-    }
+    XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH);
+    keyShareEntry->key = NULL;
+    XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    keyShareEntry->privKey = NULL;
+    XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    keyShareEntry->pubKey = NULL;
     XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
     keyShareEntry->ke = NULL;
 #else
@@ -8335,10 +8301,8 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
     wc_curve25519_free(peerX25519Key);
     XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX);
     wc_curve25519_free((curve25519_key*)keyShareEntry->key);
-    if (keyShareEntry->key != NULL) {
-        XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-        keyShareEntry->key = NULL;
-    }
+    XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    keyShareEntry->key = NULL;
 #else
     (void)ssl;
     (void)keyShareEntry;
@@ -8415,10 +8379,8 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     wc_curve448_free(peerX448Key);
     XFREE(peerX448Key, ssl->heap, DYNAMIC_TYPE_TLSX);
     wc_curve448_free((curve448_key*)keyShareEntry->key);
-    if (keyShareEntry->key != NULL) {
-        XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-        keyShareEntry->key = NULL;
-    }
+    XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    keyShareEntry->key = NULL;
 #else
     (void)ssl;
     (void)keyShareEntry;
@@ -8705,7 +8667,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
     !defined(HAVE_SELFTEST)
         if (ret == 0) {
-            ret = wc_ecc_set_rng(keyShareEntry->key, ssl->rng);
+            ret = wc_ecc_set_rng((ecc_key *)keyShareEntry->key, ssl->rng);
             if (ret != 0) {
                 WOLFSSL_MSG("Failure to set the ECC private key RNG.");
             }
@@ -8714,8 +8676,8 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
 
         if (ret == 0) {
             PRIVATE_KEY_UNLOCK();
-            ret = wc_ecc_shared_secret(keyShareEntry->key, &eccpubkey,
-                sharedSecret, &outlen);
+            ret = wc_ecc_shared_secret((ecc_key *)keyShareEntry->key,
+                &eccpubkey, sharedSecret, &outlen);
             PRIVATE_KEY_LOCK();
             if (outlen != sharedSecretLen - ssSz) {
                 WOLFSSL_MSG("ECC shared secret derivation error.");
@@ -8735,9 +8697,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
         ssl->arrays->preMasterSz = (word32) sharedSecretLen;
     }
 
-    if (sharedSecret != NULL) {
-        XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
-    }
+    XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
 
     wc_ecc_free(&eccpubkey);
     wc_KyberKey_Free(kem);
@@ -9193,14 +9153,14 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
     !defined(HAVE_SELFTEST)
         if (ret == 0) {
-            ret = wc_ecc_set_rng(ecc_kse->key, ssl->rng);
+            ret = wc_ecc_set_rng((ecc_key *)ecc_kse->key, ssl->rng);
         }
 #endif
 
         if (ret == 0) {
             outlen = ecc_kse->keyLen;
             PRIVATE_KEY_UNLOCK();
-            ret = wc_ecc_shared_secret(ecc_kse->key, &eccpubkey,
+            ret = wc_ecc_shared_secret((ecc_key *)ecc_kse->key, &eccpubkey,
                                        sharedSecret,
                                        &outlen);
             PRIVATE_KEY_LOCK();
@@ -9224,9 +9184,7 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
     }
 
     if (ret == 0) {
-        if (keyShareEntry->ke != NULL) {
-            XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        }
+        XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
 
         keyShareEntry->ke = sharedSecret;
         keyShareEntry->keLen = outlen + ssSz;
@@ -9244,10 +9202,8 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
     }
 
     TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
-    if (sharedSecret != NULL)
-        XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
-    if (ciphertext != NULL)
-        XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX);
+    XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
+    XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX);
     wc_ecc_free(&eccpubkey);
     wc_KyberKey_Free(kem);
     return ret;
@@ -9312,9 +9268,7 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data,
     else
 #endif
     if (data != NULL) {
-        if (keyShareEntry->ke != NULL) {
-            XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        }
+        XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         keyShareEntry->ke = data;
         keyShareEntry->keLen = len;
     }
@@ -9504,9 +9458,6 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
             }
             break;
         }
-    #elif defined(HAVE_PQM4)
-        case WOLFSSL_KYBER_LEVEL1:
-            break;
     #endif
 #endif
         default:
@@ -9575,8 +9526,6 @@ static const word16 preferredGroup[] = {
     WOLFSSL_P256_KYBER_LEVEL1,
     WOLFSSL_P384_KYBER_LEVEL3,
     WOLFSSL_P521_KYBER_LEVEL5,
-#elif defined(HAVE_PQM4)
-    WOLFSSL_KYBER_LEVEL1,
 #endif
     WOLFSSL_NAMED_GROUP_INVALID
 };
@@ -9610,14 +9559,14 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group)
 
 #ifdef HAVE_LIBOQS
       if (!TLSX_KeyShare_IsSupported(group))
-          return -1;
+          return WOLFSSL_FATAL_ERROR;
 #endif
 
     for (i = 0; i < numGroups; i++)
         if (groups[i] == (word16)group)
             return i;
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* Set a key share that is supported by the client into extensions.
@@ -9965,7 +9914,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE)
         /* for async do setup of serverKSE below, but return WC_PENDING_E */
         if (ret != 0
         #ifdef WOLFSSL_ASYNC_CRYPT
-            && ret != WC_PENDING_E
+            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             TLSX_KeyShare_FreeAll(list, ssl->heap);
@@ -12106,8 +12055,7 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig,
         ech->hpke = NULL;
     }
 
-    if (info != NULL)
-        XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -12130,6 +12078,11 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
     if (size == 0)
         return BAD_FUNC_ARG;
 
+    if (ssl->options.disableECH) {
+        WOLFSSL_MSG("TLSX_ECH_Parse: ECH disabled. Ignoring.");
+        return 0;
+    }
+
     if (msgType == encrypted_extensions) {
         ret = wolfSSL_SetEchConfigs(ssl, readBuf, size);
 
@@ -12263,13 +12216,11 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
 /* free the ech struct and the dynamic buffer it uses */
 static void TLSX_ECH_Free(WOLFSSL_ECH* ech, void* heap)
 {
-    if (ech->innerClientHello != NULL)
-        XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (ech->ephemeralKey != NULL)
         wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, ech->ephemeralKey,
             ech->hpke->heap);
-    if (ech->hpke != NULL)
-        XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER);
     (void)heap;
@@ -13190,7 +13141,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3,
                                      ssl->heap);
 #endif
-#ifdef WOLFSSL_KYBER768
+#ifdef WOLFSSL_KYBER1024
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5,
                                      ssl->heap);
@@ -13215,8 +13166,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5,
                                      ssl->heap);
-#elif defined(HAVE_PQM4)
-    ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap);
 #endif /* HAVE_LIBOQS */
 #endif /* WOLFSSL_HAVE_KYBER */
 
@@ -13551,7 +13500,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                         ssl->arrays->client_identity, MAX_PSK_ID_LEN,
                         ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName);
                     if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
-                                        &cipherSuite, &cipherSuiteFlags) != 0) {
+                            &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) {
                         return PSK_KEY_ERROR;
                     }
                 }
@@ -13637,18 +13586,21 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
         #endif
 #if defined(HAVE_ECH)
             /* GREASE ECH */
-            if (ssl->echConfigs == NULL) {
-                ret = GREASE_ECH_USE(&(ssl->extensions), ssl->heap, ssl->rng);
-            }
-            else if (ssl->echConfigs != NULL) {
-                ret = ECH_USE(ssl->echConfigs, &(ssl->extensions), ssl->heap,
-                    ssl->rng);
+            if (!ssl->options.disableECH) {
+                if (ssl->echConfigs == NULL) {
+                    ret = GREASE_ECH_USE(&(ssl->extensions), ssl->heap,
+                            ssl->rng);
+                }
+                else if (ssl->echConfigs != NULL) {
+                    ret = ECH_USE(ssl->echConfigs, &(ssl->extensions),
+                            ssl->heap, ssl->rng);
+                }
             }
 #endif
         }
 #if defined(HAVE_ECH)
         else if (IsAtLeastTLSv1_3(ssl->version)) {
-            if (ssl->ctx->echConfigs != NULL) {
+            if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
                 ret = SERVER_ECH_USE(&(ssl->extensions), ssl->heap,
                     ssl->ctx->echConfigs);
 
@@ -13838,7 +13790,8 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word32* pLength)
     }
     #endif
 #if defined(HAVE_ECH)
-    if (ssl->options.useEch == 1 && msgType == client_hello) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH
+            && msgType == client_hello) {
         ret = TLSX_GetSizeWithEch(ssl, semaphore, msgType, &length);
         if (ret != 0)
             return ret;
@@ -14083,7 +14036,8 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word32* pOffset)
     #endif
 #endif
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
-    if (ssl->options.useEch == 1 && msgType == client_hello) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH
+            && msgType == client_hello) {
         ret = TLSX_WriteWithEch(ssl, output, semaphore,
                          msgType, &offset);
         if (ret != 0)
diff --git a/src/tls13.c b/src/tls13.c
index ef37c29ab2..df4ab791bd 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -1,6 +1,6 @@
 /* tls13.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -221,7 +221,7 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
 #endif
     (void)ssl;
     PRIVATE_KEY_UNLOCK();
-#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
     ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
                                      protocol, protocolLen,
                                      label, labelLen,
@@ -261,7 +261,7 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
         return ret;
 #endif
 
-#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
     ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
                                       protocol, protocolLen,
                                       label, labelLen,
@@ -1137,7 +1137,7 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt,
 #endif
     {
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
         ret = wc_Tls13_HKDF_Extract_ex(prk, salt, (word32)saltLen, ikm, (word32)ikmLen, digest,
             ssl->heap, ssl->devId);
     #else
@@ -3199,6 +3199,7 @@ typedef struct BuildMsg13Args {
     word32 idx;
     word32 headerSz;
     word16 size;
+    word32 paddingSz;
 } BuildMsg13Args;
 
 static void FreeBuildMsg13Args(WOLFSSL* ssl, void* pArgs)
@@ -3304,7 +3305,14 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             args->sz++;
             /* Authentication data at the end. */
             args->sz += ssl->specs.aead_mac_size;
-
+#ifdef WOLFSSL_DTLS13
+            /* Pad to minimum length */
+            if (ssl->options.dtls &&
+                    args->sz < (word32)Dtls13MinimumRecordLength(ssl)) {
+                args->paddingSz = Dtls13MinimumRecordLength(ssl) - args->sz;
+                args->sz = Dtls13MinimumRecordLength(ssl);
+            }
+#endif
             if (sizeOnly)
                 return (int)args->sz;
 
@@ -3348,6 +3356,9 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 
             /* The real record content type goes at the end of the data. */
             output[args->idx++] = (byte)type;
+            /* Double check that any necessary padding is zero'd out */
+            XMEMSET(output + args->idx, 0, args->paddingSz);
+            args->idx += args->paddingSz;
 
             ssl->options.buildMsgState = BUILD_MSG_ENCRYPT;
         }
@@ -3393,7 +3404,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 #ifdef WOLFSSL_DTLS13
                 if (ret == 0 && ssl->options.dtls) {
                     /* AAD points to the header. Reuse the variable  */
-                    ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad, (word16)args->sz);
+                    ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad,
+                                                    (word16)args->sz);
                 }
 #endif /* WOLFSSL_DTLS13 */
             }
@@ -3940,7 +3952,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
                     MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN,
                     &cipherName);
             if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
-                                       &cipherSuite, &cipherSuiteFlags) != 0) {
+                            &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) {
                 WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
                 return PSK_KEY_ERROR;
             }
@@ -4145,7 +4157,7 @@ int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config)
             return i;
     }
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* returns status after we hash the ech inner */
@@ -4153,7 +4165,11 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech)
 {
     int ret;
     HS_Hashes* tmpHashes;
+#ifdef WOLFSSL_DTLS13
+    byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ];
+#else
     byte falseHeader[HANDSHAKE_HEADER_SZ];
+#endif
 
     if (ssl == NULL || ech == NULL)
         return BAD_FUNC_ARG;
@@ -4415,14 +4431,14 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 
     /* find length of outer and inner */
 #if defined(HAVE_ECH)
-    if (ssl->options.useEch == 1) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH) {
         TLSX* echX = TLSX_Find(ssl->extensions, TLSX_ECH);
         if (echX == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 
         args->ech = (WOLFSSL_ECH*)echX->data;
         if (args->ech == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 
         /* set the type to inner */
         args->ech->type = ECH_TYPE_INNER;
@@ -4455,8 +4471,17 @@ int SendTls13ClientHello(WOLFSSL* ssl)
         if (ret != 0)
             return ret;
 
+        /* Total message size. */
+        args->sendSz =
+                (int)(args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ);
+
+#ifdef WOLFSSL_DTLS13
+        if (ssl->options.dtls)
+            args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
+#endif /* WOLFSSL_DTLS13 */
+
 #ifdef WOLFSSL_DTLS_CH_FRAG
-        if (ssl->options.dtls && args->length > maxFrag &&
+        if (ssl->options.dtls && args->sendSz > maxFrag &&
                 TLSX_Find(ssl->extensions, TLSX_COOKIE) == NULL) {
             /* Try again with an empty key share if we would be fragmenting
              * without a cookie */
@@ -4467,7 +4492,9 @@ int SendTls13ClientHello(WOLFSSL* ssl)
             ret = TLSX_GetRequestSize(ssl, client_hello, &args->length);
             if (ret != 0)
                 return ret;
-            if (args->length > maxFrag) {
+            args->sendSz = (int)(args->length +
+                    DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ);
+            if (args->sendSz > maxFrag) {
                 WOLFSSL_MSG("Can't fit first CH in one fragment.");
                 return BUFFER_ERROR;
             }
@@ -4476,14 +4503,6 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 #endif
     }
 
-    /* Total message size. */
-    args->sendSz = (int)(args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ);
-
-#ifdef WOLFSSL_DTLS13
-    if (ssl->options.dtls)
-        args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
-#endif /* WOLFSSL_DTLS13 */
-
     /* Check buffers are big enough and grow if needed. */
     if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0)
         return ret;
@@ -4563,7 +4582,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 
 #if defined(HAVE_ECH)
     /* write inner then outer */
-    if (ssl->options.useEch == 1) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH) {
         /* set the type to inner */
         args->ech->type = ECH_TYPE_INNER;
 
@@ -4623,7 +4642,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 
 #if defined(HAVE_ECH)
     /* encrypt and pack the ech innerClientHello */
-    if (ssl->options.useEch == 1) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH) {
         ret = TLSX_FinalizeEch(args->ech,
             args->output + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ,
             (word32)(args->sendSz - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ)));
@@ -4653,11 +4672,9 @@ int SendTls13ClientHello(WOLFSSL* ssl)
         {
 #if defined(HAVE_ECH)
             /* compute the inner hash */
-            if (ssl->options.useEch == 1) {
+            if (ssl->options.useEch == 1 && !ssl->options.disableECH)
                 ret = EchHashHelloInner(ssl, args->ech);
-            }
 #endif
-
             /* compute the outer hash */
             if (ret == 0)
                 ret = HashOutput(ssl, args->output, (int)args->idx, 0);
@@ -4815,7 +4832,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
                 break;
 #endif /* WOLFSSL_SM3 */
             default:
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
         }
     }
@@ -4823,7 +4840,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
         ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize,
             ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk,
             ssl->heap, ssl->devId);
@@ -4953,7 +4970,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
                 break;
 #endif /* WOLFSSL_SM3 */
             default:
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
         }
 
@@ -4961,7 +4978,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
         ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize,
             ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk,
             ssl->heap, ssl->devId);
@@ -5472,7 +5489,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
 #if defined(HAVE_ECH)
     /* check for acceptConfirmation and HashInput with 8 0 bytes */
-    if (ssl->options.useEch == 1) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH) {
         ret = EchCheckAcceptance(ssl, input, args->serverRandomOffset, (int)helloSz);
         if (ret != 0)
             return ret;
@@ -5851,7 +5868,7 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
          if (*psk_keySz != 0) {
              int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE;
              *found = (GetCipherSuiteFromName(cipherName, &cipherSuite0,
-                 &cipherSuite, &cipherSuiteFlags) == 0);
+                 &cipherSuite, NULL, NULL, &cipherSuiteFlags) == 0);
              (void)cipherSuiteFlags;
          }
     }
@@ -6932,12 +6949,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         goto exit_dch;
 
 #if defined(HAVE_ECH)
-    if (ssl->ctx->echConfigs != NULL) {
+    if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
         /* save the start of the buffer so we can use it when parsing ech */
         echX = TLSX_Find(ssl->extensions, TLSX_ECH);
 
         if (echX == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 
         ((WOLFSSL_ECH*)echX->data)->aad = input + HANDSHAKE_HEADER_SZ;
         ((WOLFSSL_ECH*)echX->data)->aadLen = helloSz;
@@ -7404,11 +7421,11 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
 #endif /* WOLFSSL_DTLS13 */
         {
 #if defined(HAVE_ECH)
-            if (ssl->ctx->echConfigs != NULL) {
+            if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
                 echX = TLSX_Find(ssl->extensions, TLSX_ECH);
 
                 if (echX == NULL)
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
 
                 /* replace the last 8 bytes of server random with the accept */
                 if (((WOLFSSL_ECH*)echX->data)->state == ECH_PARSED_INTERNAL) {
@@ -8459,12 +8476,13 @@ static int SendTls13Certificate(WOLFSSL* ssl)
     int    ret = 0;
     word32 certSz, certChainSz, headerSz, listSz, payloadSz;
     word16 extSz = 0;
-    word32 length, maxFragment;
+    word32 maxFragment;
     word32 len = 0;
     word32 idx = 0;
     word32 offset = OPAQUE16_LEN;
     byte*  p = NULL;
     byte   certReqCtxLen = 0;
+    sword32 length;
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
     byte*  certReqCtx = NULL;
 #endif
@@ -8510,7 +8528,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         listSz = 0;
     }
     else {
-        if (!ssl->buffers.certificate) {
+        if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer) {
             WOLFSSL_MSG("Send Cert missing certificate buffer");
             return NO_CERT_ERROR;
         }
@@ -8601,7 +8619,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
 #endif /* WOLFSSL_DTLS13 */
         }
         else {
-            fragSz = min(length, maxFragment);
+            fragSz = min((word32)length, maxFragment);
             sendSz += fragSz;
         }
 
@@ -8722,7 +8740,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         }
     }
 
-    if (ret != WANT_WRITE) {
+    if (ret != WC_NO_ERR_TRACE(WANT_WRITE)) {
         /* Clean up the fragment offset. */
         ssl->options.buildingMsg = 0;
         ssl->fragOffset = 0;
@@ -8759,6 +8777,10 @@ typedef struct Scv13Args {
     byte   sigAlgo;
     byte*  sigData;
     word16 sigDataSz;
+#ifndef NO_RSA
+    byte*  toSign; /* not allocated */
+    word32 toSignSz;
+#endif
 #ifdef WOLFSSL_DUAL_ALG_CERTS
     byte   altSigAlgo;
     word32 altSigLen;    /* Only used in the case of both native and alt. */
@@ -8918,7 +8940,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             if (ssl->buffers.key == NULL) {
             #ifdef HAVE_PK_CALLBACKS
                 if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
-                    args->length = (word16)GetPrivateKeySigSize(ssl);
+                    args->sigLen = (word16)GetPrivateKeySigSize(ssl);
                 else
             #endif
                     ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
@@ -9313,7 +9335,17 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
         #endif /* HAVE_DILITHIUM */
         #ifndef NO_RSA
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
-                ret = RsaSign(ssl, rsaSigBuf->buffer, (word32)rsaSigBuf->length,
+                args->toSign = rsaSigBuf->buffer;
+                args->toSignSz = (word32)rsaSigBuf->length;
+            #if defined(HAVE_PK_CALLBACKS) && \
+                defined(TLS13_RSA_PSS_SIGN_CB_NO_PREHASH)
+                /* Pass full data to sign (args->sigData), not hash of */
+                if (ssl->ctx->RsaPssSignCb) {
+                    args->toSign = args->sigData;
+                    args->toSignSz = args->sigDataSz;
+                }
+            #endif
+                ret = RsaSign(ssl, (const byte*)args->toSign, args->toSignSz,
                               sigOut, &args->sigLen, args->sigAlgo,
                               ssl->options.hashAlgo, (RsaKey*)ssl->hsKey,
                               ssl->buffers.key);
@@ -9357,10 +9389,20 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             #endif /* HAVE_ECC */
             #ifndef NO_RSA
                 if (ssl->hsAltType == DYNAMIC_TYPE_RSA) {
-                    ret = RsaSign(ssl, rsaSigBuf->buffer,
-                                  (word32)rsaSigBuf->length, sigOut,
-                                  &args->altSigLen, args->altSigAlgo,
-                                  ssl->options.hashAlgo, (RsaKey*)ssl->hsAltKey,
+                    args->toSign = rsaSigBuf->buffer;
+                    args->toSignSz = (word32)rsaSigBuf->length;
+                #if defined(HAVE_PK_CALLBACKS) && \
+                    defined(TLS13_RSA_PSS_SIGN_CB_NO_PREHASH)
+                    /* Pass full data to sign (args->altSigData), not hash of */
+                    if (ssl->ctx->RsaPssSignCb) {
+                        args->toSign = args->altSigData;
+                        args->toSignSz = (word32)args->altSigDataSz;
+                    }
+                #endif
+                    ret = RsaSign(ssl, (const byte*)args->toSign,
+                                  args->toSignSz, sigOut, &args->altSigLen,
+                                  args->altSigAlgo, ssl->options.hashAlgo,
+                                  (RsaKey*)ssl->hsAltKey,
                                   ssl->buffers.altKey);
 
                     if (ret == 0) {
@@ -10903,7 +10945,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
         dtlsRet = Dtls13HandshakeSend(ssl, output, (word16)outputSz,
             (word16)(Dtls13GetRlHeaderLength(ssl, 1) + headerSz + finishedSz), finished,
             1);
-        if (dtlsRet != 0 && dtlsRet != WANT_WRITE)
+        if (dtlsRet != 0 && dtlsRet != WC_NO_ERR_TRACE(WANT_WRITE))
             return ret;
 
     } else
@@ -11141,7 +11183,7 @@ static int SendTls13KeyUpdate(WOLFSSL* ssl)
         ret = SendBuffered(ssl);
 
 
-        if (ret != 0 && ret != WANT_WRITE)
+        if (ret != 0 && ret != WC_NO_ERR_TRACE(WANT_WRITE))
             return ret;
     }
 
@@ -12347,7 +12389,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 {
     int ret = 0, tmp;
     word32 inIdx = *inOutIdx;
-    int alertType = invalid_alert;
+    int alertType;
 #if defined(HAVE_ECH)
     TLSX* echX = NULL;
     word32 echInOutIdx;
@@ -12932,7 +12974,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* do not send buffered or advance state if last error was an
             async pending operation */
-        && ssl->error != WC_PENDING_E
+        && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
         if ((ret = SendBuffered(ssl)) == 0) {
@@ -13086,6 +13128,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
         case HELLO_AGAIN_REPLY:
             /* Get the response/s from the server. */
             while (ssl->options.serverState < SERVER_FINISHED_COMPLETE) {
+#ifdef WOLFSSL_DTLS13
+                if (!IsAtLeastTLSv1_3(ssl->version)) {
+        #ifndef WOLFSSL_NO_TLS12
+                    if (ssl->options.downgrade)
+                        return wolfSSL_connect(ssl);
+        #endif
+                }
+#endif /* WOLFSSL_DTLS13 */
                 if ((ssl->error = ProcessReply(ssl)) < 0) {
                         WOLFSSL_ERROR(ssl->error);
                         return WOLFSSL_FATAL_ERROR;
@@ -13606,7 +13656,7 @@ int wolfSSL_update_keys(WOLFSSL* ssl)
 {
     int ret;
     ret = Tls13UpdateKeys(ssl);
-    if (ret == WANT_WRITE)
+    if (ret == WC_NO_ERR_TRACE(WANT_WRITE))
         ret = WOLFSSL_ERROR_WANT_WRITE;
     else if (ret == 0)
         ret = WOLFSSL_SUCCESS;
@@ -13707,7 +13757,7 @@ int wolfSSL_request_certificate(WOLFSSL* ssl)
     ssl->msgsReceived.got_finished = 0;
 
     ret = SendTls13CertificateRequest(ssl, &certReqCtx->ctx, certReqCtx->len);
-    if (ret == WANT_WRITE)
+    if (ret == WC_NO_ERR_TRACE(WANT_WRITE))
         ret = WOLFSSL_ERROR_WANT_WRITE;
     else if (ret == 0)
         ret = WOLFSSL_SUCCESS;
@@ -14062,7 +14112,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* do not send buffered or advance state if last error was an
             async pending operation */
-        && ssl->error != WC_PENDING_E
+        && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
 
@@ -14674,7 +14724,7 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
         ret = ReceiveData(ssl, (byte*)data, sz, FALSE);
         if (ret > 0)
             *outSz = ret;
-        if (ssl->error == ZERO_RETURN) {
+        if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
             ssl->error = WOLFSSL_ERROR_NONE;
 #ifdef WOLFSSL_DTLS13
             if (ssl->options.dtls) {
diff --git a/src/wolfio.c b/src/wolfio.c
index 52e61a55ed..a36ff53bd6 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -1,6 +1,6 @@
 /* wolfio.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,6 +41,11 @@
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfio.h>
 
+#ifdef NUCLEUS_PLUS_2_3
+/* Holds last Nucleus networking error number */
+int Nucleus_Net_Errno;
+#endif
+
 #if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
     #ifndef USE_WINDOWS_API
         #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
@@ -131,68 +136,65 @@ Possible IO enable options:
 
 #if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
 
-/* Translates return codes returned from
- * send() and recv() if need be.
- */
-static WC_INLINE int TranslateReturnCode(int old, int sd)
+static WC_INLINE int wolfSSL_LastError(int err, SOCKET_T sd)
 {
     (void)sd;
 
-#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
-    if (old == 0) {
-        errno = SOCKET_EWOULDBLOCK;
-        return -1;  /* convert to BSD style wouldblock as error */
-    }
-
-    if (old < 0) {
-        errno = RTCS_geterror(sd);
-        if (errno == RTCSERR_TCP_CONN_CLOSING)
-            return 0;   /* convert to BSD style closing */
-        if (errno == RTCSERR_TCP_CONN_RLSD)
-            errno = SOCKET_ECONNRESET;
-        if (errno == RTCSERR_TCP_TIMED_OUT)
-            errno = SOCKET_EAGAIN;
-    }
-#elif defined(WOLFSSL_EMNET)
-    if (old < 0) { /* SOCKET_ERROR */
-        /* Get the real socket error */
-        IP_SOCK_getsockopt(sd, SOL_SOCKET, SO_ERROR, &old, (int)sizeof(old));
-    }
-#endif
-
-    return old;
-}
-
-static WC_INLINE int wolfSSL_LastError(int err)
-{
-    (void)err; /* Suppress unused arg */
+    if (err > 0)
+        return 0;
 
 #ifdef USE_WINDOWS_API
     return WSAGetLastError();
 #elif defined(EBSNET)
     return xn_getlasterror();
 #elif defined(WOLFSSL_LINUXKM) || defined(WOLFSSL_EMNET)
-    return err; /* Return provided error value */
+    return -err; /* Return provided error value with corrected sign. */
 #elif defined(FUSION_RTOS)
     #include <fclerrno.h>
     return FCL_GET_ERRNO;
+#elif defined(NUCLEUS_PLUS_2_3)
+    return Nucleus_Net_Errno;
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+    if ((err == 0) || (err == -SOCKET_EWOULDBLOCK)) {
+        return SOCKET_EWOULDBLOCK; /* convert to BSD style wouldblock */
+    } else {
+        err = RTCS_geterror(sd);
+        if ((err == RTCSERR_TCP_CONN_CLOSING) ||
+            (err == RTCSERR_TCP_CONN_RLSD))
+        {
+            err = SOCKET_ECONNRESET;
+        }
+        return err;
+    }
+#elif defined(WOLFSSL_EMNET)
+    /* Get the real socket error */
+    IP_SOCK_getsockopt(sd, SOL_SOCKET, SO_ERROR, &err, (int)sizeof(old));
+    return err;
 #else
     return errno;
 #endif
 }
 
-static int TranslateIoError(int err)
+/* Translates return codes returned from
+ * send(), recv(), and other network I/O calls.
+ */
+static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
 {
 #ifdef  _WIN32
     size_t errstr_offset;
     char errstr[WOLFSSL_STRERROR_BUFFER_SIZE];
 #endif /* _WIN32 */
 
-
+#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
     if (err > 0)
         return err;
+#else
+    if (err >= 0)
+        return err;
+#endif
+
+    err = wolfSSL_LastError(err, sd);
 
-    err = wolfSSL_LastError(err);
 #if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN
     if ((err == SOCKET_EWOULDBLOCK) || (err == SOCKET_EAGAIN))
 #else
@@ -200,8 +202,26 @@ static int TranslateIoError(int err)
 #endif
     {
         WOLFSSL_MSG("\tWould block");
-        return WOLFSSL_CBIO_ERR_WANT_READ;
+        if (direction == SOCKET_SENDING)
+            return WOLFSSL_CBIO_ERR_WANT_WRITE;
+        else if (direction == SOCKET_RECEIVING)
+            return WOLFSSL_CBIO_ERR_WANT_READ;
+        else
+            return WOLFSSL_CBIO_ERR_GENERAL;
+    }
+
+#ifdef SOCKET_ETIMEDOUT
+    else if (err == SOCKET_ETIMEDOUT) {
+        WOLFSSL_MSG("\tTimed out");
+        if (direction == SOCKET_SENDING)
+            return WOLFSSL_CBIO_ERR_WANT_WRITE;
+        else if (direction == SOCKET_RECEIVING)
+            return WOLFSSL_CBIO_ERR_WANT_READ;
+        else
+            return WOLFSSL_CBIO_ERR_TIMEOUT;
     }
+#endif
+
     else if (err == SOCKET_ECONNRESET) {
         WOLFSSL_MSG("\tConnection reset");
         return WOLFSSL_CBIO_ERR_CONN_RST;
@@ -239,56 +259,58 @@ static int TranslateIoError(int err)
 
 #ifdef OPENSSL_EXTRA
 #ifndef NO_BIO
-/* Use the WOLFSSL read BIO for receiving data. This is set by the function
- * wolfSSL_set_bio and can also be set by wolfSSL_CTX_SetIORecv.
- *
- * ssl  WOLFSSL struct passed in that has this function set as the receive
- *      callback.
- * buf  buffer to fill with data read
- * sz   size of buf buffer
- * ctx  a user set context
- *
- * returns the amount of data read or want read. See WOLFSSL_CBIO_ERR_* values.
- */
+
+int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+{
+    return SslBioSend(ssl, buf, sz, ctx);
+}
+
 int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 {
-    int recvd = WOLFSSL_CBIO_ERR_GENERAL;
+    return SslBioReceive(ssl, buf, sz, ctx);
+}
 
-    WOLFSSL_ENTER("BioReceive");
+int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr, char* buf,
+                       int sz)
+{
+    int recvd = WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL);
 
-    if (ssl->biord == NULL) {
+    WOLFSSL_ENTER("SslBioReceive");
+
+    if (biord == NULL) {
         WOLFSSL_MSG("WOLFSSL biord not set");
         return WOLFSSL_CBIO_ERR_GENERAL;
     }
 
-    recvd = wolfSSL_BIO_read(ssl->biord, buf, sz);
+    recvd = wolfSSL_BIO_read(biord, buf, sz);
     if (recvd <= 0) {
         if (/* ssl->biowr->wrIdx is checked for Bind9 */
-            wolfSSL_BIO_method_type(ssl->biowr) == WOLFSSL_BIO_BIO &&
-            wolfSSL_BIO_wpending(ssl->biowr) != 0 &&
+            wolfSSL_BIO_method_type(biowr) == WOLFSSL_BIO_BIO &&
+            wolfSSL_BIO_wpending(biowr) != 0 &&
             /* Not sure this pending check is necessary but let's double
              * check that the read BIO is empty before we signal a write
              * need */
-            wolfSSL_BIO_supports_pending(ssl->biord) &&
-            wolfSSL_BIO_ctrl_pending(ssl->biord) == 0) {
+            wolfSSL_BIO_supports_pending(biord) &&
+            wolfSSL_BIO_ctrl_pending(biord) == 0) {
             /* Let's signal to the app layer that we have
              * data pending that needs to be sent. */
             return WOLFSSL_CBIO_ERR_WANT_WRITE;
         }
-        else if (ssl->biord->type == WOLFSSL_BIO_SOCKET) {
+        else if (biord->type == WOLFSSL_BIO_SOCKET) {
             if (recvd == 0) {
-                WOLFSSL_MSG("BioReceive connection closed");
+                WOLFSSL_MSG("SslBioReceive connection closed");
                 return WOLFSSL_CBIO_ERR_CONN_CLOSE;
             }
         #ifdef USE_WOLFSSL_IO
-            recvd = TranslateIoError(recvd);
+            recvd = TranslateIoReturnCode(recvd, biord->num.fd,
+                                          SOCKET_RECEIVING);
         #endif
             return recvd;
         }
 
         /* If retry and read flags are set, return WANT_READ */
-        if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_READ) &&
-            (ssl->biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
+        if ((biord->flags & WOLFSSL_BIO_FLAG_READ) &&
+            (biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
             return WOLFSSL_CBIO_ERR_WANT_READ;
         }
 
@@ -296,10 +318,27 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
         return WOLFSSL_CBIO_ERR_GENERAL;
     }
 
-    (void)ctx;
     return recvd;
 }
 
+/* Use the WOLFSSL read BIO for receiving data. This is set by the function
+ * wolfSSL_set_bio and can also be set by wolfSSL_CTX_SetIORecv.
+ *
+ * ssl  WOLFSSL struct passed in that has this function set as the receive
+ *      callback.
+ * buf  buffer to fill with data read
+ * sz   size of buf buffer
+ * ctx  a user set context
+ *
+ * returns the amount of data read or want read. See WOLFSSL_CBIO_ERR_* values.
+ */
+int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+    WOLFSSL_ENTER("SslBioReceive");
+    (void)ctx;
+    return BioReceiveInternal(ssl->biord, ssl->biowr, buf, sz);
+}
+
 
 /* Use the WOLFSSL write BIO for sending data. This is set by the function
  * wolfSSL_set_bio and can also be set by wolfSSL_CTX_SetIOSend.
@@ -311,11 +350,11 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
  *
  * returns the amount of data sent or want send. See WOLFSSL_CBIO_ERR_* values.
  */
-int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
 {
-    int sent = WOLFSSL_CBIO_ERR_GENERAL;
+    int sent = WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL);
 
-    WOLFSSL_ENTER("BioSend");
+    WOLFSSL_ENTER("SslBioSend");
 
     if (ssl->biowr == NULL) {
         WOLFSSL_MSG("WOLFSSL biowr not set");
@@ -326,7 +365,8 @@ int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
     if (sent <= 0) {
         if (ssl->biowr->type == WOLFSSL_BIO_SOCKET) {
         #ifdef USE_WOLFSSL_IO
-            sent = TranslateIoError(sent);
+            sent = TranslateIoReturnCode(sent, ssl->biowr->num.fd,
+                                         SOCKET_SENDING);
         #endif
             return sent;
         }
@@ -370,7 +410,6 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
     recvd = wolfIO_Recv(sd, buf, sz, ssl->rflags);
     if (recvd < 0) {
         WOLFSSL_MSG("Embed Receive error");
-        return TranslateIoError(recvd);
     }
     else if (recvd == 0) {
         WOLFSSL_MSG("Embed receive connection closed");
@@ -400,7 +439,6 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
     sent = wolfIO_Send(sd, buf, sz, ssl->wflags);
     if (sent < 0) {
         WOLFSSL_MSG("Embed Send error");
-        return TranslateIoError(sent);
     }
 
     return sent;
@@ -411,6 +449,110 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
 
 #include <wolfssl/wolfcrypt/sha.h>
 
+#if defined(NUCLEUS_PLUS_2_3)
+STATIC INT32 nucyassl_recv(INT sd, CHAR *buf, UINT16 sz, INT16 flags)
+{
+    int recvd;
+
+    /* Read data from socket */
+    recvd = NU_Recv(sd, buf, sz, flags);
+    if (recvd < 0) {
+        if (recvd == NU_NOT_CONNECTED) {
+            recvd = 0;
+        } else {
+            Nucleus_Net_Errno = recvd;
+            recvd = WOLFSSL_FATAL_ERROR;
+        }
+    } else {
+        Nucleus_Net_Errno = 0;
+    }
+
+    return (recvd);
+}
+
+
+STATIC int nucyassl_send(INT sd, CHAR *buf, UINT16 sz, INT16 flags)
+{
+    int sent;
+
+    /* Write data to socket */
+    sent = NU_Send(sd, buf, sz, flags);
+
+    if (sent < 0) {
+        Nucleus_Net_Errno = sent;
+        sent = WOLFSSL_FATAL_ERROR;
+    } else {
+        Nucleus_Net_Errno = 0;
+    }
+
+    return sent;
+}
+
+#define SELECT_FUNCTION     nucyassl_select
+
+int nucyassl_select(INT sd, UINT32 timeout)
+{
+    FD_SET readfs;
+    STATUS status;
+
+    /* Init fs data for socket */
+    NU_FD_Init(&readfs);
+    NU_FD_Set(sd, &readfs);
+
+    /* Wait for data to arrive */
+    status = NU_Select((sd + 1), &readfs, NU_NULL, NU_NULL,
+                            (timeout * NU_TICKS_PER_SECOND));
+
+    if (status < 0) {
+        Nucleus_Net_Errno = status;
+        status = WOLFSSL_FATAL_ERROR;
+    }
+
+    return status;
+}
+
+#define sockaddr_storage    addr_struct
+#define sockaddr            addr_struct
+
+STATIC INT32 nucyassl_recvfrom(INT sd, CHAR *buf, UINT16 sz, INT16 flags,
+                              SOCKADDR *peer, XSOCKLENT *peersz)
+{
+    int recvd;
+
+    memset(peer, 0, sizeof(struct addr_struct));
+
+    recvd = NU_Recv_From(sd, buf, sz, flags, (struct addr_struct *) peer,
+                            (INT16*) peersz);
+    if (recvd < 0) {
+        Nucleus_Net_Errno = recvd;
+        recvd = WOLFSSL_FATAL_ERROR;
+    } else {
+        Nucleus_Net_Errno = 0;
+    }
+
+    return recvd;
+
+}
+
+STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags,
+                          const SOCKADDR *peer, INT16 peersz)
+{
+    int sent;
+
+    sent = NU_Send_To(sd, buf, sz, flags, (const struct addr_struct *) peer,
+                            peersz);
+
+    if (sent < 0) {
+        Nucleus_Net_Errno = sent;
+        sent = WOLFSSL_FATAL_ERROR;
+    } else {
+        Nucleus_Net_Errno = 0;
+    }
+
+    return sent;
+}
+#endif /* NUCLEUS_PLUS_2_3 */
+
 #ifndef DTLS_SENDTO_FUNCTION
     #define DTLS_SENDTO_FUNCTION sendto
 #endif
@@ -635,12 +777,11 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
                 peerSz = (XSOCKLENT)dtlsCtx->peer.bufSz;
         }
 
-        recvd = TranslateReturnCode(recvd, sd);
+        recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING);
 
         if (recvd < 0) {
             WOLFSSL_MSG("Embed Receive From error");
-            recvd = TranslateIoError(recvd);
-            if (recvd == WOLFSSL_CBIO_ERR_WANT_READ &&
+            if (recvd == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) &&
                 !wolfSSL_dtls_get_using_nonblock(ssl)) {
                 recvd = WOLFSSL_CBIO_ERR_TIMEOUT;
             }
@@ -724,11 +865,10 @@ int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
     sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, ssl->wflags,
             (const SOCKADDR*)peer, peerSz);
 
-    sent = TranslateReturnCode(sent, sd);
+    sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING);
 
     if (sent < 0) {
         WOLFSSL_MSG("Embed Send To error");
-        return TranslateIoError(sent);
     }
 
     return sent;
@@ -750,16 +890,14 @@ int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 
     recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, ssl->rflags, NULL, NULL);
 
-    recvd = TranslateReturnCode(recvd, sd);
+    recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING);
 
     if (recvd < 0) {
         WOLFSSL_MSG("Embed Receive From error");
-        recvd = TranslateIoError(recvd);
-        if (recvd == WOLFSSL_CBIO_ERR_WANT_READ &&
+        if (recvd == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) &&
             !wolfSSL_dtls_get_using_nonblock(ssl)) {
             recvd = WOLFSSL_CBIO_ERR_TIMEOUT;
         }
-        return recvd;
     }
 
     return recvd;
@@ -987,7 +1125,7 @@ int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags)
     int recvd;
 
     recvd = (int)RECV_FUNCTION(sd, buf, (size_t)sz, rdFlags);
-    recvd = TranslateReturnCode(recvd, (int)sd);
+    recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING);
 
     return recvd;
 }
@@ -997,11 +1135,41 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
     int sent;
 
     sent = (int)SEND_FUNCTION(sd, buf, (size_t)sz, wrFlags);
-    sent = TranslateReturnCode(sent, (int)sd);
+    sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING);
+
+    return sent;
+}
+
+#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA)
+
+int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags)
+{
+    int recvd;
+    socklen_t addr_len = (socklen_t)sizeof(*addr);
+
+    recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, rdFlags,
+                                            addr ? &addr->sa : NULL,
+                                            addr ? &addr_len : 0);
+    recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING);
+
+    return recvd;
+}
+
+int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags)
+{
+    int sent;
+    socklen_t addr_len = addr ? wolfSSL_BIO_ADDR_size(addr) : 0;
+
+    sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, wrFlags,
+                                         addr ? &addr->sa : NULL,
+                                         addr_len);
+    sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING);
 
     return sent;
 }
 
+#endif /* WOLFSSL_HAVE_BIO_ADDR && WOLFSSL_DTLS && OPENSSL_EXTRA */
+
 #endif /* USE_WOLFSSL_IO */
 
 
@@ -1030,7 +1198,7 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
         unsigned long blocking = non_blocking;
         ret = ioctlsocket(sockfd, FIONBIO, &blocking);
         if (ret == SOCKET_ERROR)
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
     #else
         ret = fcntl(sockfd, F_GETFL, 0);
         if (ret >= 0) {
@@ -1060,7 +1228,7 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
 
         if ((sockfd < 0) || (sockfd >= FD_SETSIZE)) {
             WOLFSSL_MSG("socket fd out of FDSET range");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #endif
 
@@ -1146,7 +1314,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 #endif /* HAVE_SOCKADDR */
 
     if (sockfd == NULL || ip == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #if !defined(HAVE_GETADDRINFO)
@@ -1175,12 +1343,12 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 
     if (wolfIO_Word16ToString(strPort, port) == 0) {
         WOLFSSL_MSG("invalid port number for responder");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) {
         WOLFSSL_MSG("no addr info for responder");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     sockaddr_len = answer->ai_addrlen;
@@ -1244,7 +1412,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
         }
         else {
             WOLFSSL_MSG("no addr info for responder");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 #else
@@ -1284,7 +1452,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 
     if (entry == NULL) {
         WOLFSSL_MSG("no addr info for responder");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -1297,7 +1465,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     {
         WOLFSSL_MSG("bad socket fd, out of fds?");
         *sockfd = SOCKET_INVALID;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef HAVE_IO_TIMEOUT
@@ -1313,7 +1481,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 #ifdef HAVE_IO_TIMEOUT
     if ((ret != 0) && (to_sec > 0)) {
 #ifdef USE_WINDOWS_API
-        if ((ret == SOCKET_ERROR) && (wolfSSL_LastError(ret) == WSAEWOULDBLOCK))
+        if ((ret == SOCKET_ERROR) &&
+            (wolfSSL_LastError(ret, *sockfd) == SOCKET_EWOULDBLOCK))
 #else
         if (errno == EINPROGRESS)
 #endif
@@ -1330,7 +1499,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
         WOLFSSL_MSG("Responder tcp connect failed");
         CloseSocket(*sockfd);
         *sockfd = SOCKET_INVALID;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     return ret;
 #else
@@ -1338,7 +1507,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     (void)ip;
     (void)port;
     (void)to_sec;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 #endif /* HAVE_SOCKADDR */
 }
 
@@ -1351,7 +1520,7 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port)
     SOCKADDR_IN *sin = (SOCKADDR_IN *)&addr;
 
     if (sockfd == NULL || port < 1) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     XMEMSET(&addr, 0, sizeof(addr));
@@ -1369,7 +1538,7 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port)
     {
         WOLFSSL_MSG("socket failed");
         *sockfd = SOCKET_INVALID;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
@@ -1390,14 +1559,14 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port)
         WOLFSSL_MSG("wolfIO_TcpBind failed");
         CloseSocket(*sockfd);
         *sockfd = SOCKET_INVALID;
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
 #else
     (void)sockfd;
     (void)port;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 #endif /* HAVE_SOCKADDR */
 }
 
@@ -1477,7 +1646,7 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
             }
 
             for (j = 0; j < i; j++) {
-                if (port[j] < '0' || port[j] > '9') return -1;
+                if (port[j] < '0' || port[j] > '9') return WOLFSSL_FATAL_ERROR;
                 bigPort = (bigPort * 10) + (word32)(port[j] - '0');
             }
             if (outPort)
@@ -1508,8 +1677,9 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
     return result;
 }
 
-static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
-    int* recvBufSz, int chunkSz, char* start, int len, int dynType, void* heap)
+static int wolfIO_HttpProcessResponseBuf(WolfSSLGenericIORecvCb ioCb,
+    void* ioCbCtx, byte **recvBuf, int* recvBufSz, int chunkSz, char* start,
+    int len, int dynType, void* heap)
 {
     byte* newRecvBuf = NULL;
     int newRecvSz = *recvBufSz + chunkSz;
@@ -1556,13 +1726,13 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
         else {
             WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf bad size");
             XFREE(newRecvBuf, heap, dynType);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
     /* receive the remainder of chunk */
     while (len < chunkSz) {
-        int rxSz = wolfIO_Recv(sfd, (char*)&newRecvBuf[pos], chunkSz-len, 0);
+        int rxSz = ioCb((char*)&newRecvBuf[pos], chunkSz-len, ioCbCtx);
         if (rxSz > 0) {
             len += rxSz;
             pos += rxSz;
@@ -1570,7 +1740,7 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
         else {
             WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf recv failed");
             XFREE(newRecvBuf, heap, dynType);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -1580,8 +1750,9 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
     return 0;
 }
 
-int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
-    byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
+int wolfIO_HttpProcessResponseGenericIO(WolfSSLGenericIORecvCb ioCb,
+    void* ioCbCtx, const char** appStrList, unsigned char** respBuf,
+    unsigned char* httpBuf, int httpBufSz, int dynType, void* heap)
 {
     static const char HTTP_PROTO[] = "HTTP/1.";
     static const char HTTP_STATUS_200[] = "200";
@@ -1602,8 +1773,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
     do {
         if (state == phr_get_chunk_data) {
             /* get chunk of data */
-            result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz,
-                chunkSz, start, len, dynType, heap);
+            result = wolfIO_HttpProcessResponseBuf(ioCb, ioCbCtx, respBuf,
+                &respBufSz, chunkSz, start, len, dynType, heap);
 
             state = (result != 0) ? phr_http_end : phr_get_chunk_len;
             end = NULL;
@@ -1617,16 +1788,14 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
                                       * can.
                                       */
             }
-            result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
+            result = ioCb((char*)httpBuf+len, httpBufSz-len-1, ioCbCtx);
             if (result > 0) {
                 len += result;
                 start = (char*)httpBuf;
                 start[len] = 0;
             }
             else {
-                result = TranslateReturnCode(result, sfd);
-                result = wolfSSL_LastError(result);
-                if (result == SOCKET_EWOULDBLOCK || result == SOCKET_EAGAIN) {
+                if (result == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
                     return OCSP_WANT_READ;
                 }
 
@@ -1745,8 +1914,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
     } while (state != phr_http_end);
 
     if (!isChunked) {
-        result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz, chunkSz,
-                                                    start, len, dynType, heap);
+        result = wolfIO_HttpProcessResponseBuf(ioCb, ioCbCtx, respBuf,
+                &respBufSz, chunkSz, start, len, dynType, heap);
     }
 
     if (result >= 0) {
@@ -1758,6 +1927,22 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
 
     return result;
 }
+
+static int httpResponseIoCb(char* buf, int sz, void* ctx)
+{
+    /* Double cast to silence the compiler int/pointer width msg */
+    return wolfIO_Recv((SOCKET_T)(uintptr_t)ctx, buf, sz, 0);
+}
+
+int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
+    byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
+{
+    return wolfIO_HttpProcessResponseGenericIO(httpResponseIoCb,
+            /* Double cast to silence the compiler int/pointer width msg */
+            (void*)(uintptr_t)sfd, appStrList, respBuf, httpBuf, httpBufSz,
+            dynType, heap);
+}
+
 int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName,
                                const char *path, int pathLen, int reqSz, const char *contentType,
                                byte *buf, int bufSize)
@@ -1879,17 +2064,25 @@ int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path,
         ocspReqSz, "application/ocsp-request", cacheCtl, buf, bufSize);
 }
 
+static const char* ocspAppStrList[] = {
+    "application/ocsp-response",
+    NULL
+};
+
+WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO(
+    WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf,
+    unsigned char* httpBuf, int httpBufSz, void* heap)
+{
+    return wolfIO_HttpProcessResponseGenericIO(ioCb, ioCbCtx,
+          ocspAppStrList, respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap);
+}
+
 /* return: >0 OCSP Response Size
  *         -1 error */
 int wolfIO_HttpProcessResponseOcsp(int sfd, byte** respBuf,
                                        byte* httpBuf, int httpBufSz, void* heap)
 {
-    const char* appStrList[] = {
-        "application/ocsp-response",
-        NULL
-    };
-
-    return wolfIO_HttpProcessResponse(sfd, appStrList,
+    return wolfIO_HttpProcessResponse(sfd, ocspAppStrList,
         respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap);
 }
 
@@ -1976,8 +2169,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
 /* in default callback ctx is heap hint */
 void EmbedOcspRespFree(void* ctx, byte *resp)
 {
-    if (resp)
-        XFREE(resp, ctx, DYNAMIC_TYPE_OCSP);
+    XFREE(resp, ctx, DYNAMIC_TYPE_OCSP);
 
     (void)ctx;
 }
@@ -2862,7 +3054,7 @@ int uIPReceive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
 {
     uip_wolfssl_ctx *ctx = (uip_wolfssl_ctx *)_ctx;
     if (!ctx || !ctx->ssl_rx_databuf)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     (void)ssl;
     if (ctx->ssl_rb_len > 0) {
         if (sz > ctx->ssl_rb_len - ctx->ssl_rb_off)
@@ -3014,7 +3206,7 @@ int LwIPNativeSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 
     ret = tcp_write(nlwip->pcb, buf, sz, TCP_WRITE_FLAG_COPY);
     if (ret != ERR_OK) {
-        sz = -1;
+        sz = WOLFSSL_FATAL_ERROR;
     }
 
     return sz;
diff --git a/src/x509.c b/src/x509.c
index 72a4f37ece..759e1fc6f1 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -1,6 +1,6 @@
 /* x509.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -362,71 +362,9 @@ WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void)
  * OpenSSL. */
 int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext)
 {
-    WOLFSSL_STACK* node;
-
     WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_push");
 
-    if (sk == NULL || ext == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-
-    /* no previous values in stack */
-    if (sk->data.ext == NULL) {
-        sk->data.ext = ext;
-        sk->num += 1;
-        return (int)sk->num;
-    }
-
-    /* stack already has value(s) create a new node and add more */
-    node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
-                                                             DYNAMIC_TYPE_X509);
-    if (node == NULL) {
-        WOLFSSL_MSG("Memory error");
-        return WOLFSSL_FAILURE;
-    }
-    XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
-
-    /* push new obj onto head of stack */
-    node->data.ext  = sk->data.ext;
-    node->next      = sk->next;
-    node->type      = sk->type;
-    sk->next        = node;
-    sk->data.ext    = ext;
-    sk->num        += 1;
-
-    return (int)sk->num;
-}
-
-/* Free the structure for X509_EXTENSION stack
- *
- * sk  stack to free nodes in
- */
-void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk)
-{
-    WOLFSSL_STACK* node;
-
-    WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_free");
-
-    if (sk == NULL) {
-        return;
-    }
-
-    /* parse through stack freeing each node */
-    node = sk->next;
-    while ((node != NULL) && (sk->num > 1)) {
-        WOLFSSL_STACK* tmp = node;
-        node = node->next;
-
-        wolfSSL_X509_EXTENSION_free(tmp->data.ext);
-        XFREE(tmp, NULL, DYNAMIC_TYPE_X509);
-        sk->num -= 1;
-    }
-
-    /* free head of stack */
-    if (sk->num == 1) {
-        wolfSSL_X509_EXTENSION_free(sk->data.ext);
-    }
-    XFREE(sk, NULL, DYNAMIC_TYPE_X509);
+    return wolfSSL_sk_push(sk, ext);
 }
 
 static WOLFSSL_STACK* generateExtStack(const WOLFSSL_X509 *x)
@@ -523,22 +461,22 @@ int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
 
     if (!x || !obj) {
         WOLFSSL_MSG("Bad parameter");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     sk = wolfSSL_X509_get0_extensions(x);
     if (!sk) {
         WOLFSSL_MSG("No extensions");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     lastpos++;
     if (lastpos < 0)
         lastpos = 0;
     for (; lastpos < wolfSSL_sk_num(sk); lastpos++)
-        if (wolfSSL_OBJ_cmp((WOLFSSL_ASN1_OBJECT*)wolfSSL_sk_value(sk,
-                        lastpos), obj) == 0)
+        if (wolfSSL_OBJ_cmp(wolfSSL_sk_X509_EXTENSION_value(sk,
+                        lastpos)->obj, obj) == 0)
             return lastpos;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA */
@@ -556,10 +494,10 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
     WOLFSSL_GENERAL_NAME* gn)
 {
     int ret = 0;
-    WOLFSSL_ASN1_OBJECT* obj;
-    WOLFSSL_ASN1_TYPE* type;
-    WOLFSSL_ASN1_STRING* str;
-    byte tag;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_TYPE* type = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+    byte tag = 0;
     unsigned char* p = (unsigned char *)dns->name;
     long len = dns->len;
 
@@ -594,7 +532,7 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
             goto err;
         }
 
-        tag = ASN_UTF8STRING;
+        tag = V_ASN1_UTF8STRING;
     }
     else
 #endif
@@ -604,39 +542,23 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
 
         /* Create an object id for general name from DER encoding. */
         obj = wolfSSL_d2i_ASN1_OBJECT(NULL, (const unsigned char**)&p, len);
-        if (obj == NULL) {
+        if (obj == NULL)
             goto err;
-        }
         /* Pointer moved on and now update length of remaining data. */
         len -= (long)((size_t)p - (size_t)dns->name);
 
-        /* Next is: [0]. Check tag and length. */
-        if (GetASNTag(p, &idx, &tag, (word32)len) < 0) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
-        if (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
-        if (GetLength(p, &idx, &nameLen, (word32)len) <= 1) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
-
-        /* Next is a string of some type. */
-        if (GetASNTag(p, &idx, &tag, (word32)len) < 0) {
-            wolfSSL_ASN1_OBJECT_free(obj);
+        /* Next is "value      [0] EXPLICIT ANY DEFINED BY type-id" */
+        if (GetASNHeader(p, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0,
+                &idx, &nameLen, (word32)len) < 0)
             goto err;
-        }
-        if (GetLength(p, &idx, &nameLen, (word32)len) <= 0) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
         p += idx;
         len -= idx;
+
+        /* Set the tag to object so that it gets output in raw form */
+        tag = V_ASN1_SEQUENCE;
     }
 
+
     /* Create a WOLFSSL_ASN1_STRING from the DER. */
     str = wolfSSL_ASN1_STRING_type_new(tag);
     if (str == NULL) {
@@ -647,11 +569,8 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
 
     /* Wrap string in a WOLFSSL_ASN1_TYPE. */
     type = wolfSSL_ASN1_TYPE_new();
-    if (type == NULL) {
-        wolfSSL_ASN1_OBJECT_free(obj);
-        wolfSSL_ASN1_STRING_free(str);
+    if (type == NULL)
         goto err;
-    }
     wolfSSL_ASN1_TYPE_set(type, tag, str);
 
     /* Store the object and string in general name. */
@@ -660,6 +579,10 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
 
     ret = 1;
 err:
+    if (ret != 1) {
+        wolfSSL_ASN1_OBJECT_free(obj);
+        wolfSSL_ASN1_STRING_free(str);
+    }
     return ret;
 }
 #endif /* OPENSSL_ALL || WOLFSSL_WPAS_SMALL */
@@ -722,7 +645,7 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
                 }
             }
 
-            if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) {
                 WOLFSSL_MSG("Error pushing onto stack");
                 wolfSSL_GENERAL_NAME_free(gn);
                 wolfSSL_sk_pop_free(sk, NULL);
@@ -917,11 +840,37 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
 
         switch (oid) {
             case BASIC_CA_OID:
+            {
+                word32 dataIdx = idx;
+                word32 dummyOid;
+                int dataLen = 0;
+
                 if (!isSet)
                     break;
                 /* Set pathlength */
                 a = wolfSSL_ASN1_INTEGER_new();
-                if (a == NULL) {
+
+                /* Set the data */
+                ret = GetObjectId(input, &dataIdx, &dummyOid, oidCertExtType,
+                        (word32)sz) == 0;
+                if (ret && dataIdx < (word32)sz) {
+                    /* Skip the critical information */
+                    if (input[dataIdx] == ASN_BOOLEAN) {
+                        dataIdx++;
+                        ret = GetLength(input, &dataIdx, &dataLen, sz) >= 0;
+                        dataIdx += dataLen;
+                    }
+                }
+                if (ret) {
+                    ret = GetOctetString(input, &dataIdx, &dataLen,
+                            (word32)sz) > 0;
+                }
+                if (ret) {
+                    ret = wolfSSL_ASN1_STRING_set(&ext->value, input + dataIdx,
+                            dataLen) == 1;
+                }
+
+                if (a == NULL || !ret) {
                     wolfSSL_X509_EXTENSION_free(ext);
                     FreeDecodedCert(cert);
                 #ifdef WOLFSSL_SMALL_STACK
@@ -937,7 +886,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                 ext->obj->ca = x509->isCa;
                 ext->crit = x509->basicConstCrit;
                 break;
-
+            }
             case AUTH_INFO_OID:
                 if (!isSet)
                     break;
@@ -976,7 +925,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                     obj->grp = oidCertAuthInfoType;
                     obj->nid = NID_ad_ca_issuers;
 
-                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj);
+                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0
+                            ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
                     if (ret != WOLFSSL_SUCCESS) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         wolfSSL_ASN1_OBJECT_free(obj);
@@ -1011,7 +961,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                     obj->grp = oidCertAuthInfoType;
                     obj->nid = NID_ad_OCSP;
 
-                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj);
+                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0
+                            ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
                     if (ret != WOLFSSL_SUCCESS) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         wolfSSL_ASN1_OBJECT_free(obj);
@@ -1067,7 +1018,9 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
             case CERT_POLICY_OID:
                 if (!isSet)
                     break;
+            #ifdef WOLFSSL_SEP
                 ext->crit = x509->certPolicyCrit;
+            #endif
                 break;
 
             case KEY_USAGE_OID:
@@ -1249,7 +1202,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
      */
     if (x509->ext_sk == NULL)
         x509->ext_sk = wolfSSL_sk_new_x509_ext();
-    if (wolfSSL_sk_X509_EXTENSION_push(x509->ext_sk, ext) == WOLFSSL_FAILURE) {
+    if (wolfSSL_sk_insert(x509->ext_sk, ext, -1) <= 0) {
         wolfSSL_X509_EXTENSION_free(ext);
         ext = NULL;
     }
@@ -1338,7 +1291,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
                 word32 len = 0;
 
                 len = SetOthername(gn->d.otherName, NULL);
-                if (len == WOLFSSL_FAILURE) {
+                if (len == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                     return WOLFSSL_FAILURE;
                 }
 
@@ -1354,7 +1307,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
                 ret = wolfSSL_X509_add_altname_ex(x509, buf, len,
                                                   ASN_OTHER_TYPE);
                 XFREE(buf, x509->heap, DYNAMIC_TYPE_X509_EXT);
-                if (ret == WOLFSSL_FAILURE) {
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                      WOLFSSL_MSG("wolfSSL_X509_add_altname_ex() failed");
                      return WOLFSSL_FAILURE;
                 }
@@ -1424,6 +1377,11 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         break;
     default:
 #ifdef WOLFSSL_CUSTOM_OID
+    {
+        char *oid = NULL;
+        byte *val = NULL;
+        int err = 0;
+
         if ((ext->obj == NULL) || (ext->value.length == 0)) {
             WOLFSSL_MSG("Extension has insufficient information.");
             return WOLFSSL_FAILURE;
@@ -1436,12 +1394,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         }
 
         /* This is a viable custom extension. */
-        char *oid = XMALLOC(MAX_OID_STRING_SZ, x509->heap,
-                            DYNAMIC_TYPE_X509_EXT);
-        byte *val = XMALLOC(ext->value.length, x509->heap,
-                            DYNAMIC_TYPE_X509_EXT);
-        int err = 0;
-
+        oid = (char*)XMALLOC(MAX_OID_STRING_SZ, x509->heap,
+            DYNAMIC_TYPE_X509_EXT);
+        val = (byte*)XMALLOC(ext->value.length, x509->heap,
+            DYNAMIC_TYPE_X509_EXT);
         if ((oid == NULL) || (val == NULL)) {
             WOLFSSL_MSG("Memory allocation failure.\n");
             err = 1;
@@ -1466,12 +1422,13 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         x509->custom_exts[x509->customExtCount].val = val;
         x509->custom_exts[x509->customExtCount].valSz = ext->value.length;
         x509->customExtCount++;
+        break;
+    }
 #else
         WOLFSSL_MSG("Unsupported extension to add");
         return WOLFSSL_FAILURE;
 #endif /* WOLFSSL_CUSTOM_OID */
-        break;
-    }
+    } /* switch (nid) */
 
     return WOLFSSL_SUCCESS;
 }
@@ -1485,7 +1442,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
     ASN1_OBJECT* obj;
     ASN1_STRING* str;
     int nid;
-    int rc = WOLFSSL_FAILURE;
+    int rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     char tmp[CTC_NAME_SIZE*2 + 1];
     const int tmpSz = sizeof(tmp);
     int tmpLen = 0;
@@ -1807,7 +1764,8 @@ static WOLFSSL_AUTHORITY_INFO_ACCESS* wolfssl_x509v3_ext_aia_d2i(
             break;
         }
         /* Push onto AUTHORITY_INFO_ACCESS stack. */
-        ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad);
+        ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad) > 0
+                ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         if (ret != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Error pushing ASN1 AD onto stack");
             err = 1;
@@ -2035,7 +1993,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
  * lastPos : Start search from extension after lastPos.
  *           Set to -1 to search from index 0.
  * return >= 0 If successful the extension index is returned.
- * return -1 If extension is not found or error is encountered.
+ * return WOLFSSL_FATAL_ERROR If extension is not found or error is encountered.
  */
 int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 {
@@ -2305,8 +2263,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                     }
 
                     dns = dns->next;
-                    if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) !=
-                                                      WOLFSSL_SUCCESS) {
+                    if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         goto err;
                     }
@@ -2361,13 +2318,13 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
 
                 /* push GENERAL_NAME onto fullname stack */
                 if (wolfSSL_sk_GENERAL_NAME_push(dp->distpoint->name.fullname,
-                                                 gn) != WOLFSSL_SUCCESS) {
+                                                 gn) <= 0) {
                     WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error");
                     goto err;
                 }
 
                 /* push DIST_POINT onto stack */
-                if (wolfSSL_sk_DIST_POINT_push(sk, dp) != WOLFSSL_SUCCESS) {
+                if (wolfSSL_sk_DIST_POINT_push(sk, dp) <= 0) {
                     WOLFSSL_MSG("Error pushing DIST_POINT onto stack");
                     goto err;
                 }
@@ -2482,8 +2439,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                     obj->grp   = oidCertExtType;
                     obj->obj   = (byte*)(x509->certPolicies[i]);
                     obj->objSz = MAX_CERTPOL_SZ;
-                    if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj)
-                                                           != WOLFSSL_SUCCESS) {
+                    if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         wolfSSL_ASN1_OBJECT_free(obj);
                         wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
@@ -2504,7 +2460,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
             else {
                 WOLFSSL_MSG("No Cert Policy set");
             }
-        #elif defined(WOLFSSL_SEP)
+        #endif /* WOLFSSL_CERT_EXT */
+        #ifdef WOLFSSL_SEP
             if (x509->certPolicySet) {
                 if (c != NULL) {
                     *c = x509->certPolicyCrit;
@@ -2520,8 +2477,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
             else {
                 WOLFSSL_MSG("No Cert Policy set");
             }
-        #else
-            WOLFSSL_MSG("wolfSSL not built with WOLFSSL_SEP or WOLFSSL_CERT_EXT");
         #endif
             break;
         }
@@ -2560,6 +2515,44 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
 
         case EXT_KEY_USAGE_OID:
             if (x509->extKeyUsageSrc != NULL) {
+                const byte* ekuSrc = x509->extKeyUsageSrc;
+                word32 i;
+
+                sk = wolfSSL_sk_new_asn1_obj();
+                if (sk == NULL) {
+                    WOLFSSL_MSG("Issue creating stack");
+                    return NULL;
+                }
+
+                for (i = 0; i < x509->extKeyUsageCount; i++) {
+                    long ekuSrcLen = (long)(x509->extKeyUsageSz -
+                            (word32)(ekuSrc - x509->extKeyUsageSrc));
+                    WOLFSSL_ASN1_OBJECT* ekuObj = wolfSSL_d2i_ASN1_OBJECT(NULL,
+                            &ekuSrc, ekuSrcLen);
+                    if (ekuObj == NULL) {
+                        wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                        WOLFSSL_MSG("d2i obj error");
+                        return NULL;
+                    }
+                    ekuObj->type  = EXT_KEY_USAGE_OID;
+                    ekuObj->grp   = oidCertExtType;
+                    /* Push to end to maintain order */
+                    if (wolfSSL_sk_insert(sk, ekuObj, -1) <= 0) {
+                        wolfSSL_ASN1_OBJECT_free(ekuObj);
+                        wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                        WOLFSSL_MSG("d2i obj error");
+                        return NULL;
+                    }
+                }
+
+                if ((word32)(ekuSrc - x509->extKeyUsageSrc)
+                        != x509->extKeyUsageSz ||
+                        i != x509->extKeyUsageCount) {
+                    wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                    WOLFSSL_MSG("incorrect eku count or buffer not exhausted");
+                    return NULL;
+                }
+
                 if (c != NULL) {
                     if (x509->extKeyUsageCount > 1) {
                         *c = -2;
@@ -2568,15 +2561,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                         *c = x509->extKeyUsageCrit;
                     }
                 }
-                obj = wolfSSL_ASN1_OBJECT_new();
-                if (obj == NULL) {
-                    WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
-                    return NULL;
-                }
-                obj->type  = EXT_KEY_USAGE_OID;
-                obj->grp   = oidCertExtType;
-                obj->obj   = x509->extKeyUsageSrc;
-                obj->objSz = x509->extKeyUsageSz;
             }
             else {
                 WOLFSSL_MSG("No Extended Key Usage set");
@@ -2623,7 +2607,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
         }
     }
     if (obj) {
-        if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
             WOLFSSL_MSG("Error pushing ASN1_OBJECT object onto "
                         "stack.");
             goto err;
@@ -2796,7 +2780,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
                 WOLFSSL_MSG("wolfSSL_GENERAL_NAME_new error");
                 goto err_cleanup;
             }
-            if (wolfSSL_sk_GENERAL_NAME_push(gns, gn) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_GENERAL_NAME_push(gns, gn) <= 0) {
                 WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error");
                 wolfSSL_GENERAL_NAME_free(gn);
                 goto err_cleanup;
@@ -3550,7 +3534,7 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
         }
     }
 
-    XMEMCPY(in, tmpBuf, totalLen);
+    XMEMCPY(in, tmpBuf, totalLen); /* cppcheck-suppress uninitvar */
     in[totalLen] = '\0';
 
     return in;
@@ -3664,6 +3648,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
 {
     return d2i_X509orX509REQ(x509, in, len, 1, NULL);
 }
+
+WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
+        const unsigned char** in, int len)
+{
+    WOLFSSL_X509* ret = NULL;
+    WOLFSSL_ENTER("wolfSSL_d2i_X509_REQ_INFO");
+
+    if (in == NULL) {
+        WOLFSSL_MSG("NULL input for wolfSSL_d2i_X509");
+        return NULL;
+    }
+
+    ret = wolfSSL_X509_REQ_d2i(req, *in, len);
+    if (ret != NULL) {
+        *in += ret->derCert->length;
+    }
+    return ret;
+}
 #endif
 
 #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA ||
@@ -3711,7 +3713,7 @@ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
     }
 
     ret = cert->altNamesNext->name;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
     /* return the IP address as a string */
     if (cert->altNamesNext->type == ASN_IP_TYPE) {
         ret = cert->altNamesNext->ipString;
@@ -4459,39 +4461,9 @@ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen,
 int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk,
                                  WOLFSSL_GENERAL_NAME* gn)
 {
-    WOLFSSL_STACK* node;
     WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_push");
 
-    if (sk == NULL || gn == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-
-    /* no previous values in stack */
-    if (sk->data.gn == NULL) {
-        sk->data.gn = gn;
-        sk->num += 1;
-
-        return WOLFSSL_SUCCESS;
-    }
-
-    /* stack already has value(s) create a new node and add more */
-    node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
-                                                             DYNAMIC_TYPE_ASN1);
-    if (node == NULL) {
-        WOLFSSL_MSG("Memory error");
-        return WOLFSSL_FAILURE;
-    }
-    XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
-
-    /* push new obj onto head of stack */
-    node->type    = STACK_TYPE_GEN_NAME;
-    node->data.gn = sk->data.gn;
-    node->next    = sk->next;
-    sk->next      = node;
-    sk->data.gn   = gn;
-    sk->num      += 1;
-
-    return WOLFSSL_SUCCESS;
+    return wolfSSL_sk_push(sk, gn);
 }
 
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
@@ -4531,7 +4503,7 @@ int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk)
     WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num");
 
     if (sk == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return (int)sk->num;
@@ -4702,7 +4674,7 @@ int wolfSSL_sk_DIST_POINT_num(WOLFSSL_STACK* sk)
     WOLFSSL_ENTER("wolfSSL_sk_DIST_POINT_num");
 
     if (sk == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return wolfSSL_sk_num(sk);
@@ -5040,7 +5012,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
         break;
     }
 
-    if (ret == WOLFSSL_FAILURE)
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
         return WOLFSSL_FAILURE;
     else
         return WOLFSSL_SUCCESS;
@@ -5069,19 +5041,9 @@ int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
 
 /* returns null on failure and pointer to internal value on success */
 WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
-        WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx)
+        const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx)
 {
-    WOLFSSL_STACK* ret;
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    ret = wolfSSL_sk_get_node(sk, idx);
-    if (ret != NULL) {
-        return ret->data.ext;
-    }
-    return NULL;
+    return (WOLFSSL_X509_EXTENSION*)wolfSSL_sk_value(sk, idx);
 }
 
 /* frees all of the nodes and the values in stack */
@@ -5092,6 +5054,11 @@ void wolfSSL_sk_X509_EXTENSION_pop_free(
     wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
 }
 
+void wolfSSL_sk_X509_EXTENSION_free(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
+{
+    wolfSSL_sk_pop_free(sk, NULL);
+}
+
 #endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
@@ -5368,7 +5335,7 @@ int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
 {
     WOLFSSL_ENTER("wolfSSL_X509_NAME_get_sz");
     if (!name)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return name->sz;
 }
 
@@ -5668,9 +5635,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
                 case NID_key_usage: crit = x509->keyUsageCrit; break;
                 case NID_crl_distribution_points: crit= x509->CRLdistCrit; break;
                 case NID_ext_key_usage: crit= x509->extKeyUsageCrit; break;
-                #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
-                    case NID_certificate_policies: crit = x509->certPolicyCrit; break;
-                #endif /* WOLFSSL_SEP || WOLFSSL_QT */
+            #ifdef WOLFSSL_SEP
+                case NID_certificate_policies: crit = x509->certPolicyCrit; break;
+            #endif /* WOLFSSL_SEP */
             }
         }
 
@@ -5778,6 +5745,37 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         return id;
     }
+
+    const WOLFSSL_ASN1_STRING *wolfSSL_X509_get0_subject_key_id(
+            WOLFSSL_X509 *x509)
+    {
+        WOLFSSL_ASN1_STRING* ret = NULL;
+
+        WOLFSSL_ENTER("wolfSSL_X509_get0_subject_key_id");
+
+        if (x509 != NULL && x509->subjKeyIdSet) {
+            if (x509->subjKeyIdStr == NULL) {
+                x509->subjKeyIdStr = wolfSSL_ASN1_STRING_new();
+                if (x509->subjKeyIdStr != NULL) {
+                    if (wolfSSL_ASN1_STRING_set(x509->subjKeyIdStr,
+                            x509->subjKeyId, x509->subjKeyIdSz) == 1) {
+                        ret = x509->subjKeyIdStr;
+                    }
+                    else {
+                        wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr);
+                        x509->subjKeyIdStr = NULL;
+                    }
+                }
+            }
+            else {
+                ret = x509->subjKeyIdStr;
+            }
+        }
+
+        WOLFSSL_LEAVE("wolfSSL_X509_get0_subject_key_id", ret != NULL);
+
+        return ret;
+    }
 #endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
@@ -5830,89 +5828,331 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
     #define MAX_WIDTH 80
 #endif
 
-static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
-        int indent)
-{
-    int ret = WOLFSSL_SUCCESS;
-    DNS_entry* entry;
+#if defined(WOLFSSL_ACERT)
+#define ACERT_NUM_DIR_TAGS 4
 
-    if (bio == NULL || x509 == NULL) {
-        ret = WOLFSSL_FAILURE;
-    }
+/* Convenience struct and function for printing the Holder sub fields
+ * of an X509 Attribute struct. */
+struct acert_dir_print_t {
+    const char * pfx;
+    const byte   tag[3];
+};
 
-    if (ret == WOLFSSL_SUCCESS && x509->subjAltNameSet &&
-            x509->altNames != NULL) {
-        char scratch[MAX_WIDTH];
-        int len;
+static struct acert_dir_print_t acert_dir_print[ACERT_NUM_DIR_TAGS] =
+{
+    { "C=", {0x55, 0x04, ASN_COUNTRY_NAME} },
+    { "O=", {0x55, 0x04, ASN_ORG_NAME} },
+    { "OU=", {0x55, 0x04, ASN_ORGUNIT_NAME} },
+    { "CN=", {0x55, 0x04, ASN_COMMON_NAME} },
+};
 
-        len = XSNPRINTF(scratch, MAX_WIDTH, "%*s", indent, "");
-        if (len >= MAX_WIDTH)
-            ret = WOLFSSL_FAILURE;
-        if (ret == WOLFSSL_SUCCESS) {
-            if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch)) <= 0) {
-                ret = WOLFSSL_FAILURE;
-            }
-        }
-        if (ret == WOLFSSL_SUCCESS) {
-            int nameCount = 0;
+/* Print an entry of ASN_DIR_TYPE into dst of length max_len.
+ *
+ * Returns total_len of str on success.
+ * Returns < 0 on failure.
+ * */
+static int X509PrintDirType(char * dst, int max_len, const DNS_entry * entry)
+{
+    word32       k = 0;
+    word32       i = 0;
+    const char * src = entry->name;
+    word32       src_len = (word32)XSTRLEN(src);
+    int          total_len = 0;
+    int          bytes_left = max_len;
+    int          fld_len = 0;
+    int          match_found = 0;
+
+    XMEMSET(dst, 0, max_len);
+
+    /* loop over printable DIR tags. */
+    for (k = 0; k < ACERT_NUM_DIR_TAGS; ++k) {
+        const char * pfx = acert_dir_print[k].pfx;
+        const byte * tag = acert_dir_print[k].tag;
+        byte         asn_tag;
+
+        /* walk through entry looking for matches. */
+        for (i = 0; i < src_len - 5; ++i) {
+            if (XMEMCMP(tag, &src[i], 3) == 0) {
+                if (bytes_left < 5) {
+                    /* Not enough space left for name oid + tag + len. */
+                    break;
+                }
 
-            entry = x509->altNames;
-            while (entry != NULL) {
-                ++nameCount;
-                if (nameCount > 1) {
-                    if (wolfSSL_BIO_write(bio, ", ", 2) <= 0) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
+                if (match_found) {
+                    /* append a {',', ' '} before doing anything else. */
+                    *dst++ = ',';
+                    *dst++ = ' ';
+                    total_len += 2;
+                    bytes_left -= 2;
                 }
 
-                if (entry->type == ASN_DNS_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH, "DNS:%s", entry->name);
-                    if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
+                i += 3;
+
+                /* Get the ASN Tag. */
+                if (GetASNTag((const byte *)src, &i, &asn_tag, src_len) < 0) {
+                    WOLFSSL_MSG("error: GetASNTag failed");
+                    break;
                 }
-            #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
-                else if (entry->type == ASN_IP_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s",
-                            entry->ipString);
-                    if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
+
+                /* Check it is printable. */
+                if ((asn_tag != ASN_PRINTABLE_STRING) &&
+                    (asn_tag != ASN_IA5_STRING) &&
+                    (asn_tag != ASN_UTF8STRING)) {
+                    /* Don't know what this is but we can't print it. */
+                    WOLFSSL_MSG("error: asn tag not printable string");
+                    break;
                 }
-            #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
-                else if (entry->type == ASN_RFC822_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH, "email:%s",
-                            entry->name);
-                    if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
+
+                /* Now get the length of the printable string. */
+                if (GetLength((const byte *)src, &i, &fld_len, src_len) < 0) {
+                    break;
                 }
-                else if (entry->type == ASN_DIR_TYPE) {
-                    /* @TODO entry->name in ASN1 syntax */
-                    len = XSNPRINTF(scratch, MAX_WIDTH,
-                        "DirName:<print out not supported yet>");
-                    if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
+
+                /* Make sure we have space to fit it. */
+                if ((int) XSTRLEN(pfx) > bytes_left) {
+                    /* Not enough space left. */
+                    break;
                 }
-                else if (entry->type == ASN_URI_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s",
-                        entry->name);
-                     if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
+
+                /* Copy it in, decrement available space. */
+                XSTRNCPY(dst, pfx, bytes_left);
+                dst += XSTRLEN(pfx);
+                total_len += XSTRLEN(pfx);
+                bytes_left -= XSTRLEN(pfx);
+
+                if (fld_len > bytes_left) {
+                    /* Not enough space left. */
+                    break;
                 }
-            #if defined(OPENSSL_ALL)
-                else if (entry->type == ASN_RID_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s",
-                        entry->ridString);
-                    if (len >= MAX_WIDTH) {
+
+                XMEMCPY(dst, &src[i], fld_len);
+                i += fld_len;
+                dst += fld_len;
+                total_len += fld_len;
+                bytes_left -= fld_len;
+
+                match_found = 1;
+            }
+        }
+    }
+
+    return total_len;
+}
+
+static int X509_ACERT_print_name_entry(WOLFSSL_BIO* bio,
+                                       const DNS_entry* entry, int indent)
+{
+    int  ret = WOLFSSL_SUCCESS;
+    int  nameCount = 0;
+    char scratch[MAX_WIDTH];
+    int  len;
+
+    if (bio == NULL || entry == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+
+    len = XSNPRINTF(scratch, MAX_WIDTH, "%*s", indent, "");
+    if (len >= MAX_WIDTH) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    while (entry != NULL) {
+        ++nameCount;
+        if (nameCount > 1) {
+            if (wolfSSL_BIO_write(bio, ", ", 2) <= 0) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+
+        if (entry->type == ASN_DNS_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "DNS:%s", entry->name);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+        else if (entry->type == ASN_IP_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s",
+                    entry->ipString);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
+        else if (entry->type == ASN_RFC822_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "email:%s",
+                    entry->name);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+        else if (entry->type == ASN_DIR_TYPE) {
+            len = X509PrintDirType(scratch, MAX_WIDTH, entry);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+        else if (entry->type == ASN_URI_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s",
+                entry->name);
+             if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #if defined(OPENSSL_ALL)
+        else if (entry->type == ASN_RID_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s",
+                entry->ridString);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #endif
+        else if (entry->type == ASN_OTHER_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH,
+                "othername <unsupported>");
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+        else {
+            WOLFSSL_MSG("Bad alt name type.");
+            ret = WOLFSSL_FAILURE;
+            break;
+        }
+
+        if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch))
+                <= 0) {
+            ret = WOLFSSL_FAILURE;
+            break;
+        }
+
+        entry = entry->next;
+    }
+
+    if (ret == WOLFSSL_SUCCESS && wolfSSL_BIO_write(bio, "\n", 1) <= 0) {
+        ret = WOLFSSL_FAILURE;
+    }
+
+    return ret;
+}
+
+/* Sets buf pointer and len to raw Attribute buffer and buffer len
+ * in X509 struct.
+ *
+ * Returns WOLFSSL_SUCCESS on success.
+ * Returns BAD_FUNC_ARG if input pointers are null.
+ * */
+WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
+                                                const byte ** rawAttr,
+                                                word32 * rawAttrLen)
+{
+    if (x509 == NULL || rawAttr == NULL || rawAttrLen == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    *rawAttr = x509->rawAttr;
+    *rawAttrLen = x509->rawAttrLen;
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* if WOLFSSL_ACERT*/
+
+static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
+        int indent)
+{
+    int ret = WOLFSSL_SUCCESS;
+    DNS_entry* entry;
+
+    if (bio == NULL || x509 == NULL) {
+        ret = WOLFSSL_FAILURE;
+    }
+
+    if (ret == WOLFSSL_SUCCESS && x509->subjAltNameSet &&
+            x509->altNames != NULL) {
+        char scratch[MAX_WIDTH];
+        int len;
+
+        len = XSNPRINTF(scratch, MAX_WIDTH, "%*s", indent, "");
+        if (len >= MAX_WIDTH)
+            ret = WOLFSSL_FAILURE;
+        if (ret == WOLFSSL_SUCCESS) {
+            if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch)) <= 0) {
+                ret = WOLFSSL_FAILURE;
+            }
+        }
+        if (ret == WOLFSSL_SUCCESS) {
+            int nameCount = 0;
+
+            entry = x509->altNames;
+            while (entry != NULL) {
+                ++nameCount;
+                if (nameCount > 1) {
+                    if (wolfSSL_BIO_write(bio, ", ", 2) <= 0) {
+                        ret = WOLFSSL_FAILURE;
+                        break;
+                    }
+                }
+
+                if (entry->type == ASN_DNS_TYPE) {
+                    len = XSNPRINTF(scratch, MAX_WIDTH, "DNS:%s", entry->name);
+                    if (len >= MAX_WIDTH) {
+                        ret = WOLFSSL_FAILURE;
+                        break;
+                    }
+                }
+            #ifdef WOLFSSL_IP_ALT_NAME
+                else if (entry->type == ASN_IP_TYPE) {
+                    len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s",
+                            entry->ipString);
+                    if (len >= MAX_WIDTH) {
+                        ret = WOLFSSL_FAILURE;
+                        break;
+                    }
+                }
+            #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
+                else if (entry->type == ASN_RFC822_TYPE) {
+                    len = XSNPRINTF(scratch, MAX_WIDTH, "email:%s",
+                            entry->name);
+                    if (len >= MAX_WIDTH) {
+                        ret = WOLFSSL_FAILURE;
+                        break;
+                    }
+                }
+                else if (entry->type == ASN_DIR_TYPE) {
+                    /* @TODO entry->name in ASN1 syntax */
+                    len = XSNPRINTF(scratch, MAX_WIDTH,
+                        "DirName:<print out not supported yet>");
+                    if (len >= MAX_WIDTH) {
+                        ret = WOLFSSL_FAILURE;
+                        break;
+                    }
+                }
+                else if (entry->type == ASN_URI_TYPE) {
+                    len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s",
+                        entry->name);
+                     if (len >= MAX_WIDTH) {
+                        ret = WOLFSSL_FAILURE;
+                        break;
+                    }
+                }
+            #if defined(OPENSSL_ALL)
+                else if (entry->type == ASN_RID_TYPE) {
+                    len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s",
+                        entry->ridString);
+                    if (len >= MAX_WIDTH) {
                         ret = WOLFSSL_FAILURE;
                         break;
                     }
@@ -6158,6 +6398,70 @@ static int X509PrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
     return WOLFSSL_SUCCESS;
 }
 
+#ifndef NO_ASN_TIME
+static int X509PrintValidity(WOLFSSL_BIO* bio, WOLFSSL_ASN1_TIME * notBefore,
+                             WOLFSSL_ASN1_TIME * notAfter, int indent)
+{
+    char tmp[80];
+    (void) indent;
+
+    if (wolfSSL_BIO_write(bio, "        Validity\n",
+                  (int)XSTRLEN("        Validity\n")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, "            Not Before: ",
+                  (int)XSTRLEN("            Not Before: ")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+    if (notBefore->length > 0) {
+        if (GetTimeString(notBefore->data, ASN_UTC_TIME,
+            tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+            if (GetTimeString(notBefore->data, ASN_GENERALIZED_TIME,
+            tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+                WOLFSSL_MSG("Error getting not before date");
+                return WOLFSSL_FAILURE;
+            }
+        }
+    }
+    else {
+        XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
+    }
+    tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
+    if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, "\n            Not After : ",
+                  (int)XSTRLEN("\n            Not After : ")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+    if (notAfter->length > 0) {
+        if (GetTimeString(notAfter->data, ASN_UTC_TIME,
+            tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+            if (GetTimeString(notAfter->data, ASN_GENERALIZED_TIME,
+                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+                WOLFSSL_MSG("Error getting not after date");
+                return WOLFSSL_FAILURE;
+            }
+        }
+    }
+    else {
+        XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
+    }
+    tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
+    if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* ifndef NO_ASN_TIME */
+
 /* iterate through certificate extensions printing them out in human readable
  * form
  * return WOLFSSL_SUCCESS on success
@@ -6200,7 +6504,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
         return WOLFSSL_FAILURE;
     }
 
-    for (i = 0; (i < count) && (ret != WOLFSSL_FAILURE); i++) {
+    for (i = 0; (i < count) && (ret != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); i++) {
         WOLFSSL_X509_EXTENSION* ext;
 
         ext = wolfSSL_X509_get_ext(x509, i);
@@ -6217,7 +6521,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 break;
             }
             if (wolfSSL_OBJ_obj2txt(buf, MAX_WIDTH, obj, 0)
-                == WOLFSSL_FAILURE)
+                == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             {
                 ret = WOLFSSL_FAILURE;
                 break;
@@ -6280,7 +6584,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                     XMEMCPY(scratch + scratchLen, val, valLen);
                     scratchLen += valLen;
                 }
-                if (ret == WOLFSSL_FAILURE)
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
                     break;
                 if (wolfSSL_BIO_write(bio, scratch,
                                       scratchLen) <= 0) {
@@ -6329,7 +6633,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                     XMEMCPY(scratch + scratchLen, val, valLen);
                     scratchLen += valLen;
                 }
-                if (ret == WOLFSSL_FAILURE)
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
                     break;
                 if (wolfSSL_BIO_write(bio, scratch,
                                       scratchLen) <= 0) {
@@ -6386,9 +6690,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
         }
     }
 
-    if (buf != NULL) {
-        XFREE(buf, x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(buf, x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -6429,7 +6731,7 @@ static int X509PrintSignature_ex(WOLFSSL_BIO* bio, byte* sig,
     }
     if (ret == WOLFSSL_SUCCESS) {
         if (wolfSSL_OBJ_obj2txt(scratch, MAX_WIDTH, obj, 0)
-            == WOLFSSL_FAILURE)
+            == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
         {
             ret = WOLFSSL_FAILURE;
         }
@@ -6568,9 +6870,7 @@ static int X509PrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
             return WOLFSSL_FAILURE;
         }
 
-        if (sig != NULL) {
-            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     }
 
@@ -6726,7 +7026,7 @@ static int X509PrintReqAttributes(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
             const byte* data;
 
             if (wolfSSL_OBJ_obj2txt(lName, lNameSz, attr->object, 0)
-                == WOLFSSL_FAILURE)
+                == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             {
                 return WOLFSSL_FAILURE;
             }
@@ -6878,84 +7178,467 @@ int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
         return WOLFSSL_FAILURE;
     }
 
-#ifndef NO_ASN_TIME
+    #ifndef NO_ASN_TIME
     /* print validity */
-    {
-        char tmp[80];
+    if (X509PrintValidity(bio, &x509->notBefore, &x509->notAfter, 8)
+        != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+    #endif /* NO_ASN_TIME */
 
-        if (wolfSSL_BIO_write(bio, "        Validity\n",
-                      (int)XSTRLEN("        Validity\n")) <= 0) {
-            return WOLFSSL_FAILURE;
+    /* print subject */
+    if (X509PrintName(bio, wolfSSL_X509_get_subject_name(x509), subjType, 8)
+            != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* get and print public key */
+    if (X509PrintPubKey(bio, x509, 8) != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print out extensions */
+    if (X509PrintExtensions(bio, x509, 8) != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print out signature */
+    if (X509PrintSignature(bio, x509, 0, 4) != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* done with print out */
+    if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
+{
+    return wolfSSL_X509_print_ex(bio, x509, 0, 0);
+}
+
+#if defined(WOLFSSL_ACERT)
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format)
+{
+    int                  ret = 0;
+    WOLFSSL_X509_ACERT * x509 = NULL;
+    DerBuffer *          der = NULL;
+    #ifdef WOLFSSL_SMALL_STACK
+    DecodedAcert *       acert = NULL;
+    #else
+    DecodedAcert         acert[1];
+    #endif
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_load_certificate_buffer");
+
+    if (format == WOLFSSL_FILETYPE_PEM) {
+    #ifdef WOLFSSL_PEM_TO_DER
+        ret = PemToDer(buf, sz, ACERT_TYPE, &der, NULL, NULL, NULL);
+
+        if (ret != 0 || der == NULL || der->buffer == NULL) {
+            WOLFSSL_ERROR(ret);
+
+            if (der != NULL) {
+                FreeDer(&der);
+            }
+
+            return NULL;
         }
+    #else
+        WOLFSSL_ERROR(NOT_COMPILED_IN);
+        return NULL;
+    #endif
+    }
+    else {
+        ret = AllocDer(&der, (word32)sz, ACERT_TYPE, NULL);
 
-        if (wolfSSL_BIO_write(bio, "            Not Before: ",
-                      (int)XSTRLEN("            Not Before: ")) <= 0) {
-            return WOLFSSL_FAILURE;
+        if (ret != 0 || der == NULL || der->buffer == NULL) {
+            WOLFSSL_ERROR(ret);
+            return NULL;
         }
-        if (x509->notBefore.length > 0) {
-            if (GetTimeString(x509->notBefore.data, ASN_UTC_TIME,
-                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                if (GetTimeString(x509->notBefore.data, ASN_GENERALIZED_TIME,
-                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("Error getting not before date");
-                    return WOLFSSL_FAILURE;
-                }
+
+        XMEMCPY(der->buffer, buf, sz);
+    }
+
+    #ifdef WOLFSSL_SMALL_STACK
+    acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), NULL,
+                                   DYNAMIC_TYPE_TMP_BUFFER);
+    if (acert == NULL) {
+        WOLFSSL_ERROR(MEMORY_ERROR);
+        FreeDer(&der);
+        return NULL;
+    }
+    #endif
+
+    InitDecodedAcert(acert, der->buffer, der->length, NULL);
+
+    ret = ParseX509Acert(acert, VERIFY_SKIP_DATE);
+
+    if (ret == 0) {
+        x509 = (WOLFSSL_X509_ACERT*)XMALLOC(sizeof(WOLFSSL_X509_ACERT), NULL,
+                                            DYNAMIC_TYPE_X509_ACERT);
+        if (x509 != NULL) {
+            wolfSSL_X509_ACERT_init(x509, NULL);
+            ret = CopyDecodedAcertToX509(x509, acert);
+
+            if (ret != 0) {
+                wolfSSL_X509_ACERT_free(x509);
+                x509 = NULL;
             }
         }
         else {
-            XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
+            ret = MEMORY_ERROR;
         }
-        tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
-        if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
+    }
+
+    FreeDecodedAcert(acert);
+
+    #ifdef WOLFSSL_SMALL_STACK
+    XFREE(acert, NULL, DYNAMIC_TYPE_DCERT);
+    #endif
+
+    FreeDer(&der);
+
+    if (ret != 0) {
+        WOLFSSL_ERROR(ret);
+    }
+
+    return x509;
+}
+
+void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, void* heap)
+{
+    if (x509 == NULL) {
+        WOLFSSL_MSG("error: InitX509Acert: null parameter");
+        return;
+    }
+
+    XMEMSET(x509, 0, sizeof(*x509));
+
+    x509->heap = heap;
+}
+
+void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509)
+{
+    if (x509 == NULL) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter");
+        return;
+    }
+
+    /* Free holder and att cert issuer structures. */
+    if (x509->holderIssuerName) {
+        FreeAltNames(x509->holderIssuerName, x509->heap);
+        x509->holderIssuerName = NULL;
+    }
+
+    if (x509->AttCertIssuerName) {
+        FreeAltNames(x509->AttCertIssuerName, x509->heap);
+        x509->AttCertIssuerName = NULL;
+    }
+
+    if (x509->rawAttr != NULL) {
+        XFREE(x509->rawAttr, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->rawAttr = NULL;
+        x509->rawAttrLen = 0;
+    }
+
+    /* Free derCert source and signature buffer. */
+    FreeDer(&x509->derCert);
+
+    if (x509->sig.buffer != NULL) {
+        XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
+        x509->sig.buffer = NULL;
+    }
+
+    /* Finally memset and free x509 acert structure. */
+    XMEMSET(x509, 0, sizeof(*x509));
+    XFREE(x509, x509->heap, NULL);
+
+    return;
+}
+
+long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT* x509)
+{
+    int version = 0;
+
+    if (x509 == NULL) {
+        return 0L;
+    }
+
+    version = x509->version;
+
+    return version != 0 ? (long)version - 1L : 0L;
+}
+
+int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509)
+{
+    if (x509 == NULL) {
+        return 0;
+    }
+
+    return x509->version;
+}
+
+/* Retrieve sig NID from an ACERT.
+ *
+ * returns  NID on success
+ * returns  0 on failure
+ */
+int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT *x509)
+{
+    if (x509 == NULL) {
+        return 0;
+    }
+
+    return oid2nid((word32)x509->sigOID, oidSigType);
+}
+
+/* Retrieve the signature from an ACERT.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  buf     the signature buffer pointer
+ * @param [in, out]  bufSz   the signature buffer size pointer
+ *
+ * buf may be null, but bufSz is required. On success, sets
+ * bufSz pointer to signature length, and copies signature
+ * to buf if provided.
+ *
+ * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
+ * Returns  WOLFSSL_SUCCESS on success.
+ */
+int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509,
+                                     unsigned char* buf, int* bufSz)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_signature");
+
+    if (x509 == NULL || bufSz == NULL) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    /* If buf array is provided, it must be long enough. */
+    if (buf != NULL && *bufSz < (int)x509->sig.length) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (buf != NULL) {
+        /* Copy in buffer if provided. */
+        XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
+    }
+
+    *bufSz = (int)x509->sig.length;
+
+    return WOLFSSL_SUCCESS;
+}
+
+static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509,
+                                   int algOnly, int indent)
+{
+    int sigSz = 0;
+    if (wolfSSL_X509_ACERT_get_signature(x509, NULL, &sigSz) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (sigSz > 0) {
+        unsigned char* sig;
+        int sigNid;
+
+        sigNid = wolfSSL_X509_ACERT_get_signature_nid(x509);
+        if (sigNid <= 0) {
             return WOLFSSL_FAILURE;
         }
 
-        if (wolfSSL_BIO_write(bio, "\n            Not After : ",
-                      (int)XSTRLEN("\n            Not After : ")) <= 0) {
+        sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (sig == NULL) {
             return WOLFSSL_FAILURE;
         }
-        if (x509->notAfter.length > 0) {
-            if (GetTimeString(x509->notAfter.data, ASN_UTC_TIME,
-                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                if (GetTimeString(x509->notAfter.data, ASN_GENERALIZED_TIME,
-                    tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("Error getting not after date");
-                    return WOLFSSL_FAILURE;
-                }
-            }
+
+        if (wolfSSL_X509_ACERT_get_signature(x509, sig, &sigSz) <= 0) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return WOLFSSL_FAILURE;
         }
-        else {
-            XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
+
+        if (X509PrintSignature_ex(bio, sig, sigSz, sigNid, algOnly, indent)
+                != WOLFSSL_SUCCESS) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return WOLFSSL_FAILURE;
         }
-        tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
-        if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
+
+        if (sig != NULL) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+
+/* Retrieve the serial number from an ACERT.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  buf     the serial number buffer pointer
+ * @param [in, out]  bufSz   the serial number buffer size pointer
+ *
+ * buf may be null, but bufSz is required. On success, sets
+ * bufSz pointer to signature length, and copies signature
+ * to buf if provided.
+ *
+ * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
+ * Returns  WOLFSSL_SUCCESS on success.
+ */
+int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
+                                         byte* buf, int* bufSz)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number");
+
+    if (x509 == NULL || bufSz == NULL) {
+        WOLFSSL_MSG("error: null argument passed in");
+        return BAD_FUNC_ARG;
+    }
+
+    if (buf != NULL) {
+        if (*bufSz < x509->serialSz) {
+            WOLFSSL_MSG("error: serial buffer too small");
+            return BUFFER_E;
+        }
+
+        XMEMCPY(buf, x509->serial, x509->serialSz);
+    }
+
+    *bufSz = x509->serialSz;
+
+    return WOLFSSL_SUCCESS;
+}
+
+static int X509AcertPrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509,
+                                int indent)
+{
+    unsigned char serial[32];
+    int  sz = sizeof(serial);
+
+    XMEMSET(serial, 0, sz);
+    if (wolfSSL_X509_ACERT_get_serial_number(x509, serial, &sz)
+        == WOLFSSL_SUCCESS) {
+        X509PrintSerial_ex(bio, serial, sz, 1, indent);
+    }
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509)
+{
+    const char * hdr =                "Attribute Certificate:\n";
+    const char * data_hdr =           "    Data:\n";
+    const char * holder_hdr =         "        Holder:\n";
+    const char * holder_issuer_hdr =  "            Issuer:";
+    const char * holder_name_hdr =    "            Name:";
+    const char * attcert_issuer_hdr = "        Issuer:";
+
+    if (bio == NULL || x509 == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print acert header */
+    if (wolfSSL_BIO_write(bio, hdr, (int)XSTRLEN(hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print data header */
+    if (wolfSSL_BIO_write(bio, data_hdr, (int)XSTRLEN(data_hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print version of cert */
+    if (X509PrintVersion(bio, wolfSSL_X509_ACERT_version(x509), 8)
+            != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print serial number out */
+    if (X509AcertPrintSerial(bio, x509, 8) != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print holder field */
+    if (wolfSSL_BIO_write(bio, holder_hdr, (int)XSTRLEN(holder_hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (x509->holderEntityName != NULL) {
+        /* print issuer header */
+        if (wolfSSL_BIO_write(bio, holder_name_hdr,
+            (int)XSTRLEN(holder_name_hdr)) <= 0) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (X509_ACERT_print_name_entry(bio, x509->holderEntityName, 1)
+                != WOLFSSL_SUCCESS) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+
+    if (x509->holderIssuerName != NULL) {
+        /* print issuer header */
+        if (wolfSSL_BIO_write(bio, holder_issuer_hdr,
+            (int)XSTRLEN(holder_issuer_hdr)) <= 0) {
             return WOLFSSL_FAILURE;
         }
 
-        if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
+        if (X509_ACERT_print_name_entry(bio, x509->holderIssuerName, 1)
+            != WOLFSSL_SUCCESS) {
             return WOLFSSL_FAILURE;
         }
     }
-    #endif
 
-    /* print subject */
-    if (X509PrintName(bio, wolfSSL_X509_get_subject_name(x509), subjType, 8)
-            != WOLFSSL_SUCCESS) {
-        return WOLFSSL_FAILURE;
+    if (x509->holderSerialSz > 0) {
+        X509PrintSerial_ex(bio, x509->holderSerial, x509->holderSerialSz,
+                           1, 12);
     }
 
-    /* get and print public key */
-    if (X509PrintPubKey(bio, x509, 8) != WOLFSSL_SUCCESS) {
+    /* print issuer header */
+    if (wolfSSL_BIO_write(bio, attcert_issuer_hdr,
+        (int)XSTRLEN(attcert_issuer_hdr)) <= 0) {
         return WOLFSSL_FAILURE;
     }
 
-    /* print out extensions */
-    if (X509PrintExtensions(bio, x509, 8) != WOLFSSL_SUCCESS) {
+    if (x509->AttCertIssuerName != NULL) {
+        if (X509_ACERT_print_name_entry(bio, x509->AttCertIssuerName, 1)
+                != WOLFSSL_SUCCESS) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+    else {
+        const char * msg = " Issuer type not supported.\n";
+        if (wolfSSL_BIO_write(bio, msg, (int)XSTRLEN(msg)) <= 0) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+
+    #ifndef NO_ASN_TIME
+    /* print validity */
+    if (X509PrintValidity(bio, &x509->notBefore, &x509->notAfter, 8)
+        != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
+    #endif /* NO_ASN_TIME */
 
-    /* print out signature */
-    if (X509PrintSignature(bio, x509, 0, 4) != WOLFSSL_SUCCESS) {
+    /* print raw attributes */
+    if (x509->rawAttr && x509->rawAttrLen > 0) {
+        char attr_hdr[128]; /* buffer for XSNPRINTF */
+
+        if (XSNPRINTF(attr_hdr, 128, "%*s%s: %d bytes\n", 8, "",
+                    "Attributes", x509->rawAttrLen) >= 128) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (wolfSSL_BIO_write(bio, attr_hdr, (int)XSTRLEN(attr_hdr)) <= 0) {
+                return WOLFSSL_FAILURE;
+        }
+    }
+
+    /* print out sig algo and signature */
+    if (X509AcertPrintSignature(bio, x509, 0, 8) != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
 
@@ -6966,10 +7649,7 @@ int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
 
     return WOLFSSL_SUCCESS;
 }
-int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
-{
-    return wolfSSL_X509_print_ex(bio, x509, 0, 0);
-}
+#endif /* WOLFSSL_ACERT */
 
 #ifndef NO_FILESYSTEM
 int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509)
@@ -7040,7 +7720,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp,
 
     for (i = 0; i < length; ++i) {
         char hex_digits[4];
-#ifdef XSNPRINTF
         if (XSNPRINTF(hex_digits, sizeof(hex_digits), "%c%02X", i>0 ? ':' : ' ',
                   (unsigned int)sigalg->algorithm->obj[idx+i])
             >= (int)sizeof(hex_digits))
@@ -7048,10 +7727,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp,
             WOLFSSL_MSG("buffer overrun");
             return WOLFSSL_FAILURE;
         }
-#else
-        XSPRINTF(hex_digits, "%c%02X", i>0 ? ':' : ' ',
-                 (unsigned int)sigalg->algorithm->obj[idx+i]);
-#endif
         if (wolfSSL_BIO_puts(bp, hex_digits) <= 0)
             return WOLFSSL_FAILURE;
     }
@@ -7101,7 +7776,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
 {
 #if !defined(NO_FILESYSTEM) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
-    int           ret = WOLFSSL_FAILURE;
+    int           ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     XFILE         fp;
     long          sz;
     byte*         pem = NULL;
@@ -7191,8 +7866,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
     while (ret == WOLFSSL_SUCCESS);
 
 end:
-    if (pem != NULL)
-        XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+    XFREE(pem, 0, DYNAMIC_TYPE_PEM);
     XFCLOSE(fp);
     return WS_RETURN_CODE(ret, (int)WOLFSSL_FAILURE);
 #else
@@ -7310,8 +7984,7 @@ static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl)
                 XSTRNCPY(entry->dir_name, buf, pathLen);
                 entry->dir_name[pathLen] = '\0';
 
-                if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry)
-                                                    != WOLFSSL_SUCCESS) {
+                if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry) <= 0) {
                     wolfSSL_BY_DIR_entry_free(entry);
                     #ifdef WOLFSSL_SMALL_STACK
                         XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
@@ -7357,7 +8030,7 @@ static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl)
 int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd,
         const char *argc, long argl, char **ret)
 {
-    int lret = WOLFSSL_FAILURE;
+    int lret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl");
 #if !defined(NO_FILESYSTEM)
@@ -7416,7 +8089,7 @@ static int wolfssl_x509_make_der(WOLFSSL_X509* x509, int req,
  */
 static int loadX509orX509REQFromBio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int req)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     /* Get large buffer to hold cert der */
     int derSz = X509_BUFFER_SZ;
 #ifdef WOLFSSL_SMALL_STACK
@@ -7526,20 +8199,12 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out)
 int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) {
     int ret = 0;
     WOLFSSL_X509 *x = NULL;
-    byte certOwnsAltNames = 0;
     byte certIsCSR = 0;
 
     if ((cert == NULL) || (der == NULL) || (derSz <= 0)) {
         return BAD_FUNC_ARG;
     }
 
-    /* The call to CopyDecodedToX509() transfers ownership of the altNames in
-     * the DecodedCert to the temporary X509 object, causing the list to be
-     * freed in wolfSSL_X509_free(). As this is an unintended side-effect, we
-     * have to save the ownerFlag here and transfer ownership back to the
-     * DecodedCert prior to freeing the X509 object. */
-    certOwnsAltNames = cert->weOwnAltNames;
-
 #ifdef WOLFSSL_CERT_REQ
     certIsCSR = cert->isCSR;
 #endif
@@ -7552,9 +8217,6 @@ int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) {
         ret = CopyDecodedToX509(x, cert);
     }
 
-    /* CopyDecodedToX509() clears cert->weOwnAltNames. Restore it. */
-    cert->weOwnAltNames = certOwnsAltNames;
-
     if (ret == 0) {
         /* Remove the altsigval extension. */
         XFREE(x->altSigValDer, x->heap, DYNAMIC_TYPE_X509_EXT);
@@ -7570,9 +8232,6 @@ int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) {
     }
 
     if (x != NULL) {
-        /* Safe the altNames list from being freed unitentionally. */
-        x->altNames = NULL;
-
         wolfSSL_X509_free(x);
     }
 
@@ -7726,6 +8385,95 @@ int wolfSSL_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey)
 }
 #endif /* WOLFSSL_CERT_REQ */
 
+#if defined(WOLFSSL_ACERT)
+
+#ifndef NO_WOLFSSL_STUB
+WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
+                                        WOLFSSL_EVP_PKEY * pkey,
+                                        const WOLFSSL_EVP_MD * md)
+{
+    WOLFSSL_STUB("X509_ACERT_sign");
+    (void) x509;
+    (void) pkey;
+    (void) md;
+    return WOLFSSL_NOT_IMPLEMENTED;
+}
+#endif /* NO_WOLFSSL_STUB */
+
+/* Helper function for ACERT_verify.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  outSz   the x509 der length
+ *
+ * @return  der buffer on success
+ * @return  NULL on error
+ * */
+static const byte* acert_get_der(WOLFSSL_X509_ACERT * x509, int* outSz)
+{
+    if (x509 == NULL || x509->derCert == NULL || outSz == NULL) {
+        return NULL;
+    }
+
+    *outSz = (int)x509->derCert->length;
+    return x509->derCert->buffer;
+}
+
+/* Given an X509_ACERT and EVP_PKEY, verify the acert's signature.
+ *
+ * @param [in]    x509    the x509 attribute certificate
+ * @param [in]    pkey    the evp_pkey
+ *
+ * @return  WOLFSSL_SUCCESS on verify success
+ * @return  < 0 on error
+ * */
+int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey)
+{
+    int          ret = 0;
+    const byte * der = NULL;
+    int          derSz = 0;
+    int          pkey_type;
+
+    if (x509 == NULL || pkey == NULL) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: bad arg");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_verify");
+
+    der = acert_get_der(x509, &derSz);
+
+    if (der == NULL || derSz <= 0) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: get der failed");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    switch (pkey->type) {
+    case EVP_PKEY_RSA:
+        pkey_type = RSAk;
+        break;
+
+    case EVP_PKEY_EC:
+        pkey_type = ECDSAk;
+        break;
+
+    case EVP_PKEY_DSA:
+        pkey_type = DSAk;
+        break;
+
+    default:
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: unknown pkey type");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+
+    ret = VerifyX509Acert(der, (word32)derSz,
+                          (const byte *)pkey->pkey.ptr, pkey->pkey_sz,
+                          pkey_type, x509->heap);
+
+    return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+#endif /* WOLFSSL_ACERT */
+
 #if !defined(NO_FILESYSTEM)
 static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
 {
@@ -7807,8 +8555,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
     }
 #endif
 _exit:
-    if (fileBuffer != NULL)
-        XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
+    XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
 
     return newx509;
 }
@@ -7983,9 +8730,7 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
         }
     }
 
-    if (der != NULL) {
-        XFREE(der, 0, DYNAMIC_TYPE_DER);
-    }
+    XFREE(der, 0, DYNAMIC_TYPE_DER);
 
     return crl;
 }
@@ -8007,7 +8752,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
                                              const char *file, int type)
 {
 #ifndef NO_BIO
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int count = 0;
     WOLFSSL_BIO *bio = NULL;
     WOLFSSL_X509_CRL *crl = NULL;
@@ -8041,7 +8786,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             }
 
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
                 break;
             }
@@ -8058,7 +8803,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             WOLFSSL_MSG("Load crl failed");
         } else {
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
             } else {
                 ret = 1;/* handled a file */
@@ -8074,7 +8819,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
     WOLFSSL_LEAVE("wolfSSL_X509_load_crl_file", ret);
     return ret;
 #else
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int count = 0;
     XFILE fp;
     WOLFSSL_X509_CRL *crl = NULL;
@@ -8098,7 +8843,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             }
 
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
                 break;
             }
@@ -8117,7 +8862,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
         }
         else {
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
             }
             else {
@@ -8346,9 +9091,7 @@ static int X509CRLPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
             return WOLFSSL_FAILURE;
         }
 
-        if (sig != NULL) {
-            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     }
 
@@ -8724,8 +9467,7 @@ WOLFSSL_X509_VERIFY_PARAM* wolfSSL_X509_VERIFY_PARAM_new(void)
 
 void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param)
 {
-    if (param != NULL)
-        XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
 
@@ -8733,7 +9475,7 @@ void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param)
 int wolfSSL_X509_VERIFY_PARAM_set_flags(WOLFSSL_X509_VERIFY_PARAM *param,
         unsigned long flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (param != NULL) {
         param->flags |= flags;
@@ -8759,7 +9501,7 @@ int wolfSSL_X509_VERIFY_PARAM_get_flags(WOLFSSL_X509_VERIFY_PARAM *param)
 int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
         unsigned long flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (param != NULL) {
         param->flags &= ~flags;
@@ -8769,6 +9511,41 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
     return ret;
 }
 
+/* note WOLFSSL_X509_VERIFY_PARAM does not record purpose, trust, depth, or
+ * auth_level.
+ */
+static const WOLFSSL_X509_VERIFY_PARAM x509_verify_param_builtins[] = {
+    {
+     "ssl_client",              /* name */
+     0,                         /* check_time */
+     0,                         /* inherit_flags */
+     0,                         /* flags */
+     "",                        /* hostname */
+     0,                         /* hostFlags */
+     ""                         /* ipasc */
+    },
+    {
+     "ssl_server",              /* name */
+     0,                         /* check_time */
+     0,                         /* inherit_flags */
+     0,                         /* flags */
+     "",                        /* hostname */
+     0,                         /* hostFlags */
+     ""                         /* ipasc */
+    }
+};
+
+const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *name)
+{
+    const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0],
+        *param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)];
+    while (param < param_end) {
+        if (XSTRCMP(name, param->name) == 0)
+            return param;
+        ++param;
+    }
+    return NULL;
+}
 
 /* inherits properties of param "to" to param "from"
 *
@@ -8779,10 +9556,10 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
 * WOLFSSL_VPARAM_LOCKED           don't copy any values
 * WOLFSSL_VPARAM_ONCE             the current inherit_flags is zerroed
 */
-static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
+int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
                                          const WOLFSSL_X509_VERIFY_PARAM *from)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WOLFSSL_SUCCESS;
     int isOverWrite = 0;
     int isDefault = 0;
     unsigned int flags;
@@ -8884,7 +9661,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
 int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM *to,
                                    const WOLFSSL_X509_VERIFY_PARAM *from)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     unsigned int _inherit_flags;
 
     if (!to) {
@@ -8926,7 +9703,7 @@ void wolfSSL_X509_VERIFY_PARAM_set_hostflags(WOLFSSL_X509_VERIFY_PARAM* param,
 int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param,
         const char *ipasc)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (param != NULL) {
         if (ipasc == NULL) {
@@ -8951,7 +9728,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param,
 int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
     const unsigned char* ip, size_t iplen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifndef NO_FILESYSTEM
     char* buf = NULL;
     char* p = NULL;
@@ -8970,14 +9747,13 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
     if (iplen == 4) {
         /* ipv4 www.xxx.yyy.zzz max 15 length + Null termination */
         buf = (char*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
         if (!buf) {
             WOLFSSL_MSG("failed malloc");
             return ret;
         }
 
-        XSPRINTF(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
-        buf[15] = '\0';
+        (void)XSNPRINTF(buf, 16, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+        buf[15] = '\0'; /* null terminate */
     }
     else if (iplen == 16) {
         /* ipv6 normal address scheme
@@ -9006,47 +9782,46 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
         *   to re-construct IP address in ascii.
         */
         buf = (char*)XMALLOC(max_ipv6_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
         if (!buf) {
             WOLFSSL_MSG("failed malloc");
             return ret;
         }
         p = buf;
         for (i = 0; i < 16; i += 2) {
-           val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF;
-           if (val == 0){
-               if (!write_zero) {
+            val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF;
+            if (val == 0){
+                if (!write_zero) {
                     *p = ':';
-               }
-               p++;
-               *p = '\0';
-               write_zero = 1;
-           }
-           else {
-               if (i != 0)
-                *p++ = ':';
-               XSPRINTF(p, "%x", val);
-           }
-           /* sanity check */
-           if (XSTRLEN(buf) > max_ipv6_len) {
-               WOLFSSL_MSG("The target ip address exceeds buffer length(40)");
-               XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-               buf = NULL;
-               break;
-           }
-           /* move the pointer to the last */
-           /* XSTRLEN includes NULL because of XSPRINTF use */
-           p = buf + (XSTRLEN(buf));
+                }
+                p++;
+                *p = '\0';
+                write_zero = 1;
+            }
+            else {
+                if (i != 0) {
+                    *p++ = ':';
+                }
+                (void)XSNPRINTF(p, max_ipv6_len - (size_t)(p - buf), "%x", val);
+            }
+            /* sanity check */
+            if (XSTRLEN(buf) > max_ipv6_len) {
+                WOLFSSL_MSG("The target ip address exceeds buffer length(40)");
+                XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                buf = NULL;
+                break;
+            }
+            /* move the pointer to the last */
+            /* XSTRLEN includes NULL because of XSPRINTF use */
+            p = buf + (XSTRLEN(buf));
         }
         /* termination */
-        if(i == 16 && buf) {
+        if (i == 16 && buf) {
             p--;
             if ((*p) == ':') {
-            /* when the last character is :, the following segments are zero
-             * Therefore, adding : and null termination
-             */
-                 p++;
-                 *p++ = ':';
+                /* when the last character is :, the following segments are zero
+                 * Therefore, adding : and null termination */
+                p++;
+                *p++ = ':';
                 *p = '\0';
             }
         }
@@ -9057,7 +9832,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
     }
 
     if (buf) {
-         /* set address to ip asc */
+        /* set address to ip asc */
         ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, buf);
         XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
@@ -9084,12 +9859,12 @@ int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime)
     return wolfSSL_X509_cmp_time(asnTime, NULL);
 }
 
-/* return -1 if asnTime is earlier than or equal to cmpTime, and 1 otherwise
+/* return WOLFSSL_FATAL_ERROR if asnTime is earlier than or equal to cmpTime, and 1 otherwise
  * return 0 on error
  */
 int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     time_t tmpTime, *pTime = &tmpTime;
     struct tm ts, *tmpTs, *ct;
 #if defined(NEED_TMP_TIME)
@@ -9336,6 +10111,110 @@ int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj
     return WOLFSSL_SUCCESS;
 }
 
+/**
+ * Serialize object to DER encoding
+ *
+ * @param alg Object to serialize
+ * @param pp  Output
+ * @return Length on success
+ *         Negative number on failure
+ */
+int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* alg,
+        unsigned char** pp)
+{
+    int len;
+    word32 oid = 0;
+    word32 idx = 0;
+    unsigned char* buf = NULL;
+
+    if (alg == NULL || alg->algorithm == 0) {
+        WOLFSSL_MSG("alg is NULL or algorithm not set");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (GetObjectId(alg->algorithm->obj, &idx, &oid,
+            (word32)alg->algorithm->grp, alg->algorithm->objSz) < 0) {
+        WOLFSSL_MSG("Issue getting OID of object");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    len = (int)SetAlgoID((int)oid, NULL, alg->algorithm->grp, 0);
+    if (len == 0) {
+        WOLFSSL_MSG("SetAlgoID error");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (pp != NULL) {
+        if (*pp != NULL)
+            buf = *pp;
+        else {
+            buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
+            if (buf == NULL)
+                return WOLFSSL_FATAL_ERROR;
+        }
+
+        len = (int)SetAlgoID((int)oid, buf, alg->algorithm->grp, 0);
+        if (len == 0) {
+            WOLFSSL_MSG("SetAlgoID error");
+            if (*pp == NULL)
+                XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
+            return WOLFSSL_FATAL_ERROR;
+        }
+
+        if (*pp != NULL)
+            *pp += len;
+        else
+            *pp = buf;
+    }
+
+    return len;
+}
+
+WOLFSSL_X509_ALGOR* wolfSSL_d2i_X509_ALGOR(WOLFSSL_X509_ALGOR** out,
+        const byte** src, long len)
+{
+    WOLFSSL_X509_ALGOR* ret = NULL;
+    word32 idx = 0;
+    word32 oid = 0;
+    int grp;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_X509_ALGOR");
+
+    if (src == NULL || *src == NULL || len == 0)
+        return NULL;
+
+    if (GetAlgoId(*src, &idx, &oid, oidIgnoreType, (word32)len) != 0)
+        return NULL;
+
+    /* Try to guess the type */
+    for (grp = 0; grp < oidIgnoreType; grp++) {
+        word32 oidSz;
+        if (OidFromId(oid, (word32)grp, &oidSz) != NULL)
+            break;
+    }
+    if (grp == oidIgnoreType)
+        return NULL;
+
+    ret = wolfSSL_X509_ALGOR_new();
+    if (ret == NULL)
+        return NULL;
+
+    ret->algorithm = wolfSSL_OBJ_nid2obj(oid2nid(oid, grp));
+    if (ret->algorithm == NULL) {
+        wolfSSL_X509_ALGOR_free(ret);
+        return NULL;
+    }
+    *src += idx;
+
+    if (out != NULL) {
+        if (*out != NULL)
+            wolfSSL_X509_ALGOR_free(*out);
+        *out = ret;
+    }
+
+    return ret;
+}
+
 /**
  * Allocate a new WOLFSSL_X509_PUBKEY object.
  *
@@ -9557,6 +10436,17 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
 
 #endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || WOLFSSL_WPAS */
 
+#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_PWDBASED)
+
+int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der)
+{
+    if (x509_PubKey == NULL)
+        return WOLFSSL_FATAL_ERROR;
+    return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der);
+}
+
+#endif /* !NO_CERTS && !NO_ASN && !NO_PWDBASED */
+
 #endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@@ -9731,7 +10621,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     static int CopyX509NameToCert(WOLFSSL_X509_NAME* n, byte* out)
     {
         unsigned char* der = NULL;
-        int length = BAD_FUNC_ARG, ret;
+        int length = WC_NO_ERR_TRACE(BAD_FUNC_ARG), ret;
         word32 idx = 0;
 
         ret = wolfSSL_i2d_X509_NAME(n, &der);
@@ -9749,8 +10639,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
             XMEMCPY(out, der + idx, length);
         }
 
-        if (der != NULL)
-            XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
+        XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
 
         return length;
     }
@@ -9799,7 +10688,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
         #if defined(OPENSSL_ALL)
             idx = wolfSSL_X509_REQ_get_attr_by_NID(req,
                     NID_pkcs9_unstructuredName, -1);
-            if (idx != WOLFSSL_FATAL_ERROR) {
+            if (idx != WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
                 WOLFSSL_X509_ATTRIBUTE *attr;
                 attr = wolfSSL_X509_REQ_get_attr(req, idx);
                 if (attr != NULL) {
@@ -10083,7 +10972,9 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
         int sigType = WOLFSSL_FAILURE;
 
         /* Convert key type and hash algorithm to a signature algorithm */
-        if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL) == WOLFSSL_FAILURE) {
+        if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL)
+            == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             return WOLFSSL_FAILURE;
         }
 
@@ -10178,7 +11069,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     static int wolfssl_x509_make_der(WOLFSSL_X509* x509, int req,
             unsigned char* der, int* derSz, int includeSig)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
         int totalLen;
         Cert* cert = NULL;
         void* key = NULL;
@@ -10622,7 +11513,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
         WOLFSSL_ENTER("wolfSSL_X509_resign_cert");
 
         sigType = wolfSSL_sigTypeFromPKEY(md, pkey);
-        if (sigType == WOLFSSL_FAILURE) {
+        if (sigType == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
             WOLFSSL_MSG("Error getting signature type from pkey");
             return WOLFSSL_FATAL_ERROR;
         }
@@ -10752,8 +11643,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
         }
 
     out:
-        if (der)
-            XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
         return ret;
     }
@@ -10809,7 +11699,7 @@ static int ConvertNIDToWolfSSL(int nid)
         case NID_favouriteDrink: return ASN_FAVOURITE_DRINK;
         default:
             WOLFSSL_MSG("Attribute NID not found");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
     }
 }
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA ||
@@ -11113,7 +12003,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
         InitDecodedCert(cert, *in, (word32)length, NULL);
 
         /* Parse the X509 subject name */
-        if (GetName(cert, SUBJECT, (int)length) != 0) {
+        if (GetName(cert, ASN_SUBJECT, (int)length) != 0) {
             WOLFSSL_MSG("WOLFSSL_X509_NAME parse error");
             goto cleanup;
         }
@@ -11276,6 +12166,63 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
     }
 
 
+#if defined(WOLFSSL_ACERT)
+    WOLFSSL_X509_ACERT *wolfSSL_PEM_read_bio_X509_ACERT(WOLFSSL_BIO *bp,
+                                                        WOLFSSL_X509_ACERT **x,
+                                                        wc_pem_password_cb *cb,
+                                                        void *u)
+    {
+        WOLFSSL_X509_ACERT* x509 = NULL;
+#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
+        unsigned char * pem = NULL;
+        int             pemSz;
+
+        WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509_ACERT");
+
+        if (bp == NULL) {
+            WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509_ACERT", BAD_FUNC_ARG);
+            return NULL;
+        }
+
+        if ((pemSz = wolfSSL_BIO_get_len(bp)) <= 0) {
+            /* No certificate in buffer */
+            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
+            return NULL;
+        }
+
+        pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
+
+        if (pem == NULL) {
+            return NULL;
+        }
+
+        XMEMSET(pem, 0, pemSz);
+
+        if (wolfSSL_BIO_read(bp, pem, pemSz) != pemSz) {
+            XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+            return NULL;
+        }
+
+        x509 = wolfSSL_X509_ACERT_load_certificate_buffer(pem, pemSz,
+                                                          WOLFSSL_FILETYPE_PEM);
+
+        if (x != NULL) {
+            *x = x509;
+        }
+
+        XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+
+#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
+        (void)bp;
+        (void)x;
+        (void)cb;
+        (void)u;
+
+        return x509;
+
+    }
+#endif /* WOLFSSL_ACERT */
+
     WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
                                             wc_pem_password_cb *cb, void *u)
     {
@@ -11382,9 +12329,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
         }
 
 err:
-        if(pem != NULL) {
-            XFREE(pem, 0, DYNAMIC_TYPE_PEM);
-        }
+        XFREE(pem, 0, DYNAMIC_TYPE_PEM);
         if(der != NULL) {
             FreeDer(&der);
         }
@@ -11481,8 +12426,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
         return newx509;
 
     err_exit:
-        if (pem != NULL)
-            XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+        XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
         if (der != NULL)
             FreeDer(&der);
 
@@ -11747,8 +12691,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
     #endif
         return WOLFSSL_SUCCESS;
 err:
-        if (pem)
-            XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+        XFREE(pem, 0, DYNAMIC_TYPE_PEM);
     #ifdef HAVE_CRL
         if (der)
             FreeDer(&der);
@@ -11838,8 +12781,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
                         ret = MEMORY_E;
                         break;
                     }
-                    if (wolfSSL_sk_X509_INFO_push(localSk, current) !=
-                            WOLFSSL_SUCCESS) {
+                    if (wolfSSL_sk_X509_INFO_push(localSk, current) <= 0) {
                         wolfSSL_X509_INFO_free(current);
                         current = NULL;
                         ret = WOLFSSL_FAILURE;
@@ -12216,8 +13158,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
             if (name->entries == NULL) {
                 name->entries = wolfSSL_sk_X509_NAME_new(NULL);
             }
-            if (wolfSSL_sk_X509_NAME_ENTRY_push(name->entries, current
-                                                         ) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_NAME_ENTRY_push(name->entries, current) <= 0) {
                 ret = WOLFSSL_FAILURE;
             }
         #endif
@@ -12245,7 +13186,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
                                            const unsigned char *bytes, int len,
                                            int loc, int set)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
         int nid;
         WOLFSSL_X509_NAME_ENTRY* entry;
 
@@ -12315,7 +13256,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
                                            int idx) {
         if (!name || idx >= MAX_NAME_ENTRIES ||
                 !obj || !obj->obj) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         if (idx < 0) {
@@ -12332,7 +13273,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
                 }
             }
         }
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -12549,8 +13490,7 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
     return WOLFSSL_SUCCESS;
 
 error:
-    if (pem)
-        XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return WOLFSSL_FAILURE;
 }
 #endif /* WOLFSSL_CERT_GEN */
@@ -12669,7 +13609,7 @@ int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk,
             return i;
         }
     }
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* Name Entry */
@@ -12849,7 +13789,7 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
 
     for (i = 0; i < num; i++) {
         name = wolfSSL_X509_NAME_dup(wolfSSL_sk_X509_NAME_value(sk, i));
-        if (name == NULL || WOLFSSL_SUCCESS != wolfSSL_sk_X509_NAME_push(copy, name)) {
+        if (name == NULL || wolfSSL_sk_X509_NAME_push(copy, name) <= 0) {
             WOLFSSL_MSG("Memory error");
             wolfSSL_sk_X509_NAME_pop_free(copy, wolfSSL_X509_NAME_free);
             wolfSSL_X509_NAME_free(name);
@@ -13247,6 +14187,28 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj)
         XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
     }
 }
+
+WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject(
+        WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *sk,
+        WOLFSSL_X509_LOOKUP_TYPE type,
+        WOLFSSL_X509_NAME *name)
+{
+    int i;
+
+    WOLFSSL_ENTER("wolfSSL_X509_OBJECT_retrieve_by_subject");
+
+    if (sk == NULL || name == NULL)
+        return NULL;
+
+    for (i = 0; i < wolfSSL_sk_X509_OBJECT_num(sk); i++) {
+        WOLFSSL_X509_OBJECT* obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(sk, i);
+        if (obj != NULL && obj->type == type &&
+            wolfSSL_X509_NAME_cmp(
+                wolfSSL_X509_get_subject_name(obj->data.x509), name) == 0)
+            return obj;
+    }
+    return NULL;
+}
 #endif /* OPENSSL_ALL */
 
 #ifndef NO_WOLFSSL_STUB
@@ -13287,7 +14249,7 @@ int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
     WOLFSSL_ENTER("wolfSSL_sk_X509_num");
 
     if (s == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return (int)s->num;
 }
 
@@ -13384,11 +14346,15 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
         return WOLFSSL_FAILURE;
     }
 
-    if (flags == WOLFSSL_NO_WILDCARDS) {
+    if (flags & WOLFSSL_NO_WILDCARDS) {
         WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented");
         return WOLFSSL_FAILURE;
     }
-    if (flags == WOLFSSL_NO_PARTIAL_WILDCARDS) {
+    if (flags & WOLFSSL_NO_PARTIAL_WILDCARDS) {
+        WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented");
+        return WOLFSSL_FAILURE;
+    }
+    if (flags & WOLFSSL_MULTI_LABEL_WILDCARDS) {
         WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented");
         return WOLFSSL_FAILURE;
     }
@@ -13415,7 +14381,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
     else {
         for (i = 0; i < (chklen > 1 ? chklen - 1 : chklen); i++) {
             if (chk[i] == '\0') {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 goto out;
             }
         }
@@ -13442,7 +14408,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
 int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
         unsigned int flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert *dCert = NULL;
 #else
@@ -13491,8 +14457,7 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (dCert != NULL)
-        XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT);
+    XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT);
 #endif
 
     return ret;
@@ -14097,7 +15062,7 @@ int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v)
 
 #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && WOLFSSL_CERT_GEN */
 
-#if defined(OPENSSL_ALL) && \
+#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) &&           \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
 
 void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
@@ -14158,7 +15123,7 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
 int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out)
 {
     int derSz = 0;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_BIO* bio = NULL;
     WOLFSSL_ENTER("wolfSSL_i2d_X509_REQ");
 
@@ -14270,7 +15235,7 @@ int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
 static int regenX509REQDerBuffer(WOLFSSL_X509* x509)
 {
     int derSz = X509_BUFFER_SZ;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifdef WOLFSSL_SMALL_STACK
     byte* der;
     der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -14467,11 +15432,14 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
                 req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR;
             }
         }
-        ret = wolfSSL_sk_push(req->reqAttributes, attr);
-        if ((ret != WOLFSSL_SUCCESS) || (req->reqAttributes->type == STACK_TYPE_CIPHER)) {
-            /* CIPHER type makes a copy */
-            wolfSSL_X509_ATTRIBUTE_free(attr);
+        if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR) {
+            ret = wolfSSL_sk_push(req->reqAttributes, attr) > 0
+                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         }
+        else
+            ret = WOLFSSL_FAILURE;
+        if (ret != WOLFSSL_SUCCESS)
+            wolfSSL_X509_ATTRIBUTE_free(attr);
     }
 
     return ret;
diff --git a/src/x509_str.c b/src/x509_str.c
index f5c5c2ae1d..9b90c4b72c 100644
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -1,6 +1,6 @@
 /* x509_str.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -76,10 +76,8 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
 #endif
 
 #ifdef OPENSSL_EXTRA
-        if (ctx->param != NULL) {
-            XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
-            ctx->param = NULL;
-        }
+        XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
+        ctx->param = NULL;
 #endif
 
         XFREE(ctx, ctx->heap, DYNAMIC_TYPE_X509_CTX);
@@ -186,10 +184,8 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
 {
     if (ctx != NULL) {
 
-        if (ctx->param != NULL) {
-            XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
-            ctx->param = NULL;
-        }
+        XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
+        ctx->param = NULL;
 
         wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
     }
@@ -225,6 +221,10 @@ int GetX509Error(int e)
         case WC_NO_ERR_TRACE(ASN_SIG_HASH_E):
         case WC_NO_ERR_TRACE(ASN_SIG_KEY_E):
             return WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE;
+        /* We can't disambiguate if its the before or after date that caused
+         * the error. Assume expired. */
+        case WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR):
+            return X509_V_ERR_CRL_HAS_EXPIRED;
         case WC_NO_ERR_TRACE(CRL_CERT_REVOKED):
             return WOLFSSL_X509_V_ERR_CERT_REVOKED;
         case WC_NO_ERR_TRACE(CRL_MISSING):
@@ -269,6 +269,10 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
                 ctx->current_cert->derCert->length,
                 WOLFSSL_FILETYPE_ASN1);
         SetupStoreCtxError(ctx, ret);
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+        if (ctx->store && ctx->store->verify_cb)
+            ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : ret;
+    #endif
 
     #ifndef NO_ASN_TIME
         if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) &&
@@ -281,22 +285,22 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
             byte *beforeDate = ctx->current_cert->notBefore.data;
 
             if (XVALIDATE_DATE(afterDate,
-                        (byte)ctx->current_cert->notAfter.type, AFTER) < 1) {
+                    (byte)ctx->current_cert->notAfter.type, ASN_AFTER) < 1) {
                 ret = ASN_AFTER_DATE_E;
             }
             else if (XVALIDATE_DATE(beforeDate,
-                        (byte)ctx->current_cert->notBefore.type, BEFORE) < 1) {
+                    (byte)ctx->current_cert->notBefore.type, ASN_BEFORE) < 1) {
                 ret = ASN_BEFORE_DATE_E;
             }
             SetupStoreCtxError(ctx, ret);
+        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+            if (ctx->store && ctx->store->verify_cb)
+                ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0,
+                                            ctx) == 1 ? 0 : -1;
+        #endif
         }
     #endif
 
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-        if (ctx->store && ctx->store->verify_cb)
-            ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : -1;
-    #endif
-
         return ret >= 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
     }
     return WOLFSSL_FATAL_ERROR;
@@ -541,7 +545,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
                      * signed and that a issuer was found */
                     if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer,
                                 &x509->subject) != 0) {
-                        if (wolfSSL_sk_X509_push(sk, issuer) != WOLFSSL_SUCCESS) {
+                        if (wolfSSL_sk_X509_push(sk, issuer) <= 0) {
                             WOLFSSL_MSG("Unable to load CA x509 into stack");
                             error = 1;
                         }
@@ -573,7 +577,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
                 break;
             }
 
-            if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_push(sk, x509) <= 0) {
                 WOLFSSL_MSG("Unable to load x509 into stack");
                 wolfSSL_X509_free(x509);
                 error = 1;
@@ -692,13 +696,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
             if (certToFilterName != NULL) {
                 if (wolfSSL_X509_NAME_cmp(certToFilterName, name) == 0) {
                     filteredCert = wolfSSL_X509_dup(certToFilter->data.x509);
-                    if (filteredCert == NULL) {
+                    if (filteredCert == NULL ||
+                            wolfSSL_sk_X509_push(filteredCerts, filteredCert)
+                                <= 0) {
                         err = 1;
+                        wolfSSL_X509_free(filteredCert);
                         break;
                     }
-                    else {
-                        wolfSSL_sk_X509_push(filteredCerts, filteredCert);
-                    }
                 }
             }
             certToFilter = certToFilter->next;
@@ -851,10 +855,8 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
             }
 #endif
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
-            if (store->param != NULL) {
-                XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL);
-                store->param = NULL;
-            }
+            XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL);
+            store->param = NULL;
 
             if (store->lookup.dirs != NULL) {
 #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
@@ -1009,7 +1011,7 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
 
 int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
 {
-    int result = WOLFSSL_FATAL_ERROR;
+    int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
 
     WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
     if (store != NULL && store->cm != NULL && x509 != NULL
@@ -1254,7 +1256,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
 
         if (CopyDecodedToX509(x509, dCert) == 0) {
 
-            if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_push(sk, x509) <= 0) {
                 WOLFSSL_MSG("Unable to load x509 into stack");
                 wolfSSL_X509_free(x509);
                 goto error;
@@ -1333,7 +1335,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
             WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
             goto err_cleanup;
         }
-        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error");
             wolfSSL_X509_OBJECT_free(obj);
             goto err_cleanup;
@@ -1351,7 +1353,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
             WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
             goto err_cleanup;
         }
-        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error");
             wolfSSL_X509_OBJECT_free(obj);
             goto err_cleanup;
@@ -1385,6 +1387,16 @@ WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(
         return NULL;
     return ctx->param;
 }
+
+#ifdef OPENSSL_EXTRA
+int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx,
+        WOLFSSL_X509_VERIFY_PARAM *param)
+{
+    if (ctx == NULL)
+        return WOLFSSL_FAILURE;
+    return wolfSSL_X509_VERIFY_PARAM_set1(ctx->param, param);
+}
+#endif
 #endif
 
 /*******************************************************************************
diff --git a/sslSniffer/sslSnifferTest/README_WIN.md b/sslSniffer/sslSnifferTest/README_WIN.md
index 4215ff7e73..a58bf96e21 100644
--- a/sslSniffer/sslSnifferTest/README_WIN.md
+++ b/sslSniffer/sslSnifferTest/README_WIN.md
@@ -27,4 +27,4 @@
 
 
 
-For details on usage, see [sniffer README.md](../README.md#command-line-options) for more details. 
+For details on usage, see [sniffer README.md](../README.md#command-line-options) for more details.
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 64053ec9e4..0cfb388597 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -1,6 +1,6 @@
 /* snifftest.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -677,10 +677,8 @@ static void ssl_Free_SnifferWorker(SnifferWorker* worker)
 {
     wm_SemFree(&worker->sem);
 
-    if (worker->head) {
-        XFREE(worker->head, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        worker->head = NULL;
-    }
+    XFREE(worker->head, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    worker->head = NULL;
 }
 
 static int SnifferWorkerPacketAdd(SnifferWorker* worker, int lastRet,
diff --git a/support/gen-debug-trace-error-codes.sh b/support/gen-debug-trace-error-codes.sh
index 1aba489d9e..0b181ae38e 100755
--- a/support/gen-debug-trace-error-codes.sh
+++ b/support/gen-debug-trace-error-codes.sh
@@ -12,10 +12,18 @@ BEGIN {
     print("#undef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-untrace-error-codes.h";
 }
 {
-    if (match($0, "^[[:space:]]+([A-Z][A-Z0-9_]+)[[:space:]]*=[[:space:]]*(-[0-9]+)[,[:space:]]", errcode_a)) {
+    if (match($0, "^[[:space:]]+([A-Z][A-Z0-9_]+)[[:space:]]*=[[:space:]]*(-[0-9]+)([,[:space:]]|$)")) {
+
+        # for mawkward compatibility -- gawk allows errcode_a as the 3rd arg to match().
+        gsub("^[[:space:]]+", "", $0);
+        split($0, errcode_a, "[[:space:]=,]+");
+
         if ((errcode_a[1] == "MIN_CODE_E") ||
+            (errcode_a[1] == "MAX_CODE_E") ||
+            (errcode_a[1] == "WC_FIRST_E") ||
             (errcode_a[1] == "WC_LAST_E") ||
-            (errcode_a[1] == "MAX_CODE_E"))
+            (errcode_a[1] == "WOLFSSL_FIRST_E") ||
+            (errcode_a[1] == "WOLFSSL_LAST_E"))
         {
             next;
         }
diff --git a/tests/api.c b/tests/api.c
index 31848af78f..4b94fac245 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -1,6 +1,6 @@
 /* api.c API unit tests
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,107 +36,17 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
 
-#ifndef FOURK_BUF
-    #define FOURK_BUF 4096
-#endif
-#ifndef TWOK_BUF
-    #define TWOK_BUF 2048
-#endif
-#ifndef ONEK_BUF
-    #define ONEK_BUF 1024
-#endif
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/hash.h>
+
 #if defined(WOLFSSL_STATIC_MEMORY)
     #include <wolfssl/wolfcrypt/memory.h>
-
-#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY)
-    #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
-         defined(SESSION_CERTS)
-        #ifdef OPENSSL_EXTRA
-            #define TEST_TLS_STATIC_MEMSZ (400000)
-        #else
-            #define TEST_TLS_STATIC_MEMSZ (320000)
-        #endif
-    #else
-            #define TEST_TLS_STATIC_MEMSZ (80000)
-    #endif
 #endif
-
-#endif /* WOLFSSL_STATIC_MEMORY */
-#ifndef HEAP_HINT
-    #define HEAP_HINT NULL
-#endif /* WOLFSSL_STAIC_MEMORY */
 #ifdef WOLFSSL_ASNC_CRYPT
     #include <wolfssl/wolfcrypt/async.h>
 #endif
 #ifdef HAVE_ECC
     #include <wolfssl/wolfcrypt/ecc.h>   /* wc_ecc_fp_free */
-    #ifndef ECC_ASN963_MAX_BUF_SZ
-        #define ECC_ASN963_MAX_BUF_SZ 133
-    #endif
-    #ifndef ECC_PRIV_KEY_BUF
-        #define ECC_PRIV_KEY_BUF 66  /* For non user defined curves. */
-    #endif
-    /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */
-    /* logic to choose right key ECC size */
-    #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
-        #define KEY14 14
-    #else
-        #define KEY14 32
-    #endif
-    #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
-        #define KEY16 16
-    #else
-        #define KEY16 32
-    #endif
-    #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
-        #define KEY20 20
-    #else
-        #define KEY20 32
-    #endif
-    #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
-        #define KEY24 24
-    #else
-        #define KEY24 32
-    #endif
-    #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
-        #define KEY28 28
-    #else
-        #define KEY28 32
-    #endif
-    #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
-        #define KEY30 30
-    #else
-        #define KEY30 32
-    #endif
-    #define KEY32 32
-    #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
-        #define KEY40 40
-    #else
-        #define KEY40 32
-    #endif
-    #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
-        #define KEY48 48
-    #else
-        #define KEY48 32
-    #endif
-    #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
-        #define KEY64 64
-    #else
-        #define KEY64 32
-    #endif
-
-    #if !defined(HAVE_COMP_KEY)
-        #if !defined(NOCOMP)
-            #define NOCOMP 0
-        #endif
-    #else
-        #if !defined(COMP)
-            #define COMP 1
-        #endif
-    #endif
-    #if !defined(DER_SZ)
-        #define DER_SZ(ks) ((ks) * 2 + 1)
-    #endif
     #ifdef WOLFSSL_SM2
         #include <wolfssl/wolfcrypt/sm2.h>
     #endif
@@ -144,14 +54,17 @@
 #ifndef NO_ASN
     #include <wolfssl/wolfcrypt/asn_public.h>
 #endif
-#include <wolfssl/error-ssl.h>
 
 #include <stdlib.h>
 #include <wolfssl/ssl.h>  /* compatibility layer */
+#include <wolfssl/error-ssl.h>
+
 #include <wolfssl/test.h>
 #include <tests/unit.h>
+#include <tests/utils.h>
+
+/* for testing compatibility layer callbacks */
 #include "examples/server/server.h"
-     /* for testing compatibility layer callbacks */
 
 #ifndef NO_MD5
     #include <wolfssl/wolfcrypt/md5.h>
@@ -168,18 +81,12 @@
 #ifdef WOLFSSL_SHA384
     #include <wolfssl/wolfcrypt/sha512.h>
 #endif
-
 #ifdef WOLFSSL_SHA3
     #include <wolfssl/wolfcrypt/sha3.h>
-    #ifndef HEAP_HINT
-        #define HEAP_HINT   NULL
-    #endif
 #endif
-
 #ifdef WOLFSSL_SM3
     #include <wolfssl/wolfcrypt/sm3.h>
 #endif
-
 #ifndef NO_AES
     #include <wolfssl/wolfcrypt/aes.h>
     #ifdef HAVE_AES_DECRYPT
@@ -228,19 +135,14 @@
     #include <wolfssl/wolfcrypt/blake2.h>
 #endif
 
-#include <wolfssl/wolfcrypt/hash.h>
 #ifndef NO_RSA
     #include <wolfssl/wolfcrypt/rsa.h>
-
-    #define FOURK_BUF 4096
-    #define GEN_BUF  294
 #endif
 
 #ifndef NO_SIG_WRAPPER
     #include <wolfssl/wolfcrypt/signature.h>
 #endif
 
-
 #ifdef HAVE_AESCCM
     #include <wolfssl/wolfcrypt/aes.h>
 #endif
@@ -249,7 +151,7 @@
     #include <wolfssl/wolfcrypt/pkcs7.h>
     #include <wolfssl/wolfcrypt/asn.h>
     #ifdef HAVE_LIBZ
-    #include <wolfssl/wolfcrypt/compress.h>
+        #include <wolfssl/wolfcrypt/compress.h>
     #endif
 #endif
 
@@ -259,21 +161,6 @@
 
 #ifndef NO_DSA
     #include <wolfssl/wolfcrypt/dsa.h>
-    #ifndef ONEK_BUF
-        #define ONEK_BUF 1024
-    #endif
-    #ifndef TWOK_BUF
-        #define TWOK_BUF 2048
-    #endif
-    #ifndef FOURK_BUF
-        #define FOURK_BUF 4096
-    #endif
-    #ifndef DSA_SIG_SIZE
-        #define DSA_SIG_SIZE 40
-    #endif
-    #ifndef MAX_DSA_PARAM_SIZE
-        #define MAX_DSA_PARAM_SIZE 256
-    #endif
 #endif
 
 #ifdef WOLFSSL_CMAC
@@ -307,9 +194,8 @@
     #include <wolfssl/wolfcrypt/pkcs12.h>
 #endif
 
-#include <wolfssl/wolfcrypt/logging.h>
-
-#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL))
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(OPENSSL_ALL)
     #include <wolfssl/openssl/ssl.h>
     #ifndef NO_ASN
         /* for ASN_COMMON_NAME DN_tags enum */
@@ -372,8 +258,8 @@
 #endif
 #endif /* OPENSSL_EXTRA */
 
-#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
-    && !defined(NO_SHA256) && !defined(RC_NO_RNG)
+#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \
+    !defined(NO_SHA256) && !defined(RC_NO_RNG)
         #include <wolfssl/wolfcrypt/srp.h>
 #endif
 
@@ -386,7 +272,7 @@
     /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
      * for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence
      * number tracking */
-#include "wolfssl/internal.h"
+    #include "wolfssl/internal.h"
 #endif
 
 /* force enable test buffers */
@@ -398,8 +284,6 @@
 #endif
 #include <wolfssl/certs_test.h>
 
-#include "tests/utils.h"
-
 /* include misc.c here regardless of NO_INLINE, because misc.c implementations
  * have default (hidden) visibility, and in the absence of visibility, it's
  * benign to mask out the library implementation.
@@ -407,12 +291,144 @@
 #define WOLFSSL_MISC_INCLUDED
 #include <wolfcrypt/src/misc.c>
 
+
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+    !defined(NO_RSA)        && !defined(SINGLE_THREADED) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
+    #define HAVE_IO_TESTS_DEPENDENCIES
+#endif
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(WOLFSSL_TIRTOS)
+    #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
+#endif
+
+#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
+    !defined(WOLFSSL_NO_CLIENT_AUTH))
+    #define HAVE_CERT_CHAIN_VALIDATION
+#endif
+
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
     #define wc_ecc_key_get_priv(key) (&((key)->k))
     #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
 #endif
 
+#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY)
+    #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || defined(SESSION_CERTS)
+        #ifdef OPENSSL_EXTRA
+            #define TEST_TLS_STATIC_MEMSZ (400000)
+        #else
+            #define TEST_TLS_STATIC_MEMSZ (320000)
+        #endif
+    #else
+            #define TEST_TLS_STATIC_MEMSZ (80000)
+    #endif
+#endif
+
+#ifdef HAVE_ECC
+    #ifndef ECC_ASN963_MAX_BUF_SZ
+        #define ECC_ASN963_MAX_BUF_SZ 133
+    #endif
+    #ifndef ECC_PRIV_KEY_BUF
+        #define ECC_PRIV_KEY_BUF 66  /* For non user defined curves. */
+    #endif
+    /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */
+    /* logic to choose right key ECC size */
+    #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
+        #define KEY14 14
+    #else
+        #define KEY14 32
+    #endif
+    #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
+        #define KEY16 16
+    #else
+        #define KEY16 32
+    #endif
+    #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
+        #define KEY20 20
+    #else
+        #define KEY20 32
+    #endif
+    #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
+        #define KEY24 24
+    #else
+        #define KEY24 32
+    #endif
+    #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
+        #define KEY28 28
+    #else
+        #define KEY28 32
+    #endif
+    #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
+        #define KEY30 30
+    #else
+        #define KEY30 32
+    #endif
+    #define KEY32 32
+    #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
+        #define KEY40 40
+    #else
+        #define KEY40 32
+    #endif
+    #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
+        #define KEY48 48
+    #else
+        #define KEY48 32
+    #endif
+    #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
+        #define KEY64 64
+    #else
+        #define KEY64 32
+    #endif
+
+    #if !defined(HAVE_COMP_KEY)
+        #if !defined(NOCOMP)
+            #define NOCOMP 0
+        #endif
+    #else
+        #if !defined(COMP)
+            #define COMP 1
+        #endif
+    #endif
+    #if !defined(DER_SZ)
+        #define DER_SZ(ks) ((ks) * 2 + 1)
+    #endif
+#endif /* HAVE_ECC */
+
+#ifndef NO_DSA
+    #ifndef DSA_SIG_SIZE
+        #define DSA_SIG_SIZE 40
+    #endif
+    #ifndef MAX_DSA_PARAM_SIZE
+        #define MAX_DSA_PARAM_SIZE 256
+    #endif
+#endif
+
+#ifndef NO_RSA
+    #define GEN_BUF  294
+#endif
+
+#ifndef ONEK_BUF
+    #define ONEK_BUF 1024
+#endif
+#ifndef TWOK_BUF
+    #define TWOK_BUF 2048
+#endif
+#ifndef FOURK_BUF
+    #define FOURK_BUF 4096
+#endif
+
+#ifndef HEAP_HINT
+    #define HEAP_HINT NULL
+#endif
+
+
+
+
 typedef struct testVector {
     const char* input;
     const char* output;
@@ -516,15 +532,6 @@ int tmpDirNameSet = 0;
  | Constants
  *----------------------------------------------------------------------------*/
 
-/* Test result constants and macros. */
-
-/* Test succeeded. */
-#define TEST_SUCCESS    (1)
-/* Test failed. */
-#define TEST_FAIL       (0)
-/* Test skipped - not run. */
-#define TEST_SKIPPED    (-7777)
-
 /* Returns the result based on whether check is true.
  *
  * @param [in] check  Condition for success.
@@ -549,13 +556,16 @@ int tmpDirNameSet = 0;
 #define TEST_STRING    "Everyone gets Friday off."
 #define TEST_STRING_SZ 25
 
+#ifndef NO_RSA
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
 #define TEST_RSA_BITS 1024
 #else
 #define TEST_RSA_BITS 2048
 #endif
 #define TEST_RSA_BYTES (TEST_RSA_BITS/8)
+#endif /* !NO_RSA */
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
     (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
@@ -580,16 +590,247 @@ static int testDevId = WOLFSSL_CAAM_DEVID;
 static int testDevId = INVALID_DEVID;
 #endif
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
-    !defined(NO_RSA)        && !defined(SINGLE_THREADED) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
     !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
-#define HAVE_IO_TESTS_DEPENDENCIES
+
+/* This set of memio functions allows for more fine tuned control of the TLS
+ * connection operations. For new tests, try to use ssl_memio first. */
+
+/* To dump the memory in gdb use
+ *   dump memory client.bin test_ctx.c_buff test_ctx.c_buff+test_ctx.c_len
+ *   dump memory server.bin test_ctx.s_buff test_ctx.s_buff+test_ctx.s_len
+ * This can be imported into Wireshark by transforming the file with
+ *   od -Ax -tx1 -v client.bin > client.bin.hex
+ *   od -Ax -tx1 -v server.bin > server.bin.hex
+ * And then loading test_output.dump.hex into Wireshark using the
+ * "Import from Hex Dump..." option ion and selecting the TCP
+ * encapsulation option.
+ */
+
+#define HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES
+
+static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz,
+    void *ctx)
+{
+    struct test_memio_ctx *test_ctx;
+    byte *buf;
+    int *len;
+
+    test_ctx = (struct test_memio_ctx*)ctx;
+
+    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
+        buf = test_ctx->c_buff;
+        len = &test_ctx->c_len;
+    }
+    else {
+        buf = test_ctx->s_buff;
+        len = &test_ctx->s_len;
+    }
+
+    if ((unsigned)(*len + sz) > TEST_MEMIO_BUF_SZ)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
+
+#ifdef WOLFSSL_DUMP_MEMIO_STREAM
+    {
+        char dump_file_name[64];
+        WOLFSSL_BIO *dump_file;
+        sprintf(dump_file_name, "%s/%s.dump", tmpDirName, currentTestName);
+        dump_file = wolfSSL_BIO_new_file(dump_file_name, "a");
+        if (dump_file != NULL) {
+            (void)wolfSSL_BIO_write(dump_file, data, sz);
+            wolfSSL_BIO_free(dump_file);
+        }
+    }
 #endif
+    XMEMCPY(buf + *len, data, (size_t)sz);
+    *len += sz;
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
-    !defined(WOLFSSL_TIRTOS)
-#define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
+    return sz;
+}
+
+static WC_INLINE int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz,
+    void *ctx)
+{
+    struct test_memio_ctx *test_ctx;
+    int read_sz;
+    byte *buf;
+    int *len;
+
+    test_ctx = (struct test_memio_ctx*)ctx;
+
+    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
+        buf = test_ctx->s_buff;
+        len = &test_ctx->s_len;
+    }
+    else {
+        buf = test_ctx->c_buff;
+        len = &test_ctx->c_len;
+    }
+
+    if (*len == 0)
+        return WOLFSSL_CBIO_ERR_WANT_READ;
+
+    read_sz = sz < *len ? sz : *len;
+
+    XMEMCPY(data, buf, (size_t)read_sz);
+    XMEMMOVE(buf, buf + read_sz,(size_t) (*len - read_sz));
+
+    *len -= read_sz;
+
+    return read_sz;
+}
+
+int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
+    int max_rounds, int *rounds)
+{
+    byte handshake_complete = 0, hs_c = 0, hs_s = 0;
+    int ret, err;
+
+    if (rounds != NULL)
+        *rounds = 0;
+    while (!handshake_complete && max_rounds > 0) {
+        if (!hs_c) {
+            wolfSSL_SetLoggingPrefix("client");
+            ret = wolfSSL_connect(ssl_c);
+            wolfSSL_SetLoggingPrefix(NULL);
+            if (ret == WOLFSSL_SUCCESS) {
+                hs_c = 1;
+            }
+            else {
+                err = wolfSSL_get_error(ssl_c, ret);
+                if (err != WOLFSSL_ERROR_WANT_READ &&
+                    err != WOLFSSL_ERROR_WANT_WRITE)
+                    return -1;
+            }
+        }
+        if (!hs_s) {
+            wolfSSL_SetLoggingPrefix("server");
+            ret = wolfSSL_accept(ssl_s);
+            wolfSSL_SetLoggingPrefix(NULL);
+            if (ret == WOLFSSL_SUCCESS) {
+                hs_s = 1;
+            }
+            else {
+                err = wolfSSL_get_error(ssl_s, ret);
+                if (err != WOLFSSL_ERROR_WANT_READ &&
+                    err != WOLFSSL_ERROR_WANT_WRITE)
+                    return -1;
+            }
+        }
+        handshake_complete = hs_c && hs_s;
+        max_rounds--;
+        if (rounds != NULL)
+            *rounds = *rounds + 1;
+    }
+
+    if (!handshake_complete)
+        return -1;
+
+    return 0;
+}
+
+int test_memio_setup_ex(struct test_memio_ctx *ctx,
+    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
+    method_provider method_c, method_provider method_s,
+    byte *caCert, int caCertSz, byte *serverCert, int serverCertSz,
+    byte *serverKey, int serverKeySz)
+{
+    int ret;
+    (void)caCert;
+    (void)caCertSz;
+    (void)serverCert;
+    (void)serverCertSz;
+    (void)serverKey;
+    (void)serverKeySz;
+
+    if (ctx_c != NULL && *ctx_c == NULL) {
+        *ctx_c = wolfSSL_CTX_new(method_c());
+        if (*ctx_c == NULL)
+            return -1;
+#ifndef NO_CERTS
+        if (caCert == NULL) {
+            ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
+        }
+        else {
+            ret = wolfSSL_CTX_load_verify_buffer(*ctx_c, caCert, (long)caCertSz,
+                                                 WOLFSSL_FILETYPE_ASN1);
+        }
+        if (ret != WOLFSSL_SUCCESS)
+            return -1;
+#endif /* NO_CERTS */
+        wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
+        wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
+        if (ctx->c_ciphers != NULL) {
+            ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers);
+            if (ret != WOLFSSL_SUCCESS)
+                return -1;
+        }
+    }
+
+    if (ctx_s != NULL && *ctx_s == NULL) {
+        *ctx_s = wolfSSL_CTX_new(method_s());
+        if (*ctx_s == NULL)
+            return -1;
+#ifndef NO_CERTS
+        if (serverKey == NULL) {
+            ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
+                WOLFSSL_FILETYPE_PEM);
+        }
+        else {
+            ret = wolfSSL_CTX_use_PrivateKey_buffer(*ctx_s, serverKey,
+                (long)serverKeySz, WOLFSSL_FILETYPE_ASN1);
+        }
+        if (ret != WOLFSSL_SUCCESS)
+            return- -1;
+
+        if (serverCert == NULL) {
+            ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
+                                                   WOLFSSL_FILETYPE_PEM);
+        }
+        else {
+            ret = wolfSSL_CTX_use_certificate_chain_buffer_format(*ctx_s,
+                serverCert, (long)serverCertSz, WOLFSSL_FILETYPE_ASN1);
+        }
+        if (ret != WOLFSSL_SUCCESS)
+            return -1;
+#endif /* NO_CERTS */
+        wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
+        wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
+        if (ctx->s_ciphers != NULL) {
+            ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
+            if (ret != WOLFSSL_SUCCESS)
+                return -1;
+        }
+    }
+
+    if (ctx_c != NULL && ssl_c != NULL) {
+        *ssl_c = wolfSSL_new(*ctx_c);
+        if (*ssl_c == NULL)
+            return -1;
+        wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
+        wolfSSL_SetIOReadCtx(*ssl_c, ctx);
+    }
+    if (ctx_s != NULL && ssl_s != NULL) {
+        *ssl_s = wolfSSL_new(*ctx_s);
+        if (*ssl_s == NULL)
+            return -1;
+        wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
+        wolfSSL_SetIOReadCtx(*ssl_s, ctx);
+#if !defined(NO_DH)
+        SetDH(*ssl_s);
+#endif
+    }
+
+    return 0;
+}
+
+int test_memio_setup(struct test_memio_ctx *ctx,
+    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
+    method_provider method_c, method_provider method_s)
+{
+    return test_memio_setup_ex(ctx, ctx_c, ctx_s, ssl_c, ssl_s, method_c,
+                               method_s, NULL, 0, NULL, 0, NULL, 0);
+}
 #endif
 
 /*----------------------------------------------------------------------------*
@@ -601,14 +842,14 @@ static int testDevId = INVALID_DEVID;
 static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data,
     int len)
 {
-    if ((bio == NULL) || (bio->ptr == NULL) || (data == NULL)) {
+    if ((bio == NULL) || (bio->ptr.mem_buf_data == NULL) || (data == NULL)) {
         len = 0;
     }
     else {
         if (bio->wrSz - bio->wrIdx < len) {
             len = bio->wrSz - bio->wrIdx;
         }
-        XMEMCPY((char*)bio->ptr + bio->wrIdx, data, len);
+        XMEMCPY(bio->ptr.mem_buf_data + bio->wrIdx, data, len);
         bio->wrIdx += len;
     }
 
@@ -617,14 +858,14 @@ static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data,
 
 static int wolfssl_bio_s_fixed_mem_read(WOLFSSL_BIO* bio, char* data, int len)
 {
-    if ((bio == NULL) || (bio->ptr == NULL) || (data == NULL)) {
+    if ((bio == NULL) || (bio->ptr.mem_buf_data == NULL) || (data == NULL)) {
         len = 0;
     }
     else {
         if (bio->wrSz - bio->rdIdx < len) {
             len = bio->wrSz - bio->rdIdx;
         }
-        XMEMCPY(data, (char*)bio->ptr + bio->rdIdx, len);
+        XMEMCPY(data, bio->ptr.mem_buf_data + bio->rdIdx, len);
         bio->rdIdx += len;
     }
 
@@ -711,14 +952,14 @@ static int test_wc_LoadStaticMemory_ex(void)
 
     /* Pass in zero everything. */
     ExpectIntEQ(wc_LoadStaticMemory_ex(NULL, 0, NULL, NULL, NULL, 0, 0, 0),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Set the heap pointer to NULL. */
     ExpectIntEQ(wc_LoadStaticMemory_ex(NULL,
                 WOLFMEM_DEF_BUCKETS, sizeList, distList,
                 staticMemory, (word32)sizeof(staticMemory),
                 0, 1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Set other pointer values to NULL one at a time. */
     heap = NULL;
@@ -726,19 +967,19 @@ static int test_wc_LoadStaticMemory_ex(void)
                 WOLFMEM_DEF_BUCKETS, NULL, distList,
                 staticMemory, (word32)sizeof(staticMemory),
                 0, 1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     heap = NULL;
     ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
                 WOLFMEM_DEF_BUCKETS, sizeList, NULL,
                 staticMemory, (word32)sizeof(staticMemory),
                 0, 1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     heap = NULL;
     ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
                 WOLFMEM_DEF_BUCKETS, sizeList, distList,
                 NULL, (word32)sizeof(staticMemory),
                 0, 1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Set the size of the static buffer to 0. */
     heap = NULL;
@@ -746,7 +987,7 @@ static int test_wc_LoadStaticMemory_ex(void)
                 WOLFMEM_DEF_BUCKETS, sizeList, distList,
                 staticMemory, 0,
                 0, 1),
-            BUFFER_E);
+            WC_NO_ERR_TRACE(BUFFER_E));
 
     /* Set the size of the static buffer to one less than minimum allowed. */
     heap = NULL;
@@ -755,7 +996,7 @@ static int test_wc_LoadStaticMemory_ex(void)
                 staticMemory,
                 (word32)(sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)) - 1,
                 0, 1),
-            BUFFER_E);
+            WC_NO_ERR_TRACE(BUFFER_E));
 
     /* Set the size of the static buffer to exactly the minimum size. */
     heap = NULL;
@@ -1179,8 +1420,6 @@ static int do_dual_alg_server_certgen(byte **out, char *caKeyFile,
     newCert.sigType = CTC_SHA256wRSA;
     newCert.isCA    = 0;
     ExpectIntEQ(wc_SetIssuerBuffer(&newCert, caCertBuf, caCertSz), 0);
-    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5",
-                (const byte *)"This is NOT a critical extension", 32), 0);
     ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf,
                 sapkiSz), 0);
     ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf,
@@ -1246,21 +1485,6 @@ static int do_dual_alg_tls13_connection(byte *caCert, word32 caCertSz,
     return EXPECT_RESULT();
 }
 
-static int extCount = 0;
-static int myUnknownExtCallback(const word16* oid, word32 oidSz, int crit,
-                                const unsigned char* der, word32 derSz)
-{
-   (void) oid;
-   (void) oidSz;
-   (void) crit;
-   (void) der;
-   (void) derSz;
-   extCount ++;
-   /* Accept all extensions. This is only a test. Normally we would be much more
-    * careful about critical extensions. */
-   return 1;
-}
-
 static int test_dual_alg_support(void)
 {
     EXPECT_DECLS;
@@ -1276,7 +1500,6 @@ static int test_dual_alg_support(void)
     int rootSz = 0;
     byte *server = NULL;
     int serverSz = 0;
-    WOLFSSL_CERT_MANAGER* cm = NULL;
 
     ExpectIntEQ(load_file(keyFile, &serverKey, &serverKeySz), 0);
 
@@ -1305,7 +1528,7 @@ static int test_dual_alg_support(void)
      * the alternative signature and then set negative_test to true for the
      * call to do_dual_alg_tls13_connection(). Its expecting a failed connection
      * because the signature won't verify. The exception is if
-     * WOLFSSL_TRUST_PEER_CERT is defined. In that case, no verfication happens
+     * WOLFSSL_TRUST_PEER_CERT is defined. In that case, no verification happens
      * and this is no longer a negative test. */
     if (EXPECT_SUCCESS()) {
         rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile,
@@ -1329,19 +1552,6 @@ static int test_dual_alg_support(void)
                 TEST_SUCCESS);
 #endif
 
-    /* Lets see if CertManager can find the new extensions */
-    extCount = 0;
-    ExpectNotNull(cm = wolfSSL_CertManagerNew());
-    wolfSSL_CertManagerSetUnknownExtCallback(cm, myUnknownExtCallback);
-    ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, root, rootSz,
-                SSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server, serverSz,
-                SSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
-    /* There is only 1 unknown extension (1.2.3.4.5). The other ones are known
-     * because they are for the dual alg extensions. */
-    ExpectIntEQ(extCount, 1);
-    wolfSSL_CertManagerFree(cm);
-
     XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
@@ -1731,6 +1941,39 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void)
 }
 
 
+static int test_wolfSSL_CTX_use_certificate(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
+    defined(WOLFSSL_HAPROXY)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+    WOLFSSL_CTX* ctx = NULL;
+    X509* x509 = NULL;
+
+#ifndef NO_WOLFSSL_SERVER
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+#else
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#endif
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    /* Negative tests. */
+    ExpectIntEQ(SSL_CTX_use_certificate(NULL, NULL), 0);
+    ExpectIntEQ(SSL_CTX_use_certificate(ctx, NULL), 0);
+    ExpectIntEQ(SSL_CTX_use_certificate(NULL, x509), 0);
+    /* Empty certificate */
+    ExpectIntEQ(SSL_CTX_use_certificate(ctx, x509), 0);
+
+    wolfSSL_X509_free(x509);
+    wolfSSL_CTX_free(ctx);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_CTX_use_certificate_file(void)
 {
     EXPECT_DECLS;
@@ -1773,6 +2016,16 @@ static int test_wolfSSL_CTX_use_certificate_ASN1(void)
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
+    /* Failure cases. */
+    ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, NULL                ),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, NULL                ),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, server_cert_der_2048),
+       WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, server_cert_der_2048),
+       WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
     ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
         server_cert_der_2048), WOLFSSL_SUCCESS);
 
@@ -1793,11 +2046,20 @@ static int test_wolfSSL_CTX_use_certificate_buffer(void)
 #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
         !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
     WOLFSSL_CTX* ctx = NULL;
-    int          ret;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
-    ExpectIntEQ(ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+    /* Invalid parameters. */
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, NULL, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, NULL, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, server_cert_der_2048,
+        0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx,
         server_cert_der_2048, sizeof_server_cert_der_2048,
         WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
@@ -1807,6 +2069,37 @@ static int test_wolfSSL_CTX_use_certificate_buffer(void)
 
 } /* END test_wolfSSL_CTX_use_certificate_buffer */
 
+static int test_wolfSSL_use_certificate_buffer(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
+        !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Invalid parameters. */
+    ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, NULL, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, NULL, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+    ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, client_cert_der_2048, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+
+    ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl,
+        client_cert_der_2048, sizeof_client_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_CTX_use_PrivateKey_file(void)
 {
     EXPECT_DECLS;
@@ -1837,10 +2130,162 @@ static int test_wolfSSL_CTX_use_PrivateKey_file(void)
 
     wolfSSL_CTX_free(ctx);
 #endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_CTX_use_RSAPrivateKey_file(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+    !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA)
+    WOLFSSL_CTX *ctx = NULL;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+
+    /* invalid context */
+    ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(NULL, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* invalid key file */
+    ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, bogusFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* invalid key type */
+    ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, 9999),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* success */
+#ifdef NO_RSA
+    /* rsa needed */
+    ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#else
+    /* success */
+    ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+#endif
+
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_use_RSAPrivateKey_file(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+    !defined(NO_WOLFSSL_CLIENT) && defined(OPENSSL_EXTRA)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectNotNull(ssl = SSL_new(ctx));
+
+    /* invalid context */
+    ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(NULL, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* invalid key file */
+    ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, bogusFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* invalid key type */
+    ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, 9999),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* success */
+#ifdef NO_RSA
+    /* rsa needed */
+    ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#else
+    /* success */
+    ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+#endif
 
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_CTX_use_PrivateKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+    !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA)
+    WOLFSSL_CTX *ctx = NULL;
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+    const unsigned char* p;
+
+    (void)p;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+
+    ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* No data. */
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+#if defined(USE_CERT_BUFFERS_2048)
+#if !defined(NO_RSA)
+    p = client_key_der_2048;
+    ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p,
+        sizeof_client_key_der_2048));
+#if defined(WOLFSSL_KEY_GEN)
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
+#else
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#endif
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
+#ifndef NO_DSA
+    p = dsa_key_der_2048;
+    ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &p,
+        sizeof_dsa_key_der_2048));
+#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
+    defined(WOLFSSL_CERT_GEN))
+    /* Not supported in ProcessBuffer. */
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
+#else
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#endif
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */
+#if !defined(NO_DH) && defined(OPENSSL_ALL) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
+    p = dh_ffdhe_statickey_der_2048;
+    ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &p,
+        sizeof_dh_ffdhe_statickey_der_2048));
+    /* Not supported. */
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+#endif /* USE_CERT_BUFFERS_2048 */
+#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
+    p = ecc_clikey_der_256;
+    ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p,
+        sizeof_ecc_clikey_der_256));
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+    ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
+        (unsigned char*)"01234567012345670123456701234567", 32));
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
 
 /* test both file and buffer versions along with unloading trusted peer certs */
 static int test_wolfSSL_CTX_trust_peer_cert(void)
@@ -1946,13 +2391,14 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
 
     /* invalid arguments */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* invalid ca file */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL),
-        WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE));
+        WS_RETURN_CODE(WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE),
+                       WC_NO_ERR_TRACE(WOLFSSL_FAILURE)));
 
 
 #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
@@ -1960,7 +2406,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
   !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR))
     /* invalid path */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile),
-        WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE));
+        WS_RETURN_CODE(WC_NO_ERR_TRACE(BAD_PATH_ERROR),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)));
 #endif
 #if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)
     /* test ignoring the invalid path */
@@ -1971,7 +2417,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     /* load ca cert */
 #ifdef NO_RSA
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
-        WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE));
+        WS_RETURN_CODE(WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)));
 #else /* Skip the following test without RSA certs. */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
         WOLFSSL_SUCCESS);
@@ -1984,47 +2430,47 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
                             DYNAMIC_TYPE_TMP_BUFFER));
 
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, NULL, -1, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, cache, -1, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, cacheSz, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, cache, cacheSz, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, NULL, cacheSz, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, -1, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz - 10, &used),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz, &used), 1);
     ExpectIntEQ(cacheSz, used);
 
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, NULL, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, NULL, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, cache, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, NULL, cacheSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, cache, cacheSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, NULL, cacheSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Smaller than header. */
-    ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, 1), BUFFER_E);
+    ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, 1), WC_NO_ERR_TRACE(BUFFER_E));
     for (i = 1; i < cacheSz; i++) {
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz - i),
-            BUFFER_E);
+            WC_NO_ERR_TRACE(BUFFER_E));
     }
     if (EXPECT_SUCCESS()) {
         /* Modify header for bad results! */
@@ -2032,22 +2478,22 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
         /* version */
         t = p[0]; p[0] = 0xff;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            CACHE_MATCH_ERROR);
+            WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
         p[0] = t; p++;
         /* rows */
         t = p[0]; p[0] = 0xff;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            CACHE_MATCH_ERROR);
+            WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
         p[0] = t; p++;
         /* columns[0] */
         t = p[0]; p[0] = -1;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            PARSE_ERROR);
+            WC_NO_ERR_TRACE(PARSE_ERROR));
         p[0] = t; p += CA_TABLE_SIZE;
         /* signerSz*/
         t = p[0]; p[0] = 0xff;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            CACHE_MATCH_ERROR);
+            WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
         p[0] = t;
     }
 
@@ -2055,20 +2501,20 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     ExpectIntEQ(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), used);
 
 #ifndef NO_FILESYSTEM
-    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, cacheFile), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, cacheFile), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, cacheFile), 1);
 
-    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, cacheFile), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, cacheFile), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, "no-file"),
-        WOLFSSL_BAD_FILE);
+        WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
     ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, cacheFile), 1);
     /* File contents is not a cache. */
     ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, "./certs/ca-cert.pem"),
-        CACHE_MATCH_ERROR);
+        WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
 #endif
 
     XFREE(cache, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2110,7 +2556,8 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
 
     /* Test loading path with no files */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL,
-        load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
+        load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Test loading expired CA certificates */
     #ifdef NO_RSA
@@ -2128,7 +2575,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     /* Test loading CA certificates and ignoring all errors */
     #ifdef NO_RSA
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
-        WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
+        WOLFSSL_LOAD_FLAG_IGNORE_ERR), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #else
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
         WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
@@ -2357,31 +2804,31 @@ static int test_wolfSSL_CertManagerAPI(void)
 
     wolfSSL_CertManagerFree(NULL);
     ExpectIntEQ(wolfSSL_CertManager_up_ref(NULL), 0);
-    ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_TRUST_PEER_CERT
-    ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer_ex(NULL, &c, 1,
-        WOLFSSL_FILETYPE_ASN1, 0, 0), WOLFSSL_FATAL_ERROR);
+        WOLFSSL_FILETYPE_ASN1, 0, 0), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, 1, -1),
-        WOLFSSL_BAD_FILETYPE);
+        WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE));
 #endif
 
 #if !defined(NO_FILESYSTEM)
@@ -2394,37 +2841,37 @@ static int test_wolfSSL_CertManagerAPI(void)
 
     #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
         ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, NULL, -1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, NULL, WOLFSSL_FILETYPE_ASN1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, ca_cert,
-            WOLFSSL_FILETYPE_PEM), BAD_FUNC_ARG);
+            WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert, -1),
-            WOLFSSL_BAD_FILETYPE);
+            WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file",
-            WOLFSSL_FILETYPE_ASN1), WOLFSSL_BAD_FILE);
+            WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert_der,
-            WOLFSSL_FILETYPE_PEM), ASN_NO_PEM_HEADER);
+            WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
     #endif
 
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, NULL),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, NULL),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, ca_path),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, ca_path),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     }
 #endif
 
 #ifdef OPENSSL_COMPATIBLE_DEFAULTS
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), 1);
 #elif !defined(HAVE_CRL)
-    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), NOT_COMPILED_IN);
+    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 
-    ExpectIntEQ(wolfSSL_CertManagerDisableCRL(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerDisableCRL(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerDisableCRL(cm), 1);
 #ifdef HAVE_CRL
     /* Test APIs when CRL is disabled. */
@@ -2437,43 +2884,43 @@ static int test_wolfSSL_CertManagerAPI(void)
 #endif
 
     /* OCSP */
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
     !defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), NOT_COMPILED_IN);
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), NOT_COMPILED_IN);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), NOT_COMPILED_IN);
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 
 #ifdef HAVE_OCSP
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, -1), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, NULL, 0,
-        NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, NULL, 1,
-        NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, &c, 1,
-        NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, ""),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, NULL), 1);
 
     ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(cm, NULL, NULL, NULL), 1);
 
     ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(cm), 1);
@@ -2528,21 +2975,21 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
 
     ExpectIntLE(ret = test_cm_load_ca_file(ca_cert), 1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
 
     ExpectIntLE(ret = test_cm_load_ca_file(ca_expired_cert), 1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
       !defined(NO_ASN_TIME)
-    ExpectIntEQ(ret, ASN_AFTER_DATE_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
@@ -2561,9 +3008,9 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
     ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE),
         1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
@@ -2571,13 +3018,13 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
     ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_expired_cert,
         WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), 1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
       !defined(NO_ASN_TIME) && defined(WOLFSSL_TRUST_PEER_CERT) && \
       defined(OPENSSL_COMPATIBLE_DEFAULTS)
-    ExpectIntEQ(ret, ASN_AFTER_DATE_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
@@ -2623,10 +3070,10 @@ static int test_wolfSSL_CertManagerGetCerts(void)
     /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT
      * and full OpenSSL compatibility */
     ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-        WOLFSSL_FILETYPE_ASN1), ASN_SELF_SIGNED_E);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E));
 #else
     ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-        WOLFSSL_FILETYPE_ASN1), ASN_NO_SIGNER_E);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 #endif
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
@@ -2694,7 +3141,7 @@ static int test_wolfSSL_CertManagerSetVerify(void)
         myVerifyAction = VERIFY_FORCE_FAIL;
 
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, verifyCert,
-            WOLFSSL_FILETYPE_ASN1), VERIFY_CERT_ERROR);
+            WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(VERIFY_CERT_ERROR));
     }
 #endif
 
@@ -2799,7 +3246,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew());
     ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
     wolfSSL_CertManagerFree(cm);
 
     XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2877,7 +3324,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 
     wolfSSL_CertManagerFree(cm);
     wolfSSL_X509_free(x509);
@@ -2987,7 +3434,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -3013,7 +3460,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -3038,7 +3485,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -3073,7 +3520,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -3202,7 +3649,7 @@ static int test_wolfSSL_CertManagerNameConstraint3(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 
     wolfSSL_CertManagerFree(cm);
     wolfSSL_X509_free(x509);
@@ -3350,7 +3797,7 @@ static int test_wolfSSL_CertManagerNameConstraint4(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -3375,7 +3822,7 @@ static int test_wolfSSL_CertManagerNameConstraint4(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 
     wolfSSL_CertManagerFree(cm);
     wolfSSL_X509_free(x509);
@@ -3469,7 +3916,7 @@ static int test_wolfSSL_CertManagerNameConstraint5(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -3495,7 +3942,7 @@ static int test_wolfSSL_CertManagerNameConstraint5(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -3521,7 +3968,7 @@ static int test_wolfSSL_CertManagerNameConstraint5(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -3638,7 +4085,7 @@ static int test_wolfSSL_CertManagerCRL(void)
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew());
 
-    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1);
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECK), 1);
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm,
@@ -3646,59 +4093,59 @@ static int test_wolfSSL_CertManagerCRL(void)
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 16), 1);
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1);
 
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, -1), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, -1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, 1), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, 1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, 1), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048,
-        sizeof_server_cert_der_2048), ASN_NO_SIGNER_E);
+        sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 
-    ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(cm, NULL), 1);
 #ifdef HAVE_CRL_IO
-    ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1);
 #endif
 
 #ifndef NO_FILESYSTEM
     ExpectIntEQ(wolfSSL_CertManagerLoadCRL(NULL, NULL, WOLFSSL_FILETYPE_ASN1,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, NULL, WOLFSSL_FILETYPE_ASN1,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* -1 seen as !WOLFSSL_FILETYPE_PEM */
     ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, "./certs/crl", -1, 0), 1);
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(NULL, NULL,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, NULL, WOLFSSL_FILETYPE_ASN1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* -1 seen as !WOLFSSL_FILETYPE_PEM */
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, "./certs/crl/crl.pem", -1),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
 #endif
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
-    ExpectIntEQ(wolfSSL_CertManagerFreeCRL(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerFreeCRL(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     DoExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1);
 
     ExpectIntEQ(WOLFSSL_SUCCESS,
@@ -3709,14 +4156,16 @@ static int test_wolfSSL_CertManagerCRL(void)
         wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0));
     wolfSSL_CertManagerFreeCRL(cm);
 
+#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP
     ExpectIntEQ(WOLFSSL_SUCCESS,
         wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
     ExpectIntEQ(WOLFSSL_SUCCESS,
         wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048,
-        sizeof_server_cert_der_2048), CRL_MISSING);
+        sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(CRL_MISSING));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server_cert_der_2048,
-        sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), CRL_MISSING);
+        sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(CRL_MISSING));
+#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, sizeof(crl_buff),
         WOLFSSL_FILETYPE_ASN1), 1);
@@ -3724,7 +4173,7 @@ static int test_wolfSSL_CertManagerCRL(void)
 #if !defined(NO_FILESYSTEM) && defined(WC_RSA_PSS)
     /* loading should fail without the CA set */
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss,
-        WOLFSSL_FILETYPE_PEM), ASN_CRL_NO_SIGNER_E);
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E));
 
     /* now successfully load the RSA-PSS crl once loading in it's CA */
     ExpectIntEQ(WOLFSSL_SUCCESS,
@@ -4044,7 +4493,7 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
 
 #ifndef NO_FILESYSTEM
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048,
-        sizeof(server_cert_der_2048)), ASN_NO_SIGNER_E);
+        sizeof(server_cert_der_2048)), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
     ExpectIntEQ(WOLFSSL_SUCCESS,
         wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048,
@@ -4062,8 +4511,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
 static int test_wolfSSL_CheckOCSPResponse(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) && \
-       defined(OPENSSL_ALL)
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \
+    !defined(NO_RSA) && !defined(NO_SHA)
     const char* responseFile = "./certs/ocsp/test-response.der";
     const char* responseMultiFile = "./certs/ocsp/test-multi-response.der";
     const char* responseNoInternFile =
@@ -4261,13 +4710,13 @@ static int test_wolfSSL_FPKI(void)
 
     wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
     ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
-    ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), LENGTH_ONLY_E) ;
+    ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectNotNull(fascn = (byte*)XMALLOC(fascnSz, NULL,
         DYNAMIC_TYPE_TMP_BUFFER));
     ExpectIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0);
     XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectNotNull(uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
     ExpectIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0);
     XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4302,6 +4751,7 @@ static int test_wolfSSL_OtherName(void)
     return EXPECT_RESULT();
 }
 
+#ifdef HAVE_CERT_CHAIN_VALIDATION
 static int test_wolfSSL_CertRsaPss(void)
 {
     EXPECT_DECLS;
@@ -4359,6 +4809,7 @@ static int test_wolfSSL_CertRsaPss(void)
 
     return EXPECT_RESULT();
 }
+#endif
 
 static int test_wolfSSL_CTX_load_verify_locations_ex(void)
 {
@@ -4396,8 +4847,7 @@ static int test_wolfSSL_CTX_load_verify_locations_ex(void)
 static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    defined(USE_CERT_BUFFERS_2048)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     WOLFSSL_CTX* ctx;
     const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
@@ -4412,11 +4862,13 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
 #endif
     ExpectNotNull(ctx);
 
+#if defined(USE_CERT_BUFFERS_2048)
     /* test good CA */
     ExpectTrue(WOLFSSL_SUCCESS ==
         wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048,
             sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0,
             WOLFSSL_LOAD_FLAG_NONE));
+#endif
 
     /* load expired CA */
     XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert));
@@ -4443,6 +4895,16 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
             sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
             WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);
 
+    /* Fail when ctx is NULL. */
+    ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(NULL, ca_expired_cert,
+            sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
+            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Load as modified cert - bad initial length. */
+    ca_expired_cert[2] = 0x7f;
+    ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
+            sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 1,
+            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WC_NO_ERR_TRACE(ASN_PARSE_E));
+
     wolfSSL_CTX_free(ctx);
 #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif
@@ -4454,7 +4916,7 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
-    defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) && \
+    defined(USE_CERT_BUFFERS_2048) && (WOLFSSL_MIN_RSA_BITS <= 1024) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
 
@@ -4464,9 +4926,10 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
   #endif
 
-    ExpectTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_chain_buffer_format(
-        ctx, ca_cert_chain_der, sizeof_ca_cert_chain_der,
-        WOLFSSL_FILETYPE_ASN1));
+    /* Public key 140 bytes??? */
+    ExpectIntEQ(wolfSSL_CTX_load_verify_chain_buffer_format(ctx,
+        ca_cert_chain_der, sizeof_ca_cert_chain_der, WOLFSSL_FILETYPE_ASN1),
+        WOLFSSL_SUCCESS);
 
     wolfSSL_CTX_free(ctx);
 #endif
@@ -4495,9 +4958,29 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 0);
+    ExpectIntEQ(SSL_CTX_add0_chain_cert(ctx, x509), 0);
+    ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 0);
+    ExpectIntEQ(SSL_add0_chain_cert(ssl, x509), 0);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) {
         ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert,
             WOLFSSL_FILETYPE_PEM));
+
+        /* Do negative tests once */
+        if (cert == certChain) {
+            /* Negative tests. */
+            ExpectIntEQ(SSL_CTX_add1_chain_cert(NULL, NULL), 0);
+            ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, NULL), 0);
+            ExpectIntEQ(SSL_CTX_add1_chain_cert(NULL, x509), 0);
+            ExpectIntEQ(SSL_CTX_add0_chain_cert(NULL, NULL), 0);
+            ExpectIntEQ(SSL_CTX_add0_chain_cert(ctx, NULL), 0);
+            ExpectIntEQ(SSL_CTX_add0_chain_cert(NULL, x509), 0);
+        }
+
         ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1);
         X509_free(x509);
         x509 = NULL;
@@ -4505,6 +4988,18 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
     for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) {
         ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert,
             WOLFSSL_FILETYPE_PEM));
+
+        /* Do negative tests once */
+        if (cert == certChain) {
+            /* Negative tests. */
+            ExpectIntEQ(SSL_add1_chain_cert(NULL, NULL), 0);
+            ExpectIntEQ(SSL_add1_chain_cert(ssl, NULL), 0);
+            ExpectIntEQ(SSL_add1_chain_cert(NULL, x509), 0);
+            ExpectIntEQ(SSL_add0_chain_cert(NULL, NULL), 0);
+            ExpectIntEQ(SSL_add0_chain_cert(ssl, NULL), 0);
+            ExpectIntEQ(SSL_add0_chain_cert(NULL, x509), 0);
+        }
+
         ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 1);
         X509_free(x509);
         x509 = NULL;
@@ -4521,6 +5016,69 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_WOLFSSL_CLIENT) && defined(USE_CERT_BUFFERS_2048)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+    const char* cert = "./certs/server-cert.pem";
+    unsigned char* buf = NULL;
+    size_t len;
+
+    ExpectIntEQ(load_file(cert, &buf, &len), 0);
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Invalid parameters. */
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL,
+        NULL, 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
+        NULL, 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL,
+        server_cert_der_2048, sizeof_server_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0),
+        WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf, (long)len),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0),
+        WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (long)len),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
+        server_cert_der_2048, sizeof_server_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf,
+        (long)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (long)len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx,
+        server_cert_der_2048, sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (long)len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048,
+        sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+    if (buf != NULL) {
+        free(buf);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
 {
     EXPECT_DECLS;
@@ -4528,18 +5086,17 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     const char* server_chain_der = "./certs/server-cert-chain.der";
     const char* client_single_pem = "./certs/client-cert.pem";
-    WOLFSSL_CTX* ctx;
+    WOLFSSL_CTX* ctx = NULL;
 
     (void)server_chain_der;
     (void)client_single_pem;
     (void)ctx;
 
   #ifndef NO_WOLFSSL_CLIENT
-    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
   #else
-    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
   #endif
-    ExpectNotNull(ctx);
 
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
         server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -4551,12 +5108,59 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_use_certificate_chain_file(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_WOLFSSL_CLIENT)
+    const char* server_chain_der = "./certs/server-cert-chain.der";
+    const char* client_single_pem = "./certs/client-cert.pem";
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+
+    (void)server_chain_der;
+    (void)client_single_pem;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Invalid parameters. */
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL, NULL,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, NULL,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL,
+       server_chain_der, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, NULL),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, client_single_pem),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, server_chain_der),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl,
+        server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl,
+        client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, client_single_pem),
+        WOLFSSL_SUCCESS);
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_CTX_SetTmpDH_file(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX *ctx = NULL;
+#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+    const char* dsaParamFile = "./certs/dsaparams.pem";
+#endif
 
     (void)ctx;
 
@@ -4580,6 +5184,10 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void)
     /* success */
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
                 WOLFSSL_FILETYPE_PEM));
+#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+    ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
+                WOLFSSL_FILETYPE_PEM));
+#endif
 
     wolfSSL_CTX_free(ctx);
 #endif
@@ -4607,11 +5215,17 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void)
     /* invalid dhParamFile file */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL,
                 0, WOLFSSL_FILETYPE_ASN1));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, NULL,
+                0, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx,
                 dsa_key_der_2048, sizeof_dsa_key_der_2048,
                 WOLFSSL_FILETYPE_ASN1));
 
+    /* invalid file format */
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx,
+                dh_key_der_2048, sizeof_dh_key_der_2048, -1));
+
     /* success */
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx,
                 dh_key_der_2048, sizeof_dh_key_der_2048,
@@ -4640,7 +5254,7 @@ static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
 
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));
@@ -4651,7 +5265,7 @@ static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
 
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_CTX_SetTmpDH_buffer(ctx,
                 dh_key_der_2048, sizeof_dh_key_der_2048,
                 WOLFSSL_FILETYPE_ASN1));
 
@@ -4679,7 +5293,7 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void)
 
     /* der load Case 1 ctx NULL */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
   #ifndef NO_WOLFSSL_CLIENT
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
@@ -4689,16 +5303,16 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void)
 
     /* Case 2 filePath NULL */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Case 3 invalid format */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
-                WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Case 4 filePath not valid */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Case 5 filePath empty */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_RSA
     /* Case 6 success case */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
@@ -4718,27 +5332,27 @@ static int test_wolfSSL_CTX_enable_disable(void)
     WOLFSSL_CTX* ctx = NULL;
 
   #ifdef HAVE_CRL
-    ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
   #endif
 
   #ifdef HAVE_OCSP
-    ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
   #endif
 
   #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
       defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-    ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
   #endif
 
   #ifndef NO_WOLFSSL_CLIENT
 
     #ifdef HAVE_EXTENDED_MASTER
-    ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #endif
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
 
@@ -4814,14 +5428,14 @@ static int test_wolfSSL_set_minmax_proto_version(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
-    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
 
-    ExpectIntEQ(wolfSSL_set_min_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_set_max_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS);
 
     wolfSSL_free(ssl);
@@ -4831,8 +5445,8 @@ static int test_wolfSSL_set_minmax_proto_version(void)
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
-    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
 
@@ -4972,6 +5586,10 @@ static int test_wolfSSL_SetTmpDH_file(void)
         !defined(NO_WOLFSSL_SERVER)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
+    const char* dhX942ParamFile = "./certs/x942dh2048.pem";
+#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+    const char* dsaParamFile = "./certs/dsaparams.pem";
+#endif
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #ifndef NO_RSA
@@ -5010,6 +5628,12 @@ static int test_wolfSSL_SetTmpDH_file(void)
     /* success */
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile,
                 WOLFSSL_FILETYPE_PEM));
+    ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhX942ParamFile,
+                WOLFSSL_FILETYPE_PEM));
+#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+    ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
+                WOLFSSL_FILETYPE_PEM));
+#endif
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
@@ -5039,6 +5663,8 @@ static int test_wolfSSL_SetTmpDH_buffer(void)
     /* invalid dhParamFile file */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL,
                 0, WOLFSSL_FILETYPE_ASN1));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, NULL, 0,
+                WOLFSSL_FILETYPE_ASN1));
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048,
                 sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
@@ -5077,7 +5703,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
     ExpectNotNull(ssl2 = wolfSSL_new(ctx2));
 
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
@@ -5085,7 +5711,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
@@ -5096,7 +5722,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     wolfSSL_free(ssl2);
@@ -6478,7 +7104,7 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void)
     ExpectIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
 
     ExpectIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS);
-    ExpectIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_CIPHER_CTX_reset(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     EVP_CIPHER_CTX_free(ctx);
     /* test EVP_CIPHER_CTX_cleanup with NULL */
@@ -6651,7 +7277,7 @@ static WC_INLINE int test_ssl_memio_read_cb(WOLFSSL *ssl, char *data, int sz,
 
 static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 {
-    EXPECT_DECLS;
+    EXPECT_DECLS_NO_MSGS(-2000);
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     int c_sharedCtx = 0;
     int s_sharedCtx = 0;
@@ -6924,7 +7550,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
 
 static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx)
 {
-    EXPECT_DECLS;
+    EXPECT_DECLS_NO_MSGS(-3000);
     char input[1024];
     int idx = 0;
     const char* msg_c = "hello wolfssl!";
@@ -7013,7 +7639,14 @@ static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
 int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
     test_ssl_cbf* server_cb, cbType client_on_handshake)
 {
-    EXPECT_DECLS;
+    /* We use EXPECT_DECLS_NO_MSGS() here because this helper routine is used
+     * for numerous but varied expected-to-fail scenarios that should not emit
+     * error messages on the expected failures.  Instead, we return a distinct
+     * code for each failure point, allowing the caller to assert on a
+     * particular mode of expected failure.  On success, the usual TEST_SUCCESS
+     * is returned.
+     */
+    EXPECT_DECLS_NO_MSGS(-1000);
     struct test_ssl_memio_ctx test_ctx;
 #ifdef WOLFSSL_HAVE_TLS_UNIQUE
     size_t msg_len;
@@ -7025,8 +7658,8 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
 
     test_ctx.c_ctx = client_cb->ctx;
     test_ctx.s_ctx = server_cb->ctx;
-    test_ctx.c_cb.return_code = TEST_FAIL;
-    test_ctx.s_cb.return_code = TEST_FAIL;
+    test_ctx.c_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
+    test_ctx.s_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
 
     ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS);
     ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS);
@@ -7111,7 +7744,7 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
@@ -7129,7 +7762,7 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
                 return WOLFSSL_FATAL_ERROR;
             }
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -7398,14 +8031,14 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_negotiate(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -7623,14 +8256,14 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
         #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_accept(ssl);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != WOLFSSL_SUCCESS) {
             char buff[WOLFSSL_MAX_ERROR_SZ];
             fprintf(stderr, "error = %d, %s\n", err,
@@ -7846,14 +8479,14 @@ static int test_client_nofail(void* args, cbType cb)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_negotiate(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -8097,14 +8730,14 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -8161,14 +8794,14 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -8416,14 +9049,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_accept(ssl);
         err = wolfSSL_get_error(ssl, ret);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "accept error = %d, %s\n", err,
@@ -8436,14 +9069,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             idx = wolfSSL_read(ssl, input, sizeof(input)-1);
             err = wolfSSL_get_error(ssl, idx);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (idx > 0) {
             input[idx] = 0;
             fprintf(stderr, "Client message: %s\n", input);
@@ -8454,14 +9087,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_write(ssl, msg, len);
             err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (len != ret) {
             goto cleanup;
         }
@@ -8634,14 +9267,14 @@ static void run_wolfssl_client(void* args)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, ret);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -8654,14 +9287,14 @@ static void run_wolfssl_client(void* args)
         #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_write(ssl, msg, len);
             err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (len != ret)
             goto cleanup;
 
@@ -8670,14 +9303,14 @@ static void run_wolfssl_client(void* args)
         #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_read(ssl, input, sizeof(input)-1);
             err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret > 0) {
             input[ret] = '\0'; /* null term */
             fprintf(stderr, "Server response: %s\n", input);
@@ -8935,12 +9568,12 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void)
      * therefore, handshake becomes failure.
      */
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
-        &server_cbf, NULL), TEST_FAIL);
+        &server_cbf, NULL), -1001);
 
-    ExpectIntEQ(client_cbf.return_code, TEST_FAIL);
-    ExpectIntEQ(server_cbf.return_code, TEST_FAIL);
-    ExpectIntEQ(client_cbf.last_err, MAX_CHAIN_ERROR);
-    ExpectIntEQ(server_cbf.last_err, FATAL_ERROR);
+    ExpectIntEQ(client_cbf.return_code, -1000);
+    ExpectIntEQ(server_cbf.return_code, -1000);
+    ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(MAX_CHAIN_ERROR));
+    ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));
 #endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
 
     return EXPECT_RESULT();
@@ -10786,12 +11419,13 @@ static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
 
 static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
 {
-    AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(UNKNOWN_SNI_HOST_NAME_E),
+                wolfSSL_get_error(ssl, 0));
 }
 
 static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
 {
-    AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(SNI_ABSENT_ERROR), wolfSSL_get_error(ssl, 0));
 }
 
 static void verify_SNI_no_matching(WOLFSSL* ssl)
@@ -10829,7 +11463,7 @@ static void verify_SNI_fake_matching(WOLFSSL* ssl)
 
 static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
 {
-    AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(FATAL_ERROR), wolfSSL_get_error(ssl, 0));
 }
 /* END of connection tests callbacks */
 
@@ -11044,19 +11678,19 @@ static int test_wolfSSL_SNI_GetFromBuffer(void)
     ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
                                                            1, result, &length));
 
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
                                                            0, result, &length));
     buff[0] = 0x16;
 
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
                                                            0, result, &length));
     buff[1] = 0x03;
 
-    ExpectIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff,
+    ExpectIntEQ(WC_NO_ERR_TRACE(SNI_UNSUPPORTED), wolfSSL_SNI_GetFromBuffer(buff,
                                            sizeof(buff), 0, result, &length));
     buff[2] = 0x03;
 
-    ExpectIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff,
+    ExpectIntEQ(WC_NO_ERR_TRACE(INCOMPLETE_DATA), wolfSSL_SNI_GetFromBuffer(buff,
                                            sizeof(buff), 0, result, &length));
     buff[4] = 0x64;
 
@@ -11075,19 +11709,19 @@ static int test_wolfSSL_SNI_GetFromBuffer(void)
     ExpectStrEQ("api.textmate.org", (const char*) result);
 
     /* SSL v2.0 tests */
-    ExpectIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(SNI_UNSUPPORTED), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     buff5[2] = 0x02;
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     buff5[2] = 0x01; buff5[6] = 0x08;
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     buff5[6] = 0x09; buff5[8] = 0x01;
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     return EXPECT_RESULT();
@@ -11305,7 +11939,7 @@ static int test_wolfSSL_UseMaxFragment(void)
 
     /* success case */
   #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
   #else
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
   #endif
@@ -11314,9 +11948,9 @@ static int test_wolfSSL_UseMaxFragment(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_11));
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_12));
   #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
 
-    ExpectIntEQ(BAD_FUNC_ARG, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_8));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), UseMaxFragment(    ssl,  WOLFSSL_MFL_2_8));
   #else
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_13));
 
@@ -11328,7 +11962,7 @@ static int test_wolfSSL_UseMaxFragment(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_12));
 
   #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(BAD_FUNC_ARG, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
   #else
     ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
   #endif
@@ -11442,7 +12076,7 @@ static int test_wolfSSL_UseSupportedCurve(void)
 
 static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl)
 {
-    AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(UNKNOWN_ALPN_PROTOCOL_NAME_E), wolfSSL_get_error(ssl, 0));
 }
 
 static void use_ALPN_all(WOLFSSL* ssl)
@@ -11516,7 +12150,7 @@ static void verify_ALPN_not_matching_continue(WOLFSSL* ssl)
     char *proto = NULL;
     word16 protoSz = 0;
 
-    AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND,
+    AssertIntEQ(WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND),
                 wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
 
     /* check value */
@@ -11962,11 +12596,11 @@ static int test_wolfSSL_SCR_Reconnect(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_s));
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
     /* WOLFSSL_FATAL_ERROR since it will block */
-    ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
                 WOLFSSL_ERROR_WANT_READ);
-    ExpectIntEQ(wolfSSL_read(ssl_c, &data, 1), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_read(ssl_c, &data, 1), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
                 WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
     wolfSSL_free(ssl_c);
@@ -12086,8 +12720,8 @@ static int test_tls_ext_duplicate(void)
     ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
     /* can return duplicate ext error or socket error if the peer closed down
      * while sending alert */
-    if (wolfSSL_get_error(ssl, 0) != SOCKET_ERROR_E) {
-        ExpectIntEQ(wolfSSL_get_error(ssl, 0), DUPLICATE_TLS_EXT_E);
+    if (wolfSSL_get_error(ssl, 0) != WC_NO_ERR_TRACE(SOCKET_ERROR_E)) {
+        ExpectIntEQ(wolfSSL_get_error(ssl, 0), WC_NO_ERR_TRACE(DUPLICATE_TLS_EXT_E));
     }
 
     wolfSSL_free(ssl);
@@ -12863,7 +13497,7 @@ static int test_wolfSSL_PKCS8(void)
 #else
     /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
     ExpectIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
-        (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
+        (word32)sizeof(der), NULL)), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
 #endif /* HAVE_ECC */
 
     wolfSSL_CTX_free(ctx);
@@ -13057,7 +13691,7 @@ static int test_wolfSSL_X509_verify(void)
     bufSz = 2048;
     ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
         WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);
 
 
@@ -13080,10 +13714,10 @@ static int test_wolfSSL_X509_verify(void)
         WOLFSSL_SUCCESS);
     pt = buf;
     ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
-    ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
-    ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     wolfSSL_EVP_PKEY_free(pkey);
 
     wolfSSL_FreeX509(ca);
@@ -13092,6 +13726,272 @@ static int test_wolfSSL_X509_verify(void)
     return EXPECT_RESULT();
 }
 
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+/* Given acert file and its pubkey file, read them and then
+ * attempt to verify signed acert.
+ *
+ * If expect_pass is true, then verification should pass.
+ * If expect_pass is false, then verification should fail.
+ * */
+static int do_acert_verify_test(const char * acert_file,
+                                const char * pkey_file,
+                                size_t       expect_pass)
+{
+    X509_ACERT * x509 = NULL;
+    EVP_PKEY *   pkey = NULL;
+    BIO *        bp = NULL;
+    int          verify_rc = 0;
+
+    /* First read the attribute certificate. */
+    bp = BIO_new_file(acert_file, "r");
+    if (bp == NULL) {
+        return -1;
+    }
+
+    x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL);
+    BIO_free(bp);
+    bp = NULL;
+
+    if (x509 == NULL) {
+        return -1;
+    }
+
+    /* Next read the associated pub key. */
+    bp = BIO_new_file(pkey_file, "r");
+
+    if (bp == NULL) {
+        X509_ACERT_free(x509);
+        x509 = NULL;
+        return -1;
+    }
+
+    pkey = PEM_read_bio_PUBKEY(bp, &pkey, NULL, NULL);
+    BIO_free(bp);
+    bp = NULL;
+
+    if (pkey == NULL) {
+        X509_ACERT_free(x509);
+        x509 = NULL;
+        return -1;
+    }
+
+    /* Finally, do verification. */
+    verify_rc = X509_ACERT_verify(x509, pkey);
+
+    X509_ACERT_free(x509);
+    x509 = NULL;
+
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    if (expect_pass && verify_rc != 1) {
+        return -1;
+    }
+
+    if (!expect_pass && verify_rc == 1) {
+        return -1;
+    }
+
+    return 0;
+}
+#endif
+
+static int test_wolfSSL_X509_ACERT_verify(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+    /* Walk over list of signed ACERTs and their pubkeys.
+     * All should load and pass verification. */
+    const char * acerts[4] = {"certs/acert/acert.pem",
+                              "certs/acert/acert_ietf.pem",
+                              "certs/acert/rsa_pss/acert.pem",
+                              "certs/acert/rsa_pss/acert_ietf.pem"};
+    const char * pkeys[4] =  {"certs/acert/acert_pubkey.pem",
+                              "certs/acert/acert_ietf_pubkey.pem",
+                              "certs/acert/rsa_pss/acert_pubkey.pem",
+                              "certs/acert/rsa_pss/acert_ietf_pubkey.pem"};
+    int    rc = 0;
+    size_t i = 0;
+    size_t j = 0;
+
+    for (i = 0; i < 4; ++i) {
+        for (j = i; j < 4; ++j) {
+            rc = do_acert_verify_test(acerts[i], pkeys[j], i == j);
+
+            if (rc) {
+                fprintf(stderr, "error: %s: i = %zu, j = %zu, rc = %d\n",
+                        "do_acert_verify_test", i, j, rc);
+                break;
+            }
+        }
+
+        if (rc) { break; }
+    }
+
+    ExpectIntEQ(rc, 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_ACERT_misc_api(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+    const char * acerts[4] = {"certs/acert/acert.pem",
+                              "certs/acert/acert_ietf.pem",
+                              "certs/acert/rsa_pss/acert.pem",
+                              "certs/acert/rsa_pss/acert_ietf.pem"};
+    int          rc = 0;
+    X509_ACERT * x509 = NULL;
+    BIO *        bp = NULL;
+    long         ver_long = 0;
+    int          ver = 0;
+    int          nid = 0;
+    const byte * raw_attr = NULL;
+    word32       attr_len = 0;
+    size_t       i = 0;
+    int          buf_len = 0;
+    byte         ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02,
+                                  0xa2, 0xaa, 0xb5, 0x40, 0x21,
+                                  0x44, 0xb8, 0x2c, 0x4f, 0xd9,
+                                  0x80, 0x1b, 0x5f, 0x57, 0xc2};
+
+    for (i = 0; i < 4; ++i) {
+        const char * acert_file = acerts[i];
+        int          is_rsa_pss = 0;
+        int          is_ietf_acert = 0;
+        byte         serial[64];
+        int          serial_len = sizeof(serial);
+
+        XMEMSET(serial, 0, sizeof(serial));
+
+        is_rsa_pss = XSTRSTR(acert_file, "rsa_pss") != NULL ? 1 : 0;
+        is_ietf_acert = XSTRSTR(acert_file, "ietf.pem") != NULL ? 1 : 0;
+
+        /* First read the attribute certificate. */
+        bp = BIO_new_file(acert_file, "r");
+        ExpectNotNull(bp);
+
+        x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL);
+        ExpectNotNull(x509);
+
+        /* We're done with the bio for now. */
+        if (bp != NULL) {
+            BIO_free(bp);
+            bp = NULL;
+        }
+
+        /* Check version and signature NID. */
+        ver_long = X509_ACERT_get_version(x509);
+        ExpectIntEQ(ver_long, 1);
+
+        ver = wolfSSL_X509_ACERT_version(x509);
+        ExpectIntEQ(ver, 2);
+
+        nid = X509_ACERT_get_signature_nid(x509);
+
+        if (is_rsa_pss) {
+            ExpectIntEQ(nid, NID_rsassaPss);
+        }
+        else {
+            ExpectIntEQ(nid, NID_sha256WithRSAEncryption);
+        }
+
+        /* Get the serial number buffer.
+         * The ietf acert example has a 20 byte serial number. */
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        if (is_ietf_acert) {
+            ExpectIntEQ(serial_len, 20);
+            ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0);
+        }
+        else {
+            ExpectIntEQ(serial_len, 1);
+            ExpectTrue(serial[0] == 0x01);
+        }
+
+        /* Repeat the same but with null serial buffer. This is ok. */
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, NULL, &serial_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        if (is_ietf_acert) {
+            ExpectIntEQ(serial_len, 20);
+        }
+        else {
+            ExpectIntEQ(serial_len, 1);
+            ExpectTrue(serial[0] == 0x01);
+        }
+
+        /* Get the attributes buffer. */
+        rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        if (is_ietf_acert) {
+            /* This cert has a 65 byte attributes field. */
+            ExpectNotNull(raw_attr);
+            ExpectIntEQ(attr_len, 65);
+        }
+        else {
+            /* This cert has a 237 byte attributes field. */
+            ExpectNotNull(raw_attr);
+            ExpectIntEQ(attr_len, 237);
+        }
+
+        /* Test printing acert to memory bio. */
+        ExpectNotNull(bp = BIO_new(BIO_s_mem()));
+        rc = X509_ACERT_print(bp, x509);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        /* Now do a bunch of invalid stuff with partially valid inputs. */
+        rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, NULL);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        rc = wolfSSL_X509_ACERT_get_attr_buf(x509, NULL, &attr_len);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        rc = wolfSSL_X509_ACERT_get_attr_buf(NULL, &raw_attr, &attr_len);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        ver_long = X509_ACERT_get_version(NULL);
+        ExpectIntEQ(ver_long, 0);
+
+        ver = wolfSSL_X509_ACERT_version(NULL);
+        ExpectIntEQ(ver, 0);
+
+        rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, NULL);
+        ExpectIntEQ(rc, WOLFSSL_FATAL_ERROR);
+
+        rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, &buf_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+        ExpectIntEQ(buf_len, 256);
+
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, NULL);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        rc = X509_ACERT_print(bp, NULL);
+        ExpectIntEQ(rc, WOLFSSL_FAILURE);
+
+        rc = X509_ACERT_print(NULL, x509);
+        ExpectIntEQ(rc, WOLFSSL_FAILURE);
+
+        /* Finally free the acert and bio, we're done with them. */
+        if (x509 != NULL) {
+            X509_ACERT_free(x509);
+            x509 = NULL;
+        }
+
+        if (bp != NULL) {
+            BIO_free(bp);
+            bp = NULL;
+        }
+    }
+#endif
+    return EXPECT_RESULT();
+}
 
 #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \
          defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
@@ -13166,7 +14066,7 @@ static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store)
 {
     EXPECT_DECLS;
 #ifndef OPENSSL_COMPATIBLE_DEFAULTS
-    ExpectIntEQ(store->error, ASN_VERSION_E);
+    ExpectIntEQ(store->error, WC_NO_ERR_TRACE(ASN_VERSION_E));
 #else
     ExpectIntEQ(store->error, 0);
 #endif
@@ -13213,7 +14113,7 @@ static int test_wolfSSL_X509_TLS_version_test_1(void)
 
 #ifndef OPENSSL_COMPATIBLE_DEFAULTS
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
-        &func_cb_server, NULL), TEST_FAIL);
+        &func_cb_server, NULL), -1001);
 #else
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
         &func_cb_server, NULL), TEST_SUCCESS);
@@ -13335,13 +14235,13 @@ static int test_wolfSSL_UseOCSPStapling(void)
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
     ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
         WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
 #else
     ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wolfSSL_free(ssl);
@@ -13380,13 +14280,13 @@ static int test_wolfSSL_UseOCSPStaplingV2(void)
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
         WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
 #else
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wolfSSL_free(ssl);
@@ -13453,11 +14353,11 @@ static int test_wc_InitBlake2b(void)
     /* Test good arg. */
     ExpectIntEQ(wc_InitBlake2b(&blake, 64), 0);
     /* Test bad arg. */
-    ExpectIntEQ(wc_InitBlake2b(NULL, 64), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(NULL, 128), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(&blake, 128), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(&blake, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitBlake2b(NULL, 64), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(NULL, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(&blake, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 }     /* END test_wc_InitBlake2b*/
@@ -13480,9 +14380,9 @@ static int test_wc_InitBlake2b_WithKey(void)
     ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, 256),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen), 0);
 #endif
     return EXPECT_RESULT();
@@ -13504,9 +14404,9 @@ static int test_wc_InitBlake2s_WithKey(void)
     ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, 256),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen), 0);
 #endif
     return EXPECT_RESULT();
@@ -13524,7 +14424,7 @@ static int test_wc_InitMd5(void)
     /* Test good arg. */
     ExpectIntEQ(wc_InitMd5(&md5), 0);
     /* Test bad arg. */
-    ExpectIntEQ(wc_InitMd5(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitMd5(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Md5Free(&md5);
 #endif
@@ -13568,9 +14468,9 @@ static int test_wc_Md5Update(void)
     c.input = NULL;
     c.inLen = WC_MD5_DIGEST_SIZE;
     ExpectIntEQ(wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Md5Free(&md5);
 #endif
@@ -13605,9 +14505,9 @@ static int test_wc_Md5Final(void)
     }
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Md5Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Final(&md5, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Md5Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Md5Final(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Md5Final(&md5, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Md5Free(&md5);
 #endif
@@ -13626,7 +14526,7 @@ static int test_wc_InitSha(void)
     /* Test good arg. */
     ExpectIntEQ(wc_InitSha(&sha), 0);
     /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ShaFree(&sha);
 #endif
@@ -13673,9 +14573,9 @@ static int test_wc_ShaUpdate(void)
     c.input = NULL;
     c.inLen = WC_SHA_DIGEST_SIZE;
     ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ShaFree(&sha);
 #endif
@@ -13709,9 +14609,9 @@ static int test_wc_ShaFinal(void)
     }
 
     /* Test bad args. */
-    ExpectIntEQ(wc_ShaFinal(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaFinal(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaFinal(&sha, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ShaFinal(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ShaFinal(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ShaFinal(&sha, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ShaFree(&sha);
 #endif
@@ -13731,7 +14631,7 @@ static int test_wc_InitSha256(void)
     /* Test good arg. */
     ExpectIntEQ(wc_InitSha256(&sha256), 0);
     /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha256(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha256(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha256Free(&sha256);
 #endif
@@ -13784,9 +14684,9 @@ static int test_wc_Sha256Update(void)
     c.input = NULL;
     c.inLen = WC_SHA256_DIGEST_SIZE;
     ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha256Free(&sha256);
 #endif
@@ -13820,9 +14720,9 @@ static int test_wc_Sha256Final(void)
     }
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha256Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Final(&sha256, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha256Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Final(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Final(&sha256, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha256Free(&sha256);
 #endif
@@ -13856,9 +14756,9 @@ static int test_wc_Sha256FinalRaw(void)
     }
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha256FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256FinalRaw(&sha256, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha256FinalRaw(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256FinalRaw(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256FinalRaw(&sha256, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha256Free(&sha256);
 #endif
@@ -13915,9 +14815,9 @@ static int test_wc_Sha256GetHash(void)
     ExpectIntEQ(wc_Sha256GetHash(&sha256, hash1), 0);
 
     /* test bad arguments*/
-    ExpectIntEQ(wc_Sha256GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256GetHash(&sha256, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha256GetHash(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256GetHash(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256GetHash(&sha256, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha256Free(&sha256);
 #endif
@@ -13943,9 +14843,9 @@ static int test_wc_Sha256Copy(void)
     ExpectIntEQ(wc_Sha256Copy(&sha256, &temp), 0);
 
     /* test bad arguments*/
-    ExpectIntEQ(wc_Sha256Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Copy(&sha256, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha256Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Copy(NULL, &temp), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Copy(&sha256, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha256Free(&sha256);
     wc_Sha256Free(&temp);
@@ -13964,7 +14864,7 @@ static int test_wc_InitSha512(void)
     /* Test good arg. */
     ExpectIntEQ(wc_InitSha512(&sha512), 0);
     /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha512(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha512(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512Free(&sha512);
 #endif
@@ -14020,9 +14920,9 @@ static int test_wc_Sha512Update(void)
     c.input = NULL;
     c.inLen = WC_SHA512_DIGEST_SIZE;
     ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512Free(&sha512);
 #endif
@@ -14102,14 +15002,20 @@ static int test_Sha512_Family_Final(int type, int isRaw)
     hash_test[2] = hash3;
     times = sizeof(hash_test) / sizeof(byte *);
 
-    /* Good test args. */
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
+#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) || \
+        defined(WOLFSSL_NO_HASH_RAW)
+    if (finalFp != NULL)
+#endif
+    {
+        /* Good test args. */
+        for (i = 0; i < times; i++) {
+            ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
+        }
+        /* Test bad args. */
+        ExpectIntEQ(finalFp(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(finalFp(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(finalFp(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     }
-    /* Test bad args. */
-    ExpectIntEQ(finalFp(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(finalFp(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(finalFp(&sha512, NULL), BAD_FUNC_ARG);
 
     freeFp(&sha512);
 
@@ -14144,9 +15050,9 @@ static int test_wc_Sha512Final(void)
     }
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha512Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Final(&sha512, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Final(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Final(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512Free(&sha512);
 #endif
@@ -14201,9 +15107,9 @@ static int test_wc_Sha512FinalRaw(void)
     }
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha512FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512FinalRaw(&sha512, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512FinalRaw(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512FinalRaw(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512FinalRaw(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512Free(&sha512);
 #endif
@@ -14265,9 +15171,9 @@ static int test_Sha512_Family_GetHash(int type )
     ExpectIntEQ(ghashFp(&sha512, hash1), 0);
 
     /* test bad arguments*/
-    ExpectIntEQ(ghashFp(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(ghashFp(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(ghashFp(&sha512, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(ghashFp(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(ghashFp(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(ghashFp(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512Free(&sha512);
     return EXPECT_RESULT();
@@ -14291,9 +15197,9 @@ static int test_wc_Sha512GetHash(void)
     ExpectIntEQ(wc_Sha512GetHash(&sha512, hash1), 0);
 
     /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512GetHash(&sha512, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512GetHash(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512GetHash(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512GetHash(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512Free(&sha512);
 #endif
@@ -14320,9 +15226,9 @@ static int test_wc_Sha512Copy(void)
     ExpectIntEQ(wc_Sha512Copy(&sha512, &temp), 0);
 
     /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Copy(&sha512, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Copy(NULL, &temp), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Copy(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512Free(&sha512);
     wc_Sha512Free(&temp);
@@ -14340,7 +15246,7 @@ static int test_wc_InitSha512_224(void)
     /* Test good arg. */
     ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
     /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha512_224(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha512_224(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512_224Free(&sha512);
 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
@@ -14382,9 +15288,9 @@ static int test_wc_Sha512_224Update(void)
     c.input = NULL;
     c.inLen = WC_SHA512_224_DIGEST_SIZE;
     ExpectIntEQ(wc_Sha512_224Update(&sha512, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha512_224Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512_224Free(&sha512);
 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
@@ -14487,9 +15393,9 @@ static int test_wc_Sha512_224Copy(void)
 
     ExpectIntEQ(wc_Sha512_224Copy(&sha512, &temp), 0);
     /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512_224Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Copy(&sha512, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512_224Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_224Copy(NULL, &temp), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_224Copy(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512_224Free(&sha512);
     wc_Sha512_224Free(&temp);
@@ -14508,7 +15414,7 @@ static int test_wc_InitSha512_256(void)
     /* Test good arg. */
     ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
     /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha512_256(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha512_256(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512_256Free(&sha512);
 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
@@ -14551,9 +15457,9 @@ static int test_wc_Sha512_256Update(void)
     c.input = NULL;
     c.inLen = WC_SHA512_256_DIGEST_SIZE;
     ExpectIntEQ(wc_Sha512_256Update(&sha512, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha512_256Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512_256Free(&sha512);
 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
@@ -14655,9 +15561,9 @@ static int test_wc_Sha512_256Copy(void)
 
     ExpectIntEQ(wc_Sha512_256Copy(&sha512, &temp), 0);
     /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512_256Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Copy(&sha512, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512_256Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_256Copy(NULL, &temp), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_256Copy(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha512_256Free(&sha512);
     wc_Sha512_256Free(&temp);
@@ -14680,7 +15586,7 @@ static int test_wc_InitSha384(void)
     /* Test good arg. */
     ExpectIntEQ(wc_InitSha384(&sha384), 0);
     /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha384(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha384(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha384Free(&sha384);
 #endif
@@ -14728,9 +15634,9 @@ static int test_wc_Sha384Update(void)
     c.input = NULL;
     c.inLen = WC_SHA384_DIGEST_SIZE;
     ExpectIntEQ( wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha384Free(&sha384);
 #endif
@@ -14764,9 +15670,9 @@ static int test_wc_Sha384Final(void)
     }
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha384Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Final(&sha384, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha384Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha384Final(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha384Final(&sha384, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha384Free(&sha384);
 #endif
@@ -14821,9 +15727,9 @@ static int test_wc_Sha384FinalRaw(void)
     }
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha384FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384FinalRaw(&sha384, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha384FinalRaw(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha384FinalRaw(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha384FinalRaw(&sha384, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha384Free(&sha384);
 #endif
@@ -14858,9 +15764,9 @@ static int test_wc_Sha384GetHash(void)
 
     ExpectIntEQ(wc_Sha384GetHash(&sha384, hash1), 0);
     /* test bad arguments*/
-    ExpectIntEQ(wc_Sha384GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384GetHash(&sha384, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha384GetHash(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha384GetHash(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha384GetHash(&sha384, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha384Free(&sha384);
 #endif
@@ -14885,9 +15791,9 @@ static int test_wc_Sha384Copy(void)
 
     ExpectIntEQ(wc_Sha384Copy(&sha384, &temp), 0);
     /* test bad arguments*/
-    ExpectIntEQ(wc_Sha384Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Copy(&sha384, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha384Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha384Copy(NULL, &temp), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha384Copy(&sha384, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha384Free(&sha384);
     wc_Sha384Free(&temp);
@@ -14907,7 +15813,7 @@ static int test_wc_InitSha224(void)
     /* Test good arg. */
     ExpectIntEQ(wc_InitSha224(&sha224), 0);
     /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha224(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha224(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha224Free(&sha224);
 #endif
@@ -14952,9 +15858,9 @@ static int test_wc_Sha224Update(void)
     c.input = NULL;
     c.inLen = WC_SHA224_DIGEST_SIZE;
     ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha224Free(&sha224);
 #endif
@@ -14989,9 +15895,9 @@ static int test_wc_Sha224Final(void)
     }
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha224Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Final(&sha224, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha224Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha224Final(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha224Final(&sha224, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha224Free(&sha224);
 #endif
@@ -15071,9 +15977,9 @@ static int test_wc_Sha224GetHash(void)
 
     ExpectIntEQ(wc_Sha224GetHash(&sha224, hash1), 0);
     /* test bad arguments*/
-    ExpectIntEQ(wc_Sha224GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224GetHash(&sha224, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha224GetHash(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha224GetHash(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha224GetHash(&sha224, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha224Free(&sha224);
 #endif
@@ -15099,9 +16005,9 @@ static int test_wc_Sha224Copy(void)
 
     ExpectIntEQ(wc_Sha224Copy(&sha224, &temp), 0);
     /* test bad arguments*/
-    ExpectIntEQ(wc_Sha224Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Copy(&sha224, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha224Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha224Copy(NULL, &temp), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha224Copy(&sha224, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha224Free(&sha224);
     wc_Sha224Free(&temp);
@@ -15122,7 +16028,7 @@ static int test_wc_InitRipeMd(void)
     /* Test good arg. */
     ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
     /* Test bad arg. */
-    ExpectIntEQ(wc_InitRipeMd(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitRipeMd(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 
@@ -15164,9 +16070,9 @@ static int test_wc_RipeMdUpdate(void)
     c.input = NULL;
     c.inLen = RIPEMD_DIGEST_SIZE;
     ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_RipeMdUdpate */
@@ -15198,9 +16104,9 @@ static int test_wc_RipeMdFinal(void)
     }
 
     /* Test bad args. */
-    ExpectIntEQ(wc_RipeMdFinal(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RipeMdFinal(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RipeMdFinal(&ripemd, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RipeMdFinal(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RipeMdFinal(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RipeMdFinal(&ripemd, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_RipeMdFinal */
@@ -15221,25 +16127,25 @@ static int test_wc_InitSha3(void)
 #if !defined(WOLFSSL_NOSHA3_224)
     ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_224(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha3_224(NULL, HEAP_HINT, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_Sha3_224_Free(&sha3);
 #endif /* NOSHA3_224 */
 #if !defined(WOLFSSL_NOSHA3_256)
     ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_256(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha3_256(NULL, HEAP_HINT, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_Sha3_256_Free(&sha3);
 #endif /* NOSHA3_256 */
 #if !defined(WOLFSSL_NOSHA3_384)
     ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_384(NULL, HEAP_HINT, testDevId),  BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha3_384(NULL, HEAP_HINT, testDevId),  WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_Sha3_384_Free(&sha3);
 #endif /* NOSHA3_384 */
 #if !defined(WOLFSSL_NOSHA3_512)
     ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_512(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSha3_512(NULL, HEAP_HINT, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_Sha3_512_Free(&sha3);
 #endif /* NOSHA3_512 */
 #endif
@@ -15277,8 +16183,8 @@ static int testing_wc_Sha3_Update(void)
         ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
 
         /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_224_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_Sha3_224_Update(NULL, msg2, msg2len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_Sha3_224_Update(&sha3, NULL, 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         wc_Sha3_224_Free(&sha3);
 
         ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
@@ -15298,8 +16204,8 @@ static int testing_wc_Sha3_Update(void)
         ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
 
         /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_256_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_Sha3_256_Update(NULL, msg2, msg2len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_Sha3_256_Update(&sha3, NULL, 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         wc_Sha3_256_Free(&sha3);
 
         ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
@@ -15319,8 +16225,8 @@ static int testing_wc_Sha3_Update(void)
         ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
 
         /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_384_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_Sha3_384_Update(NULL, msg2, msg2len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_Sha3_384_Update(&sha3, NULL, 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         wc_Sha3_384_Free(&sha3);
 
         ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
@@ -15340,8 +16246,8 @@ static int testing_wc_Sha3_Update(void)
         ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
 
         /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_512_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_Sha3_512_Update(NULL, msg2, msg2len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_Sha3_512_Update(&sha3, NULL, 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         wc_Sha3_512_Free(&sha3);
 
         ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
@@ -15379,8 +16285,8 @@ static int test_wc_Sha3_224_Final(void)
     ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_224_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_224_Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_224_Final(&sha3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_Sha3_224_Free(&sha3);
 
     ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
@@ -15393,8 +16299,8 @@ static int test_wc_Sha3_224_Final(void)
     ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_224_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_224_GetHash(&sha3, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_224_GetHash(NULL, hashRet), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_224_GetHash(&sha3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha3_224_Free(&sha3);
 #endif
@@ -15427,8 +16333,8 @@ static int test_wc_Sha3_256_Final(void)
     ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_256_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_256_Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_256_Final(&sha3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_Sha3_256_Free(&sha3);
 
     ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
@@ -15441,8 +16347,8 @@ static int test_wc_Sha3_256_Final(void)
     ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_256_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_256_GetHash(&sha3, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_256_GetHash(NULL, hashRet), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_256_GetHash(&sha3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha3_256_Free(&sha3);
 #endif
@@ -15476,8 +16382,8 @@ static int test_wc_Sha3_384_Final(void)
     ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_384_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_384_Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_384_Final(&sha3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_Sha3_384_Free(&sha3);
 
     ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
@@ -15490,8 +16396,8 @@ static int test_wc_Sha3_384_Final(void)
     ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_384_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_384_GetHash(&sha3, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_384_GetHash(NULL, hashRet), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_384_GetHash(&sha3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha3_384_Free(&sha3);
 #endif
@@ -15528,8 +16434,8 @@ static int test_wc_Sha3_512_Final(void)
     ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_512_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_512_Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_512_Final(&sha3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_Sha3_512_Free(&sha3);
 
     ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
@@ -15542,8 +16448,8 @@ static int test_wc_Sha3_512_Final(void)
     ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_512_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_512_GetHash(&sha3, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_512_GetHash(NULL, hashRet), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_512_GetHash(&sha3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha3_512_Free(&sha3);
 #endif
@@ -15578,8 +16484,8 @@ static int test_wc_Sha3_224_Copy(void)
     ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_224_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_224_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_224_Copy(NULL, &sha3), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_224_Copy(&sha3Cpy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha3_224_Free(&sha3);
     wc_Sha3_224_Free(&sha3Cpy);
@@ -15616,8 +16522,8 @@ static int test_wc_Sha3_256_Copy(void)
     ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_256_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_256_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_256_Copy(NULL, &sha3), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_256_Copy(&sha3Cpy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha3_256_Free(&sha3);
     wc_Sha3_256_Free(&sha3Cpy);
@@ -15654,8 +16560,8 @@ static int test_wc_Sha3_384_Copy(void)
     ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_384_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_384_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_384_Copy(NULL, &sha3), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_384_Copy(&sha3Cpy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha3_384_Free(&sha3);
     wc_Sha3_384_Free(&sha3Cpy);
@@ -15691,8 +16597,8 @@ static int test_wc_Sha3_512_Copy(void)
     ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_512_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_512_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha3_512_Copy(NULL, &sha3), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha3_512_Copy(&sha3Cpy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Sha3_512_Free(&sha3);
     wc_Sha3_512_Free(&sha3Cpy);
@@ -15727,7 +16633,7 @@ static int test_wc_InitShake256(void)
 
     ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_InitShake256(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitShake256(NULL, HEAP_HINT, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Shake256_Free(&shake);
 #endif
@@ -15760,8 +16666,8 @@ static int testing_wc_Shake256_Update(void)
     ExpectIntEQ(XMEMCMP(shake.t, msgCmp, msgCmplen), 0);
 
     /* Pass bad args. */
-    ExpectIntEQ(wc_Shake256_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Shake256_Update(&shake, NULL, 5), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Shake256_Update(NULL, msg2, msg2len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake256_Update(&shake, NULL, 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_Shake256_Free(&shake);
 
     ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
@@ -15802,9 +16708,9 @@ static int test_wc_Shake256_Final(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_Shake256_Final(NULL, hash, (word32)sizeof(hash)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Shake256_Free(&shake);
 #endif
@@ -15838,8 +16744,8 @@ static int test_wc_Shake256_Copy(void)
     ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Shake256_Copy(NULL, &shake), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Shake256_Copy(&shakeCpy, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Shake256_Copy(NULL, &shake), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake256_Copy(&shakeCpy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Shake256_Free(&shake);
     wc_Shake256_Free(&shakeCpy);
@@ -15877,7 +16783,7 @@ static int test_wc_InitSm3Free(void)
     wc_Sm3 sm3;
 
     /* Invalid Parameters */
-    ExpectIntEQ(wc_InitSm3(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitSm3(NULL, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid Parameters */
     ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
@@ -15913,9 +16819,9 @@ static int test_wc_Sm3UpdateFinal(void)
     ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
 
     /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3Update(NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Update(NULL, data, 1), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm3Update(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Update(NULL, data, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid Parameters */
     ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 0), 0);
@@ -15928,9 +16834,9 @@ static int test_wc_Sm3UpdateFinal(void)
     ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_PAD_SIZE), 0);
 
     /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Final(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Final(NULL, hash), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm3Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Final(&sm3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid Parameters */
     ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
@@ -15976,9 +16882,9 @@ static int test_wc_Sm3GetHash(void)
     ExpectIntEQ(wc_Sm3Final(&sm3, calcHash), 0);
 
     /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3GetHash(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3GetHash(NULL, hash), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm3GetHash(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3GetHash(&sm3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3GetHash(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid Parameters */
     ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
@@ -16013,9 +16919,9 @@ static int test_wc_Sm3Copy(void)
     ExpectIntEQ(wc_InitSm3(&sm3Copy, NULL, INVALID_DEVID), 0);
 
     /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Copy(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Copy(NULL, &sm3Copy), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm3Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Copy(&sm3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Copy(NULL, &sm3Copy), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid Parameters */
     ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3Copy), 0);
@@ -16061,9 +16967,9 @@ static int test_wc_Sm3FinalRaw(void)
     ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
 
     /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3FinalRaw(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3FinalRaw(NULL, hash1), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm3FinalRaw(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3FinalRaw(&sm3, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3FinalRaw(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     times = sizeof(hash_test) / sizeof(byte*);
     for (i = 0; i < times; i++) {
@@ -16120,8 +17026,8 @@ static int test_wc_Sm3Hash(void)
     byte hash[WC_SM3_DIGEST_SIZE];
 
     /* Invalid parameters. */
-    ExpectIntEQ(wc_Sm3Hash(NULL, sizeof(data), hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm3Hash(NULL, sizeof(data), hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid parameters. */
     ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), hash), 0);
@@ -16156,7 +17062,7 @@ static int test_wc_Md5HmacSetKey(void)
             (word32)XSTRLEN(keys[itr]));
 #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
         wc_HmacFree(&hmac);
-        ExpectIntEQ(ret, BAD_FUNC_ARG);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
         ExpectIntEQ(ret, 0);
 #endif
@@ -16164,16 +17070,16 @@ static int test_wc_Md5HmacSetKey(void)
 
     /* Bad args. */
     ExpectIntEQ(wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
 #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
-    ExpectIntEQ(ret, BAD_FUNC_ARG);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #elif defined(HAVE_FIPS)
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
 #else
     ExpectIntEQ(ret, 0);
 #endif
@@ -16216,15 +17122,15 @@ static int test_wc_ShaHmacSetKey(void)
 
     /* Bad args. */
     ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
 #ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
 #else
     ExpectIntEQ(ret, 0);
 #endif
@@ -16265,14 +17171,14 @@ static int test_wc_Sha224HmacSetKey(void)
 
     /* Bad args. */
     ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
 #ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
 #else
     ExpectIntEQ(ret, 0);
 #endif
@@ -16313,14 +17219,14 @@ static int test_wc_Sha256HmacSetKey(void)
 
     /* Bad args. */
     ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
 #ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
 #else
     ExpectIntEQ(ret, 0);
 #endif
@@ -16362,14 +17268,14 @@ static int test_wc_Sha384HmacSetKey(void)
 
     /* Bad args. */
     ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
 #ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
 #else
     ExpectIntEQ(ret, 0);
 #endif
@@ -16410,8 +17316,8 @@ static int test_wc_Md5HmacUpdate(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
 
@@ -16450,8 +17356,8 @@ static int test_wc_ShaHmacUpdate(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
 
@@ -16490,8 +17396,8 @@ static int test_wc_Sha224HmacUpdate(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
 
@@ -16530,8 +17436,8 @@ static int test_wc_Sha256HmacUpdate(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
 
@@ -16570,8 +17476,8 @@ static int test_wc_Sha384HmacUpdate(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
 
@@ -16608,9 +17514,9 @@ static int test_wc_Md5HmacFinal(void)
     ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0);
 
     /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wc_HmacFree(&hmac);
@@ -16646,9 +17552,9 @@ static int test_wc_ShaHmacFinal(void)
     ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0);
 
     /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wc_HmacFree(&hmac);
@@ -16685,9 +17591,9 @@ static int test_wc_Sha224HmacFinal(void)
     ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0);
 
     /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wc_HmacFree(&hmac);
@@ -16724,9 +17630,9 @@ static int test_wc_Sha256HmacFinal(void)
     ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0);
 
     /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wc_HmacFree(&hmac);
@@ -16764,9 +17670,9 @@ static int test_wc_Sha384HmacFinal(void)
     ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0);
 
     /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wc_HmacFree(&hmac);
@@ -16826,10 +17732,10 @@ static int test_wc_InitCmac(void)
 
     wc_AesFree(&cmac3.aes);
     /* Test bad args. */
-    ExpectIntEQ(wc_InitCmac(NULL, key3, key3Sz, type, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitCmac(&cmac3, key3, 0, type, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitCmac(NULL, key3, key3Sz, type, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitCmac(&cmac3, key3, 0, type, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_InitCmac */
@@ -16862,8 +17768,8 @@ static int test_wc_CmacUpdate(void)
     ExpectIntEQ(wc_CmacUpdate(&cmac, in, inSz), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_CmacUpdate(NULL, in, inSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacUpdate(&cmac, NULL, 30), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_CmacUpdate(NULL, in, inSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacUpdate(&cmac, NULL, 30), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_AesFree(&cmac.aes);
 #endif
     return EXPECT_RESULT();
@@ -16913,9 +17819,9 @@ static int test_wc_CmacFinal(void)
 
 #if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
     /* Pass in bad args. */
-    ExpectIntEQ(wc_CmacFinalNoFree(NULL, mac, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, NULL, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, mac, &badMacSz), BUFFER_E);
+    ExpectIntEQ(wc_CmacFinalNoFree(NULL, mac, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, NULL, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, mac, &badMacSz), WC_NO_ERR_TRACE(BUFFER_E));
 
     /* For the last call, use the API with implicit wc_CmacFree(). */
     ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
@@ -16925,9 +17831,9 @@ static int test_wc_CmacFinal(void)
     ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_CmacFinal(NULL, mac, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinal(&cmac, NULL, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &badMacSz), BUFFER_E);
+    ExpectIntEQ(wc_CmacFinal(NULL, mac, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinal(&cmac, NULL, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &badMacSz), WC_NO_ERR_TRACE(BUFFER_E));
 #endif /* !HAVE_FIPS || FIPS>=5.3 */
 #endif
     return EXPECT_RESULT();
@@ -16962,26 +17868,26 @@ static int test_wc_AesCmacGenerate(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 
@@ -17033,77 +17939,77 @@ static int test_wc_AesGcmStream(void)
     ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
 
     /* BadParameters to streaming init. */
-    ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Bad parameters to encrypt update. */
     ExpectIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Bad parameters to decrypt update. */
     ExpectIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Bad parameters to encrypt final. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Bad parameters to decrypt final. */
-    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Check calling final before setting key fails. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY);
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_KEY));
     /* Check calling update before setting key else fails. */
     ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
-        MISSING_KEY);
+        WC_NO_ERR_TRACE(MISSING_KEY));
     ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
-        MISSING_KEY);
+        WC_NO_ERR_TRACE(MISSING_KEY));
 
     /* Set key but not IV. */
     ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
     ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
     /* Check calling final before setting IV fails. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV);
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_IV));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_IV));
     /* Check calling update before setting IV else fails. */
     ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
-        MISSING_IV);
+        WC_NO_ERR_TRACE(MISSING_IV));
     ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
-        MISSING_IV);
+        WC_NO_ERR_TRACE(MISSING_IV));
 
     /* Set IV using fixed part IV and external IV APIs. */
     ExpectIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
@@ -17234,7 +18140,7 @@ static int test_wc_Sm4(void)
 #endif
 
     /* Invalid parameters - wc_Sm4Init */
-    ExpectIntEQ(wc_Sm4Init(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm4Init(NULL, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid cases - wc_Sm4Init */
     ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
@@ -17244,15 +18150,15 @@ static int test_wc_Sm4(void)
     XMEMSET(key, 0, sizeof(key));
 
     /* Invalid parameters - wc_Sm4SetKey. */
-    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(NULL, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(NULL, key, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE-1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE+1), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(NULL, key, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE-1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE+1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid cases - wc_Sm4SetKey. */
     ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
@@ -17262,9 +18168,9 @@ static int test_wc_Sm4(void)
     XMEMSET(iv, 0, sizeof(iv));
 
     /* Invalid parameters - wc_Sm4SetIV. */
-    ExpectIntEQ(wc_Sm4SetIV(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetIV(NULL, iv), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm4SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid cases - wc_Sm4SetIV. */
     ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
@@ -17297,22 +18203,22 @@ static int test_wc_Sm4Ecb(void)
     XMEMSET(in, 0, sizeof(in));
 
     ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), MISSING_KEY);
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_KEY));
 
     /* Tested in test_wc_Sm4. */
     ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
 
     /* Invalid parameters - wc_Sm4EcbEncrypt. */
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid cases - wc_Sm4EcbEncrypt. */
     ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), 0);
@@ -17324,15 +18230,15 @@ static int test_wc_Sm4Ecb(void)
     ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
 
     /* Invalid parameters - wc_Sm4EcbDecrypt. */
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid cases - wc_Sm4EcbDecrypt. */
     ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), 0);
@@ -17370,25 +18276,25 @@ static int test_wc_Sm4Cbc(void)
     XMEMSET(in, 0, sizeof(in));
 
     ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), MISSING_KEY);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_KEY));
     /* Tested in test_wc_Sm4. */
     ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), MISSING_IV);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), MISSING_IV);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_IV));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_IV));
     /* Tested in test_wc_Sm4. */
     ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
 
     /* Invalid parameters - wc_Sm4CbcEncrypt. */
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid cases - wc_Sm4CbcEncrypt. */
     ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), 0);
@@ -17402,15 +18308,15 @@ static int test_wc_Sm4Cbc(void)
     ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
 
     /* Invalid parameters - wc_Sm4CbcDecrypt. */
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
     /* Valid cases - wc_Sm4CbcDecrypt. */
@@ -17453,21 +18359,21 @@ static int test_wc_Sm4Ctr(void)
     XMEMSET(in, 0, sizeof(in));
 
     ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), MISSING_KEY);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_KEY));
     /* Tested in test_wc_Sm4. */
     ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), MISSING_IV);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_IV));
     /* Tested in test_wc_Sm4. */
     ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
 
     /* Invalid parameters - wc_Sm4CtrEncrypt. */
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid cases - wc_Sm4CtrEncrypt. */
     ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), 0);
@@ -17547,81 +18453,81 @@ static int test_wc_Sm4Gcm(void)
 
     ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
     ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
 
     /* Invalid parameters - wc_Sm4GcmSetKey. */
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, SM4_KEY_SIZE), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid parameters - wc_Sm4GcmSetKey. */
     ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, SM4_KEY_SIZE), 0);
 
     /* Invalid parameters - wc_Sm4GcmEncrypt. */
     ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
+        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Invalid parameters - wc_Sm4GcmDecrypt. */
     ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
+        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid cases - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
     ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
@@ -17662,7 +18568,7 @@ static int test_wc_Sm4Gcm(void)
         GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
     ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
         GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
-        SM4_GCM_AUTH_E);
+        WC_NO_ERR_TRACE(SM4_GCM_AUTH_E));
 
     /* Check valid values of tag size - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
     for (i = WOLFSSL_MIN_AUTH_TAG_SZ; i < SM4_BLOCK_SIZE; i++) {
@@ -17736,70 +18642,70 @@ static int test_wc_Sm4Ccm(void)
 
     ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
     ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
     ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
 
     /* Invalid parameters - wc_Sm4CcmEncrypt. */
     ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
+        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Invalid parameters - wc_Sm4CcmDecrypt. */
     ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ - 1, aad, sizeof(aad)), BAD_FUNC_ARG);
+        WOLFSSL_MIN_AUTH_TAG_SZ - 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
+        SM4_BLOCK_SIZE + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Valid cases - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
     ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
@@ -17838,21 +18744,21 @@ static int test_wc_Sm4Ccm(void)
     }
     ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
         CCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
-        SM4_CCM_AUTH_E);
+        WC_NO_ERR_TRACE(SM4_CCM_AUTH_E));
 
     /* Check invalid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
     for (i = 0; i < 4; i++) {
         ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     }
     /*   Odd values in range 4..SM4_BLOCK_SIZE. */
     for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
         ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     }
     /* Check valid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt.
      * Even values in range 4..SM4_BLOCK_SIZE.
@@ -17930,7 +18836,7 @@ static int test_wc_Des3_SetIV(void)
 
 #ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
     /* Test explicitly wc_Des3_SetIV()  */
-    ExpectIntEQ(wc_Des3_SetIV(NULL, iv), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Des3_SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Des3_SetIV(&des, NULL), 0);
 #endif
     wc_Des3Free(&des);
@@ -17967,9 +18873,9 @@ static int test_wc_Des3_SetKey(void)
     ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, -1), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Default case. Should return 0. */
     ExpectIntEQ(wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION), 0);
 
@@ -18017,14 +18923,14 @@ static int test_wc_Des3_CbcEncryptDecrypt(void)
     ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_Des3_CbcEncrypt(NULL, cipher, vector, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, NULL, vector, 24), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Des3_CbcEncrypt(NULL, cipher, vector, 24), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, NULL, vector, 24), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
-    ExpectIntEQ(wc_Des3_CbcDecrypt(NULL, plain, cipher, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, NULL, cipher, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Des3_CbcDecrypt(NULL, plain, cipher, 24), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, NULL, cipher, 24), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Des3Free(&des);
 #endif
@@ -18068,20 +18974,20 @@ static int test_wc_Des3_CbcEncryptDecryptWithKey(void)
 
     /* pass in bad args. */
     ExpectIntEQ(wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL),
         0);
 
     ExpectIntEQ(wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL),
         0);
 #endif
@@ -18119,11 +19025,11 @@ static int test_wc_Des3_EcbEncrypt(void)
     ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, 0, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, 0), 0);
 
     /* Good Cases */
@@ -18154,12 +19060,12 @@ static int test_wc_Chacha_SetKey(void)
     XMEMSET(cipher, 0, sizeof(cipher));
     ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, 18), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, 18), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_Chacha_SetIV(&ctx, cipher, 0), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_Chacha_SetIV(NULL, cipher, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Chacha_SetIV(NULL, cipher, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_Chacha_SetKey */
@@ -18184,9 +19090,9 @@ static int test_wc_Poly1305SetKey(void)
     ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, keySz), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_Poly1305SetKey(NULL, key,keySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Poly1305SetKey(&ctx, NULL, keySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, 18), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Poly1305SetKey(NULL, key,keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Poly1305SetKey(&ctx, NULL, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, 18), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_Poly1305_SetKey() */
@@ -18307,7 +19213,7 @@ static int test_wc_Chacha_Process(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_Chacha_Process */
@@ -18389,20 +19295,20 @@ static int test_wc_ChaCha20Poly1305_aead(void)
     /* Test bad args. */
     ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad),
         plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
         plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
         sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
         NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), NULL, generatedAuthTag), BAD_FUNC_ARG);
+        plaintext, sizeof(plaintext), NULL, generatedAuthTag), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), generatedCiphertext, NULL), BAD_FUNC_ARG);
+        plaintext, sizeof(plaintext), generatedCiphertext, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
         sizeof(cipher), authTag, generatedPlaintext), 0);
@@ -18411,17 +19317,17 @@ static int test_wc_ChaCha20Poly1305_aead(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), authTag, generatedPlaintext),  BAD_FUNC_ARG);
+        sizeof(cipher), authTag, generatedPlaintext),  WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
-        cipher, sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
+        cipher, sizeof(cipher), authTag, generatedPlaintext), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
-        sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
+        sizeof(cipher), authTag, generatedPlaintext), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), NULL, generatedPlaintext), BAD_FUNC_ARG);
+        sizeof(cipher), NULL, generatedPlaintext), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), authTag, NULL), BAD_FUNC_ARG);
+        sizeof(cipher), authTag, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
-        sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
+        sizeof(cipher), authTag, generatedPlaintext), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_ChaCha20Poly1305_aead */
@@ -18448,20 +19354,20 @@ static int test_wc_Rc2SetKey(void)
     /* bad arguments  */
     /* null Rc2 struct */
     ExpectIntEQ(wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
-        iv, 40), BAD_FUNC_ARG);
+        iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null key */
     ExpectIntEQ(wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
-        iv, 40), BAD_FUNC_ARG);
+        iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* key size == 0 */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 0, iv, 40), WC_KEY_SIZE_E);
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 0, iv, 40), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
     /* key size > 128 */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 129, iv, 40), WC_KEY_SIZE_E);
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 129, iv, 40), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
     /* effective bits == 0 */
     ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
-        iv, 0), WC_KEY_SIZE_E);
+        iv, 0), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
     /* effective bits > 1024 */
     ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
-        iv, 1025), WC_KEY_SIZE_E);
+        iv, 1025), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_Rc2SetKey */
@@ -18482,8 +19388,8 @@ static int test_wc_Rc2SetIV(void)
     ExpectIntEQ(wc_Rc2SetIV(&rc2, NULL), 0);
 
     /* bad arguments */
-    ExpectIntEQ(wc_Rc2SetIV(NULL, iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Rc2SetIV(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Rc2SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Rc2SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_Rc2SetIV */
@@ -18517,28 +19423,28 @@ static int test_wc_Rc2EcbEncryptDecrypt(void)
     /* Rc2EcbEncrypt bad arguments */
     /* null Rc2 struct */
     ExpectIntEQ(wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null out buffer */
     ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null input buffer */
     ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* output buffer sz != RC2_BLOCK_SIZE (8) */
-    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, 7), BUFFER_E);
+    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, 7), WC_NO_ERR_TRACE(BUFFER_E));
 
     /* Rc2EcbDecrypt bad arguments */
     /* null Rc2 struct */
     ExpectIntEQ(wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null out buffer */
     ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null input buffer */
     ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* output buffer sz != RC2_BLOCK_SIZE (8) */
-    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, output, 7), BUFFER_E);
+    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, output, 7), WC_NO_ERR_TRACE(BUFFER_E));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_Rc2EcbEncryptDecrypt */
@@ -18586,26 +19492,26 @@ static int test_wc_Rc2CbcEncryptDecrypt(void)
     /* Rc2CbcEncrypt bad arguments */
     /* null Rc2 struct */
     ExpectIntEQ(wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null out buffer */
     ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null input buffer */
     ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Rc2CbcDecrypt bad arguments */
     /* in size is 0 */
     ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, output, 0), 0);
     /* null Rc2 struct */
     ExpectIntEQ(wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null out buffer */
     ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null input buffer */
     ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_Rc2CbcEncryptDecrypt */
@@ -18640,7 +19546,7 @@ static int test_wc_AesSetIV(void)
     /* Test bad args. */
     if (ret == 0) {
         ret = wc_AesSetIV(NULL, iv1);
-        if (ret == BAD_FUNC_ARG) {
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
             /* NULL iv should return 0. */
             ret = wc_AesSetIV(&aes, NULL);
         }
@@ -18709,10 +19615,10 @@ static int test_wc_AesSetKey(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_AesSetKey(NULL, key16, (word32)sizeof(key16) / sizeof(byte),
-        iv, AES_ENCRYPTION), BAD_FUNC_ARG);
+        iv, AES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesSetKey(&aes, badKey16,
         (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_AesFree(&aes);
 #endif
@@ -18771,14 +19677,14 @@ static int test_wc_AesCbcEncryptDecrypt(void)
 
     /* Pass in bad args */
     ExpectIntEQ(wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
     ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1),
-        BAD_LENGTH_E);
+        WC_NO_ERR_TRACE(BAD_LENGTH_E));
 #endif
 #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
     (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
@@ -18796,17 +19702,17 @@ static int test_wc_AesCbcEncryptDecrypt(void)
     }
 #endif
 
-    ExpectIntEQ(wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
     ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1),
-        BAD_LENGTH_E);
+        WC_NO_ERR_TRACE(BAD_LENGTH_E));
 #else
     ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     /* Test passing in size of 0  */
@@ -18820,13 +19726,13 @@ static int test_wc_AesCbcEncryptDecrypt(void)
     }
 
     ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE,
-        key32, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
+        key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE,
-        key32, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
+        key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
-        NULL, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
+        NULL, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
-        key32, sizeof(key32)/sizeof(byte), NULL), BAD_FUNC_ARG);
+        key32, sizeof(key32)/sizeof(byte), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_AesFree(&aes);
 #endif
@@ -18879,11 +19785,11 @@ static int test_wc_AesCtrEncryptDecrypt(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_AesFree(&aesEnc);
     wc_AesFree(&aesDec);
@@ -18950,11 +19856,11 @@ static int test_wc_AesGcmSetKey(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_AesFree(&aes);
 #endif
@@ -19011,13 +19917,13 @@ static int test_wc_AesGcmEncryptDecrypt(void)
     /* Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
     ExpectIntEQ(wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv,
         sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
         sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
         sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
         (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \
@@ -19025,7 +19931,7 @@ static int test_wc_AesGcmEncryptDecrypt(void)
         /* FIPS does not check the lower bound of ivSz */
 #else
         ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0,
-            resultT, sizeof(resultT), a, sizeof(a)), BAD_FUNC_ARG);
+            resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     /* This case is now considered good. Long IVs are now allowed.
@@ -19045,27 +19951,27 @@ static int test_wc_AesGcmEncryptDecrypt(void)
 #ifdef HAVE_AES_DECRYPT
     ExpectIntEQ(wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv,
         sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv,
         sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv,
         sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL,
         sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
         sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #if (defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) && defined(WOLFSSL_ARMASM))
     ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
         sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
-        AES_GCM_AUTH_E);
+        WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
     #else
     ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
         sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #endif
     #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
             (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
@@ -19073,7 +19979,7 @@ static int test_wc_AesGcmEncryptDecrypt(void)
             /* FIPS does not check the lower bound of ivSz */
     #else
         ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
-            iv, 0, resultT, sizeof(resultT), a, sizeof(a)), BAD_FUNC_ARG);
+            iv, 0, resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #endif
 #endif /* HAVE_AES_DECRYPT */
 
@@ -19203,15 +20109,15 @@ static int test_wc_GmacSetKey(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_AesFree(&gmac.aes);
 #endif
@@ -19337,11 +20243,11 @@ static int test_wc_GmacUpdate(void)
     /* Pass bad args. */
     ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3)), BAD_FUNC_ARG);
+        tagOut3, sizeof(tag3)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3) - 5), BAD_FUNC_ARG);
+        tagOut3, sizeof(tag3) - 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3) + 1),  BAD_FUNC_ARG);
+        tagOut3, sizeof(tag3) + 1),  WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_AesFree(&gmac.aes);
 
 #endif
@@ -19395,7 +20301,7 @@ static int test_wc_CamelliaSetKey(void)
 
     /* Bad args. */
     ExpectIntEQ(wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_CammeliaSetKey */
@@ -19417,8 +20323,8 @@ static int test_wc_CamelliaSetIV(void)
     ExpectIntEQ(wc_CamelliaSetIV(&camellia, NULL), 0);
 
     /* Bad args. */
-    ExpectIntEQ(wc_CamelliaSetIV(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaSetIV(NULL, iv), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_CamelliaSetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaSetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_CamelliaSetIV*/
@@ -19458,14 +20364,14 @@ static int test_wc_CamelliaEncryptDecryptDirect(void)
     ExpectIntEQ(XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE), 0);
 
     /* Pass bad args. */
-    ExpectIntEQ(wc_CamelliaEncryptDirect(NULL, enc, plainT), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_CamelliaEncryptDirect(NULL, enc, plainT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, NULL, plainT),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
-    ExpectIntEQ(wc_CamelliaDecryptDirect(NULL, dec, enc), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, NULL, enc), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_CamelliaDecryptDirect(NULL, dec, enc), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, NULL, enc), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test-wc_CamelliaEncryptDecryptDirect */
@@ -19507,18 +20413,18 @@ static int test_wc_CamelliaCbcEncryptDecrypt(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
+        CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
+        CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
+        CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
+        CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_CamelliaCbcEncryptDecrypt */
@@ -19537,9 +20443,9 @@ static int test_wc_Arc4SetKey(void)
 
     ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, (word32)keyLen), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, (word32)keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4SetKey(&arc, NULL      , (word32)keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0     ), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, (word32)keyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4SetKey(&arc, NULL      , (word32)keyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0     ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     return EXPECT_RESULT();
 
@@ -19578,9 +20484,9 @@ static int test_wc_Arc4Process(void)
     ExpectIntEQ(XMEMCMP(plain, input, keyLen), 0);
 
     /* Bad args. */
-    ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, (word32)keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, (word32)keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, (word32)keyLen), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, (word32)keyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, (word32)keyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, (word32)keyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_Arc4Free(&enc);
     wc_Arc4Free(&dec);
@@ -19604,7 +20510,7 @@ static int test_wc_InitRsaKey(void)
     ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
 #endif
@@ -19644,11 +20550,11 @@ static int test_wc_RsaPrivateKeyDecode(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -19698,11 +20604,11 @@ static int test_wc_RsaPublicKeyDecode(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRsaKey(&keyPub), 0);
 
@@ -19754,11 +20660,11 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -19808,56 +20714,56 @@ static int test_wc_RsaPrivateKeyDecodeRaw(void)
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(NULL, sizeof(n),
                 &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
                 &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, 0,
                 &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
                 &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 NULL, sizeof(e), &d, sizeof(d), &u, sizeof(u),
                 &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 &e, 0, &d, sizeof(d), &u, sizeof(u),
                 &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 &e, sizeof(e), NULL, sizeof(d), &u, sizeof(u),
                 &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 &e, sizeof(e), &d, 0, &u, sizeof(u),
                 &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
                 NULL, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
                 &p, 0, &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
                 &p, sizeof(p), NULL, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
                 &p, sizeof(p), &q, 0, &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 &e, sizeof(e), &d, sizeof(d), &u, 0,
                 &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 &e, sizeof(e), &d, sizeof(d), NULL, sizeof(u),
                 &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
                 &e, sizeof(e), &d, sizeof(d), &u, 0,
                 &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -19877,7 +20783,7 @@ static int test_wc_RsaPrivateKeyDecodeRaw(void)
 
             for (;;) {
                 ret = wc_MakeRsaKey(key, size, e, rng);
-                if (ret != PRIME_GEN_E) break;
+                if (ret != WC_NO_ERR_TRACE(PRIME_GEN_E)) break;
                 fprintf(stderr, "MakeRsaKey couldn't find prime; "
                                 "trying again.\n");
             }
@@ -19902,7 +20808,8 @@ static int test_wc_MakeRsaKey(void)
     RsaKey genKey;
     WC_RNG rng;
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int bits = 1024;
 #else
     int bits = 2048;
@@ -19917,13 +20824,13 @@ static int test_wc_MakeRsaKey(void)
     DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* e < 3 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* e & 1 == 0 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
 #endif
@@ -19981,14 +20888,14 @@ static int test_RsaDecryptBoundsCheck(void)
         flatC[flatCSz-1] = 1;
 
         ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
-            RSA_PRIVATE_DECRYPT, &rng), RSA_OUT_OF_RANGE_E);
+            RSA_PRIVATE_DECRYPT, &rng), WC_NO_ERR_TRACE(RSA_OUT_OF_RANGE_E));
         if (EXPECT_SUCCESS()) {
             mp_int c;
             ExpectIntEQ(mp_init_copy(&c, &key.n), 0);
             ExpectIntEQ(mp_sub_d(&c, 1, &c), 0);
             ExpectIntEQ(mp_to_unsigned_bin(&c, flatC), 0);
             ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
-                RSA_PRIVATE_DECRYPT, NULL), RSA_OUT_OF_RANGE_E);
+                RSA_PRIVATE_DECRYPT, NULL), WC_NO_ERR_TRACE(RSA_OUT_OF_RANGE_E));
             mp_clear(&c);
         }
     }
@@ -20017,12 +20924,12 @@ static int test_wc_SetKeyUsage(void)
     ExpectIntEQ(wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign"), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_SetKeyUsage(NULL, "decipherOnly"), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_SetKeyUsage(&myCert, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_SetKeyUsage(&myCert, ""), KEYUSAGE_E);
-    ExpectIntEQ(wc_SetKeyUsage(&myCert, ","), KEYUSAGE_E);
+    ExpectIntEQ(wc_SetKeyUsage(NULL, "decipherOnly"), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_SetKeyUsage(&myCert, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_SetKeyUsage(&myCert, ""), WC_NO_ERR_TRACE(KEYUSAGE_E));
+    ExpectIntEQ(wc_SetKeyUsage(&myCert, ","), WC_NO_ERR_TRACE(KEYUSAGE_E));
     ExpectIntEQ(wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign"),
-        KEYUSAGE_E);
+        WC_NO_ERR_TRACE(KEYUSAGE_E));
 #endif
     return EXPECT_RESULT();
 } /* END  test_wc_SetKeyUsage */
@@ -20068,19 +20975,19 @@ static int test_wc_CheckProbablePrime(void)
 
     /* Bad cases */
     ExpectIntEQ(wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(p, 0, q, qSz, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, 0, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, 0, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Good case */
     ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz, nlen, isPrime),
@@ -20123,13 +21030,13 @@ static int test_wc_RsaPSS_Verify(void)
 
     /* Bad cases */
     ExpectIntEQ(wc_RsaPSS_Verify(NULL, (word32)sz, pt, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_Verify(pSignature, 0, pt, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_Verify(pSignature, (word32)sz, NULL, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_Verify(NULL, 0, NULL, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Good case */
     ExpectIntGT(wc_RsaPSS_Verify(pSignature, (word32)sz, pt, outLen,
@@ -20178,13 +21085,13 @@ static int test_wc_RsaPSS_VerifyCheck(void)
 
     /* Bad cases */
     ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, (word32)sz, pt, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, NULL, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Good case */
     ExpectIntGT(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, pt, outLen, digest,
@@ -20231,13 +21138,13 @@ static int test_wc_RsaPSS_VerifyCheckInline(void)
 
     /* Bad Cases */
     ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, (word32)sz, &pt, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest,
-        digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Good case */
     ExpectIntGT(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest,
@@ -20271,7 +21178,7 @@ static int test_wc_LockMutex_ex(void)
     int line = 0;
 
     /* without SetMutexCb */
-    ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), BAD_STATE_E);
+    ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), WC_NO_ERR_TRACE(BAD_STATE_E));
     /* with SetMutexCb */
     ExpectIntEQ(wc_SetMutexCb(sample_mutex_cb), 0);
     ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), 0);
@@ -20303,7 +21210,8 @@ static int test_wc_RsaKeyToDer(void)
     WC_RNG rng;
     byte*  der = NULL;
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int     bits = 1024;
     word32  derSz = 611;
     /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
@@ -20328,12 +21236,12 @@ static int test_wc_RsaKeyToDer(void)
     ExpectIntGT(wc_RsaKeyToDer(&genKey, der, derSz), 0);
 
     /* Pass good/bad args. */
-    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Get just the output length */
     ExpectIntGT(wc_RsaKeyToDer(&genKey, NULL, 0), 0);
     /* Try Public Key. */
     genKey.type = 0;
-    ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #ifdef WOLFSSL_CHECK_MEM_ZERO
         /* Put back to Private Key */
         genKey.type = 1;
@@ -20357,7 +21265,8 @@ static int test_wc_RsaKeyToPublicDer(void)
     WC_RNG rng;
     byte*  der = NULL;
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int    bits = 1024;
     word32 derLen = 162;
 #else
@@ -20383,9 +21292,9 @@ static int test_wc_RsaKeyToPublicDer(void)
     ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0), 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntLT(ret = wc_RsaKeyToPublicDer(&key, der, -1), 0);
-    ExpectTrue((ret == BUFFER_E) || (ret == BAD_FUNC_ARG));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(BUFFER_E)) || (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)));
 
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -20573,26 +21482,26 @@ static int test_wc_RsaSSL_SignVerify(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Verify. */
     ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, &key), (int)inLen);
 
     /* Pass bad args. */
     ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Verify(out, 0, plain, plainSz, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     WC_FREE_VAR(in, NULL);
     WC_FREE_VAR(out, NULL);
@@ -20621,7 +21530,8 @@ static int test_wc_RsaEncryptSize(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     ExpectIntEQ(MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng), 0);
 
     ExpectIntEQ(wc_RsaEncryptSize(&key), 128);
@@ -20632,7 +21542,7 @@ static int test_wc_RsaEncryptSize(void)
     ExpectIntEQ(wc_RsaEncryptSize(&key), 256);
 
     /* Pass in bad arg. */
-    ExpectIntEQ(wc_RsaEncryptSize(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RsaEncryptSize(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -20655,7 +21565,8 @@ static int test_wc_RsaFlattenPublicKey(void)
     word32 eSz = sizeof(e);
     word32 nSz = sizeof(n);
     #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+        (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int    bits = 1024;
     #else
     int    bits = 2048;
@@ -20672,15 +21583,15 @@ static int test_wc_RsaFlattenPublicKey(void)
 
     /* Pass bad args. */
     ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -20730,9 +21641,9 @@ static int test_wc_AesCcmSetKey(void)
 #endif
 
     /* Test bad args. */
-   ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1), BAD_FUNC_ARG);
-   ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1), BAD_FUNC_ARG);
-   ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1), BAD_FUNC_ARG);
+   ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+   ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+   ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_AesFree(&aes);
 #endif
@@ -20798,49 +21709,49 @@ static int test_wc_AesCcmEncryptDecrypt(void)
     /* Pass in bad args. Encrypt*/
     ExpectIntEQ(wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
         iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
         iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
         iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
         NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
         iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
         iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
         iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #ifdef HAVE_AES_DECRYPT
     /* Pass in bad args. Decrypt*/
     ExpectIntEQ(wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
         iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
         iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
         iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
         NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
         iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
         iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
         iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #endif
 
     wc_AesFree(&aes);
@@ -22138,42 +23049,42 @@ static int test_wc_AesEaxEncryptAuth(void)
                                      iv, sizeof(iv),
                                      authtag, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
                                      NULL,
                                      msg, sizeof(msg),
                                      iv, sizeof(iv),
                                      authtag, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
                                      ciphertext,
                                      NULL, sizeof(msg),
                                      iv, sizeof(iv),
                                      authtag, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
                                      ciphertext,
                                      msg, sizeof(msg),
                                      NULL, sizeof(iv),
                                      authtag, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
                                      ciphertext,
                                      msg, sizeof(msg),
                                      iv, sizeof(iv),
                                      NULL, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
                                      ciphertext,
                                      msg, sizeof(msg),
                                      iv, sizeof(iv),
                                      authtag, (word32)len,
                                      NULL, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test bad key lengths */
     for (i = 0; i <= 32; i++) {
@@ -22183,7 +23094,7 @@ static int test_wc_AesEaxEncryptAuth(void)
             exp_ret = 0;
         }
         else {
-            exp_ret = BAD_FUNC_ARG;
+            exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
         }
 
         ExpectIntEQ(wc_AesEaxEncryptAuth(key, (word32)i,
@@ -22204,7 +23115,7 @@ static int test_wc_AesEaxEncryptAuth(void)
                                      iv, sizeof(iv),
                                      authtag, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     return EXPECT_RESULT();
 } /* END test_wc_AesEaxEncryptAuth() */
@@ -22242,7 +23153,7 @@ static int test_wc_AesEaxDecryptAuth(void)
                                      iv, sizeof(iv),
                                      tag, (word32)len,
                                      aad, sizeof(aad)),
-                                     AES_EAX_AUTH_E);
+                                     WC_NO_ERR_TRACE(AES_EAX_AUTH_E));
 
     /* Test null checking */
     ExpectIntEQ(wc_AesEaxDecryptAuth(NULL, sizeof(key),
@@ -22251,52 +23162,52 @@ static int test_wc_AesEaxDecryptAuth(void)
                                      iv, sizeof(iv),
                                      tag, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
                                      NULL,
                                      ct, sizeof(ct),
                                      iv, sizeof(iv),
                                      tag, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
                                      plaintext,
                                      NULL, sizeof(ct),
                                      iv, sizeof(iv),
                                      tag, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
                                      plaintext,
                                      ct, sizeof(ct),
                                      NULL, sizeof(iv),
                                      tag, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
                                      plaintext,
                                      ct, sizeof(ct),
                                      iv, sizeof(iv),
                                      NULL, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
                                      plaintext,
                                      ct, sizeof(ct),
                                      iv, sizeof(iv),
                                      tag, (word32)len,
                                      NULL, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test bad key lengths */
     for (i = 0; i <= 32; i++) {
         int exp_ret;
         if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
                                   || i == AES_256_KEY_SIZE) {
-            exp_ret = AES_EAX_AUTH_E;
+            exp_ret = WC_NO_ERR_TRACE(AES_EAX_AUTH_E);
         }
         else {
-            exp_ret = BAD_FUNC_ARG;
+            exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
         }
 
         ExpectIntEQ(wc_AesEaxDecryptAuth(key, (word32)i,
@@ -22317,7 +23228,7 @@ static int test_wc_AesEaxDecryptAuth(void)
                                      iv, sizeof(iv),
                                      tag, (word32)len,
                                      aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     return EXPECT_RESULT();
 } /* END test_wc_AesEaxDecryptAuth() */
@@ -22340,7 +23251,7 @@ static int test_wc_InitDsaKey(void)
     ExpectIntEQ(wc_InitDsaKey(&key), 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_InitDsaKey(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitDsaKey(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDsaKey(&key);
 #endif
@@ -22396,28 +23307,28 @@ static int test_wc_DsaSignVerify(void)
     /* Sign. */
     ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_DsaSign(NULL, signature, &key, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaSign(hash, NULL, &key, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaSign(hash, signature, NULL, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaSign(hash, signature, &key, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaSign(NULL, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaSign(hash, NULL, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaSign(hash, signature, NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaSign(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Verify. */
     ExpectIntEQ(wc_DsaVerify(hash, signature, &key, &answer), 0);
     ExpectIntEQ(answer, 1);
     /* Pass in bad args. */
-    ExpectIntEQ(wc_DsaVerify(NULL, signature, &key, &answer), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaVerify(hash, NULL, &key, &answer), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaVerify(NULL, signature, &key, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaVerify(hash, NULL, &key, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP)
     /* hard set q to 0 and test fail case */
     mp_free(&key.q);
     mp_init(&key.q);
-    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     mp_set(&key.q, 1);
-    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     DoExpectIntEQ(wc_FreeRng(&rng),0);
@@ -22463,22 +23374,22 @@ static int test_wc_DsaPublicPrivateKeyDecode(void)
     ExpectIntEQ(wc_InitDsaKey(&key), 0);
     ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntLT(ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
-    ExpectTrue((ret == ASN_PARSE_E) || (ret == BUFFER_E));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) || (ret == WC_NO_ERR_TRACE(BUFFER_E)));
     wc_FreeDsaKey(&key);
 
     ExpectIntEQ(wc_InitDsaKey(&key), 0);
     idx = 0; /* Reset */
     ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntLT(ret = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0);
-    ExpectTrue((ret == ASN_PARSE_E) || (ret == BUFFER_E));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) || (ret == WC_NO_ERR_TRACE(BUFFER_E)));
     wc_FreeDsaKey(&key);
 #endif /* !NO_DSA */
     return EXPECT_RESULT();
@@ -22504,15 +23415,15 @@ static int test_wc_MakeDsaKey(void)
 
     ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_MakeDsaKey(&rng, &genKey), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_MakeDsaKey(NULL, &genKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_MakeDsaKey(&rng, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_MakeDsaKey(NULL, &genKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_MakeDsaKey(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_FreeDsaKey(&genKey);
@@ -22567,8 +23478,8 @@ static int test_wc_DsaKeyToDer(void)
     ExpectIntEQ(XMEMCMP(der, tmp, bytes), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_DsaKeyToDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaKeyToDer(&key, NULL, FOURK_BUF), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaKeyToDer(NULL, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaKeyToDer(&key, NULL, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDsaKey(&key);
 #endif /* !NO_DSA && WOLFSSL_KEY_GEN */
@@ -22614,8 +23525,8 @@ static int test_wc_DsaKeyToPublicDer(void)
     ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaKeyToPublicDer(&key, NULL, FOURK_BUF), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaKeyToPublicDer(&key, NULL, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_FreeDsaKey(&key);
@@ -22659,13 +23570,13 @@ static int test_wc_DsaImportParamsRaw(void)
 
     /* test bad args */
     /* null key struct */
-    ExpectIntEQ(wc_DsaImportParamsRaw(NULL, p, q, g), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaImportParamsRaw(NULL, p, q, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null param pointers */
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, NULL, NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* illegal p length */
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, invalidP, q, g), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, invalidP, q, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* illegal q length */
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, invalidQ, g), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, invalidQ, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDsaKey(&key);
 #endif
@@ -22706,16 +23617,16 @@ static int test_wc_DsaImportParamsRawCheck(void)
     /* test bad args */
     /* null key struct */
     ExpectIntEQ(wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null param pointers */
     ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* illegal p length */
     ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* illegal q length */
     ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDsaKey(&key);
 #endif
@@ -22793,27 +23704,27 @@ static int test_wc_DsaExportParamsRaw(void)
     /* test bad args */
     /* null key struct */
     ExpectIntEQ(wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BAD_FUNC_ARG);
+        &gOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null output pointers */
     ExpectIntEQ(wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz, NULL,
-        &gOutSz), LENGTH_ONLY_E);
+        &gOutSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     /* null output size pointers */
     ExpectIntEQ( wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL, gOut,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* p output buffer size too small */
     pOutSz = 1;
     ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BUFFER_E);
+        &gOutSz), WC_NO_ERR_TRACE(BUFFER_E));
     pOutSz = sizeof(pOut);
     /* q output buffer size too small */
     qOutSz = 1;
     ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BUFFER_E);
+        &gOutSz), WC_NO_ERR_TRACE(BUFFER_E));
     qOutSz = sizeof(qOut);
     /* g output buffer size too small */
     gOutSz = 1;
     ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BUFFER_E);
+        &gOutSz), WC_NO_ERR_TRACE(BUFFER_E));
 
     wc_FreeDsaKey(&key);
 #endif
@@ -22849,22 +23760,22 @@ static int test_wc_DsaExportKeyRaw(void)
     /* test bad args */
     /* null key struct */
     ExpectIntEQ(wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null output pointers */
     ExpectIntEQ(wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     /* null output size pointers */
     ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* x output buffer size too small */
     xOutSz = 1;
     ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     xOutSz = sizeof(xOut);
     /* y output buffer size too small */
     yOutSz = 1;
     ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_FreeDsaKey(&key);
@@ -22892,20 +23803,20 @@ static int test_wc_ed25519_make_key(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
     ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, (word32)pubkey_sz),
-        ECC_PRIV_KEY_E);
+        WC_NO_ERR_TRACE(ECC_PRIV_KEY_E));
     ExpectIntEQ(wc_ed25519_make_public(&key, pubkey+1, (word32)pubkey_sz),
-        ECC_PRIV_KEY_E);
+        WC_NO_ERR_TRACE(ECC_PRIV_KEY_E));
     ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed25519_free(&key);
@@ -22926,7 +23837,7 @@ static int test_wc_ed25519_init(void)
 
     ExpectIntEQ(wc_ed25519_init(&key), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_init(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ed25519_free(&key);
 #endif
@@ -22968,15 +23879,15 @@ static int test_wc_ed25519_sign_msg(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(badSigLen, ED25519_SIG_SIZE);
     badSigLen -= 1;
 
@@ -22987,19 +23898,19 @@ static int test_wc_ed25519_sign_msg(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen - 1, msg, msglen,
-        &verify_ok, &key), BAD_FUNC_ARG);
+        &verify_ok, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen + 1, msg, msglen,
-        &verify_ok, &key), BAD_FUNC_ARG);
+        &verify_ok, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, NULL, msglen, &verify_ok,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, NULL, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, badSigLen, msg, msglen, &verify_ok,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif /* Verify. */
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -23034,9 +23945,9 @@ static int test_wc_ed25519_import_public(void)
     ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_import_public(NULL, inlen, &pubKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_public(in, inlen, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_public(in, inlen - 1, &pubKey), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_import_public(NULL, inlen, &pubKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_public(in, inlen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_public(in, inlen - 1, &pubKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed25519_free(&pubKey);
@@ -23088,17 +23999,17 @@ static int test_wc_ed25519_import_private_key(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL,
-        pubKeySz, &key), BAD_FUNC_ARG);
+        pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz, NULL), BAD_FUNC_ARG);
+        pubKeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
-        pubKeySz, &key), BAD_FUNC_ARG);
+        pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz - 1, &key), BAD_FUNC_ARG);
+        pubKeySz - 1, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL, 0,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed25519_free(&key);
@@ -23151,20 +24062,20 @@ static int test_wc_ed25519_export(void)
     ExpectIntEQ(pubSz, ED25519_KEY_SIZE);
     ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_export_public(NULL, pub, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_public(&key, NULL, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_public(&key, pub, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_export_public(NULL, pub, &pubSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_public(&key, NULL, &pubSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_public(&key, pub, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, &privSz), 0);
     ExpectIntEQ(privSz, ED25519_KEY_SIZE);
     ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_export_private_only(NULL, priv, &privSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_private_only(&key, NULL, &privSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -23211,19 +24122,19 @@ static int test_wc_ed25519_size(void)
 
     ExpectIntEQ(wc_ed25519_size(&key), ED25519_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed25519_sig_size(&key), ED25519_SIG_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_sig_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed25519_pub_size(&key), ED25519_PUB_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_pub_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed25519_priv_size(&key), ED25519_PRV_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_priv_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed25519_free(&key);
@@ -23277,23 +24188,23 @@ static int test_wc_ed25519_exportKey(void)
     ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, &privOnlySz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_export_private(NULL, privOnly, &privOnlySz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_private(&key, NULL, &privOnlySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     PRIVATE_KEY_LOCK();
 
     /* Cross check output. */
@@ -23319,9 +24230,9 @@ static int test_wc_Ed25519PublicKeyToDer(void)
     XMEMSET(&key, 0, sizeof(ed25519_key));
 
     /* Test bad args */
-    ExpectIntEQ(wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_init(&key), 0);
-    ExpectIntEQ(wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0), BUFFER_E);
+    ExpectIntEQ(wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0), WC_NO_ERR_TRACE(BUFFER_E));
     wc_ed25519_free(&key);
 
     /*  Test good args */
@@ -23333,7 +24244,11 @@ static int test_wc_Ed25519PublicKeyToDer(void)
         ExpectIntEQ(wc_ed25519_init(&key), 0);
         ExpectIntEQ(wc_InitRng(&rng), 0);
         ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
-        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1), 0);
+        /* length only */
+        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 0), 0);
+        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 1), 0);
+        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf,
+                    (word32)sizeof(derBuf), 1), 0);
 
         DoExpectIntEQ(wc_FreeRng(&rng), 0);
         wc_ed25519_free(&key);
@@ -23353,7 +24268,7 @@ static int test_wc_curve25519_init(void)
 
     ExpectIntEQ(wc_curve25519_init(&key), 0);
     /* Test bad args for wc_curve25519_init */
-    ExpectIntEQ(wc_curve25519_init(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_curve25519_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test good args for wc_curve_25519_free */
     wc_curve25519_free(&key);
@@ -23411,23 +24326,23 @@ static int test_wc_curve25519_export_key_raw(void)
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw(NULL, privateKey, &prvkSz,
-        publicKey, &pubkSz), BAD_FUNC_ARG);
+        publicKey, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw(&key, NULL, &prvkSz, publicKey,
-        &pubkSz), BAD_FUNC_ARG);
+        &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, NULL,
-        publicKey, &pubkSz), BAD_FUNC_ARG);
+        publicKey, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* prvkSz = CURVE25519_KEYSIZE; */
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
-        NULL, &pubkSz), BAD_FUNC_ARG);
+        NULL, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
-        publicKey, NULL), BAD_FUNC_ARG);
+        publicKey, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* cross-testing */
     prksz = CURVE25519_KEYSIZE;
@@ -23479,49 +24394,49 @@ static int test_wc_curve25519_export_key_raw_ex(void)
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey,
-        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL,
-        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        NULL, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
+        NULL, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* prvkSz = CURVE25519_KEYSIZE; */
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     /* pubkSz = CURVE25519_KEYSIZE; */
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey,
-        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL,
-        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
+        NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* prvkSz = CURVE25519_KEYSIZE; */
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* illegal value for endian */
     prvkSz = CURVE25519_KEYSIZE;
     /* pubkSz = CURVE25519_KEYSIZE; */
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
-        publicKey, NULL, EC25519_BIG_ENDIAN + 10), BAD_FUNC_ARG);
+        publicKey, NULL, EC25519_BIG_ENDIAN + 10), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* cross-testing */
     prksz = CURVE25519_KEYSIZE;
@@ -23577,10 +24492,10 @@ static int test_wc_curve25519_make_key(void)
     ExpectIntEQ(keysize = wc_curve25519_size(&key), CURVE25519_KEYSIZE);
     ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, &key), 0);
     /* test bad cases*/
-    ExpectIntEQ(wc_curve25519_make_key(NULL, 0, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_make_key(NULL, keysize, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, 0, &key), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_curve25519_make_key(NULL, 0, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_make_key(NULL, keysize, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_make_key(&rng, 0, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve25519_free(&key);
@@ -23616,25 +24531,25 @@ static int test_wc_curve25519_shared_secret_ex(void)
 
     /* test bad cases*/
     ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, NULL, NULL, 0, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, &public_key, out, &outLen,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, NULL, out, &outLen,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
-        &outLen, endian), BAD_FUNC_ARG);
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
-        NULL, endian), BAD_FUNC_ARG);
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* curve25519.c is checking for public_key size less than or equal to 0x7f,
      * increasing to 0x8f checks for error being returned*/
     public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
     ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), ECC_BAD_ARG_E);
+        &outLen, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), BAD_FUNC_ARG);
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve25519_free(&private_key);
@@ -23664,17 +24579,17 @@ static int test_wc_curve25519_make_pub(void)
         (int)sizeof(key.k), key.k), 0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k,
-        (int)sizeof out, out), ECC_BAD_ARG_E);
+        (int)sizeof out, out), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
-        NULL), ECC_BAD_ARG_E);
+        NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out - 1, out,
-        (int)sizeof(key.k), key.k), ECC_BAD_ARG_E);
+        (int)sizeof(key.k), key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, NULL,
-        (int)sizeof(key.k), key.k), ECC_BAD_ARG_E);
+        (int)sizeof(key.k), key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     /* verify clamping test */
     key.k[0] |= ~248;
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
-        key.k), ECC_BAD_ARG_E);
+        key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     key.k[0] &= 248;
     /* repeat the expected-to-succeed test. */
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
@@ -23709,16 +24624,16 @@ static int test_wc_curve25519_export_public_ex(void)
     ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian), 0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve25519_export_public_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_public_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_public_ex(&key, NULL, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve25519_free(&key);
@@ -23753,17 +24668,17 @@ static int test_wc_curve25519_import_private_raw_ex(void)
         &key, endian), 0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
-        &key, endian), BAD_FUNC_ARG);
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
-        &key, endian), BAD_FUNC_ARG);
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
-        NULL, endian), BAD_FUNC_ARG);
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
-        &key, endian), ECC_BAD_ARG_E);
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
-        &key, endian), ECC_BAD_ARG_E);
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
         &key, EC25519_LITTLE_ENDIAN), 0);
 
@@ -23818,18 +24733,18 @@ static int test_wc_curve25519_export_private_raw_ex(void)
         0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, NULL, &outLen,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen,
         EC25519_LITTLE_ENDIAN), 0);
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     wc_curve25519_free(&key);
 #endif
@@ -23854,15 +24769,15 @@ static int test_wc_ed448_make_key(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
     ExpectIntEQ(wc_ed448_make_public(&key, pubkey, sizeof(pubkey)),
-        ECC_PRIV_KEY_E);
+        WC_NO_ERR_TRACE(ECC_PRIV_KEY_E));
     ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed448_free(&key);
@@ -23884,7 +24799,7 @@ static int test_wc_ed448_init(void)
 
     ExpectIntEQ(wc_ed448_init(&key), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_init(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ed448_free(&key);
 #endif
@@ -23923,15 +24838,15 @@ static int test_wc_ed448_sign_msg(void)
     ExpectIntEQ(siglen, ED448_SIG_SIZE);
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key, NULL, 0),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(badSigLen, ED448_SIG_SIZE);
     badSigLen -= 1;
 
@@ -23941,19 +24856,19 @@ static int test_wc_ed448_sign_msg(void)
     ExpectIntEQ(verify_ok, 1);
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, NULL, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, NULL,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
-        NULL, NULL, 0), BAD_FUNC_ARG);
+        NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(sig, badSigLen, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif /* Verify. */
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -23985,9 +24900,9 @@ static int test_wc_ed448_import_public(void)
     ExpectIntEQ(wc_ed448_import_public_ex(in, inlen, &pubKey, 1), 0);
     ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_import_public(NULL, inlen, &pubKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_public(in, inlen, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_public(in, inlen - 1, &pubKey), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_import_public(NULL, inlen, &pubKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_public(in, inlen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_public(in, inlen - 1, &pubKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed448_free(&pubKey);
@@ -24039,17 +24954,17 @@ static int test_wc_ed448_import_private_key(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, pubKeySz,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz, NULL), BAD_FUNC_ARG);
+        pubKeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
-        pubKeySz, &key), BAD_FUNC_ARG);
+        pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz - 1, &key), BAD_FUNC_ARG);
+        pubKeySz - 1, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, 0, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed448_free(&key);
@@ -24082,9 +24997,9 @@ static int test_wc_ed448_export(void)
     ExpectIntEQ(pubSz, ED448_KEY_SIZE);
     ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_export_public(NULL, pub, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_public(&key, NULL, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_public(&key, pub, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_export_public(NULL, pub, &pubSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_public(&key, NULL, &pubSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_public(&key, pub, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     PRIVATE_KEY_UNLOCK();
     ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz), 0);
@@ -24092,10 +25007,10 @@ static int test_wc_ed448_export(void)
     ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_export_private_only(NULL, priv, &privSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_export_private_only(&key, NULL, &privSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_private_only(&key, priv, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_private_only(&key, priv, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -24123,19 +25038,19 @@ static int test_wc_ed448_size(void)
 
     ExpectIntEQ(wc_ed448_size(&key), ED448_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed448_sig_size(&key), ED448_SIG_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_sig_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed448_pub_size(&key), ED448_PUB_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_pub_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed448_priv_size(&key), ED448_PRV_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_priv_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed448_free(&key);
@@ -24170,22 +25085,22 @@ static int test_wc_ed448_exportKey(void)
     ExpectIntEQ(wc_ed448_export_private(&key, privOnly, &privOnlySz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_export_private(NULL, privOnly, &privOnlySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_private(&key, NULL, &privOnlySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_private(&key, privOnly, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_private(&key, NULL, &privOnlySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_private(&key, privOnly, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_export_key(&key, priv, NULL, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     PRIVATE_KEY_LOCK();
 
     /* Cross check output. */
@@ -24211,10 +25126,10 @@ static int test_wc_Ed448PublicKeyToDer(void)
     XMEMSET(&key, 0, sizeof(ed448_key));
 
     /* Test bad args */
-    ExpectIntEQ(wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed448_init(&key), 0);
-    ExpectIntEQ(wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0), BUFFER_E);
+    ExpectIntEQ(wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0), WC_NO_ERR_TRACE(BUFFER_E));
     wc_ed448_free(&key);
 
     /*  Test good args */
@@ -24226,8 +25141,11 @@ static int test_wc_Ed448PublicKeyToDer(void)
         ExpectIntEQ(wc_ed448_init(&key), 0);
         ExpectIntEQ(wc_InitRng(&rng), 0);
         ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
-
-        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1), 0);
+        /* length only */
+        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 0), 0);
+        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 1), 0);
+        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf,
+                    (word32)sizeof(derBuf), 1), 0);
 
         DoExpectIntEQ(wc_FreeRng(&rng), 0);
         wc_ed448_free(&key);
@@ -24248,7 +25166,7 @@ static int test_wc_curve448_init(void)
     /* Test bad args for wc_curve448_init */
     ExpectIntEQ(wc_curve448_init(&key), 0);
     /* Test bad args for wc_curve448_init */
-    ExpectIntEQ(wc_curve448_init(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_curve448_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test good args for wc_curve_448_free */
     wc_curve448_free(&key);
@@ -24279,10 +25197,10 @@ static int test_wc_curve448_make_key(void)
     ExpectIntEQ(wc_curve448_make_key(&rng, keysize, &key), 0);
 
     /* test bad cases */
-    ExpectIntEQ(wc_curve448_make_key(NULL, 0, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_make_key(&rng, keysize, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_make_key(NULL, keysize, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_make_key(&rng, 0, &key), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_curve448_make_key(NULL, 0, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_make_key(&rng, keysize, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_make_key(NULL, keysize, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_make_key(&rng, 0, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve448_free(&key);
@@ -24316,18 +25234,18 @@ static int test_wc_curve448_shared_secret_ex(void)
 
     /* test bad cases */
     ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, NULL, NULL, 0, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, &public_key, out, &outLen,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, NULL, out, &outLen,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
-        &outLen, endian), BAD_FUNC_ARG);
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
-        NULL, endian), BAD_FUNC_ARG);
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), BAD_FUNC_ARG);
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve448_free(&private_key);
@@ -24359,16 +25277,16 @@ static int test_wc_curve448_export_public_ex(void)
     ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian), 0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve448_export_public_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_public_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_public_ex(&key, NULL, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_public_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve448_free(&key);
@@ -24393,18 +25311,18 @@ static int test_wc_curve448_export_private_raw_ex(void)
         0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen,
         EC448_LITTLE_ENDIAN), 0);
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     wc_curve448_free(&key);
 #endif
@@ -24438,17 +25356,17 @@ static int test_wc_curve448_import_private_raw_ex(void)
         &key, endian), 0);
     /* test bad cases */
     ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
-        &key, endian), BAD_FUNC_ARG);
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
-        &key, endian), BAD_FUNC_ARG);
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
-        NULL, endian), BAD_FUNC_ARG);
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
-        &key, endian), ECC_BAD_ARG_E);
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
-        &key, endian), ECC_BAD_ARG_E);
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
         &key, EC448_LITTLE_ENDIAN), 0);
 
@@ -24558,8 +25476,8 @@ static int test_wc_ecc_make_key(void)
     ExpectIntEQ(ret, 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_make_key(NULL, KEY14, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_make_key(&rng, KEY14, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_make_key(NULL, KEY14, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_make_key(&rng, KEY14, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -24585,7 +25503,7 @@ static int test_wc_ecc_init(void)
 
     ExpectIntEQ(wc_ecc_init(&key), 0);
     /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_init(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ecc_free(&key);
 #endif
@@ -24617,7 +25535,7 @@ static int test_wc_ecc_check_key(void)
     ExpectIntEQ(wc_ecc_check_key(&key), 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_check_key(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_check_key(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -24753,15 +25671,15 @@ static int test_wc_ecc_signVerify_hash(void)
 
     /* Check bad args. */
     ExpectIntEQ(wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, NULL, &siglen, &rng, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, NULL, &rng, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, NULL, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, NULL),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
 #ifdef HAVE_ECC_VERIFY
     ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
@@ -24783,13 +25701,13 @@ static int test_wc_ecc_signVerify_hash(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_verify_hash(NULL, siglen, digest, digestlen, &verify,
-        &key), ECC_BAD_ARG_E);
+        &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, NULL, digestlen, &verify, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, NULL, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
-        NULL), ECC_BAD_ARG_E);
+        NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 #endif /* HAVE_ECC_VERIFY */
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -24879,17 +25797,17 @@ static int test_wc_ecc_shared_secret(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_shared_secret(NULL, &pubKey, out, &outlen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret(&key, NULL, out, &outlen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Invalid length */
     outlen = 1;
     ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, &outlen),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&pubKey);
@@ -24935,11 +25853,11 @@ static int test_wc_ecc_export_x963(void)
     ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_export_x963(NULL, out, &outlen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_export_x963(&key, NULL, &outlen), LENGTH_ONLY_E);
-    ExpectIntEQ(wc_ecc_export_x963(&key, out, NULL), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_export_x963(NULL, out, &outlen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_export_x963(&key, NULL, &outlen), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectIntEQ(wc_ecc_export_x963(&key, out, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     key.idx = -4;
-    ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -24992,28 +25910,28 @@ static int test_wc_ecc_export_x963_ex(void)
 
     /* Test bad args. */
 #ifdef HAVE_COMP_KEY
-    ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, COMP), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, COMP), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, COMP), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, COMP), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #if defined(HAVE_FIPS) && (!defined(FIPS_VERSION_LT) || FIPS_VERSION_LT(5,3))
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP), BUFFER_E);
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP), WC_NO_ERR_TRACE(BUFFER_E));
 #else
     ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
 #endif
     key.idx = -4;
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 #else
     ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP),
-        LENGTH_ONLY_E);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, 1), NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, 1), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
     ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     key.idx = -4;
     ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 #endif
     PRIVATE_KEY_LOCK();
 
@@ -25069,9 +25987,9 @@ static int test_wc_ecc_import_x963(void)
     ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, &pubKey), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_import_x963(NULL, x963Len, &pubKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len + 1, &pubKey), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_import_x963(NULL, x963Len, &pubKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len + 1, &pubKey), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -25127,9 +26045,9 @@ static int test_wc_ecc_import_private_key(void)
         x963KeySz, &keyImp), 0);
     /* Pass in bad args. */
     ExpectIntEQ(wc_ecc_import_private_key(privKey, privKeySz, x963Key,
-        x963KeySz, NULL), BAD_FUNC_ARG);
+        x963KeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_import_private_key(NULL, privKeySz, x963Key, x963KeySz,
-        &keyImp), BAD_FUNC_ARG);
+        &keyImp), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -25173,9 +26091,9 @@ static int test_wc_ecc_export_private_only(void)
 
     ExpectIntEQ(wc_ecc_export_private_only(&key, out, &outlen), 0);
     /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_export_private_only(NULL, out, &outlen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_private_only(&key, NULL, &outlen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_private_only(&key, out, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_export_private_only(NULL, out, &outlen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_private_only(&key, NULL, &outlen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_private_only(&key, out, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -25217,22 +26135,22 @@ static int test_wc_ecc_rs_to_sig(void)
     ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, &siglen), 0);
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_rs_to_sig(NULL, S, sig, &siglen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, NULL, sig, &siglen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, NULL), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, NULL, &siglen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen), MP_ZERO_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen), MP_ZERO_E);
+    ExpectIntEQ(wc_ecc_rs_to_sig(NULL, S, sig, &siglen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, NULL, sig, &siglen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, NULL, &siglen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen), WC_NO_ERR_TRACE(MP_ZERO_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen), WC_NO_ERR_TRACE(MP_ZERO_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_ecc_rs_to_sig */
@@ -25262,17 +26180,17 @@ static int test_wc_ecc_import_raw(void)
     ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_import_raw(NULL, qx, qy, d, curveName), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_raw(&key, NULL, qy, d, curveName), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_raw(&key, qx, NULL, d, curveName), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_import_raw(NULL, qx, qy, d, curveName), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_raw(&key, NULL, qy, d, curveName), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_raw(&key, qx, NULL, d, curveName), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
     #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
         wc_ecc_free(&key);
     #endif
     ExpectIntLT(ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr,
         curveName), 0);
-    ExpectTrue((ret == ECC_INF_E) || (ret == BAD_FUNC_ARG));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ECC_INF_E)) || (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)));
 #endif
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
     #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
@@ -25280,7 +26198,7 @@ static int test_wc_ecc_import_raw(void)
     #endif
 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
     ExpectIntLT(ret = wc_ecc_import_raw(&key, "0", qy, d, curveName), 0);
-    ExpectTrue((ret == BAD_FUNC_ARG) || (ret == MP_VAL));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) || (ret == WC_NO_ERR_TRACE(MP_VAL)));
 #else
     ExpectIntEQ(wc_ecc_import_raw(&key, "0", qy, d, curveName), 0);
 #endif
@@ -25289,14 +26207,14 @@ static int test_wc_ecc_import_raw(void)
     #endif
 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
     ExpectIntLT(ret = wc_ecc_import_raw(&key, qx, "0", d, curveName), 0);
-    ExpectTrue((ret == BAD_FUNC_ARG) || (ret == MP_VAL));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) || (ret == WC_NO_ERR_TRACE(MP_VAL)));
 #else
     ExpectIntEQ(wc_ecc_import_raw(&key, qx, "0", d, curveName), 0);
 #endif
     #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
         wc_ecc_free(&key);
     #endif
-    ExpectIntEQ(wc_ecc_import_raw(&key, "0", "0", d, curveName), ECC_INF_E);
+    ExpectIntEQ(wc_ecc_import_raw(&key, "0", "0", d, curveName), WC_NO_ERR_TRACE(ECC_INF_E));
 #endif
 
     wc_ecc_free(&key);
@@ -25343,17 +26261,17 @@ static int test_wc_ecc_import_unsigned(void)
         curveId), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
-        curveId), BAD_FUNC_ARG);
+        curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
-        curveId), BAD_FUNC_ARG);
+        curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
-        curveId), BAD_FUNC_ARG);
+        curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
-        ECC_CURVE_INVALID), BAD_FUNC_ARG);
+        ECC_CURVE_INVALID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
     ExpectIntLT(ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
         (byte*)nullBytes, (byte*)nullBytes, curveId), 0);
-    ExpectTrue((ret == ECC_INF_E) || (ret == BAD_FUNC_ARG));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ECC_INF_E)) || (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)));
 #endif
 
     wc_ecc_free(&key);
@@ -25443,8 +26361,8 @@ static int test_wc_ecc_ctx_reset(void)
     ExpectIntEQ(wc_ecc_ctx_reset(ctx, &rng), 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_ctx_reset(NULL, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_ctx_reset(ctx, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_ctx_reset(NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_ctx_reset(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ecc_ctx_free(ctx);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -25479,8 +26397,8 @@ static int test_wc_ecc_ctx_set_peer_salt(void)
 
     ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, servSalt), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(NULL, servSalt), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(NULL, servSalt), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ecc_ctx_free(cliCtx);
     wc_ecc_ctx_free(servCtx);
@@ -25511,10 +26429,10 @@ static int test_wc_ecc_ctx_set_info(void)
     ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ecc_ctx_free(ctx);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -25587,15 +26505,15 @@ static int test_wc_ecc_encryptDecrypt(void)
         &outSz, NULL), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out, &outSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out, &outSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out, &outSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
-        &outSz, NULL), BAD_FUNC_ARG);
+        &outSz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #ifdef WOLFSSL_ECIES_OLD
     tmpKey.dp = cliKey.dp;
@@ -25605,19 +26523,19 @@ static int test_wc_ecc_encryptDecrypt(void)
     ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, &plainSz,
          NULL), 0);
     ExpectIntEQ(wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain, &plainSz,
-         NULL), BAD_FUNC_ARG);
+         NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_ECIES_OLD
     /* NULL parameter allowed in new implementations - public key comes from
      * the message. */
     ExpectIntEQ(wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain, &plainSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain, &plainSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL, &plainSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(XMEMCMP(msg, plain, msgSz), 0);
 
@@ -25684,46 +26602,46 @@ static int test_wc_ecc_pointFns(void)
 
     /* Export */
     ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, NULL,
-        &derlenChk), LENGTH_ONLY_E);
+        &derlenChk), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     /* Check length value. */
     ExpectIntEQ(derSz, derlenChk);
     ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der,
         &derSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der,
-        NULL), ECC_BAD_ARG_E);
+        NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     /* Import */
     ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, point), 0);
     ExpectIntEQ(wc_ecc_cmp_point(&key.pubkey, point), 0);
     /* Test bad args. */
     ExpectIntEQ( wc_ecc_import_point_der(NULL, derSz, idx, point),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, NULL), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, -1, point), ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, -1, point), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_import_point_der(der, derSz + 1, idx, point),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     /* Copy */
     ExpectIntEQ(wc_ecc_copy_point(point, cpypt), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_copy_point(NULL, cpypt), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_copy_point(point, NULL), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_copy_point(NULL, cpypt), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_copy_point(point, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     /* Compare point */
     ExpectIntEQ(wc_ecc_cmp_point(point, cpypt), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_cmp_point(NULL, cpypt), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_cmp_point(point, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_cmp_point(NULL, cpypt), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_cmp_point(point, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* At infinity if return == 1, otherwise return == 0. */
     ExpectIntEQ(wc_ecc_point_is_at_infinity(point), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_point_is_at_infinity(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_point_is_at_infinity(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
@@ -25731,8 +26649,8 @@ static int test_wc_ecc_pointFns(void)
     /* On curve if ret == 0 */
     ExpectIntEQ(wc_ecc_point_is_on_curve(point, idx), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_point_is_on_curve(NULL, idx), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_point_is_on_curve(point, 1000), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_point_is_on_curve(NULL, idx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_point_is_on_curve(point, 1000), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 #endif /* USE_ECC_B_PARAM */
 #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
 
@@ -25804,16 +26722,16 @@ static int test_wc_ecc_shared_secret_ssh(void)
         &secretLen), 0);
     /* Pass in bad args. */
     ExpectIntEQ(wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret,
-        &secretLen), BAD_FUNC_ARG);
+        &secretLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     key.type = ECC_PUBLICKEY;
     ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret,
-        &secretLen), ECC_BAD_ARG_E);
+        &secretLen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -25886,32 +26804,32 @@ static int test_wc_ecc_verify_hash_ex(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen,
-        &verify_ok, &key), ECC_BAD_ARG_E);
+        &verify_ok, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
-        &verify_ok, &key), ECC_BAD_ARG_E);
+        &verify_ok, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &s, shortHash, shortHashLen,
-        &verify_ok, &key), MP_ZERO_E);
+        &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &z, shortHash, shortHashLen,
-        &verify_ok, &key), MP_ZERO_E);
+        &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &z, shortHash, shortHashLen,
-        &verify_ok, &key), MP_ZERO_E);
+        &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
-        &key), ECC_BAD_ARG_E);
+        &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, NULL,
-        &key), ECC_BAD_ARG_E);
+        &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
-        &verify_ok, NULL), ECC_BAD_ARG_E);
+        &verify_ok, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     wc_ecc_free(&key);
     mp_free(&r);
@@ -25965,15 +26883,15 @@ static int test_wc_ecc_mulmod(void)
     /* Test bad args. */
     ExpectIntEQ(ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey,
         wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), NULL, &key3.pubkey,
         wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, NULL,
         wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey,
-        &key3.pubkey, wc_ecc_key_get_priv(&key2), NULL, 1), ECC_BAD_ARG_E);
+        &key3.pubkey, wc_ecc_key_get_priv(&key2), NULL, 1), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     wc_ecc_free(&key1);
     wc_ecc_free(&key2);
@@ -26037,7 +26955,7 @@ static int test_wc_ecc_get_curve_id_from_oid(void)
     word32 len = sizeof(oid);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_oid(NULL, len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_get_curve_id_from_oid(NULL, len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, 0), ECC_CURVE_INVALID);
     /* Good Case */
     ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, len), ECC_SECP256R1);
@@ -26067,7 +26985,7 @@ static int test_wc_ecc_sig_size_calc(void)
     ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
 #if FIPS_VERSION3_GE(6,0,0)
-    ExpectIntEQ(ret, BAD_FUNC_ARG);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
     ExpectIntEQ(ret, 0);
 #endif
@@ -26103,11 +27021,11 @@ static int test_wc_ecc_sm2_make_key(void)
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_make_key(NULL, NULL, WC_ECC_FLAG_NONE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_make_key(rng, NULL, WC_ECC_FLAG_NONE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_make_key(NULL, key, WC_ECC_FLAG_NONE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test valid parameters. */
     ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
@@ -26156,19 +27074,19 @@ static int test_wc_ecc_sm2_shared_secret(void)
 #endif
 
     /* Test invalid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, outA, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, outA, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, &outALen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, outA, &outALen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, outA, &outALen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, NULL, &outALen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test valid parameters. */
     ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, &outALen), 0);
@@ -26247,38 +27165,38 @@ static int test_wc_ecc_sm2_create_digest(void)
 
     /* Test with no curve set. */
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
+        hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
-        hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
+        hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg),
-        hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
+        hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg),
-        hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
+        hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
-        hashType, hash, sizeof(hash), NULL), BAD_FUNC_ARG);
+        hashType, hash, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
-        hashType, NULL, sizeof(hash), key), BAD_FUNC_ARG);
+        hashType, NULL, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg),
-        hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
+        hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg),
-        hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
+        hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, NULL, sizeof(hash), key), BAD_FUNC_ARG);
+        hashType, NULL, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, hash, sizeof(hash), NULL), BAD_FUNC_ARG);
+        hashType, hash, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Bad hash type. */
     /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        -1, hash, 0, key), BAD_FUNC_ARG);
+        -1, hash, 0, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
     /* Bad hash size. */
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, hash, 0, key), BUFFER_E);
+        hashType, hash, 0, key), WC_NO_ERR_TRACE(BUFFER_E));
 
     /* Test valid parameters. */
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
@@ -26353,38 +27271,38 @@ static int test_wc_ecc_sm2_verify_hash_ex(void)
 
     /* Test with no curve set. */
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, hash, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, NULL, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Make key not on the SM2 curve. */
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
 
     /* Test valid parameters. */
@@ -26464,34 +27382,34 @@ static int test_wc_ecc_sm2_verify_hash(void)
 
     /* Test with no curve set. */
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Make key not on the SM2 curve. */
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
 
     /* Test valid parameters. */
@@ -26545,38 +27463,38 @@ static int test_wc_ecc_sm2_sign_hash_ex(void)
 
     /* Test with no curve set. */
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, key, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, r,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL,
-        s), BAD_FUNC_ARG);
+        s), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, key, r, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, key, r, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, NULL, r, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, NULL, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Make key not on the SM2 curve. */
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
 
 #ifdef WOLFSSL_SP_MATH_ALL
@@ -26639,38 +27557,38 @@ static int test_wc_ecc_sm2_sign_hash(void)
 
     /* Test with no curve set. */
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, &sigSz, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, rng,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL,
-        key), BAD_FUNC_ARG);
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, &sigSz, rng,
-        key), BAD_FUNC_ARG);
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, &sigSz, rng,
-        key), BAD_FUNC_ARG);
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, NULL, rng,
-        key), BAD_FUNC_ARG);
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, NULL,
-        key), BAD_FUNC_ARG);
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Make key not on the SM2 curve. */
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
 
     /* Test valid parameters. */
@@ -26715,12 +27633,12 @@ static int test_ToTraditional(void)
     /* Good case */
     ExpectIntGT(ToTraditional(input, sz), 0);
     /* Bad cases */
-    ExpectIntEQ(ToTraditional(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(ToTraditional(NULL, sz), BAD_FUNC_ARG);
+    ExpectIntEQ(ToTraditional(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(ToTraditional(NULL, sz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_ASN_TEMPLATE
-    ExpectIntEQ(ToTraditional(input, 0), BUFFER_E);
+    ExpectIntEQ(ToTraditional(input, 0), WC_NO_ERR_TRACE(BUFFER_E));
 #else
-    ExpectIntEQ(ToTraditional(input, 0), ASN_PARSE_E);
+    ExpectIntEQ(ToTraditional(input, 0), WC_NO_ERR_TRACE(ASN_PARSE_E));
 #endif
 #endif
     return EXPECT_RESULT();
@@ -26754,10 +27672,10 @@ static int test_wc_EccPrivateKeyToDer(void)
 
     inLen = (word32)sizeof(output);
     /* Bad Cases */
-    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, NULL, inLen), LENGTH_ONLY_E);
-    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, NULL, inLen), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Good Case */
     ExpectIntGT(outLen = (word32)wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0);
 
@@ -26803,17 +27721,17 @@ static int test_wc_DhPublicKeyDecode(void)
 
     ExpectIntEQ(wc_InitDhKey(&key), 0);
 
-    ExpectIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     inOutIdx = 0;
     ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     inOutIdx = 0;
     ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     inOutIdx = 0;
     ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,
         sizeof_dh_pub_key_der_2048), 0);
@@ -26851,11 +27769,12 @@ static int test_wc_Ed25519KeyToDer(void)
     inLen = (word32)sizeof(output);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), WC_NO_ERR_TRACE(BUFFER_E));
     /* Good Cases */
     /* length only */
+    ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, 0), 0);
     ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen), 0);
     ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, output, inLen), 0);
 
@@ -26888,13 +27807,13 @@ static int test_wc_Ed25519PrivateKeyToDer(void)
     inLen = (word32)sizeof(output);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BUFFER_E));
     /* Good Cases */
     /* length only */
-    ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen), 0);
+    ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, 0), 0);
     ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen), 0);
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -26925,12 +27844,12 @@ static int test_wc_Ed448KeyToDer(void)
     inLen = (word32)sizeof(output);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Ed448KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed448KeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed448KeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed448KeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), WC_NO_ERR_TRACE(BUFFER_E));
     /* Good Cases */
     /* length only */
-    ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, inLen), 0);
+    ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, 0), 0);
     ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, output, inLen), 0);
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -26962,13 +27881,13 @@ static int test_wc_Ed448PrivateKeyToDer(void)
     inLen = (word32)sizeof(output);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BUFFER_E));
     /* Good cases */
     /* length only */
-    ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen), 0);
+    ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, 0), 0);
     ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen), 0);
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -27000,26 +27919,26 @@ static int test_wc_Curve448PrivateKeyToDer(void)
     inLen = (word32)sizeof(output);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BUFFER_E));
     /* Good cases */
     /* length only */
-    ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, NULL, inLen), 0);
+    ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, NULL, 0), 0);
     ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, inLen), 0);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, output, inLen, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, NULL, 0, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, output, inLen, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 0),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 1),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     /* Good cases */
     /* length only */
-    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, inLen, 0), 0);
-    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, inLen, 1), 0);
+    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 0), 0);
+    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 1), 0);
     ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 0), 0);
     ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 1), 0);
 
@@ -27033,1398 +27952,1404 @@ static int test_wc_kyber_make_key_kats(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
-    defined(WOLFSSL_ML_KEM)
+    !defined(WOLFSSL_KYBER_ORIGINAL)
     KyberKey* key;
 #ifndef WOLFSSL_NO_KYBER512
     static const byte seed_512[KYBER_MAKEKEY_RAND_SZ] = {
-        0xCD, 0x11, 0x9A, 0xFD, 0xC8, 0x55, 0x94, 0x42,
-        0x42, 0x4A, 0x87, 0xC1, 0x3E, 0xA1, 0x01, 0xE2,
-        0x9F, 0xCA, 0x11, 0x88, 0x18, 0x69, 0x07, 0x7E,
-        0x40, 0x92, 0xE7, 0x51, 0xBE, 0xDC, 0xA8, 0xBC,
-        0xCD, 0x11, 0x9A, 0xFD, 0xC8, 0x55, 0x94, 0x42,
-        0x42, 0x4A, 0x87, 0xC1, 0x3E, 0xA1, 0x01, 0xE2,
-        0x9F, 0xCA, 0x11, 0x88, 0x18, 0x69, 0x07, 0x7E,
-        0x40, 0x92, 0xE7, 0x51, 0xBE, 0xDC, 0xA8, 0xBC
+        /* d */
+        0x2C, 0xB8, 0x43, 0xA0, 0x2E, 0xF0, 0x2E, 0xE1,
+        0x09, 0x30, 0x5F, 0x39, 0x11, 0x9F, 0xAB, 0xF4,
+        0x9A, 0xB9, 0x0A, 0x57, 0xFF, 0xEC, 0xB3, 0xA0,
+        0xE7, 0x5E, 0x17, 0x94, 0x50, 0xF5, 0x27, 0x61,
+        /* z */
+        0x84, 0xCC, 0x91, 0x21, 0xAE, 0x56, 0xFB, 0xF3,
+        0x9E, 0x67, 0xAD, 0xBD, 0x83, 0xAD, 0x2D, 0x3E,
+        0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD,
+        0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7
     };
     static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = {
-        0xC6, 0x5A, 0x1D, 0x9D, 0x47, 0x97, 0x77, 0xE6,
-        0x90, 0x5A, 0x91, 0xA5, 0xCB, 0x24, 0x55, 0x1C,
-        0x8B, 0x1E, 0x52, 0xA3, 0xC7, 0x7B, 0x63, 0x31,
-        0x3F, 0xFC, 0x8B, 0x58, 0x17, 0x81, 0x52, 0x59,
-        0xA6, 0xAD, 0xB5, 0x96, 0x45, 0xDC, 0x4B, 0xB1,
-        0x43, 0x6D, 0x51, 0xE6, 0x2A, 0x09, 0x68, 0x34,
-        0xAF, 0x43, 0x77, 0x25, 0x10, 0xC4, 0xED, 0xF3,
-        0x4C, 0xDE, 0x0A, 0x5B, 0x57, 0xC1, 0x45, 0xE6,
-        0x87, 0xCB, 0x87, 0x16, 0x2F, 0x00, 0x1C, 0x21,
-        0xC9, 0xE1, 0x93, 0x4A, 0xC1, 0x1A, 0xAF, 0xA7,
-        0x0F, 0xF8, 0x10, 0x73, 0x26, 0x50, 0xB3, 0x2A,
-        0x30, 0x18, 0xA7, 0xC5, 0x0C, 0xD7, 0x36, 0x79,
-        0x62, 0x22, 0xC8, 0xAB, 0x82, 0x1A, 0x92, 0x83,
-        0xBE, 0x1C, 0xC2, 0x04, 0xC3, 0xF1, 0x63, 0x0D,
-        0x3C, 0xCC, 0xDB, 0x0A, 0x9A, 0x3D, 0x17, 0x55,
-        0x2B, 0x91, 0x58, 0xC0, 0x66, 0x4E, 0x5D, 0x6A,
-        0x04, 0xB0, 0xFA, 0x36, 0xDE, 0x45, 0x86, 0x2A,
-        0x46, 0xA3, 0x9E, 0xC5, 0x97, 0xAE, 0x42, 0xC3,
-        0x11, 0xC4, 0xAC, 0x22, 0x4A, 0x72, 0xD6, 0xF2,
-        0x53, 0xBB, 0x52, 0x35, 0xF7, 0xA2, 0xB8, 0xB0,
-        0xF2, 0x4D, 0x13, 0x76, 0xAF, 0x58, 0x87, 0x46,
-        0xF3, 0xBB, 0x8E, 0x03, 0x65, 0x07, 0x87, 0x61,
-        0xCA, 0xB9, 0x83, 0xA4, 0xA6, 0xA9, 0x40, 0xA3,
-        0xD9, 0x97, 0x04, 0x7A, 0x8F, 0x36, 0xA7, 0x31,
-        0xE8, 0x96, 0x52, 0x36, 0xC3, 0x7B, 0xF2, 0x00,
-        0x08, 0x2F, 0x82, 0x1D, 0xCA, 0x77, 0x16, 0xC4,
-        0x44, 0xA9, 0x0B, 0xEC, 0x53, 0x07, 0x4B, 0xBA,
-        0x58, 0xC1, 0x32, 0xBF, 0xB9, 0xA2, 0xAC, 0xE2,
-        0xCE, 0xC9, 0xAA, 0x65, 0x8E, 0xAC, 0x12, 0x32,
-        0xCC, 0xCA, 0x3C, 0x81, 0x7A, 0x92, 0xC1, 0x19,
-        0x5C, 0x05, 0xC0, 0xE1, 0xD6, 0x63, 0x9F, 0xD2,
-        0xAD, 0xE5, 0x31, 0x60, 0x7D, 0x48, 0x8B, 0x74,
-        0xA7, 0x47, 0xCF, 0xF4, 0x7F, 0xCA, 0x5C, 0x8B,
-        0x21, 0x63, 0xCA, 0x03, 0xC5, 0x45, 0xED, 0x10,
-        0x32, 0x78, 0x43, 0x0C, 0x60, 0xB2, 0x38, 0x1A,
-        0x09, 0x42, 0x7F, 0xD1, 0x30, 0xF8, 0x59, 0xBF,
-        0x5D, 0xB7, 0x76, 0xDA, 0x09, 0x5D, 0xCA, 0x58,
-        0x04, 0xFA, 0x63, 0xB0, 0xD7, 0xD8, 0x7F, 0xA9,
-        0x41, 0x5C, 0x72, 0xFB, 0x51, 0x87, 0x2A, 0x98,
-        0x9F, 0x46, 0x6C, 0x98, 0x4B, 0xC7, 0x4C, 0x29,
-        0xB8, 0x63, 0x20, 0x19, 0xCA, 0x04, 0x0C, 0x9C,
-        0xA3, 0x5E, 0x22, 0x60, 0x8D, 0xAA, 0x70, 0x35,
-        0x7A, 0xE2, 0xC3, 0xAD, 0x83, 0x63, 0x1F, 0xAA,
-        0x17, 0x4E, 0x0A, 0xCD, 0xF5, 0xDB, 0xBF, 0x3C,
-        0xF6, 0x8A, 0x05, 0xB6, 0x54, 0x3A, 0xB6, 0x26,
-        0x8E, 0x1A, 0x51, 0xB0, 0x93, 0x2C, 0x17, 0xB0,
-        0x0A, 0x13, 0x71, 0xB2, 0xDA, 0xB2, 0x41, 0xF9,
-        0x2A, 0x43, 0xFF, 0xB4, 0x56, 0xD0, 0xA8, 0xC8,
-        0x86, 0x0A, 0x8E, 0x28, 0xA6, 0x1A, 0x21, 0x30,
-        0x7C, 0xC0, 0x45, 0x6D, 0xA4, 0x24, 0x29, 0x05,
-        0xCB, 0x1D, 0x3D, 0x0B, 0xBD, 0x81, 0xBB, 0x8E,
-        0xE2, 0x74, 0xA4, 0x3C, 0x76, 0xC3, 0x10, 0x01,
-        0x95, 0x15, 0xFC, 0xC1, 0x40, 0x46, 0x7C, 0x33,
-        0x37, 0x0C, 0x86, 0x80, 0x8E, 0xCA, 0xA5, 0x8E,
-        0x3B, 0xA9, 0x3A, 0x2C, 0x11, 0x90, 0x46, 0x1C,
-        0x1D, 0xFA, 0x11, 0x30, 0x20, 0x01, 0xBB, 0xAB,
-        0x4C, 0xB1, 0xE3, 0x64, 0x2E, 0xF8, 0xCB, 0x26,
-        0x30, 0x9B, 0x60, 0x52, 0x3B, 0xC2, 0x18, 0x87,
-        0xB0, 0x7F, 0x89, 0x8C, 0xE5, 0x62, 0xA6, 0xCA,
-        0x77, 0x8E, 0xA0, 0x15, 0x05, 0x85, 0x13, 0x78,
-        0xCE, 0xA8, 0xBB, 0x7F, 0xC0, 0x9D, 0x11, 0x96,
-        0x1B, 0x6C, 0x59, 0x6F, 0x93, 0x54, 0x2A, 0x99,
-        0x04, 0x86, 0x4E, 0xB1, 0x0C, 0xD0, 0xA7, 0x03,
-        0xDB, 0xA9, 0x89, 0x21, 0x86, 0x1A, 0x87, 0xB0,
-        0x56, 0x52, 0x5C, 0x71, 0xA8, 0x43, 0x55, 0x3E,
-        0x64, 0x00, 0x77, 0x74, 0x37, 0xC9, 0x5C, 0xCC,
-        0x80, 0x85, 0xCC, 0x0C, 0x47, 0x7D, 0x66, 0x5A,
-        0x44, 0x79, 0x01, 0x9D, 0x4C, 0xD4, 0x42, 0xF7,
-        0x4A, 0x3C, 0xD8, 0x16, 0x9F, 0x42, 0x62, 0xB8,
-        0x27, 0x1B, 0x5D, 0x5A, 0x67, 0xC8, 0xC1, 0x61,
-        0x1A, 0xAE, 0x7B, 0x3D, 0x05, 0x34, 0xC0, 0x85,
-        0x97, 0x16, 0xFD, 0xF0, 0xBB, 0x68, 0x94, 0x90,
-        0x94, 0xC0, 0x6A, 0x1B, 0x73, 0xC9, 0xAA, 0x1C,
-        0xBD, 0xF3, 0x31, 0x54, 0x3D, 0xE0, 0x02, 0xA8,
-        0xC0, 0x6F, 0x94, 0xE8, 0x81, 0x0A, 0x5C, 0xB3,
-        0x73, 0x83, 0x27, 0x45, 0xD7, 0x20, 0x68, 0x3B,
-        0x57, 0x48, 0x75, 0xA6, 0x66, 0x94, 0x6D, 0x02,
-        0x96, 0x89, 0x3F, 0x2B, 0x59, 0xE9, 0x07, 0x48,
-        0x8D, 0x8C, 0x84, 0x89, 0xD4, 0x74, 0xD9, 0x29,
-        0xA0, 0x5A, 0x57, 0x3E, 0xD6, 0x67, 0x49, 0x03,
-        0x71, 0xA4, 0x6D, 0x45, 0x56, 0xCB, 0xB6, 0x8A,
-        0xAA, 0x79, 0xCC, 0x3E, 0xC6, 0x65, 0x34, 0x13,
-        0x57, 0x6C, 0x22, 0x8E, 0x37, 0x9A, 0x14, 0xCB,
-        0x90, 0xB7, 0xB7, 0x59, 0x1B, 0x19, 0xA7, 0xBD,
-        0x37, 0xA1, 0xC4, 0xD3, 0x78, 0x59, 0x89, 0x22,
-        0x19, 0x44, 0x2B, 0xB0, 0xB9, 0xB9, 0xBA, 0x67,
-        0xBA, 0x3B, 0xC0, 0xD0, 0x95, 0xC8, 0x80, 0x3C,
-        0xEB, 0xE9, 0x7A, 0xFF, 0x0B, 0x1C, 0x15, 0x35,
-        0x78, 0xA1, 0x30, 0xCD, 0x81, 0x57, 0xCF, 0x74,
-        0x59, 0x46, 0xC2, 0xF5, 0x72, 0x6D, 0x9C, 0x11,
-        0x27, 0x35, 0x75, 0x50, 0x52, 0x91, 0x34, 0x65,
-        0x28, 0xEE, 0x0B, 0xAC, 0x04, 0x7C, 0xC9, 0x84,
-        0x53, 0x8B, 0x97, 0xBB, 0xAB, 0xFC, 0xC3, 0x57,
-        0xDC, 0xB8, 0xA9, 0x8F, 0xB8, 0x57, 0xC9, 0xC5,
-        0x2D, 0x1B, 0x78, 0x67, 0x49, 0xCA, 0x61, 0x89,
-        0x2B, 0x09, 0x75, 0x99, 0x80, 0x52, 0x00, 0x91,
-        0xB9, 0xB4, 0x77, 0xC7, 0x0E, 0x6C, 0x46, 0x58,
-        0x6B, 0x1C, 0xCE, 0xBE, 0x87, 0xBC, 0xF6, 0xDF,
-        0x03, 0xC2, 0xB2, 0x7C, 0xB0, 0x9F, 0xA0, 0x3F,
-        0x63, 0x16, 0x09, 0x58, 0x38, 0x3B, 0xE6, 0x36
+        0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2,
+        0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA,
+        0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69,
+        0x4F, 0xD6, 0x4E, 0xAA, 0xB9, 0x07, 0xA4, 0x35,
+        0x39, 0xDD, 0xB2, 0x7B, 0xA0, 0xA8, 0x53, 0xCC,
+        0x90, 0x69, 0xEA, 0xC8, 0x50, 0x8C, 0x65, 0x3E,
+        0x60, 0x0B, 0x2A, 0xC0, 0x18, 0x38, 0x1B, 0x4B,
+        0xB4, 0xA8, 0x79, 0xAC, 0xDA, 0xD3, 0x42, 0xF9,
+        0x11, 0x79, 0xCA, 0x82, 0x49, 0x52, 0x5C, 0xB1,
+        0x96, 0x8B, 0xBE, 0x52, 0xF7, 0x55, 0xB7, 0xF5,
+        0xB4, 0x3D, 0x66, 0x63, 0xD7, 0xA3, 0xBF, 0x0F,
+        0x33, 0x57, 0xD8, 0xA2, 0x1D, 0x15, 0xB5, 0x2D,
+        0xB3, 0x81, 0x8E, 0xCE, 0x5B, 0x40, 0x2A, 0x60,
+        0xC9, 0x93, 0xE7, 0xCF, 0x43, 0x64, 0x87, 0xB8,
+        0xD2, 0xAE, 0x91, 0xE6, 0xC5, 0xB8, 0x82, 0x75,
+        0xE7, 0x58, 0x24, 0xB0, 0x00, 0x7E, 0xF3, 0x12,
+        0x3C, 0x0A, 0xB5, 0x1B, 0x5C, 0xC6, 0x1B, 0x9B,
+        0x22, 0x38, 0x0D, 0xE6, 0x6C, 0x5B, 0x20, 0xB0,
+        0x60, 0xCB, 0xB9, 0x86, 0xF8, 0x12, 0x3D, 0x94,
+        0x06, 0x00, 0x49, 0xCD, 0xF8, 0x03, 0x68, 0x73,
+        0xA7, 0xBE, 0x10, 0x94, 0x44, 0xA0, 0xA1, 0xCD,
+        0x87, 0xA4, 0x8C, 0xAE, 0x54, 0x19, 0x24, 0x84,
+        0xAF, 0x84, 0x44, 0x29, 0xC1, 0xC5, 0x8C, 0x29,
+        0xAC, 0x62, 0x4C, 0xD5, 0x04, 0xF1, 0xC4, 0x4F,
+        0x1E, 0x13, 0x47, 0x82, 0x2B, 0x6F, 0x22, 0x13,
+        0x23, 0x85, 0x9A, 0x7F, 0x6F, 0x75, 0x4B, 0xFE,
+        0x71, 0x0B, 0xDA, 0x60, 0x27, 0x62, 0x40, 0xA4,
+        0xFF, 0x2A, 0x53, 0x50, 0x70, 0x37, 0x86, 0xF5,
+        0x67, 0x1F, 0x44, 0x9F, 0x20, 0xC2, 0xA9, 0x5A,
+        0xE7, 0xC2, 0x90, 0x3A, 0x42, 0xCB, 0x3B, 0x30,
+        0x3F, 0xF4, 0xC4, 0x27, 0xC0, 0x8B, 0x11, 0xB4,
+        0xCD, 0x31, 0xC4, 0x18, 0xC6, 0xD1, 0x8D, 0x08,
+        0x61, 0x87, 0x3B, 0xFA, 0x03, 0x32, 0xF1, 0x12,
+        0x71, 0x55, 0x2E, 0xD7, 0xC0, 0x35, 0xF0, 0xE4,
+        0xBC, 0x42, 0x8C, 0x43, 0x72, 0x0B, 0x39, 0xA6,
+        0x51, 0x66, 0xBA, 0x9C, 0x2D, 0x3D, 0x77, 0x0E,
+        0x13, 0x03, 0x60, 0xCC, 0x23, 0x84, 0xE8, 0x30,
+        0x95, 0xB1, 0xA1, 0x59, 0x49, 0x55, 0x33, 0xF1,
+        0x16, 0xC7, 0xB5, 0x58, 0xB6, 0x50, 0xDB, 0x04,
+        0xD5, 0xA2, 0x6E, 0xAA, 0xA0, 0x8C, 0x3E, 0xE5,
+        0x7D, 0xE4, 0x5A, 0x7F, 0x88, 0xC6, 0xA3, 0xCE,
+        0xB2, 0x4D, 0xC5, 0x39, 0x7B, 0x88, 0xC3, 0xCE,
+        0xF0, 0x03, 0x31, 0x9B, 0xB0, 0x23, 0x3F, 0xD6,
+        0x92, 0xFD, 0xA1, 0x52, 0x44, 0x75, 0xB3, 0x51,
+        0xF3, 0xC7, 0x82, 0x18, 0x2D, 0xEC, 0xF5, 0x90,
+        0xB7, 0x72, 0x3B, 0xE4, 0x00, 0xBE, 0x14, 0x80,
+        0x9C, 0x44, 0x32, 0x99, 0x63, 0xFC, 0x46, 0x95,
+        0x92, 0x11, 0xD6, 0xA6, 0x23, 0x33, 0x95, 0x37,
+        0x84, 0x8C, 0x25, 0x16, 0x69, 0x94, 0x1D, 0x90,
+        0xB1, 0x30, 0x25, 0x8A, 0xDF, 0x55, 0xA7, 0x20,
+        0xA7, 0x24, 0xE8, 0xB6, 0xA6, 0xCA, 0xE3, 0xC2,
+        0x26, 0x4B, 0x16, 0x24, 0xCC, 0xBE, 0x7B, 0x45,
+        0x6B, 0x30, 0xC8, 0xC7, 0x39, 0x32, 0x94, 0xCA,
+        0x51, 0x80, 0xBC, 0x83, 0x7D, 0xD2, 0xE4, 0x5D,
+        0xBD, 0x59, 0xB6, 0xE1, 0x7B, 0x24, 0xFE, 0x93,
+        0x05, 0x2E, 0xB7, 0xC4, 0x3B, 0x27, 0xAC, 0x3D,
+        0xC2, 0x49, 0xCA, 0x0C, 0xBC, 0xA4, 0xFB, 0x58,
+        0x97, 0xC0, 0xB7, 0x44, 0x08, 0x8A, 0x8A, 0x07,
+        0x79, 0xD3, 0x22, 0x33, 0x82, 0x6A, 0x01, 0xDD,
+        0x64, 0x89, 0x95, 0x2A, 0x48, 0x25, 0xE5, 0x35,
+        0x8A, 0x70, 0x0B, 0xE0, 0xE1, 0x79, 0xAC, 0x19,
+        0x77, 0x10, 0xD8, 0x3E, 0xCC, 0x85, 0x3E, 0x52,
+        0x69, 0x5E, 0x9B, 0xF8, 0x7B, 0xB1, 0xF6, 0xCB,
+        0xD0, 0x5B, 0x02, 0xD4, 0xE6, 0x79, 0xE3, 0xB8,
+        0x8D, 0xD4, 0x83, 0xB0, 0x74, 0x9B, 0x11, 0xBD,
+        0x37, 0xB3, 0x83, 0xDC, 0xCA, 0x71, 0xF9, 0x09,
+        0x18, 0x34, 0xA1, 0x69, 0x55, 0x02, 0xC4, 0xB9,
+        0x5F, 0xC9, 0x11, 0x8C, 0x1C, 0xFC, 0x34, 0xC8,
+        0x4C, 0x22, 0x65, 0xBB, 0xBC, 0x56, 0x3C, 0x28,
+        0x26, 0x66, 0xB6, 0x0A, 0xE5, 0xC7, 0xF3, 0x85,
+        0x1D, 0x25, 0xEC, 0xBB, 0x50, 0x21, 0xCC, 0x38,
+        0xCB, 0x73, 0xEB, 0x6A, 0x34, 0x11, 0xB1, 0xC2,
+        0x90, 0x46, 0xCA, 0x66, 0x54, 0x06, 0x67, 0xD1,
+        0x36, 0x95, 0x44, 0x60, 0xC6, 0xFC, 0xBC, 0x4B,
+        0xC7, 0xC0, 0x49, 0xBB, 0x04, 0x7F, 0xA6, 0x7A,
+        0x63, 0xB3, 0xCC, 0x11, 0x11, 0xC1, 0xD8, 0xAC,
+        0x27, 0xE8, 0x05, 0x8B, 0xCC, 0xA4, 0xA1, 0x54,
+        0x55, 0x85, 0x8A, 0x58, 0x35, 0x8F, 0x7A, 0x61,
+        0x02, 0x0B, 0xC9, 0xC4, 0xC1, 0x7F, 0x8B, 0x95,
+        0xC2, 0x68, 0xCC, 0xB4, 0x04, 0xB9, 0xAA, 0xB4,
+        0xA2, 0x72, 0xA2, 0x1A, 0x70, 0xDA, 0xF6, 0xB6,
+        0xF1, 0x51, 0x21, 0xEE, 0x01, 0xC1, 0x56, 0xA3,
+        0x54, 0xAA, 0x17, 0x08, 0x7E, 0x07, 0x70, 0x2E,
+        0xAB, 0x38, 0xB3, 0x24, 0x1F, 0xDB, 0x55, 0x3F,
+        0x65, 0x73, 0x39, 0xD5, 0xE2, 0x9D, 0xC5, 0xD9,
+        0x1B, 0x7A, 0x5A, 0x82, 0x8E, 0xE9, 0x59, 0xFE,
+        0xBB, 0x90, 0xB0, 0x72, 0x29, 0xF6, 0xE4, 0x9D,
+        0x23, 0xC3, 0xA1, 0x90, 0x29, 0x70, 0x42, 0xFB,
+        0x43, 0x98, 0x69, 0x55, 0xB6, 0x9C, 0x28, 0xE1,
+        0x01, 0x6F, 0x77, 0xA5, 0x8B, 0x43, 0x15, 0x14,
+        0xD2, 0x1B, 0x88, 0x88, 0x99, 0xC3, 0x60, 0x82,
+        0x76, 0x08, 0x1B, 0x75, 0xF5, 0x68, 0x09, 0x7C,
+        0xDC, 0x17, 0x48, 0xF3, 0x23, 0x07, 0x88, 0x58,
+        0x15, 0xF3, 0xAE, 0xC9, 0x65, 0x18, 0x19, 0xAA,
+        0x68, 0x73, 0xD1, 0xA4, 0xEB, 0x83, 0xB1, 0x95,
+        0x38, 0x43, 0xB9, 0x34, 0x22, 0x51, 0x94, 0x83,
+        0xFE, 0xF0, 0x05, 0x9D, 0x36, 0xBB, 0x2D, 0xB1,
+        0xF3, 0xD4, 0x68, 0xFB, 0x06, 0x8C, 0x86, 0xE8,
+        0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E,
+        0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B
     };
     static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = {
-        0x37, 0xEC, 0x47, 0x7E, 0x21, 0x7B, 0xFB, 0x40,
-        0x38, 0x4C, 0x85, 0x0E, 0x51, 0xC1, 0x83, 0x71,
-        0x58, 0xBD, 0xBC, 0x23, 0xA3, 0x18, 0x32, 0xBC,
-        0x25, 0xC9, 0x1B, 0x31, 0x21, 0x44, 0x4A, 0xD4,
-        0x53, 0x37, 0x33, 0xBA, 0xFF, 0x07, 0xCA, 0x81,
-        0x7B, 0x64, 0xB2, 0xCA, 0x42, 0x99, 0xAA, 0x26,
-        0x45, 0x4C, 0xBA, 0xFB, 0x35, 0xB6, 0xAB, 0xE1,
-        0x18, 0x5C, 0xB4, 0x7C, 0x4C, 0xD6, 0x1A, 0xF9,
-        0x83, 0x83, 0xC4, 0x81, 0x4B, 0x20, 0xAB, 0x87,
-        0x54, 0xFC, 0x51, 0x4F, 0x23, 0x07, 0x41, 0x14,
-        0xC3, 0xE5, 0xA8, 0x10, 0xA4, 0x53, 0xB8, 0x55,
-        0xAA, 0x7F, 0x13, 0x10, 0xC7, 0x4B, 0x0B, 0x01,
-        0xE5, 0xAA, 0xB2, 0xE8, 0x71, 0x73, 0x8F, 0xAC,
-        0x27, 0x86, 0xC7, 0xA0, 0x5D, 0x6B, 0x3B, 0x32,
-        0xA0, 0x50, 0xD0, 0xFB, 0x22, 0x39, 0x56, 0xC9,
-        0x5C, 0xA0, 0xC2, 0xC1, 0xD5, 0x41, 0x54, 0xA7,
-        0x7B, 0xD3, 0x37, 0x37, 0xA4, 0x9A, 0x00, 0x65,
-        0xD1, 0x42, 0x4A, 0x2A, 0xBA, 0xFD, 0x52, 0xAA,
-        0x93, 0x4C, 0x98, 0x04, 0x93, 0x92, 0x08, 0xF0,
-        0x5C, 0xCF, 0x8B, 0x8B, 0x80, 0x86, 0x31, 0x6E,
-        0x09, 0x43, 0xA0, 0x87, 0x10, 0x50, 0x0C, 0x91,
-        0x8A, 0x2B, 0x21, 0x8D, 0x37, 0xB8, 0x5A, 0xE2,
-        0x80, 0x22, 0xCB, 0x01, 0x34, 0xFB, 0x49, 0xF5,
-        0xC4, 0x5D, 0x98, 0xD3, 0xC0, 0x4B, 0x75, 0x5A,
-        0x60, 0x88, 0x04, 0x22, 0x66, 0x8E, 0x2B, 0x30,
-        0x1B, 0x18, 0xD5, 0x19, 0x4D, 0xE9, 0x91, 0xB2,
-        0x65, 0xBF, 0x94, 0x69, 0x7E, 0x6A, 0x4B, 0x81,
-        0x50, 0xC8, 0xB8, 0x52, 0x03, 0x39, 0x15, 0x63,
-        0x5E, 0x30, 0x66, 0x5B, 0xDA, 0x21, 0x91, 0xDA,
-        0xA5, 0x05, 0xD4, 0x33, 0x44, 0xFD, 0x29, 0xC9,
-        0xFC, 0xC1, 0xC5, 0x07, 0x69, 0x1D, 0x47, 0x5B,
-        0x61, 0x7C, 0x94, 0x8F, 0xCC, 0x84, 0xB1, 0xB0,
-        0x8A, 0x1C, 0x63, 0x8C, 0x3E, 0x13, 0x58, 0x0C,
-        0xE3, 0x59, 0x78, 0x9A, 0x98, 0x60, 0xE5, 0x46,
-        0x9C, 0xC7, 0x54, 0xB0, 0x8E, 0xE3, 0x3F, 0x09,
-        0x21, 0xBD, 0xEF, 0x15, 0xA9, 0x06, 0x96, 0x9F,
-        0x2D, 0xC5, 0x7A, 0x25, 0xE8, 0x0C, 0xE4, 0xC4,
-        0x5F, 0x11, 0xE0, 0x4A, 0x51, 0x9A, 0xB0, 0x8B,
-        0x9B, 0x92, 0x7C, 0x3A, 0x13, 0xA0, 0x81, 0xCF,
-        0xFA, 0x11, 0x0F, 0xAC, 0xCC, 0x5E, 0x8D, 0xC2,
-        0x94, 0x95, 0x97, 0x8B, 0x55, 0x53, 0x10, 0x4D,
-        0x47, 0x3A, 0x17, 0x59, 0x18, 0xAD, 0x5B, 0x54,
-        0x87, 0xBB, 0xA6, 0x97, 0x12, 0xAE, 0x93, 0xF6,
-        0x15, 0xC6, 0x0A, 0x8D, 0x38, 0x7B, 0xCE, 0x3F,
-        0x65, 0x1E, 0x56, 0x88, 0x0A, 0x52, 0x2B, 0x2D,
-        0xB8, 0x63, 0x51, 0xCA, 0xB6, 0x5D, 0x13, 0xB4,
-        0x69, 0x3D, 0xB0, 0xB2, 0xC8, 0x09, 0x36, 0xFA,
-        0xD1, 0xCE, 0x67, 0x92, 0x5E, 0x6B, 0xB7, 0xC1,
-        0x10, 0xC4, 0x3E, 0x83, 0x24, 0x7D, 0x22, 0x60,
-        0x8D, 0x8C, 0x10, 0x23, 0x43, 0x1C, 0xB6, 0x92,
-        0x90, 0xA4, 0xF8, 0xA9, 0x59, 0x3B, 0xF1, 0x24,
-        0x1D, 0x73, 0x7C, 0x0C, 0xD1, 0x6D, 0x75, 0xEB,
-        0x50, 0xC6, 0x84, 0x2C, 0xE0, 0xA2, 0x1D, 0xCE,
-        0x49, 0x40, 0x36, 0x82, 0x4C, 0xE6, 0x32, 0x52,
-        0xE9, 0x32, 0x5F, 0x05, 0xB7, 0x34, 0x45, 0x2B,
-        0x12, 0x91, 0x32, 0xB1, 0x96, 0x08, 0x4A, 0x37,
-        0x88, 0xBB, 0xB1, 0xF2, 0x0A, 0x37, 0xD2, 0xC2,
-        0xB3, 0xF9, 0x0E, 0x0D, 0xD7, 0xA2, 0x74, 0xC9,
-        0xB1, 0xA9, 0xF0, 0x2E, 0xC7, 0xE7, 0x21, 0xF4,
-        0xA4, 0x3D, 0x40, 0x9A, 0x25, 0xFB, 0xC9, 0x9A,
-        0x44, 0xD4, 0x76, 0x31, 0x07, 0xC7, 0x87, 0x62,
-        0x09, 0x41, 0x76, 0x1E, 0xD4, 0x8C, 0x93, 0x29,
-        0x24, 0xBA, 0x62, 0x09, 0x86, 0xCF, 0x27, 0x7A,
-        0x23, 0x47, 0x1C, 0x7B, 0x13, 0x33, 0x3D, 0x93,
-        0x6C, 0x0D, 0xD4, 0x9E, 0x0F, 0xF3, 0x4C, 0xA3,
-        0xAB, 0x82, 0x34, 0xC4, 0x2A, 0xEB, 0xE4, 0x59,
-        0xC6, 0x12, 0x05, 0x2B, 0x97, 0x16, 0xE9, 0x6B,
-        0x20, 0xBE, 0xC7, 0x18, 0x12, 0x60, 0x40, 0xA9,
-        0x09, 0x1F, 0x6B, 0xA9, 0x44, 0x5F, 0x45, 0x80,
-        0x6A, 0xEB, 0x6E, 0x38, 0x16, 0x71, 0x0F, 0x7C,
-        0xBF, 0xED, 0x11, 0x01, 0x46, 0x12, 0x84, 0xDD,
-        0x96, 0x2B, 0x7B, 0x12, 0x04, 0x7C, 0x0A, 0x0A,
-        0x90, 0x6A, 0x05, 0x89, 0xB4, 0xA9, 0xA4, 0x26,
-        0x46, 0x9B, 0xDA, 0x39, 0x46, 0x09, 0x1A, 0x37,
-        0x5B, 0x19, 0x52, 0xA9, 0x1C, 0x23, 0x1C, 0x0F,
-        0xE6, 0xB5, 0x7F, 0x7C, 0xC9, 0x7E, 0xFE, 0xD0,
-        0xBC, 0x10, 0x01, 0x36, 0x78, 0x23, 0xBE, 0x18,
-        0x86, 0x30, 0x8B, 0x3A, 0x21, 0x45, 0x2B, 0x7E,
-        0x45, 0x50, 0x66, 0x71, 0x9C, 0xCC, 0xEA, 0xF6,
-        0xA7, 0x26, 0xFC, 0x22, 0xBC, 0x83, 0x99, 0xF5,
-        0x4B, 0xBF, 0xCA, 0xF7, 0xCA, 0x63, 0xBA, 0x73,
-        0x17, 0x3C, 0x7A, 0xA8, 0x61, 0x9A, 0x3F, 0x48,
-        0x5C, 0x3E, 0x33, 0x04, 0x21, 0x00, 0x67, 0x66,
-        0x74, 0x6F, 0x4E, 0xF6, 0x65, 0x3E, 0x44, 0x0E,
-        0x5C, 0xDC, 0x59, 0x53, 0x40, 0x18, 0xC3, 0x52,
-        0xC0, 0x23, 0x58, 0x4C, 0xBB, 0x37, 0x4E, 0xB7,
-        0xA9, 0xB7, 0x83, 0x68, 0x32, 0xBE, 0x53, 0xAF,
-        0x27, 0x2A, 0x06, 0x97, 0x55, 0xCE, 0x2F, 0xF2,
-        0x9C, 0xD8, 0xB3, 0x94, 0xC5, 0x24, 0x22, 0xB3,
-        0x47, 0x0E, 0x27, 0x41, 0x5F, 0x41, 0xB3, 0x97,
-        0x53, 0x59, 0x59, 0xF1, 0x60, 0x00, 0x3B, 0x45,
-        0x2C, 0xF4, 0x96, 0x97, 0xB7, 0xA5, 0x36, 0x89,
-        0x85, 0x2B, 0xBE, 0x6C, 0xCF, 0xDF, 0xB4, 0x0B,
-        0x48, 0xE9, 0x32, 0x8D, 0xE1, 0x15, 0x22, 0xD0,
-        0xA4, 0x31, 0xB1, 0x15, 0xA5, 0xC0, 0xC2, 0xF4,
-        0x30, 0x7D, 0x98, 0x62, 0xC0, 0xDD, 0x1B, 0x40,
-        0xC6, 0x5A, 0x1D, 0x9D, 0x47, 0x97, 0x77, 0xE6,
-        0x90, 0x5A, 0x91, 0xA5, 0xCB, 0x24, 0x55, 0x1C,
-        0x8B, 0x1E, 0x52, 0xA3, 0xC7, 0x7B, 0x63, 0x31,
-        0x3F, 0xFC, 0x8B, 0x58, 0x17, 0x81, 0x52, 0x59,
-        0xA6, 0xAD, 0xB5, 0x96, 0x45, 0xDC, 0x4B, 0xB1,
-        0x43, 0x6D, 0x51, 0xE6, 0x2A, 0x09, 0x68, 0x34,
-        0xAF, 0x43, 0x77, 0x25, 0x10, 0xC4, 0xED, 0xF3,
-        0x4C, 0xDE, 0x0A, 0x5B, 0x57, 0xC1, 0x45, 0xE6,
-        0x87, 0xCB, 0x87, 0x16, 0x2F, 0x00, 0x1C, 0x21,
-        0xC9, 0xE1, 0x93, 0x4A, 0xC1, 0x1A, 0xAF, 0xA7,
-        0x0F, 0xF8, 0x10, 0x73, 0x26, 0x50, 0xB3, 0x2A,
-        0x30, 0x18, 0xA7, 0xC5, 0x0C, 0xD7, 0x36, 0x79,
-        0x62, 0x22, 0xC8, 0xAB, 0x82, 0x1A, 0x92, 0x83,
-        0xBE, 0x1C, 0xC2, 0x04, 0xC3, 0xF1, 0x63, 0x0D,
-        0x3C, 0xCC, 0xDB, 0x0A, 0x9A, 0x3D, 0x17, 0x55,
-        0x2B, 0x91, 0x58, 0xC0, 0x66, 0x4E, 0x5D, 0x6A,
-        0x04, 0xB0, 0xFA, 0x36, 0xDE, 0x45, 0x86, 0x2A,
-        0x46, 0xA3, 0x9E, 0xC5, 0x97, 0xAE, 0x42, 0xC3,
-        0x11, 0xC4, 0xAC, 0x22, 0x4A, 0x72, 0xD6, 0xF2,
-        0x53, 0xBB, 0x52, 0x35, 0xF7, 0xA2, 0xB8, 0xB0,
-        0xF2, 0x4D, 0x13, 0x76, 0xAF, 0x58, 0x87, 0x46,
-        0xF3, 0xBB, 0x8E, 0x03, 0x65, 0x07, 0x87, 0x61,
-        0xCA, 0xB9, 0x83, 0xA4, 0xA6, 0xA9, 0x40, 0xA3,
-        0xD9, 0x97, 0x04, 0x7A, 0x8F, 0x36, 0xA7, 0x31,
-        0xE8, 0x96, 0x52, 0x36, 0xC3, 0x7B, 0xF2, 0x00,
-        0x08, 0x2F, 0x82, 0x1D, 0xCA, 0x77, 0x16, 0xC4,
-        0x44, 0xA9, 0x0B, 0xEC, 0x53, 0x07, 0x4B, 0xBA,
-        0x58, 0xC1, 0x32, 0xBF, 0xB9, 0xA2, 0xAC, 0xE2,
-        0xCE, 0xC9, 0xAA, 0x65, 0x8E, 0xAC, 0x12, 0x32,
-        0xCC, 0xCA, 0x3C, 0x81, 0x7A, 0x92, 0xC1, 0x19,
-        0x5C, 0x05, 0xC0, 0xE1, 0xD6, 0x63, 0x9F, 0xD2,
-        0xAD, 0xE5, 0x31, 0x60, 0x7D, 0x48, 0x8B, 0x74,
-        0xA7, 0x47, 0xCF, 0xF4, 0x7F, 0xCA, 0x5C, 0x8B,
-        0x21, 0x63, 0xCA, 0x03, 0xC5, 0x45, 0xED, 0x10,
-        0x32, 0x78, 0x43, 0x0C, 0x60, 0xB2, 0x38, 0x1A,
-        0x09, 0x42, 0x7F, 0xD1, 0x30, 0xF8, 0x59, 0xBF,
-        0x5D, 0xB7, 0x76, 0xDA, 0x09, 0x5D, 0xCA, 0x58,
-        0x04, 0xFA, 0x63, 0xB0, 0xD7, 0xD8, 0x7F, 0xA9,
-        0x41, 0x5C, 0x72, 0xFB, 0x51, 0x87, 0x2A, 0x98,
-        0x9F, 0x46, 0x6C, 0x98, 0x4B, 0xC7, 0x4C, 0x29,
-        0xB8, 0x63, 0x20, 0x19, 0xCA, 0x04, 0x0C, 0x9C,
-        0xA3, 0x5E, 0x22, 0x60, 0x8D, 0xAA, 0x70, 0x35,
-        0x7A, 0xE2, 0xC3, 0xAD, 0x83, 0x63, 0x1F, 0xAA,
-        0x17, 0x4E, 0x0A, 0xCD, 0xF5, 0xDB, 0xBF, 0x3C,
-        0xF6, 0x8A, 0x05, 0xB6, 0x54, 0x3A, 0xB6, 0x26,
-        0x8E, 0x1A, 0x51, 0xB0, 0x93, 0x2C, 0x17, 0xB0,
-        0x0A, 0x13, 0x71, 0xB2, 0xDA, 0xB2, 0x41, 0xF9,
-        0x2A, 0x43, 0xFF, 0xB4, 0x56, 0xD0, 0xA8, 0xC8,
-        0x86, 0x0A, 0x8E, 0x28, 0xA6, 0x1A, 0x21, 0x30,
-        0x7C, 0xC0, 0x45, 0x6D, 0xA4, 0x24, 0x29, 0x05,
-        0xCB, 0x1D, 0x3D, 0x0B, 0xBD, 0x81, 0xBB, 0x8E,
-        0xE2, 0x74, 0xA4, 0x3C, 0x76, 0xC3, 0x10, 0x01,
-        0x95, 0x15, 0xFC, 0xC1, 0x40, 0x46, 0x7C, 0x33,
-        0x37, 0x0C, 0x86, 0x80, 0x8E, 0xCA, 0xA5, 0x8E,
-        0x3B, 0xA9, 0x3A, 0x2C, 0x11, 0x90, 0x46, 0x1C,
-        0x1D, 0xFA, 0x11, 0x30, 0x20, 0x01, 0xBB, 0xAB,
-        0x4C, 0xB1, 0xE3, 0x64, 0x2E, 0xF8, 0xCB, 0x26,
-        0x30, 0x9B, 0x60, 0x52, 0x3B, 0xC2, 0x18, 0x87,
-        0xB0, 0x7F, 0x89, 0x8C, 0xE5, 0x62, 0xA6, 0xCA,
-        0x77, 0x8E, 0xA0, 0x15, 0x05, 0x85, 0x13, 0x78,
-        0xCE, 0xA8, 0xBB, 0x7F, 0xC0, 0x9D, 0x11, 0x96,
-        0x1B, 0x6C, 0x59, 0x6F, 0x93, 0x54, 0x2A, 0x99,
-        0x04, 0x86, 0x4E, 0xB1, 0x0C, 0xD0, 0xA7, 0x03,
-        0xDB, 0xA9, 0x89, 0x21, 0x86, 0x1A, 0x87, 0xB0,
-        0x56, 0x52, 0x5C, 0x71, 0xA8, 0x43, 0x55, 0x3E,
-        0x64, 0x00, 0x77, 0x74, 0x37, 0xC9, 0x5C, 0xCC,
-        0x80, 0x85, 0xCC, 0x0C, 0x47, 0x7D, 0x66, 0x5A,
-        0x44, 0x79, 0x01, 0x9D, 0x4C, 0xD4, 0x42, 0xF7,
-        0x4A, 0x3C, 0xD8, 0x16, 0x9F, 0x42, 0x62, 0xB8,
-        0x27, 0x1B, 0x5D, 0x5A, 0x67, 0xC8, 0xC1, 0x61,
-        0x1A, 0xAE, 0x7B, 0x3D, 0x05, 0x34, 0xC0, 0x85,
-        0x97, 0x16, 0xFD, 0xF0, 0xBB, 0x68, 0x94, 0x90,
-        0x94, 0xC0, 0x6A, 0x1B, 0x73, 0xC9, 0xAA, 0x1C,
-        0xBD, 0xF3, 0x31, 0x54, 0x3D, 0xE0, 0x02, 0xA8,
-        0xC0, 0x6F, 0x94, 0xE8, 0x81, 0x0A, 0x5C, 0xB3,
-        0x73, 0x83, 0x27, 0x45, 0xD7, 0x20, 0x68, 0x3B,
-        0x57, 0x48, 0x75, 0xA6, 0x66, 0x94, 0x6D, 0x02,
-        0x96, 0x89, 0x3F, 0x2B, 0x59, 0xE9, 0x07, 0x48,
-        0x8D, 0x8C, 0x84, 0x89, 0xD4, 0x74, 0xD9, 0x29,
-        0xA0, 0x5A, 0x57, 0x3E, 0xD6, 0x67, 0x49, 0x03,
-        0x71, 0xA4, 0x6D, 0x45, 0x56, 0xCB, 0xB6, 0x8A,
-        0xAA, 0x79, 0xCC, 0x3E, 0xC6, 0x65, 0x34, 0x13,
-        0x57, 0x6C, 0x22, 0x8E, 0x37, 0x9A, 0x14, 0xCB,
-        0x90, 0xB7, 0xB7, 0x59, 0x1B, 0x19, 0xA7, 0xBD,
-        0x37, 0xA1, 0xC4, 0xD3, 0x78, 0x59, 0x89, 0x22,
-        0x19, 0x44, 0x2B, 0xB0, 0xB9, 0xB9, 0xBA, 0x67,
-        0xBA, 0x3B, 0xC0, 0xD0, 0x95, 0xC8, 0x80, 0x3C,
-        0xEB, 0xE9, 0x7A, 0xFF, 0x0B, 0x1C, 0x15, 0x35,
-        0x78, 0xA1, 0x30, 0xCD, 0x81, 0x57, 0xCF, 0x74,
-        0x59, 0x46, 0xC2, 0xF5, 0x72, 0x6D, 0x9C, 0x11,
-        0x27, 0x35, 0x75, 0x50, 0x52, 0x91, 0x34, 0x65,
-        0x28, 0xEE, 0x0B, 0xAC, 0x04, 0x7C, 0xC9, 0x84,
-        0x53, 0x8B, 0x97, 0xBB, 0xAB, 0xFC, 0xC3, 0x57,
-        0xDC, 0xB8, 0xA9, 0x8F, 0xB8, 0x57, 0xC9, 0xC5,
-        0x2D, 0x1B, 0x78, 0x67, 0x49, 0xCA, 0x61, 0x89,
-        0x2B, 0x09, 0x75, 0x99, 0x80, 0x52, 0x00, 0x91,
-        0xB9, 0xB4, 0x77, 0xC7, 0x0E, 0x6C, 0x46, 0x58,
-        0x6B, 0x1C, 0xCE, 0xBE, 0x87, 0xBC, 0xF6, 0xDF,
-        0x03, 0xC2, 0xB2, 0x7C, 0xB0, 0x9F, 0xA0, 0x3F,
-        0x63, 0x16, 0x09, 0x58, 0x38, 0x3B, 0xE6, 0x36,
-        0xC0, 0xEC, 0xC8, 0xDD, 0xAE, 0x8B, 0x59, 0x4A,
-        0x14, 0x03, 0x78, 0x68, 0xBE, 0xC0, 0xB2, 0x23,
-        0x00, 0xDE, 0xFD, 0xFA, 0xA1, 0xD9, 0x73, 0xAC,
-        0x5C, 0xEC, 0x84, 0xAE, 0x43, 0x86, 0xB8, 0xFB,
-        0xCD, 0x11, 0x9A, 0xFD, 0xC8, 0x55, 0x94, 0x42,
-        0x42, 0x4A, 0x87, 0xC1, 0x3E, 0xA1, 0x01, 0xE2,
-        0x9F, 0xCA, 0x11, 0x88, 0x18, 0x69, 0x07, 0x7E,
-        0x40, 0x92, 0xE7, 0x51, 0xBE, 0xDC, 0xA8, 0xBC
+        0x7F, 0xE4, 0x20, 0x6F, 0x26, 0xBE, 0xDB, 0x64,
+        0xC1, 0xED, 0x00, 0x09, 0x61, 0x52, 0x45, 0xDC,
+        0x98, 0x48, 0x3F, 0x66, 0x3A, 0xCC, 0x61, 0x7E,
+        0x65, 0x89, 0x8D, 0x59, 0x6A, 0x88, 0x36, 0xC4,
+        0x9F, 0xBD, 0x3B, 0x4A, 0x84, 0x97, 0x59, 0xAA,
+        0x15, 0x46, 0xBD, 0xA8, 0x35, 0xCA, 0xF1, 0x75,
+        0x64, 0x2C, 0x28, 0x28, 0x08, 0x92, 0xA7, 0x87,
+        0x8C, 0xC3, 0x18, 0xBC, 0xC7, 0x5B, 0x83, 0x4C,
+        0xB2, 0x9F, 0xDF, 0x53, 0x60, 0xD7, 0xF9, 0x82,
+        0xA5, 0x2C, 0x88, 0xAE, 0x91, 0x4D, 0xBF, 0x02,
+        0xB5, 0x8B, 0xEB, 0x8B, 0xA8, 0x87, 0xAE, 0x8F,
+        0xAB, 0x5E, 0xB7, 0x87, 0x31, 0xC6, 0x75, 0x78,
+        0x05, 0x47, 0x1E, 0xBC, 0xEC, 0x2E, 0x38, 0xDB,
+        0x1F, 0x4B, 0x83, 0x10, 0xD2, 0x88, 0x92, 0x0D,
+        0x8A, 0x49, 0x27, 0x95, 0xA3, 0x90, 0xA7, 0x4B,
+        0xCD, 0x55, 0xCD, 0x85, 0x57, 0xB4, 0xDA, 0xAB,
+        0xA8, 0x2C, 0x28, 0xCB, 0x3F, 0x15, 0x2C, 0x52,
+        0x31, 0x19, 0x61, 0x93, 0xA6, 0x6A, 0x8C, 0xCF,
+        0x34, 0xB8, 0x0E, 0x1F, 0x69, 0x42, 0xC3, 0x2B,
+        0xCF, 0xF9, 0x6A, 0x6E, 0x3C, 0xF3, 0x93, 0x9B,
+        0x7B, 0x94, 0x24, 0x98, 0xCC, 0x5E, 0x4C, 0xB8,
+        0xE8, 0x46, 0x8E, 0x70, 0x27, 0x59, 0x85, 0x2A,
+        0xA2, 0x29, 0xC0, 0x25, 0x7F, 0x02, 0x98, 0x20,
+        0x97, 0x33, 0x86, 0x07, 0xC0, 0xF0, 0xF4, 0x54,
+        0x46, 0xFA, 0xB4, 0x26, 0x79, 0x93, 0xB8, 0xA5,
+        0x90, 0x8C, 0xAB, 0x9C, 0x46, 0x78, 0x01, 0x34,
+        0x80, 0x4A, 0xE1, 0x88, 0x15, 0xB1, 0x02, 0x05,
+        0x27, 0xA2, 0x22, 0xEC, 0x4B, 0x39, 0xA3, 0x19,
+        0x4E, 0x66, 0x17, 0x37, 0x79, 0x17, 0x14, 0x12,
+        0x26, 0x62, 0xD8, 0xB9, 0x76, 0x9F, 0x6C, 0x67,
+        0xDE, 0x62, 0x5C, 0x0D, 0x48, 0x3C, 0x3D, 0x42,
+        0x0F, 0xF1, 0xBB, 0x88, 0x9A, 0x72, 0x7E, 0x75,
+        0x62, 0x81, 0x51, 0x3A, 0x70, 0x04, 0x76, 0x48,
+        0xD2, 0x9C, 0x0C, 0x30, 0xF9, 0xBE, 0x52, 0xEC,
+        0x0D, 0xEB, 0x97, 0x7C, 0xF0, 0xF3, 0x4F, 0xC2,
+        0x07, 0x84, 0x83, 0x45, 0x69, 0x64, 0x74, 0x34,
+        0x10, 0x63, 0x8C, 0x57, 0xB5, 0x53, 0x95, 0x77,
+        0xBF, 0x85, 0x66, 0x90, 0x78, 0xC3, 0x56, 0xB3,
+        0x46, 0x2E, 0x9F, 0xA5, 0x80, 0x7D, 0x49, 0x59,
+        0x1A, 0xFA, 0x41, 0xC1, 0x96, 0x9F, 0x65, 0xE3,
+        0x40, 0x5C, 0xB6, 0x4D, 0xDF, 0x16, 0x3F, 0x26,
+        0x73, 0x4C, 0xE3, 0x48, 0xB9, 0xCF, 0x45, 0x67,
+        0xA3, 0x3A, 0x59, 0x69, 0xEB, 0x32, 0x6C, 0xFB,
+        0x5A, 0xDC, 0x69, 0x5D, 0xCA, 0x0C, 0x8B, 0x2A,
+        0x7B, 0x1F, 0x4F, 0x40, 0x4C, 0xC7, 0xA0, 0x98,
+        0x1E, 0x2C, 0xC2, 0x4C, 0x1C, 0x23, 0xD1, 0x6A,
+        0xA9, 0xB4, 0x39, 0x24, 0x15, 0xE2, 0x6C, 0x22,
+        0xF4, 0xA9, 0x34, 0xD7, 0x94, 0xC1, 0xFB, 0x4E,
+        0x5A, 0x67, 0x05, 0x11, 0x23, 0xCC, 0xD1, 0x53,
+        0x76, 0x4D, 0xEC, 0x99, 0xD5, 0x53, 0x52, 0x90,
+        0x53, 0xC3, 0xDA, 0x55, 0x0B, 0xCE, 0xA3, 0xAC,
+        0x54, 0x13, 0x6A, 0x26, 0xA6, 0x76, 0xD2, 0xBA,
+        0x84, 0x21, 0x06, 0x70, 0x68, 0xC6, 0x38, 0x1C,
+        0x2A, 0x62, 0xA7, 0x27, 0xC9, 0x33, 0x70, 0x2E,
+        0xE5, 0x80, 0x4A, 0x31, 0xCA, 0x86, 0x5A, 0x45,
+        0x58, 0x8F, 0xB7, 0x4D, 0xE7, 0xE2, 0x22, 0x3D,
+        0x88, 0xC0, 0x60, 0x8A, 0x16, 0xBF, 0xEC, 0x4F,
+        0xAD, 0x67, 0x52, 0xDB, 0x56, 0xB4, 0x8B, 0x88,
+        0x72, 0xBF, 0x26, 0xBA, 0x2F, 0xFA, 0x0C, 0xED,
+        0xE5, 0x34, 0x3B, 0xE8, 0x14, 0x36, 0x89, 0x26,
+        0x5E, 0x06, 0x5F, 0x41, 0xA6, 0x92, 0x5B, 0x86,
+        0xC8, 0x92, 0xE6, 0x2E, 0xB0, 0x77, 0x27, 0x34,
+        0xF5, 0xA3, 0x57, 0xC7, 0x5C, 0xA1, 0xAC, 0x6D,
+        0xF7, 0x8A, 0xB1, 0xB8, 0x88, 0x5A, 0xD0, 0x81,
+        0x96, 0x15, 0x37, 0x6D, 0x33, 0xEB, 0xB9, 0x8F,
+        0x87, 0x33, 0xA6, 0x75, 0x58, 0x03, 0xD9, 0x77,
+        0xBF, 0x51, 0xC1, 0x27, 0x40, 0x42, 0x4B, 0x2B,
+        0x49, 0xC2, 0x83, 0x82, 0xA6, 0x91, 0x7C, 0xBF,
+        0xA0, 0x34, 0xC3, 0xF1, 0x26, 0xA3, 0x8C, 0x21,
+        0x6C, 0x03, 0xC3, 0x57, 0x70, 0xAD, 0x48, 0x1B,
+        0x90, 0x84, 0xB5, 0x58, 0x8D, 0xA6, 0x5F, 0xF1,
+        0x18, 0xA7, 0x4F, 0x93, 0x2C, 0x7E, 0x53, 0x7A,
+        0xBE, 0x58, 0x63, 0xFB, 0x29, 0xA1, 0x0C, 0x09,
+        0x70, 0x1B, 0x44, 0x1F, 0x83, 0x99, 0xC1, 0xF8,
+        0xA6, 0x37, 0x82, 0x5A, 0xCE, 0xA3, 0xE9, 0x31,
+        0x80, 0x57, 0x4F, 0xDE, 0xB8, 0x80, 0x76, 0x66,
+        0x1A, 0xB4, 0x69, 0x51, 0x71, 0x6A, 0x50, 0x01,
+        0x84, 0xA0, 0x40, 0x55, 0x72, 0x66, 0x59, 0x8C,
+        0xAF, 0x76, 0x10, 0x5E, 0x1C, 0x18, 0x70, 0xB4,
+        0x39, 0x69, 0xC3, 0xBC, 0xC1, 0xA0, 0x49, 0x27,
+        0x63, 0x80, 0x17, 0x49, 0x8B, 0xB6, 0x2C, 0xAF,
+        0xD3, 0xA6, 0xB0, 0x82, 0xB7, 0xBF, 0x7A, 0x23,
+        0x45, 0x0E, 0x19, 0x17, 0x99, 0x61, 0x9B, 0x92,
+        0x51, 0x12, 0xD0, 0x72, 0x02, 0x5C, 0xA8, 0x88,
+        0x54, 0x8C, 0x79, 0x1A, 0xA4, 0x22, 0x51, 0x50,
+        0x4D, 0x5D, 0x1C, 0x1C, 0xDD, 0xB2, 0x13, 0x30,
+        0x3B, 0x04, 0x9E, 0x73, 0x46, 0xE8, 0xD8, 0x3A,
+        0xD5, 0x87, 0x83, 0x6F, 0x35, 0x28, 0x4E, 0x10,
+        0x97, 0x27, 0xE6, 0x6B, 0xBC, 0xC9, 0x52, 0x1F,
+        0xE0, 0xB1, 0x91, 0x63, 0x00, 0x47, 0xD1, 0x58,
+        0xF7, 0x56, 0x40, 0xFF, 0xEB, 0x54, 0x56, 0x07,
+        0x27, 0x40, 0x02, 0x1A, 0xFD, 0x15, 0xA4, 0x54,
+        0x69, 0xC5, 0x83, 0x82, 0x9D, 0xAA, 0xC8, 0xA7,
+        0xDE, 0xB0, 0x5B, 0x24, 0xF0, 0x56, 0x7E, 0x43,
+        0x17, 0xB3, 0xE3, 0xB3, 0x33, 0x89, 0xB5, 0xC5,
+        0xF8, 0xB0, 0x4B, 0x09, 0x9F, 0xB4, 0xD1, 0x03,
+        0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2,
+        0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA,
+        0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69,
+        0x4F, 0xD6, 0x4E, 0xAA, 0xB9, 0x07, 0xA4, 0x35,
+        0x39, 0xDD, 0xB2, 0x7B, 0xA0, 0xA8, 0x53, 0xCC,
+        0x90, 0x69, 0xEA, 0xC8, 0x50, 0x8C, 0x65, 0x3E,
+        0x60, 0x0B, 0x2A, 0xC0, 0x18, 0x38, 0x1B, 0x4B,
+        0xB4, 0xA8, 0x79, 0xAC, 0xDA, 0xD3, 0x42, 0xF9,
+        0x11, 0x79, 0xCA, 0x82, 0x49, 0x52, 0x5C, 0xB1,
+        0x96, 0x8B, 0xBE, 0x52, 0xF7, 0x55, 0xB7, 0xF5,
+        0xB4, 0x3D, 0x66, 0x63, 0xD7, 0xA3, 0xBF, 0x0F,
+        0x33, 0x57, 0xD8, 0xA2, 0x1D, 0x15, 0xB5, 0x2D,
+        0xB3, 0x81, 0x8E, 0xCE, 0x5B, 0x40, 0x2A, 0x60,
+        0xC9, 0x93, 0xE7, 0xCF, 0x43, 0x64, 0x87, 0xB8,
+        0xD2, 0xAE, 0x91, 0xE6, 0xC5, 0xB8, 0x82, 0x75,
+        0xE7, 0x58, 0x24, 0xB0, 0x00, 0x7E, 0xF3, 0x12,
+        0x3C, 0x0A, 0xB5, 0x1B, 0x5C, 0xC6, 0x1B, 0x9B,
+        0x22, 0x38, 0x0D, 0xE6, 0x6C, 0x5B, 0x20, 0xB0,
+        0x60, 0xCB, 0xB9, 0x86, 0xF8, 0x12, 0x3D, 0x94,
+        0x06, 0x00, 0x49, 0xCD, 0xF8, 0x03, 0x68, 0x73,
+        0xA7, 0xBE, 0x10, 0x94, 0x44, 0xA0, 0xA1, 0xCD,
+        0x87, 0xA4, 0x8C, 0xAE, 0x54, 0x19, 0x24, 0x84,
+        0xAF, 0x84, 0x44, 0x29, 0xC1, 0xC5, 0x8C, 0x29,
+        0xAC, 0x62, 0x4C, 0xD5, 0x04, 0xF1, 0xC4, 0x4F,
+        0x1E, 0x13, 0x47, 0x82, 0x2B, 0x6F, 0x22, 0x13,
+        0x23, 0x85, 0x9A, 0x7F, 0x6F, 0x75, 0x4B, 0xFE,
+        0x71, 0x0B, 0xDA, 0x60, 0x27, 0x62, 0x40, 0xA4,
+        0xFF, 0x2A, 0x53, 0x50, 0x70, 0x37, 0x86, 0xF5,
+        0x67, 0x1F, 0x44, 0x9F, 0x20, 0xC2, 0xA9, 0x5A,
+        0xE7, 0xC2, 0x90, 0x3A, 0x42, 0xCB, 0x3B, 0x30,
+        0x3F, 0xF4, 0xC4, 0x27, 0xC0, 0x8B, 0x11, 0xB4,
+        0xCD, 0x31, 0xC4, 0x18, 0xC6, 0xD1, 0x8D, 0x08,
+        0x61, 0x87, 0x3B, 0xFA, 0x03, 0x32, 0xF1, 0x12,
+        0x71, 0x55, 0x2E, 0xD7, 0xC0, 0x35, 0xF0, 0xE4,
+        0xBC, 0x42, 0x8C, 0x43, 0x72, 0x0B, 0x39, 0xA6,
+        0x51, 0x66, 0xBA, 0x9C, 0x2D, 0x3D, 0x77, 0x0E,
+        0x13, 0x03, 0x60, 0xCC, 0x23, 0x84, 0xE8, 0x30,
+        0x95, 0xB1, 0xA1, 0x59, 0x49, 0x55, 0x33, 0xF1,
+        0x16, 0xC7, 0xB5, 0x58, 0xB6, 0x50, 0xDB, 0x04,
+        0xD5, 0xA2, 0x6E, 0xAA, 0xA0, 0x8C, 0x3E, 0xE5,
+        0x7D, 0xE4, 0x5A, 0x7F, 0x88, 0xC6, 0xA3, 0xCE,
+        0xB2, 0x4D, 0xC5, 0x39, 0x7B, 0x88, 0xC3, 0xCE,
+        0xF0, 0x03, 0x31, 0x9B, 0xB0, 0x23, 0x3F, 0xD6,
+        0x92, 0xFD, 0xA1, 0x52, 0x44, 0x75, 0xB3, 0x51,
+        0xF3, 0xC7, 0x82, 0x18, 0x2D, 0xEC, 0xF5, 0x90,
+        0xB7, 0x72, 0x3B, 0xE4, 0x00, 0xBE, 0x14, 0x80,
+        0x9C, 0x44, 0x32, 0x99, 0x63, 0xFC, 0x46, 0x95,
+        0x92, 0x11, 0xD6, 0xA6, 0x23, 0x33, 0x95, 0x37,
+        0x84, 0x8C, 0x25, 0x16, 0x69, 0x94, 0x1D, 0x90,
+        0xB1, 0x30, 0x25, 0x8A, 0xDF, 0x55, 0xA7, 0x20,
+        0xA7, 0x24, 0xE8, 0xB6, 0xA6, 0xCA, 0xE3, 0xC2,
+        0x26, 0x4B, 0x16, 0x24, 0xCC, 0xBE, 0x7B, 0x45,
+        0x6B, 0x30, 0xC8, 0xC7, 0x39, 0x32, 0x94, 0xCA,
+        0x51, 0x80, 0xBC, 0x83, 0x7D, 0xD2, 0xE4, 0x5D,
+        0xBD, 0x59, 0xB6, 0xE1, 0x7B, 0x24, 0xFE, 0x93,
+        0x05, 0x2E, 0xB7, 0xC4, 0x3B, 0x27, 0xAC, 0x3D,
+        0xC2, 0x49, 0xCA, 0x0C, 0xBC, 0xA4, 0xFB, 0x58,
+        0x97, 0xC0, 0xB7, 0x44, 0x08, 0x8A, 0x8A, 0x07,
+        0x79, 0xD3, 0x22, 0x33, 0x82, 0x6A, 0x01, 0xDD,
+        0x64, 0x89, 0x95, 0x2A, 0x48, 0x25, 0xE5, 0x35,
+        0x8A, 0x70, 0x0B, 0xE0, 0xE1, 0x79, 0xAC, 0x19,
+        0x77, 0x10, 0xD8, 0x3E, 0xCC, 0x85, 0x3E, 0x52,
+        0x69, 0x5E, 0x9B, 0xF8, 0x7B, 0xB1, 0xF6, 0xCB,
+        0xD0, 0x5B, 0x02, 0xD4, 0xE6, 0x79, 0xE3, 0xB8,
+        0x8D, 0xD4, 0x83, 0xB0, 0x74, 0x9B, 0x11, 0xBD,
+        0x37, 0xB3, 0x83, 0xDC, 0xCA, 0x71, 0xF9, 0x09,
+        0x18, 0x34, 0xA1, 0x69, 0x55, 0x02, 0xC4, 0xB9,
+        0x5F, 0xC9, 0x11, 0x8C, 0x1C, 0xFC, 0x34, 0xC8,
+        0x4C, 0x22, 0x65, 0xBB, 0xBC, 0x56, 0x3C, 0x28,
+        0x26, 0x66, 0xB6, 0x0A, 0xE5, 0xC7, 0xF3, 0x85,
+        0x1D, 0x25, 0xEC, 0xBB, 0x50, 0x21, 0xCC, 0x38,
+        0xCB, 0x73, 0xEB, 0x6A, 0x34, 0x11, 0xB1, 0xC2,
+        0x90, 0x46, 0xCA, 0x66, 0x54, 0x06, 0x67, 0xD1,
+        0x36, 0x95, 0x44, 0x60, 0xC6, 0xFC, 0xBC, 0x4B,
+        0xC7, 0xC0, 0x49, 0xBB, 0x04, 0x7F, 0xA6, 0x7A,
+        0x63, 0xB3, 0xCC, 0x11, 0x11, 0xC1, 0xD8, 0xAC,
+        0x27, 0xE8, 0x05, 0x8B, 0xCC, 0xA4, 0xA1, 0x54,
+        0x55, 0x85, 0x8A, 0x58, 0x35, 0x8F, 0x7A, 0x61,
+        0x02, 0x0B, 0xC9, 0xC4, 0xC1, 0x7F, 0x8B, 0x95,
+        0xC2, 0x68, 0xCC, 0xB4, 0x04, 0xB9, 0xAA, 0xB4,
+        0xA2, 0x72, 0xA2, 0x1A, 0x70, 0xDA, 0xF6, 0xB6,
+        0xF1, 0x51, 0x21, 0xEE, 0x01, 0xC1, 0x56, 0xA3,
+        0x54, 0xAA, 0x17, 0x08, 0x7E, 0x07, 0x70, 0x2E,
+        0xAB, 0x38, 0xB3, 0x24, 0x1F, 0xDB, 0x55, 0x3F,
+        0x65, 0x73, 0x39, 0xD5, 0xE2, 0x9D, 0xC5, 0xD9,
+        0x1B, 0x7A, 0x5A, 0x82, 0x8E, 0xE9, 0x59, 0xFE,
+        0xBB, 0x90, 0xB0, 0x72, 0x29, 0xF6, 0xE4, 0x9D,
+        0x23, 0xC3, 0xA1, 0x90, 0x29, 0x70, 0x42, 0xFB,
+        0x43, 0x98, 0x69, 0x55, 0xB6, 0x9C, 0x28, 0xE1,
+        0x01, 0x6F, 0x77, 0xA5, 0x8B, 0x43, 0x15, 0x14,
+        0xD2, 0x1B, 0x88, 0x88, 0x99, 0xC3, 0x60, 0x82,
+        0x76, 0x08, 0x1B, 0x75, 0xF5, 0x68, 0x09, 0x7C,
+        0xDC, 0x17, 0x48, 0xF3, 0x23, 0x07, 0x88, 0x58,
+        0x15, 0xF3, 0xAE, 0xC9, 0x65, 0x18, 0x19, 0xAA,
+        0x68, 0x73, 0xD1, 0xA4, 0xEB, 0x83, 0xB1, 0x95,
+        0x38, 0x43, 0xB9, 0x34, 0x22, 0x51, 0x94, 0x83,
+        0xFE, 0xF0, 0x05, 0x9D, 0x36, 0xBB, 0x2D, 0xB1,
+        0xF3, 0xD4, 0x68, 0xFB, 0x06, 0x8C, 0x86, 0xE8,
+        0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E,
+        0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B,
+        0x62, 0x01, 0x30, 0xD6, 0xC2, 0xB8, 0xC9, 0x04,
+        0xA3, 0xBB, 0x93, 0x07, 0xBE, 0x51, 0x03, 0xF8,
+        0xD8, 0x14, 0x50, 0x5F, 0xB6, 0xA6, 0x0A, 0xF7,
+        0x93, 0x7E, 0xA6, 0xCA, 0xA1, 0x17, 0x31, 0x5E,
+        0x84, 0xCC, 0x91, 0x21, 0xAE, 0x56, 0xFB, 0xF3,
+        0x9E, 0x67, 0xAD, 0xBD, 0x83, 0xAD, 0x2D, 0x3E,
+        0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD,
+        0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7
     };
 #endif
 #ifndef WOLFSSL_NO_KYBER768
     static const byte seed_768[KYBER_MAKEKEY_RAND_SZ] = {
-        0x92, 0xAC, 0x7D, 0x1F, 0x83, 0xBA, 0xFA, 0xE6,
-        0xEE, 0x86, 0xFE, 0x00, 0xF9, 0x5D, 0x81, 0x33,
-        0x75, 0x77, 0x24, 0x34, 0x86, 0x0F, 0x5F, 0xF7,
-        0xD5, 0x4F, 0xFC, 0x37, 0x39, 0x9B, 0xC4, 0xCC,
-        0x92, 0xAC, 0x7D, 0x1F, 0x83, 0xBA, 0xFA, 0xE6,
-        0xEE, 0x86, 0xFE, 0x00, 0xF9, 0x5D, 0x81, 0x33,
-        0x75, 0x77, 0x24, 0x34, 0x86, 0x0F, 0x5F, 0xF7,
-        0xD5, 0x4F, 0xFC, 0x37, 0x39, 0x9B, 0xC4, 0xCC
+        /* d */
+        0xE3, 0x4A, 0x70, 0x1C, 0x4C, 0x87, 0x58, 0x2F,
+        0x42, 0x26, 0x4E, 0xE4, 0x22, 0xD3, 0xC6, 0x84,
+        0xD9, 0x76, 0x11, 0xF2, 0x52, 0x3E, 0xFE, 0x0C,
+        0x99, 0x8A, 0xF0, 0x50, 0x56, 0xD6, 0x93, 0xDC,
+        /* z */
+        0xA8, 0x57, 0x68, 0xF3, 0x48, 0x6B, 0xD3, 0x2A,
+        0x01, 0xBF, 0x9A, 0x8F, 0x21, 0xEA, 0x93, 0x8E,
+        0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C,
+        0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD
     };
     static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = {
-        0xD2, 0xE6, 0x9A, 0x05, 0x53, 0x4A, 0x72, 0x32,
-        0xC5, 0xF1, 0xB7, 0x66, 0xE9, 0x3A, 0x5E, 0xE2,
-        0xEA, 0x1B, 0x26, 0xE8, 0x60, 0xA3, 0x44, 0x1A,
-        0xDE, 0xA9, 0x1E, 0xDB, 0x78, 0x2C, 0xAB, 0xC8,
-        0xA5, 0xD0, 0x11, 0xA2, 0x1B, 0xC3, 0x88, 0xE7,
-        0xF4, 0x86, 0xF0, 0xB7, 0x99, 0x30, 0x79, 0xAE,
-        0x3F, 0x1A, 0x7C, 0x85, 0xD2, 0x7D, 0x0F, 0x49,
-        0x21, 0x84, 0xD5, 0x90, 0x62, 0x14, 0x2B, 0x76,
-        0xA4, 0x37, 0x34, 0xA9, 0x0D, 0x55, 0x6A, 0x95,
-        0xDC, 0x48, 0x3D, 0xD8, 0x21, 0x04, 0xED, 0x58,
-        0xCA, 0x15, 0x71, 0xC3, 0x96, 0x85, 0x82, 0x79,
-        0x51, 0x43, 0x4C, 0xC1, 0x00, 0x1A, 0xA4, 0xC8,
-        0x13, 0x26, 0x1E, 0x4F, 0x93, 0x02, 0x8E, 0x14,
-        0xCD, 0x08, 0xF7, 0x68, 0xA4, 0x54, 0x31, 0x0C,
-        0x3B, 0x01, 0x0C, 0x83, 0xB7, 0x4D, 0x04, 0xA5,
-        0x7B, 0xB9, 0x77, 0xB3, 0xD8, 0xBC, 0xF3, 0xAA,
-        0xA7, 0x8C, 0xA1, 0x2B, 0x78, 0xF0, 0x10, 0xD9,
-        0x51, 0x34, 0x92, 0x8A, 0x5E, 0x5D, 0x96, 0xA0,
-        0x29, 0xB4, 0x42, 0xA4, 0x18, 0x88, 0x03, 0x8B,
-        0x29, 0xC2, 0xF1, 0x22, 0xB0, 0xB6, 0xB3, 0xAF,
-        0x12, 0x1A, 0xEA, 0x29, 0xA0, 0x55, 0x53, 0xBD,
-        0xF1, 0xDB, 0x60, 0x7A, 0xFB, 0x17, 0x00, 0x18,
-        0x60, 0xAF, 0x18, 0x23, 0xBC, 0xF0, 0x3D, 0xB3,
-        0xB4, 0x41, 0xDA, 0x16, 0x3A, 0x28, 0xC5, 0x23,
-        0xA5, 0xFB, 0x46, 0x69, 0xA6, 0x42, 0x34, 0xA4,
-        0xBC, 0xD1, 0x21, 0x7F, 0xF2, 0x63, 0x5B, 0xD9,
-        0x76, 0x80, 0xFF, 0x93, 0x8D, 0xBC, 0xF1, 0x0E,
-        0x95, 0x32, 0xA9, 0xA7, 0x9A, 0x5B, 0x07, 0x3A,
-        0x9E, 0x8D, 0xB2, 0x12, 0x3D, 0x21, 0x0F, 0xAE,
-        0xA2, 0x00, 0xB6, 0x64, 0x83, 0x8E, 0x80, 0x07,
-        0x1F, 0x2B, 0xA2, 0x54, 0xAA, 0xC8, 0x90, 0xA4,
-        0x6E, 0x28, 0xEC, 0x34, 0x2D, 0x92, 0x81, 0x2B,
-        0x01, 0x59, 0x30, 0x71, 0x65, 0x7E, 0x7A, 0x3A,
-        0x4A, 0x75, 0xCB, 0x3D, 0x52, 0x79, 0xCE, 0x88,
-        0x40, 0x5A, 0xC5, 0xAD, 0xAC, 0xB2, 0x05, 0x1E,
-        0x02, 0x2E, 0xE0, 0xAC, 0x9B, 0xBF, 0xE3, 0x2D,
-        0xEF, 0x98, 0x66, 0x7E, 0xD3, 0x47, 0xAD, 0xCB,
-        0x39, 0x30, 0xF3, 0xCA, 0xD0, 0x31, 0x39, 0x1B,
-        0x70, 0x9A, 0x4E, 0x61, 0xB8, 0xDD, 0x4B, 0x3F,
-        0xB7, 0x41, 0xB5, 0xBD, 0x60, 0xBF, 0x30, 0x40,
-        0x15, 0xEE, 0x75, 0x46, 0xA2, 0x4B, 0x59, 0xEA,
-        0xDC, 0xA1, 0x37, 0xC7, 0x12, 0x50, 0x74, 0x72,
-        0x6B, 0x76, 0x86, 0xEC, 0x55, 0x1B, 0x7B, 0xC2,
-        0x6B, 0xBD, 0xB2, 0x0F, 0xC3, 0x78, 0x35, 0x34,
-        0xE3, 0x4E, 0xE1, 0xF1, 0xBC, 0x6B, 0x77, 0xAB,
-        0x49, 0xA6, 0x66, 0x78, 0x46, 0x97, 0x57, 0x78,
-        0xC3, 0xC5, 0x36, 0x83, 0x04, 0x50, 0xA3, 0xFA,
-        0x91, 0x02, 0x59, 0x72, 0x2F, 0x3F, 0x80, 0x6E,
-        0x6E, 0xB4, 0xB9, 0x34, 0x67, 0x63, 0xFE, 0xF0,
-        0x92, 0x2B, 0xC4, 0xB6, 0xEB, 0x38, 0x26, 0xAF,
-        0xF2, 0x4E, 0xAD, 0xC6, 0xCF, 0x6E, 0x47, 0x7C,
-        0x2E, 0x05, 0x5C, 0xFB, 0x7A, 0x90, 0xA5, 0x5C,
-        0x06, 0xD0, 0xB2, 0xA2, 0xF5, 0x11, 0x60, 0x69,
-        0xE6, 0x4A, 0x5B, 0x50, 0x78, 0xC0, 0x57, 0x7B,
-        0xC8, 0xE7, 0x90, 0x0E, 0xA7, 0x1C, 0x34, 0x1C,
-        0x02, 0xAD, 0x85, 0x4E, 0xA5, 0xA0, 0x1A, 0xF2,
-        0xA6, 0x05, 0xCB, 0x20, 0x68, 0xD5, 0x24, 0x38,
-        0xCD, 0xDC, 0x60, 0xB0, 0x38, 0x82, 0xCC, 0x02,
-        0x4D, 0x13, 0x04, 0x5F, 0x2B, 0xA6, 0xB0, 0xF4,
-        0x46, 0xAA, 0xA5, 0x95, 0x87, 0x60, 0x61, 0x79,
-        0x45, 0x37, 0x1F, 0xD7, 0x8C, 0x28, 0xA4, 0x06,
-        0x77, 0xA6, 0xE7, 0x2F, 0x51, 0x3B, 0x9E, 0x06,
-        0x67, 0xA9, 0xBA, 0xF4, 0x46, 0xC1, 0xBA, 0x93,
-        0x1B, 0xA8, 0x18, 0x34, 0x23, 0x47, 0x92, 0xA2,
-        0xA2, 0xB2, 0xB3, 0x70, 0x1F, 0x31, 0xB7, 0xCF,
-        0x46, 0x7C, 0x80, 0xF1, 0x98, 0x11, 0x41, 0xBB,
-        0x45, 0x77, 0x93, 0xE1, 0x30, 0x70, 0x91, 0xC4,
-        0x8B, 0x59, 0x14, 0x64, 0x6A, 0x60, 0xCE, 0x1A,
-        0x30, 0x15, 0x43, 0x77, 0x9D, 0x7C, 0x33, 0x42,
-        0xAD, 0x17, 0x97, 0x96, 0xC2, 0xC4, 0x40, 0xD9,
-        0x9D, 0xF9, 0xD4, 0x1B, 0x52, 0xE3, 0x26, 0x25,
-        0xA8, 0x2A, 0xA5, 0xF5, 0x79, 0xA9, 0x92, 0x0B,
-        0xFF, 0xBA, 0x96, 0x4F, 0xA7, 0x0D, 0xB2, 0x59,
-        0xC8, 0x5E, 0x68, 0xC8, 0x13, 0x81, 0x7B, 0x13,
-        0x47, 0xBF, 0x19, 0x81, 0x4D, 0xA5, 0xE9, 0x36,
-        0x4A, 0x46, 0x45, 0xE6, 0x21, 0x92, 0x3D, 0x95,
-        0x5C, 0x21, 0x1A, 0x55, 0xD3, 0x55, 0xC8, 0x16,
-        0xDA, 0x04, 0x73, 0x0A, 0xA3, 0x24, 0x08, 0x5E,
-        0x62, 0x2B, 0x51, 0xD6, 0x10, 0x9B, 0x49, 0xF6,
-        0x73, 0xAD, 0xD0, 0x0E, 0x41, 0x47, 0x55, 0xC8,
-        0x02, 0x4A, 0xA0, 0x16, 0x4F, 0x24, 0x55, 0x6D,
-        0xED, 0x96, 0x3D, 0x61, 0x14, 0x38, 0x56, 0xCB,
-        0x4F, 0xF0, 0x56, 0x7E, 0x33, 0x20, 0x73, 0x0D,
-        0xBC, 0xBF, 0x12, 0xF6, 0x6E, 0x2B, 0x70, 0xB2,
-        0x00, 0x54, 0xA6, 0xDE, 0xA4, 0x26, 0x14, 0xB5,
-        0x0E, 0xF7, 0x2B, 0x15, 0x6F, 0x51, 0x49, 0xFC,
-        0x26, 0x3D, 0xD7, 0xE0, 0x39, 0xC5, 0x5A, 0x3E,
-        0xE9, 0x82, 0x7D, 0xF9, 0x2C, 0x56, 0x5D, 0x24,
-        0xC5, 0x5E, 0x0A, 0x81, 0xC6, 0x49, 0x46, 0x95,
-        0x34, 0x4D, 0x94, 0x87, 0x48, 0xAF, 0xBA, 0x9F,
-        0x76, 0x2C, 0x0E, 0xA9, 0x0B, 0xB7, 0x24, 0x89,
-        0x79, 0x02, 0x00, 0x07, 0x75, 0x61, 0x39, 0x49,
-        0x60, 0x2C, 0x48, 0xC7, 0x8A, 0x94, 0x40, 0x67,
-        0x8C, 0x24, 0x08, 0x6D, 0x32, 0x6D, 0x79, 0x64,
-        0x3B, 0xAF, 0x70, 0x36, 0xC6, 0x6C, 0x7E, 0x02,
-        0x6A, 0xAE, 0xFD, 0xA2, 0x80, 0x7A, 0x60, 0xBD,
-        0x7F, 0xC9, 0x13, 0x63, 0xBB, 0x02, 0x34, 0xA5,
-        0x90, 0x98, 0x4A, 0xA0, 0x11, 0xF1, 0x1D, 0x40,
-        0x26, 0x82, 0x18, 0xA1, 0x58, 0x83, 0x77, 0xB3,
-        0xD7, 0x67, 0x1B, 0x8B, 0x99, 0x78, 0x99, 0x19,
-        0xB8, 0x6E, 0xE8, 0x2B, 0x18, 0xEC, 0x22, 0xD4,
-        0xE8, 0x0A, 0x1F, 0x27, 0x85, 0x3D, 0x88, 0x94,
-        0x19, 0xD4, 0x60, 0xDE, 0xF7, 0x56, 0x7A, 0xA4,
-        0x56, 0x79, 0x69, 0xC4, 0x30, 0x48, 0xC3, 0x2B,
-        0x84, 0x62, 0xA9, 0xC9, 0x38, 0x6E, 0xB3, 0x15,
-        0x2A, 0x69, 0x76, 0xAA, 0x78, 0x3C, 0xDD, 0x1A,
-        0x8C, 0x57, 0xA9, 0xB6, 0xBB, 0xD8, 0x37, 0xA0,
-        0x06, 0x24, 0xB5, 0x8B, 0x4B, 0xA3, 0xDB, 0xB6,
-        0x3B, 0xB8, 0x20, 0x0E, 0x7B, 0xC8, 0x88, 0x81,
-        0xBE, 0xBD, 0xA9, 0x25, 0xBC, 0xA0, 0x28, 0xE2,
-        0x91, 0xAA, 0x1C, 0x22, 0x53, 0x9C, 0xD0, 0x4F,
-        0x90, 0x09, 0x0D, 0x7F, 0x74, 0x10, 0x8C, 0x32,
-        0xB8, 0x02, 0x2C, 0x15, 0x91, 0xC8, 0x81, 0xE7,
-        0x63, 0x04, 0xE2, 0x40, 0x81, 0x90, 0xE2, 0x0F,
-        0x09, 0xA5, 0x4F, 0xC2, 0x34, 0x20, 0xE2, 0x62,
-        0x0E, 0x9D, 0x87, 0xA3, 0x10, 0x8A, 0x94, 0xFE,
-        0xEA, 0x72, 0xD5, 0xAB, 0x7F, 0xCF, 0xB9, 0x72,
-        0xE6, 0x56, 0x1B, 0x1A, 0x7B, 0x06, 0x2F, 0x1A,
-        0x68, 0x2E, 0x02, 0x0A, 0xA2, 0x56, 0x28, 0x12,
-        0xB2, 0x96, 0x54, 0x7B, 0x91, 0x78, 0x24, 0xCD,
-        0xB8, 0x8C, 0x58, 0x2B, 0x5A, 0x68, 0x90, 0x17,
-        0x7B, 0xC7, 0x0C, 0x91, 0xAC, 0xAC, 0x9A, 0xBE,
-        0x29, 0x0A, 0xEB, 0x2C, 0x34, 0xA7, 0xE2, 0x36,
-        0x89, 0x55, 0xCB, 0x45, 0x6A, 0x34, 0x53, 0x68,
-        0xAB, 0xE3, 0xB9, 0x1B, 0x47, 0xFC, 0x30, 0xB0,
-        0x23, 0x3A, 0x09, 0xBA, 0x79, 0xFB, 0x11, 0x23,
-        0x8A, 0xC5, 0x08, 0xCC, 0xE6, 0x10, 0x95, 0xF8,
-        0x54, 0xC2, 0x32, 0x04, 0xA8, 0xD3, 0x6B, 0xFC,
-        0x2C, 0x6E, 0x05, 0xA7, 0x2A, 0xF5, 0x24, 0x4B,
-        0x17, 0xC1, 0x21, 0x01, 0xE0, 0x14, 0x51, 0x57,
-        0x0E, 0xB1, 0x10, 0x56, 0x7E, 0x85, 0x0E, 0x79,
-        0xC0, 0x00, 0x14, 0x24, 0x41, 0xFE, 0x41, 0x60,
-        0x02, 0x75, 0x45, 0xF6, 0x29, 0x0E, 0x85, 0x45,
-        0x1B, 0x80, 0x23, 0x4A, 0x94, 0x06, 0xC3, 0x90,
-        0xB0, 0xCE, 0xA3, 0xC8, 0x33, 0x5D, 0x4C, 0x6F,
-        0x85, 0x50, 0xB5, 0x44, 0xC9, 0x34, 0x3E, 0x61,
-        0xBA, 0x1C, 0x84, 0x89, 0xD1, 0xB0, 0x39, 0x97,
-        0x39, 0x16, 0x8A, 0xF7, 0x40, 0xA4, 0x81, 0xB0,
-        0xF5, 0xC3, 0x37, 0x25, 0x30, 0xCA, 0x06, 0xB5,
-        0x08, 0xEC, 0xE8, 0x38, 0xAB, 0x78, 0xBE, 0xE1,
-        0xE5, 0x97, 0xA9, 0xB1, 0x4F, 0x6A, 0xEC, 0x7A,
-        0x3B, 0xD1, 0xAA, 0x8D, 0x10, 0xBA, 0xC2, 0x3B,
-        0x98, 0x02, 0x90, 0x2C, 0xD5, 0x29, 0xAB, 0x6E,
-        0xF5, 0x4D, 0xB3, 0x11, 0x0C, 0xFB, 0x56, 0x1E,
-        0x7E, 0x69, 0x48, 0xE6, 0x52, 0x81, 0x25, 0x04,
-        0x16, 0xC3, 0x49, 0xC8, 0x10, 0x0B, 0x3B, 0x4D,
-        0x3D, 0x0F, 0x62, 0xAC, 0xAD, 0x8D, 0x16, 0x11,
-        0x75, 0xB1, 0x34, 0xF7, 0x56, 0x49, 0x37, 0xCD
+        0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25,
+        0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62,
+        0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46,
+        0x12, 0x64, 0x02, 0xB1, 0xFA, 0x16, 0x37, 0x73,
+        0x3C, 0xD5, 0xF6, 0x0C, 0xC8, 0x4B, 0xCB, 0x64,
+        0x6A, 0x78, 0x92, 0x61, 0x4D, 0x7C, 0x51, 0xB1,
+        0xC7, 0xF1, 0xA2, 0x79, 0x91, 0x32, 0xF1, 0x34,
+        0x27, 0xDC, 0x48, 0x21, 0x58, 0xDA, 0x25, 0x44,
+        0x70, 0xA5, 0x9E, 0x00, 0xA4, 0xE4, 0x96, 0x86,
+        0xFD, 0xC0, 0x77, 0x55, 0x93, 0x67, 0x27, 0x0C,
+        0x21, 0x53, 0xF1, 0x10, 0x07, 0x59, 0x2C, 0x9C,
+        0x43, 0x10, 0xCF, 0x8A, 0x12, 0xC6, 0xA8, 0x71,
+        0x3B, 0xD6, 0xBB, 0x51, 0xF3, 0x12, 0x4F, 0x98,
+        0x9B, 0xA0, 0xD5, 0x40, 0x73, 0xCC, 0x24, 0x2E,
+        0x09, 0x68, 0x78, 0x0B, 0x87, 0x5A, 0x86, 0x9E,
+        0xFB, 0x85, 0x15, 0x86, 0xB9, 0xA8, 0x68, 0xA3,
+        0x84, 0xB9, 0xE6, 0x82, 0x1B, 0x20, 0x1B, 0x93,
+        0x2C, 0x45, 0x53, 0x69, 0xA7, 0x39, 0xEC, 0x22,
+        0x56, 0x9C, 0x97, 0x7C, 0x21, 0x2B, 0x38, 0x18,
+        0x71, 0x81, 0x36, 0x56, 0xAF, 0x5B, 0x56, 0x7E,
+        0xF8, 0x93, 0xB5, 0x84, 0x62, 0x4C, 0x86, 0x3A,
+        0x25, 0x90, 0x00, 0xF1, 0x7B, 0x25, 0x4B, 0x98,
+        0xB1, 0x85, 0x09, 0x7C, 0x50, 0xEB, 0xB6, 0x8B,
+        0x24, 0x43, 0x42, 0xE0, 0x5D, 0x4D, 0xE5, 0x20,
+        0x12, 0x5B, 0x8E, 0x10, 0x33, 0xB1, 0x43, 0x60,
+        0x93, 0xAC, 0xE7, 0xCE, 0x8E, 0x71, 0xB4, 0x58,
+        0xD5, 0x25, 0x67, 0x33, 0x63, 0x04, 0x5A, 0x3B,
+        0x3E, 0xEA, 0x94, 0x55, 0x42, 0x8A, 0x39, 0x87,
+        0x05, 0xA4, 0x23, 0x27, 0xAD, 0xB3, 0x77, 0x4B,
+        0x70, 0x57, 0xF4, 0x2B, 0x01, 0x7E, 0xC0, 0x73,
+        0x9A, 0x98, 0x3F, 0x19, 0xE8, 0x21, 0x4D, 0x09,
+        0x19, 0x5F, 0xA2, 0x4D, 0x2D, 0x57, 0x1D, 0xB7,
+        0x3C, 0x19, 0xA6, 0xF8, 0x46, 0x0E, 0x50, 0x83,
+        0x0D, 0x41, 0x5F, 0x62, 0x7B, 0x88, 0xE9, 0x4A,
+        0x7B, 0x15, 0x37, 0x91, 0xA0, 0xC0, 0xC7, 0xE9,
+        0x48, 0x4C, 0x74, 0xD5, 0x3C, 0x71, 0x48, 0x89,
+        0xF0, 0xE3, 0x21, 0xB6, 0x66, 0x0A, 0x53, 0x2A,
+        0x5B, 0xC0, 0xE5, 0x57, 0xFB, 0xCA, 0x35, 0xE2,
+        0x9B, 0xC6, 0x11, 0x20, 0x0E, 0xD3, 0xC6, 0x33,
+        0x07, 0x7A, 0x4D, 0x87, 0x3C, 0x5C, 0xC6, 0x70,
+        0x06, 0xB7, 0x53, 0xBF, 0x6D, 0x6B, 0x7A, 0xF6,
+        0xCA, 0x40, 0x2A, 0xB6, 0x18, 0x23, 0x6C, 0x0A,
+        0xFF, 0xBC, 0x80, 0x1F, 0x82, 0x22, 0xFB, 0xC3,
+        0x6C, 0xE0, 0x98, 0x4E, 0x2B, 0x18, 0xC9, 0x44,
+        0xBB, 0xCB, 0xEF, 0x03, 0xB1, 0xE1, 0x36, 0x1C,
+        0x1F, 0x44, 0xB0, 0xD7, 0x34, 0xAF, 0xB1, 0x56,
+        0x6C, 0xFF, 0x87, 0x44, 0xDA, 0x8B, 0x99, 0x43,
+        0xD6, 0xB4, 0x5A, 0x3C, 0x09, 0x03, 0x07, 0x02,
+        0xCA, 0x20, 0x1F, 0xFE, 0x20, 0xCB, 0x7E, 0xC5,
+        0xB0, 0xD4, 0x14, 0x9E, 0xE2, 0xC2, 0x8E, 0x8B,
+        0x23, 0x37, 0x4F, 0x47, 0x1B, 0x57, 0x15, 0x0D,
+        0x0E, 0xC9, 0x33, 0x62, 0x61, 0xA2, 0xD5, 0xCB,
+        0x84, 0xA3, 0xAC, 0xAC, 0xC4, 0x28, 0x94, 0x73,
+        0xA4, 0xC0, 0xAB, 0xC6, 0x17, 0xC9, 0xAB, 0xC1,
+        0x78, 0x73, 0x44, 0x34, 0xC8, 0x2E, 0x16, 0x85,
+        0x58, 0x8A, 0x5C, 0x2E, 0xA2, 0x67, 0x8F, 0x6B,
+        0x3C, 0x22, 0x28, 0x73, 0x31, 0x30, 0xC4, 0x66,
+        0xE5, 0xB8, 0x6E, 0xF4, 0x91, 0x15, 0x3E, 0x48,
+        0x66, 0x22, 0x47, 0xB8, 0x75, 0xD2, 0x01, 0x02,
+        0x0B, 0x56, 0x6B, 0x81, 0xB6, 0x4D, 0x83, 0x9A,
+        0xB4, 0x63, 0x3B, 0xAA, 0x8A, 0xCE, 0x20, 0x2B,
+        0xAA, 0xB4, 0x49, 0x62, 0x97, 0xF9, 0x80, 0x7A,
+        0xDB, 0xBB, 0x1E, 0x33, 0x2C, 0x6F, 0x80, 0x22,
+        0xB2, 0xA1, 0x8C, 0xFD, 0xD4, 0xA8, 0x25, 0x30,
+        0xB6, 0xD3, 0xF0, 0x07, 0xC3, 0x35, 0x38, 0x98,
+        0xD9, 0x66, 0xCC, 0x2C, 0x21, 0xCB, 0x42, 0x44,
+        0xBD, 0x00, 0x44, 0x3F, 0x20, 0x98, 0x70, 0xAC,
+        0xC4, 0x2B, 0xC3, 0x30, 0x68, 0xC7, 0x24, 0xEC,
+        0x17, 0x22, 0x36, 0x19, 0xC1, 0x09, 0x3C, 0xCA,
+        0x6A, 0xEB, 0x29, 0x50, 0x06, 0x64, 0xD1, 0x22,
+        0x50, 0x36, 0xB4, 0xB8, 0x10, 0x91, 0x90, 0x69,
+        0x69, 0x48, 0x1F, 0x1C, 0x72, 0x3C, 0x14, 0x0B,
+        0x9D, 0x6C, 0x16, 0x8F, 0x5B, 0x64, 0xBE, 0xA6,
+        0x9C, 0x5F, 0xD6, 0x38, 0x5D, 0xF7, 0x36, 0x4B,
+        0x87, 0x23, 0xBC, 0xC8, 0x5E, 0x03, 0x8C, 0x7E,
+        0x46, 0x4A, 0x90, 0x0D, 0x68, 0xA2, 0x12, 0x78,
+        0x18, 0x99, 0x42, 0x17, 0xAE, 0xC8, 0xBD, 0xB3,
+        0x9A, 0x97, 0x0A, 0x99, 0x63, 0xDE, 0x93, 0x68,
+        0x8E, 0x2A, 0xC8, 0x2A, 0xBC, 0xC2, 0x2F, 0xB9,
+        0x27, 0x7B, 0xA2, 0x20, 0x09, 0xE8, 0x78, 0x38,
+        0x1A, 0x38, 0x16, 0x39, 0x01, 0xC7, 0xD4, 0xC8,
+        0x50, 0x19, 0x53, 0x8D, 0x35, 0xCA, 0xAE, 0x9C,
+        0x41, 0xAF, 0x8C, 0x92, 0x9E, 0xE2, 0x0B, 0xB0,
+        0x8C, 0xA6, 0x19, 0xE7, 0x2C, 0x2F, 0x22, 0x62,
+        0xC1, 0xC9, 0x93, 0x85, 0x72, 0x55, 0x1A, 0xC0,
+        0x2D, 0xC9, 0x26, 0x8F, 0xBC, 0xC3, 0x5D, 0x79,
+        0x01, 0x1C, 0x3C, 0x09, 0x0A, 0xD4, 0x0A, 0x4F,
+        0x11, 0x1C, 0x9B, 0xE5, 0x5C, 0x42, 0x7E, 0xB7,
+        0x96, 0xC1, 0x93, 0x2D, 0x86, 0x73, 0x57, 0x9A,
+        0xF1, 0xB4, 0xC6, 0x38, 0xB0, 0x94, 0x44, 0x89,
+        0x01, 0x2A, 0x25, 0x59, 0xA3, 0xB0, 0x24, 0x81,
+        0xB0, 0x1A, 0xC3, 0x0B, 0xA8, 0x96, 0x0F, 0x80,
+        0xC0, 0xC2, 0xB3, 0x94, 0x7D, 0x36, 0xA1, 0x2C,
+        0x08, 0x04, 0x98, 0xBE, 0xE4, 0x48, 0x71, 0x6C,
+        0x97, 0x34, 0x16, 0xC8, 0x24, 0x28, 0x04, 0xA3,
+        0xDA, 0x09, 0x9E, 0xE1, 0x37, 0xB0, 0xBA, 0x90,
+        0xFE, 0x4A, 0x5C, 0x6A, 0x89, 0x20, 0x02, 0x76,
+        0xA0, 0xCF, 0xB6, 0x43, 0xEC, 0x2C, 0x56, 0xA2,
+        0xD7, 0x08, 0xD7, 0xB4, 0x37, 0x3E, 0x44, 0xC1,
+        0x50, 0x2A, 0x76, 0x3A, 0x60, 0x05, 0x86, 0xE6,
+        0xCD, 0xA6, 0x27, 0x38, 0x97, 0xD4, 0x44, 0x48,
+        0x28, 0x7D, 0xC2, 0xE6, 0x02, 0xDC, 0x39, 0x20,
+        0x0B, 0xF6, 0x16, 0x62, 0x36, 0x55, 0x9F, 0xD1,
+        0x2A, 0x60, 0x89, 0x2A, 0xEB, 0x15, 0x3D, 0xD6,
+        0x51, 0xBB, 0x46, 0x99, 0x10, 0xB4, 0xB3, 0x46,
+        0x69, 0xF9, 0x1D, 0xA8, 0x65, 0x4D, 0x1E, 0xB7,
+        0x2E, 0xB6, 0xE0, 0x28, 0x00, 0xB3, 0xB0, 0xA7,
+        0xD0, 0xA4, 0x8C, 0x83, 0x68, 0x54, 0xD3, 0xA8,
+        0x3E, 0x65, 0x56, 0x9C, 0xB7, 0x23, 0x0B, 0xB4,
+        0x4F, 0x3F, 0x14, 0x3A, 0x6D, 0xEC, 0x5F, 0x2C,
+        0x39, 0xAB, 0x90, 0xF2, 0x74, 0xF2, 0x08, 0x8B,
+        0xD3, 0xD6, 0xA6, 0xFC, 0xA0, 0x07, 0x02, 0x73,
+        0xBE, 0xDC, 0x84, 0x77, 0x7F, 0xB5, 0x2E, 0x3C,
+        0x55, 0x8B, 0x0A, 0xE0, 0x61, 0x83, 0xD5, 0xA4,
+        0x8D, 0x45, 0x2F, 0x68, 0xE1, 0x52, 0x07, 0xF8,
+        0x61, 0x62, 0x7A, 0xCA, 0x14, 0x27, 0x96, 0x30,
+        0xF8, 0x2E, 0xC3, 0xA0, 0xCA, 0x07, 0x86, 0x33,
+        0xB6, 0x00, 0xAF, 0xA7, 0x97, 0x43, 0xA6, 0x00,
+        0x21, 0x5B, 0xE5, 0x63, 0x74, 0x58, 0xCE, 0x2C,
+        0xE8, 0xAF, 0xF5, 0xA0, 0x8E, 0xB5, 0x01, 0x7B,
+        0x2C, 0x76, 0x65, 0x77, 0x47, 0x9F, 0x8D, 0xC6,
+        0xBF, 0x9F, 0x5C, 0xC7, 0x50, 0x89, 0x93, 0x21,
+        0x61, 0xB9, 0x6C, 0xEA, 0x40, 0x66, 0x20, 0xAE,
+        0xDB, 0x63, 0x04, 0x07, 0xF7, 0x68, 0x7E, 0xBB,
+        0xB4, 0x81, 0x4C, 0x79, 0x81, 0x63, 0x7A, 0x48,
+        0xA9, 0x0D, 0xE6, 0x80, 0x31, 0xE0, 0x62, 0xA7,
+        0xAF, 0x76, 0x12, 0xB4, 0xF5, 0xC7, 0xA6, 0xDA,
+        0x86, 0xBD, 0x13, 0x65, 0x29, 0xE6, 0x42, 0x95,
+        0xA5, 0x61, 0x3E, 0xA7, 0x3B, 0xD3, 0xD4, 0x44,
+        0x8C, 0xB8, 0x1F, 0x24, 0x31, 0x35, 0xC0, 0xA6,
+        0x60, 0xBE, 0xB9, 0xC1, 0x7E, 0x65, 0x1D, 0xEF,
+        0x46, 0x9A, 0x7D, 0x90, 0xA1, 0x5D, 0x34, 0x81,
+        0x09, 0x0B, 0xCB, 0xF2, 0x27, 0x01, 0x23, 0x28,
+        0x94, 0x1F, 0xA4, 0x6F, 0x39, 0xC5, 0x00, 0x6A,
+        0xD9, 0x3D, 0x45, 0x8A, 0xA6, 0xAD, 0xD6, 0x55,
+        0x86, 0x2B, 0x41, 0x8C, 0x30, 0x94, 0xF5, 0x51,
+        0x46, 0x0D, 0xF2, 0x15, 0x3A, 0x58, 0x10, 0xA7,
+        0xDA, 0x74, 0xF0, 0x61, 0x4C, 0x25, 0x88, 0xBE,
+        0x49, 0xDC, 0x6F, 0x5E, 0x88, 0x15, 0x46, 0x42,
+        0xBD, 0x1D, 0x37, 0x62, 0x56, 0x33, 0x26, 0x43,
+        0x35, 0x07, 0x15, 0x6A, 0x57, 0xC5, 0x76, 0x94,
+        0xBD, 0xD2, 0x6E, 0x7A, 0x24, 0x6F, 0xEB, 0x72,
+        0x3A, 0xED, 0x67, 0xB0, 0x48, 0x87, 0xC8, 0xE4,
+        0x76, 0xB4, 0x8C, 0xAB, 0x59, 0xE5, 0x36, 0x2F,
+        0x26, 0xA9, 0xEF, 0x50, 0xC2, 0xBC, 0x80, 0xBA,
+        0x14, 0x62, 0x26, 0x21, 0x6F, 0xE6, 0x29, 0x68,
+        0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41,
+        0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68
     };
     static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = {
-        0x19, 0xD7, 0x4A, 0xD5, 0x47, 0x2A, 0x8B, 0x2B,
-        0xAA, 0xD2, 0xA5, 0x67, 0x02, 0xC9, 0xB3, 0xB5,
-        0x51, 0x0E, 0xF3, 0x92, 0x48, 0x58, 0x06, 0x1D,
-        0x57, 0xF9, 0x0D, 0xD9, 0xA1, 0xA0, 0x1F, 0xEC,
-        0x2F, 0x57, 0xC5, 0x1A, 0x88, 0x88, 0x05, 0x34,
-        0x1B, 0x61, 0x7C, 0x51, 0x55, 0x39, 0x59, 0x77,
-        0x50, 0x83, 0x5C, 0x3E, 0xD7, 0xA0, 0x33, 0xB0,
-        0x39, 0xD7, 0x24, 0x91, 0x33, 0x2C, 0x5D, 0xF4,
-        0xA6, 0x9B, 0x6D, 0xF2, 0x61, 0x71, 0x87, 0x7A,
-        0xD1, 0xE5, 0x0A, 0xC5, 0x01, 0x00, 0xBE, 0x47,
-        0x28, 0x78, 0x66, 0x85, 0xDA, 0x7A, 0x73, 0x9E,
-        0x84, 0x3F, 0xF0, 0xD4, 0x59, 0x22, 0xD7, 0x28,
-        0x1E, 0x21, 0x0D, 0x5E, 0x82, 0xB9, 0x44, 0x65,
-        0x2F, 0x48, 0x62, 0xCF, 0xB3, 0xD9, 0x02, 0xDE,
-        0x60, 0xAF, 0xD0, 0xA1, 0x64, 0x47, 0x1B, 0x26,
-        0x14, 0x4A, 0x1D, 0x7A, 0x38, 0x09, 0x65, 0x03,
-        0x09, 0x59, 0x11, 0x76, 0x2E, 0xBA, 0x79, 0x62,
-        0xC4, 0x51, 0x1D, 0x05, 0xA1, 0x28, 0xF2, 0x78,
-        0x1E, 0xCB, 0x3D, 0x1F, 0x5B, 0xB1, 0x24, 0x42,
-        0x37, 0x61, 0x1A, 0xBA, 0xB9, 0x24, 0x99, 0x1F,
-        0x8A, 0x27, 0x32, 0xE2, 0x70, 0x32, 0x35, 0x79,
-        0x20, 0xF1, 0x97, 0xC7, 0x69, 0x2D, 0x60, 0xA9,
-        0x44, 0x44, 0x72, 0x25, 0x8C, 0xB4, 0x57, 0xC1,
-        0xB7, 0x1B, 0x77, 0x99, 0x54, 0x69, 0xF3, 0xA9,
-        0x62, 0xF3, 0xAB, 0xA6, 0x69, 0x96, 0x14, 0xFC,
-        0xCC, 0xEA, 0x74, 0x1E, 0x21, 0xC6, 0x00, 0xC4,
-        0x35, 0x7B, 0xBF, 0xAB, 0x45, 0x29, 0x27, 0xC3,
-        0xD4, 0x41, 0xBF, 0x8E, 0xD7, 0x31, 0x52, 0xF7,
-        0x5C, 0x08, 0xF5, 0x40, 0xE1, 0x86, 0xAC, 0xCA,
-        0x33, 0x26, 0xF4, 0x22, 0xC8, 0x4B, 0x98, 0x8D,
-        0x77, 0xE6, 0x1A, 0xE6, 0x18, 0x59, 0xCF, 0x85,
-        0x41, 0xF8, 0x92, 0x09, 0xE4, 0x98, 0x30, 0x40,
-        0xC5, 0x61, 0x76, 0x54, 0x80, 0x88, 0x52, 0xB6,
-        0x49, 0xB8, 0x99, 0xA3, 0x99, 0xAE, 0xC2, 0xC8,
-        0xBB, 0xA8, 0xA5, 0x42, 0xF3, 0x45, 0xAB, 0xF2,
-        0x81, 0x3F, 0x65, 0xE9, 0xA7, 0x91, 0xD3, 0x2C,
-        0xC2, 0xD7, 0x60, 0x26, 0xFB, 0x8D, 0x0C, 0x94,
-        0xB6, 0x57, 0x48, 0x9A, 0xBB, 0x48, 0x7D, 0xA4,
-        0xA2, 0xC0, 0xE3, 0x86, 0x8D, 0x3C, 0xF4, 0x7F,
-        0x1C, 0xBB, 0x2F, 0xA7, 0x9C, 0x53, 0xCF, 0xF6,
-        0x26, 0x47, 0x77, 0xC0, 0x9B, 0x17, 0x7C, 0x91,
-        0x31, 0x54, 0x84, 0xD2, 0xB3, 0x0B, 0x0C, 0xA2,
-        0x1F, 0x55, 0xAD, 0xD2, 0x3C, 0x57, 0xE1, 0x91,
-        0x1C, 0x3F, 0x08, 0x6B, 0xCA, 0xD2, 0x17, 0x98,
-        0x48, 0x6E, 0xB4, 0x7B, 0x7C, 0x58, 0x57, 0x73,
-        0x81, 0xC0, 0x9F, 0x52, 0x52, 0x58, 0x2D, 0x1B,
-        0x27, 0xA7, 0xD5, 0xB8, 0xE0, 0x60, 0xCE, 0x78,
-        0x20, 0x9C, 0xC8, 0x2B, 0xAE, 0x4D, 0xA6, 0x06,
-        0x80, 0x0C, 0x8D, 0xB1, 0x26, 0x8F, 0x7A, 0xD2,
-        0xB7, 0x93, 0xA4, 0x4F, 0x34, 0x61, 0x2C, 0xCE,
-        0xA3, 0x1C, 0xE7, 0xD7, 0x96, 0xA6, 0x5A, 0x26,
-        0x91, 0xD6, 0x15, 0x00, 0x62, 0x5F, 0x83, 0xE7,
-        0xBE, 0x57, 0x07, 0x7E, 0xE9, 0xC1, 0xB8, 0xC1,
-        0xCA, 0xA1, 0x37, 0xCC, 0x4B, 0x65, 0x73, 0x30,
-        0x8C, 0x19, 0x66, 0x8B, 0x24, 0xB0, 0x1E, 0x96,
-        0x69, 0x03, 0xAB, 0xBC, 0xB7, 0x9B, 0x67, 0xBE,
-        0x0A, 0x3E, 0x3E, 0x05, 0x8A, 0xAD, 0xA1, 0x89,
-        0xB9, 0xEA, 0x80, 0x35, 0x9A, 0xC2, 0x6F, 0x4C,
-        0x5C, 0x53, 0x73, 0x5F, 0xE4, 0xFC, 0x35, 0x24,
-        0x73, 0x37, 0x76, 0x0C, 0xCA, 0x35, 0x29, 0xB8,
-        0xD2, 0x66, 0xBB, 0x6C, 0x48, 0x01, 0x06, 0x54,
-        0xCD, 0xBC, 0x5A, 0x3E, 0x97, 0x57, 0x52, 0x46,
-        0x75, 0xAB, 0xC4, 0x13, 0x13, 0x0C, 0xC2, 0x70,
-        0x1F, 0x28, 0x93, 0x3E, 0xAB, 0xB8, 0x39, 0x2B,
-        0x0D, 0x6D, 0x05, 0x9C, 0xFC, 0x3A, 0x30, 0x32,
-        0x6C, 0x4F, 0xCC, 0x81, 0x0B, 0x37, 0xA4, 0x74,
-        0x8C, 0x1C, 0x53, 0x92, 0x8A, 0x49, 0x13, 0xE4,
-        0x8B, 0x18, 0x66, 0x97, 0x16, 0x2C, 0x33, 0xFF,
-        0xFB, 0x06, 0xDD, 0x51, 0x61, 0xC8, 0x63, 0x9D,
-        0xB1, 0x95, 0xC6, 0xCA, 0x64, 0x82, 0x9B, 0x2B,
-        0x3A, 0x2E, 0x4C, 0x96, 0x83, 0xB6, 0x6D, 0xF7,
-        0xFB, 0x19, 0x09, 0x90, 0x4E, 0x00, 0x02, 0x0D,
-        0xBA, 0x13, 0x4E, 0x02, 0xA1, 0x68, 0xD7, 0x6A,
-        0xC0, 0x76, 0xBB, 0x77, 0xD4, 0xDC, 0x84, 0x96,
-        0xB4, 0xBB, 0xE7, 0xB4, 0x69, 0x0B, 0xA2, 0x9B,
-        0x62, 0xA9, 0x1A, 0xBE, 0x72, 0xBE, 0xF3, 0x23,
-        0xA4, 0x4C, 0x89, 0x03, 0xE4, 0x82, 0xB6, 0x0D,
-        0x99, 0xBA, 0x61, 0xD1, 0xBB, 0xCF, 0x9C, 0xB9,
-        0x67, 0x35, 0x34, 0xC1, 0xD6, 0x47, 0x66, 0x23,
-        0x74, 0xEE, 0x2C, 0x7C, 0x5F, 0x00, 0x81, 0xBA,
-        0xD1, 0x49, 0xF4, 0x42, 0x06, 0x71, 0x76, 0x84,
-        0xD9, 0x74, 0x6B, 0x20, 0x48, 0x63, 0x3A, 0xF7,
-        0xA6, 0x8C, 0x68, 0x65, 0xFB, 0x59, 0x03, 0x58,
-        0xD8, 0xCF, 0x82, 0x14, 0x58, 0x36, 0x9B, 0x0C,
-        0x31, 0xEB, 0x59, 0x7C, 0xF5, 0xBE, 0x78, 0xEB,
-        0x48, 0x0E, 0xA0, 0x4E, 0x35, 0xFA, 0xCC, 0x38,
-        0x03, 0x72, 0xC8, 0xC0, 0xA0, 0x4D, 0xE2, 0x76,
-        0xB1, 0xA7, 0x21, 0x21, 0xE5, 0x96, 0xCB, 0xB2,
-        0x5E, 0xF7, 0x53, 0x6A, 0xD3, 0x80, 0x41, 0x84,
-        0xA8, 0x7B, 0xDF, 0xB5, 0xA7, 0x69, 0x16, 0x0B,
-        0xFB, 0xB0, 0xCA, 0x3C, 0x36, 0x07, 0x90, 0xE5,
-        0x56, 0x2B, 0xB7, 0x8E, 0xFE, 0x00, 0x69, 0xC7,
-        0x74, 0x83, 0xAD, 0x35, 0xCA, 0xC2, 0x37, 0xC6,
-        0x1D, 0xE7, 0x8A, 0x7D, 0xB4, 0x6F, 0xC9, 0x17,
-        0x12, 0x4C, 0xA1, 0x75, 0x10, 0xDB, 0x7D, 0xA2,
-        0x18, 0x89, 0x0F, 0x44, 0x8E, 0xF6, 0x31, 0x86,
-        0x13, 0xA1, 0xC9, 0x7C, 0x92, 0x8E, 0x2B, 0x7B,
-        0x6A, 0x54, 0x61, 0x7B, 0xCC, 0xB6, 0xCD, 0xF2,
-        0x78, 0xAE, 0x54, 0x2B, 0x56, 0xAD, 0x7B, 0xB5,
-        0xEC, 0xD8, 0xC4, 0x6A, 0x66, 0xC4, 0xFA, 0x09,
-        0x50, 0xCE, 0x41, 0x35, 0x2C, 0xB8, 0x57, 0x11,
-        0x89, 0x04, 0x58, 0xF2, 0x99, 0xBF, 0x40, 0xBA,
-        0x6F, 0xF2, 0xC0, 0x71, 0x38, 0x62, 0x26, 0x8B,
-        0x5F, 0x08, 0xE4, 0x98, 0x45, 0xB0, 0x94, 0x43,
-        0x99, 0x7A, 0xB2, 0x9A, 0x62, 0x07, 0x3C, 0x0D,
-        0x98, 0x18, 0xC0, 0x20, 0x16, 0x7D, 0x47, 0x49,
-        0x23, 0x1C, 0x05, 0x9E, 0x6F, 0x48, 0x3F, 0x97,
-        0x68, 0x17, 0xC9, 0x0C, 0x20, 0xA9, 0xC9, 0x37,
-        0x07, 0x9C, 0x2D, 0x4B, 0xE3, 0x0D, 0xA9, 0x74,
-        0xA9, 0x7E, 0x4B, 0xC5, 0x3E, 0xD9, 0x6A, 0x55,
-        0x16, 0x9F, 0x4A, 0x23, 0xA3, 0xEA, 0x24, 0xBD,
-        0x8E, 0x01, 0xB8, 0xFA, 0xEB, 0x95, 0xD4, 0xE5,
-        0x3F, 0xFF, 0xEC, 0xB6, 0x08, 0x02, 0xC3, 0x88,
-        0xA4, 0x0F, 0x46, 0x60, 0x54, 0x0B, 0x1B, 0x1F,
-        0x81, 0x76, 0xC9, 0x81, 0x1B, 0xB2, 0x6A, 0x68,
-        0x3C, 0xA7, 0x89, 0x56, 0x4A, 0x29, 0x40, 0xFC,
-        0xEB, 0x2C, 0xE6, 0xA9, 0x2A, 0x1E, 0xE4, 0x5E,
-        0xE4, 0xC3, 0x18, 0x57, 0xC9, 0xB9, 0xB8, 0xB5,
-        0x6A, 0x79, 0xD9, 0x5A, 0x46, 0xCB, 0x39, 0x3A,
-        0x31, 0xA2, 0x73, 0x7B, 0xAF, 0xEA, 0x6C, 0x81,
-        0x06, 0x6A, 0x67, 0x2B, 0x34, 0xC1, 0x0A, 0xA9,
-        0x89, 0x57, 0xC9, 0x17, 0x66, 0xB7, 0x30, 0x03,
-        0x6A, 0x56, 0xD9, 0x40, 0xAA, 0x4E, 0xBC, 0xB7,
-        0x58, 0xB0, 0x83, 0x51, 0xE2, 0xC4, 0xFD, 0x19,
-        0x45, 0x3B, 0xF3, 0xA6, 0x29, 0x2A, 0x99, 0x3D,
-        0x67, 0xC7, 0xEC, 0xC7, 0x2F, 0x42, 0xF7, 0x82,
-        0xE9, 0xEB, 0xAA, 0x1A, 0x8B, 0x3B, 0x0F, 0x56,
-        0x7A, 0xB3, 0x94, 0x21, 0xF6, 0xA6, 0x7A, 0x6B,
-        0x84, 0x10, 0xFD, 0x94, 0xA7, 0x21, 0xD3, 0x65,
-        0xF1, 0x63, 0x9E, 0x9D, 0xDA, 0xBF, 0xD0, 0xA6,
-        0xCE, 0x1A, 0x46, 0x05, 0xBD, 0x2B, 0x1C, 0x9B,
-        0x97, 0x7B, 0xD1, 0xEA, 0x32, 0x86, 0x73, 0x68,
-        0xD6, 0xE6, 0x39, 0xD0, 0x19, 0xAC, 0x10, 0x18,
-        0x53, 0xBC, 0x15, 0x3C, 0x86, 0xF8, 0x52, 0x80,
-        0xFC, 0x76, 0x3B, 0xA2, 0x4F, 0xB5, 0x7A, 0x29,
-        0x6C, 0xB1, 0x2D, 0x32, 0xE0, 0x8A, 0xB3, 0x2C,
-        0x55, 0x1D, 0x5A, 0x45, 0xA4, 0xA2, 0x8F, 0x9A,
-        0xDC, 0x28, 0xF7, 0xA2, 0x90, 0x0E, 0x25, 0xA4,
-        0x0B, 0x51, 0x90, 0xB2, 0x2A, 0xB1, 0x9D, 0xFB,
-        0x24, 0x6F, 0x42, 0xB2, 0x4F, 0x97, 0xCC, 0xA9,
-        0xB0, 0x9B, 0xEA, 0xD2, 0x46, 0xE1, 0x73, 0x4F,
-        0x44, 0x66, 0x77, 0xB3, 0x8B, 0x75, 0x22, 0xB7,
-        0x80, 0x72, 0x7C, 0x11, 0x74, 0x40, 0xC9, 0xF1,
-        0xA0, 0x24, 0x52, 0x0C, 0x14, 0x1A, 0x69, 0xCD,
-        0xD2, 0xE6, 0x9A, 0x05, 0x53, 0x4A, 0x72, 0x32,
-        0xC5, 0xF1, 0xB7, 0x66, 0xE9, 0x3A, 0x5E, 0xE2,
-        0xEA, 0x1B, 0x26, 0xE8, 0x60, 0xA3, 0x44, 0x1A,
-        0xDE, 0xA9, 0x1E, 0xDB, 0x78, 0x2C, 0xAB, 0xC8,
-        0xA5, 0xD0, 0x11, 0xA2, 0x1B, 0xC3, 0x88, 0xE7,
-        0xF4, 0x86, 0xF0, 0xB7, 0x99, 0x30, 0x79, 0xAE,
-        0x3F, 0x1A, 0x7C, 0x85, 0xD2, 0x7D, 0x0F, 0x49,
-        0x21, 0x84, 0xD5, 0x90, 0x62, 0x14, 0x2B, 0x76,
-        0xA4, 0x37, 0x34, 0xA9, 0x0D, 0x55, 0x6A, 0x95,
-        0xDC, 0x48, 0x3D, 0xD8, 0x21, 0x04, 0xED, 0x58,
-        0xCA, 0x15, 0x71, 0xC3, 0x96, 0x85, 0x82, 0x79,
-        0x51, 0x43, 0x4C, 0xC1, 0x00, 0x1A, 0xA4, 0xC8,
-        0x13, 0x26, 0x1E, 0x4F, 0x93, 0x02, 0x8E, 0x14,
-        0xCD, 0x08, 0xF7, 0x68, 0xA4, 0x54, 0x31, 0x0C,
-        0x3B, 0x01, 0x0C, 0x83, 0xB7, 0x4D, 0x04, 0xA5,
-        0x7B, 0xB9, 0x77, 0xB3, 0xD8, 0xBC, 0xF3, 0xAA,
-        0xA7, 0x8C, 0xA1, 0x2B, 0x78, 0xF0, 0x10, 0xD9,
-        0x51, 0x34, 0x92, 0x8A, 0x5E, 0x5D, 0x96, 0xA0,
-        0x29, 0xB4, 0x42, 0xA4, 0x18, 0x88, 0x03, 0x8B,
-        0x29, 0xC2, 0xF1, 0x22, 0xB0, 0xB6, 0xB3, 0xAF,
-        0x12, 0x1A, 0xEA, 0x29, 0xA0, 0x55, 0x53, 0xBD,
-        0xF1, 0xDB, 0x60, 0x7A, 0xFB, 0x17, 0x00, 0x18,
-        0x60, 0xAF, 0x18, 0x23, 0xBC, 0xF0, 0x3D, 0xB3,
-        0xB4, 0x41, 0xDA, 0x16, 0x3A, 0x28, 0xC5, 0x23,
-        0xA5, 0xFB, 0x46, 0x69, 0xA6, 0x42, 0x34, 0xA4,
-        0xBC, 0xD1, 0x21, 0x7F, 0xF2, 0x63, 0x5B, 0xD9,
-        0x76, 0x80, 0xFF, 0x93, 0x8D, 0xBC, 0xF1, 0x0E,
-        0x95, 0x32, 0xA9, 0xA7, 0x9A, 0x5B, 0x07, 0x3A,
-        0x9E, 0x8D, 0xB2, 0x12, 0x3D, 0x21, 0x0F, 0xAE,
-        0xA2, 0x00, 0xB6, 0x64, 0x83, 0x8E, 0x80, 0x07,
-        0x1F, 0x2B, 0xA2, 0x54, 0xAA, 0xC8, 0x90, 0xA4,
-        0x6E, 0x28, 0xEC, 0x34, 0x2D, 0x92, 0x81, 0x2B,
-        0x01, 0x59, 0x30, 0x71, 0x65, 0x7E, 0x7A, 0x3A,
-        0x4A, 0x75, 0xCB, 0x3D, 0x52, 0x79, 0xCE, 0x88,
-        0x40, 0x5A, 0xC5, 0xAD, 0xAC, 0xB2, 0x05, 0x1E,
-        0x02, 0x2E, 0xE0, 0xAC, 0x9B, 0xBF, 0xE3, 0x2D,
-        0xEF, 0x98, 0x66, 0x7E, 0xD3, 0x47, 0xAD, 0xCB,
-        0x39, 0x30, 0xF3, 0xCA, 0xD0, 0x31, 0x39, 0x1B,
-        0x70, 0x9A, 0x4E, 0x61, 0xB8, 0xDD, 0x4B, 0x3F,
-        0xB7, 0x41, 0xB5, 0xBD, 0x60, 0xBF, 0x30, 0x40,
-        0x15, 0xEE, 0x75, 0x46, 0xA2, 0x4B, 0x59, 0xEA,
-        0xDC, 0xA1, 0x37, 0xC7, 0x12, 0x50, 0x74, 0x72,
-        0x6B, 0x76, 0x86, 0xEC, 0x55, 0x1B, 0x7B, 0xC2,
-        0x6B, 0xBD, 0xB2, 0x0F, 0xC3, 0x78, 0x35, 0x34,
-        0xE3, 0x4E, 0xE1, 0xF1, 0xBC, 0x6B, 0x77, 0xAB,
-        0x49, 0xA6, 0x66, 0x78, 0x46, 0x97, 0x57, 0x78,
-        0xC3, 0xC5, 0x36, 0x83, 0x04, 0x50, 0xA3, 0xFA,
-        0x91, 0x02, 0x59, 0x72, 0x2F, 0x3F, 0x80, 0x6E,
-        0x6E, 0xB4, 0xB9, 0x34, 0x67, 0x63, 0xFE, 0xF0,
-        0x92, 0x2B, 0xC4, 0xB6, 0xEB, 0x38, 0x26, 0xAF,
-        0xF2, 0x4E, 0xAD, 0xC6, 0xCF, 0x6E, 0x47, 0x7C,
-        0x2E, 0x05, 0x5C, 0xFB, 0x7A, 0x90, 0xA5, 0x5C,
-        0x06, 0xD0, 0xB2, 0xA2, 0xF5, 0x11, 0x60, 0x69,
-        0xE6, 0x4A, 0x5B, 0x50, 0x78, 0xC0, 0x57, 0x7B,
-        0xC8, 0xE7, 0x90, 0x0E, 0xA7, 0x1C, 0x34, 0x1C,
-        0x02, 0xAD, 0x85, 0x4E, 0xA5, 0xA0, 0x1A, 0xF2,
-        0xA6, 0x05, 0xCB, 0x20, 0x68, 0xD5, 0x24, 0x38,
-        0xCD, 0xDC, 0x60, 0xB0, 0x38, 0x82, 0xCC, 0x02,
-        0x4D, 0x13, 0x04, 0x5F, 0x2B, 0xA6, 0xB0, 0xF4,
-        0x46, 0xAA, 0xA5, 0x95, 0x87, 0x60, 0x61, 0x79,
-        0x45, 0x37, 0x1F, 0xD7, 0x8C, 0x28, 0xA4, 0x06,
-        0x77, 0xA6, 0xE7, 0x2F, 0x51, 0x3B, 0x9E, 0x06,
-        0x67, 0xA9, 0xBA, 0xF4, 0x46, 0xC1, 0xBA, 0x93,
-        0x1B, 0xA8, 0x18, 0x34, 0x23, 0x47, 0x92, 0xA2,
-        0xA2, 0xB2, 0xB3, 0x70, 0x1F, 0x31, 0xB7, 0xCF,
-        0x46, 0x7C, 0x80, 0xF1, 0x98, 0x11, 0x41, 0xBB,
-        0x45, 0x77, 0x93, 0xE1, 0x30, 0x70, 0x91, 0xC4,
-        0x8B, 0x59, 0x14, 0x64, 0x6A, 0x60, 0xCE, 0x1A,
-        0x30, 0x15, 0x43, 0x77, 0x9D, 0x7C, 0x33, 0x42,
-        0xAD, 0x17, 0x97, 0x96, 0xC2, 0xC4, 0x40, 0xD9,
-        0x9D, 0xF9, 0xD4, 0x1B, 0x52, 0xE3, 0x26, 0x25,
-        0xA8, 0x2A, 0xA5, 0xF5, 0x79, 0xA9, 0x92, 0x0B,
-        0xFF, 0xBA, 0x96, 0x4F, 0xA7, 0x0D, 0xB2, 0x59,
-        0xC8, 0x5E, 0x68, 0xC8, 0x13, 0x81, 0x7B, 0x13,
-        0x47, 0xBF, 0x19, 0x81, 0x4D, 0xA5, 0xE9, 0x36,
-        0x4A, 0x46, 0x45, 0xE6, 0x21, 0x92, 0x3D, 0x95,
-        0x5C, 0x21, 0x1A, 0x55, 0xD3, 0x55, 0xC8, 0x16,
-        0xDA, 0x04, 0x73, 0x0A, 0xA3, 0x24, 0x08, 0x5E,
-        0x62, 0x2B, 0x51, 0xD6, 0x10, 0x9B, 0x49, 0xF6,
-        0x73, 0xAD, 0xD0, 0x0E, 0x41, 0x47, 0x55, 0xC8,
-        0x02, 0x4A, 0xA0, 0x16, 0x4F, 0x24, 0x55, 0x6D,
-        0xED, 0x96, 0x3D, 0x61, 0x14, 0x38, 0x56, 0xCB,
-        0x4F, 0xF0, 0x56, 0x7E, 0x33, 0x20, 0x73, 0x0D,
-        0xBC, 0xBF, 0x12, 0xF6, 0x6E, 0x2B, 0x70, 0xB2,
-        0x00, 0x54, 0xA6, 0xDE, 0xA4, 0x26, 0x14, 0xB5,
-        0x0E, 0xF7, 0x2B, 0x15, 0x6F, 0x51, 0x49, 0xFC,
-        0x26, 0x3D, 0xD7, 0xE0, 0x39, 0xC5, 0x5A, 0x3E,
-        0xE9, 0x82, 0x7D, 0xF9, 0x2C, 0x56, 0x5D, 0x24,
-        0xC5, 0x5E, 0x0A, 0x81, 0xC6, 0x49, 0x46, 0x95,
-        0x34, 0x4D, 0x94, 0x87, 0x48, 0xAF, 0xBA, 0x9F,
-        0x76, 0x2C, 0x0E, 0xA9, 0x0B, 0xB7, 0x24, 0x89,
-        0x79, 0x02, 0x00, 0x07, 0x75, 0x61, 0x39, 0x49,
-        0x60, 0x2C, 0x48, 0xC7, 0x8A, 0x94, 0x40, 0x67,
-        0x8C, 0x24, 0x08, 0x6D, 0x32, 0x6D, 0x79, 0x64,
-        0x3B, 0xAF, 0x70, 0x36, 0xC6, 0x6C, 0x7E, 0x02,
-        0x6A, 0xAE, 0xFD, 0xA2, 0x80, 0x7A, 0x60, 0xBD,
-        0x7F, 0xC9, 0x13, 0x63, 0xBB, 0x02, 0x34, 0xA5,
-        0x90, 0x98, 0x4A, 0xA0, 0x11, 0xF1, 0x1D, 0x40,
-        0x26, 0x82, 0x18, 0xA1, 0x58, 0x83, 0x77, 0xB3,
-        0xD7, 0x67, 0x1B, 0x8B, 0x99, 0x78, 0x99, 0x19,
-        0xB8, 0x6E, 0xE8, 0x2B, 0x18, 0xEC, 0x22, 0xD4,
-        0xE8, 0x0A, 0x1F, 0x27, 0x85, 0x3D, 0x88, 0x94,
-        0x19, 0xD4, 0x60, 0xDE, 0xF7, 0x56, 0x7A, 0xA4,
-        0x56, 0x79, 0x69, 0xC4, 0x30, 0x48, 0xC3, 0x2B,
-        0x84, 0x62, 0xA9, 0xC9, 0x38, 0x6E, 0xB3, 0x15,
-        0x2A, 0x69, 0x76, 0xAA, 0x78, 0x3C, 0xDD, 0x1A,
-        0x8C, 0x57, 0xA9, 0xB6, 0xBB, 0xD8, 0x37, 0xA0,
-        0x06, 0x24, 0xB5, 0x8B, 0x4B, 0xA3, 0xDB, 0xB6,
-        0x3B, 0xB8, 0x20, 0x0E, 0x7B, 0xC8, 0x88, 0x81,
-        0xBE, 0xBD, 0xA9, 0x25, 0xBC, 0xA0, 0x28, 0xE2,
-        0x91, 0xAA, 0x1C, 0x22, 0x53, 0x9C, 0xD0, 0x4F,
-        0x90, 0x09, 0x0D, 0x7F, 0x74, 0x10, 0x8C, 0x32,
-        0xB8, 0x02, 0x2C, 0x15, 0x91, 0xC8, 0x81, 0xE7,
-        0x63, 0x04, 0xE2, 0x40, 0x81, 0x90, 0xE2, 0x0F,
-        0x09, 0xA5, 0x4F, 0xC2, 0x34, 0x20, 0xE2, 0x62,
-        0x0E, 0x9D, 0x87, 0xA3, 0x10, 0x8A, 0x94, 0xFE,
-        0xEA, 0x72, 0xD5, 0xAB, 0x7F, 0xCF, 0xB9, 0x72,
-        0xE6, 0x56, 0x1B, 0x1A, 0x7B, 0x06, 0x2F, 0x1A,
-        0x68, 0x2E, 0x02, 0x0A, 0xA2, 0x56, 0x28, 0x12,
-        0xB2, 0x96, 0x54, 0x7B, 0x91, 0x78, 0x24, 0xCD,
-        0xB8, 0x8C, 0x58, 0x2B, 0x5A, 0x68, 0x90, 0x17,
-        0x7B, 0xC7, 0x0C, 0x91, 0xAC, 0xAC, 0x9A, 0xBE,
-        0x29, 0x0A, 0xEB, 0x2C, 0x34, 0xA7, 0xE2, 0x36,
-        0x89, 0x55, 0xCB, 0x45, 0x6A, 0x34, 0x53, 0x68,
-        0xAB, 0xE3, 0xB9, 0x1B, 0x47, 0xFC, 0x30, 0xB0,
-        0x23, 0x3A, 0x09, 0xBA, 0x79, 0xFB, 0x11, 0x23,
-        0x8A, 0xC5, 0x08, 0xCC, 0xE6, 0x10, 0x95, 0xF8,
-        0x54, 0xC2, 0x32, 0x04, 0xA8, 0xD3, 0x6B, 0xFC,
-        0x2C, 0x6E, 0x05, 0xA7, 0x2A, 0xF5, 0x24, 0x4B,
-        0x17, 0xC1, 0x21, 0x01, 0xE0, 0x14, 0x51, 0x57,
-        0x0E, 0xB1, 0x10, 0x56, 0x7E, 0x85, 0x0E, 0x79,
-        0xC0, 0x00, 0x14, 0x24, 0x41, 0xFE, 0x41, 0x60,
-        0x02, 0x75, 0x45, 0xF6, 0x29, 0x0E, 0x85, 0x45,
-        0x1B, 0x80, 0x23, 0x4A, 0x94, 0x06, 0xC3, 0x90,
-        0xB0, 0xCE, 0xA3, 0xC8, 0x33, 0x5D, 0x4C, 0x6F,
-        0x85, 0x50, 0xB5, 0x44, 0xC9, 0x34, 0x3E, 0x61,
-        0xBA, 0x1C, 0x84, 0x89, 0xD1, 0xB0, 0x39, 0x97,
-        0x39, 0x16, 0x8A, 0xF7, 0x40, 0xA4, 0x81, 0xB0,
-        0xF5, 0xC3, 0x37, 0x25, 0x30, 0xCA, 0x06, 0xB5,
-        0x08, 0xEC, 0xE8, 0x38, 0xAB, 0x78, 0xBE, 0xE1,
-        0xE5, 0x97, 0xA9, 0xB1, 0x4F, 0x6A, 0xEC, 0x7A,
-        0x3B, 0xD1, 0xAA, 0x8D, 0x10, 0xBA, 0xC2, 0x3B,
-        0x98, 0x02, 0x90, 0x2C, 0xD5, 0x29, 0xAB, 0x6E,
-        0xF5, 0x4D, 0xB3, 0x11, 0x0C, 0xFB, 0x56, 0x1E,
-        0x7E, 0x69, 0x48, 0xE6, 0x52, 0x81, 0x25, 0x04,
-        0x16, 0xC3, 0x49, 0xC8, 0x10, 0x0B, 0x3B, 0x4D,
-        0x3D, 0x0F, 0x62, 0xAC, 0xAD, 0x8D, 0x16, 0x11,
-        0x75, 0xB1, 0x34, 0xF7, 0x56, 0x49, 0x37, 0xCD,
-        0xEC, 0xE9, 0xE2, 0x46, 0xAA, 0xD1, 0x10, 0x21,
-        0xA6, 0x7B, 0x20, 0xEB, 0x8F, 0x77, 0x65, 0xAC,
-        0x28, 0x23, 0xA9, 0xD1, 0x8C, 0x93, 0xEC, 0x28,
-        0x2D, 0x6D, 0xBC, 0x53, 0xCD, 0x6D, 0xF5, 0x75,
-        0x92, 0xAC, 0x7D, 0x1F, 0x83, 0xBA, 0xFA, 0xE6,
-        0xEE, 0x86, 0xFE, 0x00, 0xF9, 0x5D, 0x81, 0x33,
-        0x75, 0x77, 0x24, 0x34, 0x86, 0x0F, 0x5F, 0xF7,
-        0xD5, 0x4F, 0xFC, 0x37, 0x39, 0x9B, 0xC4, 0xCC
+        0x98, 0xA1, 0xB2, 0xDA, 0x4A, 0x65, 0xCF, 0xB5,
+        0x84, 0x5E, 0xA7, 0x31, 0x1E, 0x6A, 0x06, 0xDB,
+        0x73, 0x1F, 0x15, 0x90, 0xC4, 0x1E, 0xE7, 0x4B,
+        0xA1, 0x07, 0x82, 0x71, 0x5B, 0x35, 0xA3, 0x10,
+        0x2D, 0xF6, 0x37, 0x87, 0x2B, 0xE6, 0x5B, 0xAB,
+        0x37, 0xA1, 0xDE, 0x25, 0x11, 0xD7, 0x03, 0xC7,
+        0x02, 0x47, 0xB3, 0x5E, 0xF2, 0x74, 0x35, 0x48,
+        0x50, 0x24, 0xD9, 0x3F, 0xD9, 0xE7, 0x7C, 0x43,
+        0x80, 0x4F, 0x37, 0x17, 0x49, 0xBA, 0x00, 0xB2,
+        0x0A, 0x8C, 0x5C, 0x58, 0x8B, 0xC9, 0xAB, 0xE0,
+        0x68, 0xAE, 0xAA, 0xA9, 0x38, 0x51, 0x7E, 0xBF,
+        0xE5, 0x3B, 0x6B, 0x66, 0x32, 0x82, 0x90, 0x3D,
+        0xCD, 0x18, 0x97, 0x36, 0xD7, 0x29, 0x68, 0x16,
+        0xC7, 0x33, 0xA1, 0xC7, 0x7C, 0x63, 0x75, 0xE5,
+        0x39, 0x7C, 0x0F, 0x18, 0x9B, 0xBF, 0xE4, 0x76,
+        0x43, 0xA6, 0x1F, 0x58, 0xF8, 0xA3, 0xC6, 0x91,
+        0x1B, 0xE4, 0x61, 0x1A, 0x8C, 0x7B, 0xC0, 0x50,
+        0x02, 0x11, 0x63, 0xD0, 0xA4, 0x04, 0xDC, 0x14,
+        0x06, 0x57, 0x48, 0xFF, 0x29, 0xBE, 0x60, 0xD2,
+        0xB9, 0xFD, 0xCC, 0x8F, 0xFD, 0x98, 0xC5, 0x87,
+        0xF3, 0x8C, 0x67, 0x11, 0x57, 0x86, 0x46, 0x4B,
+        0xDB, 0x34, 0x2B, 0x17, 0xE8, 0x97, 0xD6, 0x46,
+        0x17, 0xCB, 0xFB, 0x11, 0x79, 0x73, 0xA5, 0x45,
+        0x89, 0x77, 0xA7, 0xD7, 0x61, 0x7A, 0x1B, 0x4D,
+        0x83, 0xBA, 0x03, 0xC6, 0x11, 0x13, 0x8A, 0x46,
+        0x73, 0xB1, 0xEB, 0x34, 0xB0, 0x78, 0x03, 0x3F,
+        0x97, 0xCF, 0xFE, 0x80, 0xC1, 0x46, 0xA2, 0x69,
+        0x43, 0xF8, 0x42, 0xB9, 0x76, 0x32, 0x7B, 0xF1,
+        0xCB, 0xC6, 0x01, 0x19, 0x52, 0x5B, 0xB9, 0xA3,
+        0xC0, 0x34, 0x93, 0x34, 0x90, 0x00, 0xDD, 0x8F,
+        0x51, 0xBA, 0x21, 0xA2, 0xE9, 0x23, 0x61, 0x76,
+        0x23, 0x24, 0x60, 0x0E, 0x0C, 0x13, 0xAA, 0xA6,
+        0xCB, 0x69, 0xBF, 0xB2, 0x42, 0x76, 0x48, 0x3F,
+        0x6B, 0x02, 0x42, 0x12, 0x59, 0xB7, 0x58, 0x52,
+        0x63, 0xC1, 0xA0, 0x28, 0xD6, 0x82, 0xC5, 0x08,
+        0xBB, 0xC2, 0x80, 0x1A, 0x56, 0xE9, 0x8B, 0x8F,
+        0x62, 0x0B, 0x04, 0x83, 0xD7, 0x9B, 0x5A, 0xD8,
+        0x58, 0x5A, 0xC0, 0xA4, 0x75, 0xBA, 0xC7, 0x78,
+        0x65, 0x19, 0x41, 0x96, 0x33, 0x87, 0x91, 0xB7,
+        0x98, 0x5A, 0x05, 0xD1, 0x09, 0x39, 0x5C, 0xCA,
+        0x89, 0x32, 0x72, 0x2A, 0x91, 0x95, 0x0D, 0x37,
+        0xE1, 0x2B, 0x89, 0x14, 0x20, 0xA5, 0x2B, 0x62,
+        0xCB, 0xFA, 0x81, 0x5D, 0xF6, 0x17, 0x4C, 0xE0,
+        0x0E, 0x68, 0xBC, 0xA7, 0x5D, 0x48, 0x38, 0xCA,
+        0x28, 0x0F, 0x71, 0x3C, 0x7E, 0x69, 0x24, 0xAF,
+        0xD9, 0x5B, 0xAA, 0x0D, 0x01, 0xAD, 0xA6, 0x37,
+        0xB1, 0x58, 0x34, 0x70, 0x34, 0xC0, 0xAB, 0x1A,
+        0x71, 0x83, 0x33, 0x1A, 0x82, 0x0A, 0xCB, 0xCB,
+        0x83, 0x19, 0x3A, 0x1A, 0x94, 0xC8, 0xF7, 0xE3,
+        0x84, 0xAE, 0xD0, 0xC3, 0x5E, 0xD3, 0xCB, 0x33,
+        0x97, 0xBB, 0x63, 0x80, 0x86, 0xE7, 0xA3, 0x5A,
+        0x64, 0x08, 0xA3, 0xA4, 0xB9, 0x0C, 0xE9, 0x53,
+        0x70, 0x7C, 0x19, 0xBC, 0x46, 0xC3, 0xB2, 0xDA,
+        0x3B, 0x2E, 0xE3, 0x23, 0x19, 0xC5, 0x6B, 0x92,
+        0x80, 0x32, 0xB5, 0xED, 0x12, 0x56, 0xD0, 0x75,
+        0x3D, 0x34, 0x14, 0x23, 0xE9, 0xDB, 0x13, 0x9D,
+        0xE7, 0x71, 0x4F, 0xF0, 0x75, 0xCA, 0xF5, 0x8F,
+        0xD9, 0xF5, 0x7D, 0x1A, 0x54, 0x01, 0x9B, 0x59,
+        0x26, 0x40, 0x68, 0x30, 0xDA, 0xE2, 0x9A, 0x87,
+        0x53, 0x02, 0xA8, 0x12, 0x56, 0xF4, 0xD6, 0xCF,
+        0x5E, 0x74, 0x03, 0x4E, 0xA6, 0x14, 0xBF, 0x70,
+        0xC2, 0x76, 0x4B, 0x20, 0xC9, 0x58, 0x9C, 0xDB,
+        0x5C, 0x25, 0x76, 0x1A, 0x04, 0xE5, 0x82, 0x92,
+        0x90, 0x7C, 0x57, 0x8A, 0x94, 0xA3, 0x58, 0x36,
+        0xBE, 0xE3, 0x11, 0x2D, 0xC2, 0xC3, 0xAE, 0x21,
+        0x92, 0xC9, 0xDE, 0xAA, 0x30, 0x4B, 0x29, 0xC7,
+        0xFE, 0xA1, 0xBD, 0xF4, 0x7B, 0x3B, 0x6B, 0xCB,
+        0xA2, 0xC0, 0xE5, 0x5C, 0x9C, 0xDB, 0x6D, 0xE7,
+        0x14, 0x9E, 0x9C, 0xB1, 0x79, 0x17, 0x71, 0x8F,
+        0x12, 0xC8, 0x03, 0x2D, 0xE1, 0xAD, 0xE0, 0x64,
+        0x8D, 0x40, 0x55, 0x19, 0xC7, 0x07, 0x19, 0xBE,
+        0xCC, 0x70, 0x18, 0x45, 0xCF, 0x9F, 0x4B, 0x91,
+        0x2F, 0xE7, 0x19, 0x83, 0xCA, 0x34, 0xF9, 0x01,
+        0x8C, 0x7C, 0xA7, 0xBB, 0x2F, 0x6C, 0x5D, 0x7F,
+        0x8C, 0x5B, 0x29, 0x73, 0x59, 0xEC, 0x75, 0x20,
+        0x9C, 0x25, 0x43, 0xFF, 0x11, 0xC4, 0x24, 0x49,
+        0x77, 0xC5, 0x96, 0x95, 0x24, 0xEC, 0x45, 0x4D,
+        0x44, 0xC3, 0x23, 0xFC, 0xCA, 0x94, 0xAC, 0xAC,
+        0x27, 0x3A, 0x0E, 0xC4, 0x9B, 0x4A, 0x8A, 0x58,
+        0x5B, 0xCE, 0x7A, 0x5B, 0x30, 0x5C, 0x04, 0xC3,
+        0x50, 0x64, 0x22, 0x58, 0x03, 0x57, 0x01, 0x6A,
+        0x85, 0x0C, 0x3F, 0x7E, 0xE1, 0x72, 0x05, 0xA7,
+        0x7B, 0x29, 0x1C, 0x77, 0x31, 0xC9, 0x83, 0x6C,
+        0x02, 0xAE, 0xE5, 0x40, 0x6F, 0x63, 0xC6, 0xA0,
+        0x7A, 0x21, 0x43, 0x82, 0xAA, 0x15, 0x33, 0x6C,
+        0x05, 0xD1, 0x04, 0x55, 0x88, 0x10, 0x76, 0x45,
+        0xEA, 0x7D, 0xE6, 0x87, 0x0F, 0xC0, 0xE5, 0x5E,
+        0x15, 0x40, 0x97, 0x43, 0x01, 0xC4, 0x2E, 0xC1,
+        0x41, 0x05, 0x51, 0x86, 0x80, 0xF6, 0x88, 0xAB,
+        0xE4, 0xCE, 0x45, 0x37, 0x38, 0xFE, 0x47, 0x1B,
+        0x87, 0xFC, 0x31, 0xF5, 0xC6, 0x8A, 0x39, 0xE6,
+        0x8A, 0xF5, 0x1B, 0x02, 0x40, 0xB9, 0x0E, 0x03,
+        0x64, 0xB0, 0x4B, 0xAC, 0x43, 0xD6, 0xFB, 0x68,
+        0xAB, 0x65, 0xAE, 0x02, 0x8B, 0x62, 0xBD, 0x68,
+        0x3B, 0x7D, 0x28, 0xAD, 0x38, 0x80, 0x6B, 0xEE,
+        0x72, 0x5B, 0x5B, 0x24, 0x16, 0xA8, 0xD7, 0x9C,
+        0x16, 0xEC, 0x2A, 0x99, 0xEA, 0x4A, 0x8D, 0x92,
+        0xA2, 0xF5, 0x05, 0x2E, 0x67, 0xF9, 0x73, 0x52,
+        0x28, 0x97, 0x61, 0xC5, 0xC3, 0x9F, 0xC5, 0xC7,
+        0x42, 0xE9, 0xC0, 0xA7, 0x40, 0xCA, 0x59, 0xFC,
+        0x01, 0x82, 0xF7, 0x09, 0xD0, 0x1B, 0x51, 0x87,
+        0xF0, 0x00, 0x63, 0xDA, 0xAB, 0x39, 0x75, 0x96,
+        0xEE, 0xA4, 0xA3, 0x1B, 0xDB, 0xCB, 0xD4, 0xC1,
+        0xBB, 0x0C, 0x55, 0xBE, 0x7C, 0x68, 0x50, 0xFD,
+        0xA9, 0x32, 0x6B, 0x35, 0x3E, 0x28, 0x8C, 0x50,
+        0x13, 0x22, 0x6C, 0x3C, 0x39, 0x23, 0xA7, 0x91,
+        0x60, 0x9E, 0x80, 0x02, 0xE7, 0x3A, 0x5F, 0x7B,
+        0x6B, 0xB4, 0xA8, 0x77, 0xB1, 0xFD, 0xF5, 0x3B,
+        0xB2, 0xBA, 0xB3, 0xDD, 0x42, 0x4D, 0x31, 0xBB,
+        0xB4, 0x48, 0xE6, 0x09, 0xA6, 0x6B, 0x0E, 0x34,
+        0x3C, 0x28, 0x6E, 0x87, 0x60, 0x31, 0x2B, 0x6D,
+        0x37, 0xAA, 0x52, 0x01, 0xD2, 0x1F, 0x53, 0x50,
+        0x3D, 0x88, 0x38, 0x9A, 0xDC, 0xA2, 0x1C, 0x70,
+        0xFB, 0x6C, 0x0F, 0xC9, 0xC6, 0x9D, 0x66, 0x16,
+        0xC9, 0xEA, 0x37, 0x80, 0xE3, 0x55, 0x65, 0xC0,
+        0xC9, 0x7C, 0x15, 0x17, 0x9C, 0x95, 0x34, 0x3E,
+        0xCC, 0x5E, 0x1C, 0x2A, 0x24, 0xDE, 0x46, 0x99,
+        0xF6, 0x87, 0x5E, 0xA2, 0xFA, 0x2D, 0xD3, 0xE3,
+        0x57, 0xBC, 0x43, 0x91, 0x47, 0x95, 0x20, 0x7E,
+        0x02, 0x6B, 0x85, 0x0A, 0x22, 0x37, 0x95, 0x0C,
+        0x10, 0x8A, 0x51, 0x2F, 0xC8, 0x8C, 0x22, 0x48,
+        0x81, 0x12, 0x60, 0x70, 0x88, 0x18, 0x5F, 0xB0,
+        0xE0, 0x9C, 0x2C, 0x41, 0x97, 0xA8, 0x36, 0x87,
+        0x26, 0x6B, 0xAB, 0x2E, 0x58, 0x3E, 0x21, 0xC4,
+        0x0F, 0x4C, 0xC0, 0x08, 0xFE, 0x65, 0x28, 0x04,
+        0xD8, 0x22, 0x3F, 0x15, 0x20, 0xA9, 0x0B, 0x0D,
+        0x53, 0x85, 0xC7, 0x55, 0x3C, 0xC7, 0x67, 0xC5,
+        0x8D, 0x12, 0x0C, 0xCD, 0x3E, 0xF5, 0xB5, 0xD1,
+        0xA6, 0xCD, 0x7B, 0xC0, 0x0D, 0xFF, 0x13, 0x21,
+        0xB2, 0xF2, 0xC4, 0x32, 0xB6, 0x4E, 0xFB, 0x8A,
+        0x3F, 0x5D, 0x00, 0x64, 0xB3, 0xF3, 0x42, 0x93,
+        0x02, 0x6C, 0x85, 0x1C, 0x2D, 0xED, 0x68, 0xB9,
+        0xDF, 0xF4, 0xA2, 0x8F, 0x6A, 0x8D, 0x22, 0x55,
+        0x35, 0xE0, 0x47, 0x70, 0x84, 0x43, 0x0C, 0xFF,
+        0xDA, 0x0A, 0xC0, 0x55, 0x2F, 0x9A, 0x21, 0x27,
+        0x85, 0xB7, 0x49, 0x91, 0x3A, 0x06, 0xFA, 0x22,
+        0x74, 0xC0, 0xD1, 0x5B, 0xAD, 0x32, 0x54, 0x58,
+        0xD3, 0x23, 0xEF, 0x6B, 0xAE, 0x13, 0xC0, 0x01,
+        0x0D, 0x52, 0x5C, 0x1D, 0x52, 0x69, 0x97, 0x3A,
+        0xC2, 0x9B, 0xDA, 0x7C, 0x98, 0x37, 0x46, 0x91,
+        0x8B, 0xA0, 0xE0, 0x02, 0x58, 0x8E, 0x30, 0x37,
+        0x5D, 0x78, 0x32, 0x9E, 0x6B, 0x8B, 0xA8, 0xC4,
+        0x46, 0x2A, 0x69, 0x2F, 0xB6, 0x08, 0x38, 0x42,
+        0xB8, 0xC8, 0xC9, 0x2C, 0x60, 0xF2, 0x52, 0x72,
+        0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25,
+        0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62,
+        0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46,
+        0x12, 0x64, 0x02, 0xB1, 0xFA, 0x16, 0x37, 0x73,
+        0x3C, 0xD5, 0xF6, 0x0C, 0xC8, 0x4B, 0xCB, 0x64,
+        0x6A, 0x78, 0x92, 0x61, 0x4D, 0x7C, 0x51, 0xB1,
+        0xC7, 0xF1, 0xA2, 0x79, 0x91, 0x32, 0xF1, 0x34,
+        0x27, 0xDC, 0x48, 0x21, 0x58, 0xDA, 0x25, 0x44,
+        0x70, 0xA5, 0x9E, 0x00, 0xA4, 0xE4, 0x96, 0x86,
+        0xFD, 0xC0, 0x77, 0x55, 0x93, 0x67, 0x27, 0x0C,
+        0x21, 0x53, 0xF1, 0x10, 0x07, 0x59, 0x2C, 0x9C,
+        0x43, 0x10, 0xCF, 0x8A, 0x12, 0xC6, 0xA8, 0x71,
+        0x3B, 0xD6, 0xBB, 0x51, 0xF3, 0x12, 0x4F, 0x98,
+        0x9B, 0xA0, 0xD5, 0x40, 0x73, 0xCC, 0x24, 0x2E,
+        0x09, 0x68, 0x78, 0x0B, 0x87, 0x5A, 0x86, 0x9E,
+        0xFB, 0x85, 0x15, 0x86, 0xB9, 0xA8, 0x68, 0xA3,
+        0x84, 0xB9, 0xE6, 0x82, 0x1B, 0x20, 0x1B, 0x93,
+        0x2C, 0x45, 0x53, 0x69, 0xA7, 0x39, 0xEC, 0x22,
+        0x56, 0x9C, 0x97, 0x7C, 0x21, 0x2B, 0x38, 0x18,
+        0x71, 0x81, 0x36, 0x56, 0xAF, 0x5B, 0x56, 0x7E,
+        0xF8, 0x93, 0xB5, 0x84, 0x62, 0x4C, 0x86, 0x3A,
+        0x25, 0x90, 0x00, 0xF1, 0x7B, 0x25, 0x4B, 0x98,
+        0xB1, 0x85, 0x09, 0x7C, 0x50, 0xEB, 0xB6, 0x8B,
+        0x24, 0x43, 0x42, 0xE0, 0x5D, 0x4D, 0xE5, 0x20,
+        0x12, 0x5B, 0x8E, 0x10, 0x33, 0xB1, 0x43, 0x60,
+        0x93, 0xAC, 0xE7, 0xCE, 0x8E, 0x71, 0xB4, 0x58,
+        0xD5, 0x25, 0x67, 0x33, 0x63, 0x04, 0x5A, 0x3B,
+        0x3E, 0xEA, 0x94, 0x55, 0x42, 0x8A, 0x39, 0x87,
+        0x05, 0xA4, 0x23, 0x27, 0xAD, 0xB3, 0x77, 0x4B,
+        0x70, 0x57, 0xF4, 0x2B, 0x01, 0x7E, 0xC0, 0x73,
+        0x9A, 0x98, 0x3F, 0x19, 0xE8, 0x21, 0x4D, 0x09,
+        0x19, 0x5F, 0xA2, 0x4D, 0x2D, 0x57, 0x1D, 0xB7,
+        0x3C, 0x19, 0xA6, 0xF8, 0x46, 0x0E, 0x50, 0x83,
+        0x0D, 0x41, 0x5F, 0x62, 0x7B, 0x88, 0xE9, 0x4A,
+        0x7B, 0x15, 0x37, 0x91, 0xA0, 0xC0, 0xC7, 0xE9,
+        0x48, 0x4C, 0x74, 0xD5, 0x3C, 0x71, 0x48, 0x89,
+        0xF0, 0xE3, 0x21, 0xB6, 0x66, 0x0A, 0x53, 0x2A,
+        0x5B, 0xC0, 0xE5, 0x57, 0xFB, 0xCA, 0x35, 0xE2,
+        0x9B, 0xC6, 0x11, 0x20, 0x0E, 0xD3, 0xC6, 0x33,
+        0x07, 0x7A, 0x4D, 0x87, 0x3C, 0x5C, 0xC6, 0x70,
+        0x06, 0xB7, 0x53, 0xBF, 0x6D, 0x6B, 0x7A, 0xF6,
+        0xCA, 0x40, 0x2A, 0xB6, 0x18, 0x23, 0x6C, 0x0A,
+        0xFF, 0xBC, 0x80, 0x1F, 0x82, 0x22, 0xFB, 0xC3,
+        0x6C, 0xE0, 0x98, 0x4E, 0x2B, 0x18, 0xC9, 0x44,
+        0xBB, 0xCB, 0xEF, 0x03, 0xB1, 0xE1, 0x36, 0x1C,
+        0x1F, 0x44, 0xB0, 0xD7, 0x34, 0xAF, 0xB1, 0x56,
+        0x6C, 0xFF, 0x87, 0x44, 0xDA, 0x8B, 0x99, 0x43,
+        0xD6, 0xB4, 0x5A, 0x3C, 0x09, 0x03, 0x07, 0x02,
+        0xCA, 0x20, 0x1F, 0xFE, 0x20, 0xCB, 0x7E, 0xC5,
+        0xB0, 0xD4, 0x14, 0x9E, 0xE2, 0xC2, 0x8E, 0x8B,
+        0x23, 0x37, 0x4F, 0x47, 0x1B, 0x57, 0x15, 0x0D,
+        0x0E, 0xC9, 0x33, 0x62, 0x61, 0xA2, 0xD5, 0xCB,
+        0x84, 0xA3, 0xAC, 0xAC, 0xC4, 0x28, 0x94, 0x73,
+        0xA4, 0xC0, 0xAB, 0xC6, 0x17, 0xC9, 0xAB, 0xC1,
+        0x78, 0x73, 0x44, 0x34, 0xC8, 0x2E, 0x16, 0x85,
+        0x58, 0x8A, 0x5C, 0x2E, 0xA2, 0x67, 0x8F, 0x6B,
+        0x3C, 0x22, 0x28, 0x73, 0x31, 0x30, 0xC4, 0x66,
+        0xE5, 0xB8, 0x6E, 0xF4, 0x91, 0x15, 0x3E, 0x48,
+        0x66, 0x22, 0x47, 0xB8, 0x75, 0xD2, 0x01, 0x02,
+        0x0B, 0x56, 0x6B, 0x81, 0xB6, 0x4D, 0x83, 0x9A,
+        0xB4, 0x63, 0x3B, 0xAA, 0x8A, 0xCE, 0x20, 0x2B,
+        0xAA, 0xB4, 0x49, 0x62, 0x97, 0xF9, 0x80, 0x7A,
+        0xDB, 0xBB, 0x1E, 0x33, 0x2C, 0x6F, 0x80, 0x22,
+        0xB2, 0xA1, 0x8C, 0xFD, 0xD4, 0xA8, 0x25, 0x30,
+        0xB6, 0xD3, 0xF0, 0x07, 0xC3, 0x35, 0x38, 0x98,
+        0xD9, 0x66, 0xCC, 0x2C, 0x21, 0xCB, 0x42, 0x44,
+        0xBD, 0x00, 0x44, 0x3F, 0x20, 0x98, 0x70, 0xAC,
+        0xC4, 0x2B, 0xC3, 0x30, 0x68, 0xC7, 0x24, 0xEC,
+        0x17, 0x22, 0x36, 0x19, 0xC1, 0x09, 0x3C, 0xCA,
+        0x6A, 0xEB, 0x29, 0x50, 0x06, 0x64, 0xD1, 0x22,
+        0x50, 0x36, 0xB4, 0xB8, 0x10, 0x91, 0x90, 0x69,
+        0x69, 0x48, 0x1F, 0x1C, 0x72, 0x3C, 0x14, 0x0B,
+        0x9D, 0x6C, 0x16, 0x8F, 0x5B, 0x64, 0xBE, 0xA6,
+        0x9C, 0x5F, 0xD6, 0x38, 0x5D, 0xF7, 0x36, 0x4B,
+        0x87, 0x23, 0xBC, 0xC8, 0x5E, 0x03, 0x8C, 0x7E,
+        0x46, 0x4A, 0x90, 0x0D, 0x68, 0xA2, 0x12, 0x78,
+        0x18, 0x99, 0x42, 0x17, 0xAE, 0xC8, 0xBD, 0xB3,
+        0x9A, 0x97, 0x0A, 0x99, 0x63, 0xDE, 0x93, 0x68,
+        0x8E, 0x2A, 0xC8, 0x2A, 0xBC, 0xC2, 0x2F, 0xB9,
+        0x27, 0x7B, 0xA2, 0x20, 0x09, 0xE8, 0x78, 0x38,
+        0x1A, 0x38, 0x16, 0x39, 0x01, 0xC7, 0xD4, 0xC8,
+        0x50, 0x19, 0x53, 0x8D, 0x35, 0xCA, 0xAE, 0x9C,
+        0x41, 0xAF, 0x8C, 0x92, 0x9E, 0xE2, 0x0B, 0xB0,
+        0x8C, 0xA6, 0x19, 0xE7, 0x2C, 0x2F, 0x22, 0x62,
+        0xC1, 0xC9, 0x93, 0x85, 0x72, 0x55, 0x1A, 0xC0,
+        0x2D, 0xC9, 0x26, 0x8F, 0xBC, 0xC3, 0x5D, 0x79,
+        0x01, 0x1C, 0x3C, 0x09, 0x0A, 0xD4, 0x0A, 0x4F,
+        0x11, 0x1C, 0x9B, 0xE5, 0x5C, 0x42, 0x7E, 0xB7,
+        0x96, 0xC1, 0x93, 0x2D, 0x86, 0x73, 0x57, 0x9A,
+        0xF1, 0xB4, 0xC6, 0x38, 0xB0, 0x94, 0x44, 0x89,
+        0x01, 0x2A, 0x25, 0x59, 0xA3, 0xB0, 0x24, 0x81,
+        0xB0, 0x1A, 0xC3, 0x0B, 0xA8, 0x96, 0x0F, 0x80,
+        0xC0, 0xC2, 0xB3, 0x94, 0x7D, 0x36, 0xA1, 0x2C,
+        0x08, 0x04, 0x98, 0xBE, 0xE4, 0x48, 0x71, 0x6C,
+        0x97, 0x34, 0x16, 0xC8, 0x24, 0x28, 0x04, 0xA3,
+        0xDA, 0x09, 0x9E, 0xE1, 0x37, 0xB0, 0xBA, 0x90,
+        0xFE, 0x4A, 0x5C, 0x6A, 0x89, 0x20, 0x02, 0x76,
+        0xA0, 0xCF, 0xB6, 0x43, 0xEC, 0x2C, 0x56, 0xA2,
+        0xD7, 0x08, 0xD7, 0xB4, 0x37, 0x3E, 0x44, 0xC1,
+        0x50, 0x2A, 0x76, 0x3A, 0x60, 0x05, 0x86, 0xE6,
+        0xCD, 0xA6, 0x27, 0x38, 0x97, 0xD4, 0x44, 0x48,
+        0x28, 0x7D, 0xC2, 0xE6, 0x02, 0xDC, 0x39, 0x20,
+        0x0B, 0xF6, 0x16, 0x62, 0x36, 0x55, 0x9F, 0xD1,
+        0x2A, 0x60, 0x89, 0x2A, 0xEB, 0x15, 0x3D, 0xD6,
+        0x51, 0xBB, 0x46, 0x99, 0x10, 0xB4, 0xB3, 0x46,
+        0x69, 0xF9, 0x1D, 0xA8, 0x65, 0x4D, 0x1E, 0xB7,
+        0x2E, 0xB6, 0xE0, 0x28, 0x00, 0xB3, 0xB0, 0xA7,
+        0xD0, 0xA4, 0x8C, 0x83, 0x68, 0x54, 0xD3, 0xA8,
+        0x3E, 0x65, 0x56, 0x9C, 0xB7, 0x23, 0x0B, 0xB4,
+        0x4F, 0x3F, 0x14, 0x3A, 0x6D, 0xEC, 0x5F, 0x2C,
+        0x39, 0xAB, 0x90, 0xF2, 0x74, 0xF2, 0x08, 0x8B,
+        0xD3, 0xD6, 0xA6, 0xFC, 0xA0, 0x07, 0x02, 0x73,
+        0xBE, 0xDC, 0x84, 0x77, 0x7F, 0xB5, 0x2E, 0x3C,
+        0x55, 0x8B, 0x0A, 0xE0, 0x61, 0x83, 0xD5, 0xA4,
+        0x8D, 0x45, 0x2F, 0x68, 0xE1, 0x52, 0x07, 0xF8,
+        0x61, 0x62, 0x7A, 0xCA, 0x14, 0x27, 0x96, 0x30,
+        0xF8, 0x2E, 0xC3, 0xA0, 0xCA, 0x07, 0x86, 0x33,
+        0xB6, 0x00, 0xAF, 0xA7, 0x97, 0x43, 0xA6, 0x00,
+        0x21, 0x5B, 0xE5, 0x63, 0x74, 0x58, 0xCE, 0x2C,
+        0xE8, 0xAF, 0xF5, 0xA0, 0x8E, 0xB5, 0x01, 0x7B,
+        0x2C, 0x76, 0x65, 0x77, 0x47, 0x9F, 0x8D, 0xC6,
+        0xBF, 0x9F, 0x5C, 0xC7, 0x50, 0x89, 0x93, 0x21,
+        0x61, 0xB9, 0x6C, 0xEA, 0x40, 0x66, 0x20, 0xAE,
+        0xDB, 0x63, 0x04, 0x07, 0xF7, 0x68, 0x7E, 0xBB,
+        0xB4, 0x81, 0x4C, 0x79, 0x81, 0x63, 0x7A, 0x48,
+        0xA9, 0x0D, 0xE6, 0x80, 0x31, 0xE0, 0x62, 0xA7,
+        0xAF, 0x76, 0x12, 0xB4, 0xF5, 0xC7, 0xA6, 0xDA,
+        0x86, 0xBD, 0x13, 0x65, 0x29, 0xE6, 0x42, 0x95,
+        0xA5, 0x61, 0x3E, 0xA7, 0x3B, 0xD3, 0xD4, 0x44,
+        0x8C, 0xB8, 0x1F, 0x24, 0x31, 0x35, 0xC0, 0xA6,
+        0x60, 0xBE, 0xB9, 0xC1, 0x7E, 0x65, 0x1D, 0xEF,
+        0x46, 0x9A, 0x7D, 0x90, 0xA1, 0x5D, 0x34, 0x81,
+        0x09, 0x0B, 0xCB, 0xF2, 0x27, 0x01, 0x23, 0x28,
+        0x94, 0x1F, 0xA4, 0x6F, 0x39, 0xC5, 0x00, 0x6A,
+        0xD9, 0x3D, 0x45, 0x8A, 0xA6, 0xAD, 0xD6, 0x55,
+        0x86, 0x2B, 0x41, 0x8C, 0x30, 0x94, 0xF5, 0x51,
+        0x46, 0x0D, 0xF2, 0x15, 0x3A, 0x58, 0x10, 0xA7,
+        0xDA, 0x74, 0xF0, 0x61, 0x4C, 0x25, 0x88, 0xBE,
+        0x49, 0xDC, 0x6F, 0x5E, 0x88, 0x15, 0x46, 0x42,
+        0xBD, 0x1D, 0x37, 0x62, 0x56, 0x33, 0x26, 0x43,
+        0x35, 0x07, 0x15, 0x6A, 0x57, 0xC5, 0x76, 0x94,
+        0xBD, 0xD2, 0x6E, 0x7A, 0x24, 0x6F, 0xEB, 0x72,
+        0x3A, 0xED, 0x67, 0xB0, 0x48, 0x87, 0xC8, 0xE4,
+        0x76, 0xB4, 0x8C, 0xAB, 0x59, 0xE5, 0x36, 0x2F,
+        0x26, 0xA9, 0xEF, 0x50, 0xC2, 0xBC, 0x80, 0xBA,
+        0x14, 0x62, 0x26, 0x21, 0x6F, 0xE6, 0x29, 0x68,
+        0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41,
+        0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68,
+        0xE2, 0x90, 0x20, 0x83, 0x9D, 0x05, 0x2F, 0xA3,
+        0x72, 0x58, 0x56, 0x27, 0xF8, 0xB5, 0x9E, 0xE3,
+        0x12, 0xAE, 0x41, 0x4C, 0x97, 0x9D, 0x82, 0x5F,
+        0x06, 0xA6, 0x92, 0x9A, 0x79, 0x62, 0x57, 0x18,
+        0xA8, 0x57, 0x68, 0xF3, 0x48, 0x6B, 0xD3, 0x2A,
+        0x01, 0xBF, 0x9A, 0x8F, 0x21, 0xEA, 0x93, 0x8E,
+        0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C,
+        0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD
     };
 #endif
 #ifndef WOLFSSL_NO_KYBER1024
     static const byte seed_1024[KYBER_MAKEKEY_RAND_SZ] = {
-        0x7A, 0xF6, 0x50, 0x22, 0xE0, 0xA4, 0x72, 0xED,
-        0x63, 0x88, 0x63, 0x8E, 0xA2, 0x9D, 0x82, 0xDA,
-        0x68, 0xB4, 0xCF, 0x9F, 0xFD, 0xF2, 0xB6, 0x7C,
-        0xD7, 0x08, 0xEA, 0x5A, 0x37, 0x0C, 0x6A, 0x7C,
-        0x7A, 0xF6, 0x50, 0x22, 0xE0, 0xA4, 0x72, 0xED,
-        0x63, 0x88, 0x63, 0x8E, 0xA2, 0x9D, 0x82, 0xDA,
-        0x68, 0xB4, 0xCF, 0x9F, 0xFD, 0xF2, 0xB6, 0x7C,
-        0xD7, 0x08, 0xEA, 0x5A, 0x37, 0x0C, 0x6A, 0x7C
+        /* d */
+        0x49, 0xAC, 0x8B, 0x99, 0xBB, 0x1E, 0x6A, 0x8E,
+        0xA8, 0x18, 0x26, 0x1F, 0x8B, 0xE6, 0x8B, 0xDE,
+        0xAA, 0x52, 0x89, 0x7E, 0x7E, 0xC6, 0xC4, 0x0B,
+        0x53, 0x0B, 0xC7, 0x60, 0xAB, 0x77, 0xDC, 0xE3,
+        /* z */
+        0x99, 0xE3, 0x24, 0x68, 0x84, 0x18, 0x1F, 0x8E,
+        0x1D, 0xD4, 0x4E, 0x0C, 0x76, 0x29, 0x09, 0x33,
+        0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E,
+        0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7
     };
     static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = {
-        0x70, 0xE1, 0x3F, 0x30, 0x15, 0x17, 0xB5, 0xA4,
-        0x0D, 0x70, 0x36, 0x1F, 0x63, 0x09, 0x41, 0x60,
-        0x67, 0x64, 0x6D, 0x2B, 0x71, 0x36, 0x62, 0x6B,
-        0xCC, 0xCC, 0x17, 0x0C, 0x66, 0xCE, 0xD4, 0x90,
-        0xC7, 0x35, 0x34, 0x4B, 0x62, 0x77, 0x09, 0x7C,
-        0xA9, 0x14, 0x21, 0x2A, 0x29, 0x2D, 0xD1, 0x22,
-        0xFB, 0xB6, 0x9F, 0xDE, 0xCA, 0x47, 0xFA, 0xB4,
-        0x53, 0x2B, 0x8C, 0x80, 0xCE, 0xB7, 0x7F, 0x9C,
-        0x54, 0x3E, 0x0B, 0xF1, 0x53, 0x6D, 0x1C, 0x0C,
-        0xAE, 0x07, 0x7E, 0x2C, 0xA7, 0x86, 0x2B, 0x45,
-        0xA4, 0x10, 0x46, 0x9C, 0xC5, 0xB7, 0x06, 0xBA,
-        0xE0, 0x05, 0x1C, 0xB2, 0x96, 0x1D, 0xB7, 0x27,
-        0x0B, 0x75, 0xB7, 0x11, 0x69, 0x8D, 0x2B, 0x80,
-        0x70, 0x40, 0xD5, 0x62, 0x81, 0x29, 0x43, 0x6F,
-        0xBB, 0x58, 0xF1, 0x20, 0x3F, 0x75, 0x56, 0x14,
-        0x65, 0xF5, 0x42, 0x57, 0xE4, 0x4D, 0x33, 0xF5,
-        0x12, 0xD6, 0x33, 0x43, 0x1D, 0x00, 0xA2, 0xFB,
-        0x02, 0x30, 0xC9, 0xBB, 0x9C, 0xDD, 0xFC, 0x83,
-        0xBD, 0x65, 0xC9, 0x74, 0x45, 0x30, 0x21, 0x86,
-        0xA1, 0x72, 0x23, 0xAD, 0x21, 0x33, 0x28, 0x03,
-        0xB9, 0x09, 0xE5, 0xE5, 0x67, 0x19, 0x70, 0xBB,
-        0xB0, 0xF1, 0xC4, 0x83, 0x7B, 0xB8, 0x42, 0x73,
-        0xBA, 0x67, 0x5A, 0xC0, 0x74, 0xC5, 0x29, 0x0B,
-        0x41, 0x1C, 0x25, 0x00, 0x65, 0x70, 0x59, 0x33,
-        0x9D, 0xE3, 0x92, 0xF9, 0xCA, 0x30, 0x89, 0x52,
-        0xA2, 0x20, 0x1A, 0x58, 0x87, 0x67, 0xAD, 0xC0,
-        0x35, 0xBD, 0xF3, 0x30, 0x24, 0xEA, 0x3B, 0x9A,
-        0x83, 0xC5, 0xA0, 0xB9, 0xC5, 0x42, 0x5D, 0x14,
-        0x07, 0x0C, 0x81, 0xAA, 0xDA, 0x26, 0xBA, 0xC3,
-        0xFB, 0xB8, 0xD4, 0xB7, 0xCF, 0xEE, 0x03, 0x92,
-        0x37, 0x5C, 0x68, 0x42, 0x73, 0x51, 0xDF, 0xEC,
-        0x63, 0x60, 0x9B, 0xBB, 0x50, 0xB4, 0x63, 0xE0,
-        0x40, 0x92, 0x85, 0x70, 0x09, 0xD1, 0xE5, 0xB8,
-        0x1D, 0x70, 0x7D, 0x14, 0xB8, 0x33, 0xCD, 0x4A,
-        0x0B, 0x55, 0x1B, 0xAA, 0x13, 0xEC, 0x48, 0x8A,
-        0x15, 0x03, 0xB0, 0x46, 0x7E, 0xE4, 0x02, 0x3C,
-        0x3F, 0xE0, 0x32, 0xC7, 0x82, 0x25, 0x06, 0x38,
-        0x86, 0xE2, 0x46, 0x8E, 0x00, 0xF7, 0x00, 0x07,
-        0x2A, 0x2E, 0xC8, 0xDA, 0x6A, 0xFB, 0x20, 0x6C,
-        0x91, 0x90, 0x44, 0x33, 0xBB, 0xCC, 0xB0, 0xE7,
-        0x6F, 0x42, 0x46, 0x8C, 0x40, 0xEB, 0x5F, 0x59,
-        0xCB, 0x9A, 0xE1, 0xB0, 0x35, 0xE5, 0x21, 0x51,
-        0x0B, 0xF2, 0x16, 0xA1, 0xAB, 0xCB, 0x19, 0x03,
-        0x3B, 0x7A, 0x65, 0x88, 0x97, 0xC6, 0x58, 0x74,
-        0xD5, 0x13, 0x51, 0x83, 0x14, 0x9F, 0x97, 0x9E,
-        0x55, 0x3C, 0xCF, 0xBF, 0xA3, 0x90, 0x0C, 0xDA,
-        0x6F, 0x01, 0x96, 0x0B, 0x75, 0x15, 0x7F, 0x54,
-        0x53, 0xAA, 0x6E, 0x73, 0xB3, 0xED, 0x90, 0x2F,
-        0x7D, 0x7C, 0x93, 0x05, 0x97, 0x1B, 0xDF, 0x72,
-        0x2E, 0x29, 0x37, 0x16, 0x9A, 0x1B, 0xC0, 0xFA,
-        0xEB, 0x6C, 0x92, 0xF7, 0x15, 0x0D, 0x23, 0x30,
-        0x87, 0x7C, 0x5D, 0xC5, 0x24, 0x9A, 0xAE, 0x20,
-        0x30, 0x26, 0x34, 0xC5, 0xC5, 0xB2, 0x30, 0x53,
-        0x52, 0x10, 0x28, 0x12, 0x25, 0x42, 0xF4, 0x85,
-        0xA0, 0xEA, 0xC8, 0x69, 0x22, 0x37, 0x20, 0x63,
-        0x36, 0x51, 0xF5, 0xB2, 0x47, 0xC6, 0x62, 0xB3,
-        0x1A, 0x10, 0x53, 0x8C, 0xA7, 0x49, 0x1B, 0x14,
-        0x37, 0xAA, 0x74, 0xF4, 0x28, 0x2D, 0x12, 0x97,
-        0x4D, 0x9C, 0x93, 0x4D, 0xF2, 0x14, 0x78, 0x5B,
-        0x64, 0x18, 0x46, 0x8B, 0x92, 0xE5, 0x25, 0x28,
-        0xC8, 0x44, 0x7A, 0x1C, 0xA4, 0x22, 0xFA, 0x6C,
-        0xC8, 0x8E, 0x28, 0xB0, 0x59, 0xF0, 0x4B, 0x23,
-        0x59, 0x73, 0x23, 0xF7, 0x2F, 0x3E, 0x23, 0x36,
-        0xF8, 0x7C, 0x47, 0x90, 0x5C, 0xBA, 0x65, 0x5B,
-        0xB7, 0x3F, 0xC3, 0x2E, 0x18, 0xD4, 0xB7, 0x87,
-        0x05, 0xC7, 0x82, 0xEB, 0xCB, 0x43, 0xE2, 0x78,
-        0x5C, 0x82, 0xC5, 0xAF, 0x24, 0xB0, 0xE1, 0x69,
-        0x9C, 0xFB, 0xC0, 0x25, 0x74, 0x75, 0x79, 0x9A,
-        0x53, 0x9B, 0x11, 0xA5, 0x0F, 0x4D, 0xF2, 0xB7,
-        0xFA, 0xA2, 0x0B, 0xD8, 0x82, 0x75, 0x15, 0xCA,
-        0x37, 0x0F, 0x89, 0xC0, 0xD4, 0xC6, 0x09, 0x02,
-        0xF6, 0x56, 0x7C, 0xD6, 0x0B, 0x08, 0x60, 0xA5,
-        0x5B, 0xC8, 0x57, 0x2C, 0x43, 0x6C, 0x24, 0x6A,
-        0xC2, 0x76, 0x64, 0x4E, 0x7D, 0x60, 0x2A, 0xA5,
-        0x7C, 0x01, 0x66, 0x20, 0x18, 0x14, 0x99, 0x1C,
-        0x1B, 0xD7, 0x5C, 0x7C, 0x47, 0xC3, 0x48, 0xB6,
-        0x7D, 0x77, 0x61, 0x33, 0x86, 0x90, 0x81, 0x44,
-        0xEA, 0x83, 0xFF, 0x72, 0x1F, 0x9A, 0x50, 0x07,
-        0x6C, 0x51, 0x01, 0x64, 0xD1, 0x8E, 0x05, 0xD0,
-        0x5D, 0x98, 0x84, 0xC4, 0x41, 0x46, 0xA0, 0x7C,
-        0xCA, 0xCF, 0x89, 0x04, 0x98, 0xED, 0x1A, 0x19,
-        0xB2, 0xA1, 0x54, 0x31, 0x72, 0x9D, 0xC1, 0xF1,
-        0x2B, 0x7E, 0xA1, 0x0F, 0x9F, 0x92, 0x80, 0x62,
-        0xD1, 0x45, 0x4B, 0x4B, 0x9F, 0x68, 0xE5, 0x99,
-        0x90, 0x29, 0x0B, 0xE3, 0x72, 0x8B, 0x32, 0x89,
-        0x56, 0x93, 0x63, 0xAB, 0x10, 0x05, 0x13, 0x1B,
-        0x23, 0x81, 0xA0, 0x8C, 0xC2, 0xBF, 0x94, 0x3E,
-        0x95, 0xD5, 0xB2, 0x1B, 0xC6, 0xAA, 0xBC, 0x22,
-        0x73, 0x34, 0x8B, 0xC7, 0x2B, 0xD0, 0x93, 0xB7,
-        0xB5, 0x61, 0x7A, 0xE8, 0x7F, 0x60, 0x2B, 0xB9,
-        0x89, 0xE6, 0xAF, 0xC4, 0x4B, 0x81, 0x51, 0x20,
-        0x76, 0xA3, 0xA8, 0x76, 0xE0, 0xE2, 0x5F, 0x97,
-        0x62, 0xB4, 0x62, 0x08, 0x19, 0x85, 0x50, 0x2F,
-        0x26, 0xB2, 0x87, 0xA2, 0x93, 0x6D, 0x5B, 0x1A,
-        0xCF, 0xFC, 0xEC, 0x4E, 0xEE, 0x77, 0xA9, 0xCB,
-        0xA9, 0x80, 0xEB, 0x9B, 0x5F, 0xDE, 0x75, 0x53,
-        0x9F, 0x65, 0x09, 0x04, 0x67, 0x7D, 0xBE, 0x29,
-        0xAB, 0x8B, 0xB9, 0x18, 0xA3, 0x49, 0x48, 0x03,
-        0xEC, 0xA5, 0x9A, 0x2C, 0x32, 0xE5, 0xB5, 0xC8,
-        0x3B, 0x0B, 0x80, 0xB1, 0x10, 0x2C, 0xD7, 0xD9,
-        0x48, 0x2B, 0x45, 0x9B, 0x6B, 0x74, 0x49, 0x1E,
-        0xC3, 0x0C, 0x4B, 0xE7, 0x7C, 0x2B, 0x52, 0x4A,
-        0xF7, 0xB3, 0xAD, 0x1F, 0x71, 0x34, 0x1D, 0xF0,
-        0xA7, 0x6F, 0x25, 0x5C, 0x29, 0x03, 0xC8, 0x82,
-        0x08, 0x07, 0x93, 0x79, 0x93, 0x0A, 0x95, 0x13,
-        0xF3, 0x90, 0x12, 0x6E, 0x73, 0x2A, 0x2B, 0xB0,
-        0x94, 0xBF, 0xA6, 0xBF, 0x0A, 0x43, 0x2B, 0xCD,
-        0x65, 0x7D, 0xAF, 0xCB, 0x25, 0xC8, 0xBB, 0x15,
-        0xE0, 0x95, 0x5D, 0x09, 0x9B, 0x74, 0xFF, 0x1A,
-        0x4D, 0xE6, 0x55, 0x9C, 0xD6, 0x79, 0x7C, 0x38,
-        0xC4, 0x8C, 0x11, 0x34, 0xCA, 0x2C, 0x97, 0x92,
-        0x43, 0xF3, 0x15, 0x2A, 0xF4, 0xBB, 0xE4, 0xD7,
-        0xA6, 0xBC, 0x09, 0x87, 0x21, 0x33, 0x92, 0x0C,
-        0xD2, 0x3B, 0x3E, 0xF9, 0x84, 0x8C, 0xCC, 0x68,
-        0x45, 0xD6, 0x47, 0xB5, 0x38, 0x75, 0x57, 0x73,
-        0x65, 0x13, 0xD5, 0x85, 0x60, 0x84, 0x51, 0x92,
-        0xF9, 0x26, 0x51, 0x59, 0x93, 0x2E, 0x57, 0x2A,
-        0x88, 0xC4, 0x4E, 0x65, 0x66, 0x76, 0x0C, 0x06,
-        0x1C, 0x67, 0xFC, 0xB5, 0xBF, 0x21, 0x00, 0x95,
-        0xE2, 0x14, 0xDA, 0x74, 0x53, 0x57, 0xE3, 0x69,
-        0x96, 0xD8, 0xC0, 0x66, 0x31, 0x1B, 0xBC, 0x76,
-        0x1A, 0x1F, 0xD2, 0x52, 0x73, 0xD2, 0x1E, 0xAB,
-        0x50, 0x01, 0x05, 0x63, 0xCD, 0x64, 0x68, 0xA4,
-        0xEA, 0x83, 0x6B, 0x6D, 0x64, 0xBD, 0x2B, 0xD7,
-        0x6D, 0xBE, 0x35, 0x82, 0xD5, 0x73, 0x6A, 0x60,
-        0x5A, 0x55, 0x09, 0xFC, 0x28, 0x78, 0x9B, 0x56,
-        0xB8, 0x84, 0xAE, 0x9A, 0x60, 0x41, 0x5F, 0x55,
-        0x67, 0x4B, 0xE6, 0x01, 0x57, 0x6C, 0x7C, 0xEE,
-        0x58, 0x14, 0x3B, 0xF0, 0x54, 0x80, 0x6A, 0xBC,
-        0xB3, 0x45, 0xA2, 0x56, 0xCB, 0xC4, 0x54, 0xE3,
-        0x43, 0xF3, 0xCC, 0x7A, 0xDE, 0x65, 0x56, 0x2F,
-        0xD2, 0x9E, 0xB2, 0x59, 0x73, 0x7B, 0xB3, 0xCF,
-        0x96, 0x49, 0xBD, 0xEA, 0x28, 0x3F, 0xB0, 0x72,
-        0x65, 0x67, 0x7C, 0x98, 0x08, 0xD1, 0x31, 0x19,
-        0xC0, 0xA2, 0xAD, 0xF7, 0x45, 0xDE, 0x69, 0x75,
-        0xF4, 0x56, 0x2C, 0xD6, 0x15, 0x57, 0xB3, 0x96,
-        0x5D, 0x2B, 0x07, 0x2F, 0x00, 0x0A, 0xA7, 0xE0,
-        0xA3, 0x57, 0xE1, 0x25, 0x3E, 0xAF, 0xEA, 0x7F,
-        0xDF, 0xCC, 0x92, 0xFA, 0x87, 0x63, 0x0D, 0xD2,
-        0x27, 0x6C, 0xE4, 0x2E, 0x82, 0x0B, 0x69, 0xD1,
-        0xFC, 0x2E, 0x47, 0xD5, 0xC4, 0x98, 0xA5, 0x5B,
-        0x3B, 0x29, 0xC3, 0x4E, 0x64, 0x90, 0x3D, 0x04,
-        0x7A, 0xB1, 0xC0, 0x40, 0x24, 0x95, 0x8F, 0x70,
-        0x11, 0x95, 0xF5, 0xD1, 0x3E, 0xC6, 0x70, 0x6B,
-        0x84, 0x48, 0x50, 0x3A, 0x54, 0x99, 0x22, 0xA5,
-        0x8A, 0x24, 0xB6, 0x7C, 0x93, 0x63, 0x27, 0x56,
-        0xB7, 0x7D, 0x22, 0x54, 0x07, 0x31, 0x61, 0x71,
-        0xDE, 0xEC, 0x56, 0x71, 0x44, 0x35, 0xCF, 0x94,
-        0xCC, 0xF4, 0x59, 0x9E, 0x00, 0xD1, 0x0E, 0x56,
-        0x96, 0x22, 0xBA, 0xDA, 0x82, 0x0C, 0x45, 0x2F,
-        0x25, 0x42, 0xAD, 0xF0, 0x87, 0x65, 0xCA, 0x93,
-        0xAE, 0x38, 0xEB, 0x02, 0x5D, 0xE3, 0x1C, 0xFF,
-        0x79, 0x74, 0x54, 0x9A, 0x78, 0x25, 0xA8, 0x31,
-        0xDD, 0x05, 0x4E, 0x87, 0xB8, 0x4C, 0x5F, 0x25,
-        0x47, 0xFF, 0x47, 0xB4, 0x6F, 0x88, 0xC9, 0x9F,
-        0x15, 0x48, 0xE9, 0x33, 0xA6, 0xF4, 0xD8, 0x7F,
-        0x1A, 0x4A, 0x1B, 0x00, 0xE3, 0x9E, 0x02, 0xD6,
-        0x0E, 0x51, 0xEB, 0x60, 0x3C, 0x1C, 0x0D, 0x80,
-        0x7A, 0xCD, 0xAB, 0x08, 0xBA, 0xA2, 0xB9, 0x98,
-        0x69, 0xB7, 0x5C, 0xA2, 0xC4, 0xB9, 0x63, 0x68,
-        0xB5, 0x17, 0x80, 0xBD, 0x1E, 0xC7, 0x5B, 0x11,
-        0x0B, 0x9F, 0xA6, 0x65, 0x56, 0x87, 0x6C, 0x5F,
-        0x48, 0x79, 0x7D, 0x09, 0x01, 0x38, 0xF7, 0x54,
-        0xAE, 0x30, 0x53, 0x3D, 0x36, 0xAA, 0x44, 0xB9,
-        0xB1, 0x70, 0x2A, 0x6A, 0x8A, 0x56, 0x62, 0x6B,
-        0xF0, 0x45, 0x1A, 0x37, 0xA7, 0xAC, 0x1A, 0x33,
-        0x70, 0x76, 0xE5, 0x1E, 0x0A, 0x6B, 0x03, 0x00,
-        0xC2, 0xC7, 0x90, 0xA4, 0x43, 0x7E, 0xA2, 0x8D,
-        0x7E, 0xC9, 0x8C, 0x41, 0x9B, 0x37, 0xD6, 0xAA,
-        0x97, 0x04, 0x17, 0x43, 0x5F, 0x91, 0xBE, 0xDC,
-        0x2B, 0x1F, 0x4B, 0xC8, 0x15, 0x8A, 0x51, 0xB1,
-        0xF4, 0x71, 0x51, 0x6F, 0xE8, 0x24, 0x28, 0x7C,
-        0x89, 0x6B, 0x89, 0x1B, 0x49, 0xF2, 0x54, 0xDD,
-        0x36, 0x35, 0x9B, 0x89, 0xC8, 0x24, 0xEB, 0x3F,
-        0x62, 0x48, 0x02, 0x7F, 0xBB, 0xAD, 0x4C, 0xF2,
-        0x91, 0x18, 0xCB, 0x50, 0xEB, 0xB6, 0x25, 0xA3,
-        0x7C, 0x53, 0x7A, 0x02, 0x23, 0xF0, 0xEB, 0x70,
-        0x85, 0xB5, 0xC7, 0xEC, 0x60, 0x75, 0x70, 0xDB,
-        0x91, 0x85, 0xD5, 0x99, 0x02, 0xBC, 0x26, 0xC6,
-        0x54, 0xA2, 0x80, 0x4C, 0x0D, 0x94, 0x67, 0x93,
-        0xD8, 0xA2, 0x14, 0x82, 0xAC, 0x4F, 0x05, 0xE9,
-        0x01, 0x62, 0x60, 0x33, 0x1D, 0xCC, 0x58, 0xBC,
-        0x66, 0xAF, 0x3C, 0xA7, 0x58, 0x54, 0x40, 0x21,
-        0x6A, 0xA0, 0x26, 0x3B, 0x2A, 0x72, 0x5E, 0x08,
-        0x0F, 0x6F, 0x9C, 0x5B, 0x6A, 0x9C, 0x9D, 0xA2,
-        0x93, 0x55, 0x18, 0x9B, 0x4B, 0x95, 0xB1, 0x37,
-        0xD1, 0x22, 0x5F, 0x25, 0x2A, 0xC7, 0x97, 0xB0,
-        0x64, 0x6C, 0xAC, 0x52, 0x16, 0x4B, 0x59, 0x72,
-        0xA9, 0x92, 0x65, 0xD3, 0x47, 0xFC, 0x7C, 0x35,
-        0x91, 0xD1, 0x5F, 0xFE, 0x68, 0x1C, 0x06, 0xD4,
-        0x38, 0xCC, 0xEB, 0x60, 0xBB, 0x63, 0x10, 0xB7,
-        0x95, 0x32, 0x89, 0x72, 0x0E, 0x2C, 0x72, 0x87,
-        0x30, 0x05, 0x23, 0x37, 0xAC, 0xA7, 0xC8, 0x52,
-        0x1A, 0xB4, 0x4F, 0x1E, 0x2A, 0x04, 0x9B, 0x83,
-        0xE0, 0x77, 0x4C, 0x96, 0xCD, 0x8C, 0x87, 0x6F,
-        0xA6, 0x75, 0xD0, 0x92, 0x39, 0x77, 0x27, 0x1B
+        0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A,
+        0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6,
+        0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B,
+        0xC4, 0x83, 0x0C, 0x00, 0x12, 0x55, 0x4C, 0xFC,
+        0x5D, 0x2C, 0x8A, 0x20, 0x27, 0xAA, 0x3C, 0xD9,
+        0x67, 0x13, 0x0E, 0x9B, 0x96, 0x24, 0x1B, 0x11,
+        0xC4, 0x32, 0x0C, 0x76, 0x49, 0xCC, 0x23, 0xA7,
+        0x1B, 0xAF, 0xE6, 0x91, 0xAF, 0xC0, 0x8E, 0x68,
+        0x0B, 0xCE, 0xF4, 0x29, 0x07, 0x00, 0x07, 0x18,
+        0xE4, 0xEA, 0xCE, 0x8D, 0xA2, 0x82, 0x14, 0x19,
+        0x7B, 0xE1, 0xC2, 0x69, 0xDA, 0x9C, 0xB5, 0x41,
+        0xE1, 0xA3, 0xCE, 0x97, 0xCF, 0xAD, 0xF9, 0xC6,
+        0x05, 0x87, 0x80, 0xFE, 0x67, 0x93, 0xDB, 0xFA,
+        0x82, 0x18, 0xA2, 0x76, 0x0B, 0x80, 0x2B, 0x8D,
+        0xA2, 0xAA, 0x27, 0x1A, 0x38, 0x77, 0x25, 0x23,
+        0xA7, 0x67, 0x36, 0xA7, 0xA3, 0x1B, 0x9D, 0x30,
+        0x37, 0xAD, 0x21, 0xCE, 0xBB, 0x11, 0xA4, 0x72,
+        0xB8, 0x79, 0x2E, 0xB1, 0x75, 0x58, 0xB9, 0x40,
+        0xE7, 0x08, 0x83, 0xF2, 0x64, 0x59, 0x2C, 0x68,
+        0x9B, 0x24, 0x0B, 0xB4, 0x3D, 0x54, 0x08, 0xBF,
+        0x44, 0x64, 0x32, 0xF4, 0x12, 0xF4, 0xB9, 0xA5,
+        0xF6, 0x86, 0x5C, 0xC2, 0x52, 0xA4, 0x3C, 0xF4,
+        0x0A, 0x32, 0x03, 0x91, 0x55, 0x55, 0x91, 0xD6,
+        0x75, 0x61, 0xFD, 0xD0, 0x53, 0x53, 0xAB, 0x6B,
+        0x01, 0x9B, 0x3A, 0x08, 0xA7, 0x33, 0x53, 0xD5,
+        0x1B, 0x61, 0x13, 0xAB, 0x2F, 0xA5, 0x1D, 0x97,
+        0x56, 0x48, 0xEE, 0x25, 0x4A, 0xF8, 0x9A, 0x23,
+        0x05, 0x04, 0xA2, 0x36, 0xA4, 0x65, 0x82, 0x57,
+        0x74, 0x0B, 0xDC, 0xBB, 0xE1, 0x70, 0x8A, 0xB0,
+        0x22, 0xC3, 0xC5, 0x88, 0xA4, 0x10, 0xDB, 0x3B,
+        0x9C, 0x30, 0x8A, 0x06, 0x27, 0x5B, 0xDF, 0x5B,
+        0x48, 0x59, 0xD3, 0xA2, 0x61, 0x7A, 0x29, 0x5E,
+        0x1A, 0x22, 0xF9, 0x01, 0x98, 0xBA, 0xD0, 0x16,
+        0x6F, 0x4A, 0x94, 0x34, 0x17, 0xC5, 0xB8, 0x31,
+        0x73, 0x6C, 0xB2, 0xC8, 0x58, 0x0A, 0xBF, 0xDE,
+        0x57, 0x14, 0xB5, 0x86, 0xAB, 0xEE, 0xC0, 0xA1,
+        0x75, 0xA0, 0x8B, 0xC7, 0x10, 0xC7, 0xA2, 0x89,
+        0x5D, 0xE9, 0x3A, 0xC4, 0x38, 0x06, 0x1B, 0xF7,
+        0x76, 0x5D, 0x0D, 0x21, 0xCD, 0x41, 0x81, 0x67,
+        0xCA, 0xF8, 0x9D, 0x1E, 0xFC, 0x34, 0x48, 0xBC,
+        0xBB, 0x96, 0xD6, 0x9B, 0x3E, 0x01, 0x0C, 0x82,
+        0xD1, 0x5C, 0xAB, 0x6C, 0xAC, 0xC6, 0x79, 0x9D,
+        0x36, 0x39, 0x66, 0x9A, 0x5B, 0x21, 0xA6, 0x33,
+        0xC8, 0x65, 0xF8, 0x59, 0x3B, 0x5B, 0x7B, 0xC8,
+        0x00, 0x26, 0x2B, 0xB8, 0x37, 0xA9, 0x24, 0xA6,
+        0xC5, 0x44, 0x0E, 0x4F, 0xC7, 0x3B, 0x41, 0xB2,
+        0x30, 0x92, 0xC3, 0x91, 0x2F, 0x4C, 0x6B, 0xEB,
+        0xB4, 0xC7, 0xB4, 0xC6, 0x29, 0x08, 0xB0, 0x37,
+        0x75, 0x66, 0x6C, 0x22, 0x22, 0x0D, 0xF9, 0xC8,
+        0x88, 0x23, 0xE3, 0x44, 0xC7, 0x30, 0x83, 0x32,
+        0x34, 0x5C, 0x8B, 0x79, 0x5D, 0x34, 0xE8, 0xC0,
+        0x51, 0xF2, 0x1F, 0x5A, 0x21, 0xC2, 0x14, 0xB6,
+        0x98, 0x41, 0x35, 0x87, 0x09, 0xB1, 0xC3, 0x05,
+        0xB3, 0x2C, 0xC2, 0xC3, 0x80, 0x6A, 0xE9, 0xCC,
+        0xD3, 0x81, 0x9F, 0xFF, 0x45, 0x07, 0xFE, 0x52,
+        0x0F, 0xBF, 0xC2, 0x71, 0x99, 0xBC, 0x23, 0xBE,
+        0x6B, 0x9B, 0x2D, 0x2A, 0xC1, 0x71, 0x75, 0x79,
+        0xAC, 0x76, 0x92, 0x79, 0xE2, 0xA7, 0xAA, 0xC6,
+        0x8A, 0x37, 0x1A, 0x47, 0xBA, 0x3A, 0x7D, 0xBE,
+        0x01, 0x6F, 0x14, 0xE1, 0xA7, 0x27, 0x33, 0x36,
+        0x63, 0xC4, 0xA5, 0xCD, 0x1A, 0x0F, 0x88, 0x36,
+        0xCF, 0x7B, 0x5C, 0x49, 0xAC, 0x51, 0x48, 0x5C,
+        0xA6, 0x03, 0x45, 0xC9, 0x90, 0xE0, 0x68, 0x88,
+        0x72, 0x00, 0x03, 0x73, 0x13, 0x22, 0xC5, 0xB8,
+        0xCD, 0x5E, 0x69, 0x07, 0xFD, 0xA1, 0x15, 0x7F,
+        0x46, 0x8F, 0xD3, 0xFC, 0x20, 0xFA, 0x81, 0x75,
+        0xEE, 0xC9, 0x5C, 0x29, 0x1A, 0x26, 0x2B, 0xA8,
+        0xC5, 0xBE, 0x99, 0x08, 0x72, 0x41, 0x89, 0x30,
+        0x85, 0x23, 0x39, 0xD8, 0x8A, 0x19, 0xB3, 0x7F,
+        0xEF, 0xA3, 0xCF, 0xE8, 0x21, 0x75, 0xC2, 0x24,
+        0x40, 0x7C, 0xA4, 0x14, 0xBA, 0xEB, 0x37, 0x92,
+        0x3B, 0x4D, 0x2D, 0x83, 0x13, 0x4A, 0xE1, 0x54,
+        0xE4, 0x90, 0xA9, 0xB4, 0x5A, 0x05, 0x63, 0xB0,
+        0x6C, 0x95, 0x3C, 0x33, 0x01, 0x45, 0x0A, 0x21,
+        0x76, 0xA0, 0x7C, 0x61, 0x4A, 0x74, 0xE3, 0x47,
+        0x8E, 0x48, 0x50, 0x9F, 0x9A, 0x60, 0xAE, 0x94,
+        0x5A, 0x8E, 0xBC, 0x78, 0x15, 0x12, 0x1D, 0x90,
+        0xA3, 0xB0, 0xE0, 0x70, 0x91, 0xA0, 0x96, 0xCF,
+        0x02, 0xC5, 0x7B, 0x25, 0xBC, 0xA5, 0x81, 0x26,
+        0xAD, 0x0C, 0x62, 0x9C, 0xE1, 0x66, 0xA7, 0xED,
+        0xB4, 0xB3, 0x32, 0x21, 0xA0, 0xD3, 0xF7, 0x2B,
+        0x85, 0xD5, 0x62, 0xEC, 0x69, 0x8B, 0x7D, 0x0A,
+        0x91, 0x3D, 0x73, 0x80, 0x6F, 0x1C, 0x5C, 0x87,
+        0xB3, 0x8E, 0xC0, 0x03, 0xCB, 0x30, 0x3A, 0x3D,
+        0xC5, 0x1B, 0x4B, 0x35, 0x35, 0x6A, 0x67, 0x82,
+        0x6D, 0x6E, 0xDA, 0xA8, 0xFE, 0xB9, 0x3B, 0x98,
+        0x49, 0x3B, 0x2D, 0x1C, 0x11, 0xB6, 0x76, 0xA6,
+        0xAD, 0x95, 0x06, 0xA1, 0xAA, 0xAE, 0x13, 0xA8,
+        0x24, 0xC7, 0xC0, 0x8D, 0x1C, 0x6C, 0x2C, 0x4D,
+        0xBA, 0x96, 0x42, 0xC7, 0x6E, 0xA7, 0xF6, 0xC8,
+        0x26, 0x4B, 0x64, 0xA2, 0x3C, 0xCC, 0xA9, 0xA7,
+        0x46, 0x35, 0xFC, 0xBF, 0x03, 0xE0, 0x0F, 0x1B,
+        0x57, 0x22, 0xB2, 0x14, 0x37, 0x67, 0x90, 0x79,
+        0x3B, 0x2C, 0x4F, 0x0A, 0x13, 0xB5, 0xC4, 0x07,
+        0x60, 0xB4, 0x21, 0x8E, 0x1D, 0x25, 0x94, 0xDC,
+        0xB3, 0x0A, 0x70, 0xD9, 0xC1, 0x78, 0x2A, 0x5D,
+        0xD3, 0x05, 0x76, 0xFA, 0x41, 0x44, 0xBF, 0xC8,
+        0x41, 0x6E, 0xDA, 0x81, 0x18, 0xFC, 0x64, 0x72,
+        0xF5, 0x6A, 0x97, 0x95, 0x86, 0xF3, 0x3B, 0xB0,
+        0x70, 0xFB, 0x0F, 0x1B, 0x0B, 0x10, 0xBC, 0x48,
+        0x97, 0xEB, 0xE0, 0x1B, 0xCA, 0x38, 0x93, 0xD4,
+        0xE1, 0x6A, 0xDB, 0x25, 0x09, 0x3A, 0x74, 0x17,
+        0xD0, 0x70, 0x8C, 0x83, 0xA2, 0x63, 0x22, 0xE2,
+        0x2E, 0x63, 0x30, 0x09, 0x1E, 0x30, 0x15, 0x2B,
+        0xF8, 0x23, 0x59, 0x7C, 0x04, 0xCC, 0xF4, 0xCF,
+        0xC7, 0x33, 0x15, 0x78, 0xF4, 0x3A, 0x27, 0x26,
+        0xCC, 0xB4, 0x28, 0x28, 0x9A, 0x90, 0xC8, 0x63,
+        0x25, 0x9D, 0xD1, 0x80, 0xC5, 0xFF, 0x14, 0x2B,
+        0xEF, 0x41, 0xC7, 0x71, 0x70, 0x94, 0xBE, 0x07,
+        0x85, 0x6D, 0xA2, 0xB1, 0x40, 0xFA, 0x67, 0x71,
+        0x09, 0x67, 0x35, 0x6A, 0xA4, 0x7D, 0xFB, 0xC8,
+        0xD2, 0x55, 0xB4, 0x72, 0x2A, 0xB8, 0x6D, 0x43,
+        0x9B, 0x7E, 0x0A, 0x60, 0x90, 0x25, 0x1D, 0x2D,
+        0x4C, 0x1E, 0xD5, 0xF2, 0x0B, 0xBE, 0x68, 0x07,
+        0xBF, 0x65, 0xA9, 0x0B, 0x7C, 0xB2, 0xEC, 0x01,
+        0x02, 0xAF, 0x02, 0x80, 0x9D, 0xC9, 0xAC, 0x7D,
+        0x0A, 0x3A, 0xBC, 0x69, 0xC1, 0x83, 0x65, 0xBC,
+        0xFF, 0x59, 0x18, 0x5F, 0x33, 0x99, 0x68, 0x87,
+        0x74, 0x61, 0x85, 0x90, 0x6C, 0x01, 0x91, 0xAE,
+        0xD4, 0x40, 0x7E, 0x13, 0x94, 0x46, 0x45, 0x9B,
+        0xE2, 0x9C, 0x68, 0x22, 0x71, 0x76, 0x44, 0x35,
+        0x3D, 0x24, 0xAB, 0x63, 0x39, 0x15, 0x6A, 0x9C,
+        0x42, 0x49, 0x09, 0xF0, 0xA9, 0x02, 0x5B, 0xB7,
+        0x47, 0x20, 0x77, 0x9B, 0xE4, 0x3F, 0x16, 0xD8,
+        0x1C, 0x8C, 0xC6, 0x66, 0xE9, 0x97, 0x10, 0xD8,
+        0xC6, 0x8B, 0xB5, 0xCC, 0x4E, 0x12, 0xF3, 0x14,
+        0xE9, 0x25, 0xA5, 0x51, 0xF0, 0x9C, 0xC5, 0x90,
+        0x03, 0xA1, 0xF8, 0x81, 0x03, 0xC2, 0x54, 0xBB,
+        0x97, 0x8D, 0x75, 0xF3, 0x94, 0xD3, 0x54, 0x0E,
+        0x31, 0xE7, 0x71, 0xCD, 0xA3, 0x6E, 0x39, 0xEC,
+        0x54, 0xA6, 0x2B, 0x58, 0x32, 0x66, 0x4D, 0x82,
+        0x1A, 0x72, 0xF1, 0xE6, 0xAF, 0xBB, 0xA2, 0x7F,
+        0x84, 0x29, 0x5B, 0x26, 0x94, 0xC4, 0x98, 0x49,
+        0x8E, 0x81, 0x2B, 0xC8, 0xE9, 0x37, 0x8F, 0xE5,
+        0x41, 0xCE, 0xC5, 0x89, 0x1B, 0x25, 0x06, 0x29,
+        0x01, 0xCB, 0x72, 0x12, 0xE3, 0xCD, 0xC4, 0x61,
+        0x79, 0xEC, 0x5B, 0xCE, 0xC1, 0x0B, 0xC0, 0xB9,
+        0x31, 0x1D, 0xE0, 0x50, 0x74, 0x29, 0x06, 0x87,
+        0xFD, 0x6A, 0x53, 0x92, 0x67, 0x16, 0x54, 0x28,
+        0x4C, 0xD9, 0xC8, 0xCC, 0x3E, 0xBA, 0x80, 0xEB,
+        0x3B, 0x66, 0x2E, 0xB5, 0x3E, 0xB7, 0x51, 0x16,
+        0x70, 0x4A, 0x1F, 0xEB, 0x5C, 0x2D, 0x05, 0x63,
+        0x38, 0x53, 0x28, 0x68, 0xDD, 0xF2, 0x4E, 0xB8,
+        0x99, 0x2A, 0xB8, 0x56, 0x5D, 0x9E, 0x49, 0x0C,
+        0xAD, 0xF1, 0x48, 0x04, 0x36, 0x0D, 0xAA, 0x90,
+        0x71, 0x8E, 0xAB, 0x61, 0x6B, 0xAB, 0x07, 0x65,
+        0xD3, 0x39, 0x87, 0xB4, 0x7E, 0xFB, 0x65, 0x99,
+        0xC5, 0x56, 0x32, 0x35, 0xE6, 0x1E, 0x4B, 0xE6,
+        0x70, 0xE9, 0x79, 0x55, 0xAB, 0x29, 0x2D, 0x97,
+        0x32, 0xCB, 0x89, 0x30, 0x94, 0x8A, 0xC8, 0x2D,
+        0xF2, 0x30, 0xAC, 0x72, 0x29, 0x7A, 0x23, 0x67,
+        0x9D, 0x6B, 0x94, 0xC1, 0x7F, 0x13, 0x59, 0x48,
+        0x32, 0x54, 0xFE, 0xDC, 0x2F, 0x05, 0x81, 0x9F,
+        0x0D, 0x06, 0x9A, 0x44, 0x3B, 0x78, 0xE3, 0xFC,
+        0x6C, 0x3E, 0xF4, 0x71, 0x4B, 0x05, 0xA3, 0xFC,
+        0xA8, 0x1C, 0xBB, 0xA6, 0x02, 0x42, 0xA7, 0x06,
+        0x0C, 0xD8, 0x85, 0xD8, 0xF3, 0x99, 0x81, 0xBB,
+        0x18, 0x09, 0x2B, 0x23, 0xDA, 0xA5, 0x9F, 0xD9,
+        0x57, 0x83, 0x88, 0x68, 0x8A, 0x09, 0xBB, 0xA0,
+        0x79, 0xBC, 0x80, 0x9A, 0x54, 0x84, 0x3A, 0x60,
+        0x38, 0x5E, 0x23, 0x10, 0xBB, 0xCB, 0xCC, 0x02,
+        0x13, 0xCE, 0x3D, 0xFA, 0xAB, 0x33, 0xB4, 0x7F,
+        0x9D, 0x63, 0x05, 0xBC, 0x95, 0xC6, 0x10, 0x78,
+        0x13, 0xC5, 0x85, 0xC4, 0xB6, 0x57, 0xBF, 0x30,
+        0x54, 0x28, 0x33, 0xB1, 0x49, 0x49, 0xF5, 0x73,
+        0xC0, 0x61, 0x2A, 0xD5, 0x24, 0xBA, 0xAE, 0x69,
+        0x59, 0x0C, 0x12, 0x77, 0xB8, 0x6C, 0x28, 0x65,
+        0x71, 0xBF, 0x66, 0xB3, 0xCF, 0xF4, 0x6A, 0x38,
+        0x58, 0xC0, 0x99, 0x06, 0xA7, 0x94, 0xDF, 0x4A,
+        0x06, 0xE9, 0xD4, 0xB0, 0xA2, 0xE4, 0x3F, 0x10,
+        0xF7, 0x2A, 0x6C, 0x6C, 0x47, 0xE5, 0x64, 0x6E,
+        0x2C, 0x79, 0x9B, 0x71, 0xC3, 0x3E, 0xD2, 0xF0,
+        0x1E, 0xEB, 0x45, 0x93, 0x8E, 0xB7, 0xA4, 0xE2,
+        0xE2, 0x90, 0x8C, 0x53, 0x55, 0x8A, 0x54, 0x0D,
+        0x35, 0x03, 0x69, 0xFA, 0x18, 0x9C, 0x61, 0x69,
+        0x43, 0xF7, 0x98, 0x1D, 0x76, 0x18, 0xCF, 0x02,
+        0xA5, 0xB0, 0xA2, 0xBC, 0xC4, 0x22, 0xE8, 0x57,
+        0xD1, 0xA4, 0x78, 0x71, 0x25, 0x3D, 0x08, 0x29,
+        0x3C, 0x1C, 0x17, 0x9B, 0xCD, 0xC0, 0x43, 0x70,
+        0x69, 0x10, 0x74, 0x18, 0x20, 0x5F, 0xDB, 0x98,
+        0x56, 0x62, 0x3B, 0x8C, 0xA6, 0xB6, 0x94, 0xC9,
+        0x6C, 0x08, 0x4B, 0x17, 0xF1, 0x3B, 0xB6, 0xDF,
+        0x12, 0xB2, 0xCF, 0xBB, 0xC2, 0xB0, 0xE0, 0xC3,
+        0x4B, 0x00, 0xD0, 0xFC, 0xD0, 0xAE, 0xCF, 0xB2,
+        0x79, 0x24, 0xF6, 0x98, 0x4E, 0x74, 0x7B, 0xE2,
+        0xA0, 0x9D, 0x83, 0xA8, 0x66, 0x45, 0x90, 0xA8,
+        0x07, 0x73, 0x31, 0x49, 0x1A, 0x4F, 0x7D, 0x72,
+        0x08, 0x43, 0xF2, 0x3E, 0x65, 0x2C, 0x6F, 0xA8,
+        0x40, 0x30, 0x8D, 0xB4, 0x02, 0x03, 0x37, 0xAA,
+        0xD3, 0x79, 0x67, 0x03, 0x4A, 0x9F, 0xB5, 0x23,
+        0xB6, 0x7C, 0xA7, 0x03, 0x30, 0xF0, 0x2D, 0x9E,
+        0xA2, 0x0C, 0x1E, 0x84, 0xCB, 0x8E, 0x57, 0x57,
+        0xC9, 0xE1, 0x89, 0x6B, 0x60, 0x58, 0x14, 0x41,
+        0xED, 0x61, 0x8A, 0xA5, 0xB2, 0x6D, 0xA5, 0x6C,
+        0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E,
+        0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21
     };
     static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = {
-        0x8A, 0xD0, 0xB5, 0xF0, 0x9A, 0x25, 0xAA, 0x93,
-        0x5D, 0xD9, 0xDA, 0x34, 0xAB, 0x82, 0xCA, 0x75,
-        0xA1, 0x2D, 0x66, 0xE9, 0x9C, 0xF4, 0x8B, 0xCA,
-        0x45, 0xB9, 0xB2, 0xDB, 0x44, 0x1B, 0xC2, 0x97,
-        0x1B, 0xDC, 0x99, 0x22, 0xB5, 0xF8, 0xBC, 0x3C,
-        0x06, 0x78, 0x54, 0x67, 0x59, 0x07, 0x3C, 0xB8,
-        0x8E, 0x26, 0xBA, 0xD1, 0xB1, 0xB3, 0xA4, 0x64,
-        0x6A, 0x65, 0x29, 0xC6, 0x32, 0xEA, 0xA3, 0x47,
-        0x73, 0x4A, 0x3B, 0xE5, 0x83, 0xD4, 0x71, 0x78,
-        0x09, 0x4C, 0x4A, 0x67, 0x0C, 0xBC, 0x41, 0xEC,
-        0x06, 0x89, 0x76, 0x56, 0x68, 0x54, 0x2E, 0x6F,
-        0x15, 0xA7, 0xD5, 0x86, 0xC9, 0xE2, 0x6A, 0x6A,
-        0x03, 0xC7, 0x14, 0x69, 0xC2, 0xC5, 0x3F, 0x7B,
-        0x14, 0x1B, 0x23, 0x2D, 0x86, 0x21, 0x6A, 0x25,
-        0xC7, 0xA8, 0xF3, 0x68, 0x52, 0x85, 0x8C, 0x07,
-        0xA9, 0x52, 0x4E, 0xE1, 0x7B, 0xA6, 0x34, 0x0A,
-        0xA2, 0xA2, 0x15, 0xC1, 0xEA, 0x85, 0x21, 0x67,
-        0xB6, 0x89, 0x1C, 0xC1, 0x66, 0xC2, 0xFA, 0x13,
-        0xA0, 0x27, 0x0A, 0x22, 0x98, 0x34, 0x13, 0xE0,
-        0xAC, 0xC4, 0x44, 0xBF, 0x40, 0xE2, 0x8C, 0x45,
-        0xE1, 0x4E, 0x07, 0x40, 0x4F, 0x62, 0x99, 0x63,
-        0x69, 0x59, 0x7F, 0x10, 0xFC, 0xC1, 0x80, 0xEC,
-        0xAC, 0xAD, 0x1A, 0x67, 0x19, 0xAB, 0x9F, 0x1B,
-        0x44, 0x7A, 0xE1, 0x9A, 0x2C, 0xB0, 0x2A, 0x7D,
-        0x04, 0x20, 0x61, 0x72, 0x16, 0x8C, 0x4F, 0x0A,
-        0x99, 0xBA, 0xFA, 0x93, 0x2D, 0x66, 0x49, 0xE8,
-        0x94, 0xA8, 0xF0, 0x57, 0x7B, 0x81, 0xC6, 0x64,
-        0x83, 0xC5, 0xB5, 0xCF, 0x60, 0xAE, 0x75, 0xA4,
-        0x44, 0x52, 0x6A, 0x9B, 0x36, 0x74, 0x32, 0x5F,
-        0xBA, 0x38, 0xF5, 0x32, 0x96, 0x42, 0x1A, 0x78,
-        0x50, 0x11, 0xC1, 0xDD, 0xB3, 0xA6, 0x99, 0x77,
-        0x45, 0xDB, 0x83, 0xCD, 0x58, 0x3C, 0x0C, 0x41,
-        0x77, 0xC7, 0x97, 0xD4, 0x0A, 0x4F, 0x69, 0x9F,
-        0x1F, 0x40, 0xC5, 0x41, 0x3A, 0xC4, 0xE4, 0x23,
-        0x73, 0x49, 0x2B, 0x6A, 0x2C, 0x6A, 0x40, 0x6D,
-        0x43, 0x7F, 0x42, 0x57, 0x0B, 0x5E, 0x94, 0x9E,
-        0xF4, 0x35, 0x0D, 0xEA, 0x79, 0x0C, 0xFE, 0xB7,
-        0x2D, 0x12, 0x87, 0x51, 0x7F, 0xE3, 0x27, 0x3D,
-        0x3C, 0xA6, 0x5A, 0x13, 0xCA, 0x6E, 0x23, 0xC5,
-        0x7B, 0xF0, 0x7D, 0xA0, 0x4B, 0x85, 0x1C, 0xF3,
-        0xAF, 0xA1, 0x8B, 0xAF, 0x5E, 0xF0, 0x20, 0x79,
-        0x28, 0x57, 0xA9, 0xE7, 0x21, 0xF0, 0x1B, 0x9F,
-        0xEA, 0x7B, 0x61, 0x2E, 0x4C, 0x6E, 0x29, 0x07,
-        0x93, 0x66, 0xB0, 0x22, 0x86, 0x88, 0xBE, 0x2A,
-        0x06, 0x7F, 0xBE, 0x92, 0x84, 0x2D, 0xD2, 0x80,
-        0xB3, 0xC7, 0x4D, 0xFA, 0xB7, 0x61, 0xE6, 0x13,
-        0xA8, 0x60, 0x4C, 0x47, 0x6E, 0x15, 0x46, 0x66,
-        0x85, 0xC6, 0x95, 0xAC, 0x35, 0x79, 0x1A, 0x91,
-        0x59, 0x94, 0x2F, 0x60, 0x17, 0x0C, 0xA2, 0x14,
-        0xC7, 0xC0, 0x9B, 0x1A, 0x4B, 0x1B, 0xCC, 0x4F,
-        0x4C, 0xC6, 0x0D, 0xF0, 0x1A, 0x10, 0x19, 0x15,
-        0xA9, 0xA2, 0xBC, 0x55, 0x31, 0x19, 0x66, 0x50,
-        0x32, 0xDC, 0xD9, 0x47, 0x6F, 0xBA, 0x7B, 0xB0,
-        0x71, 0x57, 0xD3, 0x3C, 0x9C, 0x8E, 0xFA, 0x6B,
-        0xD0, 0xAC, 0x38, 0xC1, 0xAC, 0x26, 0x5F, 0xB5,
-        0x18, 0x57, 0xD0, 0x15, 0x17, 0x61, 0x53, 0x26,
-        0xCA, 0x0E, 0x08, 0x65, 0x0B, 0xA6, 0xFA, 0x40,
-        0x83, 0x2C, 0x7B, 0x4C, 0x41, 0xB6, 0x44, 0x71,
-        0x60, 0x22, 0xB6, 0x52, 0xB1, 0x92, 0x7D, 0x55,
-        0xC9, 0xB3, 0x7F, 0xE2, 0x5F, 0x1A, 0xB6, 0x7A,
-        0x9A, 0x03, 0xC7, 0x00, 0x8C, 0x84, 0xB0, 0x7C,
-        0x49, 0x26, 0xB6, 0x38, 0x1E, 0x40, 0xCF, 0xD4,
-        0x41, 0x04, 0x12, 0x35, 0x18, 0x74, 0x16, 0xCE,
-        0xC3, 0x66, 0xCA, 0x6F, 0xB7, 0x6F, 0xA0, 0xAB,
-        0x6E, 0x32, 0x8A, 0x26, 0x41, 0xFC, 0x47, 0xDC,
-        0xD7, 0x6E, 0x91, 0xCA, 0x94, 0x31, 0xE1, 0x9B,
-        0xFF, 0x02, 0xCE, 0x62, 0x28, 0xC2, 0x33, 0x63,
-        0x82, 0xF8, 0xA1, 0x0E, 0x9E, 0xE2, 0xC8, 0xF1,
-        0x75, 0x93, 0x90, 0xA2, 0x00, 0x24, 0xA1, 0x5B,
-        0x3B, 0x09, 0x0C, 0x13, 0x90, 0xCA, 0x03, 0x43,
-        0x79, 0x72, 0x84, 0x24, 0x6B, 0xD8, 0x94, 0x35,
-        0x07, 0xB7, 0xA6, 0xB7, 0x1F, 0xC3, 0x3A, 0x03,
-        0xB7, 0xA8, 0x83, 0x66, 0xE4, 0xAF, 0xED, 0x51,
-        0x57, 0x39, 0xE5, 0xC6, 0x9F, 0x8A, 0x26, 0x6E,
-        0x4A, 0x1F, 0x53, 0xD7, 0x39, 0x30, 0xE9, 0x87,
-        0x55, 0x69, 0x31, 0x2B, 0x27, 0x03, 0x7E, 0x5C,
-        0x7F, 0x85, 0x21, 0x00, 0xC2, 0xBA, 0x36, 0x48,
-        0xB1, 0xB9, 0xC1, 0xB1, 0x49, 0xF6, 0x25, 0x0E,
-        0x0A, 0x6B, 0x06, 0x52, 0x13, 0x13, 0x4F, 0x30,
-        0x25, 0x69, 0x75, 0x5B, 0x8C, 0x5C, 0x4F, 0xFC,
-        0x68, 0x0B, 0xF7, 0x81, 0x18, 0x45, 0x34, 0x00,
-        0x35, 0xF1, 0x70, 0xB0, 0x68, 0xBA, 0x67, 0xA4,
-        0xC3, 0xB0, 0x16, 0x6D, 0x03, 0xCC, 0x82, 0x61,
-        0x84, 0x01, 0x90, 0xA2, 0x0F, 0x9A, 0x3B, 0x1E,
-        0xF4, 0x65, 0xC2, 0xF2, 0x18, 0x2D, 0xA8, 0xDA,
-        0x8D, 0x3B, 0x3C, 0x8C, 0xB1, 0x29, 0x15, 0xF7,
-        0xD9, 0x3E, 0x04, 0xD8, 0x84, 0x0C, 0x35, 0x67,
-        0x25, 0x5A, 0x7B, 0xD6, 0xD4, 0x33, 0xCF, 0x10,
-        0x68, 0xD8, 0x84, 0x52, 0xCF, 0xC1, 0x1F, 0x99,
-        0x1B, 0x7C, 0xE3, 0x79, 0x27, 0xD6, 0xCA, 0xAE,
-        0x88, 0x10, 0x74, 0x2F, 0x42, 0x14, 0x8B, 0x89,
-        0x6E, 0xC4, 0xEB, 0xB5, 0x34, 0x03, 0x86, 0x31,
-        0x5B, 0x2C, 0x1E, 0x2B, 0x43, 0x91, 0x5C, 0x04,
-        0x54, 0x9C, 0xC8, 0xC1, 0x9A, 0xB4, 0x0E, 0x3B,
-        0x7C, 0x31, 0x1B, 0x42, 0x61, 0x10, 0xA9, 0xBB,
-        0xB1, 0x8D, 0x3B, 0x99, 0x2A, 0x42, 0xC0, 0x18,
-        0x92, 0x90, 0xBE, 0x67, 0x3A, 0x39, 0x7C, 0x40,
-        0x90, 0x44, 0x3B, 0x88, 0xC5, 0xD5, 0xC5, 0x65,
-        0xA1, 0x0F, 0xEA, 0x05, 0x60, 0x3D, 0x36, 0x24,
-        0x4A, 0x4A, 0xA8, 0xE9, 0x25, 0x5C, 0xF1, 0x84,
-        0xAE, 0x69, 0x53, 0x5A, 0x83, 0x99, 0xC1, 0xC6,
-        0xF7, 0x6C, 0xF2, 0x34, 0x2A, 0xDF, 0xEA, 0x6A,
-        0x44, 0x7B, 0xB4, 0x50, 0x1B, 0x9A, 0x6C, 0x44,
-        0x59, 0x3E, 0xB0, 0x43, 0xE7, 0xA5, 0x50, 0x2F,
-        0x58, 0x6C, 0xF3, 0x40, 0x7D, 0xEB, 0x7A, 0x0F,
-        0xC3, 0x2B, 0x3F, 0x46, 0xF1, 0x24, 0x5C, 0x55,
-        0x96, 0xE0, 0xF1, 0xBE, 0xD9, 0x37, 0x20, 0x7C,
-        0x45, 0x09, 0xE1, 0xD8, 0x98, 0x5B, 0xE7, 0x45,
-        0xFD, 0x69, 0xBF, 0x44, 0x80, 0x92, 0x43, 0x30,
-        0x28, 0xBE, 0x25, 0x95, 0x90, 0x33, 0x11, 0x47,
-        0x95, 0x86, 0xA3, 0x4B, 0x2D, 0x49, 0x10, 0x74,
-        0x10, 0xBC, 0x4B, 0xD2, 0x96, 0x53, 0x17, 0xFC,
-        0x76, 0x35, 0x2B, 0x63, 0x8D, 0xF3, 0xB3, 0xA3,
-        0x15, 0x32, 0x50, 0x26, 0x80, 0x9E, 0x3B, 0xC4,
-        0x60, 0x8C, 0x0B, 0x2C, 0xB8, 0x4D, 0xF0, 0xC9,
-        0x5B, 0xC0, 0x52, 0x70, 0x7F, 0xC1, 0xA3, 0x77,
-        0xB2, 0xB4, 0x65, 0xEB, 0x7A, 0x5D, 0x64, 0x4A,
-        0xB4, 0x27, 0x8D, 0xDC, 0xE5, 0xB6, 0x1E, 0x2B,
-        0xB3, 0xA7, 0x10, 0x52, 0x55, 0x5C, 0xB3, 0xBA,
-        0xC6, 0x93, 0xEF, 0x02, 0x5F, 0xF0, 0x03, 0x53,
-        0xFB, 0x76, 0x94, 0x5B, 0x8A, 0xA3, 0xE9, 0x95,
-        0x0F, 0x92, 0x73, 0x81, 0x87, 0x91, 0xCC, 0xAD,
-        0x56, 0x88, 0x46, 0x58, 0x14, 0x2A, 0x2B, 0x4D,
-        0xF3, 0xC5, 0x7E, 0xCA, 0x13, 0xAD, 0x44, 0xB4,
-        0x9B, 0x63, 0x46, 0xC6, 0x3E, 0xE8, 0x90, 0x78,
-        0x58, 0x9E, 0x9E, 0xB9, 0xA9, 0x80, 0x4A, 0x03,
-        0xBF, 0x7A, 0x27, 0x6F, 0x86, 0xB9, 0x67, 0x6C,
-        0x58, 0xD3, 0xE7, 0x1D, 0x2C, 0x87, 0x70, 0x80,
-        0x4A, 0x61, 0x59, 0x21, 0x78, 0xB4, 0x49, 0xC7,
-        0x95, 0x5B, 0xBE, 0x8C, 0xF4, 0x2F, 0x31, 0x67,
-        0x25, 0xE3, 0xB1, 0x6D, 0x55, 0xB5, 0x27, 0xCF,
-        0xB2, 0x32, 0x68, 0x1B, 0x21, 0xB2, 0xCB, 0x2F,
-        0x30, 0xAC, 0x76, 0x01, 0x5B, 0xB5, 0x41, 0x6A,
-        0x04, 0x11, 0xC1, 0x74, 0x58, 0x92, 0x41, 0x2E,
-        0x68, 0x3A, 0x98, 0xD7, 0x36, 0xED, 0x1A, 0x4C,
-        0xD9, 0x80, 0x61, 0x7D, 0x08, 0x21, 0xC2, 0xAB,
-        0x02, 0x82, 0x07, 0x0A, 0x61, 0x1A, 0x11, 0xD1,
-        0x97, 0x01, 0xFB, 0xD5, 0x5A, 0x21, 0x27, 0xB3,
-        0x24, 0xE6, 0x90, 0x1D, 0x84, 0x98, 0x6C, 0x04,
-        0x64, 0xDE, 0x71, 0x20, 0xAF, 0x45, 0x10, 0xAF,
-        0x59, 0x1D, 0xD9, 0xBB, 0x79, 0x47, 0x9C, 0x5F,
-        0xA8, 0x87, 0x14, 0xC6, 0xA9, 0x97, 0x14, 0xF7,
-        0x6A, 0x1E, 0x40, 0x2C, 0x8F, 0x38, 0x4A, 0x4E,
-        0xE6, 0xBC, 0xD4, 0x15, 0x00, 0x72, 0x4C, 0xC1,
-        0x79, 0x3A, 0xBF, 0xD8, 0xD3, 0xC2, 0xF3, 0x20,
-        0x39, 0x71, 0x34, 0xB0, 0x0F, 0x76, 0x2D, 0xBA,
-        0x85, 0xA2, 0x3A, 0xF1, 0x55, 0xE6, 0xCC, 0x03,
-        0x73, 0x80, 0xC1, 0xDD, 0x64, 0xA9, 0x73, 0xDB,
-        0x35, 0xB7, 0x44, 0x70, 0x44, 0x8B, 0x24, 0x21,
-        0x20, 0x62, 0x76, 0x47, 0x87, 0xE5, 0xA9, 0x3A,
-        0x48, 0x80, 0x71, 0x71, 0xA7, 0x71, 0x5C, 0xFC,
-        0x89, 0xBC, 0xBC, 0x9E, 0x14, 0x18, 0x86, 0xF8,
-        0x07, 0xA1, 0xF9, 0xD6, 0x84, 0xC8, 0x42, 0x6F,
-        0x01, 0x22, 0x88, 0x7D, 0x9C, 0x4C, 0x27, 0xEA,
-        0x69, 0xCC, 0x15, 0x1B, 0x4D, 0x49, 0xB5, 0x1E,
-        0x5A, 0x4E, 0xAA, 0xA5, 0xAD, 0x06, 0xAB, 0xA8,
-        0x6D, 0xF9, 0x42, 0xE9, 0x86, 0xA5, 0xD5, 0x79,
-        0x20, 0x80, 0xFC, 0x48, 0x03, 0x96, 0xB3, 0x94,
-        0x86, 0x68, 0xFB, 0x38, 0x2C, 0xC8, 0xFC, 0x15,
-        0x47, 0x48, 0xCB, 0x30, 0xB7, 0x64, 0x1F, 0x02,
-        0x70, 0xC8, 0x34, 0x38, 0xB4, 0xFC, 0x3D, 0x19,
-        0x01, 0x26, 0x58, 0x80, 0x40, 0x51, 0x77, 0xBC,
-        0x7F, 0x44, 0x78, 0x82, 0x51, 0xAB, 0xC4, 0x74,
-        0x27, 0x35, 0x31, 0x21, 0x2A, 0x66, 0x27, 0x9E,
-        0x70, 0x33, 0x7A, 0x23, 0x09, 0xFD, 0xF4, 0x9E,
-        0x05, 0x9B, 0xBD, 0xAF, 0x49, 0x73, 0xA5, 0x37,
-        0x7A, 0x4D, 0x51, 0x7B, 0xA7, 0x55, 0x70, 0x2C,
-        0x37, 0xCC, 0x35, 0x56, 0x85, 0x40, 0x4C, 0x95,
-        0x2F, 0xB6, 0x7E, 0x04, 0x19, 0xC7, 0x8D, 0x15,
-        0x84, 0xD0, 0x94, 0x92, 0x54, 0xD0, 0x49, 0x52,
-        0xF7, 0x24, 0x3B, 0xF1, 0x40, 0x28, 0x03, 0xC9,
-        0xFC, 0x73, 0x73, 0x25, 0x88, 0x13, 0x78, 0xCA,
-        0x77, 0xEE, 0xF5, 0xC4, 0x15, 0xFB, 0x03, 0x7D,
-        0x68, 0x9A, 0x58, 0x54, 0xA1, 0xD2, 0x4B, 0x65,
-        0x27, 0xA5, 0x9B, 0x9B, 0x16, 0x95, 0x93, 0x84,
-        0x35, 0x8C, 0x42, 0x3C, 0x79, 0x64, 0x5C, 0xCF,
-        0x31, 0x33, 0xE2, 0x1B, 0x4B, 0x64, 0x95, 0x7B,
-        0x14, 0xF6, 0x3F, 0x2A, 0xA2, 0x63, 0x57, 0xB1,
-        0xC2, 0x62, 0xF2, 0xA9, 0x0F, 0x7C, 0xCC, 0x2A,
-        0x15, 0x93, 0x69, 0x99, 0xB0, 0xA1, 0xB4, 0x98,
-        0xAB, 0x3B, 0x32, 0x43, 0x30, 0x32, 0xC9, 0xCA,
-        0x23, 0x08, 0x1C, 0x55, 0xD3, 0x1C, 0xAD, 0x36,
-        0xE9, 0x0C, 0x1C, 0xE0, 0xB5, 0xFC, 0x24, 0x7C,
-        0xE8, 0xC8, 0x43, 0xF2, 0x88, 0x35, 0x24, 0xB6,
-        0x64, 0xFA, 0xC1, 0xB2, 0x0B, 0xE6, 0x02, 0xA1,
-        0x0A, 0xAF, 0x65, 0x73, 0x86, 0x80, 0xBB, 0x10,
-        0x25, 0x44, 0x26, 0xF9, 0xCB, 0x09, 0xA1, 0x95,
-        0x4D, 0xB7, 0x65, 0x56, 0x22, 0x30, 0x8F, 0xAE,
-        0xF5, 0x05, 0xAC, 0xB4, 0x97, 0x55, 0x4A, 0x8F,
-        0xCF, 0xA9, 0x6A, 0x85, 0x25, 0x5A, 0xD8, 0x46,
-        0x54, 0x20, 0x13, 0xB8, 0x41, 0x59, 0x51, 0xBD,
-        0xD4, 0x5C, 0x01, 0x93, 0x1E, 0xBE, 0x58, 0x3E,
-        0x70, 0xE1, 0x3F, 0x30, 0x15, 0x17, 0xB5, 0xA4,
-        0x0D, 0x70, 0x36, 0x1F, 0x63, 0x09, 0x41, 0x60,
-        0x67, 0x64, 0x6D, 0x2B, 0x71, 0x36, 0x62, 0x6B,
-        0xCC, 0xCC, 0x17, 0x0C, 0x66, 0xCE, 0xD4, 0x90,
-        0xC7, 0x35, 0x34, 0x4B, 0x62, 0x77, 0x09, 0x7C,
-        0xA9, 0x14, 0x21, 0x2A, 0x29, 0x2D, 0xD1, 0x22,
-        0xFB, 0xB6, 0x9F, 0xDE, 0xCA, 0x47, 0xFA, 0xB4,
-        0x53, 0x2B, 0x8C, 0x80, 0xCE, 0xB7, 0x7F, 0x9C,
-        0x54, 0x3E, 0x0B, 0xF1, 0x53, 0x6D, 0x1C, 0x0C,
-        0xAE, 0x07, 0x7E, 0x2C, 0xA7, 0x86, 0x2B, 0x45,
-        0xA4, 0x10, 0x46, 0x9C, 0xC5, 0xB7, 0x06, 0xBA,
-        0xE0, 0x05, 0x1C, 0xB2, 0x96, 0x1D, 0xB7, 0x27,
-        0x0B, 0x75, 0xB7, 0x11, 0x69, 0x8D, 0x2B, 0x80,
-        0x70, 0x40, 0xD5, 0x62, 0x81, 0x29, 0x43, 0x6F,
-        0xBB, 0x58, 0xF1, 0x20, 0x3F, 0x75, 0x56, 0x14,
-        0x65, 0xF5, 0x42, 0x57, 0xE4, 0x4D, 0x33, 0xF5,
-        0x12, 0xD6, 0x33, 0x43, 0x1D, 0x00, 0xA2, 0xFB,
-        0x02, 0x30, 0xC9, 0xBB, 0x9C, 0xDD, 0xFC, 0x83,
-        0xBD, 0x65, 0xC9, 0x74, 0x45, 0x30, 0x21, 0x86,
-        0xA1, 0x72, 0x23, 0xAD, 0x21, 0x33, 0x28, 0x03,
-        0xB9, 0x09, 0xE5, 0xE5, 0x67, 0x19, 0x70, 0xBB,
-        0xB0, 0xF1, 0xC4, 0x83, 0x7B, 0xB8, 0x42, 0x73,
-        0xBA, 0x67, 0x5A, 0xC0, 0x74, 0xC5, 0x29, 0x0B,
-        0x41, 0x1C, 0x25, 0x00, 0x65, 0x70, 0x59, 0x33,
-        0x9D, 0xE3, 0x92, 0xF9, 0xCA, 0x30, 0x89, 0x52,
-        0xA2, 0x20, 0x1A, 0x58, 0x87, 0x67, 0xAD, 0xC0,
-        0x35, 0xBD, 0xF3, 0x30, 0x24, 0xEA, 0x3B, 0x9A,
-        0x83, 0xC5, 0xA0, 0xB9, 0xC5, 0x42, 0x5D, 0x14,
-        0x07, 0x0C, 0x81, 0xAA, 0xDA, 0x26, 0xBA, 0xC3,
-        0xFB, 0xB8, 0xD4, 0xB7, 0xCF, 0xEE, 0x03, 0x92,
-        0x37, 0x5C, 0x68, 0x42, 0x73, 0x51, 0xDF, 0xEC,
-        0x63, 0x60, 0x9B, 0xBB, 0x50, 0xB4, 0x63, 0xE0,
-        0x40, 0x92, 0x85, 0x70, 0x09, 0xD1, 0xE5, 0xB8,
-        0x1D, 0x70, 0x7D, 0x14, 0xB8, 0x33, 0xCD, 0x4A,
-        0x0B, 0x55, 0x1B, 0xAA, 0x13, 0xEC, 0x48, 0x8A,
-        0x15, 0x03, 0xB0, 0x46, 0x7E, 0xE4, 0x02, 0x3C,
-        0x3F, 0xE0, 0x32, 0xC7, 0x82, 0x25, 0x06, 0x38,
-        0x86, 0xE2, 0x46, 0x8E, 0x00, 0xF7, 0x00, 0x07,
-        0x2A, 0x2E, 0xC8, 0xDA, 0x6A, 0xFB, 0x20, 0x6C,
-        0x91, 0x90, 0x44, 0x33, 0xBB, 0xCC, 0xB0, 0xE7,
-        0x6F, 0x42, 0x46, 0x8C, 0x40, 0xEB, 0x5F, 0x59,
-        0xCB, 0x9A, 0xE1, 0xB0, 0x35, 0xE5, 0x21, 0x51,
-        0x0B, 0xF2, 0x16, 0xA1, 0xAB, 0xCB, 0x19, 0x03,
-        0x3B, 0x7A, 0x65, 0x88, 0x97, 0xC6, 0x58, 0x74,
-        0xD5, 0x13, 0x51, 0x83, 0x14, 0x9F, 0x97, 0x9E,
-        0x55, 0x3C, 0xCF, 0xBF, 0xA3, 0x90, 0x0C, 0xDA,
-        0x6F, 0x01, 0x96, 0x0B, 0x75, 0x15, 0x7F, 0x54,
-        0x53, 0xAA, 0x6E, 0x73, 0xB3, 0xED, 0x90, 0x2F,
-        0x7D, 0x7C, 0x93, 0x05, 0x97, 0x1B, 0xDF, 0x72,
-        0x2E, 0x29, 0x37, 0x16, 0x9A, 0x1B, 0xC0, 0xFA,
-        0xEB, 0x6C, 0x92, 0xF7, 0x15, 0x0D, 0x23, 0x30,
-        0x87, 0x7C, 0x5D, 0xC5, 0x24, 0x9A, 0xAE, 0x20,
-        0x30, 0x26, 0x34, 0xC5, 0xC5, 0xB2, 0x30, 0x53,
-        0x52, 0x10, 0x28, 0x12, 0x25, 0x42, 0xF4, 0x85,
-        0xA0, 0xEA, 0xC8, 0x69, 0x22, 0x37, 0x20, 0x63,
-        0x36, 0x51, 0xF5, 0xB2, 0x47, 0xC6, 0x62, 0xB3,
-        0x1A, 0x10, 0x53, 0x8C, 0xA7, 0x49, 0x1B, 0x14,
-        0x37, 0xAA, 0x74, 0xF4, 0x28, 0x2D, 0x12, 0x97,
-        0x4D, 0x9C, 0x93, 0x4D, 0xF2, 0x14, 0x78, 0x5B,
-        0x64, 0x18, 0x46, 0x8B, 0x92, 0xE5, 0x25, 0x28,
-        0xC8, 0x44, 0x7A, 0x1C, 0xA4, 0x22, 0xFA, 0x6C,
-        0xC8, 0x8E, 0x28, 0xB0, 0x59, 0xF0, 0x4B, 0x23,
-        0x59, 0x73, 0x23, 0xF7, 0x2F, 0x3E, 0x23, 0x36,
-        0xF8, 0x7C, 0x47, 0x90, 0x5C, 0xBA, 0x65, 0x5B,
-        0xB7, 0x3F, 0xC3, 0x2E, 0x18, 0xD4, 0xB7, 0x87,
-        0x05, 0xC7, 0x82, 0xEB, 0xCB, 0x43, 0xE2, 0x78,
-        0x5C, 0x82, 0xC5, 0xAF, 0x24, 0xB0, 0xE1, 0x69,
-        0x9C, 0xFB, 0xC0, 0x25, 0x74, 0x75, 0x79, 0x9A,
-        0x53, 0x9B, 0x11, 0xA5, 0x0F, 0x4D, 0xF2, 0xB7,
-        0xFA, 0xA2, 0x0B, 0xD8, 0x82, 0x75, 0x15, 0xCA,
-        0x37, 0x0F, 0x89, 0xC0, 0xD4, 0xC6, 0x09, 0x02,
-        0xF6, 0x56, 0x7C, 0xD6, 0x0B, 0x08, 0x60, 0xA5,
-        0x5B, 0xC8, 0x57, 0x2C, 0x43, 0x6C, 0x24, 0x6A,
-        0xC2, 0x76, 0x64, 0x4E, 0x7D, 0x60, 0x2A, 0xA5,
-        0x7C, 0x01, 0x66, 0x20, 0x18, 0x14, 0x99, 0x1C,
-        0x1B, 0xD7, 0x5C, 0x7C, 0x47, 0xC3, 0x48, 0xB6,
-        0x7D, 0x77, 0x61, 0x33, 0x86, 0x90, 0x81, 0x44,
-        0xEA, 0x83, 0xFF, 0x72, 0x1F, 0x9A, 0x50, 0x07,
-        0x6C, 0x51, 0x01, 0x64, 0xD1, 0x8E, 0x05, 0xD0,
-        0x5D, 0x98, 0x84, 0xC4, 0x41, 0x46, 0xA0, 0x7C,
-        0xCA, 0xCF, 0x89, 0x04, 0x98, 0xED, 0x1A, 0x19,
-        0xB2, 0xA1, 0x54, 0x31, 0x72, 0x9D, 0xC1, 0xF1,
-        0x2B, 0x7E, 0xA1, 0x0F, 0x9F, 0x92, 0x80, 0x62,
-        0xD1, 0x45, 0x4B, 0x4B, 0x9F, 0x68, 0xE5, 0x99,
-        0x90, 0x29, 0x0B, 0xE3, 0x72, 0x8B, 0x32, 0x89,
-        0x56, 0x93, 0x63, 0xAB, 0x10, 0x05, 0x13, 0x1B,
-        0x23, 0x81, 0xA0, 0x8C, 0xC2, 0xBF, 0x94, 0x3E,
-        0x95, 0xD5, 0xB2, 0x1B, 0xC6, 0xAA, 0xBC, 0x22,
-        0x73, 0x34, 0x8B, 0xC7, 0x2B, 0xD0, 0x93, 0xB7,
-        0xB5, 0x61, 0x7A, 0xE8, 0x7F, 0x60, 0x2B, 0xB9,
-        0x89, 0xE6, 0xAF, 0xC4, 0x4B, 0x81, 0x51, 0x20,
-        0x76, 0xA3, 0xA8, 0x76, 0xE0, 0xE2, 0x5F, 0x97,
-        0x62, 0xB4, 0x62, 0x08, 0x19, 0x85, 0x50, 0x2F,
-        0x26, 0xB2, 0x87, 0xA2, 0x93, 0x6D, 0x5B, 0x1A,
-        0xCF, 0xFC, 0xEC, 0x4E, 0xEE, 0x77, 0xA9, 0xCB,
-        0xA9, 0x80, 0xEB, 0x9B, 0x5F, 0xDE, 0x75, 0x53,
-        0x9F, 0x65, 0x09, 0x04, 0x67, 0x7D, 0xBE, 0x29,
-        0xAB, 0x8B, 0xB9, 0x18, 0xA3, 0x49, 0x48, 0x03,
-        0xEC, 0xA5, 0x9A, 0x2C, 0x32, 0xE5, 0xB5, 0xC8,
-        0x3B, 0x0B, 0x80, 0xB1, 0x10, 0x2C, 0xD7, 0xD9,
-        0x48, 0x2B, 0x45, 0x9B, 0x6B, 0x74, 0x49, 0x1E,
-        0xC3, 0x0C, 0x4B, 0xE7, 0x7C, 0x2B, 0x52, 0x4A,
-        0xF7, 0xB3, 0xAD, 0x1F, 0x71, 0x34, 0x1D, 0xF0,
-        0xA7, 0x6F, 0x25, 0x5C, 0x29, 0x03, 0xC8, 0x82,
-        0x08, 0x07, 0x93, 0x79, 0x93, 0x0A, 0x95, 0x13,
-        0xF3, 0x90, 0x12, 0x6E, 0x73, 0x2A, 0x2B, 0xB0,
-        0x94, 0xBF, 0xA6, 0xBF, 0x0A, 0x43, 0x2B, 0xCD,
-        0x65, 0x7D, 0xAF, 0xCB, 0x25, 0xC8, 0xBB, 0x15,
-        0xE0, 0x95, 0x5D, 0x09, 0x9B, 0x74, 0xFF, 0x1A,
-        0x4D, 0xE6, 0x55, 0x9C, 0xD6, 0x79, 0x7C, 0x38,
-        0xC4, 0x8C, 0x11, 0x34, 0xCA, 0x2C, 0x97, 0x92,
-        0x43, 0xF3, 0x15, 0x2A, 0xF4, 0xBB, 0xE4, 0xD7,
-        0xA6, 0xBC, 0x09, 0x87, 0x21, 0x33, 0x92, 0x0C,
-        0xD2, 0x3B, 0x3E, 0xF9, 0x84, 0x8C, 0xCC, 0x68,
-        0x45, 0xD6, 0x47, 0xB5, 0x38, 0x75, 0x57, 0x73,
-        0x65, 0x13, 0xD5, 0x85, 0x60, 0x84, 0x51, 0x92,
-        0xF9, 0x26, 0x51, 0x59, 0x93, 0x2E, 0x57, 0x2A,
-        0x88, 0xC4, 0x4E, 0x65, 0x66, 0x76, 0x0C, 0x06,
-        0x1C, 0x67, 0xFC, 0xB5, 0xBF, 0x21, 0x00, 0x95,
-        0xE2, 0x14, 0xDA, 0x74, 0x53, 0x57, 0xE3, 0x69,
-        0x96, 0xD8, 0xC0, 0x66, 0x31, 0x1B, 0xBC, 0x76,
-        0x1A, 0x1F, 0xD2, 0x52, 0x73, 0xD2, 0x1E, 0xAB,
-        0x50, 0x01, 0x05, 0x63, 0xCD, 0x64, 0x68, 0xA4,
-        0xEA, 0x83, 0x6B, 0x6D, 0x64, 0xBD, 0x2B, 0xD7,
-        0x6D, 0xBE, 0x35, 0x82, 0xD5, 0x73, 0x6A, 0x60,
-        0x5A, 0x55, 0x09, 0xFC, 0x28, 0x78, 0x9B, 0x56,
-        0xB8, 0x84, 0xAE, 0x9A, 0x60, 0x41, 0x5F, 0x55,
-        0x67, 0x4B, 0xE6, 0x01, 0x57, 0x6C, 0x7C, 0xEE,
-        0x58, 0x14, 0x3B, 0xF0, 0x54, 0x80, 0x6A, 0xBC,
-        0xB3, 0x45, 0xA2, 0x56, 0xCB, 0xC4, 0x54, 0xE3,
-        0x43, 0xF3, 0xCC, 0x7A, 0xDE, 0x65, 0x56, 0x2F,
-        0xD2, 0x9E, 0xB2, 0x59, 0x73, 0x7B, 0xB3, 0xCF,
-        0x96, 0x49, 0xBD, 0xEA, 0x28, 0x3F, 0xB0, 0x72,
-        0x65, 0x67, 0x7C, 0x98, 0x08, 0xD1, 0x31, 0x19,
-        0xC0, 0xA2, 0xAD, 0xF7, 0x45, 0xDE, 0x69, 0x75,
-        0xF4, 0x56, 0x2C, 0xD6, 0x15, 0x57, 0xB3, 0x96,
-        0x5D, 0x2B, 0x07, 0x2F, 0x00, 0x0A, 0xA7, 0xE0,
-        0xA3, 0x57, 0xE1, 0x25, 0x3E, 0xAF, 0xEA, 0x7F,
-        0xDF, 0xCC, 0x92, 0xFA, 0x87, 0x63, 0x0D, 0xD2,
-        0x27, 0x6C, 0xE4, 0x2E, 0x82, 0x0B, 0x69, 0xD1,
-        0xFC, 0x2E, 0x47, 0xD5, 0xC4, 0x98, 0xA5, 0x5B,
-        0x3B, 0x29, 0xC3, 0x4E, 0x64, 0x90, 0x3D, 0x04,
-        0x7A, 0xB1, 0xC0, 0x40, 0x24, 0x95, 0x8F, 0x70,
-        0x11, 0x95, 0xF5, 0xD1, 0x3E, 0xC6, 0x70, 0x6B,
-        0x84, 0x48, 0x50, 0x3A, 0x54, 0x99, 0x22, 0xA5,
-        0x8A, 0x24, 0xB6, 0x7C, 0x93, 0x63, 0x27, 0x56,
-        0xB7, 0x7D, 0x22, 0x54, 0x07, 0x31, 0x61, 0x71,
-        0xDE, 0xEC, 0x56, 0x71, 0x44, 0x35, 0xCF, 0x94,
-        0xCC, 0xF4, 0x59, 0x9E, 0x00, 0xD1, 0x0E, 0x56,
-        0x96, 0x22, 0xBA, 0xDA, 0x82, 0x0C, 0x45, 0x2F,
-        0x25, 0x42, 0xAD, 0xF0, 0x87, 0x65, 0xCA, 0x93,
-        0xAE, 0x38, 0xEB, 0x02, 0x5D, 0xE3, 0x1C, 0xFF,
-        0x79, 0x74, 0x54, 0x9A, 0x78, 0x25, 0xA8, 0x31,
-        0xDD, 0x05, 0x4E, 0x87, 0xB8, 0x4C, 0x5F, 0x25,
-        0x47, 0xFF, 0x47, 0xB4, 0x6F, 0x88, 0xC9, 0x9F,
-        0x15, 0x48, 0xE9, 0x33, 0xA6, 0xF4, 0xD8, 0x7F,
-        0x1A, 0x4A, 0x1B, 0x00, 0xE3, 0x9E, 0x02, 0xD6,
-        0x0E, 0x51, 0xEB, 0x60, 0x3C, 0x1C, 0x0D, 0x80,
-        0x7A, 0xCD, 0xAB, 0x08, 0xBA, 0xA2, 0xB9, 0x98,
-        0x69, 0xB7, 0x5C, 0xA2, 0xC4, 0xB9, 0x63, 0x68,
-        0xB5, 0x17, 0x80, 0xBD, 0x1E, 0xC7, 0x5B, 0x11,
-        0x0B, 0x9F, 0xA6, 0x65, 0x56, 0x87, 0x6C, 0x5F,
-        0x48, 0x79, 0x7D, 0x09, 0x01, 0x38, 0xF7, 0x54,
-        0xAE, 0x30, 0x53, 0x3D, 0x36, 0xAA, 0x44, 0xB9,
-        0xB1, 0x70, 0x2A, 0x6A, 0x8A, 0x56, 0x62, 0x6B,
-        0xF0, 0x45, 0x1A, 0x37, 0xA7, 0xAC, 0x1A, 0x33,
-        0x70, 0x76, 0xE5, 0x1E, 0x0A, 0x6B, 0x03, 0x00,
-        0xC2, 0xC7, 0x90, 0xA4, 0x43, 0x7E, 0xA2, 0x8D,
-        0x7E, 0xC9, 0x8C, 0x41, 0x9B, 0x37, 0xD6, 0xAA,
-        0x97, 0x04, 0x17, 0x43, 0x5F, 0x91, 0xBE, 0xDC,
-        0x2B, 0x1F, 0x4B, 0xC8, 0x15, 0x8A, 0x51, 0xB1,
-        0xF4, 0x71, 0x51, 0x6F, 0xE8, 0x24, 0x28, 0x7C,
-        0x89, 0x6B, 0x89, 0x1B, 0x49, 0xF2, 0x54, 0xDD,
-        0x36, 0x35, 0x9B, 0x89, 0xC8, 0x24, 0xEB, 0x3F,
-        0x62, 0x48, 0x02, 0x7F, 0xBB, 0xAD, 0x4C, 0xF2,
-        0x91, 0x18, 0xCB, 0x50, 0xEB, 0xB6, 0x25, 0xA3,
-        0x7C, 0x53, 0x7A, 0x02, 0x23, 0xF0, 0xEB, 0x70,
-        0x85, 0xB5, 0xC7, 0xEC, 0x60, 0x75, 0x70, 0xDB,
-        0x91, 0x85, 0xD5, 0x99, 0x02, 0xBC, 0x26, 0xC6,
-        0x54, 0xA2, 0x80, 0x4C, 0x0D, 0x94, 0x67, 0x93,
-        0xD8, 0xA2, 0x14, 0x82, 0xAC, 0x4F, 0x05, 0xE9,
-        0x01, 0x62, 0x60, 0x33, 0x1D, 0xCC, 0x58, 0xBC,
-        0x66, 0xAF, 0x3C, 0xA7, 0x58, 0x54, 0x40, 0x21,
-        0x6A, 0xA0, 0x26, 0x3B, 0x2A, 0x72, 0x5E, 0x08,
-        0x0F, 0x6F, 0x9C, 0x5B, 0x6A, 0x9C, 0x9D, 0xA2,
-        0x93, 0x55, 0x18, 0x9B, 0x4B, 0x95, 0xB1, 0x37,
-        0xD1, 0x22, 0x5F, 0x25, 0x2A, 0xC7, 0x97, 0xB0,
-        0x64, 0x6C, 0xAC, 0x52, 0x16, 0x4B, 0x59, 0x72,
-        0xA9, 0x92, 0x65, 0xD3, 0x47, 0xFC, 0x7C, 0x35,
-        0x91, 0xD1, 0x5F, 0xFE, 0x68, 0x1C, 0x06, 0xD4,
-        0x38, 0xCC, 0xEB, 0x60, 0xBB, 0x63, 0x10, 0xB7,
-        0x95, 0x32, 0x89, 0x72, 0x0E, 0x2C, 0x72, 0x87,
-        0x30, 0x05, 0x23, 0x37, 0xAC, 0xA7, 0xC8, 0x52,
-        0x1A, 0xB4, 0x4F, 0x1E, 0x2A, 0x04, 0x9B, 0x83,
-        0xE0, 0x77, 0x4C, 0x96, 0xCD, 0x8C, 0x87, 0x6F,
-        0xA6, 0x75, 0xD0, 0x92, 0x39, 0x77, 0x27, 0x1B,
-        0xE6, 0xE8, 0x32, 0xF2, 0x49, 0x8C, 0xA5, 0xA3,
-        0x43, 0x1F, 0x40, 0xD3, 0x18, 0x7B, 0x1E, 0xD9,
-        0x65, 0xFD, 0xD6, 0x69, 0x3B, 0x37, 0xF6, 0xEB,
-        0x40, 0x8A, 0x99, 0x97, 0x7A, 0xE4, 0x96, 0x44,
-        0x7A, 0xF6, 0x50, 0x22, 0xE0, 0xA4, 0x72, 0xED,
-        0x63, 0x88, 0x63, 0x8E, 0xA2, 0x9D, 0x82, 0xDA,
-        0x68, 0xB4, 0xCF, 0x9F, 0xFD, 0xF2, 0xB6, 0x7C,
-        0xD7, 0x08, 0xEA, 0x5A, 0x37, 0x0C, 0x6A, 0x7C
+        0x8C, 0x8B, 0x37, 0x22, 0xA8, 0x2E, 0x55, 0x05,
+        0x65, 0x52, 0x16, 0x11, 0xEB, 0xBC, 0x63, 0x07,
+        0x99, 0x44, 0xC9, 0xB1, 0xAB, 0xB3, 0xB0, 0x02,
+        0x0F, 0xF1, 0x2F, 0x63, 0x18, 0x91, 0xA9, 0xC4,
+        0x68, 0xD3, 0xA6, 0x7B, 0xF6, 0x27, 0x12, 0x80,
+        0xDA, 0x58, 0xD0, 0x3C, 0xB0, 0x42, 0xB3, 0xA4,
+        0x61, 0x44, 0x16, 0x37, 0xF9, 0x29, 0xC2, 0x73,
+        0x46, 0x9A, 0xD1, 0x53, 0x11, 0xE9, 0x10, 0xDE,
+        0x18, 0xCB, 0x95, 0x37, 0xBA, 0x1B, 0xE4, 0x2E,
+        0x98, 0xBB, 0x59, 0xE4, 0x98, 0xA1, 0x3F, 0xD4,
+        0x40, 0xD0, 0xE6, 0x9E, 0xE8, 0x32, 0xB4, 0x5C,
+        0xD9, 0x5C, 0x38, 0x21, 0x77, 0xD6, 0x70, 0x96,
+        0xA1, 0x8C, 0x07, 0xF1, 0x78, 0x16, 0x63, 0x65,
+        0x1B, 0xDC, 0xAC, 0x90, 0xDE, 0xDA, 0x3D, 0xDD,
+        0x14, 0x34, 0x85, 0x86, 0x41, 0x81, 0xC9, 0x1F,
+        0xA2, 0x08, 0x0F, 0x6D, 0xAB, 0x3F, 0x86, 0x20,
+        0x4C, 0xEB, 0x64, 0xA7, 0xB4, 0x44, 0x68, 0x95,
+        0xC0, 0x39, 0x87, 0xA0, 0x31, 0xCB, 0x4B, 0x6D,
+        0x9E, 0x04, 0x62, 0xFD, 0xA8, 0x29, 0x17, 0x2B,
+        0x6C, 0x01, 0x2C, 0x63, 0x8B, 0x29, 0xB5, 0xCD,
+        0x75, 0xA2, 0xC9, 0x30, 0xA5, 0x59, 0x6A, 0x31,
+        0x81, 0xC3, 0x3A, 0x22, 0xD5, 0x74, 0xD3, 0x02,
+        0x61, 0x19, 0x6B, 0xC3, 0x50, 0x73, 0x8D, 0x4F,
+        0xD9, 0x18, 0x3A, 0x76, 0x33, 0x36, 0x24, 0x3A,
+        0xCE, 0xD9, 0x9B, 0x32, 0x21, 0xC7, 0x1D, 0x88,
+        0x66, 0x89, 0x5C, 0x4E, 0x52, 0xC1, 0x19, 0xBF,
+        0x32, 0x80, 0xDA, 0xF8, 0x0A, 0x95, 0xE1, 0x52,
+        0x09, 0xA7, 0x95, 0xC4, 0x43, 0x5F, 0xBB, 0x35,
+        0x70, 0xFD, 0xB8, 0xAA, 0x9B, 0xF9, 0xAE, 0xFD,
+        0x43, 0xB0, 0x94, 0xB7, 0x81, 0xD5, 0xA8, 0x11,
+        0x36, 0xDA, 0xB8, 0x8B, 0x87, 0x99, 0x69, 0x65,
+        0x56, 0xFE, 0xC6, 0xAE, 0x14, 0xB0, 0xBB, 0x8B,
+        0xE4, 0x69, 0x5E, 0x9A, 0x12, 0x4C, 0x2A, 0xB8,
+        0xFF, 0x4A, 0xB1, 0x22, 0x9B, 0x8A, 0xAA, 0x8C,
+        0x6F, 0x41, 0xA6, 0x0C, 0x34, 0xC7, 0xB5, 0x61,
+        0x82, 0xC5, 0x5C, 0x2C, 0x68, 0x5E, 0x73, 0x7C,
+        0x6C, 0xA0, 0x0A, 0x23, 0xFB, 0x8A, 0x68, 0xC1,
+        0xCD, 0x61, 0xF3, 0x0D, 0x39, 0x93, 0xA1, 0x65,
+        0x3C, 0x16, 0x75, 0xAC, 0x5F, 0x09, 0x01, 0xA7,
+        0x16, 0x0A, 0x73, 0x96, 0x64, 0x08, 0xB8, 0x87,
+        0x6B, 0x71, 0x53, 0x96, 0xCF, 0xA4, 0x90, 0x3F,
+        0xC6, 0x9D, 0x60, 0x49, 0x1F, 0x81, 0x46, 0x80,
+        0x8C, 0x97, 0xCD, 0x5C, 0x53, 0x3E, 0x71, 0x01,
+        0x79, 0x09, 0xE9, 0x7B, 0x83, 0x5B, 0x86, 0xFF,
+        0x84, 0x7B, 0x42, 0xA6, 0x96, 0x37, 0x54, 0x35,
+        0xE0, 0x06, 0x06, 0x1C, 0xF7, 0xA4, 0x79, 0x46,
+        0x32, 0x72, 0x11, 0x4A, 0x89, 0xEB, 0x3E, 0xAF,
+        0x22, 0x46, 0xF0, 0xF8, 0xC1, 0x04, 0xA1, 0x49,
+        0x86, 0x82, 0x8E, 0x0A, 0xD2, 0x04, 0x20, 0xC9,
+        0xB3, 0x7E, 0xA2, 0x3F, 0x5C, 0x51, 0x49, 0x49,
+        0xE7, 0x7A, 0xD9, 0xE9, 0xAD, 0x12, 0x29, 0x0D,
+        0xD1, 0x21, 0x5E, 0x11, 0xDA, 0x27, 0x44, 0x57,
+        0xAC, 0x86, 0xB1, 0xCE, 0x68, 0x64, 0xB1, 0x22,
+        0x67, 0x7F, 0x37, 0x18, 0xAA, 0x31, 0xB0, 0x25,
+        0x80, 0xE6, 0x43, 0x17, 0x17, 0x8D, 0x38, 0xF2,
+        0x5F, 0x60, 0x9B, 0xC6, 0xC5, 0x5B, 0xC3, 0x74,
+        0xA1, 0xBF, 0x78, 0xEA, 0x8E, 0xCC, 0x21, 0x9B,
+        0x30, 0xB7, 0x4C, 0xBB, 0x32, 0x72, 0xA5, 0x99,
+        0x23, 0x8C, 0x93, 0x98, 0x51, 0x70, 0x04, 0x8F,
+        0x17, 0x67, 0x75, 0xFB, 0x19, 0x96, 0x2A, 0xC3,
+        0xB1, 0x35, 0xAA, 0x59, 0xDB, 0x10, 0x4F, 0x71,
+        0x14, 0xDB, 0xC2, 0xC2, 0xD4, 0x29, 0x49, 0xAD,
+        0xEC, 0xA6, 0xA8, 0x5B, 0x32, 0x3E, 0xE2, 0xB2,
+        0xB2, 0x3A, 0x77, 0xD9, 0xDB, 0x23, 0x59, 0x79,
+        0xA8, 0xE2, 0xD6, 0x7C, 0xF7, 0xD2, 0x13, 0x6B,
+        0xBB, 0xA7, 0x1F, 0x26, 0x95, 0x74, 0xB3, 0x88,
+        0x88, 0xE1, 0x54, 0x13, 0x40, 0xC1, 0x92, 0x84,
+        0x07, 0x4F, 0x9B, 0x7C, 0x8C, 0xF3, 0x7E, 0xB0,
+        0x13, 0x84, 0xE6, 0xE3, 0x82, 0x2E, 0xC4, 0x88,
+        0x2D, 0xFB, 0xBE, 0xC4, 0xE6, 0x09, 0x8E, 0xF2,
+        0xB2, 0xFC, 0x17, 0x7A, 0x1F, 0x0B, 0xCB, 0x65,
+        0xA5, 0x7F, 0xDA, 0xA8, 0x93, 0x15, 0x46, 0x1B,
+        0xEB, 0x78, 0x85, 0xFB, 0x68, 0xB3, 0xCD, 0x09,
+        0x6E, 0xDA, 0x59, 0x6A, 0xC0, 0xE6, 0x1D, 0xD7,
+        0xA9, 0xC5, 0x07, 0xBC, 0x63, 0x45, 0xE0, 0x82,
+        0x7D, 0xFC, 0xC8, 0xA3, 0xAC, 0x2D, 0xCE, 0x51,
+        0xAD, 0x73, 0x1A, 0xA0, 0xEB, 0x93, 0x2A, 0x6D,
+        0x09, 0x83, 0x99, 0x23, 0x47, 0xCB, 0xEB, 0x3C,
+        0xD0, 0xD9, 0xC9, 0x71, 0x97, 0x97, 0xCC, 0x21,
+        0xCF, 0x00, 0x62, 0xB0, 0xAD, 0x94, 0xCA, 0xD7,
+        0x34, 0xC6, 0x3E, 0x6B, 0x5D, 0x85, 0x9C, 0xBE,
+        0x19, 0xF0, 0x36, 0x82, 0x45, 0x35, 0x1B, 0xF4,
+        0x64, 0xD7, 0x50, 0x55, 0x69, 0x79, 0x0D, 0x2B,
+        0xB7, 0x24, 0xD8, 0x65, 0x9A, 0x9F, 0xEB, 0x1C,
+        0x7C, 0x47, 0x3D, 0xC4, 0xD0, 0x61, 0xE2, 0x98,
+        0x63, 0xA2, 0x71, 0x4B, 0xAC, 0x42, 0xAD, 0xCD,
+        0x1A, 0x83, 0x72, 0x77, 0x65, 0x56, 0xF7, 0x92,
+        0x8A, 0x7A, 0x44, 0xE9, 0x4B, 0x6A, 0x25, 0x32,
+        0x2D, 0x03, 0xC0, 0xA1, 0x62, 0x2A, 0x7F, 0xD2,
+        0x61, 0x52, 0x2B, 0x73, 0x58, 0xF0, 0x85, 0xBD,
+        0xFB, 0x60, 0x75, 0x87, 0x62, 0xCB, 0x90, 0x10,
+        0x31, 0x90, 0x1B, 0x5E, 0xEC, 0xF4, 0x92, 0x0C,
+        0x81, 0x02, 0x0A, 0x9B, 0x17, 0x81, 0xBC, 0xB9,
+        0xDD, 0x19, 0xA9, 0xDF, 0xB6, 0x64, 0x58, 0xE7,
+        0x75, 0x7C, 0x52, 0xCE, 0xC7, 0x5B, 0x4B, 0xA7,
+        0x40, 0xA2, 0x40, 0x99, 0xCB, 0x56, 0xBB, 0x60,
+        0xA7, 0x6B, 0x69, 0x01, 0xAA, 0x3E, 0x01, 0x69,
+        0xC9, 0xE8, 0x34, 0x96, 0xD7, 0x3C, 0x4C, 0x99,
+        0x43, 0x5A, 0x28, 0xD6, 0x13, 0xE9, 0x7A, 0x11,
+        0x77, 0xF5, 0x8B, 0x6C, 0xC5, 0x95, 0xD3, 0xB2,
+        0x33, 0x1E, 0x9C, 0xA7, 0xB5, 0x7B, 0x74, 0xDC,
+        0x2C, 0x52, 0x77, 0xD2, 0x6F, 0x2F, 0xE1, 0x92,
+        0x40, 0xA5, 0x5C, 0x35, 0xD6, 0xCF, 0xCA, 0x26,
+        0xC7, 0x3E, 0x9A, 0x2D, 0x7C, 0x98, 0x0D, 0x97,
+        0x96, 0x0A, 0xE1, 0xA0, 0x46, 0x98, 0xC1, 0x6B,
+        0x39, 0x8A, 0x5F, 0x20, 0xC3, 0x5A, 0x09, 0x14,
+        0x14, 0x5C, 0xE1, 0x67, 0x4B, 0x71, 0xAB, 0xC6,
+        0x06, 0x6A, 0x90, 0x9A, 0x3E, 0x4B, 0x91, 0x1E,
+        0x69, 0xD5, 0xA8, 0x49, 0x43, 0x03, 0x61, 0xF7,
+        0x31, 0xB0, 0x72, 0x46, 0xA6, 0x32, 0x9B, 0x52,
+        0x36, 0x19, 0x04, 0x22, 0x50, 0x82, 0xD0, 0xAA,
+        0xC5, 0xB2, 0x1D, 0x6B, 0x34, 0x86, 0x24, 0x81,
+        0xA8, 0x90, 0xC3, 0xC3, 0x60, 0x76, 0x6F, 0x04,
+        0x26, 0x36, 0x03, 0xA6, 0xB7, 0x3E, 0x80, 0x2B,
+        0x1F, 0x70, 0xB2, 0xEB, 0x00, 0x04, 0x68, 0x36,
+        0xB8, 0xF4, 0x93, 0xBF, 0x10, 0xB9, 0x0B, 0x87,
+        0x37, 0xC6, 0xC5, 0x48, 0x44, 0x9B, 0x29, 0x4C,
+        0x47, 0x25, 0x3B, 0xE2, 0x6C, 0xA7, 0x23, 0x36,
+        0xA6, 0x32, 0x06, 0x3A, 0xD3, 0xD0, 0xB4, 0x8C,
+        0x8B, 0x0F, 0x4A, 0x34, 0x44, 0x7E, 0xF1, 0x3B,
+        0x76, 0x40, 0x20, 0xDE, 0x73, 0x9E, 0xB7, 0x9A,
+        0xBA, 0x20, 0xE2, 0xBE, 0x19, 0x51, 0x82, 0x5F,
+        0x29, 0x3B, 0xED, 0xD1, 0x08, 0x9F, 0xCB, 0x0A,
+        0x91, 0xF5, 0x60, 0xC8, 0xE1, 0x7C, 0xDF, 0x52,
+        0x54, 0x1D, 0xC2, 0xB8, 0x1F, 0x97, 0x2A, 0x73,
+        0x75, 0xB2, 0x01, 0xF1, 0x0C, 0x08, 0xD9, 0xB5,
+        0xBC, 0x8B, 0x95, 0x10, 0x00, 0x54, 0xA3, 0xD0,
+        0xAA, 0xFF, 0x89, 0xBD, 0x08, 0xD6, 0xA0, 0xE7,
+        0xF2, 0x11, 0x5A, 0x43, 0x52, 0x31, 0x29, 0x04,
+        0x60, 0xC9, 0xAD, 0x43, 0x5A, 0x3B, 0x3C, 0xF3,
+        0x5E, 0x52, 0x09, 0x1E, 0xDD, 0x18, 0x90, 0x04,
+        0x7B, 0xCC, 0x0A, 0xAB, 0xB1, 0xAC, 0xEB, 0xC7,
+        0x5F, 0x4A, 0x32, 0xBC, 0x14, 0x51, 0xAC, 0xC4,
+        0x96, 0x99, 0x40, 0x78, 0x8E, 0x89, 0x41, 0x21,
+        0x88, 0x94, 0x6C, 0x91, 0x43, 0xC5, 0x04, 0x6B,
+        0xD1, 0xB4, 0x58, 0xDF, 0x61, 0x7C, 0x5D, 0xF5,
+        0x33, 0xB0, 0x52, 0xCD, 0x60, 0x38, 0xB7, 0x75,
+        0x40, 0x34, 0xA2, 0x3C, 0x2F, 0x77, 0x20, 0x13,
+        0x4C, 0x7B, 0x4E, 0xAC, 0xE0, 0x1F, 0xAC, 0x0A,
+        0x28, 0x53, 0xA9, 0x28, 0x58, 0x47, 0xAB, 0xBD,
+        0x06, 0xA3, 0x34, 0x3A, 0x77, 0x8A, 0xC6, 0x06,
+        0x2E, 0x45, 0x8B, 0xC5, 0xE6, 0x1E, 0xCE, 0x1C,
+        0x0D, 0xE0, 0x20, 0x6E, 0x6F, 0xE8, 0xA8, 0x40,
+        0x34, 0xA7, 0xC5, 0xF1, 0xB0, 0x05, 0xFB, 0x0A,
+        0x58, 0x40, 0x51, 0xD3, 0x22, 0x9B, 0x86, 0xC9,
+        0x09, 0xAC, 0x56, 0x47, 0xB3, 0xD7, 0x55, 0x69,
+        0xE0, 0x5A, 0x88, 0x27, 0x9D, 0x80, 0xE5, 0xC3,
+        0x0F, 0x57, 0x4D, 0xC3, 0x27, 0x51, 0x2C, 0x6B,
+        0xBE, 0x81, 0x01, 0x23, 0x9E, 0xC6, 0x28, 0x61,
+        0xF4, 0xBE, 0x67, 0xB0, 0x5B, 0x9C, 0xDA, 0x9C,
+        0x54, 0x5C, 0x13, 0xE7, 0xEB, 0x53, 0xCF, 0xF2,
+        0x60, 0xAD, 0x98, 0x70, 0x19, 0x9C, 0x21, 0xF8,
+        0xC6, 0x3D, 0x64, 0xF0, 0x45, 0x8A, 0x71, 0x41,
+        0x28, 0x50, 0x23, 0xFE, 0xB8, 0x29, 0x29, 0x08,
+        0x72, 0x38, 0x96, 0x44, 0xB0, 0xC3, 0xB7, 0x3A,
+        0xC2, 0xC8, 0xE1, 0x21, 0xA2, 0x9B, 0xB1, 0xC4,
+        0x3C, 0x19, 0xA2, 0x33, 0xD5, 0x6B, 0xED, 0x82,
+        0x74, 0x0E, 0xB0, 0x21, 0xC9, 0x7B, 0x8E, 0xBB,
+        0xA4, 0x0F, 0xF3, 0x28, 0xB5, 0x41, 0x76, 0x0F,
+        0xCC, 0x37, 0x2B, 0x52, 0xD3, 0xBC, 0x4F, 0xCB,
+        0xC0, 0x6F, 0x42, 0x4E, 0xAF, 0x25, 0x38, 0x04,
+        0xD4, 0xCB, 0x46, 0xF4, 0x1F, 0xF2, 0x54, 0xC0,
+        0xC5, 0xBA, 0x48, 0x3B, 0x44, 0xA8, 0x7C, 0x21,
+        0x96, 0x54, 0x55, 0x5E, 0xC7, 0xC1, 0x63, 0xC7,
+        0x9B, 0x9C, 0xB7, 0x60, 0xA2, 0xAD, 0x9B, 0xB7,
+        0x22, 0xB9, 0x3E, 0x0C, 0x28, 0xBD, 0x4B, 0x16,
+        0x85, 0x94, 0x9C, 0x49, 0x6E, 0xAB, 0x1A, 0xFF,
+        0x90, 0x91, 0x9E, 0x37, 0x61, 0xB3, 0x46, 0x83,
+        0x8A, 0xBB, 0x2F, 0x01, 0xA9, 0x1E, 0x55, 0x43,
+        0x75, 0xAF, 0xDA, 0xAA, 0xF3, 0x82, 0x6E, 0x6D,
+        0xB7, 0x9F, 0xE7, 0x35, 0x3A, 0x7A, 0x57, 0x8A,
+        0x7C, 0x05, 0x98, 0xCE, 0x28, 0xB6, 0xD9, 0x91,
+        0x52, 0x14, 0x23, 0x6B, 0xBF, 0xFA, 0x6D, 0x45,
+        0xB6, 0x37, 0x6A, 0x07, 0x92, 0x4A, 0x39, 0xA7,
+        0xBE, 0x81, 0x82, 0x86, 0x71, 0x5C, 0x8A, 0x3C,
+        0x11, 0x0C, 0xD7, 0x6C, 0x02, 0xE0, 0x41, 0x7A,
+        0xF1, 0x38, 0xBD, 0xB9, 0x5C, 0x3C, 0xCA, 0x79,
+        0x8A, 0xC8, 0x09, 0xED, 0x69, 0xCF, 0xB6, 0x72,
+        0xB6, 0xFD, 0xDC, 0x24, 0xD8, 0x9C, 0x06, 0xA6,
+        0x55, 0x88, 0x14, 0xAB, 0x0C, 0x21, 0xC6, 0x2B,
+        0x2F, 0x84, 0xC0, 0xE3, 0xE0, 0x80, 0x3D, 0xB3,
+        0x37, 0xA4, 0xE0, 0xC7, 0x12, 0x7A, 0x6B, 0x4C,
+        0x8C, 0x08, 0xB1, 0xD1, 0xA7, 0x6B, 0xF0, 0x7E,
+        0xB6, 0xE5, 0xB5, 0xBB, 0x47, 0xA1, 0x6C, 0x74,
+        0xBC, 0x54, 0x83, 0x75, 0xFB, 0x29, 0xCD, 0x78,
+        0x9A, 0x5C, 0xFF, 0x91, 0xBD, 0xBD, 0x07, 0x18,
+        0x59, 0xF4, 0x84, 0x6E, 0x35, 0x5B, 0xB0, 0xD2,
+        0x94, 0x84, 0xE2, 0x64, 0xDF, 0xF3, 0x6C, 0x91,
+        0x77, 0xA7, 0xAC, 0xA7, 0x89, 0x08, 0x87, 0x96,
+        0x95, 0xCA, 0x87, 0xF2, 0x54, 0x36, 0xBC, 0x12,
+        0x63, 0x07, 0x24, 0xBB, 0x22, 0xF0, 0xCB, 0x64,
+        0x89, 0x7F, 0xE5, 0xC4, 0x11, 0x95, 0x28, 0x0D,
+        0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A,
+        0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6,
+        0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B,
+        0xC4, 0x83, 0x0C, 0x00, 0x12, 0x55, 0x4C, 0xFC,
+        0x5D, 0x2C, 0x8A, 0x20, 0x27, 0xAA, 0x3C, 0xD9,
+        0x67, 0x13, 0x0E, 0x9B, 0x96, 0x24, 0x1B, 0x11,
+        0xC4, 0x32, 0x0C, 0x76, 0x49, 0xCC, 0x23, 0xA7,
+        0x1B, 0xAF, 0xE6, 0x91, 0xAF, 0xC0, 0x8E, 0x68,
+        0x0B, 0xCE, 0xF4, 0x29, 0x07, 0x00, 0x07, 0x18,
+        0xE4, 0xEA, 0xCE, 0x8D, 0xA2, 0x82, 0x14, 0x19,
+        0x7B, 0xE1, 0xC2, 0x69, 0xDA, 0x9C, 0xB5, 0x41,
+        0xE1, 0xA3, 0xCE, 0x97, 0xCF, 0xAD, 0xF9, 0xC6,
+        0x05, 0x87, 0x80, 0xFE, 0x67, 0x93, 0xDB, 0xFA,
+        0x82, 0x18, 0xA2, 0x76, 0x0B, 0x80, 0x2B, 0x8D,
+        0xA2, 0xAA, 0x27, 0x1A, 0x38, 0x77, 0x25, 0x23,
+        0xA7, 0x67, 0x36, 0xA7, 0xA3, 0x1B, 0x9D, 0x30,
+        0x37, 0xAD, 0x21, 0xCE, 0xBB, 0x11, 0xA4, 0x72,
+        0xB8, 0x79, 0x2E, 0xB1, 0x75, 0x58, 0xB9, 0x40,
+        0xE7, 0x08, 0x83, 0xF2, 0x64, 0x59, 0x2C, 0x68,
+        0x9B, 0x24, 0x0B, 0xB4, 0x3D, 0x54, 0x08, 0xBF,
+        0x44, 0x64, 0x32, 0xF4, 0x12, 0xF4, 0xB9, 0xA5,
+        0xF6, 0x86, 0x5C, 0xC2, 0x52, 0xA4, 0x3C, 0xF4,
+        0x0A, 0x32, 0x03, 0x91, 0x55, 0x55, 0x91, 0xD6,
+        0x75, 0x61, 0xFD, 0xD0, 0x53, 0x53, 0xAB, 0x6B,
+        0x01, 0x9B, 0x3A, 0x08, 0xA7, 0x33, 0x53, 0xD5,
+        0x1B, 0x61, 0x13, 0xAB, 0x2F, 0xA5, 0x1D, 0x97,
+        0x56, 0x48, 0xEE, 0x25, 0x4A, 0xF8, 0x9A, 0x23,
+        0x05, 0x04, 0xA2, 0x36, 0xA4, 0x65, 0x82, 0x57,
+        0x74, 0x0B, 0xDC, 0xBB, 0xE1, 0x70, 0x8A, 0xB0,
+        0x22, 0xC3, 0xC5, 0x88, 0xA4, 0x10, 0xDB, 0x3B,
+        0x9C, 0x30, 0x8A, 0x06, 0x27, 0x5B, 0xDF, 0x5B,
+        0x48, 0x59, 0xD3, 0xA2, 0x61, 0x7A, 0x29, 0x5E,
+        0x1A, 0x22, 0xF9, 0x01, 0x98, 0xBA, 0xD0, 0x16,
+        0x6F, 0x4A, 0x94, 0x34, 0x17, 0xC5, 0xB8, 0x31,
+        0x73, 0x6C, 0xB2, 0xC8, 0x58, 0x0A, 0xBF, 0xDE,
+        0x57, 0x14, 0xB5, 0x86, 0xAB, 0xEE, 0xC0, 0xA1,
+        0x75, 0xA0, 0x8B, 0xC7, 0x10, 0xC7, 0xA2, 0x89,
+        0x5D, 0xE9, 0x3A, 0xC4, 0x38, 0x06, 0x1B, 0xF7,
+        0x76, 0x5D, 0x0D, 0x21, 0xCD, 0x41, 0x81, 0x67,
+        0xCA, 0xF8, 0x9D, 0x1E, 0xFC, 0x34, 0x48, 0xBC,
+        0xBB, 0x96, 0xD6, 0x9B, 0x3E, 0x01, 0x0C, 0x82,
+        0xD1, 0x5C, 0xAB, 0x6C, 0xAC, 0xC6, 0x79, 0x9D,
+        0x36, 0x39, 0x66, 0x9A, 0x5B, 0x21, 0xA6, 0x33,
+        0xC8, 0x65, 0xF8, 0x59, 0x3B, 0x5B, 0x7B, 0xC8,
+        0x00, 0x26, 0x2B, 0xB8, 0x37, 0xA9, 0x24, 0xA6,
+        0xC5, 0x44, 0x0E, 0x4F, 0xC7, 0x3B, 0x41, 0xB2,
+        0x30, 0x92, 0xC3, 0x91, 0x2F, 0x4C, 0x6B, 0xEB,
+        0xB4, 0xC7, 0xB4, 0xC6, 0x29, 0x08, 0xB0, 0x37,
+        0x75, 0x66, 0x6C, 0x22, 0x22, 0x0D, 0xF9, 0xC8,
+        0x88, 0x23, 0xE3, 0x44, 0xC7, 0x30, 0x83, 0x32,
+        0x34, 0x5C, 0x8B, 0x79, 0x5D, 0x34, 0xE8, 0xC0,
+        0x51, 0xF2, 0x1F, 0x5A, 0x21, 0xC2, 0x14, 0xB6,
+        0x98, 0x41, 0x35, 0x87, 0x09, 0xB1, 0xC3, 0x05,
+        0xB3, 0x2C, 0xC2, 0xC3, 0x80, 0x6A, 0xE9, 0xCC,
+        0xD3, 0x81, 0x9F, 0xFF, 0x45, 0x07, 0xFE, 0x52,
+        0x0F, 0xBF, 0xC2, 0x71, 0x99, 0xBC, 0x23, 0xBE,
+        0x6B, 0x9B, 0x2D, 0x2A, 0xC1, 0x71, 0x75, 0x79,
+        0xAC, 0x76, 0x92, 0x79, 0xE2, 0xA7, 0xAA, 0xC6,
+        0x8A, 0x37, 0x1A, 0x47, 0xBA, 0x3A, 0x7D, 0xBE,
+        0x01, 0x6F, 0x14, 0xE1, 0xA7, 0x27, 0x33, 0x36,
+        0x63, 0xC4, 0xA5, 0xCD, 0x1A, 0x0F, 0x88, 0x36,
+        0xCF, 0x7B, 0x5C, 0x49, 0xAC, 0x51, 0x48, 0x5C,
+        0xA6, 0x03, 0x45, 0xC9, 0x90, 0xE0, 0x68, 0x88,
+        0x72, 0x00, 0x03, 0x73, 0x13, 0x22, 0xC5, 0xB8,
+        0xCD, 0x5E, 0x69, 0x07, 0xFD, 0xA1, 0x15, 0x7F,
+        0x46, 0x8F, 0xD3, 0xFC, 0x20, 0xFA, 0x81, 0x75,
+        0xEE, 0xC9, 0x5C, 0x29, 0x1A, 0x26, 0x2B, 0xA8,
+        0xC5, 0xBE, 0x99, 0x08, 0x72, 0x41, 0x89, 0x30,
+        0x85, 0x23, 0x39, 0xD8, 0x8A, 0x19, 0xB3, 0x7F,
+        0xEF, 0xA3, 0xCF, 0xE8, 0x21, 0x75, 0xC2, 0x24,
+        0x40, 0x7C, 0xA4, 0x14, 0xBA, 0xEB, 0x37, 0x92,
+        0x3B, 0x4D, 0x2D, 0x83, 0x13, 0x4A, 0xE1, 0x54,
+        0xE4, 0x90, 0xA9, 0xB4, 0x5A, 0x05, 0x63, 0xB0,
+        0x6C, 0x95, 0x3C, 0x33, 0x01, 0x45, 0x0A, 0x21,
+        0x76, 0xA0, 0x7C, 0x61, 0x4A, 0x74, 0xE3, 0x47,
+        0x8E, 0x48, 0x50, 0x9F, 0x9A, 0x60, 0xAE, 0x94,
+        0x5A, 0x8E, 0xBC, 0x78, 0x15, 0x12, 0x1D, 0x90,
+        0xA3, 0xB0, 0xE0, 0x70, 0x91, 0xA0, 0x96, 0xCF,
+        0x02, 0xC5, 0x7B, 0x25, 0xBC, 0xA5, 0x81, 0x26,
+        0xAD, 0x0C, 0x62, 0x9C, 0xE1, 0x66, 0xA7, 0xED,
+        0xB4, 0xB3, 0x32, 0x21, 0xA0, 0xD3, 0xF7, 0x2B,
+        0x85, 0xD5, 0x62, 0xEC, 0x69, 0x8B, 0x7D, 0x0A,
+        0x91, 0x3D, 0x73, 0x80, 0x6F, 0x1C, 0x5C, 0x87,
+        0xB3, 0x8E, 0xC0, 0x03, 0xCB, 0x30, 0x3A, 0x3D,
+        0xC5, 0x1B, 0x4B, 0x35, 0x35, 0x6A, 0x67, 0x82,
+        0x6D, 0x6E, 0xDA, 0xA8, 0xFE, 0xB9, 0x3B, 0x98,
+        0x49, 0x3B, 0x2D, 0x1C, 0x11, 0xB6, 0x76, 0xA6,
+        0xAD, 0x95, 0x06, 0xA1, 0xAA, 0xAE, 0x13, 0xA8,
+        0x24, 0xC7, 0xC0, 0x8D, 0x1C, 0x6C, 0x2C, 0x4D,
+        0xBA, 0x96, 0x42, 0xC7, 0x6E, 0xA7, 0xF6, 0xC8,
+        0x26, 0x4B, 0x64, 0xA2, 0x3C, 0xCC, 0xA9, 0xA7,
+        0x46, 0x35, 0xFC, 0xBF, 0x03, 0xE0, 0x0F, 0x1B,
+        0x57, 0x22, 0xB2, 0x14, 0x37, 0x67, 0x90, 0x79,
+        0x3B, 0x2C, 0x4F, 0x0A, 0x13, 0xB5, 0xC4, 0x07,
+        0x60, 0xB4, 0x21, 0x8E, 0x1D, 0x25, 0x94, 0xDC,
+        0xB3, 0x0A, 0x70, 0xD9, 0xC1, 0x78, 0x2A, 0x5D,
+        0xD3, 0x05, 0x76, 0xFA, 0x41, 0x44, 0xBF, 0xC8,
+        0x41, 0x6E, 0xDA, 0x81, 0x18, 0xFC, 0x64, 0x72,
+        0xF5, 0x6A, 0x97, 0x95, 0x86, 0xF3, 0x3B, 0xB0,
+        0x70, 0xFB, 0x0F, 0x1B, 0x0B, 0x10, 0xBC, 0x48,
+        0x97, 0xEB, 0xE0, 0x1B, 0xCA, 0x38, 0x93, 0xD4,
+        0xE1, 0x6A, 0xDB, 0x25, 0x09, 0x3A, 0x74, 0x17,
+        0xD0, 0x70, 0x8C, 0x83, 0xA2, 0x63, 0x22, 0xE2,
+        0x2E, 0x63, 0x30, 0x09, 0x1E, 0x30, 0x15, 0x2B,
+        0xF8, 0x23, 0x59, 0x7C, 0x04, 0xCC, 0xF4, 0xCF,
+        0xC7, 0x33, 0x15, 0x78, 0xF4, 0x3A, 0x27, 0x26,
+        0xCC, 0xB4, 0x28, 0x28, 0x9A, 0x90, 0xC8, 0x63,
+        0x25, 0x9D, 0xD1, 0x80, 0xC5, 0xFF, 0x14, 0x2B,
+        0xEF, 0x41, 0xC7, 0x71, 0x70, 0x94, 0xBE, 0x07,
+        0x85, 0x6D, 0xA2, 0xB1, 0x40, 0xFA, 0x67, 0x71,
+        0x09, 0x67, 0x35, 0x6A, 0xA4, 0x7D, 0xFB, 0xC8,
+        0xD2, 0x55, 0xB4, 0x72, 0x2A, 0xB8, 0x6D, 0x43,
+        0x9B, 0x7E, 0x0A, 0x60, 0x90, 0x25, 0x1D, 0x2D,
+        0x4C, 0x1E, 0xD5, 0xF2, 0x0B, 0xBE, 0x68, 0x07,
+        0xBF, 0x65, 0xA9, 0x0B, 0x7C, 0xB2, 0xEC, 0x01,
+        0x02, 0xAF, 0x02, 0x80, 0x9D, 0xC9, 0xAC, 0x7D,
+        0x0A, 0x3A, 0xBC, 0x69, 0xC1, 0x83, 0x65, 0xBC,
+        0xFF, 0x59, 0x18, 0x5F, 0x33, 0x99, 0x68, 0x87,
+        0x74, 0x61, 0x85, 0x90, 0x6C, 0x01, 0x91, 0xAE,
+        0xD4, 0x40, 0x7E, 0x13, 0x94, 0x46, 0x45, 0x9B,
+        0xE2, 0x9C, 0x68, 0x22, 0x71, 0x76, 0x44, 0x35,
+        0x3D, 0x24, 0xAB, 0x63, 0x39, 0x15, 0x6A, 0x9C,
+        0x42, 0x49, 0x09, 0xF0, 0xA9, 0x02, 0x5B, 0xB7,
+        0x47, 0x20, 0x77, 0x9B, 0xE4, 0x3F, 0x16, 0xD8,
+        0x1C, 0x8C, 0xC6, 0x66, 0xE9, 0x97, 0x10, 0xD8,
+        0xC6, 0x8B, 0xB5, 0xCC, 0x4E, 0x12, 0xF3, 0x14,
+        0xE9, 0x25, 0xA5, 0x51, 0xF0, 0x9C, 0xC5, 0x90,
+        0x03, 0xA1, 0xF8, 0x81, 0x03, 0xC2, 0x54, 0xBB,
+        0x97, 0x8D, 0x75, 0xF3, 0x94, 0xD3, 0x54, 0x0E,
+        0x31, 0xE7, 0x71, 0xCD, 0xA3, 0x6E, 0x39, 0xEC,
+        0x54, 0xA6, 0x2B, 0x58, 0x32, 0x66, 0x4D, 0x82,
+        0x1A, 0x72, 0xF1, 0xE6, 0xAF, 0xBB, 0xA2, 0x7F,
+        0x84, 0x29, 0x5B, 0x26, 0x94, 0xC4, 0x98, 0x49,
+        0x8E, 0x81, 0x2B, 0xC8, 0xE9, 0x37, 0x8F, 0xE5,
+        0x41, 0xCE, 0xC5, 0x89, 0x1B, 0x25, 0x06, 0x29,
+        0x01, 0xCB, 0x72, 0x12, 0xE3, 0xCD, 0xC4, 0x61,
+        0x79, 0xEC, 0x5B, 0xCE, 0xC1, 0x0B, 0xC0, 0xB9,
+        0x31, 0x1D, 0xE0, 0x50, 0x74, 0x29, 0x06, 0x87,
+        0xFD, 0x6A, 0x53, 0x92, 0x67, 0x16, 0x54, 0x28,
+        0x4C, 0xD9, 0xC8, 0xCC, 0x3E, 0xBA, 0x80, 0xEB,
+        0x3B, 0x66, 0x2E, 0xB5, 0x3E, 0xB7, 0x51, 0x16,
+        0x70, 0x4A, 0x1F, 0xEB, 0x5C, 0x2D, 0x05, 0x63,
+        0x38, 0x53, 0x28, 0x68, 0xDD, 0xF2, 0x4E, 0xB8,
+        0x99, 0x2A, 0xB8, 0x56, 0x5D, 0x9E, 0x49, 0x0C,
+        0xAD, 0xF1, 0x48, 0x04, 0x36, 0x0D, 0xAA, 0x90,
+        0x71, 0x8E, 0xAB, 0x61, 0x6B, 0xAB, 0x07, 0x65,
+        0xD3, 0x39, 0x87, 0xB4, 0x7E, 0xFB, 0x65, 0x99,
+        0xC5, 0x56, 0x32, 0x35, 0xE6, 0x1E, 0x4B, 0xE6,
+        0x70, 0xE9, 0x79, 0x55, 0xAB, 0x29, 0x2D, 0x97,
+        0x32, 0xCB, 0x89, 0x30, 0x94, 0x8A, 0xC8, 0x2D,
+        0xF2, 0x30, 0xAC, 0x72, 0x29, 0x7A, 0x23, 0x67,
+        0x9D, 0x6B, 0x94, 0xC1, 0x7F, 0x13, 0x59, 0x48,
+        0x32, 0x54, 0xFE, 0xDC, 0x2F, 0x05, 0x81, 0x9F,
+        0x0D, 0x06, 0x9A, 0x44, 0x3B, 0x78, 0xE3, 0xFC,
+        0x6C, 0x3E, 0xF4, 0x71, 0x4B, 0x05, 0xA3, 0xFC,
+        0xA8, 0x1C, 0xBB, 0xA6, 0x02, 0x42, 0xA7, 0x06,
+        0x0C, 0xD8, 0x85, 0xD8, 0xF3, 0x99, 0x81, 0xBB,
+        0x18, 0x09, 0x2B, 0x23, 0xDA, 0xA5, 0x9F, 0xD9,
+        0x57, 0x83, 0x88, 0x68, 0x8A, 0x09, 0xBB, 0xA0,
+        0x79, 0xBC, 0x80, 0x9A, 0x54, 0x84, 0x3A, 0x60,
+        0x38, 0x5E, 0x23, 0x10, 0xBB, 0xCB, 0xCC, 0x02,
+        0x13, 0xCE, 0x3D, 0xFA, 0xAB, 0x33, 0xB4, 0x7F,
+        0x9D, 0x63, 0x05, 0xBC, 0x95, 0xC6, 0x10, 0x78,
+        0x13, 0xC5, 0x85, 0xC4, 0xB6, 0x57, 0xBF, 0x30,
+        0x54, 0x28, 0x33, 0xB1, 0x49, 0x49, 0xF5, 0x73,
+        0xC0, 0x61, 0x2A, 0xD5, 0x24, 0xBA, 0xAE, 0x69,
+        0x59, 0x0C, 0x12, 0x77, 0xB8, 0x6C, 0x28, 0x65,
+        0x71, 0xBF, 0x66, 0xB3, 0xCF, 0xF4, 0x6A, 0x38,
+        0x58, 0xC0, 0x99, 0x06, 0xA7, 0x94, 0xDF, 0x4A,
+        0x06, 0xE9, 0xD4, 0xB0, 0xA2, 0xE4, 0x3F, 0x10,
+        0xF7, 0x2A, 0x6C, 0x6C, 0x47, 0xE5, 0x64, 0x6E,
+        0x2C, 0x79, 0x9B, 0x71, 0xC3, 0x3E, 0xD2, 0xF0,
+        0x1E, 0xEB, 0x45, 0x93, 0x8E, 0xB7, 0xA4, 0xE2,
+        0xE2, 0x90, 0x8C, 0x53, 0x55, 0x8A, 0x54, 0x0D,
+        0x35, 0x03, 0x69, 0xFA, 0x18, 0x9C, 0x61, 0x69,
+        0x43, 0xF7, 0x98, 0x1D, 0x76, 0x18, 0xCF, 0x02,
+        0xA5, 0xB0, 0xA2, 0xBC, 0xC4, 0x22, 0xE8, 0x57,
+        0xD1, 0xA4, 0x78, 0x71, 0x25, 0x3D, 0x08, 0x29,
+        0x3C, 0x1C, 0x17, 0x9B, 0xCD, 0xC0, 0x43, 0x70,
+        0x69, 0x10, 0x74, 0x18, 0x20, 0x5F, 0xDB, 0x98,
+        0x56, 0x62, 0x3B, 0x8C, 0xA6, 0xB6, 0x94, 0xC9,
+        0x6C, 0x08, 0x4B, 0x17, 0xF1, 0x3B, 0xB6, 0xDF,
+        0x12, 0xB2, 0xCF, 0xBB, 0xC2, 0xB0, 0xE0, 0xC3,
+        0x4B, 0x00, 0xD0, 0xFC, 0xD0, 0xAE, 0xCF, 0xB2,
+        0x79, 0x24, 0xF6, 0x98, 0x4E, 0x74, 0x7B, 0xE2,
+        0xA0, 0x9D, 0x83, 0xA8, 0x66, 0x45, 0x90, 0xA8,
+        0x07, 0x73, 0x31, 0x49, 0x1A, 0x4F, 0x7D, 0x72,
+        0x08, 0x43, 0xF2, 0x3E, 0x65, 0x2C, 0x6F, 0xA8,
+        0x40, 0x30, 0x8D, 0xB4, 0x02, 0x03, 0x37, 0xAA,
+        0xD3, 0x79, 0x67, 0x03, 0x4A, 0x9F, 0xB5, 0x23,
+        0xB6, 0x7C, 0xA7, 0x03, 0x30, 0xF0, 0x2D, 0x9E,
+        0xA2, 0x0C, 0x1E, 0x84, 0xCB, 0x8E, 0x57, 0x57,
+        0xC9, 0xE1, 0x89, 0x6B, 0x60, 0x58, 0x14, 0x41,
+        0xED, 0x61, 0x8A, 0xA5, 0xB2, 0x6D, 0xA5, 0x6C,
+        0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E,
+        0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21,
+        0xD2, 0xE5, 0x74, 0xDF, 0xD8, 0xCD, 0x0A, 0xE8,
+        0x93, 0xAA, 0x7E, 0x12, 0x5B, 0x44, 0xB9, 0x24,
+        0xF4, 0x52, 0x23, 0xEC, 0x09, 0xF2, 0xAD, 0x11,
+        0x41, 0xEA, 0x93, 0xA6, 0x80, 0x50, 0xDB, 0xF6,
+        0x99, 0xE3, 0x24, 0x68, 0x84, 0x18, 0x1F, 0x8E,
+        0x1D, 0xD4, 0x4E, 0x0C, 0x76, 0x29, 0x09, 0x33,
+        0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E,
+        0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7
     };
 #endif
     static byte pubKey[KYBER_MAX_PUBLIC_KEY_SIZE];
@@ -28482,932 +29407,932 @@ static int test_wc_kyber_encapsulate_kats(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
-    defined(WOLFSSL_ML_KEM)
+    !defined(WOLFSSL_KYBER_ORIGINAL)
     KyberKey* key;
 #ifndef WOLFSSL_NO_KYBER512
     static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = {
-        0xA5, 0x40, 0x97, 0x18, 0xCB, 0x72, 0xF2, 0x43,
-        0x8A, 0x35, 0x55, 0xA3, 0xC8, 0xF1, 0x8F, 0x26,
-        0x71, 0xA1, 0xF8, 0x14, 0x03, 0xDF, 0x7B, 0x5A,
-        0x46, 0x59, 0xA5, 0x1F, 0x50, 0x82, 0x7B, 0xA6,
-        0x57, 0x7A, 0xA7, 0x08, 0x00, 0xD7, 0x8D, 0x8B,
-        0xC5, 0xAA, 0x86, 0xB8, 0x9E, 0x08, 0xB5, 0x8F,
-        0x34, 0x80, 0xA8, 0x9E, 0x10, 0x4D, 0xC6, 0x92,
-        0x2E, 0xDB, 0xC1, 0x2D, 0x06, 0xF8, 0x91, 0x02,
-        0x7C, 0x65, 0x4E, 0x99, 0x4A, 0x22, 0xF9, 0x1A,
-        0x2A, 0xF6, 0x34, 0x04, 0xCA, 0x98, 0xD7, 0xB6,
-        0x7E, 0xEA, 0x25, 0x91, 0x1B, 0x24, 0xC7, 0x0D,
-        0xEB, 0x81, 0x46, 0xA0, 0x82, 0x1F, 0x34, 0xA3,
-        0x02, 0x55, 0x1F, 0x2D, 0x51, 0x0C, 0x05, 0x88,
-        0xC8, 0xBC, 0xA7, 0x4E, 0xB4, 0xDC, 0x0C, 0xFA,
-        0x46, 0x03, 0xC1, 0xC5, 0xA3, 0xC5, 0x53, 0x70,
-        0x61, 0x78, 0x90, 0x68, 0x68, 0x2C, 0x4C, 0xC3,
-        0x14, 0x3F, 0xBA, 0x9B, 0xB5, 0x54, 0x2F, 0x97,
-        0x78, 0xBD, 0xF2, 0x3B, 0x36, 0x52, 0xF2, 0xA7,
-        0x52, 0x47, 0x56, 0xFA, 0x73, 0x90, 0x9D, 0xDA,
-        0xC7, 0xE5, 0x32, 0x52, 0x26, 0x59, 0x21, 0x8C,
-        0xBA, 0x25, 0xF3, 0x3B, 0x6B, 0x04, 0x58, 0xCB,
-        0x03, 0xDA, 0x79, 0x35, 0xBA, 0x59, 0x11, 0x19,
-        0x55, 0x31, 0x2B, 0x15, 0xCC, 0xE2, 0xC0, 0xF7,
-        0x34, 0x66, 0xA8, 0x00, 0x62, 0x83, 0xA2, 0xAA,
-        0x7C, 0xBB, 0x61, 0x02, 0x2A, 0xBB, 0xC2, 0xD1,
-        0x9F, 0x29, 0x20, 0xBC, 0x30, 0x24, 0x72, 0xDC,
-        0x97, 0xC4, 0xA1, 0x78, 0x8C, 0x9B, 0xD3, 0xBB,
-        0xED, 0xC9, 0x12, 0x2B, 0x82, 0x7B, 0x27, 0x9C,
-        0x07, 0x4C, 0x80, 0x44, 0x31, 0x41, 0x11, 0x9F,
-        0x4B, 0x16, 0x29, 0xF6, 0x2F, 0x10, 0xD4, 0xCE,
-        0x2B, 0xE3, 0xBB, 0x34, 0x38, 0x16, 0xCA, 0xD1,
-        0x6A, 0x1C, 0x87, 0x58, 0x2F, 0x2B, 0x70, 0xE2,
-        0x66, 0x35, 0xB0, 0x8B, 0xB3, 0x90, 0xC1, 0x33,
-        0x98, 0xFC, 0xCD, 0xA7, 0xE9, 0xBB, 0x3D, 0x9B,
-        0x0B, 0x78, 0x03, 0x75, 0x0C, 0x95, 0x5C, 0x57,
-        0xA0, 0x28, 0xA5, 0xD2, 0x6C, 0x27, 0x03, 0x16,
-        0xBB, 0x2B, 0x81, 0x5C, 0x3B, 0x97, 0x2B, 0xA6,
-        0x78, 0x2D, 0xAB, 0x02, 0xF3, 0x06, 0x82, 0x1E,
-        0x61, 0x28, 0x5B, 0xB0, 0x72, 0xBF, 0x79, 0x78,
-        0x1C, 0xAB, 0xC3, 0x86, 0x14, 0x2A, 0x50, 0xC7,
-        0xAA, 0xAE, 0x66, 0xA9, 0x47, 0x58, 0x5B, 0xB0,
-        0xD8, 0x28, 0x8D, 0xBC, 0xAF, 0x4B, 0x3B, 0x85,
-        0xBB, 0x79, 0x26, 0x98, 0x7B, 0xAF, 0x76, 0x43,
-        0xAA, 0xB5, 0xFB, 0x02, 0x21, 0x05, 0x80, 0xA0,
-        0x26, 0x43, 0x52, 0xE6, 0x9C, 0x60, 0x98, 0x98,
-        0x9C, 0xFB, 0x87, 0x48, 0x33, 0x95, 0x96, 0x0A,
-        0x3A, 0x4F, 0x31, 0xBE, 0xFD, 0xA8, 0x0B, 0x5F,
-        0x28, 0x6E, 0xCF, 0xDA, 0xA5, 0x55, 0xD4, 0x39,
-        0x0A, 0xF6, 0xB5, 0x5D, 0x31, 0x39, 0x20, 0x92,
-        0x90, 0x93, 0x44, 0x9C, 0xD6, 0x72, 0x9D, 0x00,
-        0x21, 0x8E, 0x2D, 0x86, 0x57, 0x0A, 0xDC, 0x0C,
-        0x4F, 0x65, 0x45, 0xFF, 0xB5, 0x63, 0x2E, 0xFB,
-        0x3A, 0xAE, 0x26, 0x25, 0xA6, 0x98, 0x26, 0x70,
-        0xFA, 0xCE, 0x8D, 0x16, 0x12, 0x6F, 0xA6, 0x07,
-        0xE6, 0xD0, 0xA1, 0xFF, 0x61, 0x6A, 0x46, 0xEC,
-        0xA6, 0x42, 0xCC, 0x6A, 0xAC, 0x55, 0x4D, 0xBB,
-        0xC4, 0x3D, 0xFC, 0xF5, 0x7F, 0x36, 0x4C, 0x19,
-        0x0C, 0xEA, 0x57, 0x76, 0xC1, 0xCE, 0xB5, 0x8B,
-        0x70, 0x07, 0x50, 0x5F, 0xD7, 0x9C, 0x5F, 0x00,
-        0x5A, 0x4B, 0xA2, 0x18, 0xCF, 0x06, 0x93, 0xB0,
-        0x58, 0xB5, 0x10, 0xA4, 0xCA, 0x20, 0x43, 0x24,
-        0x60, 0x2F, 0x59, 0xBB, 0x8F, 0x22, 0x81, 0xC4,
-        0xD7, 0xB0, 0xBC, 0x86, 0x25, 0xE7, 0x88, 0x16,
-        0x50, 0xF5, 0x7C, 0x89, 0xE3, 0x2C, 0xF4, 0x80,
-        0x91, 0x44, 0x77, 0x5C, 0x90, 0x73, 0xB6, 0x73,
-        0xE3, 0x94, 0x12, 0xA2, 0x7C, 0x91, 0x43, 0x21,
-        0xCC, 0xB6, 0xA7, 0xCF, 0x7C, 0x37, 0xC5, 0xBC,
-        0xBE, 0x7C, 0xA5, 0x1B, 0xE0, 0xC9, 0x28, 0x46,
-        0x6A, 0x45, 0x8E, 0xB7, 0x78, 0xD6, 0x46, 0x6A,
-        0x89, 0x2A, 0x0A, 0xCB, 0xC0, 0x96, 0x38, 0x78,
-        0x4A, 0x27, 0x73, 0x9C, 0x97, 0x0C, 0xA5, 0x8B,
-        0xC2, 0x59, 0x5A, 0xD6, 0xBF, 0xA4, 0xE5, 0x2E,
-        0xB4, 0x38, 0xAC, 0x97, 0xC4, 0x16, 0x23, 0x80,
-        0x22, 0x48, 0xE1, 0x10, 0xB0, 0x74, 0x83, 0x8F,
-        0x31, 0xA6, 0xE7, 0x50, 0x37, 0x37, 0x70, 0x4E,
-        0x7A, 0xE4, 0xAD, 0x91, 0x29, 0x95, 0x72, 0xA8,
-        0xC1, 0x36, 0x03, 0x50, 0x0F, 0x36, 0x09, 0xB6,
-        0x25, 0xB4, 0xE2, 0x4C, 0xAE, 0x33, 0x2B, 0x0D,
-        0x7A, 0x5B, 0xB4, 0x7A, 0x03, 0x85, 0x12, 0xA0,
-        0x81, 0xBC, 0x27, 0xCD, 0xF0, 0xF2, 0x92, 0x3C,
-        0xD3, 0x47, 0x9F, 0x53, 0x07, 0x02, 0x0B, 0x77,
-        0xF1, 0x49, 0x58, 0x45, 0x64, 0x06, 0x0E, 0x50,
-        0x83, 0xCE, 0xD5, 0x53, 0x12, 0xB6, 0xA6, 0xA4,
-        0x65, 0xA8, 0x2B, 0x45, 0x77, 0xD6, 0x3A, 0x4B,
-        0x49, 0xC8, 0x0B, 0x07, 0xA9, 0x36, 0x7E, 0x39,
-        0x77, 0x8A, 0xF7, 0x6F, 0xA8, 0xEC, 0x2C, 0xF5,
-        0x28, 0x72, 0x28, 0x56, 0xCE, 0x78, 0x13, 0x40,
-        0x1A, 0x83, 0x83, 0xBD, 0xB7, 0x15, 0x1B, 0x9B,
-        0x6D, 0x2D, 0xD6, 0xBF, 0xF5, 0x54, 0x01, 0xD2,
-        0x8A, 0xC6, 0x12, 0x81, 0x8C, 0x88, 0xC9, 0x28,
-        0x73, 0x47, 0xB0, 0x98, 0xA9, 0x66, 0xEB, 0x9C,
-        0x0A, 0x2D, 0xB7, 0x1F, 0x0A, 0x75, 0x55, 0x5E,
-        0x17, 0x57, 0xD3, 0xAC, 0x4E, 0x3D, 0x80, 0x2C,
-        0x8D, 0xC6, 0xA2, 0x61, 0x52, 0x12, 0x55, 0x18,
-        0x6A, 0xBB, 0x98, 0xC2, 0x48, 0x03, 0x01, 0xB8,
-        0xC6, 0xB3, 0x12, 0x28, 0xB5, 0x44, 0x61, 0xBC,
-        0x44, 0xEA, 0x3C, 0x2C, 0xF9, 0x4B, 0x86, 0xC7,
-        0xA5, 0xB8, 0x2C, 0x55, 0x16, 0x7A, 0x76, 0x06,
-        0xCA, 0x9D, 0xC8, 0x25, 0x3B, 0x76, 0x04, 0xE4,
-        0x4A, 0x07, 0xF3, 0xED, 0x55, 0xCD, 0x5B, 0x5E
+        0xDD, 0x19, 0x24, 0x93, 0x5A, 0xA8, 0xE6, 0x17,
+        0xAF, 0x18, 0xB5, 0xA0, 0x65, 0xAC, 0x45, 0x72,
+        0x77, 0x67, 0xEE, 0x89, 0x7C, 0xF4, 0xF9, 0x44,
+        0x2B, 0x2A, 0xCE, 0x30, 0xC0, 0x23, 0x7B, 0x30,
+        0x7D, 0x3E, 0x76, 0xBF, 0x8E, 0xEB, 0x78, 0xAD,
+        0xDC, 0x4A, 0xAC, 0xD1, 0x64, 0x63, 0xD8, 0x60,
+        0x2F, 0xD5, 0x48, 0x7B, 0x63, 0xC8, 0x8B, 0xB6,
+        0x60, 0x27, 0xF3, 0x7D, 0x0D, 0x61, 0x4D, 0x6F,
+        0x9C, 0x24, 0x60, 0x3C, 0x42, 0x94, 0x76, 0x64,
+        0xAC, 0x43, 0x98, 0xC6, 0xC5, 0x23, 0x83, 0x46,
+        0x9B, 0x4F, 0x97, 0x77, 0xE5, 0xEC, 0x72, 0x06,
+        0x21, 0x0F, 0x3E, 0x5A, 0x79, 0x6B, 0xF4, 0x5C,
+        0x53, 0x26, 0x8E, 0x25, 0xF3, 0x9A, 0xC2, 0x61,
+        0xAF, 0x3B, 0xFA, 0x2E, 0xE7, 0x55, 0xBE, 0xB8,
+        0xB6, 0x7A, 0xB3, 0xAC, 0x8D, 0xF6, 0xC6, 0x29,
+        0xC1, 0x17, 0x6E, 0x9E, 0x3B, 0x96, 0x5E, 0x93,
+        0x69, 0xF9, 0xB3, 0xB9, 0x2A, 0xD7, 0xC2, 0x09,
+        0x55, 0x64, 0x1D, 0x99, 0x52, 0x6F, 0xE7, 0xB9,
+        0xFE, 0x8C, 0x85, 0x08, 0x20, 0x27, 0x5C, 0xD9,
+        0x64, 0x84, 0x92, 0x50, 0x09, 0x07, 0x33, 0xCE,
+        0x12, 0x4E, 0xCF, 0x31, 0x66, 0x24, 0x37, 0x4B,
+        0xD1, 0x8B, 0x7C, 0x35, 0x8C, 0x06, 0xE9, 0xC1,
+        0x36, 0xEE, 0x12, 0x59, 0xA9, 0x24, 0x5A, 0xBC,
+        0x55, 0xB9, 0x64, 0xD6, 0x89, 0xF5, 0xA0, 0x82,
+        0x92, 0xD2, 0x82, 0x65, 0x65, 0x8E, 0xBB, 0x40,
+        0xCB, 0xFE, 0x48, 0x8A, 0x22, 0x28, 0x27, 0x55,
+        0x90, 0xAB, 0x9F, 0x32, 0xA3, 0x41, 0x09, 0x70,
+        0x9C, 0x1C, 0x29, 0x1D, 0x4A, 0x23, 0x33, 0x72,
+        0x74, 0xC7, 0xA5, 0xA5, 0x99, 0x1C, 0x7A, 0x87,
+        0xB8, 0x1C, 0x97, 0x4A, 0xB1, 0x8C, 0xE7, 0x78,
+        0x59, 0xE4, 0x99, 0x5E, 0x7C, 0x14, 0xF0, 0x37,
+        0x17, 0x48, 0xB7, 0x71, 0x2F, 0xB5, 0x2C, 0x59,
+        0x66, 0xCD, 0x63, 0x06, 0x3C, 0x4F, 0x3B, 0x81,
+        0xB4, 0x7C, 0x45, 0xDD, 0xE8, 0x3F, 0xB3, 0xA2,
+        0x72, 0x40, 0x29, 0xB1, 0x0B, 0x32, 0x30, 0x21,
+        0x4C, 0x04, 0xFA, 0x05, 0x77, 0xFC, 0x29, 0xAC,
+        0x90, 0x86, 0xAE, 0x18, 0xC5, 0x3B, 0x3E, 0xD4,
+        0x4E, 0x50, 0x74, 0x12, 0xFC, 0xA0, 0x4B, 0x4F,
+        0x53, 0x8A, 0x51, 0x58, 0x8E, 0xC1, 0xF1, 0x02,
+        0x9D, 0x15, 0x2D, 0x9A, 0xE7, 0x73, 0x5F, 0x76,
+        0xA0, 0x77, 0xAA, 0x94, 0x84, 0x38, 0x0A, 0xED,
+        0x91, 0x89, 0xE5, 0x91, 0x24, 0x87, 0xFC, 0xC5,
+        0xB7, 0xC7, 0x01, 0x2D, 0x92, 0x23, 0xDD, 0x96,
+        0x7E, 0xEC, 0xDA, 0xC3, 0x00, 0x8A, 0x89, 0x31,
+        0xB6, 0x48, 0x24, 0x35, 0x37, 0xF5, 0x48, 0xC1,
+        0x71, 0x69, 0x8C, 0x5B, 0x38, 0x1D, 0x84, 0x6A,
+        0x72, 0xE5, 0xC9, 0x2D, 0x42, 0x26, 0xC5, 0xA8,
+        0x90, 0x98, 0x84, 0xF1, 0xC4, 0xA3, 0x40, 0x4C,
+        0x17, 0x20, 0xA5, 0x27, 0x94, 0x14, 0xD7, 0xF2,
+        0x7B, 0x2B, 0x98, 0x26, 0x52, 0xB6, 0x74, 0x02,
+        0x19, 0xC5, 0x6D, 0x21, 0x77, 0x80, 0xD7, 0xA5,
+        0xE5, 0xBA, 0x59, 0x83, 0x63, 0x49, 0xF7, 0x26,
+        0x88, 0x1D, 0xEA, 0x18, 0xEF, 0x75, 0xC0, 0x77,
+        0x2A, 0x8B, 0x92, 0x27, 0x66, 0x95, 0x37, 0x18,
+        0xCA, 0xCC, 0x14, 0xCC, 0xBA, 0xCB, 0x5F, 0xC4,
+        0x12, 0xA2, 0xD0, 0xBE, 0x52, 0x18, 0x17, 0x64,
+        0x5A, 0xB2, 0xBF, 0x6A, 0x47, 0x85, 0xE9, 0x2B,
+        0xC9, 0x4C, 0xAF, 0x47, 0x7A, 0x96, 0x78, 0x76,
+        0x79, 0x6C, 0x0A, 0x51, 0x90, 0x31, 0x5A, 0xC0,
+        0x88, 0x56, 0x71, 0xA4, 0xC7, 0x49, 0x56, 0x4C,
+        0x3B, 0x2C, 0x7A, 0xED, 0x90, 0x64, 0xEB, 0xA2,
+        0x99, 0xEF, 0x21, 0x4B, 0xA2, 0xF4, 0x04, 0x93,
+        0x66, 0x7C, 0x8B, 0xD0, 0x32, 0xAE, 0xC5, 0x62,
+        0x17, 0x11, 0xB4, 0x1A, 0x38, 0x52, 0xC5, 0xC2,
+        0xBA, 0xB4, 0xA3, 0x49, 0xCE, 0x4B, 0x7F, 0x08,
+        0x5A, 0x81, 0x2B, 0xBB, 0xC8, 0x20, 0xB8, 0x1B,
+        0xEF, 0xE6, 0x3A, 0x05, 0xB8, 0xBC, 0xDF, 0xE9,
+        0xC2, 0xA7, 0x0A, 0x8B, 0x1A, 0xCA, 0x9B, 0xF9,
+        0x81, 0x64, 0x81, 0x90, 0x7F, 0xF4, 0x43, 0x24,
+        0x61, 0x11, 0x12, 0x87, 0x30, 0x3F, 0x0B, 0xD8,
+        0x17, 0xC0, 0x57, 0x26, 0xBF, 0xA1, 0x8A, 0x2E,
+        0x24, 0xC7, 0x72, 0x49, 0x21, 0x02, 0x80, 0x32,
+        0xF6, 0x22, 0xBD, 0x96, 0x0A, 0x31, 0x7D, 0x83,
+        0xB3, 0x56, 0xB5, 0x7F, 0x4A, 0x80, 0x04, 0x49,
+        0x9C, 0xBC, 0x73, 0xC9, 0x7D, 0x1E, 0xB7, 0x74,
+        0x59, 0x72, 0x63, 0x1C, 0x05, 0x61, 0xC1, 0xA3,
+        0xAB, 0x6E, 0xF9, 0x1B, 0xD3, 0x63, 0x28, 0x0A,
+        0x10, 0x54, 0x5D, 0xA6, 0x93, 0xE6, 0xD5, 0x8A,
+        0xED, 0x68, 0x45, 0xE7, 0xCC, 0x5F, 0x0D, 0x08,
+        0xCA, 0x79, 0x05, 0x05, 0x2C, 0x77, 0x36, 0x6D,
+        0x19, 0x72, 0xCC, 0xFC, 0xC1, 0xA2, 0x76, 0x10,
+        0xCB, 0x54, 0x36, 0x65, 0xAA, 0x79, 0x8E, 0x20,
+        0x94, 0x01, 0x28, 0xB9, 0x56, 0x7A, 0x7E, 0xDB,
+        0x7A, 0x90, 0x04, 0x07, 0xC7, 0x0D, 0x35, 0x94,
+        0x38, 0x43, 0x5E, 0x13, 0x96, 0x16, 0x08, 0xD5,
+        0x52, 0xA9, 0x4C, 0x5C, 0xDA, 0x78, 0x59, 0x22,
+        0x05, 0x09, 0xB4, 0x83, 0xC5, 0xC5, 0x2A, 0x21,
+        0x0E, 0x9C, 0x81, 0x2B, 0xC0, 0xC2, 0x32, 0x8C,
+        0xA0, 0x0E, 0x78, 0x9A, 0x56, 0xB2, 0x60, 0x6B,
+        0x90, 0x29, 0x2E, 0x35, 0x43, 0xDA, 0xCA, 0xA2,
+        0x43, 0x18, 0x41, 0xD6, 0x1A, 0x22, 0xCA, 0x90,
+        0xC1, 0xCC, 0xF0, 0xB5, 0xB4, 0xE0, 0xA6, 0xF6,
+        0x40, 0x53, 0x6D, 0x1A, 0x26, 0xAB, 0x5B, 0x8D,
+        0x21, 0x51, 0x32, 0x79, 0x28, 0xCE, 0x02, 0x90,
+        0x4C, 0xF1, 0xD1, 0x5E, 0x32, 0x78, 0x8A, 0x95,
+        0xF6, 0x2D, 0x3C, 0x27, 0x0B, 0x6F, 0xA1, 0x50,
+        0x8F, 0x97, 0xB9, 0x15, 0x5A, 0x27, 0x26, 0xD8,
+        0x0A, 0x1A, 0xFA, 0x3C, 0x53, 0x87, 0xA2, 0x76,
+        0xA4, 0xD0, 0x31, 0xA0, 0x8A, 0xBF, 0x4F, 0x2E,
+        0x74, 0xF1, 0xA0, 0xBB, 0x8A, 0x0F, 0xD3, 0xCB
     };
     static const byte seed_512[KYBER_ENC_RAND_SZ] = {
-        0x10, 0x9A, 0x24, 0x8F, 0xE8, 0x05, 0x2F, 0x84,
-        0x27, 0x1F, 0xF5, 0x7B, 0xAC, 0x15, 0x6B, 0x1B,
-        0xA6, 0xA5, 0x09, 0xCD, 0xCD, 0xBC, 0xC9, 0x6C,
-        0xCD, 0xB1, 0xCC, 0xB8, 0x5C, 0xA4, 0x93, 0x15
+        0x6F, 0xF0, 0x2E, 0x1D, 0xC7, 0xFD, 0x91, 0x1B,
+        0xEE, 0xE0, 0xC6, 0x92, 0xC8, 0xBD, 0x10, 0x0C,
+        0x3E, 0x5C, 0x48, 0x96, 0x4D, 0x31, 0xDF, 0x92,
+        0x99, 0x42, 0x18, 0xE8, 0x06, 0x64, 0xA6, 0xCA
     };
     static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = {
-        0x59, 0x7A, 0x06, 0xDE, 0xB8, 0x81, 0x72, 0xBA,
-        0x8D, 0x7C, 0xDE, 0x8D, 0x82, 0xCA, 0xA2, 0x34,
-        0xB8, 0x11, 0x2A, 0xF8, 0xA7, 0x2F, 0x1A, 0xB4,
-        0xCE, 0xA1, 0xEF, 0xCB, 0x2D, 0x86, 0x8D, 0x53,
-        0xD2, 0x12, 0xE3, 0x03, 0xB7, 0x0E, 0x7E, 0x52,
-        0x1A, 0xB0, 0xF4, 0xB5, 0xDB, 0x4F, 0x51, 0x15,
-        0x92, 0x48, 0xBF, 0xB2, 0x75, 0x36, 0x1B, 0xEF,
-        0x88, 0x37, 0x52, 0xC7, 0x8B, 0x8D, 0x47, 0x12,
-        0x27, 0x53, 0x85, 0x53, 0x6A, 0x4B, 0x0A, 0x96,
-        0xE3, 0xC2, 0x3E, 0xA6, 0xC1, 0x7E, 0xA9, 0x2B,
-        0x60, 0x26, 0x16, 0xE5, 0x82, 0x1E, 0x57, 0x53,
-        0xA4, 0x73, 0x6C, 0x40, 0x39, 0xC2, 0x0C, 0x92,
-        0x3C, 0xCE, 0xCB, 0x57, 0x98, 0x05, 0x58, 0x7C,
-        0x0C, 0xE7, 0x22, 0x18, 0xBB, 0x1A, 0xB1, 0x24,
-        0x52, 0xF8, 0xE1, 0x54, 0xCB, 0x86, 0x43, 0x32,
-        0x81, 0x42, 0xF9, 0xB3, 0x40, 0xA6, 0x41, 0xC6,
-        0xF2, 0x95, 0xE5, 0xEC, 0xF2, 0xE0, 0x48, 0xBC,
-        0x7F, 0xC7, 0x9B, 0xC5, 0xB9, 0x42, 0x77, 0xC8,
-        0x68, 0xD8, 0xE5, 0x36, 0xB5, 0x04, 0x25, 0x80,
-        0x9D, 0xCF, 0xA0, 0x24, 0xA3, 0x90, 0x5C, 0xBA,
-        0x55, 0x0A, 0xD3, 0xBB, 0x52, 0xB4, 0x59, 0xAC,
-        0x38, 0xFA, 0xBC, 0x9B, 0xC0, 0x0E, 0xBA, 0x03,
-        0xEC, 0x09, 0x06, 0x72, 0x5B, 0x4F, 0xE4, 0xE9,
-        0x76, 0xF1, 0x74, 0x32, 0x00, 0x47, 0xB3, 0x1D,
-        0x15, 0x89, 0x13, 0x65, 0xBA, 0x48, 0x23, 0x88,
-        0xF0, 0xFB, 0x97, 0x3B, 0x85, 0x22, 0x4F, 0xB0,
-        0x0B, 0xA8, 0x65, 0xAF, 0xAB, 0x3C, 0x9A, 0x1B,
-        0x7D, 0x48, 0x9F, 0x7B, 0x98, 0x2D, 0x0B, 0xD4,
-        0x70, 0xEF, 0x94, 0x8E, 0xCB, 0x5B, 0x39, 0x20,
-        0xAF, 0x89, 0x03, 0x59, 0x60, 0x12, 0x3B, 0x1F,
-        0x86, 0x30, 0xD7, 0x63, 0x68, 0x1B, 0xFD, 0x67,
-        0x15, 0x67, 0xEF, 0xBB, 0x1E, 0x62, 0x76, 0xAA,
-        0x4F, 0xB2, 0xDF, 0xA9, 0xC3, 0x94, 0x8D, 0xB7,
-        0xF0, 0x83, 0xF2, 0x83, 0x83, 0xB7, 0x7B, 0xC5,
-        0x14, 0xAF, 0x9D, 0x68, 0xD2, 0x2E, 0x24, 0x87,
-        0xC2, 0x01, 0x63, 0xC0, 0x2B, 0x0B, 0xBF, 0x23,
-        0xBB, 0xCE, 0x06, 0x50, 0xF8, 0x4F, 0xF8, 0xCE,
-        0x02, 0xC7, 0x4E, 0x9E, 0x11, 0xD6, 0xF3, 0x0E,
-        0xC5, 0xFA, 0x8A, 0x01, 0x2A, 0xDC, 0x3B, 0x89,
-        0x62, 0x7C, 0x7D, 0xE8, 0x55, 0xC1, 0xFB, 0xBE,
-        0xB5, 0xDC, 0xDE, 0x84, 0xD0, 0x5E, 0x36, 0xC5,
-        0x56, 0x6E, 0x55, 0x51, 0xB5, 0x87, 0x50, 0xA4,
-        0x11, 0x64, 0x26, 0x39, 0xB2, 0x78, 0x64, 0xF7,
-        0xE0, 0x05, 0x97, 0x8F, 0xFE, 0x25, 0x6B, 0x75,
-        0x7D, 0x13, 0xDA, 0x66, 0x3F, 0xC3, 0xBB, 0x07,
-        0x94, 0xA2, 0x7C, 0xF7, 0x58, 0x5D, 0x12, 0xF2,
-        0x2D, 0x95, 0x3B, 0x28, 0x54, 0x59, 0xFD, 0xC9,
-        0xBC, 0xDF, 0xCD, 0xCC, 0xB7, 0xBF, 0x3E, 0x4E,
-        0x36, 0x2D, 0x28, 0x91, 0xD5, 0x83, 0x85, 0x5F,
-        0x5D, 0x94, 0x87, 0xE6, 0xFB, 0x21, 0x7E, 0x2E,
-        0x45, 0xEE, 0x0B, 0xD9, 0xAF, 0xC2, 0x89, 0xF4,
-        0xD5, 0x64, 0x58, 0x12, 0x09, 0xA3, 0xAC, 0xA3,
-        0x17, 0x95, 0xA1, 0x24, 0xBD, 0x1B, 0xBA, 0xEA,
-        0x84, 0x67, 0x55, 0xC8, 0xEA, 0x78, 0x10, 0xEA,
-        0xA7, 0x30, 0x60, 0xE8, 0x6F, 0xB5, 0xFD, 0xF3,
-        0xFB, 0xE7, 0x2F, 0x80, 0x6B, 0xB1, 0xBF, 0xBF,
-        0xBA, 0xC0, 0xC7, 0xB1, 0x6B, 0xFE, 0x74, 0x25,
-        0x02, 0x77, 0xEC, 0xF5, 0xF5, 0x41, 0x57, 0x1B,
-        0x8A, 0x97, 0x50, 0x50, 0x91, 0x7F, 0xDF, 0x78,
-        0x1F, 0xEA, 0x17, 0xB5, 0x85, 0xE3, 0xC6, 0xDB,
-        0xFE, 0x77, 0xB1, 0xE4, 0x8A, 0x16, 0x50, 0x4C,
-        0x3A, 0x38, 0x90, 0x11, 0x56, 0x10, 0x0C, 0xAF,
-        0xEC, 0x2E, 0xD9, 0x39, 0xAE, 0x9A, 0x9E, 0xDF,
-        0xC9, 0xC0, 0xF8, 0xC7, 0xF5, 0x5C, 0xC9, 0x3E,
-        0x5D, 0xDD, 0x0B, 0x3D, 0xE1, 0xC6, 0xED, 0xAE,
-        0x2B, 0x7E, 0xE3, 0x4C, 0x61, 0x01, 0xF0, 0x11,
-        0xB5, 0x90, 0x4F, 0x69, 0x3D, 0x28, 0x63, 0x56,
-        0xB5, 0x4C, 0x86, 0xCE, 0x8B, 0xCF, 0xEA, 0x9D,
-        0xBF, 0xEC, 0x21, 0xC1, 0xEF, 0x0E, 0xCC, 0x91,
-        0x05, 0x00, 0x5B, 0xAA, 0x37, 0x7D, 0x82, 0x9D,
-        0xCA, 0x2C, 0xBF, 0x5E, 0xA5, 0xF3, 0x1B, 0x71,
-        0xD4, 0x46, 0xB8, 0x33, 0xE0, 0x06, 0x19, 0x81,
-        0x9D, 0x7F, 0xC6, 0x02, 0x40, 0x52, 0x49, 0x97,
-        0x57, 0xA2, 0x76, 0x5F, 0x19, 0xCD, 0x2B, 0x36,
-        0xC2, 0x48, 0x85, 0x99, 0xDC, 0x52, 0x47, 0x49,
-        0x4F, 0xAB, 0xE8, 0x1E, 0xEB, 0xEF, 0xD3, 0xBE,
-        0x75, 0xC4, 0x78, 0x0E, 0x43, 0xA5, 0x04, 0x18,
-        0xC5, 0xDB, 0x2F, 0xF3, 0x59, 0xC5, 0xA6, 0xDE,
-        0x28, 0x6E, 0xF5, 0x95, 0x1E, 0x27, 0x09, 0x48,
-        0x6E, 0xDC, 0x9C, 0xC4, 0x9D, 0x07, 0x24, 0xEC,
-        0xA3, 0xF2, 0xC0, 0xB7, 0x5F, 0x8A, 0x36, 0xCE,
-        0x86, 0x23, 0x88, 0xF0, 0x0B, 0x3C, 0x59, 0x3D,
-        0x1C, 0x8C, 0x6A, 0xC4, 0x5D, 0x73, 0xA7, 0x2F,
-        0xF6, 0xB4, 0xF8, 0x05, 0xB1, 0x31, 0xED, 0x4E,
-        0xAF, 0x56, 0x01, 0xD7, 0xB7, 0x3B, 0x0E, 0x37,
-        0x24, 0xE7, 0x5D, 0x58, 0xDD, 0x50, 0xF5, 0x87,
-        0x1C, 0x54, 0xA3, 0x7C, 0x14, 0x81, 0x33, 0x17,
-        0x59, 0xF4, 0xBE, 0x86, 0xFB, 0x58, 0xA2, 0xEE,
-        0x00, 0x31, 0x30, 0xF6, 0x6E, 0x18, 0x7C, 0x8B,
-        0xA5, 0x01, 0x5B, 0xE7, 0x13, 0x29, 0x65, 0x89,
-        0xAC, 0xAF, 0xBF, 0x65, 0x96, 0x89, 0x7E, 0x03,
-        0xD4, 0x92, 0x0C, 0x91, 0xF2, 0x63, 0x33, 0xB7,
-        0xBF, 0x17, 0x98, 0xAF, 0x81, 0x5C, 0x93, 0xD4,
-        0xDF, 0x55, 0xBD, 0x47, 0xA0, 0x82, 0x49, 0xBF,
-        0x11, 0x30, 0x63, 0xFB, 0xB3, 0x95, 0x03, 0xE9,
-        0xB6, 0xD4, 0x3E, 0xAC, 0x7B, 0x0C, 0x30, 0x5A
+        0x19, 0xC5, 0x92, 0x50, 0x59, 0x07, 0xC2, 0x4C,
+        0x5F, 0xA2, 0xEB, 0xFA, 0x93, 0x2D, 0x2C, 0xBB,
+        0x48, 0xF3, 0xE4, 0x34, 0x0A, 0x28, 0xF7, 0xEB,
+        0xA5, 0xD0, 0x68, 0xFC, 0xAC, 0xAB, 0xED, 0xF7,
+        0x77, 0x84, 0xE2, 0xB2, 0x4D, 0x79, 0x61, 0x77,
+        0x5F, 0x0B, 0xF1, 0xA9, 0x97, 0xAE, 0x8B, 0xA9,
+        0xFC, 0x43, 0x11, 0xBE, 0x63, 0x71, 0x67, 0x79,
+        0xC2, 0xB7, 0x88, 0xF8, 0x12, 0xCB, 0xB7, 0x8C,
+        0x74, 0xE7, 0x51, 0x7E, 0x22, 0xE9, 0x10, 0xEF,
+        0xF5, 0xF3, 0x8D, 0x44, 0x46, 0x9C, 0x50, 0xDE,
+        0x16, 0x75, 0xAE, 0x19, 0x8F, 0xD6, 0xA2, 0x89,
+        0xAE, 0x7E, 0x6C, 0x30, 0xA9, 0xD4, 0x35, 0x1B,
+        0x3D, 0x1F, 0x4C, 0x36, 0xEF, 0xF9, 0xC6, 0x8D,
+        0xA9, 0x1C, 0x40, 0xB8, 0x2D, 0xC9, 0xB2, 0x79,
+        0x9A, 0x33, 0xA2, 0x6B, 0x60, 0xA4, 0xE7, 0x0D,
+        0x71, 0x01, 0x86, 0x27, 0x79, 0x46, 0x9F, 0x3A,
+        0x9D, 0xAE, 0xC8, 0xE3, 0xE8, 0xF8, 0xC6, 0xA1,
+        0x6B, 0xF0, 0x92, 0xFB, 0xA5, 0x86, 0x61, 0x86,
+        0xB8, 0xD2, 0x08, 0xFD, 0xEB, 0x27, 0x4A, 0xC1,
+        0xF8, 0x29, 0x65, 0x9D, 0xC2, 0xBE, 0x4A, 0xC4,
+        0xF3, 0x06, 0xCB, 0x55, 0x84, 0xBA, 0xD1, 0x93,
+        0x6A, 0x92, 0xC9, 0xB7, 0x68, 0x19, 0x23, 0x42,
+        0x81, 0xBB, 0x39, 0x58, 0x41, 0xC2, 0x57, 0x56,
+        0x08, 0x6E, 0xA5, 0x64, 0xCA, 0x3E, 0x22, 0x7E,
+        0x3D, 0x9F, 0x10, 0x52, 0xC0, 0x76, 0x6D, 0x2E,
+        0xB7, 0x9A, 0x47, 0xC1, 0x50, 0x72, 0x1E, 0x0D,
+        0xEA, 0x7C, 0x00, 0x69, 0xD5, 0x51, 0xB2, 0x64,
+        0x80, 0x1B, 0x77, 0x27, 0xEC, 0xAF, 0x82, 0xEE,
+        0xCB, 0x99, 0xA8, 0x76, 0xFD, 0xA0, 0x90, 0xBF,
+        0x6C, 0x3F, 0xC6, 0xB1, 0x09, 0xF1, 0x70, 0x14,
+        0x85, 0xF0, 0x3C, 0xE6, 0x62, 0x74, 0xB8, 0x43,
+        0x5B, 0x0A, 0x01, 0x4C, 0xFB, 0x3E, 0x79, 0xCC,
+        0xED, 0x67, 0x05, 0x7B, 0x5A, 0xE2, 0xAD, 0x7F,
+        0x52, 0x79, 0xEB, 0x71, 0x49, 0x42, 0xE4, 0xC1,
+        0xCC, 0xFF, 0x7E, 0x85, 0xC0, 0xDB, 0x43, 0xE5,
+        0xD4, 0x12, 0x89, 0x20, 0x73, 0x63, 0xB4, 0x44,
+        0xBB, 0x51, 0xBB, 0x8A, 0xB0, 0x37, 0x1E, 0x70,
+        0xCB, 0xD5, 0x5F, 0x0F, 0x3D, 0xAD, 0x40, 0x3E,
+        0x10, 0x51, 0x76, 0xE3, 0xE8, 0xA2, 0x25, 0xD8,
+        0x4A, 0xC8, 0xBE, 0xE3, 0x8C, 0x82, 0x1E, 0xE0,
+        0xF5, 0x47, 0x43, 0x11, 0x45, 0xDC, 0xB3, 0x13,
+        0x92, 0x86, 0xAB, 0xB1, 0x17, 0x94, 0xA4, 0x3A,
+        0x3C, 0x1B, 0x52, 0x29, 0xE4, 0xBC, 0xFE, 0x95,
+        0x9C, 0x78, 0xAD, 0xAE, 0xE2, 0xD5, 0xF2, 0x49,
+        0x7B, 0x5D, 0x24, 0xBC, 0x21, 0xFA, 0x03, 0xA9,
+        0xA5, 0x8C, 0x24, 0x55, 0x37, 0x3E, 0xC8, 0x95,
+        0x83, 0xE7, 0xE5, 0x88, 0xD7, 0xFE, 0x67, 0x99,
+        0x1E, 0xE9, 0x37, 0x83, 0xED, 0x4A, 0x6F, 0x9E,
+        0xEA, 0xE0, 0x4E, 0x64, 0xE2, 0xE1, 0xE0, 0xE6,
+        0x99, 0xF6, 0xDC, 0x9C, 0x5D, 0x39, 0xEF, 0x92,
+        0x78, 0xC9, 0x85, 0xE7, 0xFD, 0xF2, 0xA7, 0x64,
+        0xFF, 0xD1, 0xA0, 0xB9, 0x57, 0x92, 0xAD, 0x68,
+        0x1E, 0x93, 0x0D, 0x76, 0xDF, 0x4E, 0xFE, 0x5D,
+        0x65, 0xDB, 0xBD, 0x0F, 0x14, 0x38, 0x48, 0x1E,
+        0xD8, 0x33, 0xAD, 0x49, 0x46, 0xAD, 0x1C, 0x69,
+        0xAD, 0x21, 0xDD, 0x7C, 0x86, 0x18, 0x57, 0x74,
+        0x42, 0x6F, 0x3F, 0xCF, 0x53, 0xB5, 0x2A, 0xD4,
+        0xB4, 0x0D, 0x22, 0x8C, 0xE1, 0x24, 0x07, 0x2F,
+        0x59, 0x2C, 0x7D, 0xAA, 0x05, 0x7F, 0x17, 0xD7,
+        0x90, 0xA5, 0xBD, 0x5B, 0x93, 0x83, 0x4D, 0x58,
+        0xC0, 0x8C, 0x88, 0xDC, 0x8F, 0x0E, 0xF4, 0x88,
+        0x15, 0x64, 0x25, 0xB7, 0x44, 0x65, 0x4E, 0xAC,
+        0xA9, 0xD6, 0x48, 0x58, 0xA4, 0xD6, 0xCE, 0xB4,
+        0x78, 0x79, 0x51, 0x94, 0xBF, 0xAD, 0xB1, 0x8D,
+        0xC0, 0xEA, 0x05, 0x4F, 0x97, 0x71, 0x21, 0x5A,
+        0xD3, 0xCB, 0x1F, 0xD0, 0x31, 0xD7, 0xBE, 0x45,
+        0x98, 0x62, 0x19, 0x26, 0x47, 0x8D, 0x37, 0x5A,
+        0x18, 0x45, 0xAA, 0x91, 0xD7, 0xC7, 0x33, 0xF8,
+        0xF0, 0xE1, 0x88, 0xC8, 0x38, 0x96, 0xED, 0xF8,
+        0x3B, 0x86, 0x46, 0xC9, 0x9E, 0x29, 0xC0, 0xDA,
+        0x22, 0x90, 0xE7, 0x1C, 0x3D, 0x2E, 0x97, 0x07,
+        0x20, 0xC9, 0x7B, 0x5B, 0x7F, 0x95, 0x04, 0x86,
+        0x03, 0x3C, 0x6A, 0x25, 0x71, 0xDD, 0xF2, 0xBC,
+        0xCD, 0xAB, 0xB2, 0xDF, 0xA5, 0xFC, 0xE4, 0xC3,
+        0xA1, 0x88, 0x46, 0x06, 0x04, 0x1D, 0x18, 0x1C,
+        0x72, 0x87, 0x94, 0xAE, 0x0E, 0x80, 0x6E, 0xCB,
+        0x49, 0xAF, 0x16, 0x75, 0x6A, 0x4C, 0xE7, 0x3C,
+        0x87, 0xBD, 0x42, 0x34, 0xE6, 0x0F, 0x05, 0x53,
+        0x5F, 0xA5, 0x92, 0x9F, 0xD5, 0xA3, 0x44, 0x73,
+        0x26, 0x64, 0x01, 0xF6, 0x3B, 0xBD, 0x6B, 0x90,
+        0xE0, 0x03, 0x47, 0x2A, 0xC0, 0xCE, 0x88, 0xF1,
+        0xB6, 0x66, 0x59, 0x72, 0x79, 0xD0, 0x56, 0xA6,
+        0x32, 0xC8, 0xD6, 0xB7, 0x90, 0xFD, 0x41, 0x17,
+        0x67, 0x84, 0x8A, 0x69, 0xE3, 0x7A, 0x8A, 0x83,
+        0x9B, 0xC7, 0x66, 0xA0, 0x2C, 0xA2, 0xF6, 0x95,
+        0xEC, 0x63, 0xF0, 0x56, 0xA4, 0xE2, 0xA1, 0x14,
+        0xCA, 0xCF, 0x9F, 0xD9, 0x0D, 0x73, 0x0C, 0x97,
+        0x0D, 0xB3, 0x87, 0xF6, 0xDE, 0x73, 0x39, 0x5F,
+        0x70, 0x1A, 0x1D, 0x95, 0x3B, 0x2A, 0x89, 0xDD,
+        0x7E, 0xDA, 0xD4, 0x39, 0xFC, 0x20, 0x5A, 0x54,
+        0xA4, 0x81, 0xE8, 0x89, 0xB0, 0x98, 0xD5, 0x25,
+        0x56, 0x70, 0xF0, 0x26, 0xB4, 0xA2, 0xBF, 0x02,
+        0xD2, 0xBD, 0xDE, 0x87, 0xC7, 0x66, 0xB2, 0x5F,
+        0xC5, 0xE0, 0xFD, 0x45, 0x37, 0x57, 0xE7, 0x56,
+        0xD1, 0x8C, 0x8C, 0xD9, 0x12, 0xF9, 0xA7, 0x7F,
+        0x8E, 0x6B, 0xF0, 0x20, 0x53, 0x74, 0xB4, 0x62
     };
     static const byte k_512[KYBER_SS_SZ] = {
-        0x4D, 0xDD, 0x30, 0x4E, 0x27, 0x48, 0x99, 0xBD,
-        0x82, 0x97, 0x18, 0x56, 0x82, 0x4B, 0x58, 0x71,
-        0x30, 0x92, 0x79, 0x52, 0x06, 0x01, 0x21, 0x85,
-        0x8F, 0x9A, 0xDE, 0xB9, 0x6A, 0xB7, 0xF5, 0x71
+        0x0B, 0xF3, 0x23, 0x33, 0x8D, 0x6F, 0x0A, 0x21,
+        0xD5, 0x51, 0x4B, 0x67, 0x3C, 0xD1, 0x0B, 0x71,
+        0x4C, 0xE6, 0xE3, 0x6F, 0x35, 0xBC, 0xD1, 0xBF,
+        0x54, 0x41, 0x96, 0x36, 0x8E, 0xE5, 0x1A, 0x13
     };
 #endif
 #ifndef WOLFSSL_NO_KYBER768
     static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = {
-        0x14, 0x56, 0xA2, 0xEE, 0x8C, 0x35, 0x56, 0x05,
-        0x4A, 0xBC, 0x79, 0xB4, 0x88, 0x2C, 0x31, 0x90,
-        0xE5, 0xCA, 0x72, 0x6A, 0xB4, 0x02, 0xE5, 0xB0,
-        0x97, 0x28, 0xC0, 0xF4, 0xF7, 0x9C, 0x9F, 0xC2,
-        0xAD, 0xD8, 0x28, 0xAB, 0xE4, 0x32, 0xB1, 0x50,
-        0x1B, 0x60, 0xF4, 0x6C, 0xCB, 0xC8, 0x6A, 0x33,
-        0x78, 0xC3, 0x48, 0x95, 0x70, 0x8A, 0x13, 0x67,
-        0x1B, 0x20, 0xB3, 0x89, 0x47, 0x9A, 0xAA, 0x01,
-        0xC6, 0x9D, 0x6B, 0x3B, 0x7D, 0x07, 0xD1, 0xC3,
-        0xAB, 0x54, 0xB9, 0x1C, 0x58, 0x0F, 0x5A, 0x33,
-        0x6B, 0x30, 0x06, 0x9A, 0x4F, 0x13, 0x4F, 0xFD,
-        0x37, 0x64, 0xCE, 0x73, 0xA0, 0x47, 0xE2, 0x84,
-        0x47, 0x71, 0x74, 0x2B, 0xF4, 0x71, 0x0B, 0x97,
-        0x2D, 0x4F, 0x65, 0x90, 0xA1, 0xC5, 0x3A, 0x97,
-        0x53, 0x68, 0xC2, 0x71, 0xB6, 0x70, 0xF1, 0xA4,
-        0x03, 0x64, 0x41, 0x05, 0x4A, 0x66, 0xE8, 0x81,
-        0x59, 0x97, 0x51, 0x22, 0x88, 0x55, 0x2F, 0xD7,
-        0x14, 0x9F, 0xFB, 0x70, 0x5A, 0xAE, 0x13, 0x3F,
-        0x84, 0x14, 0x06, 0x0D, 0x00, 0x92, 0xFA, 0x8A,
-        0x16, 0x27, 0xD7, 0x8A, 0xB2, 0xAB, 0xC6, 0x69,
-        0x62, 0x88, 0xBA, 0xF5, 0xC6, 0x0E, 0xF3, 0x70,
-        0x82, 0x7A, 0x7E, 0xFA, 0x72, 0xAE, 0x5C, 0x67,
-        0x41, 0xA5, 0xDA, 0x04, 0x3D, 0x59, 0x40, 0xF1,
-        0x21, 0x48, 0x53, 0x72, 0xA9, 0x8F, 0x47, 0x2D,
-        0x60, 0xF0, 0x5F, 0x74, 0xD9, 0x5F, 0x01, 0xA1,
-        0x99, 0x1E, 0x73, 0xA3, 0xE0, 0xA9, 0x53, 0x64,
-        0x67, 0xA4, 0x73, 0x8A, 0xB4, 0xCF, 0x38, 0x5B,
-        0xA7, 0x72, 0x82, 0x7E, 0xB8, 0xCC, 0x05, 0x8B,
-        0x35, 0x72, 0xE4, 0x0B, 0x59, 0x84, 0x44, 0xC1,
-        0x81, 0xC7, 0xF6, 0xD9, 0xB7, 0x60, 0xA7, 0xB9,
-        0x07, 0x09, 0x2E, 0x9C, 0x33, 0x51, 0xEA, 0x23,
-        0x4E, 0x44, 0x49, 0xBD, 0x9B, 0x61, 0xA1, 0x34,
-        0x65, 0x4E, 0x2D, 0xA1, 0x91, 0xFF, 0x07, 0x93,
-        0x96, 0x15, 0x69, 0xD3, 0x59, 0x44, 0x48, 0xBB,
-        0xC2, 0x58, 0x69, 0x99, 0xA6, 0x67, 0x1E, 0xFC,
-        0xA9, 0x57, 0xF3, 0xA6, 0x69, 0x9A, 0x4A, 0x1B,
-        0x2F, 0x47, 0x07, 0xAB, 0xA0, 0xB2, 0xDB, 0x20,
-        0x11, 0x4F, 0xE6, 0x8A, 0x4E, 0x28, 0x15, 0xAF,
-        0x3A, 0xAC, 0x4B, 0x8C, 0x6B, 0xE5, 0x64, 0x8C,
-        0x50, 0xCC, 0x35, 0xC2, 0x7C, 0x57, 0x28, 0x80,
-        0x28, 0xD3, 0x61, 0x70, 0x8D, 0x30, 0x2E, 0xEB,
-        0xB8, 0x60, 0xBE, 0xE6, 0x91, 0xF6, 0x56, 0xA2,
-        0x55, 0x0C, 0xB3, 0x21, 0xE9, 0x29, 0x3D, 0x75,
-        0x16, 0xC5, 0x99, 0x81, 0x7B, 0x76, 0x6B, 0xA9,
-        0x28, 0xB1, 0x08, 0x77, 0x9A, 0x1C, 0x87, 0x12,
-        0xE7, 0x4C, 0x76, 0x84, 0x1A, 0xC5, 0x8B, 0x8C,
-        0x51, 0x5B, 0xF4, 0x74, 0x9B, 0xF7, 0x15, 0x98,
-        0x44, 0x45, 0xB2, 0xB5, 0x30, 0x63, 0x38, 0x40,
-        0x01, 0xE5, 0x5F, 0x68, 0x86, 0x7B, 0x1A, 0xF4,
-        0x6C, 0xA7, 0x0C, 0xA8, 0xEA, 0x74, 0x17, 0x2D,
-        0xB8, 0x0B, 0x52, 0x18, 0xBD, 0xE4, 0xF0, 0x0A,
-        0x0E, 0x65, 0x8D, 0xB5, 0xA1, 0x8D, 0x94, 0xE1,
-        0x42, 0x7A, 0xF7, 0xAE, 0x35, 0x8C, 0xCE, 0xB2,
-        0x38, 0x77, 0x2F, 0xCC, 0x83, 0xF1, 0x08, 0x28,
-        0xA4, 0xA3, 0x67, 0xD4, 0x2C, 0x4C, 0xB6, 0x93,
-        0x3F, 0xDD, 0x1C, 0x1C, 0x7B, 0x86, 0xAD, 0x8B,
-        0x00, 0x96, 0x57, 0xA9, 0x62, 0x22, 0xD7, 0xBA,
-        0x92, 0xF5, 0x27, 0xAF, 0x87, 0x79, 0x70, 0xA8,
-        0x32, 0x47, 0xF4, 0x7A, 0x23, 0xFC, 0x22, 0x85,
-        0x11, 0x8B, 0x57, 0x71, 0x77, 0x15, 0x20, 0x46,
-        0x74, 0xDA, 0x9C, 0x94, 0xB6, 0x2B, 0xC7, 0x83,
-        0x8C, 0xF8, 0x72, 0x00, 0x15, 0x6B, 0x26, 0xBA,
-        0x46, 0x71, 0x15, 0x99, 0x31, 0xC4, 0x93, 0x22,
-        0xD8, 0x06, 0x71, 0xA0, 0xF3, 0x32, 0xEA, 0xA2,
-        0xBB, 0xF8, 0x93, 0xBE, 0x40, 0x8B, 0x9E, 0xAC,
-        0x6A, 0x50, 0x54, 0x83, 0xAA, 0x90, 0x75, 0xBD,
-        0x13, 0x68, 0xB5, 0x1F, 0x99, 0x21, 0x1F, 0x48,
-        0x0A, 0x9C, 0x54, 0x2A, 0x75, 0xB5, 0xBE, 0x08,
-        0xE4, 0x3A, 0xDA, 0xF3, 0x01, 0xDD, 0x72, 0x9A,
-        0x85, 0x95, 0x40, 0x10, 0xE6, 0x48, 0x92, 0xA2,
-        0xAA, 0x4F, 0x15, 0xC0, 0xBD, 0x70, 0xB3, 0xD8,
-        0x56, 0x49, 0x4F, 0xF9, 0xBA, 0x0F, 0xE4, 0xCE,
-        0x12, 0x99, 0x1C, 0xA0, 0x6B, 0x5E, 0x3D, 0x0B,
-        0x2A, 0xF1, 0xF7, 0x97, 0xB7, 0xA2, 0xB7, 0x60,
-        0x91, 0x0A, 0xE9, 0xF8, 0x33, 0xD0, 0xD4, 0x26,
-        0x7A, 0x58, 0x05, 0x2C, 0x29, 0x90, 0xF1, 0x61,
-        0xB8, 0x86, 0xE2, 0x51, 0x71, 0x1C, 0x09, 0xD0,
-        0x85, 0xC3, 0xD9, 0x58, 0xB1, 0x44, 0x19, 0x2C,
-        0x9C, 0xC3, 0x22, 0x4A, 0x46, 0x07, 0x15, 0xB6,
-        0x78, 0x4E, 0xB0, 0xB2, 0x6F, 0x23, 0x71, 0x87,
-        0x50, 0x7D, 0x85, 0xC5, 0x11, 0x0A, 0xCC, 0x71,
-        0xCE, 0x47, 0x19, 0x8F, 0x25, 0x45, 0x53, 0x35,
-        0x6D, 0xAB, 0x44, 0x8C, 0x38, 0xD2, 0x43, 0xA7,
-        0xC0, 0x2B, 0xE4, 0x0C, 0x90, 0x8C, 0x82, 0x8D,
-        0x05, 0xC0, 0x81, 0xDF, 0xAB, 0x8F, 0xC6, 0xB5,
-        0xCF, 0xE7, 0xD5, 0x6E, 0x73, 0x17, 0x15, 0x7D,
-        0xC0, 0x53, 0xB2, 0xB3, 0x48, 0x99, 0x86, 0xB0,
-        0x81, 0x28, 0x88, 0x71, 0x81, 0x85, 0x85, 0xE0,
-        0x99, 0x31, 0x09, 0x5E, 0x32, 0x74, 0xA0, 0x84,
-        0x11, 0x5B, 0xE2, 0x76, 0x43, 0x82, 0x54, 0xA7,
-        0x96, 0x27, 0x0A, 0x7B, 0x43, 0x06, 0xF0, 0x8B,
-        0x98, 0xD9, 0xC2, 0xAA, 0xEC, 0xF7, 0x06, 0x5E,
-        0x74, 0x44, 0x6B, 0x7C, 0x69, 0x6D, 0xBA, 0xAF,
-        0x8B, 0x46, 0x25, 0xA1, 0x0B, 0x07, 0x82, 0x7B,
-        0x4A, 0x8B, 0xAB, 0xAB, 0x09, 0xB6, 0x4A, 0xE1,
-        0xC3, 0x75, 0xBB, 0x78, 0x54, 0x41, 0xF3, 0x19,
-        0xFB, 0x9A, 0xC2, 0xF1, 0x4C, 0x95, 0xFF, 0xB2,
-        0x52, 0xAB, 0xBB, 0x80, 0x9C, 0x69, 0x09, 0xCD,
-        0x97, 0x70, 0x6E, 0x40, 0x69, 0x1C, 0xBA, 0x61,
-        0xC9, 0x25, 0x2B, 0xD3, 0x8A, 0x04, 0x31, 0x1C,
-        0xA5, 0xBB, 0x2C, 0xA7, 0x95, 0x78, 0x34, 0x75,
-        0x05, 0xD0, 0x88, 0x88, 0x51, 0xE0, 0x82, 0x64,
-        0x8B, 0xD0, 0x03, 0xBE, 0x97, 0xC0, 0xF8, 0xF6,
-        0x67, 0x59, 0xEC, 0x96, 0xA9, 0x6A, 0x08, 0x1C,
-        0x68, 0x22, 0xC4, 0x51, 0x05, 0x59, 0x53, 0x70,
-        0x42, 0xFC, 0x15, 0xF0, 0x69, 0xA6, 0x49, 0xB7,
-        0x4A, 0x10, 0x96, 0x1B, 0x35, 0x4A, 0x1F, 0x62,
-        0x5B, 0x04, 0xE2, 0x5B, 0x29, 0x3C, 0xF6, 0x5F,
-        0xB4, 0xF5, 0x3A, 0x80, 0xCC, 0x73, 0x3D, 0x7A,
-        0x17, 0x57, 0x75, 0xBF, 0x8A, 0x9A, 0xBB, 0x92,
-        0x01, 0x62, 0x0E, 0x83, 0xA7, 0xF3, 0xE7, 0x24,
-        0xD1, 0x28, 0x7D, 0xBC, 0x44, 0xBD, 0xD5, 0xD8,
-        0x5F, 0xC7, 0x15, 0x45, 0xA9, 0x27, 0xBE, 0xED,
-        0xE5, 0x37, 0xA7, 0x76, 0x87, 0x35, 0xCC, 0x14,
-        0x86, 0xC7, 0xC3, 0xF3, 0x11, 0x04, 0xDB, 0x67,
-        0x34, 0x3F, 0x43, 0x5D, 0x2D, 0x45, 0x55, 0x4B,
-        0xAA, 0xC9, 0xCD, 0xB5, 0x82, 0x2E, 0x84, 0x22,
-        0xAE, 0x83, 0x21, 0xC7, 0x8A, 0xBE, 0x9F, 0x26,
-        0x1F, 0xD4, 0x81, 0x0A, 0x79, 0xE3, 0x3E, 0x94,
-        0xE6, 0x3B, 0x33, 0x41, 0x87, 0x2C, 0x92, 0x25,
-        0x35, 0x21, 0x99, 0x7C, 0x08, 0x4F, 0xBC, 0x06,
-        0x0B, 0x8B, 0x12, 0x5C, 0xCC, 0x88, 0xAC, 0x85,
-        0xAC, 0x5F, 0xE3, 0x16, 0x8A, 0xCB, 0x05, 0x9B,
-        0x3F, 0x11, 0x9C, 0x4E, 0x05, 0x0A, 0x20, 0x73,
-        0x2F, 0x50, 0x1B, 0xB9, 0xB3, 0xE6, 0x87, 0xC8,
-        0x46, 0xB5, 0xC2, 0x65, 0x3F, 0x88, 0x86, 0x37,
-        0x3E, 0x10, 0x04, 0xA2, 0xAB, 0x8D, 0x1B, 0xB9,
-        0x70, 0xA7, 0xE5, 0x71, 0xD8, 0xA4, 0x6E, 0xE8,
-        0x1B, 0x78, 0x2F, 0x26, 0x94, 0x2D, 0xD3, 0x94,
-        0xFD, 0xD9, 0xA5, 0xE4, 0xC5, 0x63, 0x1D, 0x98,
-        0x55, 0x28, 0x60, 0x4B, 0x1C, 0xC9, 0x76, 0x27,
-        0x5B, 0x6A, 0xC8, 0xA6, 0x7C, 0xEE, 0xC1, 0x0F,
-        0xFA, 0xCB, 0xBA, 0x3D, 0x3B, 0xB1, 0x41, 0x32,
-        0x1D, 0xFC, 0x3C, 0x92, 0x31, 0xFC, 0x96, 0xE4,
-        0x48, 0xB9, 0xAB, 0x84, 0x70, 0x21, 0xE2, 0xC8,
-        0xD9, 0x0C, 0x6B, 0xCA, 0xF2, 0xB1, 0x24, 0x07,
-        0x83, 0xB6, 0x2C, 0x79, 0xDE, 0xDC, 0x07, 0x2A,
-        0x57, 0x63, 0xE6, 0x60, 0xAF, 0x2C, 0x27, 0xC3,
-        0xF0, 0xC3, 0xC0, 0x92, 0x07, 0xCA, 0xD9, 0x90,
-        0xBB, 0x41, 0xA7, 0xBF, 0xCE, 0xC9, 0x9F, 0x51,
-        0x59, 0x6A, 0x0E, 0x83, 0x77, 0x8F, 0x85, 0xC0,
-        0x06, 0xAC, 0x6D, 0x1F, 0xE9, 0x81, 0xB4, 0xC4,
-        0xBA, 0x1C, 0xB5, 0x75, 0xA7, 0xD0, 0x7A, 0xE2,
-        0xD3, 0x1B, 0xA7, 0x60, 0x09, 0x5F, 0x74, 0xBC,
-        0x16, 0x38, 0x41, 0xCF, 0x8F, 0xF7, 0x7F, 0x89,
-        0x4A, 0xBC, 0x6D, 0x26, 0x1E, 0xD8, 0x7A, 0x45,
-        0x30, 0x36, 0x3B, 0x94, 0x9C, 0x4A, 0xD2, 0x4E,
-        0xFB, 0x3A, 0x56, 0x80, 0x94, 0x78, 0xDD, 0xA2
+        0x89, 0xD2, 0xCB, 0x65, 0xF9, 0x4D, 0xCB, 0xFC,
+        0x89, 0x0E, 0xFC, 0x7D, 0x0E, 0x5A, 0x7A, 0x38,
+        0x34, 0x4D, 0x16, 0x41, 0xA3, 0xD0, 0xB0, 0x24,
+        0xD5, 0x07, 0x97, 0xA5, 0xF2, 0x3C, 0x3A, 0x18,
+        0xB3, 0x10, 0x1A, 0x12, 0x69, 0x06, 0x9F, 0x43,
+        0xA8, 0x42, 0xBA, 0xCC, 0x09, 0x8A, 0x88, 0x21,
+        0x27, 0x1C, 0x67, 0x3D, 0xB1, 0xBE, 0xB3, 0x30,
+        0x34, 0xE4, 0xD7, 0x77, 0x4D, 0x16, 0x63, 0x5C,
+        0x7C, 0x2C, 0x3C, 0x27, 0x63, 0x45, 0x35, 0x38,
+        0xBC, 0x16, 0x32, 0xE1, 0x85, 0x15, 0x91, 0xA5,
+        0x16, 0x42, 0x97, 0x4E, 0x59, 0x28, 0xAB, 0xB8,
+        0xE5, 0x5F, 0xE5, 0x56, 0x12, 0xF9, 0xB1, 0x41,
+        0xAF, 0xF0, 0x15, 0x54, 0x53, 0x94, 0xB2, 0x09,
+        0x2E, 0x59, 0x09, 0x70, 0xEC, 0x29, 0xA7, 0xB7,
+        0xE7, 0xAA, 0x1F, 0xB4, 0x49, 0x3B, 0xF7, 0xCB,
+        0x73, 0x19, 0x06, 0xC2, 0xA5, 0xCB, 0x49, 0xE6,
+        0x61, 0x48, 0x59, 0x06, 0x4E, 0x19, 0xB8, 0xFA,
+        0x26, 0xAF, 0x51, 0xC4, 0x4B, 0x5E, 0x75, 0x35,
+        0xBF, 0xDA, 0xC0, 0x72, 0xB6, 0x46, 0xD3, 0xEA,
+        0x49, 0x0D, 0x27, 0x7F, 0x0D, 0x97, 0xCE, 0xD4,
+        0x73, 0x95, 0xFE, 0xD9, 0x1E, 0x8F, 0x2B, 0xCE,
+        0x0E, 0x3C, 0xA1, 0x22, 0xC2, 0x02, 0x5F, 0x74,
+        0x06, 0x7A, 0xB9, 0x28, 0xA8, 0x22, 0xB3, 0x56,
+        0x53, 0xA7, 0x4F, 0x06, 0x75, 0x76, 0x29, 0xAF,
+        0xB1, 0xA1, 0xCA, 0xF2, 0x37, 0x10, 0x0E, 0xA9,
+        0x35, 0xE7, 0x93, 0xC8, 0xF5, 0x8A, 0x71, 0xB3,
+        0xD6, 0xAE, 0x2C, 0x86, 0x58, 0xB1, 0x01, 0x50,
+        0xD4, 0xA3, 0x8F, 0x57, 0x2A, 0x0D, 0x49, 0xD2,
+        0x8A, 0xE8, 0x94, 0x51, 0xD3, 0x38, 0x32, 0x6F,
+        0xDB, 0x3B, 0x43, 0x50, 0x03, 0x6C, 0x10, 0x81,
+        0x11, 0x77, 0x40, 0xED, 0xB8, 0x6B, 0x12, 0x08,
+        0x1C, 0x5C, 0x12, 0x23, 0xDB, 0xB5, 0x66, 0x0D,
+        0x5B, 0x3C, 0xB3, 0x78, 0x7D, 0x48, 0x18, 0x49,
+        0x30, 0x4C, 0x68, 0xBE, 0x87, 0x54, 0x66, 0xF1,
+        0x4E, 0xE5, 0x49, 0x5C, 0x2B, 0xD7, 0x95, 0xAE,
+        0x41, 0x2D, 0x09, 0x00, 0x2D, 0x65, 0xB8, 0x71,
+        0x9B, 0x90, 0xCB, 0xA3, 0x60, 0x3A, 0xC4, 0x95,
+        0x8E, 0xA0, 0x3C, 0xC1, 0x38, 0xC8, 0x6F, 0x78,
+        0x51, 0x59, 0x31, 0x25, 0x33, 0x47, 0x01, 0xB6,
+        0x77, 0xF8, 0x2F, 0x49, 0x52, 0xA4, 0xC9, 0x3B,
+        0x5B, 0x4C, 0x13, 0x4B, 0xB4, 0x2A, 0x85, 0x7F,
+        0xD1, 0x5C, 0x65, 0x08, 0x64, 0xA6, 0xAA, 0x94,
+        0xEB, 0x69, 0x1C, 0x0B, 0x69, 0x1B, 0xE4, 0x68,
+        0x4C, 0x1F, 0x5B, 0x74, 0x90, 0x46, 0x7F, 0xC0,
+        0x1B, 0x1D, 0x1F, 0xDA, 0x4D, 0xDA, 0x35, 0xC4,
+        0xEC, 0xC2, 0x31, 0xBC, 0x73, 0xA6, 0xFE, 0xF4,
+        0x2C, 0x99, 0xD3, 0x4E, 0xB8, 0x2A, 0x4D, 0x01,
+        0x49, 0x87, 0xB3, 0xE3, 0x86, 0x91, 0x0C, 0x62,
+        0x67, 0x9A, 0x11, 0x8F, 0x3C, 0x5B, 0xD9, 0xF4,
+        0x67, 0xE4, 0x16, 0x20, 0x42, 0x42, 0x43, 0x57,
+        0xDB, 0x92, 0xEF, 0x48, 0x4A, 0x4A, 0x17, 0x98,
+        0xC1, 0x25, 0x7E, 0x87, 0x0A, 0x30, 0xCB, 0x20,
+        0xAA, 0xA0, 0x33, 0x5D, 0x83, 0x31, 0x4F, 0xE0,
+        0xAA, 0x7E, 0x63, 0xA8, 0x62, 0x64, 0x80, 0x41,
+        0xA7, 0x2A, 0x63, 0x21, 0x52, 0x32, 0x20, 0xB1,
+        0xAC, 0xE9, 0xBB, 0x70, 0x1B, 0x21, 0xAC, 0x12,
+        0x53, 0xCB, 0x81, 0x2C, 0x15, 0x57, 0x5A, 0x90,
+        0x85, 0xEA, 0xBE, 0xAD, 0xE7, 0x3A, 0x4A, 0xE7,
+        0x6E, 0x6A, 0x7B, 0x15, 0x8A, 0x20, 0x58, 0x6D,
+        0x78, 0xA5, 0xAC, 0x62, 0x0A, 0x5C, 0x9A, 0xBC,
+        0xC9, 0xC0, 0x43, 0x35, 0x0A, 0x73, 0x65, 0x6B,
+        0x0A, 0xBE, 0x82, 0x2D, 0xA5, 0xE0, 0xBA, 0x76,
+        0x04, 0x5F, 0xAD, 0x75, 0x40, 0x1D, 0x7A, 0x3B,
+        0x70, 0x37, 0x91, 0xB7, 0xE9, 0x92, 0x61, 0x71,
+        0x0F, 0x86, 0xB7, 0x24, 0x21, 0xD2, 0x40, 0xA3,
+        0x47, 0x63, 0x83, 0x77, 0x20, 0x5A, 0x15, 0x2C,
+        0x79, 0x41, 0x30, 0xA4, 0xE0, 0x47, 0x74, 0x2B,
+        0x88, 0x83, 0x03, 0xBD, 0xDC, 0x30, 0x91, 0x16,
+        0x76, 0x4D, 0xE7, 0x42, 0x4C, 0xEB, 0xEA, 0x6D,
+        0xB6, 0x53, 0x48, 0xAC, 0x53, 0x7E, 0x01, 0xA9,
+        0xCC, 0x56, 0xEA, 0x66, 0x7D, 0x5A, 0xA8, 0x7A,
+        0xC9, 0xAA, 0xA4, 0x31, 0x7D, 0x26, 0x2C, 0x10,
+        0x14, 0x30, 0x50, 0xB8, 0xD0, 0x7A, 0x72, 0x8C,
+        0xA6, 0x33, 0xC1, 0x3E, 0x46, 0x8A, 0xBC, 0xEA,
+        0xD3, 0x72, 0xC7, 0x7B, 0x8E, 0xCF, 0x3B, 0x98,
+        0x6B, 0x98, 0xC1, 0xE5, 0x58, 0x60, 0xB2, 0xB4,
+        0x21, 0x67, 0x66, 0xAD, 0x87, 0x4C, 0x35, 0xED,
+        0x72, 0x05, 0x06, 0x87, 0x39, 0x23, 0x02, 0x20,
+        0xB5, 0xA2, 0x31, 0x7D, 0x10, 0x2C, 0x59, 0x83,
+        0x56, 0xF1, 0x68, 0xAC, 0xBE, 0x80, 0x60, 0x8D,
+        0xE4, 0xC9, 0xA7, 0x10, 0xB8, 0xDD, 0x07, 0x07,
+        0x8C, 0xD7, 0xC6, 0x71, 0x05, 0x8A, 0xF1, 0xB0,
+        0xB8, 0x30, 0x4A, 0x31, 0x4F, 0x7B, 0x29, 0xBE,
+        0x78, 0xA9, 0x33, 0xC7, 0xB9, 0x29, 0x44, 0x24,
+        0x95, 0x4A, 0x1B, 0xF8, 0xBC, 0x74, 0x5D, 0xE8,
+        0x61, 0x98, 0x65, 0x9E, 0x0E, 0x12, 0x25, 0xA9,
+        0x10, 0x72, 0x60, 0x74, 0x96, 0x9C, 0x39, 0xA9,
+        0x7C, 0x19, 0x24, 0x06, 0x01, 0xA4, 0x6E, 0x01,
+        0x3D, 0xCD, 0xCB, 0x67, 0x7A, 0x8C, 0xBD, 0x2C,
+        0x95, 0xA4, 0x06, 0x29, 0xC2, 0x56, 0xF2, 0x4A,
+        0x32, 0x89, 0x51, 0xDF, 0x57, 0x50, 0x2A, 0xB3,
+        0x07, 0x72, 0xCC, 0x7E, 0x5B, 0x85, 0x00, 0x27,
+        0xC8, 0x55, 0x17, 0x81, 0xCE, 0x49, 0x85, 0xBD,
+        0xAC, 0xF6, 0xB8, 0x65, 0xC1, 0x04, 0xE8, 0xA4,
+        0xBC, 0x65, 0xC4, 0x16, 0x94, 0xD4, 0x56, 0xB7,
+        0x16, 0x9E, 0x45, 0xAB, 0x3D, 0x7A, 0xCA, 0xBE,
+        0xAF, 0xE2, 0x3A, 0xD6, 0xA7, 0xB9, 0x4D, 0x19,
+        0x79, 0xA2, 0xF4, 0xC1, 0xCA, 0xE7, 0xCD, 0x77,
+        0xD6, 0x81, 0xD2, 0x90, 0xB5, 0xD8, 0xE4, 0x51,
+        0xBF, 0xDC, 0xCC, 0xF5, 0x31, 0x0B, 0x9D, 0x12,
+        0xA8, 0x8E, 0xC2, 0x9B, 0x10, 0x25, 0x5D, 0x5E,
+        0x17, 0xA1, 0x92, 0x67, 0x0A, 0xA9, 0x73, 0x1C,
+        0x5C, 0xA6, 0x7E, 0xC7, 0x84, 0xC5, 0x02, 0x78,
+        0x1B, 0xE8, 0x52, 0x7D, 0x6F, 0xC0, 0x03, 0xC6,
+        0x70, 0x1B, 0x36, 0x32, 0x28, 0x4B, 0x40, 0x30,
+        0x7A, 0x52, 0x7C, 0x76, 0x20, 0x37, 0x7F, 0xEB,
+        0x0B, 0x73, 0xF7, 0x22, 0xC9, 0xE3, 0xCD, 0x4D,
+        0xEC, 0x64, 0x87, 0x6B, 0x93, 0xAB, 0x5B, 0x7C,
+        0xFC, 0x4A, 0x65, 0x7F, 0x85, 0x2B, 0x65, 0x92,
+        0x82, 0x86, 0x43, 0x84, 0xF4, 0x42, 0xB2, 0x2E,
+        0x8A, 0x21, 0x10, 0x93, 0x87, 0xB8, 0xB4, 0x75,
+        0x85, 0xFC, 0x68, 0x0D, 0x0B, 0xA4, 0x5C, 0x7A,
+        0x8B, 0x1D, 0x72, 0x74, 0xBD, 0xA5, 0x78, 0x45,
+        0xD1, 0x00, 0xD0, 0xF4, 0x2A, 0x3B, 0x74, 0x62,
+        0x87, 0x73, 0x35, 0x1F, 0xD7, 0xAC, 0x30, 0x5B,
+        0x24, 0x97, 0x63, 0x9B, 0xE9, 0x0B, 0x3F, 0x4F,
+        0x71, 0xA6, 0xAA, 0x35, 0x61, 0xEE, 0xCC, 0x6A,
+        0x69, 0x1B, 0xB5, 0xCB, 0x39, 0x14, 0xD8, 0x63,
+        0x4C, 0xA1, 0xE1, 0xAF, 0x54, 0x3C, 0x04, 0x9A,
+        0x8C, 0x6E, 0x86, 0x8C, 0x51, 0xF0, 0x42, 0x3B,
+        0xD2, 0xD5, 0xAE, 0x09, 0xB7, 0x9E, 0x57, 0xC2,
+        0x7F, 0x3F, 0xE3, 0xAE, 0x2B, 0x26, 0xA4, 0x41,
+        0xBA, 0xBF, 0xC6, 0x71, 0x8C, 0xE8, 0xC0, 0x5B,
+        0x4F, 0xE7, 0x93, 0xB9, 0x10, 0xB8, 0xFB, 0xCB,
+        0xBE, 0x7F, 0x10, 0x13, 0x24, 0x2B, 0x40, 0xE0,
+        0x51, 0x4D, 0x0B, 0xDC, 0x5C, 0x88, 0xBA, 0xC5,
+        0x94, 0xC7, 0x94, 0xCE, 0x51, 0x22, 0xFB, 0xF3,
+        0x48, 0x96, 0x81, 0x91, 0x47, 0xB9, 0x28, 0x38,
+        0x15, 0x87, 0x96, 0x3B, 0x0B, 0x90, 0x03, 0x4A,
+        0xA0, 0x7A, 0x10, 0xBE, 0x17, 0x6E, 0x01, 0xC8,
+        0x0A, 0xD6, 0xA4, 0xB7, 0x1B, 0x10, 0xAF, 0x42,
+        0x41, 0x40, 0x0A, 0x2A, 0x4C, 0xBB, 0xC0, 0x59,
+        0x61, 0xA1, 0x5E, 0xC1, 0x47, 0x4E, 0xD5, 0x1A,
+        0x3C, 0xC6, 0xD3, 0x58, 0x00, 0x67, 0x9A, 0x46,
+        0x28, 0x09, 0xCA, 0xA3, 0xAB, 0x4F, 0x70, 0x94,
+        0xCD, 0x66, 0x10, 0xB4, 0xA7, 0x00, 0xCB, 0xA9,
+        0x39, 0xE7, 0xEA, 0xC9, 0x3E, 0x38, 0xC9, 0x97,
+        0x55, 0x90, 0x87, 0x27, 0x61, 0x9E, 0xD7, 0x6A,
+        0x34, 0xE5, 0x3C, 0x4F, 0xA2, 0x5B, 0xFC, 0x97,
+        0x00, 0x82, 0x06, 0x69, 0x7D, 0xD1, 0x45, 0xE5,
+        0xB9, 0x18, 0x8E, 0x5B, 0x01, 0x4E, 0x94, 0x16,
+        0x81, 0xE1, 0x5F, 0xE3, 0xE1, 0x32, 0xB8, 0xA3,
+        0x90, 0x34, 0x74, 0x14, 0x8B, 0xA2, 0x8B, 0x98,
+        0x71, 0x11, 0xC9, 0xBC, 0xB3, 0x98, 0x9B, 0xBB,
+        0xC6, 0x71, 0xC5, 0x81, 0xB4, 0x4A, 0x49, 0x28,
+        0x45, 0xF2, 0x88, 0xE6, 0x21, 0x96, 0xE4, 0x71,
+        0xFE, 0xD3, 0xC3, 0x9C, 0x1B, 0xBD, 0xDB, 0x08,
+        0x37, 0xD0, 0xD4, 0x70, 0x6B, 0x09, 0x22, 0xC4
     };
     static const byte seed_768[KYBER_ENC_RAND_SZ] = {
-        0x40, 0xBE, 0x9D, 0xCA, 0xC1, 0x6E, 0x9C, 0xA7,
-        0x3D, 0x49, 0xD0, 0xC8, 0x3F, 0x9D, 0x3D, 0x89,
-        0xBB, 0x71, 0x57, 0x4A, 0x42, 0x19, 0xA0, 0xF3,
-        0x93, 0xDF, 0xEC, 0xE2, 0x98, 0x83, 0x94, 0xC4
+        0x2C, 0xE7, 0x4A, 0xD2, 0x91, 0x13, 0x35, 0x18,
+        0xFE, 0x60, 0xC7, 0xDF, 0x5D, 0x25, 0x1B, 0x9D,
+        0x82, 0xAD, 0xD4, 0x84, 0x62, 0xFF, 0x50, 0x5C,
+        0x6E, 0x54, 0x7E, 0x94, 0x9E, 0x6B, 0x6B, 0xF7
     };
     static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = {
-        0x77, 0x8D, 0x6B, 0x03, 0x79, 0x1A, 0xCA, 0xF5,
-        0x6C, 0xAA, 0xFC, 0xC7, 0x8C, 0xEE, 0x5C, 0xBC,
-        0xA1, 0xDE, 0x87, 0x37, 0xE9, 0xC7, 0xFF, 0x4A,
-        0xE5, 0xF3, 0x84, 0xD3, 0x44, 0xE0, 0x82, 0x23,
-        0xC7, 0x4C, 0x82, 0x4C, 0xB5, 0x84, 0x85, 0x20,
-        0x51, 0x7C, 0x7F, 0x0E, 0xA0, 0x64, 0x5E, 0xB6,
-        0xF8, 0x89, 0x51, 0x7A, 0xE5, 0x21, 0x6B, 0x0C,
-        0xF4, 0x1D, 0xDC, 0x3F, 0x0D, 0x1D, 0xF9, 0xBC,
-        0x6E, 0x4D, 0xEC, 0xB2, 0x36, 0xA5, 0xEA, 0x8B,
-        0x21, 0x4F, 0x64, 0x26, 0x6D, 0x3C, 0xDE, 0x08,
-        0xE0, 0xCB, 0x00, 0xE5, 0xD9, 0x1F, 0x58, 0x67,
-        0x06, 0xB1, 0xEE, 0x53, 0x3D, 0x20, 0x47, 0x6F,
-        0x44, 0x23, 0xB7, 0x8F, 0x91, 0x6B, 0x17, 0x26,
-        0xEE, 0xEA, 0x95, 0x9F, 0xFB, 0x9A, 0xC6, 0x34,
-        0xD0, 0x4A, 0x94, 0xD0, 0x99, 0x23, 0xCB, 0x0D,
-        0x4E, 0x73, 0x0C, 0xCA, 0x41, 0x44, 0xE7, 0xC4,
-        0x88, 0x49, 0x21, 0x65, 0x2D, 0xA4, 0x92, 0x8C,
-        0x68, 0xE6, 0x44, 0xF6, 0x73, 0xCF, 0xC5, 0x7D,
-        0x3E, 0x87, 0xCF, 0x5B, 0xE5, 0x81, 0xA8, 0x9F,
-        0x9C, 0xB8, 0xF0, 0xFC, 0xE2, 0x78, 0x2D, 0x68,
-        0x1E, 0x5C, 0xE8, 0x8A, 0xF5, 0x84, 0x58, 0xC3,
-        0xD6, 0x3D, 0x80, 0x75, 0x72, 0xDE, 0x5A, 0xA8,
-        0xE1, 0xFA, 0xF2, 0xDC, 0xD1, 0x4E, 0xDB, 0x73,
-        0x49, 0x56, 0x5B, 0x7D, 0x32, 0x71, 0xDD, 0xBE,
-        0xB0, 0xB6, 0xCC, 0x7A, 0xFE, 0x08, 0x63, 0x57,
-        0x84, 0x31, 0x11, 0x59, 0x73, 0x3C, 0x46, 0xE5,
-        0xFD, 0xC5, 0xE0, 0xCD, 0x36, 0xCE, 0x56, 0x85,
-        0xAC, 0xFB, 0x1A, 0xFE, 0x50, 0xAB, 0xB4, 0x6F,
-        0x44, 0x75, 0x21, 0xE6, 0x0D, 0x9C, 0x8F, 0x0E,
-        0x4C, 0xA2, 0x8C, 0x19, 0x0A, 0xBB, 0x40, 0xC3,
-        0x65, 0xF4, 0x12, 0x47, 0x1E, 0x95, 0xA8, 0xEA,
-        0x39, 0x6D, 0x4B, 0xD8, 0x07, 0x0E, 0xEB, 0x1F,
-        0x02, 0xB0, 0x7C, 0x82, 0x53, 0x67, 0xAA, 0x1E,
-        0xC0, 0xF1, 0x0C, 0x38, 0x62, 0x41, 0x6B, 0xB2,
-        0x1A, 0xD6, 0xCA, 0x74, 0x8A, 0x86, 0xE9, 0x82,
-        0x9E, 0xFC, 0x1A, 0x04, 0x99, 0x09, 0x3C, 0x85,
-        0x17, 0x6D, 0x37, 0xF5, 0x74, 0xC7, 0x5C, 0xF5,
-        0xED, 0xFA, 0x8D, 0x92, 0x0D, 0x32, 0x68, 0xCB,
-        0x34, 0xC6, 0xA4, 0xBB, 0x00, 0x02, 0x86, 0x9B,
-        0xC0, 0x5D, 0x7C, 0x8F, 0xCC, 0x06, 0x58, 0xD4,
-        0xA0, 0x1E, 0xAC, 0xD7, 0x45, 0x57, 0xA3, 0x7D,
-        0x98, 0xA7, 0x63, 0x07, 0x47, 0x52, 0xDF, 0xDD,
-        0x64, 0x29, 0x88, 0x1C, 0xAF, 0xF5, 0x77, 0xD3,
-        0xA0, 0x48, 0x03, 0x1B, 0xD5, 0x2C, 0x4E, 0x97,
-        0x26, 0x39, 0x85, 0x90, 0xF9, 0x51, 0x9F, 0xD5,
-        0x94, 0x05, 0xD6, 0xB3, 0xC3, 0x07, 0xAF, 0xCB,
-        0x16, 0x8A, 0x98, 0x57, 0x85, 0xD9, 0x54, 0xA6,
-        0xD1, 0xDC, 0x1E, 0xA9, 0x2E, 0x1E, 0xB6, 0xF9,
-        0x46, 0xA4, 0xD9, 0x9D, 0xD6, 0xCA, 0x30, 0x7A,
-        0xBF, 0xD8, 0x36, 0x2F, 0xAB, 0xA9, 0x8B, 0xB2,
-        0x64, 0xC6, 0x9C, 0x5F, 0x55, 0x5D, 0x60, 0x88,
-        0x3C, 0xC5, 0x60, 0x19, 0xFE, 0xB4, 0xE8, 0x00,
-        0x0C, 0x48, 0xB7, 0xE6, 0x8C, 0xD6, 0x67, 0xF0,
-        0x0B, 0x52, 0x50, 0xCE, 0xF2, 0x93, 0xA4, 0xA9,
-        0xE7, 0x78, 0x72, 0x6E, 0x62, 0xF1, 0x20, 0x36,
-        0x1E, 0x21, 0xAB, 0x31, 0x40, 0x46, 0x4C, 0xDC,
-        0x6A, 0xBD, 0xE9, 0xEA, 0x05, 0x19, 0x8D, 0x8B,
-        0x3B, 0xB6, 0x71, 0xB9, 0x11, 0x1A, 0x2F, 0x31,
-        0x75, 0x82, 0x84, 0x7C, 0xA5, 0x01, 0x56, 0x64,
-        0xF2, 0x2C, 0xDB, 0x08, 0xC1, 0x43, 0x18, 0x7B,
-        0xDE, 0x21, 0x29, 0xB5, 0x4F, 0x34, 0x16, 0x02,
-        0x95, 0xD7, 0x5F, 0xE9, 0xA4, 0x94, 0xFD, 0x7E,
-        0x67, 0xAA, 0xA7, 0x6B, 0x57, 0xAA, 0xFF, 0xD8,
-        0x9D, 0x01, 0xA7, 0x1D, 0xF5, 0xC8, 0x15, 0x86,
-        0x20, 0x29, 0x8D, 0x58, 0x2B, 0xBE, 0xFA, 0x6D,
-        0x09, 0xAC, 0x41, 0x2A, 0x99, 0xAA, 0x3B, 0xE9,
-        0xC3, 0x83, 0x50, 0x49, 0x48, 0xC4, 0x3D, 0xD5,
-        0xAF, 0x41, 0x27, 0xB1, 0x43, 0x58, 0x04, 0xF4,
-        0x4B, 0xAF, 0xA1, 0x42, 0xBF, 0xC2, 0xA9, 0x5D,
-        0x95, 0xFB, 0x2E, 0xF0, 0x64, 0x1A, 0xBE, 0x71,
-        0x06, 0x4D, 0xE5, 0x1D, 0x6B, 0x9E, 0xC5, 0x08,
-        0x57, 0xB8, 0xEE, 0xF7, 0xF4, 0x80, 0x36, 0x31,
-        0x3D, 0x0E, 0x93, 0x67, 0x63, 0xB8, 0xF7, 0xBD,
-        0xE6, 0x9B, 0x06, 0x4D, 0xD5, 0x76, 0x1D, 0x80,
-        0xEA, 0x6F, 0x1A, 0x8B, 0x37, 0x56, 0x57, 0x53,
-        0xC5, 0x79, 0xBB, 0xB8, 0x95, 0xEF, 0xB9, 0xFC,
-        0xB3, 0xFC, 0x5F, 0xA3, 0x36, 0x2E, 0x37, 0x74,
-        0xF0, 0xF7, 0x71, 0x40, 0xB9, 0x73, 0xCA, 0xE5,
-        0x87, 0xBA, 0xD2, 0xF3, 0xB5, 0x66, 0xA9, 0xC2,
-        0x5A, 0x96, 0x93, 0x47, 0xE5, 0xC5, 0x4F, 0x87,
-        0xF1, 0x10, 0x5E, 0x9C, 0x07, 0x48, 0x67, 0xD9,
-        0x40, 0x77, 0xCC, 0xAE, 0x3A, 0xBE, 0xA5, 0x45,
-        0x20, 0xED, 0xB5, 0x1D, 0x9D, 0xAA, 0xBE, 0x78,
-        0x48, 0xE7, 0x8F, 0xDF, 0x66, 0xE0, 0x7E, 0x2E,
-        0x22, 0xB3, 0x02, 0x51, 0x93, 0x1E, 0x89, 0x0B,
-        0xAF, 0x1F, 0x5E, 0x17, 0x7D, 0x4D, 0x9C, 0xEC,
-        0x9E, 0x49, 0x69, 0x48, 0x1F, 0xD7, 0xC1, 0x33,
-        0x5A, 0x0E, 0xD5, 0x87, 0x9F, 0x34, 0xEF, 0x4B,
-        0xB4, 0xF6, 0x6C, 0x28, 0x80, 0x3C, 0xEA, 0x16,
-        0x2B, 0xA4, 0x61, 0x50, 0x6D, 0x52, 0xEB, 0x3A,
-        0xE1, 0x69, 0x51, 0x92, 0x2B, 0x06, 0x82, 0x51,
-        0x86, 0xC3, 0xD4, 0xCE, 0x1B, 0x51, 0xF3, 0xC9,
-        0x2F, 0x3C, 0x52, 0xF2, 0xD0, 0x4D, 0x1F, 0x13,
-        0xB2, 0xB1, 0x7C, 0x9E, 0xEB, 0x88, 0x2C, 0xCE,
-        0x0E, 0xB8, 0x8B, 0x7E, 0xA9, 0xA1, 0xCE, 0x4E,
-        0x37, 0x41, 0x5C, 0xC8, 0x4C, 0x7B, 0xC4, 0x36,
-        0xA4, 0x62, 0x83, 0x86, 0xCC, 0x77, 0xD9, 0xAF,
-        0xD2, 0x07, 0x91, 0x1B, 0xD9, 0xBF, 0xD8, 0xA7,
-        0xFA, 0x05, 0xC2, 0x75, 0xBE, 0x0C, 0x4C, 0x6A,
-        0x8F, 0xC0, 0xA6, 0x1B, 0xDA, 0x1D, 0x67, 0xAE,
-        0x33, 0xB5, 0x31, 0x0B, 0xE1, 0x29, 0x0D, 0xC7,
-        0x1C, 0x14, 0x18, 0xEB, 0x57, 0x44, 0xBF, 0x28,
-        0x42, 0xC1, 0x65, 0x21, 0x73, 0xA4, 0x9A, 0x69,
-        0x2E, 0x71, 0xFE, 0x43, 0x25, 0x8A, 0x20, 0x5B,
-        0x3C, 0xAA, 0xB9, 0x0C, 0x03, 0x04, 0xA5, 0x1E,
-        0x77, 0xD0, 0x1B, 0x40, 0x4A, 0x01, 0xFA, 0xE2,
-        0xF8, 0x3A, 0xB8, 0x0C, 0x5D, 0xBF, 0x6C, 0xF5,
-        0x18, 0xC0, 0x01, 0xF4, 0x6A, 0x63, 0x3F, 0xA1,
-        0x69, 0xB1, 0xBD, 0xB7, 0x7A, 0x9D, 0x0B, 0x1E,
-        0x0C, 0x00, 0x78, 0x35, 0xC0, 0x9F, 0x6A, 0xBB,
-        0xA9, 0x6F, 0x3F, 0x53, 0x56, 0x4D, 0xA5, 0x08,
-        0xEE, 0x88, 0x61, 0xA4, 0x83, 0xA8, 0x17, 0x49,
-        0xD4, 0xA4, 0x46, 0x72, 0xB1, 0xEF, 0x16, 0x05,
-        0xF2, 0x9D, 0x16, 0x8B, 0x74, 0xB7, 0x36, 0xB4,
-        0xF1, 0x35, 0x01, 0xD7, 0xAD, 0x12, 0x13, 0x11,
-        0x8A, 0x78, 0x32, 0xE6, 0x66, 0xA5, 0x0B, 0xE8,
-        0x01, 0x0D, 0x54, 0x32, 0x2A, 0x52, 0x6C, 0xF7,
-        0xA4, 0xE5, 0x43, 0xA7, 0x9D, 0x0D, 0x98, 0xE0,
-        0x04, 0xFB, 0xEC, 0x76, 0xEA, 0x3F, 0x7E, 0x88,
-        0x7B, 0xDB, 0xAF, 0x50, 0xDA, 0xDF, 0xDD, 0xDF,
-        0x3F, 0xFE, 0xCF, 0x6D, 0x3F, 0x77, 0xEA, 0x4B,
-        0x9B, 0x16, 0xDC, 0x75, 0x4F, 0x4A, 0x68, 0xE5,
-        0xEF, 0x32, 0xF6, 0xA1, 0x37, 0xE7, 0xC9, 0xE3,
-        0xC3, 0xE8, 0xC2, 0xE2, 0x36, 0xC7, 0xEB, 0xC4,
-        0x5D, 0x46, 0xEC, 0x16, 0x77, 0xA5, 0xA8, 0xBB,
-        0x26, 0x68, 0x44, 0x3B, 0x0B, 0xE8, 0x69, 0x3D,
-        0xC2, 0x57, 0xF1, 0x3D, 0x8B, 0x9A, 0x90, 0x10,
-        0x0B, 0x92, 0xB4, 0xD1, 0x76, 0x1B, 0x81, 0x96,
-        0x73, 0x83, 0x2C, 0x32, 0x02, 0x06, 0x71, 0xBF,
-        0xB3, 0xD0, 0x22, 0x0A, 0x36, 0x3E, 0x4B, 0xED,
-        0x6D, 0x64, 0x9D, 0x3F, 0x73, 0x68, 0xCF, 0xE0,
-        0x81, 0xE1, 0x96, 0xA4, 0x3D, 0x47, 0x08, 0x79,
-        0x8E, 0x31, 0xBB, 0x2A, 0x2F, 0x61, 0x82, 0x46,
-        0x74, 0xAB, 0xA2, 0xFC, 0x9D, 0xCD, 0x05, 0xDB,
-        0x84, 0xB8, 0x62, 0x7A, 0xE1, 0x14, 0x88, 0x88,
-        0x6F, 0x92, 0x1B, 0xC7, 0x9A, 0xE1, 0xFD, 0x03
+        0x56, 0xB4, 0x2D, 0x59, 0x3A, 0xAB, 0x8E, 0x87,
+        0x73, 0xBD, 0x92, 0xD7, 0x6E, 0xAB, 0xDD, 0xF3,
+        0xB1, 0x54, 0x6F, 0x83, 0x26, 0xF5, 0x7A, 0x7B,
+        0x77, 0x37, 0x64, 0xB6, 0xC0, 0xDD, 0x30, 0x47,
+        0x0F, 0x68, 0xDF, 0xF8, 0x2E, 0x0D, 0xCA, 0x92,
+        0x50, 0x92, 0x74, 0xEC, 0xFE, 0x83, 0xA9, 0x54,
+        0x73, 0x5F, 0xDE, 0x6E, 0x14, 0x67, 0x6D, 0xAA,
+        0xA3, 0x68, 0x0C, 0x30, 0xD5, 0x24, 0xF4, 0xEF,
+        0xA7, 0x9E, 0xD6, 0xA1, 0xF9, 0xED, 0x7E, 0x1C,
+        0x00, 0x56, 0x0E, 0x86, 0x83, 0x53, 0x8C, 0x31,
+        0x05, 0xAB, 0x93, 0x1B, 0xE0, 0xD2, 0xB2, 0x49,
+        0xB3, 0x8C, 0xB9, 0xB1, 0x3A, 0xF5, 0xCE, 0xAF,
+        0x78, 0x87, 0xA5, 0x9D, 0xBA, 0x16, 0x68, 0x8A,
+        0x7F, 0x28, 0xDE, 0x0B, 0x14, 0xD1, 0x9F, 0x39,
+        0x1E, 0xB4, 0x18, 0x32, 0xA5, 0x64, 0x79, 0x41,
+        0x6C, 0xCF, 0x94, 0xE9, 0x97, 0x39, 0x0E, 0xD7,
+        0x87, 0x8E, 0xEA, 0xFF, 0x49, 0x32, 0x8A, 0x70,
+        0xE0, 0xAB, 0x5F, 0xCE, 0x6C, 0x63, 0xC0, 0x9B,
+        0x35, 0xF4, 0xE4, 0x59, 0x94, 0xDE, 0x61, 0x5B,
+        0x88, 0xBB, 0x72, 0x2F, 0x70, 0xE8, 0x7D, 0x2B,
+        0xBD, 0x72, 0xAE, 0x71, 0xE1, 0xEE, 0x90, 0x08,
+        0xE4, 0x59, 0xD8, 0xE7, 0x43, 0x03, 0x9A, 0x8D,
+        0xDE, 0xB8, 0x74, 0xFC, 0xE5, 0x30, 0x1A, 0x2F,
+        0x8C, 0x0E, 0xE8, 0xC2, 0xFE, 0xE7, 0xA4, 0xEE,
+        0x68, 0xB5, 0xED, 0x6A, 0x6D, 0x9A, 0xB7, 0x4F,
+        0x98, 0xBB, 0x3B, 0xA0, 0xFE, 0x89, 0xE8, 0x2B,
+        0xD5, 0xA5, 0x25, 0xC5, 0xE8, 0x79, 0x0F, 0x81,
+        0x8C, 0xCC, 0x60, 0x58, 0x77, 0xD4, 0x6C, 0x8B,
+        0xDB, 0x5C, 0x33, 0x7B, 0x02, 0x5B, 0xB8, 0x40,
+        0xFF, 0x47, 0x18, 0x96, 0xE4, 0x3B, 0xFA, 0x99,
+        0xD7, 0x3D, 0xBE, 0x31, 0x80, 0x5C, 0x27, 0xA4,
+        0x3E, 0x57, 0xF0, 0x61, 0x8B, 0x3A, 0xE5, 0x22,
+        0xA4, 0x64, 0x4E, 0x0D, 0x4E, 0x4C, 0x1C, 0x54,
+        0x84, 0x89, 0x43, 0x1B, 0xE5, 0x58, 0xF3, 0xBF,
+        0xC5, 0x0E, 0x16, 0x61, 0x7E, 0x11, 0x0D, 0xD7,
+        0xAF, 0x9A, 0x6F, 0xD8, 0x3E, 0x3F, 0xBB, 0x68,
+        0xC3, 0x04, 0xD1, 0x5F, 0x6C, 0xB7, 0x00, 0xD6,
+        0x1D, 0x7A, 0xA9, 0x15, 0xA6, 0x75, 0x1E, 0xA3,
+        0xBA, 0x80, 0x22, 0x3E, 0x65, 0x41, 0x32, 0xA2,
+        0x09, 0x99, 0xA4, 0x3B, 0xF4, 0x08, 0x59, 0x27,
+        0x30, 0xB9, 0xA9, 0x49, 0x96, 0x36, 0xC0, 0x9F,
+        0xA7, 0x29, 0xF9, 0xCB, 0x1F, 0x9D, 0x34, 0x42,
+        0xF4, 0x73, 0x57, 0xA2, 0xB9, 0xCF, 0x15, 0xD3,
+        0x10, 0x3B, 0x9B, 0xF3, 0x96, 0xC2, 0x30, 0x88,
+        0xF1, 0x18, 0xED, 0xE3, 0x46, 0xB5, 0xC0, 0x38,
+        0x91, 0xCF, 0xA5, 0xD5, 0x17, 0xCE, 0xF8, 0x47,
+        0x13, 0x22, 0xE7, 0xE3, 0x10, 0x87, 0xC4, 0xB0,
+        0x36, 0xAB, 0xAD, 0x78, 0x4B, 0xFF, 0x72, 0xA9,
+        0xB1, 0x1F, 0xA1, 0x98, 0xFA, 0xCB, 0xCB, 0x91,
+        0xF0, 0x67, 0xFE, 0xAF, 0x76, 0xFC, 0xFE, 0x53,
+        0x27, 0xC1, 0x07, 0x0B, 0x3D, 0xA6, 0x98, 0x84,
+        0x00, 0x75, 0x67, 0x60, 0xD2, 0xD1, 0xF0, 0x60,
+        0x29, 0x8F, 0x16, 0x83, 0xD5, 0x1E, 0x36, 0x16,
+        0xE9, 0x8C, 0x51, 0xC9, 0xC0, 0x3A, 0xA4, 0x2F,
+        0x2E, 0x63, 0x36, 0x51, 0xA4, 0x7A, 0xD3, 0xCC,
+        0x2A, 0xB4, 0xA8, 0x52, 0xAE, 0x0C, 0x4B, 0x04,
+        0xB4, 0xE1, 0xC3, 0xDD, 0x94, 0x44, 0x45, 0xA2,
+        0xB1, 0x2B, 0x4F, 0x42, 0xA6, 0x43, 0x51, 0x05,
+        0xC0, 0x41, 0x22, 0xFC, 0x35, 0x87, 0xAF, 0xE4,
+        0x09, 0xA0, 0x0B, 0x30, 0x8D, 0x63, 0xC5, 0xDD,
+        0x81, 0x63, 0x65, 0x45, 0x04, 0xEE, 0xDB, 0xB7,
+        0xB5, 0x32, 0x95, 0x77, 0xC3, 0x5F, 0xBE, 0xB3,
+        0xF4, 0x63, 0x87, 0x2C, 0xAC, 0x28, 0x14, 0x2B,
+        0x3C, 0x12, 0xA7, 0x40, 0xEC, 0x6E, 0xA7, 0xCE,
+        0x9A, 0xD7, 0x8C, 0x6F, 0xC8, 0xFE, 0x1B, 0x4D,
+        0xF5, 0xFC, 0x55, 0xC1, 0x66, 0x7F, 0x31, 0xF2,
+        0x31, 0x2D, 0xA0, 0x77, 0x99, 0xDC, 0x87, 0x0A,
+        0x47, 0x86, 0x08, 0x54, 0x9F, 0xED, 0xAF, 0xE0,
+        0x21, 0xF1, 0xCF, 0x29, 0x84, 0x18, 0x03, 0x64,
+        0xE9, 0x0A, 0xD9, 0x8D, 0x84, 0x56, 0x52, 0xAA,
+        0x3C, 0xDD, 0x7A, 0x8E, 0xB0, 0x9F, 0x5E, 0x51,
+        0x42, 0x3F, 0xAB, 0x42, 0xA7, 0xB7, 0xBB, 0x4D,
+        0x51, 0x48, 0x64, 0xBE, 0x8D, 0x71, 0x29, 0x7E,
+        0x9C, 0x3B, 0x17, 0xA9, 0x93, 0xF0, 0xAE, 0x62,
+        0xE8, 0xEF, 0x52, 0x63, 0x7B, 0xD1, 0xB8, 0x85,
+        0xBD, 0x9B, 0x6A, 0xB7, 0x27, 0x85, 0x4D, 0x70,
+        0x3D, 0x8D, 0xC4, 0x78, 0xF9, 0x6C, 0xB8, 0x1F,
+        0xCE, 0x4C, 0x60, 0x38, 0x3A, 0xC0, 0x1F, 0xCF,
+        0x0F, 0x97, 0x1D, 0x4C, 0x8F, 0x35, 0x2B, 0x7A,
+        0x82, 0xE2, 0x18, 0x65, 0x2F, 0x2C, 0x10, 0x6C,
+        0xA9, 0x2A, 0xE6, 0x86, 0xBA, 0xCF, 0xCE, 0xF5,
+        0xD3, 0x27, 0x34, 0x7A, 0x97, 0xA9, 0xB3, 0x75,
+        0xD6, 0x73, 0x41, 0x55, 0x2B, 0xC2, 0xC5, 0x38,
+        0x77, 0x8E, 0x0F, 0x98, 0x01, 0x82, 0x3C, 0xCD,
+        0xFC, 0xD1, 0xEA, 0xAD, 0xED, 0x55, 0xB1, 0x8C,
+        0x97, 0x57, 0xE3, 0xF2, 0x12, 0xB2, 0x88, 0x9D,
+        0x38, 0x57, 0xDB, 0x51, 0xF9, 0x81, 0xD1, 0x61,
+        0x85, 0xFD, 0x0F, 0x90, 0x08, 0x53, 0xA7, 0x50,
+        0x05, 0xE3, 0x02, 0x0A, 0x8B, 0x95, 0xB7, 0xD8,
+        0xF2, 0xF2, 0x63, 0x1C, 0x70, 0xD7, 0x8A, 0x95,
+        0x7C, 0x7A, 0x62, 0xE1, 0xB3, 0x71, 0x90, 0x70,
+        0xAC, 0xD1, 0xFD, 0x48, 0x0C, 0x25, 0xB8, 0x38,
+        0x47, 0xDA, 0x02, 0x7B, 0x6E, 0xBB, 0xC2, 0xEE,
+        0xC2, 0xDF, 0x22, 0xC8, 0x7F, 0x9B, 0x46, 0xD5,
+        0xD7, 0xBA, 0xF1, 0x56, 0xB5, 0x3C, 0xEE, 0x92,
+        0x95, 0x72, 0xB9, 0x2C, 0x47, 0x84, 0xC4, 0xE8,
+        0x29, 0xF3, 0x44, 0x6A, 0x1F, 0xFE, 0x47, 0xF9,
+        0x9D, 0xEC, 0xD0, 0x43, 0x60, 0x29, 0xDD, 0xEB,
+        0xD3, 0xED, 0x8E, 0x87, 0xE5, 0xE7, 0x3D, 0x12,
+        0x3D, 0xBE, 0x8A, 0x4D, 0xDA, 0xCF, 0x2A, 0xBD,
+        0xE8, 0x7F, 0x33, 0xAE, 0x2B, 0x62, 0x1C, 0x0E,
+        0xC5, 0xD5, 0xCA, 0xD1, 0x25, 0x9D, 0xEE, 0xC2,
+        0xAE, 0xFF, 0x60, 0x88, 0xF0, 0x4F, 0x27, 0xA2,
+        0x03, 0x38, 0xB5, 0x76, 0x25, 0x43, 0xE5, 0x10,
+        0x08, 0x99, 0xA4, 0xCB, 0xFB, 0x7B, 0x3C, 0xA4,
+        0x56, 0xB3, 0xA1, 0x9B, 0x83, 0xA4, 0xC4, 0x32,
+        0x23, 0x0C, 0x23, 0xE1, 0xC7, 0xF1, 0x07, 0xC4,
+        0xCB, 0x11, 0x21, 0x52, 0xF1, 0xC0, 0xF3, 0x0D,
+        0xA0, 0xBB, 0x33, 0xF4, 0xF1, 0x1F, 0x47, 0xEE,
+        0xA4, 0x38, 0x72, 0xBA, 0xFA, 0x84, 0xAE, 0x22,
+        0x25, 0x6D, 0x70, 0x8E, 0x06, 0x04, 0xDA, 0xDE,
+        0x4B, 0x2A, 0x4D, 0xDE, 0x8C, 0xCC, 0xF1, 0x19,
+        0x30, 0xE1, 0x35, 0x53, 0x93, 0x4A, 0xE3, 0xEC,
+        0xE5, 0x2F, 0x3D, 0x7C, 0xCC, 0x00, 0x28, 0x73,
+        0x77, 0x87, 0x9F, 0xE6, 0xB8, 0xEC, 0xE7, 0xEF,
+        0x79, 0x42, 0x35, 0x07, 0xC9, 0xDA, 0x33, 0x95,
+        0x59, 0xC2, 0x0D, 0xE1, 0xC5, 0x19, 0x55, 0x99,
+        0x9B, 0xAE, 0x47, 0x40, 0x1D, 0xC3, 0xCD, 0xFA,
+        0xA1, 0xB2, 0x56, 0xD0, 0x9C, 0x7D, 0xB9, 0xFC,
+        0x86, 0x98, 0xBF, 0xCE, 0xFA, 0x73, 0x02, 0xD5,
+        0x6F, 0xBC, 0xDE, 0x1F, 0xBA, 0xAA, 0x1C, 0x65,
+        0x34, 0x54, 0xE6, 0xFD, 0x3D, 0x84, 0xE4, 0xF7,
+        0x9A, 0x93, 0x1C, 0x68, 0x1C, 0xBB, 0x6C, 0xB4,
+        0x62, 0xB1, 0x0D, 0xAE, 0x11, 0x2B, 0xDF, 0xB7,
+        0xF6, 0x5C, 0x7F, 0xDF, 0x6E, 0x5F, 0xC5, 0x94,
+        0xEC, 0x3A, 0x47, 0x4A, 0x94, 0xBD, 0x97, 0xE6,
+        0xEC, 0x81, 0xF7, 0x1C, 0x23, 0x0B, 0xF7, 0x0C,
+        0xA0, 0xF1, 0x3C, 0xE3, 0xDF, 0xFB, 0xD9, 0xFF,
+        0x98, 0x04, 0xEF, 0xD8, 0xF3, 0x7A, 0x4D, 0x36,
+        0x29, 0xB4, 0x3A, 0x8F, 0x55, 0x54, 0x4E, 0xBC,
+        0x5A, 0xC0, 0xAB, 0xD9, 0xA3, 0x3D, 0x79, 0x69,
+        0x90, 0x68, 0x34, 0x6A, 0x0F, 0x1A, 0x3A, 0x96,
+        0xE1, 0x15, 0xA5, 0xD8, 0x0B, 0xE1, 0x65, 0xB5,
+        0x62, 0xD0, 0x82, 0x98, 0x4D, 0x5A, 0xAC, 0xC3,
+        0xA2, 0x30, 0x19, 0x81, 0xA6, 0x41, 0x8F, 0x8B,
+        0xA7, 0xD7, 0xB0, 0xD7, 0xCA, 0x58, 0x75, 0xC6
     };
     static const byte k_768[KYBER_SS_SZ] = {
-        0x61, 0x6E, 0x0B, 0x75, 0x3A, 0x3B, 0x7F, 0x40,
-        0xFE, 0xF9, 0xA3, 0x89, 0xF5, 0x8F, 0x16, 0xBF,
-        0xBB, 0x04, 0x62, 0x29, 0x41, 0xD2, 0x46, 0x4B,
-        0xDA, 0xE7, 0x67, 0x82, 0x0D, 0xFA, 0xC3, 0x8E
+        0x26, 0x96, 0xD2, 0x8E, 0x9C, 0x61, 0xC2, 0xA0,
+        0x1C, 0xE9, 0xB1, 0x60, 0x8D, 0xCB, 0x9D, 0x29,
+        0x27, 0x85, 0xA0, 0xCD, 0x58, 0xEF, 0xB7, 0xFE,
+        0x13, 0xB1, 0xDE, 0x95, 0xF0, 0xDB, 0x55, 0xB3
     };
 #endif
 #ifndef WOLFSSL_NO_KYBER1024
     static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = {
-        0x27, 0x66, 0x9A, 0x66, 0x76, 0x67, 0xB8, 0xD5,
-        0x46, 0x68, 0x58, 0x60, 0x22, 0x60, 0x11, 0x5B,
-        0x62, 0x09, 0xBC, 0x2C, 0x45, 0xDF, 0x7A, 0x4E,
-        0x64, 0x93, 0x2B, 0x75, 0xC7, 0x8B, 0x9F, 0x70,
-        0x83, 0xF1, 0x31, 0xBC, 0xD4, 0xE2, 0x0E, 0xFF,
-        0x8C, 0xCF, 0x69, 0x73, 0x6B, 0xDB, 0xC8, 0x84,
-        0x06, 0xF9, 0xB6, 0x9A, 0xD3, 0xCE, 0x35, 0x6A,
-        0x0F, 0x5E, 0x67, 0x6D, 0xD0, 0xA7, 0xC4, 0xAB,
-        0xB1, 0xA1, 0xC9, 0xD6, 0x20, 0x21, 0xBB, 0x38,
-        0x4A, 0x40, 0x14, 0xFB, 0x04, 0xCD, 0x2F, 0x82,
-        0x18, 0x90, 0xD9, 0x04, 0x27, 0xC4, 0x9F, 0x4A,
-        0x62, 0x8E, 0xCE, 0xC2, 0x73, 0x1F, 0xAC, 0x02,
-        0x52, 0x37, 0x36, 0x0D, 0x58, 0x2C, 0xD0, 0x66,
-        0x47, 0xB1, 0x10, 0x9A, 0xA6, 0xC2, 0xAC, 0x5D,
-        0x43, 0x37, 0x58, 0xC1, 0xCA, 0xA5, 0x35, 0x55,
-        0xFF, 0xF5, 0x77, 0xEB, 0xB5, 0x21, 0xFB, 0xE3,
-        0x2D, 0x10, 0xF7, 0x90, 0x60, 0x4C, 0x53, 0xC2,
-        0xF8, 0x2C, 0x17, 0xB0, 0x8E, 0xF3, 0x62, 0x56,
-        0x74, 0x21, 0x48, 0x44, 0x90, 0x6D, 0xB3, 0xFB,
-        0x95, 0x20, 0x03, 0x14, 0x22, 0xA1, 0x3B, 0xD7,
-        0x61, 0x2D, 0x42, 0x01, 0xC2, 0x7D, 0x15, 0xB9,
-        0xD1, 0x94, 0x83, 0x0C, 0xC3, 0x66, 0x9B, 0xB8,
-        0xBA, 0x34, 0xC2, 0x52, 0x37, 0x64, 0x41, 0x39,
-        0x71, 0xC4, 0x0D, 0x84, 0xAE, 0xE6, 0x56, 0x75,
-        0xD5, 0x21, 0x53, 0x09, 0xDA, 0x83, 0x67, 0xF0,
-        0x01, 0x49, 0x75, 0x46, 0xEC, 0xE0, 0x7C, 0xBF,
-        0x00, 0x2D, 0x78, 0x1B, 0x83, 0x06, 0x82, 0x48,
-        0x40, 0x80, 0xAD, 0x6F, 0x95, 0x58, 0xB3, 0x6B,
-        0x6B, 0xF6, 0x10, 0x91, 0x71, 0x30, 0xB7, 0x41,
-        0x9B, 0x39, 0xF8, 0x50, 0x29, 0x62, 0x12, 0x64,
-        0xCF, 0x2C, 0x8A, 0xE4, 0xD8, 0x08, 0x38, 0x7B,
-        0x20, 0xCC, 0x5A, 0xA0, 0xB9, 0x69, 0xC3, 0x9B,
-        0xC8, 0x0E, 0x6C, 0xB9, 0xCA, 0x03, 0x51, 0xA3,
-        0xF6, 0x0A, 0xCE, 0xAF, 0x12, 0xBD, 0x41, 0xFA,
-        0x09, 0x96, 0xE3, 0x99, 0x06, 0xA9, 0xB6, 0x16,
-        0x97, 0xB7, 0x47, 0xC2, 0x03, 0x1C, 0x76, 0x02,
-        0x88, 0x36, 0x44, 0x57, 0x42, 0x5B, 0xBB, 0xB4,
-        0x0F, 0x48, 0x98, 0xAD, 0x08, 0x58, 0x76, 0x60,
-        0x8A, 0x77, 0xA5, 0xEB, 0x9D, 0x12, 0x4B, 0xC9,
-        0x92, 0x26, 0x51, 0xB7, 0x63, 0x95, 0x88, 0x15,
-        0x58, 0xCA, 0xD0, 0x6F, 0x3C, 0x4B, 0xCF, 0x08,
-        0xE4, 0x5B, 0x67, 0xBA, 0x51, 0x60, 0x38, 0xA3,
-        0x64, 0xB7, 0x74, 0x0E, 0x97, 0x40, 0xEE, 0x2B,
-        0x93, 0xC5, 0xC6, 0x5F, 0x49, 0x02, 0x0A, 0xD4,
-        0x2B, 0x3C, 0x0A, 0xEA, 0x5B, 0xF2, 0x42, 0xA4,
-        0xF1, 0xB0, 0x89, 0xB5, 0xA3, 0x45, 0x8B, 0xE8,
-        0xA3, 0x71, 0xCA, 0x1F, 0x29, 0x3C, 0x53, 0xF2,
-        0x78, 0x0E, 0xCE, 0x28, 0x12, 0x93, 0xD9, 0x91,
-        0xE6, 0xE5, 0x79, 0x04, 0x2B, 0xAB, 0xC1, 0x69,
-        0x72, 0x4F, 0x10, 0x68, 0x1F, 0xD1, 0xC7, 0xD2,
-        0xFB, 0x16, 0x48, 0xB0, 0xBF, 0x80, 0x81, 0x8A,
-        0x7D, 0xD3, 0xB7, 0x09, 0x73, 0x4D, 0x38, 0x97,
-        0x2E, 0x3E, 0x44, 0x87, 0x5A, 0xF0, 0x92, 0x7A,
-        0x9A, 0xAD, 0xE8, 0x26, 0x13, 0xFC, 0xA0, 0x5E,
-        0xE5, 0xB3, 0x21, 0x06, 0x47, 0xA5, 0x63, 0x2A,
-        0xA1, 0x70, 0xD0, 0x9E, 0x70, 0xB5, 0x6A, 0x2F,
-        0x04, 0x33, 0x7A, 0x33, 0x7E, 0xE9, 0x52, 0x38,
-        0x3A, 0x1A, 0x8A, 0xEE, 0xA6, 0xCD, 0xB9, 0x0C,
-        0xCD, 0x86, 0xA8, 0x18, 0xD1, 0xBB, 0x39, 0x46,
-        0x5B, 0xA3, 0x13, 0xD2, 0x66, 0xBB, 0xB1, 0x05,
-        0x81, 0xFA, 0x18, 0x7D, 0x92, 0x6A, 0xC3, 0xA8,
-        0xB7, 0x49, 0xF6, 0x44, 0x45, 0xFA, 0xB5, 0x6C,
-        0x99, 0x27, 0x55, 0x57, 0x93, 0xFB, 0x4A, 0xCF,
-        0xB0, 0x39, 0xB1, 0xAA, 0x54, 0x3B, 0x1B, 0x87,
-        0xAE, 0x6A, 0x49, 0xAB, 0x56, 0x29, 0x33, 0xC4,
-        0xC9, 0x7B, 0xD7, 0x4C, 0x07, 0xBF, 0x29, 0x85,
-        0x1A, 0x46, 0x98, 0x51, 0xA9, 0x82, 0x59, 0x55,
-        0x96, 0xFE, 0x7A, 0xCA, 0xE0, 0xDB, 0x23, 0x53,
-        0x30, 0x28, 0xAA, 0x34, 0x67, 0x6F, 0x7A, 0x9B,
-        0x29, 0x26, 0x3E, 0x7A, 0xA2, 0x79, 0x00, 0x10,
-        0x4B, 0x1B, 0xA1, 0xB5, 0x67, 0x47, 0x39, 0xB2,
-        0xFC, 0x4E, 0xD8, 0xA3, 0x30, 0xBB, 0xA5, 0xA0,
-        0xB6, 0x24, 0x7C, 0x63, 0xF1, 0x15, 0x3D, 0xA0,
-        0x1D, 0xC8, 0xF6, 0x16, 0xF1, 0x04, 0x83, 0xA6,
-        0x93, 0xA6, 0x34, 0xC1, 0xBA, 0x6A, 0xE1, 0xAB,
-        0x2F, 0x16, 0x34, 0x00, 0xBB, 0x57, 0x71, 0xE7,
-        0x01, 0x71, 0xFC, 0xB5, 0x41, 0x55, 0xAB, 0xFC,
-        0xB2, 0x04, 0x4F, 0xCB, 0x30, 0xBA, 0xD6, 0x7F,
-        0x74, 0x21, 0x83, 0x86, 0x18, 0x19, 0xED, 0xB1,
-        0xAA, 0x6C, 0x77, 0x1F, 0xC8, 0xE1, 0x1A, 0x92,
-        0xE0, 0x8B, 0x71, 0xF4, 0x0D, 0x03, 0x6C, 0x15,
-        0xD2, 0x89, 0x6A, 0x20, 0x47, 0x25, 0xBA, 0x90,
-        0xA0, 0x3B, 0x47, 0x8D, 0x98, 0xC4, 0x90, 0x84,
-        0x38, 0x2F, 0x1D, 0x22, 0x3F, 0xE1, 0x29, 0x80,
-        0xE9, 0x47, 0xA4, 0x15, 0xE5, 0x5F, 0xE6, 0x7B,
-        0x85, 0xDA, 0x40, 0x44, 0x13, 0x42, 0x44, 0x5B,
-        0x46, 0xC2, 0xFC, 0x42, 0x02, 0x0D, 0x04, 0x76,
-        0x9A, 0x2A, 0x1C, 0x64, 0x64, 0x1F, 0x0C, 0x36,
-        0x63, 0x6B, 0xA6, 0xC4, 0x65, 0x2B, 0x26, 0x7A,
-        0x4B, 0x92, 0x19, 0xE3, 0x33, 0xA0, 0x68, 0x17,
-        0xB5, 0x81, 0x7B, 0x6E, 0x6C, 0xC4, 0x85, 0xE3,
-        0x52, 0x61, 0x41, 0x69, 0xAB, 0xC2, 0x0E, 0x18,
-        0x91, 0xB7, 0xA0, 0x00, 0xC5, 0x2A, 0xF1, 0x5A,
-        0x7B, 0x90, 0x4C, 0x97, 0x6C, 0x1B, 0xFD, 0x3A,
-        0x23, 0x77, 0xEB, 0x76, 0xB5, 0x50, 0x33, 0xC7,
-        0xC4, 0xC6, 0x9E, 0x71, 0x74, 0xAA, 0xF2, 0x77,
-        0x15, 0x75, 0x63, 0x16, 0xCA, 0xCC, 0xCE, 0x63,
-        0xA5, 0xA2, 0x24, 0x35, 0xC7, 0xD1, 0x02, 0x04,
-        0x43, 0xAA, 0x71, 0x69, 0x3B, 0xF0, 0x62, 0x30,
-        0x3D, 0x13, 0x33, 0x1F, 0x79, 0x54, 0x24, 0xC2,
-        0x0D, 0x26, 0x6C, 0x1D, 0x90, 0x30, 0x5F, 0xC8,
-        0xC2, 0x53, 0x66, 0x84, 0xA9, 0x3D, 0x50, 0x6D,
-        0xE6, 0x32, 0x9B, 0x61, 0x62, 0x40, 0x59, 0x99,
-        0xBD, 0x5C, 0xAA, 0x7D, 0xDB, 0x96, 0x13, 0xC8,
-        0x23, 0x8C, 0xC6, 0xD3, 0x35, 0xA1, 0xEB, 0x40,
-        0x82, 0xE7, 0x71, 0x0D, 0x07, 0x9F, 0x87, 0xA4,
-        0xBF, 0xF6, 0x47, 0x8B, 0x5F, 0x0C, 0x58, 0x77,
-        0x86, 0xAF, 0x42, 0x71, 0x92, 0xD9, 0xA3, 0x4A,
-        0x4F, 0xA3, 0x3B, 0xF0, 0xD3, 0xCC, 0x58, 0xFB,
-        0x46, 0x3B, 0x48, 0x38, 0xCA, 0x2C, 0x33, 0x7E,
-        0x65, 0x39, 0x7D, 0xA1, 0x56, 0x90, 0xC5, 0x2A,
-        0xC0, 0xE5, 0x46, 0x8B, 0xDC, 0x03, 0xDF, 0x5A,
-        0x62, 0xF7, 0x02, 0x09, 0x34, 0xE2, 0x67, 0xE0,
-        0xF7, 0xCF, 0x95, 0x59, 0x94, 0x35, 0xF9, 0x52,
-        0xFA, 0xB7, 0x4C, 0xFE, 0xB4, 0x30, 0x8B, 0x17,
-        0x3F, 0x12, 0xE0, 0x73, 0xF7, 0xF0, 0x40, 0xDB,
-        0x4C, 0x63, 0xC1, 0xC4, 0x8A, 0x7B, 0x7A, 0x41,
-        0xF4, 0x77, 0x9A, 0x6B, 0x57, 0xA9, 0x22, 0xC9,
-        0x70, 0x77, 0x11, 0x80, 0x00, 0x84, 0x93, 0xD4,
-        0xC7, 0x68, 0x05, 0x40, 0x0B, 0x7C, 0x66, 0x4D,
-        0x0B, 0x92, 0xB2, 0x2C, 0x49, 0x55, 0x1B, 0x12,
-        0x47, 0xE6, 0x2C, 0x85, 0xE1, 0xE5, 0x40, 0xC8,
-        0x20, 0x93, 0x37, 0x10, 0x13, 0xC4, 0x67, 0x6C,
-        0xEA, 0xD7, 0x7C, 0x5F, 0x30, 0x64, 0xA3, 0x73,
-        0x49, 0xC7, 0x16, 0x5E, 0xB3, 0xAA, 0x7D, 0xEF,
-        0x87, 0x31, 0xE9, 0xD6, 0x6A, 0x56, 0x36, 0x8F,
-        0x19, 0x5C, 0x04, 0x5B, 0x2A, 0x50, 0xE5, 0x97,
-        0x86, 0x16, 0x1A, 0x63, 0x0D, 0x28, 0x00, 0x89,
-        0x80, 0x12, 0x98, 0xC1, 0x30, 0xE4, 0x48, 0x31,
-        0x50, 0xCA, 0x91, 0x52, 0xC2, 0xA0, 0xF2, 0x47,
-        0x75, 0x0C, 0x06, 0x22, 0x59, 0xB8, 0x4C, 0x28,
-        0x23, 0x6C, 0x3F, 0xB5, 0x46, 0x25, 0xD5, 0xCD,
-        0xBE, 0xCC, 0x68, 0xDB, 0xA2, 0x2F, 0xB1, 0x55,
-        0x80, 0x55, 0xFB, 0x9B, 0x24, 0x35, 0x01, 0xC7,
-        0x58, 0x51, 0xE7, 0x6A, 0xBE, 0x48, 0x47, 0xB9,
-        0xB9, 0x72, 0xA7, 0x34, 0x11, 0xA6, 0xB4, 0x28,
-        0x2B, 0xF5, 0x98, 0x3A, 0x82, 0xDA, 0x74, 0x13,
-        0xE5, 0x4B, 0xA3, 0x5B, 0xAB, 0x37, 0xA9, 0xB3,
-        0xC6, 0x28, 0x84, 0xB6, 0x43, 0xC1, 0x34, 0x16,
-        0x5C, 0x98, 0x70, 0xC6, 0xBB, 0x39, 0x0F, 0x6B,
-        0x7A, 0x1E, 0x57, 0x45, 0x15, 0x8F, 0xB2, 0x51,
-        0xD6, 0x90, 0x94, 0x33, 0x55, 0x1F, 0xEB, 0xD3,
-        0x0B, 0xA5, 0x75, 0xA1, 0xE2, 0xF1, 0x09, 0x58,
-        0x49, 0x8D, 0x9F, 0x14, 0x7E, 0xD9, 0x53, 0x13,
-        0x22, 0xA1, 0x60, 0x97, 0xF5, 0x5D, 0x81, 0x17,
-        0x95, 0x45, 0x79, 0x12, 0x91, 0x2B, 0x1C, 0x65,
-        0xF3, 0x80, 0x25, 0x42, 0x9B, 0x3E, 0x76, 0x4A,
-        0x2E, 0x1A, 0xBC, 0x4E, 0x30, 0xC2, 0x88, 0x08,
-        0x27, 0x42, 0x99, 0x55, 0x90, 0x98, 0x1C, 0x43,
-        0xDB, 0xB3, 0x65, 0x96, 0x6B, 0xCB, 0x97, 0x20,
-        0xB1, 0x78, 0xC5, 0xEB, 0x96, 0x3B, 0x82, 0x93,
-        0x4C, 0x02, 0x81, 0x4B, 0x75, 0x25, 0x54, 0x6D,
-        0xB7, 0xC9, 0x6D, 0x65, 0x82, 0x2E, 0x49, 0x42,
-        0xE4, 0xA4, 0xAC, 0x13, 0xC9, 0x94, 0x90, 0xE7,
-        0xAB, 0x4A, 0x70, 0x23, 0x71, 0xF2, 0x13, 0x16,
-        0xA5, 0x79, 0x06, 0xB1, 0x92, 0x58, 0x42, 0x88,
-        0x01, 0x19, 0x25, 0x67, 0xC2, 0x04, 0x5B, 0xF8,
-        0x77, 0x5C, 0xF5, 0x8C, 0x5D, 0xB2, 0x8B, 0xA1,
-        0xB0, 0x5E, 0x04, 0x2A, 0x18, 0x59, 0xE6, 0x42,
-        0x86, 0xB5, 0xB1, 0x14, 0xF3, 0x9F, 0xCA, 0xCC,
-        0x12, 0x7B, 0xE6, 0x3D, 0xFF, 0x59, 0x0B, 0xC1,
-        0x84, 0xB8, 0x3B, 0x16, 0x8C, 0x30, 0x19, 0x98,
-        0x90, 0x37, 0x41, 0x00, 0xE4, 0x0D, 0x2F, 0xC7,
-        0x75, 0x2B, 0x14, 0x30, 0x35, 0x50, 0x22, 0xF3,
-        0xD5, 0x89, 0x25, 0xD1, 0x99, 0x1B, 0xF3, 0xB9,
-        0x8A, 0x90, 0x39, 0x5F, 0x85, 0x79, 0x64, 0x6C,
-        0x84, 0x13, 0xBA, 0xB3, 0xC0, 0xC0, 0x70, 0x7A,
-        0x23, 0x8A, 0x27, 0xD0, 0x9F, 0xA5, 0x7A, 0x32,
-        0xFF, 0x85, 0x39, 0x2F, 0xD0, 0x8C, 0x2F, 0x22,
-        0x86, 0xAB, 0xDB, 0x2B, 0x69, 0x36, 0xB9, 0xD3,
-        0x50, 0x38, 0x02, 0xC6, 0xB5, 0x1E, 0x41, 0x5B,
-        0x81, 0x67, 0x3C, 0xC7, 0x80, 0x54, 0xF1, 0xB2,
-        0xC4, 0xBD, 0xFA, 0x73, 0x3E, 0x52, 0x64, 0xC5,
-        0x5A, 0x7C, 0x4D, 0xA5, 0xB7, 0x39, 0x44, 0x40,
-        0x24, 0x62, 0x03, 0x3D, 0x08, 0xAE, 0x62, 0x0B,
-        0xD0, 0x56, 0x44, 0xB4, 0x77, 0xAB, 0x31, 0x5E,
-        0x93, 0x6D, 0x3F, 0x25, 0xB5, 0xBA, 0x7A, 0xC1,
-        0x9E, 0xB5, 0x59, 0xA5, 0xC1, 0x19, 0x5F, 0x56,
-        0x8B, 0x31, 0x3C, 0x26, 0x75, 0x09, 0x2E, 0x6D,
-        0xF5, 0x8F, 0xF3, 0x99, 0xC4, 0x2C, 0xAB, 0x63,
-        0x63, 0xAA, 0x03, 0x36, 0x91, 0xCB, 0x8C, 0xE0,
-        0x66, 0x99, 0xE7, 0x01, 0xF2, 0xB9, 0x25, 0x97,
-        0xCB, 0x8F, 0xC2, 0x35, 0x16, 0xE9, 0xF4, 0x0C,
-        0xE7, 0x5B, 0x7B, 0xC1, 0xE0, 0x52, 0x0A, 0x5A,
-        0x38, 0x95, 0xEB, 0x7D, 0x8D, 0x47, 0x40, 0x09,
-        0xA0, 0xCB, 0x0A, 0xDC, 0x2D, 0xF4, 0x76, 0xB5,
-        0x16, 0x41, 0x12, 0xC3, 0xB6, 0x00, 0xB6, 0x77,
-        0x6D, 0xAB, 0x49, 0xB2, 0x03, 0x81, 0xA4, 0x01,
-        0x46, 0x91, 0x65, 0x2A, 0x3C, 0x31, 0x61, 0xAA,
-        0xC6, 0x61, 0x6C, 0xFA, 0xA2, 0x65, 0x63, 0x8C,
-        0x6C, 0x66, 0x5A, 0x84, 0x54, 0xF3, 0x67, 0x80,
-        0xB7, 0x89, 0xCF, 0xA3, 0x5D, 0x2A, 0xF4, 0x9E,
-        0x6D, 0x5F, 0x48, 0x2B, 0xFA, 0x3C, 0x86, 0x4B,
-        0x0E, 0xF2, 0x9E, 0x18, 0xD2, 0xEF, 0xFF, 0x92,
-        0xDB, 0x18, 0x76, 0xA2, 0x20, 0x76, 0xAB, 0x1A,
-        0xAC, 0x0A, 0x73, 0x93, 0xED, 0x9E, 0x5A, 0x48
+        0x30, 0x7A, 0x4C, 0xEA, 0x41, 0x48, 0x21, 0x9B,
+        0x95, 0x8E, 0xA0, 0xB7, 0x88, 0x66, 0x59, 0x23,
+        0x5A, 0x4D, 0x19, 0x80, 0xB1, 0x92, 0x61, 0x08,
+        0x47, 0xD8, 0x6E, 0xF3, 0x27, 0x39, 0xF9, 0x4C,
+        0x3B, 0x44, 0x6C, 0x4D, 0x81, 0xD8, 0x9B, 0x8B,
+        0x42, 0x2A, 0x9D, 0x07, 0x9C, 0x88, 0xB1, 0x1A,
+        0xCA, 0xF3, 0x21, 0xB0, 0x14, 0x29, 0x4E, 0x18,
+        0xB2, 0x96, 0xE5, 0x2F, 0x3F, 0x74, 0x4C, 0xF9,
+        0x63, 0x4A, 0x4F, 0xB0, 0x1D, 0xB0, 0xD9, 0x9E,
+        0xF2, 0x0A, 0x63, 0x3A, 0x55, 0x2E, 0x76, 0xA0,
+        0x58, 0x5C, 0x61, 0x09, 0xF0, 0x18, 0x76, 0x8B,
+        0x76, 0x3A, 0xF3, 0x67, 0x8B, 0x47, 0x80, 0x08,
+        0x9C, 0x13, 0x42, 0xB9, 0x69, 0x07, 0xA2, 0x9A,
+        0x1C, 0x11, 0x52, 0x1C, 0x74, 0x4C, 0x27, 0x97,
+        0xD0, 0xBF, 0x2B, 0x9C, 0xCD, 0xCA, 0x61, 0x46,
+        0x72, 0xB4, 0x50, 0x76, 0x77, 0x3F, 0x45, 0x8A,
+        0x31, 0xEF, 0x86, 0x9B, 0xE1, 0xEB, 0x2E, 0xFE,
+        0xB5, 0x0D, 0x0E, 0x37, 0x49, 0x5D, 0xC5, 0xCA,
+        0x55, 0xE0, 0x75, 0x28, 0x93, 0x4F, 0x62, 0x93,
+        0xC4, 0x16, 0x80, 0x27, 0xD0, 0xE5, 0x3D, 0x07,
+        0xFA, 0xCC, 0x66, 0x30, 0xCB, 0x08, 0x19, 0x7E,
+        0x53, 0xFB, 0x19, 0x3A, 0x17, 0x11, 0x35, 0xDC,
+        0x8A, 0xD9, 0x97, 0x94, 0x02, 0xA7, 0x1B, 0x69,
+        0x26, 0xBC, 0xDC, 0xDC, 0x47, 0xB9, 0x34, 0x01,
+        0x91, 0x0A, 0x5F, 0xCC, 0x1A, 0x81, 0x3B, 0x68,
+        0x2B, 0x09, 0xBA, 0x7A, 0x72, 0xD2, 0x48, 0x6D,
+        0x6C, 0x79, 0x95, 0x16, 0x46, 0x5C, 0x14, 0x72,
+        0x9B, 0x26, 0x94, 0x9B, 0x0B, 0x7C, 0xBC, 0x7C,
+        0x64, 0x0F, 0x26, 0x7F, 0xED, 0x80, 0xB1, 0x62,
+        0xC5, 0x1F, 0xD8, 0xE0, 0x92, 0x27, 0xC1, 0x01,
+        0xD5, 0x05, 0xA8, 0xFA, 0xE8, 0xA2, 0xD7, 0x05,
+        0x4E, 0x28, 0xA7, 0x8B, 0xA8, 0x75, 0x0D, 0xEC,
+        0xF9, 0x05, 0x7C, 0x83, 0x97, 0x9F, 0x7A, 0xBB,
+        0x08, 0x49, 0x45, 0x64, 0x80, 0x06, 0xC5, 0xB2,
+        0x88, 0x04, 0xF3, 0x4E, 0x73, 0xB2, 0x38, 0x11,
+        0x1A, 0x65, 0xA1, 0xF5, 0x00, 0xB1, 0xCC, 0x60,
+        0x6A, 0x84, 0x8F, 0x28, 0x59, 0x07, 0x0B, 0xEB,
+        0xA7, 0x57, 0x31, 0x79, 0xF3, 0x61, 0x49, 0xCF,
+        0x58, 0x01, 0xBF, 0x89, 0xA1, 0xC3, 0x8C, 0xC2,
+        0x78, 0x41, 0x55, 0x28, 0xD0, 0x3B, 0xDB, 0x94,
+        0x3F, 0x96, 0x28, 0x0C, 0x8C, 0xC5, 0x20, 0x42,
+        0xD9, 0xB9, 0x1F, 0xAA, 0x9D, 0x6E, 0xA7, 0xBC,
+        0xBB, 0x7A, 0xB1, 0x89, 0x7A, 0x32, 0x66, 0x96,
+        0x6F, 0x78, 0x39, 0x34, 0x26, 0xC7, 0x6D, 0x8A,
+        0x49, 0x57, 0x8B, 0x98, 0xB1, 0x59, 0xEB, 0xB4,
+        0x6E, 0xE0, 0xA8, 0x83, 0xA2, 0x70, 0xD8, 0x05,
+        0x7C, 0xD0, 0x23, 0x1C, 0x86, 0x90, 0x6A, 0x91,
+        0xDB, 0xBA, 0xDE, 0x6B, 0x24, 0x69, 0x58, 0x1E,
+        0x2B, 0xCA, 0x2F, 0xEA, 0x83, 0x89, 0xF7, 0xC7,
+        0x4B, 0xCD, 0x70, 0x96, 0x1E, 0xA5, 0xB9, 0x34,
+        0xFB, 0xCF, 0x9A, 0x65, 0x90, 0xBF, 0x86, 0xB8,
+        0xDB, 0x54, 0x88, 0x54, 0xD9, 0xA3, 0xFB, 0x30,
+        0x11, 0x04, 0x33, 0xBD, 0x7A, 0x1B, 0x65, 0x9C,
+        0xA8, 0x56, 0x80, 0x85, 0x63, 0x92, 0x37, 0xB3,
+        0xBD, 0xC3, 0x7B, 0x7F, 0xA7, 0x16, 0xD4, 0x82,
+        0xA2, 0x5B, 0x54, 0x10, 0x6B, 0x3A, 0x8F, 0x54,
+        0xD3, 0xAA, 0x99, 0xB5, 0x12, 0x3D, 0xA9, 0x60,
+        0x66, 0x90, 0x45, 0x92, 0xF3, 0xA5, 0x4E, 0xE2,
+        0x3A, 0x79, 0x81, 0xAB, 0x60, 0x8A, 0x2F, 0x44,
+        0x13, 0xCC, 0x65, 0x89, 0x46, 0xC6, 0xD7, 0x78,
+        0x0E, 0xA7, 0x65, 0x64, 0x4B, 0x3C, 0xC0, 0x6C,
+        0x70, 0x03, 0x4A, 0xB4, 0xEB, 0x35, 0x19, 0x12,
+        0xE7, 0x71, 0x5B, 0x56, 0x75, 0x5D, 0x09, 0x02,
+        0x15, 0x71, 0xBF, 0x34, 0x0A, 0xB9, 0x25, 0x98,
+        0xA2, 0x4E, 0x81, 0x18, 0x93, 0x19, 0x5B, 0x96,
+        0xA1, 0x62, 0x9F, 0x80, 0x41, 0xF5, 0x86, 0x58,
+        0x43, 0x15, 0x61, 0xFC, 0x0A, 0xB1, 0x52, 0x92,
+        0xB9, 0x13, 0xEC, 0x47, 0x3F, 0x04, 0x47, 0x9B,
+        0xC1, 0x45, 0xCD, 0x4C, 0x56, 0x3A, 0x28, 0x62,
+        0x35, 0x64, 0x6C, 0xD3, 0x05, 0xA9, 0xBE, 0x10,
+        0x14, 0xE2, 0xC7, 0xB1, 0x30, 0xC3, 0x3E, 0xB7,
+        0x7C, 0xC4, 0xA0, 0xD9, 0x78, 0x6B, 0xD6, 0xBC,
+        0x2A, 0x95, 0x4B, 0xF3, 0x00, 0x57, 0x78, 0xF8,
+        0x91, 0x7C, 0xE1, 0x37, 0x89, 0xBB, 0xB9, 0x62,
+        0x80, 0x78, 0x58, 0xB6, 0x77, 0x31, 0x57, 0x2B,
+        0x6D, 0x3C, 0x9B, 0x4B, 0x52, 0x06, 0xFA, 0xC9,
+        0xA7, 0xC8, 0x96, 0x16, 0x98, 0xD8, 0x83, 0x24,
+        0xA9, 0x15, 0x18, 0x68, 0x99, 0xB2, 0x99, 0x23,
+        0xF0, 0x84, 0x42, 0xA3, 0xD3, 0x86, 0xBD, 0x41,
+        0x6B, 0xCC, 0x9A, 0x10, 0x01, 0x64, 0xC9, 0x30,
+        0xEC, 0x35, 0xEA, 0xFB, 0x6A, 0xB3, 0x58, 0x51,
+        0xB6, 0xC8, 0xCE, 0x63, 0x77, 0x36, 0x6A, 0x17,
+        0x5F, 0x3D, 0x75, 0x29, 0x8C, 0x51, 0x8D, 0x44,
+        0x89, 0x89, 0x33, 0xF5, 0x3D, 0xEE, 0x61, 0x71,
+        0x45, 0x09, 0x33, 0x79, 0xC4, 0x65, 0x9F, 0x68,
+        0x58, 0x3B, 0x2B, 0x28, 0x12, 0x26, 0x66, 0xBE,
+        0xC5, 0x78, 0x38, 0x99, 0x1F, 0xF1, 0x6C, 0x36,
+        0x8D, 0xD2, 0x2C, 0x36, 0xE7, 0x80, 0xC9, 0x1A,
+        0x35, 0x82, 0xE2, 0x5E, 0x19, 0x79, 0x4C, 0x6B,
+        0xF2, 0xAB, 0x42, 0x45, 0x8A, 0x8D, 0xD7, 0x70,
+        0x5D, 0xE2, 0xC2, 0xAA, 0x20, 0xC0, 0x54, 0xE8,
+        0x4B, 0x3E, 0xF3, 0x50, 0x32, 0x79, 0x86, 0x26,
+        0xC2, 0x48, 0x26, 0x32, 0x53, 0xA7, 0x1A, 0x11,
+        0x94, 0x35, 0x71, 0x34, 0x0A, 0x97, 0x8C, 0xD0,
+        0xA6, 0x02, 0xE4, 0x7D, 0xEE, 0x54, 0x0A, 0x88,
+        0x14, 0xBA, 0x06, 0xF3, 0x14, 0x14, 0x79, 0x7C,
+        0xDF, 0x60, 0x49, 0x58, 0x23, 0x61, 0xBB, 0xAB,
+        0xA3, 0x87, 0xA8, 0x3D, 0x89, 0x91, 0x3F, 0xE4,
+        0xC0, 0xC1, 0x12, 0xB9, 0x56, 0x21, 0xA4, 0xBD,
+        0xA8, 0x12, 0x3A, 0x14, 0xD1, 0xA8, 0x42, 0xFB,
+        0x57, 0xB8, 0x3A, 0x4F, 0xBA, 0xF3, 0x3A, 0x8E,
+        0x55, 0x22, 0x38, 0xA5, 0x96, 0xAA, 0xE7, 0xA1,
+        0x50, 0xD7, 0x5D, 0xA6, 0x48, 0xBC, 0x44, 0x64,
+        0x49, 0x77, 0xBA, 0x1F, 0x87, 0xA4, 0xC6, 0x8A,
+        0x8C, 0x4B, 0xD2, 0x45, 0xB7, 0xD0, 0x07, 0x21,
+        0xF7, 0xD6, 0x4E, 0x82, 0x2B, 0x08, 0x5B, 0x90,
+        0x13, 0x12, 0xEC, 0x37, 0xA8, 0x16, 0x98, 0x02,
+        0x16, 0x0C, 0xCE, 0x11, 0x60, 0xF0, 0x10, 0xBE,
+        0x8C, 0xBC, 0xAC, 0xE8, 0xE7, 0xB0, 0x05, 0xD7,
+        0x83, 0x92, 0x34, 0xA7, 0x07, 0x86, 0x83, 0x09,
+        0xD0, 0x37, 0x84, 0xB4, 0x27, 0x3B, 0x1C, 0x8A,
+        0x16, 0x01, 0x33, 0xED, 0x29, 0x81, 0x84, 0x70,
+        0x46, 0x25, 0xF2, 0x9C, 0xFA, 0x08, 0x6D, 0x13,
+        0x26, 0x3E, 0xE5, 0x89, 0x91, 0x23, 0xC5, 0x96,
+        0xBA, 0x78, 0x8E, 0x5C, 0x54, 0xA8, 0xE9, 0xBA,
+        0x82, 0x9B, 0x8A, 0x9D, 0x90, 0x4B, 0xC4, 0xBC,
+        0x0B, 0xBE, 0xA7, 0x6B, 0xC5, 0x3F, 0xF8, 0x11,
+        0x21, 0x45, 0x98, 0x47, 0x2C, 0x9C, 0x20, 0x2B,
+        0x73, 0xEF, 0xF0, 0x35, 0xDC, 0x09, 0x70, 0x3A,
+        0xF7, 0xBF, 0x1B, 0xAB, 0xAA, 0xC7, 0x31, 0x93,
+        0xCB, 0x46, 0x11, 0x7A, 0x7C, 0x94, 0x92, 0xA4,
+        0x3F, 0xC9, 0x57, 0x89, 0xA9, 0x24, 0xC5, 0x91,
+        0x27, 0x87, 0xB2, 0xE2, 0x09, 0x0E, 0xBB, 0xCF,
+        0xD3, 0x79, 0x62, 0x21, 0xF0, 0x6D, 0xEB, 0xF9,
+        0xCF, 0x70, 0xE0, 0x56, 0xB8, 0xB9, 0x16, 0x1D,
+        0x63, 0x47, 0xF4, 0x73, 0x35, 0xF3, 0xE1, 0x77,
+        0x6D, 0xA4, 0xBB, 0x87, 0xC1, 0x5C, 0xC8, 0x26,
+        0x14, 0x6F, 0xF0, 0x24, 0x9A, 0x41, 0x3B, 0x45,
+        0xAA, 0x93, 0xA8, 0x05, 0x19, 0x6E, 0xA4, 0x53,
+        0x11, 0x4B, 0x52, 0x4E, 0x31, 0x0A, 0xED, 0xAA,
+        0x46, 0xE3, 0xB9, 0x96, 0x42, 0x36, 0x87, 0x82,
+        0x56, 0x6D, 0x04, 0x9A, 0x72, 0x6D, 0x6C, 0xCA,
+        0x91, 0x09, 0x93, 0xAE, 0xD6, 0x21, 0xD0, 0x14,
+        0x9E, 0xA5, 0x88, 0xA9, 0xAB, 0xD9, 0x09, 0xDB,
+        0xB6, 0x9A, 0xA2, 0x28, 0x29, 0xD9, 0xB8, 0x3A,
+        0xDA, 0x22, 0x09, 0xA6, 0xC2, 0x65, 0x9F, 0x21,
+        0x69, 0xD6, 0x68, 0xB9, 0x31, 0x48, 0x42, 0xC6,
+        0xE2, 0x2A, 0x74, 0x95, 0x8B, 0x4C, 0x25, 0xBB,
+        0xDC, 0xD2, 0x93, 0xD9, 0x9C, 0xB6, 0x09, 0xD8,
+        0x66, 0x74, 0x9A, 0x48, 0x5D, 0xFB, 0x56, 0x02,
+        0x48, 0x83, 0xCF, 0x54, 0x65, 0xDB, 0xA0, 0x36,
+        0x32, 0x06, 0x58, 0x7F, 0x45, 0x59, 0x7F, 0x89,
+        0x00, 0x2F, 0xB8, 0x60, 0x72, 0x32, 0x13, 0x8E,
+        0x03, 0xB2, 0xA8, 0x94, 0x52, 0x5F, 0x26, 0x53,
+        0x70, 0x05, 0x4B, 0x48, 0x86, 0x36, 0x14, 0x47,
+        0x2B, 0x95, 0xD0, 0xA2, 0x30, 0x34, 0x42, 0xE3,
+        0x78, 0xB0, 0xDD, 0x1C, 0x75, 0xAC, 0xBA, 0xB9,
+        0x71, 0xA9, 0xA8, 0xD1, 0x28, 0x1C, 0x79, 0x61,
+        0x3A, 0xCE, 0xC6, 0x93, 0x3C, 0x37, 0x7B, 0x3C,
+        0x57, 0x8C, 0x2A, 0x61, 0xA1, 0xEC, 0x18, 0x1B,
+        0x10, 0x12, 0x97, 0xA3, 0x7C, 0xC5, 0x19, 0x7B,
+        0x29, 0x42, 0xF6, 0xA0, 0xE4, 0x70, 0x4C, 0x0E,
+        0xC6, 0x35, 0x40, 0x48, 0x1B, 0x9F, 0x15, 0x9D,
+        0xC2, 0x55, 0xB5, 0x9B, 0xB5, 0x5D, 0xF4, 0x96,
+        0xAE, 0x54, 0x21, 0x7B, 0x76, 0x89, 0xBD, 0x51,
+        0xDB, 0xA0, 0x38, 0x3A, 0x3D, 0x72, 0xD8, 0x52,
+        0xFF, 0xCA, 0x76, 0xDF, 0x05, 0xB6, 0x6E, 0xEC,
+        0xCB, 0xD4, 0x7B, 0xC5, 0x30, 0x40, 0x81, 0x76,
+        0x28, 0xC7, 0x1E, 0x36, 0x1D, 0x6A, 0xF8, 0x89,
+        0x08, 0x49, 0x16, 0xB4, 0x08, 0xA4, 0x66, 0xC9,
+        0x6E, 0x70, 0x86, 0xC4, 0xA6, 0x0A, 0x10, 0xFC,
+        0xF7, 0x53, 0x7B, 0xB9, 0x4A, 0xFB, 0xCC, 0x7D,
+        0x43, 0x75, 0x90, 0x91, 0x9C, 0x28, 0x65, 0x0C,
+        0x4F, 0x23, 0x68, 0x25, 0x92, 0x26, 0xA9, 0xBF,
+        0xDA, 0x3A, 0x3A, 0x0B, 0xA1, 0xB5, 0x08, 0x7D,
+        0x9D, 0x76, 0x44, 0x2F, 0xD7, 0x86, 0xC6, 0xF8,
+        0x1C, 0x68, 0xC0, 0x36, 0x0D, 0x71, 0x94, 0xD7,
+        0x07, 0x2C, 0x45, 0x33, 0xAE, 0xA8, 0x6C, 0x2D,
+        0x1F, 0x8C, 0x0A, 0x27, 0x69, 0x60, 0x66, 0xF6,
+        0xCF, 0xD1, 0x10, 0x03, 0xF7, 0x97, 0x27, 0x0B,
+        0x32, 0x38, 0x97, 0x13, 0xCF, 0xFA, 0x09, 0x3D,
+        0x99, 0x1B, 0x63, 0x84, 0x4C, 0x38, 0x5E, 0x72,
+        0x27, 0x7F, 0x16, 0x6F, 0x5A, 0x39, 0x34, 0xD6,
+        0xBB, 0x89, 0xA4, 0x78, 0x8D, 0xE2, 0x83, 0x21,
+        0xDE, 0xFC, 0x74, 0x57, 0xAB, 0x48, 0x4B, 0xD3,
+        0x09, 0x86, 0xDC, 0x1D, 0xAB, 0x30, 0x08, 0xCD,
+        0x7B, 0x22, 0xF6, 0x97, 0x02, 0xFA, 0xBB, 0x9A,
+        0x10, 0x45, 0x40, 0x7D, 0xA4, 0x79, 0x1C, 0x35,
+        0x90, 0xFF, 0x59, 0x9D, 0x81, 0xD6, 0x88, 0xCF,
+        0xA7, 0xCC, 0x12, 0xA6, 0x8C, 0x50, 0xF5, 0x1A,
+        0x10, 0x09, 0x41, 0x1B, 0x44, 0x85, 0x0F, 0x90,
+        0x15, 0xDC, 0x84, 0xA9, 0x3B, 0x17, 0xC7, 0xA2,
+        0x07, 0x55, 0x2C, 0x66, 0x1E, 0xA9, 0x83, 0x8E,
+        0x31, 0xB9, 0x5E, 0xAD, 0x54, 0x62, 0x48, 0xE5,
+        0x6B, 0xE7, 0xA5, 0x13, 0x05, 0x05, 0x26, 0x87,
+        0x71, 0x19, 0x98, 0x80, 0xA1, 0x41, 0x77, 0x1A,
+        0x9E, 0x47, 0xAC, 0xFE, 0xD5, 0x90, 0xCB, 0x3A,
+        0xA7, 0xCB, 0x7C, 0x5F, 0x74, 0x91, 0x1D, 0x89,
+        0x12, 0xC2, 0x9D, 0x62, 0x33, 0xF4, 0xD5, 0x3B,
+        0xC6, 0x41, 0x39, 0xE2, 0xF5, 0x5B, 0xE7, 0x55,
+        0x07, 0xDD, 0x77, 0x86, 0x8E, 0x38, 0x4A, 0xEC,
+        0x58, 0x1F, 0x3F, 0x41, 0x1D, 0xB1, 0xA7, 0x42,
+        0x97, 0x2D, 0x3E, 0xBF, 0xD3, 0x31, 0x5C, 0x84,
+        0xA5, 0xAD, 0x63, 0xA0, 0xE7, 0x5C, 0x8B, 0xCA,
+        0x3E, 0x30, 0x41, 0xE0, 0x5D, 0x90, 0x67, 0xAF,
+        0xF3, 0xB1, 0x24, 0x4F, 0x76, 0x3E, 0x79, 0x83
     };
     static const byte seed_1024[KYBER_ENC_RAND_SZ] = {
-        0x03, 0x4F, 0xF1, 0x4A, 0x56, 0x24, 0x9C, 0x25,
-        0x21, 0xD4, 0x27, 0x9E, 0xBA, 0x3D, 0x04, 0x93,
-        0x1C, 0xC8, 0x92, 0xBB, 0xC4, 0x50, 0x02, 0xB5,
-        0xB3, 0x3D, 0x9F, 0x01, 0x88, 0xAC, 0xBA, 0xF6
+        0x59, 0xC5, 0x15, 0x4C, 0x04, 0xAE, 0x43, 0xAA,
+        0xFF, 0x32, 0x70, 0x0F, 0x08, 0x17, 0x00, 0x38,
+        0x9D, 0x54, 0xBE, 0xC4, 0xC3, 0x7C, 0x08, 0x8B,
+        0x1C, 0x53, 0xF6, 0x62, 0x12, 0xB1, 0x2C, 0x72
     };
     static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = {
-        0x8D, 0x4E, 0x2C, 0xB3, 0x9F, 0xFD, 0xE4, 0x31,
-        0x1A, 0xEE, 0xDB, 0x23, 0x38, 0xBF, 0x58, 0xCE,
-        0x11, 0xFA, 0xDA, 0xBD, 0xC9, 0x81, 0x3A, 0x32,
-        0x19, 0x30, 0xF4, 0x67, 0x56, 0xDD, 0x13, 0xA8,
-        0xE7, 0x91, 0x9F, 0xAC, 0x4F, 0x59, 0xCC, 0x9F,
-        0x8B, 0x91, 0xC8, 0x33, 0xB3, 0xB3, 0xF9, 0x1A,
-        0xDC, 0x6F, 0x9F, 0xBD, 0xBD, 0xE2, 0xF7, 0xDA,
-        0xE8, 0x84, 0x1B, 0xE5, 0x23, 0x8B, 0x98, 0x50,
-        0xA5, 0xEE, 0xBE, 0x67, 0x5D, 0xDE, 0xF4, 0x2A,
-        0x93, 0x14, 0xF6, 0x90, 0x59, 0x5D, 0x51, 0x52,
-        0x3E, 0x81, 0x17, 0xF2, 0x22, 0x66, 0x03, 0x4F,
-        0x09, 0xB7, 0x7D, 0x99, 0x1E, 0xE5, 0x75, 0x80,
-        0x2A, 0xFE, 0x44, 0x63, 0x74, 0xEB, 0x3D, 0x9E,
-        0x1B, 0xEB, 0x8F, 0x25, 0x04, 0x9C, 0x6E, 0xFA,
-        0x96, 0x32, 0x73, 0x66, 0xC0, 0x24, 0xCD, 0xFB,
-        0xE8, 0xDC, 0x27, 0xEF, 0x56, 0x49, 0x2C, 0x90,
-        0x40, 0x9E, 0x87, 0x13, 0x9C, 0x60, 0x88, 0x48,
-        0x8E, 0x17, 0xB8, 0x2D, 0x15, 0x56, 0xC2, 0x51,
-        0x31, 0xAC, 0xEE, 0x7D, 0xAF, 0xFE, 0x2D, 0x43,
-        0x7C, 0xEC, 0x34, 0x41, 0xBB, 0xBB, 0xAB, 0x80,
-        0xC4, 0xBF, 0x17, 0x7E, 0x65, 0x3A, 0xE0, 0x83,
-        0x1C, 0x9B, 0x4C, 0xEB, 0x70, 0x50, 0x57, 0x27,
-        0xD6, 0x3C, 0x4D, 0x47, 0x4F, 0xED, 0xC5, 0x20,
-        0x19, 0xBE, 0x41, 0x1C, 0x9A, 0x43, 0xB8, 0x71,
-        0x70, 0xF5, 0x89, 0x3F, 0x06, 0xEC, 0xD8, 0xD7,
-        0x82, 0x06, 0x3D, 0xF8, 0x93, 0xA1, 0xB6, 0x82,
-        0x24, 0x6D, 0x1C, 0x64, 0xF8, 0xF5, 0xA8, 0xC6,
-        0xFC, 0xDF, 0x07, 0x92, 0x7F, 0x4D, 0x5B, 0x7A,
-        0x39, 0x7F, 0xBC, 0xBD, 0x07, 0x50, 0x45, 0xDF,
-        0x2C, 0x4A, 0x36, 0xF5, 0x30, 0x4C, 0x95, 0xF4,
-        0x4A, 0xF9, 0x27, 0xAE, 0x91, 0x66, 0x42, 0x0B,
-        0x39, 0x44, 0x87, 0x94, 0xF5, 0xB3, 0xC3, 0x52,
-        0x27, 0xC3, 0xC9, 0xDF, 0x92, 0x56, 0x02, 0xA1,
-        0xAC, 0x98, 0xF8, 0x51, 0xAA, 0xDB, 0x65, 0xC9,
-        0x3F, 0xDD, 0x63, 0x27, 0xAE, 0xD8, 0xAE, 0x41,
-        0x29, 0x72, 0x44, 0x36, 0xA3, 0x3A, 0xA0, 0x8A,
-        0xA5, 0x66, 0x08, 0x85, 0x5F, 0xF8, 0x0A, 0xAA,
-        0x42, 0xAC, 0xA4, 0x56, 0x2B, 0x2D, 0x78, 0xDB,
-        0xBD, 0x2F, 0x91, 0xAE, 0xF2, 0x51, 0x56, 0x6B,
-        0x8C, 0x6F, 0x98, 0x21, 0x37, 0x84, 0xC9, 0x9D,
-        0xD7, 0xD7, 0x1F, 0x49, 0x55, 0x64, 0xC9, 0x08,
-        0x50, 0x1E, 0x35, 0xE3, 0xBF, 0xBB, 0x67, 0x5C,
-        0xCB, 0x66, 0x63, 0x52, 0x87, 0xCB, 0x64, 0x66,
-        0xE6, 0xE3, 0x8E, 0xA8, 0xAB, 0x11, 0xCE, 0x7E,
-        0xC6, 0x0B, 0xED, 0x86, 0x20, 0xB3, 0xDC, 0xD6,
-        0x94, 0x3D, 0x12, 0x79, 0xA4, 0x1F, 0x93, 0xA8,
-        0x7F, 0xA3, 0x59, 0xE5, 0x13, 0xC8, 0x1D, 0xE9,
-        0x18, 0xDA, 0x88, 0x32, 0x2B, 0x1B, 0x08, 0x81,
-        0x40, 0xE0, 0x74, 0xBE, 0x39, 0xBC, 0x17, 0xE3,
-        0xC5, 0x1A, 0xB7, 0x19, 0xDF, 0x6E, 0x42, 0x6D,
-        0x64, 0xFF, 0x94, 0xB8, 0x66, 0x2B, 0x9D, 0xD2,
-        0x6A, 0x32, 0xA3, 0xC3, 0x68, 0x7B, 0xF9, 0x29,
-        0x4C, 0x53, 0x7A, 0x22, 0x68, 0xF9, 0xDE, 0xD3,
-        0x80, 0xCC, 0x8A, 0x0F, 0x11, 0x27, 0xEE, 0x5A,
-        0x32, 0x2B, 0x4D, 0xF2, 0x4D, 0x87, 0xFB, 0xCE,
-        0x76, 0xF5, 0x60, 0xB0, 0x37, 0xC6, 0x59, 0xB6,
-        0xFB, 0x15, 0xC1, 0x56, 0x07, 0x1A, 0xED, 0xC2,
-        0x6E, 0xF1, 0x11, 0x40, 0xDE, 0x88, 0xD0, 0x8D,
-        0x46, 0x3E, 0xA0, 0xEA, 0xF0, 0x80, 0xA0, 0xB2,
-        0xE6, 0x27, 0xD9, 0xFF, 0x1D, 0x56, 0xC5, 0x02,
-        0x33, 0x55, 0x24, 0x26, 0x97, 0x27, 0xA0, 0x32,
-        0xDA, 0xCD, 0x16, 0x54, 0x3A, 0xDA, 0x83, 0x42,
-        0xCD, 0x6C, 0xB4, 0x0E, 0x72, 0x28, 0x59, 0x2C,
-        0x35, 0x74, 0xD9, 0x82, 0xE0, 0xB9, 0x14, 0x5E,
-        0xB8, 0x65, 0xDB, 0x2E, 0xE7, 0x81, 0x07, 0x26,
-        0xA9, 0x16, 0xB8, 0x37, 0xCA, 0x4F, 0x14, 0xC2,
-        0xCB, 0x9E, 0x95, 0x1B, 0xDE, 0x76, 0xBE, 0x16,
-        0xB8, 0xB1, 0xCD, 0xC2, 0xEE, 0xCD, 0xC0, 0x69,
-        0x49, 0xB8, 0xBE, 0xB1, 0x17, 0x86, 0xB8, 0xF2,
-        0x5F, 0x4C, 0x9A, 0xFA, 0x55, 0x97, 0xCE, 0xB1,
-        0xD8, 0x5F, 0xC9, 0xB9, 0xC9, 0x1D, 0xC6, 0x19,
-        0x66, 0xF3, 0x96, 0x09, 0x1E, 0x54, 0xC9, 0x6C,
-        0x97, 0xA4, 0x30, 0x0E, 0x99, 0xFD, 0x9F, 0x75,
-        0x2C, 0x0B, 0xEF, 0x5D, 0x88, 0xCA, 0xFB, 0xDC,
-        0xB3, 0x99, 0x3F, 0xCF, 0x6C, 0x7A, 0x8C, 0x55,
-        0x19, 0xFC, 0xEC, 0xB6, 0xA7, 0x91, 0x17, 0xE9,
-        0xB5, 0x21, 0x68, 0x01, 0x97, 0xD8, 0xA9, 0x1A,
-        0xB7, 0x5F, 0x18, 0x14, 0xDB, 0xC5, 0x80, 0x75,
-        0xEF, 0x4F, 0x07, 0x98, 0x7A, 0xBC, 0x56, 0xA7,
-        0x5D, 0xA4, 0x41, 0x6E, 0xDB, 0x9D, 0x6F, 0x3D,
-        0x77, 0x1A, 0xD3, 0x40, 0xD5, 0xCB, 0xCF, 0xC0,
-        0xE5, 0x71, 0xFA, 0x70, 0xAA, 0xC1, 0xC7, 0xDB,
-        0xBB, 0x5F, 0x5C, 0x5E, 0x1D, 0x8B, 0x10, 0x36,
-        0xF5, 0xA6, 0xFC, 0xFD, 0x06, 0x25, 0xAB, 0x5B,
-        0xBD, 0xA5, 0x71, 0x83, 0x9C, 0x58, 0x35, 0xDD,
-        0x69, 0x79, 0x77, 0x8F, 0x59, 0xD3, 0x48, 0x68,
-        0x4F, 0xA6, 0xCF, 0xC2, 0xA6, 0x25, 0x35, 0xB4,
-        0x7F, 0xAD, 0x7F, 0x97, 0xB5, 0x21, 0x88, 0x72,
-        0xD5, 0x2D, 0xCA, 0xCE, 0x9D, 0x3C, 0x1B, 0x11,
-        0x62, 0x8D, 0x35, 0x2A, 0xD8, 0x21, 0x90, 0x0F,
-        0x44, 0xE1, 0x4B, 0x64, 0x7F, 0x6B, 0xFA, 0x70,
-        0xF6, 0x46, 0xB5, 0xC7, 0xAF, 0x53, 0x13, 0x17,
-        0x7A, 0x10, 0x95, 0x49, 0x44, 0x22, 0x91, 0x53,
-        0xA4, 0x49, 0xFC, 0xF8, 0x9A, 0x62, 0x63, 0xBD,
-        0xBF, 0x85, 0x56, 0xE9, 0x81, 0xE5, 0xD6, 0x25,
-        0x13, 0x40, 0xF9, 0xF4, 0x3C, 0x66, 0x92, 0x03,
-        0x0F, 0xB9, 0x60, 0x5B, 0xB9, 0x9F, 0x33, 0xE9,
-        0x6F, 0x06, 0xD1, 0xE4, 0xE6, 0xAB, 0xBE, 0x65,
-        0xE1, 0x46, 0x96, 0xD5, 0x30, 0xF1, 0xB5, 0x25,
-        0xFF, 0xF8, 0x7D, 0x54, 0xC1, 0xAC, 0x2F, 0x5E,
-        0x96, 0x4D, 0x46, 0xEE, 0x37, 0xF4, 0x04, 0x5B,
-        0x54, 0xE6, 0x09, 0x8F, 0x76, 0xB2, 0x8E, 0xAF,
-        0x69, 0xE9, 0x98, 0x88, 0x8D, 0x25, 0xE0, 0x21,
-        0xA5, 0x38, 0xFD, 0x19, 0x56, 0xA7, 0xFC, 0x30,
-        0xAE, 0x83, 0xF8, 0xBA, 0x99, 0x47, 0xF8, 0x64,
-        0xFD, 0x59, 0x73, 0x1A, 0x6F, 0xBB, 0x40, 0x2A,
-        0xF2, 0x99, 0x0E, 0x1E, 0xD2, 0xD5, 0x6B, 0xF6,
-        0x2A, 0xA6, 0xCE, 0xAE, 0x6F, 0x76, 0x9D, 0x2D,
-        0x0C, 0x6C, 0x31, 0x3D, 0x7A, 0xAF, 0x97, 0x4E,
-        0x69, 0xDC, 0x02, 0xCC, 0x43, 0x18, 0xB9, 0x45,
-        0x7B, 0x8C, 0xC4, 0x06, 0x56, 0xAB, 0x7B, 0x61,
-        0x34, 0xDE, 0x3F, 0x98, 0x01, 0xCE, 0x01, 0x96,
-        0x99, 0xCE, 0x85, 0x5E, 0xBE, 0x9C, 0x6C, 0x02,
-        0xFD, 0x08, 0x50, 0x6F, 0x00, 0x4A, 0x4E, 0xED,
-        0x2C, 0xA1, 0x66, 0xC9, 0x54, 0xC7, 0xDB, 0x88,
-        0x10, 0x70, 0x0C, 0xA6, 0x71, 0xEF, 0x37, 0x2A,
-        0x29, 0x0B, 0x00, 0xE1, 0xBF, 0xBB, 0x97, 0xE3,
-        0xE6, 0x74, 0xD3, 0xDC, 0xCC, 0x57, 0xCE, 0x59,
-        0xF4, 0x65, 0xB1, 0x48, 0x8F, 0xF7, 0x6F, 0x62,
-        0x39, 0x00, 0x8B, 0xE3, 0xE7, 0x61, 0xEF, 0x9C,
-        0x11, 0x3D, 0xF0, 0x10, 0x7B, 0x8E, 0xEA, 0xE3,
-        0xFE, 0xBA, 0x55, 0xB3, 0x5E, 0x4C, 0x1D, 0xA3,
-        0xB6, 0xC8, 0x7A, 0x8D, 0x20, 0x11, 0x0E, 0x1C,
-        0xD7, 0x71, 0xCC, 0xBC, 0x30, 0xDF, 0xF7, 0x61,
-        0xE6, 0x03, 0xD4, 0x88, 0xE5, 0x5B, 0x85, 0x3A,
-        0xAE, 0x7D, 0xAA, 0xDF, 0x2A, 0x00, 0x7B, 0x83,
-        0x93, 0xDF, 0x08, 0xAF, 0x53, 0x4F, 0x9F, 0x53,
-        0xA7, 0x37, 0x57, 0xBA, 0xBE, 0x21, 0xC8, 0x64,
-        0x26, 0xCF, 0x05, 0x8E, 0xCA, 0x81, 0x7E, 0xF2,
-        0x37, 0xBF, 0xC5, 0x8A, 0xC2, 0x98, 0xFB, 0xF2,
-        0xA1, 0x48, 0x1C, 0x4D, 0x12, 0xDC, 0xF1, 0xB7,
-        0x37, 0xFD, 0x63, 0x97, 0x69, 0xA2, 0x53, 0x1E,
-        0xF9, 0x31, 0xA3, 0x62, 0xA4, 0x44, 0x56, 0xEE,
-        0x2C, 0xA4, 0x85, 0x98, 0xB4, 0x62, 0x59, 0xFC,
-        0xC9, 0x77, 0x07, 0x6C, 0x59, 0xFA, 0x4E, 0x29,
-        0x54, 0xE9, 0x96, 0x7D, 0xA4, 0x5D, 0xA7, 0xCB,
-        0xF7, 0x86, 0x33, 0xEC, 0x59, 0xC4, 0x63, 0xFE,
-        0x48, 0xA8, 0x3B, 0x80, 0x1A, 0x54, 0xDB, 0x3F,
-        0xEA, 0xB4, 0x45, 0xA3, 0x57, 0xE4, 0x18, 0xB0,
-        0x65, 0x3F, 0x29, 0x40, 0xB2, 0xB7, 0x13, 0x81,
-        0xB2, 0xDF, 0x9E, 0xCF, 0x81, 0x00, 0x84, 0x8E,
-        0x29, 0x12, 0xF4, 0xBD, 0x50, 0x3A, 0xF0, 0x75,
-        0xAA, 0xAF, 0x36, 0xC1, 0x36, 0xA4, 0x13, 0xC9,
-        0x5B, 0xE2, 0xF2, 0x5A, 0x6D, 0x29, 0x19, 0x76,
-        0xCD, 0x66, 0xA2, 0x76, 0x43, 0x53, 0x7E, 0x35,
-        0xE1, 0xDF, 0x89, 0xB1, 0xE4, 0x94, 0xB3, 0x6B,
-        0x08, 0xF3, 0xD0, 0x19, 0x6C, 0xD7, 0xE9, 0x0B,
-        0xA5, 0xBB, 0x21, 0x00, 0x9F, 0x37, 0xA8, 0x43,
-        0x19, 0x9E, 0x08, 0xDD, 0x95, 0xCA, 0x49, 0x48,
-        0xC5, 0x33, 0xCB, 0x26, 0x3B, 0x5D, 0x40, 0x5A,
-        0xF2, 0xFA, 0x11, 0x99, 0x81, 0xA8, 0x53, 0x6E,
-        0xB7, 0x1C, 0x88, 0x22, 0x6C, 0x41, 0x53, 0x4C,
-        0x26, 0x87, 0xBF, 0x1E, 0xED, 0x34, 0x75, 0xE8,
-        0x48, 0x8B, 0xDE, 0x90, 0x9A, 0x93, 0xD4, 0xDB,
-        0x55, 0xB6, 0xE8, 0x34, 0xB5, 0xE7, 0x86, 0x0A,
-        0xA9, 0x8F, 0xD8, 0xBC, 0xB1, 0x3A, 0xB0, 0x77,
-        0xB7, 0xBF, 0xD7, 0x5B, 0x35, 0xFA, 0x39, 0x3E,
-        0x93, 0xE3, 0xBF, 0xB4, 0xB9, 0xBA, 0x1D, 0xAA,
-        0x74, 0x65, 0xFD, 0x5B, 0x23, 0xA5, 0xB4, 0xCD,
-        0x17, 0x16, 0xD4, 0xBD, 0xF7, 0xB8, 0xD5, 0x57,
-        0x4B, 0x15, 0x6D, 0xB8, 0x7D, 0x8D, 0xE1, 0xE5,
-        0x26, 0xC9, 0x7F, 0x8E, 0xB2, 0x87, 0xBD, 0x97,
-        0xEE, 0xEE, 0xEF, 0x07, 0x4D, 0xBC, 0xB2, 0xC4,
-        0xDB, 0x51, 0xA4, 0xEF, 0xF1, 0xFA, 0x7F, 0xFF,
-        0x32, 0x8A, 0x57, 0x2D, 0x72, 0x70, 0x01, 0x71,
-        0x08, 0xAC, 0xE2, 0xED, 0x25, 0x09, 0x3D, 0xA5,
-        0x35, 0xC7, 0xA2, 0x6D, 0x3B, 0x91, 0x2A, 0xA5,
-        0x7F, 0xB3, 0x22, 0xE5, 0x3B, 0xB2, 0x22, 0xE9,
-        0x4E, 0x7C, 0xF6, 0x8C, 0xD8, 0xA2, 0x1A, 0xD7,
-        0xC0, 0x6A, 0x4A, 0xF9, 0x78, 0xED, 0x1D, 0xEB,
-        0x10, 0xE3, 0xF2, 0x41, 0x2A, 0xC6, 0x54, 0x3C,
-        0x18, 0x20, 0x68, 0xEF, 0xFB, 0xD8, 0x7F, 0x31,
-        0x76, 0x5F, 0x5A, 0xE6, 0x81, 0xEE, 0x8B, 0x2E,
-        0x9A, 0xEB, 0x5B, 0xC9, 0x40, 0xA9, 0x4E, 0xC0,
-        0xEE, 0xF5, 0xBE, 0xF7, 0x48, 0x74, 0x16, 0x9E,
-        0xAB, 0xEC, 0xF1, 0x51, 0x25, 0x65, 0xC5, 0x1E,
-        0xA5, 0x87, 0x21, 0xDD, 0x3A, 0xF1, 0x69, 0x03,
-        0x65, 0xDB, 0x22, 0xE1, 0x87, 0x7F, 0x2A, 0x5C,
-        0x01, 0x72, 0x3F, 0x69, 0xB7, 0x72, 0x52, 0x77,
-        0xAE, 0x4E, 0x9E, 0xFA, 0xCD, 0x3A, 0xFA, 0x5A,
-        0xDC, 0xAF, 0x38, 0x57, 0x77, 0xE7, 0xCE, 0x10,
-        0xF9, 0x56, 0xB4, 0x64, 0x2C, 0x6F, 0xC1, 0xC9,
-        0x78, 0x08, 0x99, 0x3E, 0xFD, 0x99, 0x4C, 0xA6,
-        0x5C, 0x75, 0xF4, 0x59, 0xAC, 0x58, 0x72, 0xF8,
-        0x24, 0x88, 0xC5, 0x7F, 0xB7, 0xAF, 0x9A, 0xB9,
-        0x69, 0xD5, 0xE3, 0x69, 0xC1, 0x6D, 0x0B, 0x2B,
-        0xF7, 0x80, 0x0B, 0x93, 0x8D, 0x67, 0x84, 0xC7,
-        0xF6, 0x4D, 0x0C, 0x55, 0xCA, 0x77, 0x94, 0x65,
-        0x49, 0x38, 0x94, 0x9E, 0x14, 0x21, 0x70, 0x55,
-        0xD3, 0x41, 0x01, 0xF9, 0x41, 0x7D, 0x37, 0x0A,
-        0x8A, 0xDD, 0x72, 0xFC, 0x0B, 0x57, 0x66, 0xEC,
-        0x1D, 0x8A, 0xDD, 0xD7, 0x02, 0x33, 0x4A, 0x2A,
-        0xC2, 0x77, 0x09, 0xC5, 0xAC, 0x5A, 0xE5, 0x60,
-        0x1D, 0xBA, 0x95, 0x2B, 0xE2, 0x58, 0xD9, 0x33,
-        0x6D, 0xF3, 0xE0, 0xF6, 0x58, 0x78, 0xA8, 0x58,
-        0x61, 0x32, 0x58, 0xFB, 0x5E, 0x47, 0x94, 0x1B
+        0xE2, 0xD5, 0xFD, 0x4C, 0x13, 0xCE, 0xA0, 0xB5,
+        0x2D, 0x87, 0x4F, 0xEA, 0x90, 0x12, 0xF3, 0xA5,
+        0x17, 0x43, 0xA1, 0x09, 0x37, 0x10, 0xBB, 0xF2,
+        0x39, 0x50, 0xF9, 0x14, 0x7A, 0x47, 0x2E, 0xE5,
+        0x53, 0x39, 0x28, 0xA2, 0xF4, 0x6D, 0x59, 0x2F,
+        0x35, 0xDA, 0x8B, 0x4F, 0x75, 0x8C, 0x89, 0x3B,
+        0x0D, 0x7B, 0x98, 0x94, 0x8B, 0xE4, 0x47, 0xB1,
+        0x7C, 0xB2, 0xAE, 0x58, 0xAF, 0x8A, 0x48, 0x9D,
+        0xDD, 0x92, 0x32, 0xB9, 0x9B, 0x1C, 0x0D, 0x2D,
+        0xE7, 0x7C, 0xAA, 0x47, 0x2B, 0xC3, 0xBB, 0xD4,
+        0xA7, 0xC6, 0x0D, 0xBF, 0xDC, 0xA9, 0x2E, 0xBF,
+        0x3A, 0x1C, 0xE1, 0xC2, 0x2D, 0xAD, 0x13, 0xE8,
+        0x87, 0x00, 0x4E, 0x29, 0x24, 0xFD, 0x22, 0x65,
+        0x6F, 0x5E, 0x50, 0x87, 0x91, 0xDE, 0x06, 0xD8,
+        0x5E, 0x1A, 0x14, 0x26, 0x80, 0x8E, 0xD9, 0xA8,
+        0x9F, 0x6E, 0x2F, 0xD3, 0xC2, 0x45, 0xD4, 0x75,
+        0x8B, 0x22, 0xB0, 0x2C, 0xAD, 0xE3, 0x3B, 0x60,
+        0xFC, 0x88, 0x9A, 0x33, 0xFC, 0x44, 0x47, 0xED,
+        0xEB, 0xBF, 0xD4, 0x53, 0x0D, 0xE8, 0x65, 0x96,
+        0xA3, 0x37, 0x89, 0xD5, 0xDB, 0xA6, 0xE6, 0xEC,
+        0x9F, 0x89, 0x87, 0x9A, 0xF4, 0xBE, 0x49, 0x09,
+        0xA6, 0x90, 0x17, 0xC9, 0xBB, 0x7A, 0x5E, 0x31,
+        0x81, 0x5E, 0xA5, 0xF1, 0x32, 0xEE, 0xC4, 0x98,
+        0x4F, 0xAA, 0x7C, 0xCF, 0x59, 0x4D, 0xD0, 0x0D,
+        0x4D, 0x84, 0x87, 0xE4, 0x56, 0x21, 0xAF, 0x8F,
+        0x6E, 0x33, 0x05, 0x51, 0x43, 0x9C, 0x93, 0xEC,
+        0x07, 0x8A, 0x7A, 0x3C, 0xC1, 0x59, 0x4A, 0xF9,
+        0x1F, 0x84, 0x17, 0x37, 0x5F, 0xD6, 0x08, 0x8C,
+        0xEB, 0x5E, 0x85, 0xC6, 0x70, 0x99, 0x09, 0x1B,
+        0xAC, 0x11, 0x49, 0x8A, 0x0D, 0x71, 0x14, 0x55,
+        0xF5, 0xE0, 0xD9, 0x5C, 0xD7, 0xBB, 0xE5, 0xCD,
+        0xD8, 0xFE, 0xCB, 0x31, 0x9E, 0x68, 0x53, 0xC2,
+        0x3C, 0x9B, 0xE2, 0xC7, 0x63, 0xDF, 0x57, 0x86,
+        0x66, 0xC4, 0x0A, 0x40, 0xA8, 0x74, 0x86, 0xE4,
+        0x6B, 0xA8, 0x71, 0x61, 0x46, 0x19, 0x29, 0x04,
+        0x51, 0x0A, 0x6D, 0xC5, 0x9D, 0xA8, 0x02, 0x58,
+        0x25, 0x28, 0x3D, 0x68, 0x4D, 0xB9, 0x14, 0x10,
+        0xB4, 0xF1, 0x2C, 0x6D, 0x8F, 0xBD, 0x0A, 0xDD,
+        0x75, 0xD3, 0x09, 0x89, 0x18, 0xCB, 0x04, 0xAC,
+        0x7B, 0xC4, 0xDB, 0x0D, 0x6B, 0xCD, 0xF1, 0x19,
+        0x4D, 0xD8, 0x62, 0x92, 0xE0, 0x5B, 0x7B, 0x86,
+        0x30, 0x62, 0x5B, 0x58, 0x9C, 0xC5, 0x09, 0xD2,
+        0x15, 0xBB, 0xD0, 0x6A, 0x2E, 0x7C, 0x66, 0xF4,
+        0x24, 0xCD, 0xF8, 0xC4, 0x0A, 0xC6, 0xC1, 0xE5,
+        0xAE, 0x6C, 0x96, 0x4B, 0x7D, 0x9E, 0x92, 0xF9,
+        0x5F, 0xC5, 0xC8, 0x85, 0x22, 0x81, 0x62, 0x8B,
+        0x81, 0xB9, 0xAF, 0xAB, 0xC7, 0xF0, 0x3B, 0xE3,
+        0xF6, 0x2E, 0x80, 0x47, 0xBB, 0x88, 0xD0, 0x1C,
+        0x68, 0x68, 0x7B, 0x8D, 0xD4, 0xFE, 0x63, 0x82,
+        0x00, 0x62, 0xB6, 0x78, 0x8A, 0x53, 0x72, 0x90,
+        0x53, 0x82, 0x6E, 0xD3, 0xB7, 0xC7, 0xEF, 0x82,
+        0x41, 0xE1, 0x9C, 0x85, 0x11, 0x7B, 0x3C, 0x53,
+        0x41, 0x88, 0x1D, 0x4F, 0x29, 0x9E, 0x50, 0x37,
+        0x4C, 0x8E, 0xEF, 0xD5, 0x56, 0x0B, 0xD1, 0x83,
+        0x19, 0xA7, 0x96, 0x3A, 0x3D, 0x02, 0xF0, 0xFB,
+        0xE8, 0x4B, 0xC4, 0x84, 0xB5, 0xA4, 0x01, 0x8B,
+        0x97, 0xD2, 0x74, 0x19, 0x1C, 0x95, 0xF7, 0x02,
+        0xBA, 0xB9, 0xB0, 0xD1, 0x05, 0xFA, 0xF9, 0xFD,
+        0xCF, 0xF9, 0x7E, 0x43, 0x72, 0x36, 0x56, 0x75,
+        0x99, 0xFA, 0xF7, 0x3B, 0x07, 0x5D, 0x40, 0x61,
+        0x04, 0xD4, 0x03, 0xCD, 0xF8, 0x12, 0x24, 0xDA,
+        0x59, 0x0B, 0xEC, 0x28, 0x97, 0xE3, 0x01, 0x09,
+        0xE1, 0xF2, 0xE5, 0xAE, 0x46, 0x10, 0xC8, 0x09,
+        0xA7, 0x3F, 0x63, 0x8C, 0x84, 0x21, 0x0B, 0x34,
+        0x47, 0xA7, 0xC8, 0xB6, 0xDD, 0xDB, 0x5A, 0xE2,
+        0x00, 0xBF, 0x20, 0xE2, 0xFE, 0x4D, 0x4B, 0xA6,
+        0xC6, 0xB1, 0x27, 0x67, 0xFB, 0x87, 0x60, 0xF6,
+        0x6C, 0x51, 0x18, 0xE7, 0xA9, 0x93, 0x5B, 0x41,
+        0xC9, 0xA4, 0x71, 0xA1, 0xD3, 0x23, 0x76, 0x88,
+        0xC1, 0xE6, 0x18, 0xCC, 0x3B, 0xE9, 0x36, 0xAA,
+        0x3F, 0x5E, 0x44, 0xE0, 0x86, 0x82, 0x0B, 0x81,
+        0x0E, 0x06, 0x32, 0x11, 0xFC, 0x21, 0xC4, 0x04,
+        0x4B, 0x3A, 0xC4, 0xD0, 0x0D, 0xF1, 0xBC, 0xC7,
+        0xB2, 0x4D, 0xC0, 0x7B, 0xA4, 0x8B, 0x23, 0xB0,
+        0xFC, 0x12, 0xA3, 0xED, 0x3D, 0x0A, 0x5C, 0xF7,
+        0x67, 0x14, 0x15, 0xAB, 0x9C, 0xF2, 0x12, 0x86,
+        0xFE, 0x63, 0xFB, 0x41, 0x41, 0x85, 0x70, 0x55,
+        0x5D, 0x47, 0x39, 0xB8, 0x81, 0x04, 0xA8, 0x59,
+        0x3F, 0x29, 0x30, 0x25, 0xA4, 0xE3, 0xEE, 0x7C,
+        0x67, 0xE4, 0xB4, 0x8E, 0x40, 0xF6, 0xBA, 0x8C,
+        0x09, 0x86, 0x0C, 0x3F, 0xBB, 0xE5, 0x5D, 0x45,
+        0xB4, 0x5F, 0xC9, 0xAB, 0x62, 0x9B, 0x17, 0xC2,
+        0x76, 0xC9, 0xC9, 0xE2, 0xAF, 0x3A, 0x04, 0x3B,
+        0xEA, 0xFC, 0x18, 0xFD, 0x4F, 0x25, 0xEE, 0x7F,
+        0x83, 0xBD, 0xDC, 0xD2, 0xD9, 0x39, 0x14, 0xB7,
+        0xED, 0x4F, 0x7C, 0x9A, 0xF1, 0x27, 0xF3, 0xF1,
+        0x5C, 0x27, 0x7B, 0xE1, 0x65, 0x51, 0xFE, 0xF3,
+        0xAE, 0x03, 0xD7, 0xB9, 0x14, 0x3F, 0x0C, 0x9C,
+        0x01, 0x9A, 0xB9, 0x7E, 0xEA, 0x07, 0x63, 0x66,
+        0x13, 0x1F, 0x51, 0x83, 0x63, 0x71, 0x1B, 0x34,
+        0xE9, 0x6D, 0x3F, 0x8A, 0x51, 0x3F, 0x3E, 0x20,
+        0xB1, 0xD4, 0x52, 0xC4, 0xB7, 0xAE, 0x3B, 0x97,
+        0x5E, 0xA9, 0x4D, 0x88, 0x0D, 0xAC, 0x66, 0x93,
+        0x39, 0x97, 0x50, 0xD0, 0x22, 0x20, 0x40, 0x3F,
+        0x0D, 0x3E, 0x3F, 0xC1, 0x17, 0x2A, 0x4D, 0xE9,
+        0xDC, 0x28, 0x0E, 0xAF, 0x0F, 0xEE, 0x28, 0x83,
+        0xA6, 0x66, 0x0B, 0xF5, 0xA3, 0xD2, 0x46, 0xFF,
+        0x41, 0xD2, 0x1B, 0x36, 0xEA, 0x52, 0x1C, 0xF7,
+        0xAA, 0x68, 0x9F, 0x80, 0x0D, 0x0F, 0x86, 0xF4,
+        0xFA, 0x10, 0x57, 0xD8, 0xA1, 0x3F, 0x9D, 0xA8,
+        0xFF, 0xFD, 0x0D, 0xC1, 0xFA, 0xD3, 0xC0, 0x4B,
+        0xB1, 0xCC, 0xCB, 0x7C, 0x83, 0x4D, 0xB0, 0x51,
+        0xA7, 0xAC, 0x2E, 0x4C, 0x60, 0x30, 0x19, 0x96,
+        0xC9, 0x30, 0x71, 0xEA, 0x41, 0x6B, 0x42, 0x17,
+        0x59, 0x93, 0x56, 0x59, 0xCF, 0x62, 0xCA, 0x5F,
+        0x13, 0xAE, 0x07, 0xC3, 0xB1, 0x95, 0xC1, 0x48,
+        0x15, 0x9D, 0x8B, 0xEB, 0x03, 0xD4, 0x40, 0xB0,
+        0x0F, 0x53, 0x05, 0x76, 0x5F, 0x20, 0xC0, 0xC4,
+        0x6E, 0xEE, 0x59, 0xC6, 0xD1, 0x62, 0x06, 0x40,
+        0x2D, 0xB1, 0xC7, 0x15, 0xE8, 0x88, 0xBD, 0xE5,
+        0x9C, 0x78, 0x1F, 0x35, 0xA7, 0xCC, 0x7C, 0x1C,
+        0x5E, 0xCB, 0x21, 0x55, 0xAE, 0x3E, 0x95, 0x9C,
+        0x09, 0x64, 0xCC, 0x1E, 0xF8, 0xD7, 0xC6, 0x9D,
+        0x14, 0x58, 0xA9, 0xA4, 0x2F, 0x95, 0xF4, 0xC6,
+        0xB5, 0xB9, 0x96, 0x34, 0x57, 0x12, 0xAA, 0x29,
+        0x0F, 0xBB, 0xF7, 0xDF, 0xD4, 0xA6, 0xE8, 0x64,
+        0x63, 0x02, 0x2A, 0x3F, 0x47, 0x25, 0xF6, 0x51,
+        0x1B, 0xF7, 0xEA, 0x5E, 0x95, 0xC7, 0x07, 0xCD,
+        0x35, 0x73, 0x60, 0x9A, 0xAD, 0xEA, 0xF5, 0x40,
+        0x15, 0x2C, 0x49, 0x5F, 0x37, 0xFE, 0x6E, 0xC8,
+        0xBB, 0x9F, 0xA2, 0xAA, 0x61, 0xD1, 0x57, 0x35,
+        0x93, 0x4F, 0x47, 0x37, 0x92, 0x8F, 0xDE, 0x90,
+        0xBA, 0x99, 0x57, 0x22, 0x46, 0x5D, 0x4A, 0x64,
+        0x50, 0x5A, 0x52, 0x01, 0xF0, 0x7A, 0xA5, 0x8C,
+        0xFD, 0x8A, 0xE2, 0x26, 0xE0, 0x20, 0x70, 0xB2,
+        0xDB, 0xF5, 0x12, 0xB9, 0x75, 0x31, 0x9A, 0x7E,
+        0x87, 0x53, 0xB4, 0xFD, 0xAE, 0x0E, 0xB4, 0x92,
+        0x28, 0x69, 0xCC, 0x8E, 0x25, 0xC4, 0xA5, 0x56,
+        0x0C, 0x2A, 0x06, 0x85, 0xDE, 0x3A, 0xC3, 0x92,
+        0xA8, 0x92, 0x5B, 0xA8, 0x82, 0x00, 0x48, 0x94,
+        0x74, 0x2E, 0x43, 0xCC, 0xFC, 0x27, 0x74, 0x39,
+        0xEC, 0x80, 0x50, 0xA9, 0xAE, 0xB4, 0x29, 0x32,
+        0xE0, 0x1C, 0x84, 0x0D, 0xFC, 0xED, 0xCC, 0x34,
+        0xD3, 0x99, 0x12, 0x89, 0xA6, 0x2C, 0x17, 0xD1,
+        0x28, 0x4C, 0x83, 0x95, 0x14, 0xB9, 0x33, 0x51,
+        0xDB, 0xB2, 0xDD, 0xA8, 0x1F, 0x92, 0x45, 0x65,
+        0xD7, 0x0E, 0x70, 0x79, 0xD5, 0xB8, 0x12, 0x6C,
+        0xAA, 0xB7, 0xA4, 0xA1, 0xC7, 0x31, 0x65, 0x5A,
+        0x53, 0xBC, 0xC0, 0x9F, 0x5D, 0x63, 0xEC, 0x90,
+        0x86, 0xDE, 0xA6, 0x50, 0x05, 0x59, 0x85, 0xED,
+        0xFA, 0x82, 0x97, 0xD9, 0xC9, 0x54, 0x10, 0xC5,
+        0xD1, 0x89, 0x4D, 0x17, 0xD5, 0x93, 0x05, 0x49,
+        0xAD, 0xBC, 0x2B, 0x87, 0x33, 0xC9, 0x9F, 0xE6,
+        0x2E, 0x17, 0xC4, 0xDE, 0x34, 0xA5, 0xD8, 0x9B,
+        0x12, 0xD1, 0x8E, 0x42, 0xA4, 0x22, 0xD2, 0xCE,
+        0x77, 0x9C, 0x2C, 0x28, 0xEB, 0x2D, 0x98, 0x00,
+        0x3D, 0x5C, 0xD3, 0x23, 0xFC, 0xBE, 0xCF, 0x02,
+        0xB5, 0x06, 0x6E, 0x0E, 0x73, 0x48, 0x10, 0xF0,
+        0x9E, 0xD8, 0x90, 0x13, 0xC0, 0x0F, 0x01, 0x1B,
+        0xD2, 0x20, 0xF2, 0xE5, 0xD6, 0xA3, 0x62, 0xDF,
+        0x90, 0x59, 0x91, 0x98, 0xA0, 0x93, 0xB0, 0x3C,
+        0x8D, 0x8E, 0xFB, 0xFE, 0x0B, 0x61, 0x75, 0x92,
+        0xFA, 0xF1, 0xE6, 0x42, 0x20, 0xC4, 0x44, 0x0B,
+        0x53, 0xFF, 0xB4, 0x71, 0x64, 0xF3, 0x69, 0xC9,
+        0x52, 0x90, 0xBA, 0x9F, 0x31, 0x08, 0xD6, 0x86,
+        0xC5, 0x7D, 0xB6, 0x45, 0xC5, 0x3C, 0x01, 0x2E,
+        0x57, 0xAF, 0x25, 0xBD, 0x66, 0x93, 0xE2, 0xCC,
+        0x6B, 0x57, 0x65, 0x1A, 0xF1, 0x59, 0x1F, 0xE5,
+        0xD8, 0x91, 0x66, 0x40, 0xEC, 0x01, 0x7C, 0x25,
+        0x3D, 0xF0, 0x60, 0x6B, 0xB6, 0xB3, 0x03, 0x5F,
+        0xAE, 0x74, 0x8F, 0x3D, 0x40, 0x34, 0x22, 0x3B,
+        0x1B, 0x5E, 0xFB, 0xF5, 0x28, 0x3E, 0x77, 0x8C,
+        0x10, 0x94, 0x29, 0x1C, 0xF7, 0xB1, 0x9B, 0xE0,
+        0xF3, 0x17, 0x35, 0x0E, 0x6F, 0x85, 0x18, 0xFD,
+        0xE0, 0xEF, 0xB1, 0x38, 0x1F, 0xB6, 0xE1, 0x6C,
+        0x24, 0x1F, 0x7F, 0x17, 0xA5, 0x21, 0x06, 0x93,
+        0xA2, 0x74, 0x15, 0x9E, 0x7F, 0xAC, 0x86, 0x8C,
+        0xD0, 0xDC, 0x43, 0x59, 0xC3, 0xD9, 0xEE, 0xFE,
+        0xA0, 0xD9, 0xE3, 0x1E, 0x43, 0xFA, 0x65, 0x13,
+        0x92, 0xC6, 0x5A, 0x54, 0x3A, 0x59, 0xB3, 0xEE,
+        0xE3, 0xA6, 0x39, 0xDC, 0x94, 0x17, 0xD0, 0x56,
+        0xA5, 0xFF, 0x0F, 0x16, 0x0B, 0xEE, 0xE2, 0xEA,
+        0xC2, 0x9A, 0x7D, 0x88, 0xC0, 0x98, 0x2C, 0xF7,
+        0x0B, 0x5A, 0x46, 0x37, 0x9F, 0x21, 0xE5, 0x06,
+        0xAA, 0xC6, 0x1A, 0x9B, 0xB1, 0xB8, 0xC2, 0xB9,
+        0xDA, 0xB0, 0xE4, 0x4A, 0x82, 0x3B, 0x61, 0xD0,
+        0xAA, 0x11, 0xD9, 0x4F, 0x76, 0xA4, 0xA8, 0xE2,
+        0x1F, 0x9D, 0x42, 0x80, 0x68, 0x32, 0x08, 0xF4,
+        0xEA, 0x91, 0x11, 0x16, 0xF6, 0xFD, 0x6A, 0x97,
+        0x42, 0x69, 0x34, 0xEC, 0x34, 0x26, 0xB8, 0xC8,
+        0xF7, 0x03, 0xDA, 0x85, 0xE9, 0xDC, 0xF9, 0x93,
+        0x36, 0x13, 0x60, 0x03, 0x72, 0x8B, 0x8E, 0xCD,
+        0xD0, 0x4A, 0x38, 0x9F, 0x6A, 0x81, 0x7A, 0x78,
+        0xBF, 0xA6, 0x1B, 0xA4, 0x60, 0x20, 0xBF, 0x3C,
+        0x34, 0x82, 0x95, 0x08, 0xF9, 0xD0, 0x6D, 0x15,
+        0x53, 0xCD, 0x98, 0x7A, 0xAC, 0x38, 0x0D, 0x86,
+        0xF1, 0x68, 0x84, 0x3B, 0xA3, 0x90, 0x4D, 0xE5,
+        0xF7, 0x05, 0x8A, 0x41, 0xB4, 0xCD, 0x38, 0x8B,
+        0xC9, 0xCE, 0x3A, 0xBA, 0x7E, 0xE7, 0x13, 0x9B,
+        0x7F, 0xC9, 0xE5, 0xB8, 0xCF, 0xAA, 0xA3, 0x89,
+        0x90, 0xBD, 0x4A, 0x5D, 0xB3, 0x2E, 0x26, 0x13,
+        0xE7, 0xEC, 0x4F, 0x5F, 0x8B, 0x12, 0x92, 0xA3,
+        0x8C, 0x6F, 0x4F, 0xF5, 0xA4, 0x04, 0x90, 0xD7,
+        0x6B, 0x12, 0x66, 0x52, 0xFC, 0xF8, 0x6E, 0x24,
+        0x52, 0x35, 0xD6, 0x36, 0xC6, 0x5C, 0xD1, 0x02,
+        0xB0, 0x1E, 0x22, 0x78, 0x1A, 0x72, 0x91, 0x8C
     };
     static const byte k_1024[KYBER_SS_SZ] = {
-        0x46, 0xC2, 0x00, 0xF3, 0xF6, 0xEE, 0x8E, 0x11,
-        0xD4, 0x76, 0x53, 0x80, 0x1E, 0x34, 0x82, 0x24,
-        0x1C, 0xB7, 0x83, 0xB9, 0xD7, 0x94, 0xEB, 0x11,
-        0x6A, 0x4B, 0xDA, 0x08, 0x5A, 0xEB, 0x6B, 0xB7
+        0x72, 0x64, 0xBD, 0xE5, 0xC6, 0xCE, 0xC1, 0x48,
+        0x49, 0x69, 0x3E, 0x2C, 0x3C, 0x86, 0xE4, 0x8F,
+        0x80, 0x95, 0x8A, 0x4F, 0x61, 0x86, 0xFC, 0x69,
+        0x33, 0x3A, 0x41, 0x48, 0xE6, 0xE4, 0x97, 0xF3
     };
 #endif
     static byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
@@ -29456,1370 +30381,1370 @@ static int test_wc_kyber_decapsulate_kats(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
-    defined(WOLFSSL_ML_KEM)
+    !defined(WOLFSSL_KYBER_ORIGINAL)
     KyberKey* key;
 #ifndef WOLFSSL_NO_KYBER512
     static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = {
-        0x17, 0x43, 0x13, 0xEF, 0xA9, 0x35, 0x20, 0xE2,
-        0x8A, 0x70, 0x76, 0xC8, 0x88, 0x09, 0x6E, 0x02,
-        0xB0, 0xBD, 0xD8, 0x68, 0x30, 0x49, 0x7B, 0x61,
-        0xFD, 0xEA, 0xB6, 0x20, 0x9C, 0x6C, 0xF7, 0x1C,
-        0x62, 0x5C, 0x46, 0x80, 0x77, 0x5C, 0x34, 0x77,
-        0x58, 0x1C, 0x42, 0x7A, 0x6F, 0xE1, 0xB0, 0x35,
-        0x6E, 0xAB, 0x04, 0x8B, 0xCA, 0x43, 0x4F, 0x83,
-        0xB5, 0x42, 0xC8, 0xB8, 0x60, 0x01, 0x06, 0x96,
-        0xA5, 0x72, 0x99, 0xBB, 0x26, 0x22, 0x68, 0x89,
-        0x1F, 0xFC, 0x72, 0x14, 0x2C, 0xA1, 0xA8, 0x66,
-        0x18, 0x5C, 0xA8, 0x2D, 0x05, 0x40, 0x66, 0x95,
-        0xBA, 0x57, 0xD4, 0xC9, 0x30, 0xF9, 0xC1, 0x7D,
-        0x62, 0x23, 0x52, 0x3C, 0xF5, 0xA4, 0xF2, 0xA4,
-        0x33, 0xA3, 0x64, 0x45, 0x9A, 0xC0, 0xAC, 0xDE,
-        0x72, 0x54, 0x48, 0x13, 0x29, 0x28, 0x8B, 0x1B,
-        0xE1, 0x87, 0xCC, 0x25, 0x21, 0x9F, 0x48, 0xC2,
-        0x44, 0x3C, 0x53, 0x21, 0x99, 0x85, 0x93, 0x55,
-        0x32, 0x0D, 0x04, 0xF0, 0xB8, 0x0D, 0xE9, 0x69,
-        0xF1, 0x69, 0xA3, 0xD2, 0xBA, 0x34, 0x11, 0xB4,
-        0xAD, 0xBC, 0x01, 0xB6, 0x62, 0x71, 0x82, 0x4C,
-        0xD9, 0x54, 0x3C, 0x78, 0xBA, 0x48, 0x04, 0xAE,
-        0x81, 0xF3, 0xAF, 0x00, 0x33, 0x6C, 0x5C, 0xC3,
-        0x69, 0x83, 0x54, 0xC0, 0xE0, 0x18, 0x73, 0xA2,
-        0xA1, 0x7D, 0x6A, 0x95, 0xA3, 0x12, 0x68, 0x9A,
-        0x99, 0xDC, 0x89, 0x08, 0x41, 0x50, 0xA8, 0xD5,
-        0x2B, 0xB3, 0x1C, 0x3F, 0xF3, 0xD4, 0x21, 0x5F,
-        0xA3, 0xC4, 0x11, 0x1B, 0x40, 0x19, 0x92, 0x86,
-        0x6E, 0x51, 0x3E, 0x51, 0x28, 0xA2, 0x0E, 0xD9,
-        0x5F, 0xDE, 0xE6, 0x14, 0x85, 0xDC, 0x93, 0x7E,
-        0x09, 0x9D, 0x76, 0xF7, 0x9B, 0x92, 0x73, 0x4D,
-        0xC4, 0xCB, 0xB9, 0xA7, 0xA4, 0x13, 0xFE, 0xA6,
-        0x28, 0x5B, 0xC0, 0xC2, 0x7C, 0x96, 0x1E, 0x47,
-        0xD1, 0x98, 0x36, 0x44, 0xC4, 0xBF, 0x91, 0x3D,
-        0x72, 0xF4, 0xB0, 0x30, 0xD3, 0x47, 0x38, 0x42,
-        0x72, 0x63, 0xE8, 0x7A, 0xB4, 0xC0, 0xB7, 0xDF,
-        0x0B, 0x72, 0xCA, 0x8A, 0xA0, 0xBA, 0xA6, 0x7B,
-        0x07, 0x99, 0x39, 0xD5, 0x87, 0x80, 0x1D, 0x60,
-        0xC8, 0x7A, 0x20, 0x40, 0x5E, 0x5C, 0x52, 0x60,
-        0x3C, 0x07, 0x2F, 0xDB, 0x63, 0xE2, 0xE1, 0xC2,
-        0xA9, 0x5C, 0xC2, 0x6F, 0x5A, 0xBE, 0xF6, 0x08,
-        0x83, 0x33, 0x80, 0x08, 0x86, 0xD0, 0x93, 0xCA,
-        0x01, 0xA7, 0x6F, 0x57, 0x00, 0x5E, 0x05, 0x35,
-        0x69, 0x54, 0x2E, 0x0A, 0x07, 0x6B, 0x98, 0x73,
-        0x6D, 0x4D, 0x39, 0xB0, 0x0F, 0xC1, 0x65, 0x3F,
-        0xBC, 0x2D, 0x12, 0xEA, 0x32, 0xA9, 0x4B, 0x9B,
-        0x92, 0xC6, 0x8B, 0xA4, 0xB6, 0x8A, 0x4E, 0x7B,
-        0x37, 0x0A, 0x23, 0xB0, 0x3F, 0xE8, 0x22, 0x16,
-        0x39, 0xB0, 0x12, 0x44, 0x80, 0x6C, 0x27, 0x06,
-        0x7A, 0x58, 0x03, 0x1D, 0xB8, 0x0D, 0x2D, 0x03,
-        0x66, 0x1A, 0x01, 0x7B, 0xB4, 0x6B, 0xB3, 0x71,
-        0x1A, 0xCB, 0x56, 0x8A, 0x4F, 0xAB, 0xEB, 0xAF,
-        0xC5, 0xFA, 0x06, 0xF7, 0xCA, 0x0E, 0x4D, 0x96,
-        0x2E, 0x31, 0x70, 0xCB, 0x11, 0xC0, 0xA8, 0xD1,
-        0x8A, 0x09, 0xCE, 0x27, 0xA6, 0xA9, 0x76, 0x3E,
-        0x12, 0x38, 0x85, 0x45, 0x02, 0x24, 0xDE, 0x07,
-        0xCC, 0x17, 0x54, 0x6C, 0x17, 0x95, 0x1F, 0xDE,
-        0x47, 0x6E, 0x08, 0x35, 0x83, 0xEF, 0x10, 0xBF,
-        0x76, 0xA9, 0x8A, 0xFF, 0xF9, 0xB1, 0x2D, 0xB5,
-        0x40, 0x1C, 0xD3, 0x67, 0x34, 0x95, 0x39, 0x2D,
-        0x74, 0x12, 0x91, 0xC3, 0xAA, 0x78, 0x42, 0x0C,
-        0x8A, 0x7C, 0xB5, 0xFF, 0xE6, 0x50, 0x12, 0x99,
-        0x7C, 0x4D, 0xA4, 0x32, 0x2E, 0xA9, 0x0B, 0x50,
-        0x14, 0xB5, 0xB4, 0xD0, 0x18, 0x01, 0x00, 0x24,
-        0x70, 0x47, 0x34, 0x1E, 0x4C, 0x24, 0xB9, 0x6B,
-        0x8D, 0x7C, 0x00, 0x20, 0x52, 0x4B, 0x7C, 0x1D,
-        0x66, 0xC3, 0xE0, 0x8C, 0xB2, 0x99, 0xEB, 0x4E,
-        0xC6, 0xFA, 0x0E, 0xE8, 0xEA, 0x05, 0xFD, 0x43,
-        0x0F, 0x57, 0x60, 0x5E, 0x89, 0x2B, 0x23, 0x2D,
-        0x20, 0x47, 0xCA, 0x9B, 0x4E, 0xCA, 0xD9, 0xBD,
-        0xD0, 0x9C, 0x99, 0x51, 0x19, 0x69, 0x16, 0x52,
-        0x5D, 0x1E, 0xC9, 0x21, 0xB6, 0xE3, 0xCE, 0x0E,
-        0xE6, 0x92, 0xEB, 0xA7, 0x28, 0xB4, 0xDB, 0x10,
-        0xF3, 0x38, 0x1F, 0xBF, 0x58, 0x4A, 0xBB, 0x7B,
-        0x6A, 0x92, 0x10, 0xC7, 0xC4, 0x24, 0xCE, 0x4A,
-        0x36, 0x93, 0x70, 0xCB, 0x48, 0xD6, 0x08, 0x63,
-        0x4A, 0xBA, 0x0B, 0xFF, 0x91, 0xC5, 0x62, 0x0A,
-        0x11, 0x89, 0xD0, 0xCA, 0x97, 0x42, 0x1D, 0x42,
-        0x34, 0x29, 0xFB, 0x66, 0x39, 0x52, 0xDC, 0x12,
-        0x31, 0xB4, 0x36, 0x2B, 0x71, 0x62, 0xFE, 0x3A,
-        0x42, 0x11, 0x1C, 0x91, 0xD7, 0x6A, 0x96, 0x4C,
-        0xB4, 0x15, 0x41, 0x94, 0x20, 0x9E, 0xDB, 0xAA,
-        0x1F, 0x48, 0x1B, 0xD1, 0x26, 0xC3, 0x25, 0xD1,
-        0x56, 0x78, 0xE3, 0x9B, 0xCC, 0xE4, 0xC7, 0x04,
-        0xEA, 0x48, 0x72, 0x46, 0x64, 0x8A, 0x6C, 0x6C,
-        0x25, 0x40, 0xB5, 0xF6, 0x80, 0xA3, 0x5E, 0xE2,
-        0x82, 0x42, 0x46, 0x45, 0x0A, 0x72, 0x93, 0xF2,
-        0x1A, 0x90, 0xCF, 0xD1, 0x4E, 0xFA, 0xF7, 0x8F,
-        0xA3, 0xD7, 0x32, 0x22, 0x51, 0xC6, 0x41, 0xA5,
-        0x0E, 0x95, 0xBB, 0x5E, 0xC5, 0xCA, 0x0B, 0x60,
-        0xE8, 0x9D, 0x7C, 0x18, 0xB7, 0xA4, 0x4A, 0x0F,
-        0xAF, 0xB4, 0xBC, 0xAD, 0xE9, 0xB5, 0x88, 0xD1,
-        0xB7, 0xFC, 0xF1, 0x2B, 0xA1, 0xE1, 0x08, 0x4D,
-        0x56, 0xB1, 0x97, 0xEA, 0x90, 0xA7, 0x9A, 0x3D,
-        0x83, 0x92, 0x7A, 0x23, 0x07, 0x60, 0x3B, 0xC2,
-        0x11, 0xC0, 0x83, 0x0C, 0xB7, 0x06, 0x2C, 0x04,
-        0x25, 0x48, 0x24, 0x57, 0x5B, 0x22, 0x6C, 0xAD,
-        0x9A, 0x27, 0xC2, 0xA4, 0x55, 0x19, 0xAE, 0x39,
-        0x54, 0x64, 0x67, 0x69, 0x04, 0x85, 0x49, 0x8A,
-        0x32, 0x0A, 0xD5, 0x69, 0x93, 0xB1, 0x5A, 0x9D,
-        0x22, 0xC6, 0x19, 0x14, 0x46, 0xCB, 0x40, 0xAA,
-        0x75, 0x47, 0x40, 0x16, 0x81, 0xDC, 0xC7, 0xE3,
-        0x65, 0x96, 0xB1, 0x0C, 0x07, 0xFA, 0x2A, 0x20,
-        0xB4, 0x3C, 0x4B, 0x01, 0x24, 0x40, 0x1F, 0x8A,
-        0x0E, 0x74, 0x48, 0x78, 0xC7, 0x29, 0x66, 0x23,
-        0xC7, 0x39, 0x5B, 0x69, 0x94, 0xD1, 0x8C, 0x47,
-        0x87, 0xA2, 0x89, 0xDB, 0xB0, 0x5C, 0xB1, 0x82,
-        0x74, 0x51, 0xD8, 0x3F, 0x07, 0x29, 0x04, 0x53,
-        0x75, 0x94, 0xF5, 0x15, 0xCA, 0x10, 0x17, 0x99,
-        0x16, 0x20, 0xA3, 0x3E, 0x09, 0x6E, 0xE0, 0xDC,
-        0x09, 0x1A, 0xE4, 0xCA, 0x96, 0x06, 0x03, 0xB1,
-        0x01, 0xB5, 0xB4, 0xE2, 0x3E, 0x9A, 0x5B, 0x65,
-        0xE1, 0xF6, 0xC2, 0xA8, 0xCC, 0x89, 0x34, 0x13,
-        0x83, 0xB7, 0x06, 0x72, 0x5E, 0xD5, 0xB3, 0x48,
-        0x57, 0x69, 0x18, 0x1B, 0x8F, 0x76, 0x43, 0x9C,
-        0x05, 0x63, 0x6A, 0x0C, 0x34, 0x36, 0xFF, 0xBA,
-        0x8B, 0x86, 0xA5, 0x30, 0x6F, 0xA1, 0x11, 0xF6,
-        0xFC, 0x71, 0xEB, 0x77, 0x9B, 0x25, 0x70, 0x7C,
-        0xFA, 0xE0, 0xA6, 0xDA, 0x7B, 0x0A, 0xD5, 0xD9,
-        0x4B, 0x10, 0xF2, 0x1E, 0x4F, 0xCA, 0x92, 0x89,
-        0x3B, 0x9F, 0xFE, 0x73, 0x21, 0x07, 0x63, 0x40,
-        0x13, 0x77, 0x83, 0x7A, 0x10, 0xCA, 0x96, 0x25,
-        0x34, 0x6C, 0x42, 0xAD, 0xC7, 0x05, 0xBD, 0x92,
-        0xDB, 0x34, 0x26, 0xD9, 0x26, 0xCE, 0x4B, 0x5E,
-        0xC2, 0x4A, 0x5C, 0xDF, 0x27, 0xCB, 0x91, 0xE5,
-        0xA7, 0xE7, 0x16, 0x4D, 0x1B, 0xDC, 0x99, 0xD7,
-        0x56, 0x79, 0xFB, 0xC9, 0x3A, 0x58, 0xF6, 0x47,
-        0xDA, 0xC1, 0x08, 0x6C, 0xE9, 0x31, 0xBC, 0x08,
-        0x92, 0x33, 0xE9, 0x48, 0x7E, 0x08, 0x67, 0xBC,
-        0x58, 0x47, 0x2B, 0x01, 0xBF, 0x28, 0x95, 0xC3,
-        0x23, 0xB6, 0x4D, 0xBE, 0x4A, 0x17, 0xA9, 0xE8,
-        0x41, 0xB0, 0x53, 0xCA, 0xDB, 0x5C, 0x76, 0xD0,
-        0x35, 0x72, 0x4C, 0x32, 0x1B, 0xBC, 0x13, 0x66,
-        0x6F, 0x0A, 0x35, 0xDF, 0xDA, 0x07, 0x21, 0xE8,
-        0x98, 0x76, 0x23, 0x25, 0x6A, 0x99, 0x4D, 0x95,
-        0xFA, 0x1C, 0x05, 0xF5, 0x7C, 0x1E, 0x15, 0xA3,
-        0x0C, 0x4A, 0x0C, 0x83, 0x18, 0xA0, 0xD8, 0x3C,
-        0x41, 0x0C, 0x36, 0x28, 0x62, 0xE8, 0x17, 0xDD,
-        0x6A, 0xBB, 0xAA, 0x4B, 0xBE, 0x75, 0xB7, 0x36,
-        0xCC, 0xCB, 0xB4, 0xAF, 0x2A, 0x18, 0x84, 0x02,
-        0xBD, 0x4C, 0xE5, 0x97, 0x93, 0x20, 0x08, 0x86,
-        0x28, 0x65, 0x33, 0x25, 0x62, 0xF3, 0x24, 0xC7,
-        0xA4, 0x24, 0x15, 0x1F, 0xB5, 0x9D, 0x0A, 0xE1,
-        0x82, 0x1F, 0x28, 0x64, 0xC7, 0xE6, 0x98, 0x12,
-        0x7A, 0xAD, 0x92, 0xC3, 0x3B, 0x31, 0x39, 0x88,
-        0xC2, 0x9A, 0x09, 0xE2, 0x60, 0x44, 0x9B, 0xCA,
-        0x7B, 0xEE, 0x36, 0x08, 0x62, 0x31, 0x4E, 0x47,
-        0x51, 0x9E, 0xF3, 0x91, 0x8D, 0xDD, 0xE4, 0x03,
-        0xE7, 0xB9, 0x2A, 0xC9, 0x90, 0x8F, 0x93, 0xC6,
-        0x36, 0x9C, 0xC5, 0xC4, 0x7B, 0x8C, 0xB1, 0xDC,
-        0x3A, 0x34, 0x79, 0xC7, 0x62, 0xF6, 0x2A, 0x18,
-        0xFE, 0x05, 0xA9, 0xB0, 0x64, 0x5A, 0x53, 0x11,
-        0xA0, 0x18, 0x28, 0x72, 0x3A, 0xEB, 0x51, 0xFA,
-        0x50, 0x5E, 0x96, 0xB2, 0x9E, 0x3D, 0x2B, 0x6E,
-        0x5B, 0x13, 0x27, 0xDE, 0x3A, 0x61, 0xAB, 0x0C,
-        0x50, 0xBE, 0x01, 0x24, 0xB6, 0x4B, 0x33, 0x31,
-        0x4B, 0x32, 0xD6, 0x12, 0x25, 0x10, 0xE4, 0x64,
-        0x45, 0x85, 0x7A, 0xA0, 0xE2, 0xC4, 0xB0, 0xD2,
-        0x56, 0x95, 0x56, 0x20, 0xA8, 0x68, 0x1D, 0x1E,
-        0x55, 0x51, 0x26, 0xD0, 0x05, 0x09, 0xE3, 0x5B,
-        0xF5, 0x96, 0x83, 0xDD, 0xAA, 0x40, 0xE8, 0x2C,
-        0x51, 0x9B, 0x85, 0x58, 0x52, 0xC3, 0x66, 0xCB,
-        0x54, 0x45, 0x2B, 0xF9, 0x10, 0xB0, 0x01, 0x69,
-        0x23, 0x30, 0x34, 0x57, 0x08, 0x65, 0x3F, 0x51,
-        0x18, 0x00, 0xB1, 0x0E, 0x00, 0x9D, 0x9F, 0x7D,
-        0x10, 0xA5, 0x3B, 0x8B, 0x30, 0xBF, 0x13, 0xB0,
-        0x6F, 0x25, 0x4E, 0xC8, 0xA6, 0xBA, 0x53, 0x97,
-        0x00, 0xF6, 0x35, 0x8D, 0xE0, 0x46, 0x3A, 0x01,
-        0x95, 0x40, 0xC9, 0x87, 0x3F, 0x3F, 0x46, 0x80,
-        0xE2, 0x11, 0x3A, 0x7C, 0xCC, 0x55, 0xFF, 0x75,
-        0x4D, 0x85, 0xAA, 0x67, 0xE9, 0xE5, 0x5F, 0x88,
-        0x74, 0x24, 0xE0, 0xB2, 0x62, 0x56, 0x82, 0xA5,
-        0xDD, 0xA2, 0x18, 0xF0, 0x3C, 0x3C, 0x10, 0xA2,
-        0x46, 0xCD, 0xB0, 0xCC, 0x91, 0xD1, 0x9D, 0x8F,
-        0x02, 0x4D, 0xB9, 0xB1, 0x41, 0x5F, 0x50, 0xAC,
-        0xD8, 0xF6, 0x5D, 0xE2, 0x78, 0x7B, 0x91, 0x03,
-        0xC5, 0x75, 0xB6, 0x87, 0x76, 0x55, 0x72, 0xCF,
-        0xFA, 0x59, 0x02, 0x6C, 0x2B, 0xCE, 0xE7, 0x74,
-        0x23, 0xBC, 0xAF, 0xD3, 0x05, 0x4B, 0xF8, 0xE2,
-        0x71, 0x3F, 0xB8, 0x5B, 0x0B, 0xF6, 0xA4, 0x6E,
-        0x71, 0x61, 0x52, 0xF5, 0xC9, 0xA3, 0x01, 0x1E,
-        0xC9, 0x01, 0x14, 0xC7, 0x6B, 0x01, 0x51, 0x67,
-        0x99, 0xBD, 0x59, 0x11, 0x41, 0x5B, 0x70, 0x45,
-        0x44, 0x07, 0x7F, 0x18, 0x88, 0x06, 0x75, 0x5E,
-        0xEC, 0x41, 0x31, 0xE5, 0x55, 0x56, 0xDB, 0x90,
-        0x3F, 0x42, 0x84, 0xC1, 0xF9, 0x00, 0x86, 0xFF,
-        0x43, 0x1B, 0x68, 0xF5, 0x1F, 0x62, 0x98, 0x12,
-        0xF3, 0x20, 0xB5, 0x5F, 0x21, 0x9D, 0x72, 0xA1,
-        0x92, 0x8F, 0x38, 0xC9, 0xA1, 0xEC, 0x82, 0x3B,
-        0xA1, 0x98, 0xBA, 0x9A, 0xBB, 0xAC, 0xF6, 0x29,
-        0x02, 0xB3, 0xCA, 0x0A, 0xFC, 0x95, 0xEA, 0x8A,
-        0xC3, 0x03, 0xFB, 0x8B, 0xDD, 0x29, 0xBB, 0x9D,
-        0x18, 0xA0, 0x3B, 0xA4, 0x4E, 0x58, 0xB1, 0xB0,
-        0xB8, 0x5A, 0x2A, 0x16, 0x62, 0xE6, 0xA3, 0x1D,
-        0xA7, 0x54, 0x55, 0x11, 0xA4, 0x78, 0xA1, 0x81,
-        0x77, 0x88, 0x90, 0x61, 0xEF, 0x76, 0x63, 0x12,
-        0x64, 0x23, 0x9A, 0xDE, 0xBD, 0x04, 0xA8, 0xC5,
-        0x2B, 0x72, 0xE2, 0xB1, 0xF3, 0xA2, 0xDF, 0xBB,
-        0xD8, 0xC0, 0x54, 0xE7, 0x0C, 0xC2, 0xA7, 0x42,
-        0xE7, 0xB7, 0xD4, 0x17, 0xDF, 0xED, 0x31, 0x44,
-        0x22, 0x18, 0x7D, 0xE1, 0xB2, 0x95, 0x44, 0x81,
-        0x19, 0x57, 0x55, 0xEC, 0x04, 0xBB, 0x76, 0x71,
-        0xC4, 0x33, 0x14, 0x46, 0xBB, 0xE8, 0x95, 0x25,
-        0x14, 0x90, 0x53, 0x21, 0xA2, 0x17, 0x6E, 0x93,
-        0x5B, 0x54, 0x20, 0xC0, 0xD5, 0xEA, 0x44, 0x65
+        0x69, 0xF9, 0xCB, 0xFD, 0x12, 0x37, 0xBA, 0x16,
+        0x1C, 0xF6, 0xE6, 0xC1, 0x8F, 0x48, 0x8F, 0xC6,
+        0xE3, 0x9A, 0xB4, 0xA5, 0xC9, 0xE6, 0xC2, 0x2E,
+        0xA4, 0xE3, 0xAD, 0x8F, 0x26, 0x7A, 0x9C, 0x44,
+        0x20, 0x10, 0xD3, 0x2E, 0x61, 0xF8, 0x3E, 0x6B,
+        0xFA, 0x5C, 0x58, 0x70, 0x61, 0x45, 0x37, 0x6D,
+        0xBB, 0x84, 0x95, 0x28, 0xF6, 0x80, 0x07, 0xC8,
+        0x22, 0xB3, 0x3A, 0x95, 0xB8, 0x49, 0x04, 0xDC,
+        0xD2, 0x70, 0x8D, 0x03, 0x40, 0xC8, 0xB8, 0x08,
+        0xBC, 0xD3, 0xAA, 0xD0, 0xE4, 0x8B, 0x85, 0x84,
+        0x95, 0x83, 0xA1, 0xB4, 0xE5, 0x94, 0x5D, 0xD9,
+        0x51, 0x4A, 0x7F, 0x64, 0x61, 0xE0, 0x57, 0xB7,
+        0xEC, 0xF6, 0x19, 0x57, 0xE9, 0x7C, 0xF6, 0x28,
+        0x15, 0xF9, 0xC3, 0x22, 0x94, 0xB3, 0x26, 0xE1,
+        0xA1, 0xC4, 0xE3, 0x60, 0xB9, 0x49, 0x8B, 0xA8,
+        0x0F, 0x8C, 0xA9, 0x15, 0x32, 0xB1, 0x71, 0xD0,
+        0xAE, 0xFC, 0x48, 0x49, 0xFA, 0x53, 0xBC, 0x61,
+        0x79, 0x32, 0xE2, 0x08, 0xA6, 0x77, 0xC6, 0x04,
+        0x4A, 0x66, 0x00, 0xB8, 0xD8, 0xB8, 0x3F, 0x26,
+        0xA7, 0x47, 0xB1, 0x8C, 0xFB, 0x78, 0xBE, 0xAF,
+        0xC5, 0x51, 0xAD, 0x52, 0xB7, 0xCA, 0x6C, 0xB8,
+        0x8F, 0x3B, 0x5D, 0x9C, 0xE2, 0xAF, 0x6C, 0x67,
+        0x95, 0x6C, 0x47, 0x8C, 0xEF, 0x49, 0x1F, 0x59,
+        0xE0, 0x19, 0x1B, 0x3B, 0xBE, 0x92, 0x9B, 0x94,
+        0xB6, 0x66, 0xC1, 0x76, 0x13, 0x8B, 0x00, 0xF4,
+        0x97, 0x24, 0x34, 0x1E, 0xE2, 0xE1, 0x64, 0xB9,
+        0x4C, 0x05, 0x3C, 0x18, 0x5A, 0x51, 0xF9, 0x3E,
+        0x00, 0xF3, 0x68, 0x61, 0x61, 0x3A, 0x7F, 0xD7,
+        0x2F, 0xEB, 0xD2, 0x3A, 0x8B, 0x96, 0xA2, 0x60,
+        0x23, 0x42, 0x39, 0xC9, 0x62, 0x8F, 0x99, 0x5D,
+        0xC1, 0x38, 0x07, 0xB4, 0x3A, 0x69, 0x46, 0x81,
+        0x67, 0xCB, 0x1A, 0x8F, 0x9D, 0xD0, 0x7E, 0xE3,
+        0xB3, 0x32, 0x38, 0xF6, 0x30, 0x96, 0xEB, 0xC4,
+        0x9D, 0x50, 0x51, 0xC4, 0xB6, 0x59, 0x63, 0xD7,
+        0x4A, 0x47, 0x66, 0xC2, 0x26, 0xF0, 0xB9, 0x4F,
+        0x18, 0x62, 0xC2, 0x12, 0x4C, 0x8C, 0x74, 0x97,
+        0x48, 0xC0, 0xBC, 0x4D, 0xC1, 0x4C, 0xB3, 0x49,
+        0x06, 0xB8, 0x1C, 0x55, 0x24, 0xFB, 0x81, 0x00,
+        0x79, 0x85, 0x42, 0xDC, 0x6C, 0xC2, 0xAA, 0x0A,
+        0x70, 0x85, 0x75, 0xEA, 0xBC, 0xC1, 0x1F, 0x96,
+        0xA9, 0xE6, 0x1C, 0x01, 0x7A, 0x96, 0xA7, 0xCE,
+        0x93, 0xC4, 0x20, 0x91, 0x73, 0x71, 0x13, 0xAE,
+        0x78, 0x3C, 0x0A, 0xE8, 0x75, 0x5E, 0x59, 0x41,
+        0x11, 0xED, 0xFA, 0xBF, 0xD8, 0x6C, 0x32, 0x12,
+        0xC6, 0x12, 0xA7, 0xB6, 0x2A, 0xFD, 0x3C, 0x7A,
+        0x5C, 0x78, 0xB2, 0xF0, 0x73, 0x44, 0xB7, 0x89,
+        0xC2, 0xB2, 0xDB, 0xB5, 0xF4, 0x44, 0x8B, 0xE9,
+        0x7B, 0xBA, 0x42, 0x33, 0xC0, 0x03, 0x9C, 0x0F,
+        0xE8, 0x43, 0x00, 0xF9, 0xB0, 0x3A, 0xC9, 0x94,
+        0x97, 0xE6, 0xD4, 0x6B, 0x6E, 0x95, 0x30, 0x8F,
+        0xF8, 0x47, 0x90, 0xF6, 0x12, 0xCF, 0x18, 0x6E,
+        0xC1, 0x68, 0x11, 0xE8, 0x0C, 0x17, 0x93, 0x16,
+        0xA6, 0x3B, 0x25, 0x70, 0x3F, 0x60, 0xB8, 0x42,
+        0xB6, 0x19, 0x07, 0xE6, 0x28, 0x94, 0xE7, 0x36,
+        0x64, 0x7B, 0x3C, 0x09, 0xDA, 0x6F, 0xEC, 0x59,
+        0x32, 0x78, 0x2B, 0x36, 0xE0, 0x63, 0x50, 0x85,
+        0xA3, 0x94, 0x9E, 0x69, 0x4D, 0x7E, 0x17, 0xCB,
+        0xA3, 0xD9, 0x06, 0x43, 0x30, 0x43, 0x8C, 0x07,
+        0x1B, 0x58, 0x36, 0xA7, 0x70, 0xC5, 0x5F, 0x62,
+        0x13, 0xCC, 0x14, 0x25, 0x84, 0x5D, 0xE5, 0xA3,
+        0x34, 0xD7, 0x5D, 0x3E, 0x50, 0x58, 0xC7, 0x80,
+        0x9F, 0xDA, 0x4B, 0xCD, 0x78, 0x19, 0x1D, 0xA9,
+        0x79, 0x73, 0x25, 0xE6, 0x23, 0x6C, 0x26, 0x50,
+        0xFC, 0x60, 0x4E, 0xE4, 0x3A, 0x83, 0xCE, 0xB3,
+        0x49, 0x80, 0x08, 0x44, 0x03, 0xA3, 0x32, 0x59,
+        0x85, 0x79, 0x07, 0x79, 0x9A, 0x9D, 0x2A, 0x71,
+        0x3A, 0x63, 0x3B, 0x5C, 0x90, 0x47, 0x27, 0xF6,
+        0x1E, 0x42, 0x52, 0x09, 0x91, 0xD6, 0x55, 0x70,
+        0x5C, 0xB6, 0xBC, 0x1B, 0x74, 0xAF, 0x60, 0x71,
+        0x3E, 0xF8, 0x71, 0x2F, 0x14, 0x08, 0x68, 0x69,
+        0xBE, 0x8E, 0xB2, 0x97, 0xD2, 0x28, 0xB3, 0x25,
+        0xA0, 0x60, 0x9F, 0xD6, 0x15, 0xEA, 0xB7, 0x08,
+        0x15, 0x40, 0xA6, 0x1A, 0x82, 0xAB, 0xF4, 0x3B,
+        0x7D, 0xF9, 0x8A, 0x59, 0x5B, 0xE1, 0x1F, 0x41,
+        0x6B, 0x41, 0xE1, 0xEB, 0x75, 0xBB, 0x57, 0x97,
+        0x7C, 0x25, 0xC6, 0x4E, 0x97, 0x43, 0x7D, 0x88,
+        0xCA, 0x5F, 0xDA, 0x61, 0x59, 0xD6, 0x68, 0xF6,
+        0xBA, 0xB8, 0x15, 0x75, 0x55, 0xB5, 0xD5, 0x4C,
+        0x0F, 0x47, 0xCB, 0xCD, 0x16, 0x84, 0x3B, 0x1A,
+        0x0A, 0x0F, 0x02, 0x10, 0xEE, 0x31, 0x03, 0x13,
+        0x96, 0x7F, 0x3D, 0x51, 0x64, 0x99, 0x01, 0x8F,
+        0xDF, 0x31, 0x14, 0x77, 0x24, 0x70, 0xA1, 0x88,
+        0x9C, 0xC0, 0x6C, 0xB6, 0xB6, 0x69, 0x0A, 0xC3,
+        0x1A, 0xBC, 0xFA, 0xF4, 0xBC, 0x70, 0x76, 0x84,
+        0x54, 0x5B, 0x00, 0x0B, 0x58, 0x0C, 0xCB, 0xFC,
+        0xBC, 0xE9, 0xFA, 0x70, 0xAA, 0xEA, 0x0B, 0xBD,
+        0x91, 0x10, 0x99, 0x2A, 0x7C, 0x6C, 0x06, 0xCB,
+        0x36, 0x85, 0x27, 0xFD, 0x22, 0x90, 0x90, 0x75,
+        0x7E, 0x6F, 0xE7, 0x57, 0x05, 0xFA, 0x59, 0x2A,
+        0x76, 0x08, 0xF0, 0x50, 0xC6, 0xF8, 0x87, 0x03,
+        0xCC, 0x28, 0xCB, 0x00, 0x0C, 0x1D, 0x7E, 0x77,
+        0xB8, 0x97, 0xB7, 0x2C, 0x62, 0xBC, 0xC7, 0xAE,
+        0xA2, 0x1A, 0x57, 0x72, 0x94, 0x83, 0xD2, 0x21,
+        0x18, 0x32, 0xBE, 0xD6, 0x12, 0x43, 0x0C, 0x98,
+        0x31, 0x03, 0xC6, 0x9E, 0x8C, 0x07, 0x2C, 0x0E,
+        0xA7, 0x89, 0x8F, 0x22, 0x83, 0xBE, 0xC4, 0x8C,
+        0x5A, 0xC8, 0x19, 0x84, 0xD4, 0xA5, 0xA8, 0x36,
+        0x19, 0x73, 0x5A, 0x84, 0x2B, 0xD1, 0x72, 0xC0,
+        0xD1, 0xB3, 0x9F, 0x43, 0x58, 0x8A, 0xF1, 0x70,
+        0x45, 0x8B, 0xA9, 0xEE, 0x74, 0x92, 0xEA, 0xAA,
+        0x94, 0xEA, 0x53, 0xA4, 0xD3, 0x84, 0x98, 0xEC,
+        0xBB, 0x98, 0xA5, 0xF4, 0x07, 0xE7, 0xC9, 0x7B,
+        0x4E, 0x16, 0x6E, 0x39, 0x71, 0x92, 0xC2, 0x16,
+        0x03, 0x30, 0x14, 0xB8, 0x78, 0xE9, 0x38, 0x07,
+        0x5C, 0x6C, 0x1F, 0x10, 0xA0, 0x06, 0x5A, 0xBC,
+        0x31, 0x63, 0x72, 0x2F, 0x1A, 0x2E, 0xFF, 0xEC,
+        0x8D, 0x6E, 0x3A, 0x0C, 0x4F, 0x71, 0x74, 0xFC,
+        0x16, 0xB7, 0x9F, 0xB5, 0x18, 0x6A, 0x75, 0x16,
+        0x8F, 0x81, 0xA5, 0x6A, 0xA4, 0x8A, 0x20, 0xA0,
+        0x4B, 0xDD, 0xF1, 0x82, 0xC6, 0xE1, 0x79, 0xC3,
+        0xF6, 0x90, 0x61, 0x55, 0x5E, 0xF7, 0x39, 0x6D,
+        0xD0, 0xB7, 0x49, 0x96, 0x01, 0xA6, 0xEB, 0x3A,
+        0x96, 0xA9, 0xA2, 0x2D, 0x04, 0xF1, 0x16, 0x8D,
+        0xB5, 0x63, 0x55, 0xB0, 0x76, 0x00, 0xA2, 0x03,
+        0x70, 0x63, 0x7B, 0x64, 0x59, 0x76, 0xBB, 0xD9,
+        0x7B, 0x6D, 0x62, 0x88, 0xA0, 0xD3, 0x03, 0x63,
+        0x60, 0x47, 0x2E, 0x3A, 0xC7, 0x1D, 0x56, 0x6D,
+        0xB8, 0xFB, 0xB1, 0xB1, 0xD7, 0x6C, 0xB7, 0x55,
+        0xCD, 0x0D, 0x68, 0xBD, 0xBF, 0xC0, 0x48, 0xEB,
+        0xA2, 0x52, 0x5E, 0xEA, 0x9D, 0xD5, 0xB1, 0x44,
+        0xFB, 0x3B, 0x60, 0xFB, 0xC3, 0x42, 0x39, 0x32,
+        0x0C, 0xBC, 0x06, 0x9B, 0x35, 0xAB, 0x16, 0xB8,
+        0x75, 0x65, 0x36, 0xFB, 0x33, 0xE8, 0xA6, 0xAF,
+        0x1D, 0xD4, 0x2C, 0x79, 0xF4, 0x8A, 0xD1, 0x20,
+        0xAE, 0x4B, 0x15, 0x9D, 0x3D, 0x8C, 0x31, 0x90,
+        0x60, 0xCC, 0xE5, 0x69, 0xC3, 0xF6, 0x03, 0x53,
+        0x65, 0x58, 0x5D, 0x34, 0x41, 0x37, 0x95, 0xA6,
+        0xA1, 0x8E, 0xC5, 0x13, 0x6A, 0xB1, 0x3C, 0x90,
+        0xE3, 0xAF, 0x14, 0xC0, 0xB8, 0xA4, 0x64, 0xC8,
+        0x6B, 0x90, 0x73, 0x22, 0x2B, 0x56, 0xB3, 0xF7,
+        0x32, 0x8A, 0xEA, 0x79, 0x81, 0x55, 0x32, 0x59,
+        0x11, 0x25, 0x0E, 0xF0, 0x16, 0xD7, 0x28, 0x02,
+        0xE3, 0x87, 0x8A, 0xA5, 0x05, 0x40, 0xCC, 0x98,
+        0x39, 0x56, 0x97, 0x1D, 0x6E, 0xFA, 0x35, 0x2C,
+        0x02, 0x55, 0x4D, 0xC7, 0x60, 0xA5, 0xA9, 0x13,
+        0x58, 0xEA, 0x56, 0x37, 0x08, 0x84, 0xFD, 0x5B,
+        0x3F, 0x85, 0xB7, 0x0E, 0x83, 0xE4, 0x69, 0x7D,
+        0xEB, 0x17, 0x05, 0x16, 0x9E, 0x9C, 0x60, 0xA7,
+        0x45, 0x28, 0xCF, 0x15, 0x28, 0x1C, 0xB1, 0xB1,
+        0xC4, 0x57, 0xD4, 0x67, 0xB5, 0xF9, 0x3A, 0x60,
+        0x37, 0x3D, 0x10, 0xE0, 0xCF, 0x6A, 0x83, 0x7A,
+        0xA3, 0xC9, 0x59, 0x6A, 0x72, 0xBE, 0xC2, 0x9B,
+        0x2D, 0x7E, 0x58, 0x65, 0x3D, 0x53, 0x30, 0x61,
+        0xD3, 0x81, 0xD5, 0x17, 0x59, 0x75, 0x22, 0x17,
+        0xEB, 0x46, 0xCA, 0xC7, 0x80, 0x7C, 0x4A, 0xD3,
+        0x8B, 0x61, 0x16, 0x44, 0xAC, 0xF0, 0xA3, 0xF2,
+        0x6B, 0x6B, 0x08, 0x4A, 0xB4, 0x7A, 0x83, 0xBF,
+        0x0D, 0x69, 0x6F, 0x8A, 0x47, 0x68, 0xFC, 0x35,
+        0xBC, 0xA6, 0xBC, 0x79, 0x03, 0xB2, 0xA2, 0x37,
+        0xC2, 0x77, 0x49, 0xF5, 0x51, 0x0C, 0x86, 0x38,
+        0x69, 0xE6, 0xAE, 0x56, 0xBB, 0x2A, 0xFE, 0x47,
+        0x71, 0xC9, 0x22, 0x18, 0x74, 0xF5, 0x0F, 0x5B,
+        0x14, 0xBA, 0xAD, 0x59, 0x93, 0xB4, 0x92, 0x38,
+        0xFD, 0x0A, 0x0C, 0x9F, 0x79, 0xB7, 0xB4, 0x58,
+        0x4E, 0x41, 0x30, 0x1F, 0x7A, 0x88, 0x5C, 0x9F,
+        0x91, 0x81, 0x9B, 0xEA, 0x00, 0xD5, 0x12, 0x58,
+        0x17, 0x30, 0x53, 0x9F, 0xB3, 0x7E, 0x59, 0xE8,
+        0x6A, 0x6D, 0x19, 0xCA, 0x25, 0xF0, 0xA8, 0x11,
+        0xC9, 0xB4, 0x28, 0xBA, 0x86, 0x14, 0xAA, 0x4F,
+        0x94, 0x80, 0x7B, 0xC0, 0x31, 0xCB, 0xCC, 0x18,
+        0x3F, 0x3B, 0xF0, 0x7F, 0xE2, 0xC1, 0xA6, 0xEB,
+        0xA8, 0x0D, 0x5A, 0x70, 0x6E, 0xE0, 0xDA, 0xB2,
+        0x7E, 0x23, 0x14, 0x58, 0x02, 0x5D, 0x84, 0xA7,
+        0xA9, 0xB0, 0x23, 0x05, 0x01, 0x11, 0x6C, 0x29,
+        0x0A, 0x6B, 0xB5, 0x06, 0x26, 0xD9, 0x7B, 0x93,
+        0x98, 0x50, 0x94, 0x28, 0x28, 0x39, 0x0B, 0x0A,
+        0x20, 0x01, 0xB7, 0x85, 0x3A, 0xD1, 0xAE, 0x9B,
+        0x01, 0x1B, 0x2D, 0xB3, 0x6C, 0xAE, 0xEA, 0x73,
+        0xA2, 0x32, 0x8E, 0x3C, 0x56, 0x48, 0x5B, 0x49,
+        0x1C, 0x29, 0x91, 0x15, 0xA0, 0x17, 0xC9, 0x07,
+        0xAB, 0x54, 0x31, 0x72, 0x60, 0xA5, 0x93, 0xA0,
+        0xD7, 0xBA, 0x6D, 0x06, 0x61, 0x5D, 0x6E, 0x2C,
+        0xA8, 0x4B, 0x86, 0x0E, 0xFF, 0x3C, 0xCB, 0x59,
+        0x72, 0x11, 0xBF, 0xE3, 0x6B, 0xDE, 0xF8, 0x06,
+        0x9A, 0xFA, 0x36, 0xC5, 0xA7, 0x33, 0x92, 0x72,
+        0x26, 0x50, 0xE4, 0x95, 0x7D, 0xCA, 0x59, 0x7A,
+        0xCB, 0xA5, 0x60, 0x5B, 0x63, 0xC1, 0x63, 0xCF,
+        0xA9, 0x4B, 0x64, 0xDD, 0xD6, 0x23, 0x01, 0xA4,
+        0x33, 0x20, 0x83, 0x36, 0x19, 0x72, 0x58, 0x9D,
+        0xB0, 0x59, 0x9A, 0x69, 0x4D, 0xD4, 0x54, 0x7A,
+        0x5E, 0xE9, 0x19, 0x65, 0x77, 0xC2, 0x2E, 0xD4,
+        0x27, 0xAC, 0x89, 0xBB, 0x8B, 0xA3, 0x75, 0x3E,
+        0xB7, 0x6C, 0x41, 0xF2, 0xC1, 0x12, 0x9C, 0x8A,
+        0x77, 0xD6, 0x80, 0x5F, 0xA7, 0x19, 0xB1, 0xB6,
+        0xCA, 0x11, 0xB7, 0x40, 0xA7, 0x8A, 0x3D, 0x41,
+        0xB5, 0x33, 0x05, 0x26, 0xAB, 0x87, 0xD5, 0x8D,
+        0x59, 0x25, 0x31, 0x5A, 0x14, 0x85, 0xED, 0xC6,
+        0x47, 0xC1, 0x60, 0x4E, 0xB3, 0x81, 0x38, 0xDE,
+        0x63, 0x7A, 0xD2, 0xC6, 0xCA, 0x5B, 0xE4, 0x4E,
+        0x10, 0x08, 0xB2, 0xC0, 0x86, 0x7B, 0x22, 0x9C,
+        0xCC, 0x36, 0x61, 0x9E, 0x27, 0x58, 0xC4, 0xC2,
+        0x02, 0x9E, 0xAE, 0xB2, 0x6E, 0x7A, 0x80, 0x3F,
+        0xCA, 0x30, 0x5A, 0x59, 0xCD, 0x58, 0x5E, 0x11,
+        0x7D, 0x69, 0x8E, 0xCE, 0x01, 0x1C, 0xC3, 0xFC,
+        0xE5, 0x4D, 0x2E, 0x11, 0x45, 0x45, 0xA2, 0x1A,
+        0xC5, 0xBE, 0x67, 0x71, 0xAB, 0x8F, 0x13, 0x12,
+        0x2F, 0xAD, 0x29, 0x5E, 0x74, 0x5A, 0x50, 0x3B,
+        0x14, 0x2F, 0x91, 0xAE, 0xF7, 0xBD, 0xE9, 0x99,
+        0x98, 0x84, 0x5F, 0xDA, 0x04, 0x35, 0x55, 0xC9,
+        0xC1, 0xEE, 0x53, 0x5B, 0xE1, 0x25, 0xE5, 0xDC,
+        0xE5, 0xD2, 0x66, 0x66, 0x7E, 0x72, 0x3E, 0x67,
+        0xB6, 0xBA, 0x89, 0x1C, 0x16, 0xCB, 0xA1, 0x74,
+        0x09, 0x8A, 0x3F, 0x35, 0x17, 0x78, 0xB0, 0x88,
+        0x8C, 0x95, 0x90, 0xA9, 0x09, 0x0C, 0xD4, 0x04
     };
     static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = {
-        0x84, 0xA1, 0x88, 0xA0, 0x72, 0xE4, 0xD4, 0xF4,
-        0x49, 0xA4, 0xBE, 0x17, 0x02, 0x74, 0xDD, 0x2A,
-        0x5F, 0x3E, 0x35, 0x6E, 0x95, 0xB9, 0x6E, 0x40,
-        0xAD, 0x3F, 0xF1, 0x45, 0x5E, 0x36, 0xC6, 0xA7,
-        0x1E, 0x90, 0x9D, 0xD2, 0xC0, 0xDF, 0xF8, 0xAD,
-        0x2C, 0x9F, 0x50, 0x3B, 0xAC, 0x90, 0x65, 0x71,
-        0x62, 0x48, 0x08, 0x3B, 0xDA, 0x40, 0xCE, 0xCB,
-        0x38, 0xE3, 0xB3, 0x05, 0x8B, 0xAF, 0x51, 0xA7,
-        0x57, 0x23, 0x84, 0xFF, 0x84, 0x06, 0xA8, 0x13,
-        0x6A, 0x4F, 0xC6, 0xD9, 0x12, 0xA5, 0x4B, 0x2E,
-        0xB5, 0xB9, 0xD5, 0x98, 0xFB, 0x68, 0x9E, 0x72,
-        0xED, 0x3D, 0xEF, 0xD2, 0xFF, 0x83, 0x55, 0xED,
-        0x9E, 0x9C, 0xCA, 0x53, 0xE8, 0x2C, 0x08, 0x86,
-        0xE0, 0x94, 0xC5, 0x92, 0xC3, 0x92, 0x31, 0x1F,
-        0x04, 0xFE, 0xC6, 0x8F, 0x9A, 0x1C, 0x53, 0x1C,
-        0xF3, 0x41, 0x90, 0x30, 0x89, 0x2B, 0x5B, 0xDC,
-        0xAC, 0xEE, 0xF6, 0xA0, 0xE7, 0xF1, 0xBD, 0x44,
-        0x90, 0x3F, 0x49, 0xDE, 0x8E, 0x37, 0xB0, 0x2B,
-        0xA3, 0xFC, 0x51, 0x21, 0xD9, 0x9F, 0x8C, 0xC3,
-        0x04, 0x0F, 0x66, 0x83, 0x2F, 0x77, 0x02, 0x1B,
-        0x4C, 0xA3, 0x5F, 0x7A, 0x48, 0x25, 0x03, 0x89,
-        0x36, 0x56, 0x4C, 0xA2, 0xE6, 0x73, 0xFF, 0x9C,
-        0xC0, 0x51, 0x9C, 0x25, 0xF6, 0xA5, 0x2D, 0x87,
-        0xED, 0xD9, 0x65, 0xB2, 0x46, 0x4A, 0xA3, 0x65,
-        0xD2, 0xBF, 0x06, 0x8B, 0x72, 0xFC, 0x68, 0xB6,
-        0x5E, 0x88, 0x51, 0x5E, 0x2C, 0x83, 0x2B, 0xBD,
-        0xB2, 0x7D, 0x61, 0xBF, 0x51, 0x2B, 0x5F, 0xC2,
-        0xD8, 0x59, 0x0F, 0xB3, 0x5F, 0x49, 0x50, 0x0C,
-        0xAF, 0xE7, 0x0E, 0x7D, 0x07, 0x76, 0xB5, 0xC4,
-        0xE4, 0x50, 0x3A, 0x71, 0x89, 0xAD, 0xBA, 0xFF,
-        0x5D, 0x5B, 0x51, 0x5C, 0xC6, 0x8B, 0x2F, 0x81,
-        0xD9, 0x93, 0xC6, 0xD7, 0xFA, 0x7D, 0x3D, 0x1D,
-        0x90, 0xEB, 0xFF, 0x51, 0xDA, 0x3F, 0xBB, 0xB4,
-        0x43, 0x0E, 0x5B, 0xBE, 0xDB, 0xCA, 0x8D, 0xA0,
-        0x78, 0xDC, 0xE8, 0xEC, 0x81, 0x5B, 0x16, 0x8B,
-        0xFC, 0x09, 0xAB, 0x4A, 0x20, 0x67, 0x88, 0x70,
-        0xF4, 0x86, 0x8B, 0x1F, 0xAE, 0x28, 0xD2, 0x09,
-        0xC7, 0x53, 0x68, 0xA7, 0x99, 0x31, 0x7D, 0xFA,
-        0x08, 0xC2, 0xB6, 0x51, 0xFA, 0xC7, 0x2D, 0xCA,
-        0x2A, 0x1B, 0x4C, 0xBB, 0x75, 0xE8, 0x73, 0xF1,
-        0x5C, 0x51, 0xB6, 0xD0, 0xB5, 0xE6, 0xF5, 0xE6,
-        0x0E, 0x2A, 0xF6, 0xC4, 0x0D, 0x2C, 0xAB, 0xCB,
-        0xF3, 0x58, 0x8F, 0x44, 0xBC, 0xEA, 0x6D, 0x72,
-        0xD3, 0x59, 0xF4, 0x0F, 0x9C, 0xF5, 0xE0, 0xEC,
-        0x40, 0xA5, 0x21, 0x5E, 0x5A, 0xCE, 0xEA, 0xF0,
-        0xDA, 0x00, 0xD9, 0x23, 0xD4, 0xCE, 0xFF, 0x5C,
-        0x3A, 0x3A, 0xB1, 0xE4, 0x6C, 0x75, 0x4F, 0x4A,
-        0xE0, 0x52, 0xC2, 0xBC, 0x49, 0xFD, 0xB4, 0x52,
-        0x1A, 0xE4, 0x4D, 0xF6, 0x34, 0xD5, 0x6E, 0x43,
-        0x3D, 0xAD, 0x3D, 0xF3, 0xC0, 0x71, 0x15, 0x40,
-        0x6F, 0xF8, 0xBF, 0xD0, 0xD7, 0xC9, 0x3B, 0x49,
-        0x41, 0xD0, 0xF0, 0x92, 0x13, 0xC1, 0x68, 0x1C,
-        0xFD, 0x5C, 0x86, 0x63, 0xDF, 0x02, 0x04, 0x1A,
-        0x3C, 0xBD, 0x16, 0x2F, 0x5C, 0x4D, 0x80, 0xCB,
-        0x1D, 0xC7, 0xD4, 0xA5, 0x01, 0xAD, 0x06, 0xFE,
-        0x96, 0xEB, 0x34, 0x8B, 0x6E, 0x33, 0x1C, 0x82,
-        0x96, 0xFE, 0x90, 0x4E, 0xB9, 0x7C, 0x08, 0x74,
-        0x56, 0x32, 0x8D, 0x70, 0x3B, 0x85, 0xBD, 0xAC,
-        0x2F, 0xB4, 0x3C, 0x72, 0x8D, 0x0B, 0x05, 0xFC,
-        0x54, 0xB8, 0xC1, 0x55, 0xC0, 0x10, 0xEF, 0x0D,
-        0xB1, 0x4C, 0xC6, 0x68, 0xD1, 0xB1, 0xBC, 0x72,
-        0x7A, 0xF8, 0x86, 0x40, 0x76, 0x73, 0x6B, 0x89,
-        0x8B, 0xAB, 0xA1, 0xC8, 0x1D, 0xCA, 0x20, 0x53,
-        0xF5, 0x85, 0x87, 0xD3, 0xC4, 0xE3, 0x3C, 0x69,
-        0x4A, 0x26, 0x4B, 0xE2, 0x89, 0x7E, 0x7D, 0x2E,
-        0xEF, 0xAD, 0xDA, 0x9F, 0xF8, 0x8D, 0x70, 0xBF,
-        0x37, 0x31, 0xF1, 0x22, 0x8C, 0xB3, 0xE1, 0x31,
-        0xEB, 0x0C, 0xB7, 0x6F, 0xDB, 0xD2, 0xCC, 0xB1,
-        0xCB, 0xC1, 0x8D, 0x14, 0x50, 0xAC, 0x7A, 0x16,
-        0x34, 0x9E, 0x71, 0x29, 0xCA, 0xB7, 0x20, 0xD5,
-        0xCB, 0x70, 0xB5, 0x6E, 0x85, 0x5E, 0x83, 0x05,
-        0xDC, 0xDA, 0x73, 0x0B, 0xBD, 0x0E, 0xA3, 0x3E,
-        0xF0, 0x81, 0x5D, 0x02, 0x19, 0x0B, 0xB9, 0x8E,
-        0x30, 0xF7, 0x3B, 0xF7, 0x78, 0x9C, 0xDD, 0x67,
-        0x3C, 0x61, 0x3B, 0x0C, 0x57, 0xCB, 0x2E, 0xF3,
-        0x2E, 0x67, 0x0A, 0x98, 0xD2, 0xD6, 0x30, 0x67,
-        0x07, 0x73, 0xC5, 0x9D, 0x8A, 0x6A, 0x2C, 0xFC,
-        0xFF, 0x1C, 0x7C, 0xA1, 0xBB, 0x55, 0xC1, 0x7A,
-        0x32, 0xCB, 0x65, 0xA2, 0xEA, 0x19, 0xC7, 0xB8,
-        0xE2, 0x95, 0xC6, 0x89, 0x8C, 0xF3, 0x2F, 0xEE,
-        0x1D, 0xEB, 0x01, 0x47, 0x2B, 0xE7, 0x6C, 0x3A,
-        0x78, 0xCB, 0x24, 0x2E, 0xDF, 0xE2, 0x1D, 0x96,
-        0x1F, 0xCB, 0x85, 0xC3, 0xCF, 0x6C, 0xEE, 0x21,
-        0x89, 0x86, 0xC1, 0xBD, 0x93, 0x2B, 0xF9, 0x7B,
-        0xC6, 0xDE, 0xCA, 0xAB, 0xF8, 0xC6, 0x29, 0x40,
-        0xC0, 0xA5, 0x8E, 0x87, 0xC6, 0xED, 0xDC, 0xD7,
-        0x4B, 0x7F, 0x71, 0x5D, 0x8C, 0x22, 0x52, 0x05,
-        0x46, 0x23, 0x9F, 0x3A, 0xAA, 0x10, 0xA4, 0x35,
-        0x82, 0x01, 0x03, 0xB4, 0xE3, 0x29, 0x53, 0x11,
-        0xD9, 0x92, 0xC9, 0xC8, 0x77, 0x1A, 0x3C, 0xE8,
-        0x49, 0x86, 0x8F, 0x36, 0xF3, 0x12, 0x14, 0xF9,
-        0x63, 0x9C, 0x02, 0x8F, 0x4A, 0x5F, 0x49, 0x45,
-        0xF2, 0xBE, 0xC9, 0x58, 0x50, 0x77, 0xBF, 0x2F,
-        0x63, 0x7D, 0x25, 0x49, 0xF8, 0x34, 0x8C, 0x00,
-        0xEC, 0xBF, 0x19, 0xC4, 0x70, 0xDF, 0x25, 0x5E,
-        0xFF, 0x62, 0x32, 0x81, 0x34, 0x29, 0xF8, 0x53
+        0x16, 0x1C, 0xD2, 0x59, 0xFE, 0xAA, 0x7E, 0xC6,
+        0xB2, 0x86, 0x49, 0x8A, 0x9A, 0x6F, 0x69, 0xF8,
+        0xB2, 0x62, 0xA2, 0xE2, 0x09, 0x3D, 0x0F, 0xBD,
+        0x76, 0xD5, 0xDC, 0x1C, 0x9F, 0xDE, 0x0D, 0xED,
+        0xB3, 0x65, 0x81, 0x00, 0x4C, 0xB4, 0x81, 0x12,
+        0xF8, 0x52, 0xE7, 0xF8, 0x7F, 0x64, 0x9E, 0x8A,
+        0x42, 0xCD, 0x9E, 0x03, 0x49, 0xE7, 0xDA, 0xBD,
+        0xF0, 0xA9, 0xAC, 0x1B, 0x52, 0x1C, 0x37, 0xEA,
+        0x52, 0x41, 0x37, 0x0A, 0x8A, 0xB2, 0x91, 0x1C,
+        0xC7, 0x99, 0x02, 0xC9, 0x5D, 0x28, 0x22, 0x4F,
+        0xA8, 0x89, 0x6A, 0xD7, 0x15, 0x20, 0x9E, 0xCD,
+        0xD5, 0xD7, 0x84, 0xE9, 0x1D, 0xD9, 0xD0, 0xBE,
+        0x91, 0x6B, 0x45, 0x65, 0xF4, 0xD5, 0x66, 0x9A,
+        0xEE, 0x0D, 0xEF, 0x93, 0x1E, 0x97, 0x68, 0x29,
+        0x4E, 0xEC, 0x52, 0x58, 0xDE, 0x83, 0x91, 0xEC,
+        0xE2, 0x71, 0xE7, 0xE4, 0xCF, 0xD9, 0xD2, 0x3A,
+        0x79, 0xFA, 0xC3, 0xA8, 0xE0, 0xDB, 0x5D, 0xDD,
+        0x6E, 0x01, 0x07, 0x23, 0x56, 0x88, 0xBB, 0xDF,
+        0x7B, 0xC5, 0xD5, 0x63, 0x2F, 0x20, 0x6C, 0x63,
+        0xA0, 0xC9, 0x56, 0x4F, 0x30, 0x96, 0x5C, 0xA5,
+        0x8C, 0x69, 0xFF, 0x92, 0xD2, 0x5A, 0x4F, 0x93,
+        0xA0, 0x9E, 0xAB, 0x9B, 0x90, 0x85, 0x94, 0x7E,
+        0x07, 0x8A, 0x23, 0xE4, 0xD9, 0xC1, 0x3B, 0x8A,
+        0x56, 0xE7, 0x3E, 0x18, 0xDF, 0x42, 0xD6, 0x94,
+        0x9F, 0xAF, 0x59, 0x21, 0xF2, 0xE3, 0x73, 0xD4,
+        0x50, 0xC8, 0xC0, 0x9D, 0x07, 0xB1, 0x52, 0xA9,
+        0x7C, 0x24, 0x54, 0x47, 0x42, 0x94, 0x81, 0xD4,
+        0x98, 0xBE, 0xB7, 0x25, 0x6B, 0xC4, 0x7F, 0x68,
+        0xF9, 0x92, 0x2B, 0x0B, 0x1C, 0x62, 0xD9, 0xC2,
+        0x3F, 0x9F, 0x73, 0x3D, 0xD7, 0x37, 0x92, 0xCF,
+        0xC7, 0xB4, 0x3C, 0xBC, 0xEA, 0x27, 0x7D, 0x51,
+        0xB2, 0xB8, 0xAD, 0x4A, 0x4F, 0x52, 0x2F, 0x64,
+        0x2C, 0xAD, 0x5C, 0x5D, 0xEB, 0x21, 0xF3, 0x62,
+        0x7F, 0x8A, 0xF4, 0xD3, 0xE5, 0xBC, 0x9E, 0x91,
+        0xD4, 0xCB, 0x2F, 0x12, 0x4B, 0x5B, 0xD7, 0xC2,
+        0xF4, 0xA0, 0x50, 0xCA, 0x75, 0x5B, 0xDB, 0x80,
+        0x56, 0x60, 0x96, 0x63, 0xFB, 0x95, 0x11, 0xC9,
+        0xAD, 0x83, 0xB5, 0x03, 0x90, 0x88, 0xCC, 0x01,
+        0xF0, 0xDD, 0x54, 0x35, 0x3B, 0x0D, 0xD7, 0x43,
+        0x3F, 0x0C, 0x6C, 0xEE, 0x0D, 0x07, 0x59, 0x59,
+        0x81, 0x0D, 0xEC, 0x54, 0x16, 0x52, 0x2B, 0xB1,
+        0xF1, 0xF6, 0x55, 0x47, 0xA0, 0xC2, 0xE9, 0xCC,
+        0x9B, 0xC1, 0x7F, 0x8D, 0x39, 0xD2, 0x93, 0x09,
+        0xEB, 0xE7, 0x9F, 0x21, 0x33, 0x1B, 0x75, 0xE1,
+        0x2A, 0xF2, 0xE9, 0x3F, 0x03, 0xF7, 0x4F, 0x7F,
+        0x87, 0xD3, 0x60, 0xF1, 0xDA, 0xF8, 0x6C, 0xED,
+        0x73, 0x60, 0x92, 0xA2, 0x11, 0xA8, 0x15, 0x88,
+        0x59, 0xC4, 0x2E, 0x22, 0x3C, 0xFE, 0x2E, 0x6E,
+        0x55, 0x34, 0x37, 0xD8, 0x05, 0x76, 0xCF, 0xD1,
+        0x94, 0x4E, 0x97, 0xEE, 0xFF, 0x9B, 0x49, 0xE5,
+        0xEC, 0xCF, 0xC6, 0x78, 0xEE, 0x16, 0x52, 0x68,
+        0xDF, 0xE3, 0xD3, 0x59, 0x6B, 0x4B, 0x86, 0x20,
+        0x4A, 0x81, 0xC6, 0x06, 0x3B, 0x0C, 0xDC, 0xE6,
+        0x19, 0xFD, 0xBB, 0x96, 0xDF, 0x7D, 0xE6, 0xE0,
+        0xBD, 0x52, 0x70, 0xB4, 0xD5, 0x9C, 0x4D, 0xC5,
+        0x08, 0x47, 0x6E, 0x7F, 0x07, 0x08, 0xF9, 0x8C,
+        0x7A, 0x4F, 0x66, 0x45, 0xC4, 0x9D, 0x06, 0x10,
+        0x0C, 0x76, 0x0C, 0x59, 0x95, 0x28, 0xD1, 0xB8,
+        0xBB, 0xFE, 0x62, 0x81, 0x91, 0xCC, 0x08, 0x3C,
+        0x8D, 0x22, 0x5A, 0x09, 0x3F, 0x9F, 0x17, 0xE3,
+        0x55, 0x74, 0x98, 0x6F, 0x86, 0xBA, 0xA4, 0x68,
+        0x98, 0xB5, 0x89, 0xF3, 0xCB, 0x7D, 0xB4, 0x6A,
+        0x45, 0xF3, 0xED, 0xD4, 0xFA, 0xC2, 0x08, 0x08,
+        0xF4, 0xCD, 0x02, 0x49, 0xDA, 0x69, 0x3F, 0x8F,
+        0xAB, 0xFB, 0xD4, 0xE1, 0x0C, 0x02, 0xC6, 0x5B,
+        0xA8, 0xC8, 0x61, 0x0F, 0xA8, 0xC6, 0xDF, 0x3D,
+        0xBA, 0xEB, 0x67, 0x63, 0xDD, 0x48, 0x2A, 0xF4,
+        0x15, 0x58, 0xB1, 0xE1, 0x5C, 0xC9, 0xC7, 0xA7,
+        0x2E, 0x07, 0x16, 0x85, 0xAC, 0x19, 0xA0, 0x51,
+        0xF1, 0x92, 0x45, 0xB9, 0xF7, 0x7C, 0x30, 0x38,
+        0xA5, 0x4E, 0x29, 0x58, 0x62, 0x3E, 0xB8, 0x10,
+        0x59, 0x55, 0x60, 0x9E, 0x27, 0xD6, 0x7C, 0xF7,
+        0x2E, 0xC5, 0xC4, 0xA8, 0xE9, 0xB9, 0xC2, 0x92,
+        0x4A, 0x9E, 0x22, 0x98, 0x50, 0x8B, 0xAB, 0xA1,
+        0x3C, 0xF1, 0x11, 0xFD, 0xFB, 0x06, 0x2C, 0x96,
+        0x07, 0xAC, 0x1A, 0xAA, 0x6C, 0x63, 0x73, 0x10,
+        0xA8, 0x89, 0x4B, 0xF0, 0xB9, 0x6F, 0x0C, 0x19,
+        0x13, 0x61, 0x86, 0xB6, 0x18, 0xDF, 0xFB, 0x27,
+        0x55, 0x28, 0xBE, 0xD1, 0xCC, 0x27, 0x15, 0xDE,
+        0xF4, 0x12, 0xF7, 0x7A, 0x3C, 0xF9, 0x66, 0x45,
+        0x73, 0x3B, 0x04, 0x8A, 0x78, 0x47, 0x43, 0x20,
+        0xD1, 0xA3, 0x80, 0xF5, 0xEE, 0xDB, 0xDA, 0x21,
+        0xFA, 0x01, 0x25, 0xC9, 0x1D, 0x3C, 0x37, 0xC5,
+        0x4B, 0xF3, 0x75, 0x2A, 0x1F, 0x84, 0x71, 0xC8,
+        0x1F, 0xCA, 0xE2, 0xD3, 0xED, 0xA9, 0x66, 0xE1,
+        0x4E, 0x66, 0xF2, 0x23, 0xB0, 0x54, 0xD7, 0x98,
+        0x48, 0xFF, 0x94, 0x11, 0xD6, 0x34, 0x02, 0x4A,
+        0x09, 0x89, 0x70, 0xAD, 0xE6, 0xA8, 0x8B, 0x5F,
+        0x90, 0x69, 0xF7, 0x60, 0x58, 0x4D, 0xC4, 0xCF,
+        0xFF, 0xCE, 0xA8, 0xEC, 0xE1, 0x1B, 0xB5, 0x56,
+        0x6B, 0xD2, 0x36, 0x0A, 0xB7, 0x07, 0xDF, 0x2D,
+        0x21, 0xB6, 0x74, 0x88, 0xD9, 0x31, 0xF0, 0x20,
+        0x06, 0x91, 0x76, 0x42, 0x3E, 0x69, 0x44, 0x49,
+        0x0C, 0xB3, 0x85, 0xE7, 0x0B, 0x35, 0x8A, 0x25,
+        0x34, 0x6B, 0xAF, 0xCD, 0xD0, 0x6D, 0x40, 0x2F,
+        0xF2, 0x4D, 0x6C, 0x1E, 0x5F, 0x61, 0xA8, 0x5D
     };
     static const byte kprime_512[KYBER_SS_SZ] = {
-        0x22, 0x4B, 0x9C, 0x05, 0x12, 0x13, 0xEF, 0x46,
-        0x54, 0x92, 0x43, 0x79, 0x65, 0x32, 0x28, 0x29,
-        0x73, 0xFA, 0x7C, 0xF9, 0x7E, 0x89, 0x13, 0xC3,
-        0x39, 0xC1, 0x94, 0x0A, 0xC1, 0x7E, 0x05, 0xE0
+        0xDF, 0x46, 0x2A, 0xD6, 0x8F, 0x1E, 0xC8, 0x97,
+        0x2E, 0xD9, 0xB0, 0x2D, 0x6D, 0xE0, 0x60, 0x4B,
+        0xDE, 0xC7, 0x57, 0x20, 0xE0, 0x50, 0x49, 0x73,
+        0x51, 0xE6, 0xEC, 0x93, 0x3E, 0x71, 0xF8, 0x82
     };
 #endif
 #ifndef WOLFSSL_NO_KYBER768
     static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = {
-        0x34, 0x56, 0x85, 0x9B, 0xF7, 0x07, 0xE6, 0x72,
-        0xAC, 0x71, 0x2B, 0x7E, 0x70, 0xF5, 0x42, 0x75,
-        0x74, 0x59, 0x75, 0x02, 0xB8, 0x1D, 0xE8, 0x93,
-        0x1C, 0x92, 0xA9, 0xC0, 0xD2, 0x2A, 0x8E, 0x17,
-        0x73, 0xCB, 0x87, 0x47, 0x22, 0x05, 0xA3, 0x1C,
-        0x32, 0x20, 0x6B, 0xA4, 0xBC, 0xF4, 0x22, 0x59,
-        0x53, 0x3C, 0xB3, 0xA1, 0x9C, 0x02, 0x00, 0x86,
-        0x02, 0x44, 0xA6, 0xC3, 0xF6, 0x92, 0x18, 0x45,
-        0xB0, 0xA0, 0x58, 0x50, 0x18, 0x7A, 0x43, 0x10,
-        0xB3, 0xD5, 0x22, 0x3A, 0xAA, 0xA0, 0xC7, 0x9B,
-        0x9B, 0xBC, 0xFC, 0xCB, 0x3F, 0x75, 0x12, 0x14,
-        0xEB, 0x0C, 0xFA, 0xC1, 0xA2, 0x9E, 0xD8, 0x84,
-        0x8A, 0x5A, 0x49, 0xBA, 0x84, 0xBA, 0x68, 0xE6,
-        0xB6, 0xF5, 0x05, 0x7D, 0x49, 0x31, 0x05, 0xFF,
-        0x38, 0xA9, 0xF4, 0x4B, 0x4E, 0x7F, 0x6C, 0xBE,
-        0x7D, 0x21, 0x64, 0x08, 0xF7, 0xB4, 0x86, 0x05,
-        0xB2, 0x70, 0xB2, 0x53, 0xB0, 0x01, 0xA5, 0x40,
-        0x1C, 0x0C, 0x91, 0x27, 0xCC, 0x18, 0x5B, 0x1B,
-        0x0C, 0xF9, 0x2B, 0x99, 0xFB, 0xA0, 0xD9, 0x5A,
-        0x29, 0x5F, 0x87, 0x35, 0x15, 0x52, 0x0C, 0x86,
-        0x32, 0x1B, 0x8C, 0x96, 0x6C, 0x83, 0x7A, 0xAB,
-        0x34, 0xB2, 0xBF, 0xFA, 0xB2, 0xA2, 0xA4, 0x30,
-        0x1B, 0x35, 0x6B, 0x26, 0xCD, 0xC4, 0x56, 0x38,
-        0x02, 0x90, 0x1B, 0x47, 0x62, 0xF2, 0x84, 0x28,
-        0x1A, 0x38, 0x2E, 0x5F, 0x76, 0x2B, 0xEF, 0x47,
-        0xB5, 0x19, 0xA8, 0x1A, 0x10, 0x86, 0x57, 0xEB,
-        0xE9, 0x62, 0xBE, 0x12, 0x0B, 0x5F, 0xB3, 0xB9,
-        0xED, 0x33, 0x8C, 0xCF, 0x47, 0xB3, 0xA0, 0x39,
-        0x52, 0xA1, 0x66, 0x33, 0xF6, 0xE6, 0xB5, 0x34,
-        0xE6, 0xB6, 0x3D, 0x05, 0x70, 0x6E, 0xFA, 0x0F,
-        0x94, 0xC0, 0x3A, 0x2B, 0x85, 0x6A, 0xE5, 0x51,
-        0x42, 0x2F, 0x90, 0x11, 0xF2, 0x58, 0x9A, 0x41,
-        0xB9, 0x6A, 0x2C, 0xD2, 0x13, 0xC6, 0x99, 0x9B,
-        0x09, 0xE9, 0x1F, 0xF4, 0x23, 0xCB, 0x10, 0x6A,
-        0x1A, 0x92, 0x0B, 0x84, 0xB8, 0x11, 0x46, 0x94,
-        0x97, 0x15, 0x42, 0x23, 0x98, 0x7F, 0x00, 0x5C,
-        0x72, 0xF8, 0xAF, 0x38, 0x8B, 0x09, 0x0C, 0x63,
-        0x9F, 0x8C, 0x77, 0x4F, 0xC5, 0xA2, 0x94, 0xC7,
-        0x4A, 0x21, 0x2C, 0x91, 0xA8, 0x6C, 0x32, 0x8A,
-        0xEB, 0xEA, 0x55, 0x8A, 0xB4, 0x3F, 0x8B, 0x87,
-        0x35, 0x34, 0xFA, 0x2E, 0xF9, 0xE6, 0x6C, 0xEF,
-        0x3C, 0x52, 0xCD, 0x47, 0x1A, 0xB7, 0x83, 0x75,
-        0xE7, 0x45, 0xB9, 0xD0, 0xAA, 0x65, 0xD2, 0x27,
-        0x8B, 0x92, 0x75, 0xAE, 0x53, 0x48, 0xB1, 0x6C,
-        0xF6, 0x2A, 0xC8, 0x06, 0x57, 0x34, 0xE4, 0xBD,
-        0x77, 0xB8, 0x0C, 0xCF, 0x89, 0x76, 0x05, 0xEB,
-        0x76, 0xF4, 0x85, 0xAF, 0x8A, 0x0B, 0x46, 0x65,
-        0x57, 0xA8, 0x3C, 0x02, 0x92, 0xCC, 0xF9, 0x03,
-        0xEE, 0x7A, 0xA5, 0x7C, 0x3B, 0x51, 0xAD, 0x66,
-        0x01, 0x89, 0xB8, 0x61, 0x39, 0xE3, 0x80, 0x42,
-        0x5B, 0x31, 0xA9, 0x26, 0x89, 0xDF, 0x24, 0x31,
-        0xBF, 0xA7, 0xB6, 0x9E, 0xAB, 0x17, 0x27, 0x45,
-        0x1B, 0x29, 0xDA, 0x8B, 0x8B, 0xF8, 0x51, 0xE1,
-        0xBC, 0x2D, 0x3A, 0x63, 0x13, 0x4C, 0xA9, 0x66,
-        0x3C, 0x57, 0xAE, 0xC6, 0x98, 0x5C, 0xEB, 0xD5,
-        0x6D, 0xB0, 0x44, 0x7B, 0x13, 0x6B, 0x01, 0x7A,
-        0x97, 0x47, 0x61, 0xC3, 0xC6, 0x7D, 0x33, 0x77,
-        0x2F, 0x99, 0x64, 0xE5, 0x43, 0x4D, 0x64, 0x35,
-        0x04, 0x33, 0x2A, 0x30, 0x27, 0x29, 0x4A, 0x07,
-        0x8C, 0x59, 0x9C, 0xB2, 0x91, 0x63, 0x10, 0x9C,
-        0xE3, 0xB5, 0x6C, 0xE6, 0x98, 0xB4, 0xD3, 0xF5,
-        0x9E, 0x29, 0x56, 0xA1, 0xF0, 0x3A, 0x4B, 0x95,
-        0x55, 0x93, 0xF2, 0xD2, 0x45, 0x7F, 0xFA, 0xAE,
-        0x96, 0x24, 0xA0, 0x71, 0x10, 0x45, 0xB3, 0xF5,
-        0x52, 0x92, 0xF2, 0x0C, 0xC9, 0xD0, 0xCD, 0x79,
-        0x1A, 0x21, 0x59, 0x7B, 0x0F, 0x2C, 0xD9, 0x80,
-        0xF3, 0x51, 0x0F, 0x0B, 0x02, 0x39, 0x02, 0x20,
-        0x00, 0xD7, 0x35, 0x58, 0x6E, 0xE6, 0xA7, 0x3F,
-        0x3A, 0x3D, 0xCB, 0xD6, 0xBD, 0x1A, 0x85, 0xC8,
-        0x65, 0x12, 0xAB, 0xF3, 0xC5, 0x1C, 0xE0, 0x0A,
-        0x03, 0x31, 0xF6, 0x53, 0x60, 0x46, 0x2C, 0x02,
-        0x23, 0x29, 0x59, 0x7A, 0x81, 0xC3, 0xF9, 0x2F,
-        0xC1, 0x79, 0x38, 0xC9, 0x13, 0x8F, 0x41, 0x11,
-        0x38, 0x79, 0x79, 0xC2, 0x8F, 0x03, 0x34, 0xF9,
-        0x01, 0x19, 0x22, 0x13, 0x74, 0xDA, 0xB0, 0x45,
-        0x92, 0x9B, 0x49, 0xE4, 0x3A, 0x96, 0x46, 0xA2,
-        0x43, 0xF4, 0x46, 0x4D, 0xAF, 0x81, 0x1A, 0xB0,
-        0x06, 0x30, 0xC7, 0x59, 0x61, 0xBC, 0xD4, 0xAF,
-        0x5D, 0x99, 0x11, 0x5A, 0x37, 0x49, 0x19, 0x1B,
-        0xA8, 0xFD, 0x41, 0xCE, 0x0B, 0x3C, 0x89, 0xA6,
-        0x95, 0xB4, 0xBB, 0x85, 0x06, 0x4F, 0xD3, 0xAF,
-        0x95, 0xC9, 0xB4, 0xAE, 0xE0, 0x9A, 0xC7, 0xB0,
-        0xCC, 0x69, 0xEC, 0xA3, 0x6A, 0x00, 0x4B, 0x6C,
-        0xD6, 0x62, 0xA6, 0xD3, 0x27, 0x95, 0x05, 0x3E,
-        0xF0, 0xA0, 0x3A, 0xDA, 0x3B, 0x98, 0xBF, 0xE3,
-        0xB4, 0x6A, 0x79, 0x72, 0x3E, 0x3A, 0x45, 0xAB,
-        0x3C, 0x31, 0x95, 0x06, 0x69, 0xAD, 0x77, 0x07,
-        0x20, 0x62, 0xCC, 0x3B, 0x50, 0x4D, 0xF1, 0x33,
-        0x4F, 0xD6, 0x90, 0x9E, 0xAC, 0x79, 0x15, 0xF1,
-        0xD5, 0xAD, 0x16, 0x63, 0x9F, 0x5F, 0xB5, 0x64,
-        0x41, 0x64, 0x54, 0x25, 0x91, 0x34, 0xD5, 0x65,
-        0x88, 0x2C, 0xB3, 0x81, 0xCB, 0xA5, 0x8B, 0x76,
-        0x88, 0x07, 0x67, 0xB5, 0x0A, 0xC1, 0xB8, 0x57,
-        0x95, 0xD7, 0x26, 0x84, 0x33, 0xB3, 0x71, 0x23,
-        0x0E, 0xD4, 0xC7, 0x2F, 0x99, 0xAB, 0x1A, 0xD1,
-        0xE5, 0x95, 0xA4, 0x59, 0xCF, 0x0A, 0x23, 0x34,
-        0xAA, 0x14, 0x63, 0xAD, 0xE4, 0xBD, 0xC9, 0x24,
-        0x96, 0x05, 0x38, 0x18, 0x57, 0xBB, 0x98, 0x09,
-        0x5B, 0x41, 0x13, 0x29, 0x46, 0xCA, 0x24, 0x57,
-        0xDF, 0xAA, 0x91, 0x49, 0x58, 0x2A, 0xA1, 0x99,
-        0x27, 0xB6, 0x36, 0x89, 0xE2, 0x92, 0x9A, 0xA4,
-        0x10, 0x27, 0xBE, 0xF4, 0x92, 0x19, 0x70, 0xBA,
-        0xD4, 0xA5, 0x54, 0x90, 0xD9, 0x1A, 0xBE, 0x25,
-        0x1D, 0xEF, 0x45, 0x52, 0xCA, 0x88, 0x03, 0x41,
-        0x06, 0xA0, 0x2C, 0xE4, 0xB0, 0x58, 0xF8, 0xB5,
-        0x96, 0x24, 0xB6, 0x7E, 0x06, 0x3B, 0xF1, 0x78,
-        0xB0, 0x15, 0xE4, 0x28, 0x1E, 0xB1, 0x14, 0xA2,
-        0xBC, 0x24, 0x54, 0x94, 0x3A, 0x4B, 0x46, 0x47,
-        0x12, 0x2C, 0x42, 0xCB, 0xEA, 0x4E, 0x94, 0x15,
-        0x4F, 0xD3, 0xE4, 0xB7, 0x91, 0xF6, 0x29, 0x0B,
-        0x78, 0x29, 0x94, 0x20, 0x68, 0x53, 0xD6, 0x70,
-        0x00, 0xA6, 0x33, 0xF3, 0x20, 0xA8, 0xA3, 0x74,
-        0xCA, 0x5D, 0x40, 0x38, 0xF9, 0xCA, 0x42, 0x44,
-        0xDC, 0xB0, 0x2E, 0x9A, 0x84, 0xE1, 0xF7, 0xC8,
-        0xA8, 0x21, 0x13, 0x2B, 0x32, 0xB9, 0xA8, 0x40,
-        0x55, 0x7B, 0x34, 0x78, 0x06, 0x65, 0x30, 0x17,
-        0x24, 0xBA, 0x26, 0x06, 0x68, 0x1D, 0x94, 0x5E,
-        0x34, 0xD7, 0xCF, 0x94, 0x1B, 0x89, 0x63, 0xCA,
-        0xA1, 0x00, 0x1A, 0x49, 0x1B, 0x8B, 0x2E, 0x43,
-        0x57, 0x0E, 0x9A, 0xB9, 0x5C, 0x0A, 0x57, 0xC5,
-        0x03, 0xF0, 0xAB, 0x96, 0x0B, 0x48, 0x56, 0xD0,
-        0x25, 0x15, 0x74, 0x71, 0x0F, 0xE5, 0xCB, 0x47,
-        0x42, 0x84, 0xFC, 0x10, 0x49, 0xAA, 0x2A, 0x7B,
-        0x03, 0x69, 0x4A, 0x1C, 0x76, 0x3E, 0x99, 0xDA,
-        0xC6, 0xAD, 0x0B, 0xA8, 0x03, 0x8B, 0x13, 0x8A,
-        0x64, 0x43, 0x2E, 0x34, 0x91, 0x16, 0xA0, 0x31,
-        0xE8, 0xC7, 0x92, 0x78, 0x17, 0x51, 0xBA, 0x47,
-        0x3C, 0xBD, 0xF5, 0x57, 0x20, 0x00, 0x5A, 0xBD,
-        0xAA, 0x13, 0xD5, 0x01, 0x82, 0xF0, 0xE6, 0x33,
-        0x77, 0x6B, 0xB0, 0x67, 0x5C, 0x40, 0x47, 0x2B,
-        0xAD, 0x1F, 0x96, 0x72, 0x76, 0x91, 0x83, 0xD0,
-        0xCC, 0xC8, 0x10, 0xBC, 0x25, 0xA8, 0x57, 0x32,
-        0x20, 0x56, 0x9F, 0x6A, 0xC4, 0xBA, 0xC2, 0x2A,
-        0x13, 0x54, 0xD8, 0xB3, 0x6C, 0x05, 0x80, 0xD0,
-        0xE5, 0x29, 0x9E, 0x62, 0x9C, 0x50, 0x6C, 0xC7,
-        0x65, 0x55, 0x46, 0xFF, 0x27, 0x81, 0x0C, 0x97,
-        0xB5, 0x1B, 0xA0, 0x56, 0xBB, 0xF8, 0x6E, 0xD9,
-        0xCB, 0x7C, 0x0A, 0x53, 0x7F, 0x72, 0xD0, 0xCF,
-        0x9A, 0xD2, 0xC2, 0x31, 0xE2, 0x9E, 0xBF, 0x55,
-        0x3F, 0x61, 0x3C, 0xBB, 0x15, 0xB3, 0x72, 0x1A,
-        0x20, 0x07, 0x7E, 0x50, 0x5F, 0xD3, 0x90, 0xCB,
-        0x19, 0xF6, 0x48, 0x8A, 0x10, 0x7D, 0xEE, 0x1C,
-        0xAC, 0x58, 0xAB, 0x70, 0x34, 0xBA, 0x69, 0x03,
-        0x00, 0x21, 0x95, 0x95, 0xB3, 0x69, 0x5C, 0x12,
-        0x34, 0xE8, 0xB5, 0x7E, 0x33, 0xC8, 0xD3, 0xA0,
-        0x48, 0x45, 0x4A, 0x61, 0x6D, 0xF3, 0xC9, 0xB5,
-        0x6A, 0x6F, 0xF2, 0x02, 0x6A, 0xF9, 0x97, 0x72,
-        0x5F, 0xC9, 0x55, 0x79, 0x04, 0x3B, 0xAE, 0x93,
-        0x99, 0xB6, 0x79, 0x0D, 0x63, 0x7B, 0x4F, 0xA8,
-        0x20, 0xB0, 0xB2, 0xD2, 0xCA, 0xB6, 0x07, 0xBA,
-        0xF6, 0xA3, 0x72, 0x73, 0x4C, 0x31, 0xEE, 0x00,
-        0x26, 0xF3, 0xC0, 0x76, 0xD1, 0x4A, 0x8E, 0x3E,
-        0xE6, 0x6A, 0xAD, 0x8B, 0xBB, 0xCC, 0xEB, 0x9D,
-        0xC7, 0x0C, 0x7B, 0x6B, 0xB0, 0xBB, 0x76, 0xC2,
-        0x00, 0xC2, 0x31, 0x60, 0x1C, 0xA0, 0x87, 0x3E,
-        0xC8, 0x71, 0x0F, 0x4B, 0x18, 0xD5, 0x72, 0x90,
-        0xB0, 0x33, 0x72, 0x7C, 0x60, 0x1E, 0xDB, 0x71,
-        0xC2, 0xB0, 0xF0, 0xC2, 0x1D, 0x55, 0x3E, 0x0E,
-        0x7A, 0x4F, 0x77, 0x71, 0x68, 0x39, 0xC7, 0xC8,
-        0x44, 0x8A, 0xBB, 0x9F, 0x66, 0xA5, 0x4E, 0x8A,
-        0x4B, 0x08, 0xA7, 0x9D, 0x9A, 0x39, 0x2C, 0xA1,
-        0x27, 0x00, 0x31, 0x38, 0x8B, 0xAD, 0x56, 0x21,
-        0x7E, 0x32, 0xAE, 0xF5, 0x54, 0x11, 0x97, 0x49,
-        0x06, 0xA2, 0x45, 0xC0, 0x07, 0x12, 0xB3, 0xCB,
-        0xB1, 0x17, 0x06, 0x85, 0x19, 0x3F, 0xE2, 0x5A,
-        0xCD, 0x7A, 0xC1, 0x3D, 0x32, 0x07, 0x3F, 0x38,
-        0x79, 0xA5, 0xD7, 0x83, 0x75, 0xF0, 0x05, 0x2C,
-        0xF7, 0x91, 0x75, 0xBA, 0xB4, 0x6D, 0x22, 0x37,
-        0x05, 0x97, 0xBD, 0x06, 0x78, 0x9E, 0xDD, 0x07,
-        0x11, 0xCC, 0x42, 0x43, 0x50, 0x7A, 0x02, 0xB4,
-        0xFA, 0xAD, 0xBB, 0x62, 0x25, 0x0C, 0xC9, 0x97,
-        0xAE, 0x03, 0x27, 0xAE, 0xB0, 0x0D, 0xEB, 0x52,
-        0x91, 0x92, 0xA6, 0x4B, 0x10, 0x96, 0xA8, 0x6B,
-        0x19, 0x67, 0x4D, 0x0B, 0x0A, 0xF0, 0x5C, 0x4A,
-        0xAE, 0x17, 0x8C, 0x2C, 0x9A, 0x64, 0x42, 0xE9,
-        0x4E, 0xD0, 0xA5, 0x60, 0x33, 0xA1, 0x1E, 0xE4,
-        0x26, 0x32, 0xC0, 0xB4, 0xAA, 0x51, 0xD4, 0x21,
-        0x50, 0x79, 0x0F, 0x41, 0x06, 0x2B, 0x77, 0x25,
-        0x3C, 0x25, 0xBA, 0x4D, 0xE5, 0x59, 0x76, 0x1F,
-        0x0A, 0x90, 0x06, 0x83, 0x89, 0x72, 0x8B, 0xC9,
-        0x77, 0xF7, 0x0C, 0xF7, 0xBC, 0xCF, 0xBD, 0x88,
-        0x3D, 0xF1, 0x3C, 0x79, 0xF5, 0xF2, 0xC3, 0x43,
-        0x12, 0xCB, 0x1D, 0x5A, 0x55, 0xD7, 0x8C, 0x1B,
-        0x24, 0x20, 0x96, 0xA8, 0xC0, 0x59, 0x3C, 0xFB,
-        0x27, 0x53, 0x46, 0x0B, 0xD3, 0x0A, 0xBA, 0x30,
-        0x6C, 0x74, 0x17, 0x39, 0x95, 0x74, 0x83, 0x85,
-        0xD0, 0x0B, 0x36, 0x70, 0xE6, 0x13, 0x24, 0xD8,
-        0x7D, 0xE8, 0xA1, 0x44, 0x50, 0xDC, 0x49, 0x37,
-        0x68, 0x77, 0x7F, 0xF0, 0xCE, 0x68, 0x10, 0x93,
-        0x7A, 0x71, 0x12, 0x29, 0x56, 0x1A, 0x5E, 0xF2,
-        0xBB, 0x69, 0x86, 0x10, 0x74, 0xE0, 0x0B, 0xD9,
-        0x32, 0x66, 0xE4, 0xB8, 0x62, 0x69, 0xE1, 0x8E,
-        0xEA, 0x2C, 0xAA, 0xCB, 0x60, 0xA1, 0x35, 0x86,
-        0x36, 0xCD, 0x7A, 0x7C, 0xA6, 0xBB, 0x68, 0x21,
-        0x30, 0x24, 0x17, 0x84, 0xB1, 0x01, 0xEA, 0x5B,
-        0xFD, 0x6C, 0x3A, 0x07, 0x15, 0x86, 0x21, 0x61,
-        0x47, 0x36, 0xF6, 0x99, 0x6D, 0x5A, 0x4E, 0x14,
-        0x96, 0x3A, 0x12, 0xD8, 0x36, 0xE5, 0x33, 0xA0,
-        0xC8, 0x91, 0x2D, 0xB7, 0xE1, 0x16, 0x85, 0xA4,
-        0xA5, 0x3D, 0x82, 0x85, 0xF0, 0x87, 0x50, 0xDF,
-        0xF6, 0x6D, 0xA2, 0x7C, 0x23, 0xB9, 0x75, 0x42,
-        0xDE, 0xFB, 0x99, 0xE4, 0x70, 0xAC, 0xD5, 0xE6,
-        0x47, 0xC9, 0x40, 0xCB, 0x57, 0x30, 0x1B, 0x43,
-        0xCC, 0x3E, 0x68, 0xE6, 0x4E, 0x28, 0xB0, 0x67,
-        0x70, 0x69, 0x5E, 0xF6, 0x09, 0x26, 0x5E, 0x06,
-        0xC6, 0x0F, 0x22, 0xCB, 0x87, 0x58, 0x49, 0xE6,
-        0x2B, 0xAB, 0x88, 0xCC, 0x10, 0xEC, 0xF6, 0x22,
-        0xC3, 0x79, 0xCB, 0x54, 0xF1, 0x3D, 0x8B, 0x2B,
-        0xAC, 0x90, 0x2B, 0x9A, 0xB0, 0x2B, 0xB3, 0x30,
-        0xB4, 0x5A, 0xC8, 0xB7, 0x41, 0xC2, 0x64, 0x7A,
-        0xC4, 0x5B, 0x5B, 0xF4, 0x8A, 0x6D, 0x3F, 0xE0,
-        0x39, 0x98, 0x6C, 0xC9, 0x40, 0xC6, 0x0A, 0x94,
-        0xE6, 0x6C, 0xF6, 0x44, 0x53, 0x10, 0x16, 0xA5,
-        0x27, 0x24, 0x50, 0x82, 0x43, 0x14, 0xB5, 0x66,
-        0x2A, 0x0A, 0x90, 0x9A, 0xBF, 0xB4, 0x6F, 0xD2,
-        0x7B, 0xAE, 0xD3, 0xAB, 0xA8, 0x25, 0x93, 0x61,
-        0x59, 0x68, 0x82, 0xB0, 0x8B, 0x2A, 0xC7, 0x23,
-        0x39, 0x30, 0xFC, 0x37, 0x86, 0x73, 0x8E, 0xD2,
-        0xF8, 0x1E, 0xE6, 0x38, 0xC4, 0x5C, 0x3B, 0x9C,
-        0xFD, 0x19, 0x51, 0xDB, 0x5B, 0xCC, 0x14, 0x45,
-        0xC2, 0xC1, 0x62, 0x5D, 0x57, 0xD5, 0x7B, 0x53,
-        0x90, 0x4B, 0x6A, 0x1A, 0xB6, 0x81, 0x58, 0x07,
-        0x55, 0xE8, 0x9F, 0xA7, 0x97, 0x75, 0xA6, 0x57,
-        0xCD, 0x62, 0xB4, 0x42, 0x63, 0x04, 0xBC, 0x0C,
-        0x71, 0x1E, 0x28, 0x07, 0xA2, 0xC9, 0xE8, 0x52,
-        0xD4, 0xB4, 0x35, 0x9E, 0xE6, 0xB5, 0x3E, 0x46,
-        0x75, 0xF5, 0x23, 0xC9, 0x07, 0x82, 0x57, 0x2D,
-        0xC7, 0x36, 0x8F, 0xB4, 0x00, 0xC3, 0x28, 0xC7,
-        0x0F, 0xC8, 0x46, 0xB5, 0xE9, 0x8A, 0x43, 0x30,
-        0xBB, 0xB6, 0x27, 0xBD, 0xD7, 0x84, 0xB4, 0xDA,
-        0xF0, 0xB1, 0xF6, 0x45, 0x94, 0x49, 0x42, 0xB4,
-        0xC2, 0xB6, 0x22, 0x5C, 0x8B, 0x31, 0xE9, 0x89,
-        0x54, 0x55, 0x22, 0xBA, 0x6F, 0x10, 0x39, 0x60,
-        0x34, 0xCB, 0x1C, 0xA7, 0x45, 0x97, 0x78, 0x44,
-        0xD5, 0x70, 0x89, 0x4C, 0x61, 0x1A, 0x56, 0x08,
-        0xA7, 0x57, 0x41, 0x6D, 0x6D, 0xE5, 0x99, 0x63,
-        0xC3, 0x27, 0x98, 0xC4, 0x93, 0xEF, 0xD2, 0x26,
-        0x4C, 0x23, 0x19, 0x10, 0xE9, 0xA3, 0x00, 0x90,
-        0xCA, 0x7B, 0x53, 0x84, 0xF2, 0x31, 0xB8, 0x9B,
-        0xA6, 0x8A, 0x23, 0x81, 0x90, 0xEF, 0x1A, 0x2A,
-        0x43, 0xCB, 0x01, 0x70, 0x34, 0x70, 0xA0, 0xF0,
-        0x61, 0xA7, 0x07, 0x38, 0x94, 0x4B, 0xCD, 0x9B,
-        0x70, 0x04, 0xF2, 0x47, 0x97, 0xAE, 0xCB, 0x88,
-        0xB1, 0x09, 0x1C, 0xFE, 0xD0, 0x59, 0x0B, 0x04,
-        0x15, 0x45, 0x3C, 0x39, 0xB6, 0xEC, 0x45, 0xB6,
-        0x63, 0x05, 0xFA, 0xEA, 0x6B, 0x55, 0xA4, 0xB7,
-        0x96, 0x75, 0x05, 0xFE, 0x38, 0x62, 0xA2, 0x67,
-        0xAD, 0xBF, 0xE0, 0x5B, 0x91, 0x81, 0xA0, 0x65,
-        0x01, 0x89, 0x33, 0x91, 0x65, 0x0E, 0xAA, 0xA4,
-        0xA6, 0xD1, 0x68, 0x53, 0x34, 0x92, 0x76, 0xF9,
-        0x8E, 0x0F, 0x44, 0xCD, 0x72, 0x66, 0x15, 0xC6,
-        0x1C, 0x16, 0x71, 0x30, 0x94, 0xD8, 0xAB, 0x09,
-        0x3C, 0xAC, 0x71, 0xF2, 0x80, 0x3E, 0x7D, 0x39,
-        0x10, 0x9E, 0xF5, 0x00, 0x9C, 0x9C, 0x2C, 0xDA,
-        0xF7, 0xB7, 0xA6, 0xB3, 0x7A, 0x33, 0xA4, 0x98,
-        0x81, 0xF4, 0xBB, 0x5D, 0x72, 0x45, 0xA1, 0x4C,
-        0x50, 0x42, 0x28, 0x0C, 0x76, 0xA8, 0x4E, 0x63,
-        0xF4, 0x9D, 0x0D, 0x61, 0x9D, 0x46, 0xD7, 0x23,
-        0xBA, 0xA7, 0x47, 0xA3, 0xBA, 0x90, 0xA6, 0xFB,
-        0x63, 0x7A, 0x9A, 0x1D, 0xC0, 0x22, 0x68, 0xFD,
-        0x5C, 0x04, 0x3D, 0x18, 0xCB, 0xA1, 0x52, 0x8A,
-        0xC8, 0xE2, 0x25, 0xC1, 0xF9, 0x23, 0xD1, 0xCC,
-        0x84, 0xF2, 0xE7, 0x8E, 0x25, 0xDC, 0x3C, 0xCE,
-        0x93, 0x53, 0xC9, 0xDA, 0xC2, 0xAD, 0x72, 0x6A,
-        0x79, 0xF6, 0x49, 0x40, 0x80, 0x1D, 0xD5, 0x70,
-        0x1E, 0xFB, 0xDC, 0xB8, 0x0A, 0x98, 0xA2, 0x59,
-        0x93, 0xCD, 0x7F, 0x80, 0x59, 0x13, 0x20, 0xB6,
-        0x31, 0x72, 0x71, 0x86, 0x47, 0xB9, 0x76, 0xA9,
-        0x8A, 0x77, 0x16, 0x86, 0xF0, 0x12, 0x0A, 0x05,
-        0x3B, 0x0C, 0x44, 0x74, 0x60, 0x43, 0x05, 0x89,
-        0x0F, 0xEC, 0xAF, 0x23, 0x47, 0x5D, 0xDC, 0xC1,
-        0x1B, 0xC0, 0x8A, 0x9C, 0x5F, 0x59, 0x2A, 0xBB,
-        0x1A, 0x15, 0x3D, 0xB1, 0xB8, 0x83, 0xC0, 0x50,
-        0x7E, 0xB6, 0x8F, 0x78, 0xE0, 0xA1, 0x4D, 0xEB,
-        0xBF, 0xEE, 0xC6, 0x21, 0xE1, 0x0A, 0x69, 0xB6,
-        0xDA, 0xAF, 0xAA, 0x91, 0x6B, 0x53, 0x95, 0x33,
-        0xE5, 0x08, 0x00, 0x7C, 0x41, 0x88, 0xCE, 0x05,
-        0xC8, 0x62, 0xD1, 0x01, 0xD4, 0xDB, 0x1D, 0xF3,
-        0xC4, 0x50, 0x2B, 0x8C, 0x8A, 0xE1, 0x45, 0x74,
-        0x88, 0xA3, 0x6E, 0xAD, 0x26, 0x65, 0xBF, 0xAC,
-        0xB3, 0x21, 0x76, 0x02, 0x81, 0xDB, 0x9C, 0xA7,
-        0x2C, 0x76, 0x14, 0x36, 0x34, 0x04, 0xA0, 0xA8,
-        0xEA, 0xBC, 0x05, 0x8A, 0x23, 0xA3, 0x46, 0x87,
-        0x5F, 0xA9, 0x6B, 0xB1, 0x8A, 0xC2, 0xCC, 0xF0,
-        0x93, 0xB8, 0xA8, 0x55, 0x67, 0x38, 0x11, 0xCE,
-        0xD4, 0x7C, 0xBE, 0x1E, 0xE8, 0x1D, 0x2C, 0xF0,
-        0x7E, 0x43, 0xFC, 0x48, 0x72, 0x09, 0x08, 0x53,
-        0x74, 0x31, 0x08, 0x86, 0x5F, 0x02, 0xC5, 0x61,
-        0x2A, 0xA8, 0x71, 0x66, 0x70, 0x7E, 0xE9, 0x0F,
-        0xFD, 0x5B, 0x80, 0x21, 0xF0, 0xAA, 0x01, 0x6E,
-        0x5D, 0xBC, 0xD9, 0x1F, 0x57, 0xB3, 0x56, 0x2D,
-        0x3A, 0x2B, 0xCF, 0xA2, 0x0A, 0x4C, 0x03, 0x01,
-        0x0B, 0x8A, 0xA1, 0x44, 0xE6, 0x48, 0x28, 0x04,
-        0xB4, 0x74, 0xFE, 0xC1, 0xF5, 0xE1, 0x38, 0xBE,
-        0x63, 0x2A, 0x3B, 0x9C, 0x82, 0x48, 0x3D, 0xC6,
-        0x89, 0x0A, 0x13, 0xB1, 0xE8, 0xEE, 0x6A, 0xF7,
-        0x14, 0xEC, 0x5E, 0xFA, 0xC3, 0xB1, 0x97, 0x6B,
-        0x29, 0xDA, 0xDB, 0x60, 0x5B, 0x14, 0xD3, 0x73,
-        0x2B, 0x5D, 0xE1, 0x18, 0x59, 0x65, 0x16, 0x85,
-        0x81, 0x17, 0xE2, 0x63, 0x4C, 0x4E, 0xA0, 0xCC
+        0x1E, 0x4A, 0xC8, 0x7B, 0x1A, 0x69, 0x2A, 0x52,
+        0x9F, 0xDB, 0xBA, 0xB9, 0x33, 0x74, 0xC5, 0x7D,
+        0x11, 0x0B, 0x10, 0xF2, 0xB1, 0xDD, 0xEB, 0xAC,
+        0x0D, 0x19, 0x6B, 0x7B, 0xA6, 0x31, 0xB8, 0xE9,
+        0x29, 0x30, 0x28, 0xA8, 0xF3, 0x79, 0x88, 0x8C,
+        0x42, 0x2D, 0xC8, 0xD3, 0x2B, 0xBF, 0x22, 0x60,
+        0x10, 0xC2, 0xC1, 0xEC, 0x73, 0x18, 0x90, 0x80,
+        0x45, 0x6B, 0x05, 0x64, 0xB2, 0x58, 0xB0, 0xF2,
+        0x31, 0x31, 0xBC, 0x79, 0xC8, 0xE8, 0xC1, 0x1C,
+        0xEF, 0x39, 0x38, 0xB2, 0x43, 0xC5, 0xCE, 0x9C,
+        0x0E, 0xDD, 0x37, 0xC8, 0xF9, 0xD2, 0x98, 0x77,
+        0xDB, 0xBB, 0x61, 0x5B, 0x9B, 0x5A, 0xC3, 0xC9,
+        0x48, 0x48, 0x7E, 0x46, 0x71, 0x96, 0xA9, 0x14,
+        0x3E, 0xFB, 0xC7, 0xCE, 0xDB, 0x64, 0xB4, 0x5D,
+        0x4A, 0xCD, 0xA2, 0x66, 0x6C, 0xBC, 0x28, 0x04,
+        0xF2, 0xC8, 0x66, 0x2E, 0x12, 0x8F, 0x6A, 0x99,
+        0x69, 0xEC, 0x15, 0xBC, 0x0B, 0x93, 0x51, 0xF6,
+        0xF9, 0x63, 0x46, 0xAA, 0x7A, 0xBC, 0x74, 0x3A,
+        0x14, 0xFA, 0x03, 0x0E, 0x37, 0xA2, 0xE7, 0x59,
+        0x7B, 0xDD, 0xFC, 0x5A, 0x22, 0xF9, 0xCE, 0xDA,
+        0xF8, 0x61, 0x48, 0x32, 0x52, 0x72, 0x10, 0xB2,
+        0x6F, 0x02, 0x4C, 0x7F, 0x6C, 0x0D, 0xCF, 0x55,
+        0x1E, 0x97, 0xA4, 0x85, 0x87, 0x64, 0xC3, 0x21,
+        0xD1, 0x83, 0x4A, 0xD5, 0x1D, 0x75, 0xBB, 0x24,
+        0x6D, 0x27, 0x72, 0x37, 0xB7, 0xBD, 0x41, 0xDC,
+        0x43, 0x62, 0xD0, 0x63, 0xF4, 0x29, 0x82, 0x92,
+        0x27, 0x2D, 0x01, 0x01, 0x17, 0x80, 0xB7, 0x98,
+        0x56, 0xB2, 0x96, 0xC4, 0xE9, 0x46, 0x65, 0x8B,
+        0x79, 0x60, 0x31, 0x97, 0xC9, 0xB2, 0xA9, 0x9E,
+        0xC6, 0x6A, 0xCB, 0x06, 0xCE, 0x2F, 0x69, 0xB5,
+        0xA5, 0xA6, 0x1E, 0x9B, 0xD0, 0x6A, 0xD4, 0x43,
+        0xCE, 0xB0, 0xC7, 0x4E, 0xD6, 0x53, 0x45, 0xA9,
+        0x03, 0xB6, 0x14, 0xE8, 0x13, 0x68, 0xAA, 0xC2,
+        0xB3, 0xD2, 0xA7, 0x9C, 0xA8, 0xCC, 0xAA, 0x1C,
+        0x3B, 0x88, 0xFB, 0x82, 0xA3, 0x66, 0x32, 0x86,
+        0x0B, 0x3F, 0x79, 0x50, 0x83, 0x3F, 0xD0, 0x21,
+        0x2E, 0xC9, 0x6E, 0xDE, 0x4A, 0xB6, 0xF5, 0xA0,
+        0xBD, 0xA3, 0xEC, 0x60, 0x60, 0xA6, 0x58, 0xF9,
+        0x45, 0x7F, 0x6C, 0xC8, 0x7C, 0x6B, 0x62, 0x0C,
+        0x1A, 0x14, 0x51, 0x98, 0x74, 0x86, 0xE4, 0x96,
+        0x61, 0x2A, 0x10, 0x1D, 0x0E, 0x9C, 0x20, 0x57,
+        0x7C, 0x57, 0x1E, 0xDB, 0x52, 0x82, 0x60, 0x8B,
+        0xF4, 0xE1, 0xAC, 0x92, 0x6C, 0x0D, 0xB1, 0xC8,
+        0x2A, 0x50, 0x4A, 0x79, 0x9D, 0x89, 0x88, 0x5C,
+        0xA6, 0x25, 0x2B, 0xD5, 0xB1, 0xC1, 0x83, 0xAF,
+        0x70, 0x13, 0x92, 0xA4, 0x07, 0xC0, 0x5B, 0x84,
+        0x8C, 0x2A, 0x30, 0x16, 0xC4, 0x06, 0x13, 0xF0,
+        0x2A, 0x44, 0x9B, 0x3C, 0x79, 0x26, 0xDA, 0x06,
+        0x7A, 0x53, 0x31, 0x16, 0x50, 0x68, 0x40, 0x09,
+        0x75, 0x10, 0x46, 0x0B, 0xBF, 0xD3, 0x60, 0x73,
+        0xDC, 0xB0, 0xBF, 0xA0, 0x09, 0xB3, 0x6A, 0x91,
+        0x23, 0xEA, 0xA6, 0x8F, 0x83, 0x5F, 0x74, 0xA0,
+        0x1B, 0x00, 0xD2, 0x09, 0x78, 0x35, 0x96, 0x4D,
+        0xF5, 0x21, 0xCE, 0x92, 0x10, 0x78, 0x9C, 0x30,
+        0xB7, 0xF0, 0x6E, 0x58, 0x44, 0xB4, 0x44, 0xC5,
+        0x33, 0x22, 0x39, 0x6E, 0x47, 0x99, 0xBA, 0xF6,
+        0xA8, 0x8A, 0xF7, 0x31, 0x58, 0x60, 0xD0, 0x19,
+        0x2D, 0x48, 0xC2, 0xC0, 0xDA, 0x6B, 0x5B, 0xA6,
+        0x43, 0x25, 0x54, 0x3A, 0xCD, 0xF5, 0x90, 0x0E,
+        0x8B, 0xC4, 0x77, 0xAB, 0x05, 0x82, 0x00, 0x72,
+        0xD4, 0x63, 0xAF, 0xFE, 0xD0, 0x97, 0xE0, 0x62,
+        0xBD, 0x78, 0xC9, 0x9D, 0x12, 0xB3, 0x85, 0x13,
+        0x1A, 0x24, 0x1B, 0x70, 0x88, 0x65, 0xB4, 0x19,
+        0x0A, 0xF6, 0x9E, 0xA0, 0xA6, 0x4D, 0xB7, 0x14,
+        0x48, 0xA6, 0x08, 0x29, 0x36, 0x9C, 0x75, 0x55,
+        0x19, 0x8E, 0x43, 0x8C, 0x9A, 0xBC, 0x31, 0x0B,
+        0xC7, 0x01, 0x01, 0x91, 0x3B, 0xB1, 0x2F, 0xAA,
+        0x5B, 0xEE, 0xF9, 0x75, 0x84, 0x16, 0x17, 0xC8,
+        0x47, 0xCD, 0x6B, 0x33, 0x6F, 0x87, 0x79, 0x87,
+        0x75, 0x38, 0x22, 0x02, 0x0B, 0x92, 0xC4, 0xCC,
+        0x97, 0x05, 0x5C, 0x9B, 0x1E, 0x0B, 0x12, 0x8B,
+        0xF1, 0x1F, 0x50, 0x50, 0x05, 0xB6, 0xAB, 0x0E,
+        0x62, 0x77, 0x95, 0xA2, 0x06, 0x09, 0xEF, 0xA9,
+        0x91, 0xE5, 0x98, 0xB8, 0x0F, 0x37, 0xB1, 0xC6,
+        0xA1, 0xC3, 0xA1, 0xE9, 0xAE, 0xE7, 0x02, 0x8F,
+        0x77, 0x57, 0x0A, 0xB2, 0x13, 0x91, 0x28, 0xA0,
+        0x01, 0x08, 0xC5, 0x0E, 0xB3, 0x05, 0xCD, 0xB8,
+        0xF9, 0xA6, 0x03, 0xA6, 0xB0, 0x78, 0x41, 0x3F,
+        0x6F, 0x9B, 0x14, 0xC6, 0xD8, 0x2B, 0x51, 0x99,
+        0xCE, 0x59, 0xD8, 0x87, 0x90, 0x2A, 0x28, 0x1A,
+        0x02, 0x7B, 0x71, 0x74, 0x95, 0xFE, 0x12, 0x67,
+        0x2A, 0x12, 0x7B, 0xBF, 0x9B, 0x25, 0x6C, 0x43,
+        0x72, 0x0D, 0x7C, 0x16, 0x0B, 0x28, 0x1C, 0x12,
+        0x75, 0x7D, 0xA1, 0x35, 0xB1, 0x93, 0x33, 0x52,
+        0xBE, 0x4A, 0xB6, 0x7E, 0x40, 0x24, 0x8A, 0xFC,
+        0x31, 0x8E, 0x23, 0x70, 0xC3, 0xB8, 0x20, 0x8E,
+        0x69, 0x5B, 0xDF, 0x33, 0x74, 0x59, 0xB9, 0xAC,
+        0xBF, 0xE5, 0xB4, 0x87, 0xF7, 0x6E, 0x9B, 0x4B,
+        0x40, 0x01, 0xD6, 0xCF, 0x90, 0xCA, 0x8C, 0x69,
+        0x9A, 0x17, 0x4D, 0x42, 0x97, 0x2D, 0xC7, 0x33,
+        0xF3, 0x33, 0x89, 0xFD, 0xF5, 0x9A, 0x1D, 0xAB,
+        0xA8, 0x1D, 0x83, 0x49, 0x55, 0x02, 0x73, 0x34,
+        0x18, 0x5A, 0xD0, 0x2C, 0x76, 0xCF, 0x29, 0x48,
+        0x46, 0xCA, 0x92, 0x94, 0xBA, 0x0E, 0xD6, 0x67,
+        0x41, 0xDD, 0xEC, 0x79, 0x1C, 0xAB, 0x34, 0x19,
+        0x6A, 0xC5, 0x65, 0x7C, 0x5A, 0x78, 0x32, 0x1B,
+        0x56, 0xC3, 0x33, 0x06, 0xB5, 0x10, 0x23, 0x97,
+        0xA5, 0xC0, 0x9C, 0x35, 0x08, 0xF7, 0x6B, 0x48,
+        0x28, 0x24, 0x59, 0xF8, 0x1D, 0x0C, 0x72, 0xA4,
+        0x3F, 0x73, 0x7B, 0xC2, 0xF1, 0x2F, 0x45, 0x42,
+        0x26, 0x28, 0xB6, 0x7D, 0xB5, 0x1A, 0xC1, 0x42,
+        0x42, 0x76, 0xA6, 0xC0, 0x8C, 0x3F, 0x76, 0x15,
+        0x66, 0x5B, 0xBB, 0x8E, 0x92, 0x81, 0x48, 0xA2,
+        0x70, 0xF9, 0x91, 0xBC, 0xF3, 0x65, 0xA9, 0x0F,
+        0x87, 0xC3, 0x06, 0x87, 0xB6, 0x88, 0x09, 0xC9,
+        0x1F, 0x23, 0x18, 0x13, 0xB8, 0x66, 0xBE, 0xA8,
+        0x2E, 0x30, 0x37, 0x4D, 0x80, 0xAA, 0x0C, 0x02,
+        0x97, 0x34, 0x37, 0x49, 0x8A, 0x53, 0xB1, 0x4B,
+        0xF6, 0xB6, 0xCA, 0x1E, 0xD7, 0x6A, 0xB8, 0xA2,
+        0x0D, 0x54, 0xA0, 0x83, 0xF4, 0xA2, 0x6B, 0x7C,
+        0x03, 0x8D, 0x81, 0x96, 0x76, 0x40, 0xC2, 0x0B,
+        0xF4, 0x43, 0x1E, 0x71, 0xDA, 0xCC, 0xE8, 0x57,
+        0x7B, 0x21, 0x24, 0x0E, 0x49, 0x4C, 0x31, 0xF2,
+        0xD8, 0x77, 0xDA, 0xF4, 0x92, 0x4F, 0xD3, 0x9D,
+        0x82, 0xD6, 0x16, 0x7F, 0xBC, 0xC1, 0xF9, 0xC5,
+        0xA2, 0x59, 0xF8, 0x43, 0xE3, 0x09, 0x87, 0xCC,
+        0xC4, 0xBC, 0xE7, 0x49, 0x3A, 0x24, 0x04, 0xB5,
+        0xE4, 0x43, 0x87, 0xF7, 0x07, 0x42, 0x57, 0x81,
+        0xB7, 0x43, 0xFB, 0x55, 0x56, 0x85, 0x58, 0x4E,
+        0x25, 0x57, 0xCC, 0x03, 0x8B, 0x1A, 0x9B, 0x3F,
+        0x40, 0x43, 0x12, 0x1F, 0x54, 0x72, 0xEB, 0x2B,
+        0x96, 0xE5, 0x94, 0x1F, 0xEC, 0x01, 0x1C, 0xEE,
+        0xA5, 0x07, 0x91, 0x63, 0x6C, 0x6A, 0xBC, 0x26,
+        0xC1, 0x37, 0x7E, 0xE3, 0xB5, 0x14, 0x6F, 0xC7,
+        0xC8, 0x5C, 0xB3, 0x35, 0xB1, 0xE7, 0x95, 0xEE,
+        0xC2, 0x03, 0x3E, 0xE4, 0x4B, 0x9A, 0xA9, 0x06,
+        0x85, 0x24, 0x5E, 0xF7, 0xB4, 0x43, 0x6C, 0x00,
+        0x0E, 0x66, 0xBC, 0x8B, 0xCB, 0xF1, 0xCD, 0xB8,
+        0x03, 0xAC, 0x14, 0x21, 0xB1, 0xFD, 0xB2, 0x66,
+        0xD5, 0x29, 0x1C, 0x83, 0x10, 0x37, 0x3A, 0x8A,
+        0x3C, 0xE9, 0x56, 0x2A, 0xB1, 0x97, 0x95, 0x38,
+        0x71, 0xAB, 0x99, 0xF3, 0x82, 0xCC, 0x5A, 0xA9,
+        0xC0, 0xF2, 0x73, 0xD1, 0xDC, 0xA5, 0x5D, 0x27,
+        0x12, 0x85, 0x38, 0x71, 0xE1, 0xA8, 0x3C, 0xB3,
+        0xB8, 0x54, 0x50, 0xF7, 0x6D, 0x3F, 0x3C, 0x42,
+        0xBA, 0xB5, 0x50, 0x5F, 0x72, 0x12, 0xFD, 0xB6,
+        0xB8, 0xB7, 0xF6, 0x02, 0x99, 0x72, 0xA8, 0xF3,
+        0x75, 0x1E, 0x4C, 0x94, 0xC1, 0x10, 0x8B, 0x02,
+        0xD6, 0xAC, 0x79, 0xF8, 0xD9, 0x38, 0xF0, 0x5A,
+        0x1B, 0x2C, 0x22, 0x9B, 0x14, 0xB4, 0x2B, 0x31,
+        0xB0, 0x1A, 0x36, 0x40, 0x17, 0xE5, 0x95, 0x78,
+        0xC6, 0xB0, 0x33, 0x83, 0x37, 0x74, 0xCB, 0x9B,
+        0x57, 0x0F, 0x90, 0x86, 0xB7, 0x22, 0x90, 0x3B,
+        0x37, 0x54, 0x46, 0xB4, 0x95, 0xD8, 0xA2, 0x9B,
+        0xF8, 0x07, 0x51, 0x87, 0x7A, 0x80, 0xFB, 0x72,
+        0x4A, 0x02, 0x10, 0xC3, 0xE1, 0x69, 0x2F, 0x39,
+        0x7C, 0x2F, 0x1D, 0xDC, 0x2E, 0x6B, 0xA1, 0x7A,
+        0xF8, 0x1B, 0x92, 0xAC, 0xFA, 0xBE, 0xF5, 0xF7,
+        0x57, 0x3C, 0xB4, 0x93, 0xD1, 0x84, 0x02, 0x7B,
+        0x71, 0x82, 0x38, 0xC8, 0x9A, 0x35, 0x49, 0xB8,
+        0x90, 0x5B, 0x28, 0xA8, 0x33, 0x62, 0x86, 0x7C,
+        0x08, 0x2D, 0x30, 0x19, 0xD3, 0xCA, 0x70, 0x70,
+        0x07, 0x31, 0xCE, 0xB7, 0x3E, 0x84, 0x72, 0xC1,
+        0xA3, 0xA0, 0x93, 0x36, 0x1C, 0x5F, 0xEA, 0x6A,
+        0x7D, 0x40, 0x95, 0x5D, 0x07, 0xA4, 0x1B, 0x64,
+        0xE5, 0x00, 0x81, 0xA3, 0x61, 0xB6, 0x04, 0xCC,
+        0x51, 0x84, 0x47, 0xC8, 0xE2, 0x57, 0x65, 0xAB,
+        0x7D, 0x68, 0xB2, 0x43, 0x27, 0x52, 0x07, 0xAF,
+        0x8C, 0xA6, 0x56, 0x4A, 0x4C, 0xB1, 0xE9, 0x41,
+        0x99, 0xDB, 0xA1, 0x87, 0x8C, 0x59, 0xBE, 0xC8,
+        0x09, 0xAB, 0x48, 0xB2, 0xF2, 0x11, 0xBA, 0xDC,
+        0x6A, 0x19, 0x98, 0xD9, 0xC7, 0x22, 0x7C, 0x13,
+        0x03, 0xF4, 0x69, 0xD4, 0x6A, 0x9C, 0x7E, 0x53,
+        0x03, 0xF9, 0x8A, 0xBA, 0x67, 0x56, 0x9A, 0xE8,
+        0x22, 0x7C, 0x16, 0xBA, 0x1F, 0xB3, 0x24, 0x44,
+        0x66, 0xA2, 0x5E, 0x7F, 0x82, 0x36, 0x71, 0x81,
+        0x0C, 0xC2, 0x62, 0x06, 0xFE, 0xB2, 0x9C, 0x7E,
+        0x2A, 0x1A, 0x91, 0x95, 0x9E, 0xEB, 0x03, 0xA9,
+        0x82, 0x52, 0xA4, 0xF7, 0x41, 0x26, 0x74, 0xEB,
+        0x9A, 0x4B, 0x27, 0x7E, 0x1F, 0x25, 0x95, 0xFC,
+        0xA6, 0x40, 0x33, 0xB4, 0x1B, 0x40, 0x33, 0x08,
+        0x12, 0xE9, 0x73, 0x5B, 0x7C, 0x60, 0x75, 0x01,
+        0xCD, 0x81, 0x83, 0xA2, 0x2A, 0xFC, 0x33, 0x92,
+        0x55, 0x37, 0x44, 0xF3, 0x3C, 0x4D, 0x20, 0x25,
+        0x26, 0x94, 0x5C, 0x6D, 0x78, 0xA6, 0x0E, 0x20,
+        0x1A, 0x16, 0x98, 0x7A, 0x6F, 0xA5, 0x9D, 0x94,
+        0x46, 0x4B, 0x56, 0x50, 0x65, 0x56, 0x78, 0x48,
+        0x24, 0xA0, 0x70, 0x58, 0xF5, 0x73, 0x20, 0xE7,
+        0x6C, 0x82, 0x5B, 0x93, 0x47, 0xF2, 0x93, 0x6F,
+        0x4A, 0x0E, 0x5C, 0xDA, 0xA1, 0x8C, 0xF8, 0x83,
+        0x39, 0x45, 0xAE, 0x31, 0x2A, 0x36, 0xB5, 0xF5,
+        0xA3, 0x81, 0x0A, 0xAC, 0x82, 0x38, 0x1F, 0xDA,
+        0xE4, 0xCB, 0x9C, 0x68, 0x31, 0xD8, 0xEB, 0x8A,
+        0xBA, 0xB8, 0x50, 0x41, 0x64, 0x43, 0xD7, 0x39,
+        0x08, 0x6B, 0x1C, 0x32, 0x6F, 0xC2, 0xA3, 0x97,
+        0x57, 0x04, 0xE3, 0x96, 0xA5, 0x96, 0x80, 0xC3,
+        0xB5, 0xF3, 0x60, 0xF5, 0x48, 0x0D, 0x2B, 0x62,
+        0x16, 0x9C, 0xD9, 0x4C, 0xA7, 0x1B, 0x37, 0xBC,
+        0x58, 0x78, 0xBA, 0x29, 0x85, 0xE0, 0x68, 0xBA,
+        0x05, 0x0B, 0x2C, 0xE5, 0x07, 0x26, 0xD4, 0xB4,
+        0x45, 0x1B, 0x77, 0xAA, 0xA8, 0x67, 0x6E, 0xAE,
+        0x09, 0x49, 0x82, 0x21, 0x01, 0x92, 0x19, 0x7B,
+        0x1E, 0x92, 0xA2, 0x7F, 0x59, 0x86, 0x8B, 0x78,
+        0x86, 0x78, 0x87, 0xB9, 0xA7, 0x0C, 0x32, 0xAF,
+        0x84, 0x63, 0x0A, 0xA9, 0x08, 0x81, 0x43, 0x79,
+        0xE6, 0x51, 0x91, 0x50, 0xBA, 0x16, 0x43, 0x9B,
+        0x5E, 0x2B, 0x06, 0x03, 0xD0, 0x6A, 0xA6, 0x67,
+        0x45, 0x57, 0xF5, 0xB0, 0x98, 0x3E, 0x5C, 0xB6,
+        0xA9, 0x75, 0x96, 0x06, 0x9B, 0x01, 0xBB, 0x31,
+        0x28, 0xC4, 0x16, 0x68, 0x06, 0x57, 0x20, 0x4F,
+        0xD0, 0x76, 0x40, 0x39, 0x2E, 0x16, 0xB1, 0x9F,
+        0x33, 0x7A, 0x99, 0xA3, 0x04, 0x84, 0x4E, 0x1A,
+        0xA4, 0x74, 0xE9, 0xC7, 0x99, 0x06, 0x29, 0x71,
+        0xF6, 0x72, 0x26, 0x89, 0x60, 0xF5, 0xA8, 0x2F,
+        0x95, 0x00, 0x70, 0xBB, 0xE9, 0xC2, 0xA7, 0x19,
+        0x50, 0xA3, 0x78, 0x5B, 0xDF, 0x0B, 0x84, 0x40,
+        0x25, 0x5E, 0xD6, 0x39, 0x28, 0xD2, 0x57, 0x84,
+        0x51, 0x68, 0xB1, 0xEC, 0xCC, 0x41, 0x91, 0x32,
+        0x5A, 0xA7, 0x66, 0x45, 0x71, 0x9B, 0x28, 0xEB,
+        0xD8, 0x93, 0x02, 0xDC, 0x67, 0x23, 0xC7, 0x86,
+        0xDF, 0x52, 0x17, 0xB2, 0x43, 0x09, 0x9C, 0xA7,
+        0x82, 0x38, 0xE5, 0x7E, 0x64, 0x69, 0x2F, 0x20,
+        0x6B, 0x17, 0x7A, 0xBC, 0x25, 0x96, 0x60, 0x39,
+        0x5C, 0xD7, 0x86, 0x0F, 0xB3, 0x5A, 0x16, 0xF6,
+        0xB2, 0xFE, 0x65, 0x48, 0xC8, 0x5A, 0xB6, 0x63,
+        0x30, 0xC5, 0x17, 0xFA, 0x74, 0xCD, 0xF3, 0xCB,
+        0x49, 0xD2, 0x6B, 0x11, 0x81, 0x90, 0x1A, 0xF7,
+        0x75, 0xA1, 0xE1, 0x80, 0x81, 0x3B, 0x6A, 0x24,
+        0xC4, 0x56, 0x82, 0x9B, 0x5C, 0x38, 0x10, 0x4E,
+        0xCE, 0x43, 0xC7, 0x6A, 0x43, 0x7A, 0x6A, 0x33,
+        0xB6, 0xFC, 0x6C, 0x5E, 0x65, 0xC8, 0xA8, 0x94,
+        0x66, 0xC1, 0x42, 0x54, 0x85, 0xB2, 0x9B, 0x9E,
+        0x18, 0x54, 0x36, 0x8A, 0xFC, 0xA3, 0x53, 0xE1,
+        0x43, 0xD0, 0xA9, 0x0A, 0x6C, 0x6C, 0x9E, 0x7F,
+        0xDB, 0x62, 0xA6, 0x06, 0x85, 0x6B, 0x56, 0x14,
+        0xF1, 0x2B, 0x64, 0xB7, 0x96, 0x02, 0x0C, 0x35,
+        0x34, 0xC3, 0x60, 0x5C, 0xFD, 0xC7, 0x3B, 0x86,
+        0x71, 0x4F, 0x41, 0x18, 0x50, 0x22, 0x8A, 0x28,
+        0xB8, 0xF4, 0xB4, 0x9E, 0x66, 0x34, 0x16, 0xC8,
+        0x4F, 0x7E, 0x38, 0x1F, 0x6A, 0xF1, 0x07, 0x13,
+        0x43, 0xBF, 0x9D, 0x39, 0xB4, 0x54, 0x39, 0x24,
+        0x0C, 0xC0, 0x38, 0x97, 0x29, 0x5F, 0xEA, 0x08,
+        0x0B, 0x14, 0xBB, 0x2D, 0x81, 0x19, 0xA8, 0x80,
+        0xE1, 0x64, 0x49, 0x5C, 0x61, 0xBE, 0xBC, 0x71,
+        0x39, 0xC1, 0x18, 0x57, 0xC8, 0x5E, 0x17, 0x50,
+        0x33, 0x8D, 0x63, 0x43, 0x91, 0x37, 0x06, 0xA5,
+        0x07, 0xC9, 0x56, 0x64, 0x64, 0xCD, 0x28, 0x37,
+        0xCF, 0x91, 0x4D, 0x1A, 0x3C, 0x35, 0xE8, 0x9B,
+        0x23, 0x5C, 0x6A, 0xB7, 0xED, 0x07, 0x8B, 0xED,
+        0x23, 0x47, 0x57, 0xC0, 0x2E, 0xF6, 0x99, 0x3D,
+        0x4A, 0x27, 0x3C, 0xB8, 0x15, 0x05, 0x28, 0xDA,
+        0x4D, 0x76, 0x70, 0x81, 0x77, 0xE9, 0x42, 0x55,
+        0x46, 0xC8, 0x3E, 0x14, 0x70, 0x39, 0x76, 0x66,
+        0x03, 0xB3, 0x0D, 0xA6, 0x26, 0x8F, 0x45, 0x98,
+        0xA5, 0x31, 0x94, 0x24, 0x0A, 0x28, 0x32, 0xA3,
+        0xD6, 0x75, 0x33, 0xB5, 0x05, 0x6F, 0x9A, 0xAA,
+        0xC6, 0x1B, 0x4B, 0x17, 0xB9, 0xA2, 0x69, 0x3A,
+        0xA0, 0xD5, 0x88, 0x91, 0xE6, 0xCC, 0x56, 0xCD,
+        0xD7, 0x72, 0x41, 0x09, 0x00, 0xC4, 0x05, 0xAF,
+        0x20, 0xB9, 0x03, 0x79, 0x7C, 0x64, 0x87, 0x69,
+        0x15, 0xC3, 0x7B, 0x84, 0x87, 0xA1, 0x44, 0x9C,
+        0xE9, 0x24, 0xCD, 0x34, 0x5C, 0x29, 0xA3, 0x6E,
+        0x08, 0x23, 0x8F, 0x7A, 0x15, 0x7C, 0xC7, 0xE5,
+        0x16, 0xAB, 0x5B, 0xA7, 0x3C, 0x80, 0x63, 0xF7,
+        0x26, 0xBB, 0x5A, 0x0A, 0x03, 0x19, 0xE5, 0x71,
+        0x27, 0x43, 0x8C, 0x7F, 0xC6, 0x01, 0xC9, 0x9C,
+        0xCA, 0xAE, 0x4C, 0x1A, 0x83, 0x72, 0x6F, 0xDC,
+        0xB5, 0x04, 0x5E, 0xD1, 0xA8, 0x2A, 0x98, 0x5E,
+        0xA9, 0x95, 0x39, 0x6D, 0x77, 0x27, 0x2C, 0x66,
+        0xCE, 0x49, 0x32, 0x89, 0xF6, 0x11, 0x09, 0x10,
+        0xF3, 0x7C, 0x27, 0x41, 0xCE, 0x47, 0x02, 0x6A,
+        0x6F, 0x82, 0x61, 0x99, 0x9C, 0x64, 0x82, 0x57,
+        0x2B, 0x16, 0x93, 0x91, 0x2E, 0xF1, 0x2E, 0xEB,
+        0xEA, 0x7A, 0xCF, 0x92, 0x34, 0xFB, 0x40, 0x9F,
+        0x2A, 0x60, 0x90, 0xE6, 0xB0, 0xBF, 0xD8, 0x95,
+        0x46, 0x9D, 0x0B, 0x2A, 0x92, 0x1B, 0xB7, 0x23,
+        0xF8, 0x7A, 0x33, 0xEA, 0x54, 0x65, 0xAB, 0x90,
+        0xF5, 0x14, 0xB6, 0x76, 0x98, 0xC0, 0x76, 0x8B,
+        0x6C, 0xA4, 0x98, 0xB0, 0x22, 0xC5, 0x12, 0xFA,
+        0x08, 0x75, 0xF0, 0x54, 0xAA, 0x22, 0x65, 0x86,
+        0x7E, 0x31, 0xC0, 0xE5, 0x22, 0x65, 0x1E, 0x02,
+        0x4A, 0x07, 0xD6, 0x0D, 0xD9, 0xF6, 0x33, 0x16,
+        0x69, 0x21, 0xF4, 0x12, 0x6B, 0xC2, 0xB6, 0xAA,
+        0x01, 0xCC, 0x15, 0xA0, 0x9B, 0x85, 0xBF, 0xF8,
+        0x21, 0x8C, 0x5A, 0xAE, 0x95, 0xBC, 0x1F, 0xFB,
+        0x26, 0xAE, 0x5A, 0x13, 0x76, 0x70, 0xF0, 0x49,
+        0x10, 0xCA, 0x9D, 0x72, 0x41, 0xB6, 0x66, 0x0C,
+        0x39, 0x4C, 0x54, 0x55, 0x91, 0x77, 0x46, 0xA2,
+        0x66, 0x82, 0xFB, 0x71, 0xA4, 0x32, 0xEA, 0x95,
+        0x30, 0xE8, 0x39, 0xBD, 0xEB, 0x07, 0x43, 0x30,
+        0x04, 0xF4, 0x5A, 0x0D, 0xDA, 0xA0, 0xB2, 0x4E,
+        0x3A, 0x56, 0x6A, 0x54, 0x08, 0x15, 0xF2, 0x81,
+        0xE3, 0xFC, 0x25, 0x9A, 0xC6, 0xCB, 0xC0, 0xAC,
+        0xB8, 0xD6, 0x22, 0x68, 0xB6, 0x03, 0xBC, 0x67,
+        0x6A, 0xB4, 0x15, 0xC4, 0x74, 0xBB, 0x94, 0x87,
+        0x3E, 0x44, 0x87, 0xAE, 0x31, 0xA4, 0xE3, 0x84,
+        0x5C, 0x79, 0x90, 0x15, 0x50, 0x89, 0x0E, 0xE8,
+        0x78, 0x4E, 0xEF, 0x90, 0x4F, 0xEE, 0x62, 0xBA,
+        0x8C, 0x5F, 0x95, 0x2C, 0x68, 0x41, 0x30, 0x52,
+        0xE0, 0xA7, 0xE3, 0x38, 0x8B, 0xB8, 0xFF, 0x0A,
+        0xD6, 0x02, 0xAE, 0x3E, 0xA1, 0x4D, 0x9D, 0xF6,
+        0xDD, 0x5E, 0x4C, 0xC6, 0xA3, 0x81, 0xA4, 0x1D,
+        0xA5, 0xC1, 0x37, 0xEC, 0xC4, 0x9D, 0xF5, 0x87,
+        0xE1, 0x78, 0xEA, 0xF4, 0x77, 0x02, 0xEC, 0x62,
+        0x37, 0x80, 0x69, 0x1A, 0x32, 0x33, 0xF6, 0x9F,
+        0x12, 0xBD, 0x9C, 0x9B, 0x96, 0x37, 0xC5, 0x13,
+        0x78, 0xAD, 0x71, 0xA8, 0x31, 0x05, 0x52, 0x77,
+        0x25, 0x4C, 0xC6, 0x3C, 0x5A, 0xD4, 0xCB, 0x76,
+        0xB4, 0xAB, 0x82, 0xE5, 0xFC, 0xA1, 0x35, 0xE8,
+        0xD2, 0x6A, 0x6B, 0x3A, 0x89, 0xFA, 0x5B, 0x6F
     };
     static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = {
-        0xDF, 0xA6, 0xB9, 0xD7, 0x2A, 0x63, 0xB4, 0x20,
-        0xB8, 0x9D, 0xDE, 0x50, 0xF7, 0xE0, 0xD5, 0x6E,
-        0xCF, 0x87, 0x6B, 0xFE, 0xF9, 0x91, 0xFC, 0xE9,
-        0x1C, 0x8D, 0x28, 0x6F, 0xA6, 0xEA, 0xBA, 0xC1,
-        0x73, 0x0F, 0xD8, 0x77, 0x41, 0xFE, 0x4A, 0xD7,
-        0x17, 0xB2, 0x82, 0xA2, 0x1E, 0x23, 0x5A, 0x55,
-        0xC3, 0x75, 0x7D, 0x88, 0xD4, 0xCE, 0x62, 0xF4,
-        0x14, 0xEB, 0x77, 0xEB, 0x9D, 0x35, 0x7E, 0xE2,
-        0x9D, 0x00, 0x08, 0x7B, 0xF8, 0x11, 0x0E, 0x5B,
-        0xBB, 0xC7, 0xC9, 0x04, 0x19, 0x07, 0x2E, 0xAE,
-        0x04, 0x4B, 0xF7, 0xE1, 0x83, 0xD4, 0x3A, 0x94,
-        0xB2, 0x63, 0x2A, 0xA1, 0x46, 0x49, 0x61, 0x9B,
-        0x70, 0x64, 0x95, 0x21, 0xBC, 0x19, 0x37, 0x09,
-        0x42, 0xEF, 0x70, 0xF3, 0x6C, 0x34, 0xC8, 0xC2,
-        0x35, 0x91, 0xEE, 0x0C, 0xA7, 0x1A, 0x12, 0xD2,
-        0x79, 0xE0, 0xF5, 0x2D, 0x39, 0xED, 0x0F, 0x91,
-        0x3F, 0x8C, 0x26, 0x26, 0x21, 0xFB, 0x24, 0x2E,
-        0x68, 0x0D, 0xEB, 0x30, 0x7B, 0x07, 0x49, 0xC6,
-        0xB3, 0x93, 0xA8, 0xEF, 0x66, 0xF8, 0xB0, 0x4A,
-        0xAF, 0xA8, 0x77, 0xB9, 0x51, 0xAB, 0x93, 0xF5,
-        0x98, 0xB4, 0xB2, 0xFA, 0xB0, 0x4F, 0x88, 0xAC,
-        0x80, 0x39, 0x84, 0xFF, 0x37, 0xE3, 0xFE, 0x74,
-        0xF3, 0xA6, 0x16, 0xD5, 0x31, 0x4E, 0xB3, 0xA8,
-        0x26, 0xF8, 0x74, 0xF8, 0xEC, 0xD3, 0xA5, 0x64,
-        0x7D, 0x04, 0x94, 0x2A, 0x57, 0xEF, 0xC0, 0x96,
-        0x38, 0x47, 0x0D, 0xC0, 0xA9, 0xDF, 0x40, 0xB3,
-        0x17, 0x57, 0x1D, 0x39, 0x84, 0xA7, 0x8C, 0xF7,
-        0xD1, 0x17, 0x51, 0x09, 0x07, 0x22, 0xB3, 0x05,
-        0x9E, 0x07, 0x59, 0x1C, 0xC4, 0xA2, 0xED, 0x9B,
-        0xA0, 0xDC, 0xE9, 0x9B, 0xE9, 0xE5, 0xEE, 0x5D,
-        0xB8, 0xD6, 0x98, 0xCD, 0xEB, 0x58, 0x14, 0x75,
-        0x9B, 0xA9, 0x77, 0xC9, 0x00, 0x79, 0xCF, 0x2A,
-        0xFD, 0xE4, 0x78, 0x06, 0x9C, 0x51, 0x3A, 0x60,
-        0x09, 0x1A, 0x3A, 0x5D, 0x01, 0x11, 0xE2, 0x2D,
-        0xE0, 0x6C, 0xB1, 0x45, 0xC1, 0x4E, 0x22, 0xA2,
-        0x14, 0xCB, 0x27, 0x8C, 0x81, 0x52, 0xB0, 0x68,
-        0x1B, 0xCA, 0xFF, 0x54, 0xD5, 0x52, 0xB5, 0x4A,
-        0x67, 0x1C, 0x0D, 0xFE, 0xF7, 0x75, 0xE7, 0xC5,
-        0x4F, 0xEF, 0xC4, 0x85, 0x38, 0x68, 0xC9, 0x55,
-        0x97, 0x1A, 0xBD, 0xAC, 0x2A, 0x76, 0x29, 0x2C,
-        0xCC, 0xD4, 0xFD, 0x1C, 0x70, 0x6B, 0x7D, 0x36,
-        0x14, 0x15, 0x96, 0x73, 0xE9, 0xD7, 0xB2, 0x9A,
-        0x2D, 0x3F, 0x63, 0x36, 0x31, 0x29, 0xE7, 0xA2,
-        0x1E, 0x80, 0x3A, 0x46, 0x0F, 0x27, 0x14, 0xE3,
-        0xE2, 0x59, 0x22, 0x78, 0x0A, 0xF3, 0x82, 0x57,
-        0xCD, 0x14, 0x95, 0xAC, 0xD1, 0xE0, 0x19, 0x80,
-        0x63, 0x8D, 0xF5, 0x8A, 0x15, 0x3D, 0xAB, 0x07,
-        0xEF, 0xB5, 0xC7, 0xE7, 0x8A, 0xDA, 0xCF, 0x63,
-        0x19, 0x56, 0xD6, 0x9C, 0xCD, 0xA0, 0x70, 0x45,
-        0x95, 0x68, 0xBD, 0x9D, 0x11, 0xA2, 0x93, 0x4B,
-        0xCF, 0x16, 0x43, 0xBC, 0x99, 0x46, 0x82, 0x38,
-        0x91, 0x0B, 0x1F, 0x74, 0x2E, 0xBB, 0x3C, 0x03,
-        0xD3, 0x9F, 0xD4, 0x5C, 0xFB, 0x85, 0xBA, 0x30,
-        0x9E, 0x29, 0xDD, 0x9B, 0x5C, 0xD5, 0x60, 0x81,
-        0x9E, 0xC7, 0x29, 0xFC, 0xAC, 0x8B, 0x9D, 0x72,
-        0x5E, 0x3E, 0x8A, 0xBE, 0xDE, 0x4B, 0x52, 0x98,
-        0xA8, 0x65, 0x8E, 0xE3, 0xF7, 0x81, 0xB0, 0xCE,
-        0x68, 0x3C, 0xBB, 0x73, 0x35, 0xCD, 0x57, 0xEF,
-        0xE2, 0x20, 0x4A, 0x8F, 0x19, 0x74, 0x46, 0xD7,
-        0x31, 0x4C, 0xDB, 0xF4, 0xC5, 0xD0, 0x8C, 0xCC,
-        0x41, 0xF8, 0x08, 0x57, 0xCC, 0x95, 0x71, 0xFB,
-        0xFB, 0x90, 0x60, 0x60, 0xF7, 0xE1, 0x7C, 0x8C,
-        0xEF, 0x0F, 0x27, 0x4A, 0xFF, 0x83, 0xE3, 0x93,
-        0xB1, 0x5F, 0x2F, 0x95, 0x89, 0xA1, 0x3A, 0xF4,
-        0xBC, 0x78, 0xE1, 0x6C, 0xDD, 0xE6, 0x23, 0x61,
-        0xD6, 0x3B, 0x8D, 0xC9, 0x03, 0xB7, 0x0C, 0x01,
-        0xA4, 0x34, 0x19, 0xCD, 0x20, 0x52, 0x15, 0x0B,
-        0xD2, 0x87, 0x19, 0xF6, 0x1F, 0xF3, 0x1F, 0x4A,
-        0x9B, 0xEC, 0x4D, 0xDB, 0xCE, 0xC1, 0xF8, 0xFB,
-        0x2E, 0xFB, 0xF3, 0x7D, 0xFF, 0xFA, 0x4C, 0x7F,
-        0xEC, 0xA8, 0xCE, 0x6D, 0x62, 0x6B, 0xFD, 0xA1,
-        0x6E, 0xE7, 0x08, 0xD9, 0x20, 0x68, 0x14, 0xA2,
-        0xEF, 0x98, 0x85, 0x25, 0x61, 0x5D, 0x4A, 0xC9,
-        0xBE, 0x60, 0x8C, 0x4B, 0x03, 0xAB, 0xEE, 0x95,
-        0xB3, 0x2A, 0x5D, 0xB7, 0x4A, 0x96, 0x11, 0x9A,
-        0x7E, 0x15, 0x9A, 0xF9, 0x9C, 0xD9, 0x8E, 0x88,
-        0xEA, 0xF0, 0x9F, 0x0D, 0x78, 0x0E, 0x7C, 0x7E,
-        0x81, 0x4B, 0x8E, 0x88, 0xB4, 0xF4, 0xE1, 0x5F,
-        0xA5, 0x49, 0x95, 0xD0, 0xEC, 0xBA, 0xD3, 0xEF,
-        0x04, 0x6A, 0x49, 0x47, 0xF3, 0xE8, 0xB9, 0xE7,
-        0x44, 0x24, 0x14, 0x89, 0xB8, 0x06, 0xFE, 0x94,
-        0x01, 0xE7, 0x8B, 0xAF, 0xC8, 0xE8, 0x82, 0xE9,
-        0xD6, 0xD0, 0x70, 0x0F, 0x72, 0x0C, 0x00, 0x24,
-        0xE7, 0xDA, 0x49, 0x06, 0x1C, 0x5D, 0x18, 0xA6,
-        0x20, 0x74, 0x04, 0x0A, 0xBC, 0x00, 0x03, 0x20,
-        0x0E, 0xD4, 0x65, 0x23, 0x17, 0x97, 0x93, 0x0A,
-        0x2E, 0x2A, 0xA5, 0x01, 0xF6, 0x48, 0x62, 0xDD,
-        0xA1, 0x30, 0x14, 0xA9, 0x9F, 0x9D, 0x32, 0x70,
-        0xAA, 0x90, 0x7E, 0xEB, 0x3F, 0xDB, 0xFF, 0x29,
-        0x16, 0x00, 0xDF, 0x1F, 0x6B, 0x39, 0x68, 0x4B,
-        0x11, 0xE3, 0x96, 0xB7, 0x0D, 0x86, 0xF9, 0x04,
-        0x92, 0xE8, 0x2B, 0x09, 0xBA, 0x25, 0x60, 0x7B,
-        0x0C, 0x28, 0x6F, 0xBC, 0x07, 0x01, 0x82, 0xAC,
-        0x76, 0xFA, 0x7C, 0x85, 0x9A, 0xAF, 0xEA, 0x87,
-        0x01, 0x6A, 0xED, 0x22, 0xC3, 0x60, 0x5A, 0x27,
-        0x89, 0xA1, 0xD4, 0x39, 0xFD, 0x8D, 0x93, 0x33,
-        0x42, 0xDA, 0xB7, 0x45, 0xA3, 0xE5, 0x50, 0xE7,
-        0xD7, 0x7C, 0x01, 0xA6, 0x23, 0x4B, 0xDA, 0x7D,
-        0x6B, 0xB1, 0x9D, 0x49, 0x5E, 0x65, 0x60, 0xFC,
-        0xE8, 0x39, 0x6F, 0xC3, 0xC6, 0xE0, 0x88, 0xED,
-        0x60, 0xF5, 0xF2, 0x77, 0x14, 0x16, 0xEA, 0x3B,
-        0xE5, 0xBE, 0x47, 0x2B, 0x64, 0x04, 0x90, 0x6C,
-        0x91, 0xE7, 0x1D, 0x9A, 0x86, 0x72, 0xF3, 0x90,
-        0x08, 0x36, 0x55, 0xAB, 0x7D, 0x0E, 0xC6, 0xED,
-        0xFE, 0x86, 0x78, 0x9C, 0xE2, 0x0B, 0xE2, 0xEA,
-        0x90, 0xCA, 0x5C, 0xC3, 0x14, 0x16, 0xFB, 0x24,
-        0xCB, 0xAF, 0x94, 0xDA, 0x14, 0x68, 0xFE, 0x69,
-        0x6B, 0xCD, 0xF5, 0x24, 0x7C, 0xF1, 0x17, 0xCB,
-        0xE9, 0x33, 0x40, 0x76, 0xCA, 0x68, 0x96, 0xB2,
-        0xF6, 0xA0, 0x16, 0xB1, 0xF7, 0xC7, 0x37, 0x28,
-        0x80, 0x78, 0x98, 0xD8, 0xB1, 0x99, 0x75, 0x6C,
-        0x2B, 0x0A, 0xA2, 0x45, 0x7E, 0x1B, 0x4F, 0x77,
-        0x54, 0xC4, 0x57, 0x6C, 0xE5, 0x64, 0x56, 0x14,
-        0xEA, 0x15, 0xC1, 0xAE, 0x28, 0xB0, 0x94, 0xEB,
-        0x21, 0x7C, 0x7A, 0x7A, 0x41, 0x23, 0x95, 0x76,
-        0xCB, 0xDA, 0x38, 0x0E, 0xE6, 0x87, 0x83, 0x43,
-        0x27, 0x30, 0xAD, 0x5E, 0xBE, 0x7F, 0x51, 0xD6,
-        0xBE, 0x7F, 0xB0, 0x2A, 0xB3, 0x7B, 0xE0, 0xC9,
-        0x6A, 0xAC, 0x9F, 0x3C, 0x79, 0x0A, 0x18, 0xD1,
-        0x59, 0xE6, 0xBA, 0xBA, 0x71, 0xEC, 0x88, 0xC1,
-        0x10, 0xFD, 0x84, 0xC3, 0x36, 0xDF, 0x63, 0x0F,
-        0x27, 0x1C, 0xF7, 0x93, 0x28, 0xB6, 0xC8, 0x79,
-        0xDF, 0x7C, 0xDE, 0x0F, 0x70, 0x71, 0x22, 0x20,
-        0xB1, 0xFB, 0xB9, 0xAC, 0xB4, 0x82, 0x48, 0xD9,
-        0x1F, 0x0E, 0x2B, 0x6E, 0x3B, 0xE4, 0x0C, 0x2B,
-        0x22, 0x1E, 0x62, 0x6E, 0x7E, 0x33, 0x0D, 0x9D,
-        0x83, 0xCC, 0x06, 0x68, 0xF7, 0x30, 0x85, 0x91,
-        0xE1, 0x4C, 0x7D, 0x72, 0xB8, 0x41, 0xA6, 0xF0,
-        0x5F, 0x3F, 0xDC, 0x13, 0x9E, 0xEC, 0xC1, 0x53,
-        0x67, 0x65, 0x65, 0x0B, 0x55, 0xA9, 0xCE, 0xC6,
-        0xBB, 0xF5, 0x4C, 0xCE, 0xC5, 0xC3, 0xAC, 0x9A,
-        0x0E, 0x39, 0xF4, 0x8F, 0x23, 0x7B, 0xD4, 0xC6,
-        0x60, 0xCB, 0x1A, 0x8D, 0x25, 0x0B, 0xB6, 0xC8,
-        0xC0, 0x10, 0xFE, 0xC3, 0x4C, 0xC3, 0xD9, 0x15,
-        0x99, 0x27, 0x1C, 0x75, 0x31, 0x33, 0x0F, 0x12,
-        0xA3, 0xE4, 0x4F, 0xAF, 0xD9, 0x05, 0xD2, 0xC6
+        0xA5, 0xC8, 0x1C, 0x76, 0xC2, 0x43, 0x05, 0xE1,
+        0xCE, 0x5D, 0x81, 0x35, 0xD4, 0x15, 0x23, 0x68,
+        0x2E, 0x9E, 0xE6, 0xD7, 0xB4, 0x0A, 0xD4, 0x1D,
+        0xF1, 0xF3, 0x7C, 0x9B, 0x17, 0xDC, 0xE7, 0x80,
+        0x76, 0x01, 0x9A, 0x6B, 0x0B, 0x7C, 0x95, 0xC9,
+        0xBE, 0x7A, 0xF2, 0x95, 0x07, 0xB2, 0xD5, 0xA6,
+        0x98, 0x7C, 0x8E, 0xE3, 0x25, 0x91, 0x90, 0x85,
+        0x52, 0x43, 0xE6, 0xE5, 0x6F, 0x56, 0x20, 0x60,
+        0x8C, 0x52, 0xD9, 0x6F, 0xAB, 0x10, 0x3A, 0x87,
+        0x00, 0xFB, 0xA1, 0xA8, 0x7D, 0xCA, 0x60, 0x78,
+        0x11, 0x8A, 0x08, 0x71, 0x76, 0x2C, 0x95, 0x34,
+        0xC0, 0xC0, 0xC3, 0x97, 0x8C, 0x91, 0xC3, 0xA0,
+        0x1F, 0x0F, 0x60, 0x8D, 0xCF, 0x75, 0x78, 0x15,
+        0x43, 0x8F, 0xE8, 0x95, 0x7C, 0x8A, 0x85, 0x91,
+        0x83, 0xB1, 0xB6, 0x72, 0x1A, 0x08, 0x65, 0xBE,
+        0xBC, 0x79, 0x9D, 0x4E, 0x5C, 0x0E, 0x7B, 0xD3,
+        0xEA, 0xE4, 0x85, 0x8E, 0x6A, 0xB6, 0xA2, 0xE7,
+        0x65, 0x8E, 0xD8, 0x0D, 0x4E, 0xD1, 0x58, 0xB0,
+        0x36, 0xB9, 0x3F, 0xA0, 0x3A, 0xFA, 0x6A, 0xE3,
+        0x13, 0x6C, 0xF3, 0xD6, 0x93, 0xC9, 0x11, 0xBC,
+        0xC7, 0x59, 0x05, 0xE5, 0xB0, 0xCB, 0x28, 0x65,
+        0xB9, 0xE9, 0x88, 0x45, 0x22, 0xA7, 0x77, 0x77,
+        0x61, 0x3E, 0x53, 0x11, 0x1D, 0x5A, 0x1C, 0x7D,
+        0x3D, 0xAB, 0x73, 0x4C, 0xEB, 0x03, 0x65, 0x7A,
+        0xE0, 0xC8, 0x97, 0x63, 0xE9, 0x94, 0x71, 0x05,
+        0x47, 0x76, 0xBA, 0xE7, 0xD5, 0x1B, 0x0E, 0x73,
+        0xA5, 0xBB, 0x35, 0xAE, 0xC3, 0x0F, 0xF6, 0xBC,
+        0x93, 0x68, 0x49, 0x16, 0xFE, 0xF1, 0x16, 0x25,
+        0x86, 0x45, 0x2F, 0x42, 0x66, 0x53, 0xE2, 0xCA,
+        0x84, 0x4D, 0x57, 0x44, 0x30, 0x7F, 0xF9, 0xAE,
+        0xB2, 0x87, 0xA6, 0x44, 0x77, 0x83, 0xB2, 0x1A,
+        0x0E, 0x93, 0x9C, 0x81, 0x42, 0x1D, 0x63, 0x1F,
+        0x5D, 0xCB, 0x45, 0x2E, 0x51, 0xED, 0x34, 0xE3,
+        0xDA, 0xD1, 0xCF, 0x50, 0x4E, 0x0A, 0x3B, 0x0F,
+        0x47, 0x11, 0xA8, 0xDC, 0x64, 0x99, 0xD1, 0x69,
+        0x1D, 0x10, 0x95, 0x69, 0x33, 0x6C, 0xE1, 0x55,
+        0x8A, 0x4C, 0x0A, 0x46, 0x4E, 0x20, 0x87, 0xEA,
+        0x8F, 0x9E, 0x3B, 0x18, 0xF7, 0x47, 0xEF, 0x61,
+        0xF4, 0x57, 0x6A, 0xEB, 0x42, 0xB1, 0x7C, 0xAD,
+        0xB7, 0xF0, 0xFD, 0x84, 0xDA, 0x8E, 0x3A, 0x6F,
+        0x47, 0x1D, 0x95, 0xED, 0xFA, 0x65, 0xBE, 0x9E,
+        0x6C, 0x9F, 0x6A, 0xE7, 0x56, 0xA2, 0x2A, 0x4F,
+        0x1A, 0x5C, 0x54, 0x3C, 0x26, 0xBA, 0x7B, 0xAD,
+        0x88, 0xE1, 0x6D, 0x5F, 0x5B, 0x7E, 0x12, 0xE2,
+        0xD4, 0xCA, 0x34, 0xB3, 0xA6, 0x4D, 0x17, 0xF8,
+        0x7C, 0xCF, 0xC4, 0xFF, 0x8C, 0x5E, 0x4F, 0x53,
+        0x75, 0x2A, 0x07, 0x7C, 0x68, 0x72, 0x1E, 0x8C,
+        0xC8, 0x17, 0xF9, 0xFF, 0x24, 0x87, 0x61, 0x70,
+        0xFF, 0x2A, 0xF8, 0x9F, 0xA9, 0x58, 0x55, 0xA5,
+        0xB1, 0xDE, 0x34, 0x7C, 0x07, 0xFD, 0xDB, 0xCF,
+        0xE7, 0x26, 0x4A, 0xA5, 0xED, 0x64, 0x01, 0x49,
+        0x15, 0x61, 0xD8, 0x31, 0x53, 0x8F, 0x85, 0x2B,
+        0x0E, 0xD7, 0xB9, 0xE8, 0xEB, 0xAF, 0xFC, 0x06,
+        0x02, 0x84, 0xF2, 0x2D, 0x2B, 0xAE, 0xE5, 0x6F,
+        0xA9, 0xF6, 0xD0, 0x14, 0x32, 0xA1, 0x15, 0xA2,
+        0xD6, 0xA6, 0x4C, 0x38, 0xAE, 0x0A, 0x50, 0xBA,
+        0x36, 0x2F, 0xB5, 0x7B, 0x53, 0xE3, 0xE8, 0x55,
+        0xB8, 0x3C, 0xE8, 0xC4, 0x22, 0x74, 0x04, 0x55,
+        0x99, 0xF6, 0x5F, 0xA6, 0xA8, 0x92, 0x1D, 0x85,
+        0xF9, 0x4E, 0xD2, 0x30, 0xB5, 0x16, 0x71, 0x2D,
+        0xB6, 0xFD, 0x2F, 0xF2, 0x8B, 0x3A, 0x33, 0x71,
+        0xD9, 0xBE, 0x05, 0x8A, 0xE7, 0x5C, 0x2F, 0xA5,
+        0x91, 0xB7, 0xEC, 0x3C, 0x3D, 0xAA, 0x1F, 0x76,
+        0x42, 0xBC, 0x26, 0xC3, 0x24, 0xC0, 0x80, 0x90,
+        0x60, 0x7E, 0x66, 0x62, 0x15, 0x4D, 0xB3, 0x7C,
+        0xF7, 0x47, 0x96, 0x7A, 0x1F, 0x9F, 0xC2, 0x90,
+        0x89, 0xF5, 0x70, 0xEB, 0xE6, 0x0E, 0xEE, 0xF8,
+        0x9F, 0xD2, 0x44, 0x81, 0x02, 0x8C, 0x85, 0xAE,
+        0xF1, 0xDC, 0x3B, 0x09, 0xF2, 0x2C, 0xD3, 0x69,
+        0x1B, 0xBB, 0xB8, 0x21, 0xC7, 0xA8, 0xA0, 0xF3,
+        0x5A, 0xD1, 0x2B, 0xE1, 0xDD, 0x19, 0x9B, 0x97,
+        0x70, 0x48, 0xF3, 0xD4, 0x8C, 0x16, 0xBB, 0x2C,
+        0xA9, 0x4C, 0xEC, 0xB8, 0x92, 0x87, 0x70, 0xD5,
+        0xBB, 0x32, 0x9A, 0x03, 0x27, 0xE0, 0xB2, 0x86,
+        0xFA, 0xA1, 0xC6, 0x52, 0x81, 0x03, 0x1A, 0x31,
+        0xC8, 0x4F, 0x2E, 0xDC, 0x9C, 0x04, 0xD4, 0x75,
+        0xED, 0x4E, 0x12, 0x8E, 0x51, 0xEF, 0xA9, 0x7D,
+        0x01, 0x48, 0xCB, 0xA6, 0xC9, 0x5F, 0x67, 0x4C,
+        0x58, 0x9F, 0x30, 0x1C, 0x26, 0x5B, 0xED, 0x70,
+        0x8E, 0x9A, 0xD8, 0xDA, 0x3C, 0x5C, 0xEC, 0xBD,
+        0xEE, 0xED, 0x35, 0xEF, 0x1E, 0x25, 0x31, 0x32,
+        0xBA, 0x89, 0x92, 0x0D, 0x78, 0x6B, 0x88, 0x23,
+        0x0B, 0x01, 0x3B, 0xCF, 0x2D, 0xC9, 0x2D, 0x6B,
+        0x15, 0x7A, 0xFA, 0x8D, 0xA8, 0x59, 0x2C, 0xD0,
+        0x74, 0x3D, 0x49, 0x82, 0xBE, 0x60, 0xD7, 0xC2,
+        0xD5, 0xC4, 0x72, 0xAB, 0x9F, 0xA7, 0xF4, 0xCC,
+        0x3D, 0x12, 0xB0, 0xEB, 0xAF, 0x0A, 0xBE, 0x55,
+        0x5C, 0x75, 0x80, 0x54, 0x26, 0x84, 0x4D, 0xD9,
+        0x42, 0x86, 0x43, 0xF8, 0x44, 0x06, 0xA1, 0xB8,
+        0xD6, 0xFA, 0xED, 0xFD, 0x8A, 0xE6, 0xE7, 0x3A,
+        0x72, 0x77, 0x2A, 0x21, 0x59, 0xAC, 0xAB, 0xD9,
+        0x72, 0xAE, 0xB6, 0xF7, 0xDE, 0x09, 0x1A, 0xC5,
+        0xFD, 0xD7, 0xF4, 0x9A, 0x3D, 0xC6, 0x64, 0x1C,
+        0xDF, 0x62, 0x44, 0x6B, 0x4B, 0x04, 0xA3, 0x1F,
+        0x73, 0xB8, 0x0A, 0x62, 0xF8, 0x0A, 0x40, 0x4A,
+        0x8C, 0xB1, 0x8C, 0xE3, 0xE6, 0x54, 0x80, 0xEF,
+        0x7B, 0x52, 0xBF, 0x00, 0x91, 0x11, 0x7E, 0x5D,
+        0x08, 0xEA, 0xE1, 0xB0, 0xAA, 0xBB, 0x72, 0xE6,
+        0xDF, 0xFF, 0xF7, 0x6F, 0x6E, 0x44, 0xBB, 0xD7,
+        0xEA, 0x57, 0x0D, 0x66, 0x04, 0xBC, 0x2E, 0x74,
+        0x31, 0x8B, 0xAF, 0xA3, 0x15, 0xA3, 0x88, 0x61,
+        0xAA, 0x1B, 0x21, 0xAF, 0xB2, 0xA5, 0x3F, 0x26,
+        0x14, 0xF1, 0xD6, 0x40, 0x07, 0x59, 0x84, 0xAE,
+        0x62, 0xE2, 0xFC, 0xA1, 0xD1, 0xB4, 0xDB, 0x36,
+        0x9F, 0x15, 0x70, 0x5C, 0xE7, 0xD4, 0xDF, 0x8A,
+        0xE9, 0x82, 0x64, 0x50, 0x10, 0x51, 0xC0, 0xDE,
+        0xF2, 0x1D, 0x64, 0x5D, 0x49, 0x62, 0x5A, 0xF0,
+        0x2C, 0xA4, 0x28, 0xD9, 0xF0, 0xC2, 0xCD, 0x9F,
+        0xBA, 0xEE, 0xAB, 0x97, 0xE8, 0xE9, 0x15, 0x16,
+        0x62, 0xB6, 0x99, 0x2B, 0x4C, 0x99, 0xAB, 0x1B,
+        0x92, 0x5D, 0x08, 0x92, 0x03, 0x63, 0x37, 0x3F,
+        0x76, 0xD3, 0xFD, 0xF0, 0x82, 0x8C, 0xAA, 0x69,
+        0xC8, 0xB1, 0xBD, 0xC6, 0xF5, 0x21, 0xDF, 0x64,
+        0x1C, 0xF1, 0xC8, 0xA4, 0xE7, 0xEF, 0x0C, 0x23,
+        0x28, 0x9A, 0x4E, 0x2C, 0xF1, 0x8A, 0xCE, 0xBB,
+        0xE4, 0xC1, 0xE6, 0x83, 0x69, 0xBD, 0x52, 0x35,
+        0x12, 0x01, 0x42, 0xEC, 0xDD, 0x1A, 0x73, 0x81,
+        0x1E, 0x2E, 0x53, 0x3A, 0x64, 0x7D, 0x7A, 0xEE,
+        0x16, 0xDA, 0xA0, 0x3B, 0x68, 0x36, 0x39, 0xDC,
+        0xF1, 0xE1, 0xF1, 0xE7, 0x1C, 0xFA, 0xED, 0x48,
+        0xF6, 0x9A, 0xEC, 0x3E, 0x83, 0x17, 0x33, 0xDA,
+        0x19, 0xCE, 0xBE, 0xC1, 0xDD, 0xBF, 0x71, 0xCB,
+        0xAE, 0x08, 0x00, 0xF2, 0xF6, 0xD6, 0x4A, 0x09,
+        0x6E, 0xC4, 0x95, 0xD6, 0x2F, 0x43, 0x44, 0xF7,
+        0xAA, 0x56, 0x21, 0xB3, 0x22, 0x35, 0x3A, 0x79,
+        0x5A, 0xA0, 0x99, 0xEA, 0x3A, 0x07, 0x02, 0x72,
+        0xD0, 0x53, 0xD4, 0x65, 0x3A, 0x20, 0xCF, 0x21,
+        0x0E, 0xAA, 0xF1, 0x2C, 0xAE, 0x60, 0x23, 0xD8,
+        0xE5, 0x11, 0x8D, 0xF0, 0x4B, 0x38, 0x4A, 0x44,
+        0xD1, 0xED, 0xB9, 0x1C, 0x44, 0x98, 0x9E, 0xF7,
+        0xEE, 0x57, 0xF2, 0xBF, 0x81, 0xA2, 0x4B, 0xDC,
+        0x76, 0x80, 0x7D, 0xA9, 0x67, 0xEE, 0x65, 0x25,
+        0x41, 0x0C, 0x5C, 0x48, 0x50, 0x67, 0xEF, 0xC3,
+        0xD3, 0x9A, 0x9A, 0xD4, 0x2C, 0xC7, 0x53, 0xBA,
+        0xA5, 0x9A, 0x1F, 0xD2, 0x8A, 0xF3, 0x5C, 0x00,
+        0xD1, 0x8A, 0x40, 0x6A, 0x28, 0xFC, 0x79, 0xBA
     };
     static const byte kprime_768[KYBER_SS_SZ] = {
-        0xBD, 0x72, 0x56, 0xB2, 0x42, 0xF4, 0x04, 0x86,
-        0x9D, 0x66, 0x2F, 0x80, 0xBF, 0x67, 0x7A, 0x16,
-        0xC0, 0xC6, 0xFC, 0x15, 0x68, 0xCC, 0xA5, 0xB6,
-        0x45, 0x82, 0xA0, 0x1A, 0x6A, 0x14, 0x2D, 0x71
+        0xDC, 0x5B, 0x88, 0x88, 0xBC, 0x1E, 0xBA, 0x5C,
+        0x19, 0x69, 0xC2, 0x11, 0x64, 0xEA, 0x43, 0xE2,
+        0x2E, 0x7A, 0xC0, 0xCD, 0x01, 0x2A, 0x2F, 0x26,
+        0xCB, 0x8C, 0x48, 0x7E, 0x69, 0xEF, 0x7C, 0xE4
     };
 #endif
 #ifndef WOLFSSL_NO_KYBER1024
     static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = {
-        0x0F, 0xEA, 0x26, 0xC4, 0xA5, 0x44, 0xA5, 0x14,
-        0x44, 0x4A, 0x97, 0x1B, 0x5C, 0x5A, 0x82, 0x58,
-        0x27, 0xC0, 0x9D, 0x42, 0x46, 0x9E, 0x59, 0x34,
-        0x4C, 0xF2, 0xAC, 0x06, 0xA2, 0x8D, 0x33, 0xE9,
-        0xA0, 0x12, 0xCA, 0xA3, 0x71, 0x7B, 0x2C, 0x3B,
-        0x29, 0x0A, 0x07, 0x15, 0x82, 0x11, 0x09, 0xC4,
-        0xCC, 0xEA, 0xC4, 0x9F, 0x34, 0x1D, 0xAD, 0xD3,
-        0x77, 0xD4, 0x2A, 0x37, 0x26, 0x19, 0x16, 0xAC,
-        0x7B, 0xB9, 0xE4, 0x1C, 0x09, 0x6C, 0xA8, 0x18,
-        0x1C, 0xF5, 0x83, 0x50, 0x57, 0x3F, 0x60, 0x56,
-        0x84, 0xA1, 0xBC, 0xA5, 0x3D, 0x88, 0x25, 0x74,
-        0x53, 0xC5, 0x35, 0x16, 0x5C, 0x4E, 0xD7, 0x2A,
-        0x9F, 0xF0, 0x56, 0x45, 0x71, 0x29, 0x01, 0xF6,
-        0x6C, 0x10, 0xD0, 0x4F, 0x5E, 0xB4, 0xA2, 0xEC,
-        0x37, 0x72, 0xE9, 0x49, 0x8E, 0x9D, 0xC4, 0x4B,
-        0xBD, 0xAB, 0x71, 0xBB, 0xDB, 0xBC, 0xFC, 0x85,
-        0xB8, 0x01, 0x36, 0x30, 0x89, 0xEA, 0x60, 0xEF,
-        0xE5, 0x86, 0xE1, 0xE2, 0x18, 0x0C, 0x38, 0xB2,
-        0xE7, 0xB4, 0xA6, 0x3E, 0xD6, 0x07, 0x49, 0x0B,
-        0xC5, 0xBA, 0x7A, 0x58, 0xAC, 0x3B, 0x1C, 0x0E,
-        0x43, 0x96, 0x72, 0x00, 0xC7, 0x98, 0x02, 0x90,
-        0xEB, 0xF4, 0x11, 0x82, 0x84, 0x39, 0xEE, 0x8C,
-        0x8E, 0x61, 0x29, 0xB2, 0x58, 0xE1, 0x3D, 0x12,
-        0x7C, 0xB1, 0x5A, 0x00, 0xCB, 0x7B, 0x46, 0x8D,
-        0x40, 0x23, 0xB5, 0x09, 0x7B, 0x9B, 0x2E, 0x50,
-        0x9B, 0x50, 0xE8, 0x90, 0xB6, 0x3B, 0x47, 0x07,
-        0x48, 0x79, 0x61, 0xA2, 0x9E, 0x18, 0x65, 0x6D,
-        0xD2, 0xD0, 0x9E, 0x6A, 0x3B, 0x88, 0x43, 0xE2,
-        0x84, 0x3C, 0xB4, 0x85, 0x4F, 0x18, 0x11, 0x6E,
-        0x71, 0x7D, 0xDB, 0x03, 0x55, 0xA7, 0x51, 0x35,
-        0xB2, 0x02, 0x6A, 0x75, 0x2C, 0x8E, 0x7F, 0xF1,
-        0x8E, 0x0F, 0x4A, 0x39, 0x1C, 0xA3, 0x7F, 0x5B,
-        0x2B, 0xCC, 0x88, 0xC9, 0x99, 0xB4, 0xE4, 0x77,
-        0x50, 0xC4, 0x65, 0x47, 0xEC, 0x07, 0x6A, 0xC2,
-        0x15, 0x30, 0x72, 0x2C, 0xFA, 0xF9, 0x67, 0x99,
-        0x61, 0xC9, 0x86, 0x88, 0xC3, 0x56, 0x2B, 0x17,
-        0xCC, 0x80, 0x81, 0x46, 0xA1, 0x25, 0x72, 0xC9,
-        0xB5, 0xFF, 0x15, 0x1A, 0xAB, 0x54, 0x41, 0x09,
-        0x01, 0x84, 0x0E, 0x26, 0x42, 0x39, 0x87, 0xC5,
-        0xE0, 0xD2, 0x8E, 0xF2, 0xEA, 0x53, 0xEA, 0xE5,
-        0x95, 0x1E, 0x62, 0xAC, 0x7B, 0xD5, 0x18, 0xB9,
-        0x83, 0x0A, 0x4D, 0xBC, 0xCE, 0x6A, 0x93, 0x65,
-        0x91, 0xEA, 0x8E, 0xF2, 0x75, 0x07, 0x8A, 0x09,
-        0x73, 0x85, 0x2A, 0x4D, 0x13, 0x04, 0x95, 0xD0,
-        0x0B, 0x3F, 0x21, 0x85, 0x15, 0x99, 0x90, 0x1C,
-        0xFD, 0xF9, 0x36, 0x83, 0x44, 0xC8, 0x10, 0x42,
-        0x2F, 0xFE, 0xA0, 0x8A, 0xED, 0xCB, 0x1A, 0x7F,
-        0xD3, 0x62, 0x5F, 0x26, 0xB0, 0x34, 0x81, 0x2F,
-        0xA3, 0x07, 0xAB, 0x2C, 0x20, 0x94, 0x54, 0x65,
-        0x54, 0x6D, 0x31, 0xA3, 0x41, 0xA4, 0x01, 0x3D,
-        0x81, 0x89, 0xB4, 0xF5, 0x0F, 0xE8, 0x60, 0xA6,
-        0x68, 0xDA, 0xC7, 0xB1, 0x03, 0x44, 0x1E, 0x96,
-        0x1F, 0xCE, 0xB0, 0xC5, 0xB1, 0xF3, 0x4D, 0xF2,
-        0xE5, 0x98, 0xC6, 0xD8, 0xCF, 0x60, 0xB8, 0x64,
-        0x15, 0x0C, 0x70, 0x3D, 0x2B, 0xBE, 0xAC, 0x9B,
-        0x00, 0x1A, 0xA2, 0x10, 0x81, 0x47, 0xAE, 0x6B,
-        0x8A, 0xAE, 0x2C, 0x77, 0x91, 0xDB, 0xE9, 0x56,
-        0xC1, 0xF9, 0xB2, 0x04, 0x7A, 0x15, 0x76, 0x09,
-        0x43, 0x87, 0x06, 0x4C, 0x3A, 0x80, 0x1B, 0x0D,
-        0x89, 0xC9, 0x96, 0xA5, 0xCF, 0xA3, 0xB0, 0x12,
-        0xC1, 0x44, 0x38, 0xB9, 0xF3, 0x53, 0x0C, 0x0C,
-        0x5F, 0xA9, 0x38, 0x9F, 0x10, 0xFB, 0x3E, 0xF1,
-        0xE2, 0x01, 0x33, 0x38, 0x41, 0x5F, 0x7B, 0x1D,
-        0xB4, 0x11, 0xAD, 0xF9, 0x1C, 0x73, 0xB6, 0x45,
-        0x6B, 0x68, 0xAB, 0x7C, 0xFC, 0x7B, 0xC9, 0x29,
-        0xE4, 0x4E, 0x58, 0xEB, 0x34, 0xCA, 0x10, 0xAE,
-        0x31, 0xF0, 0x3B, 0x2C, 0x3B, 0xA6, 0xCC, 0xA2,
-        0x7E, 0xB3, 0x5C, 0xB1, 0x37, 0x9A, 0x13, 0x0A,
-        0xAC, 0x87, 0xE3, 0xB8, 0x75, 0xCF, 0xE2, 0x53,
-        0xAF, 0x03, 0xC4, 0xBD, 0x78, 0x3F, 0x18, 0xC5,
-        0xA2, 0xF8, 0x49, 0x2B, 0xBF, 0x7C, 0x56, 0x87,
-        0x55, 0x98, 0xB1, 0xB6, 0x3F, 0xE6, 0xCB, 0x06,
-        0x94, 0xD0, 0x48, 0x0C, 0xA1, 0xC8, 0xF8, 0x86,
-        0x7C, 0x11, 0xB8, 0xBF, 0x33, 0xA3, 0x2C, 0x20,
-        0xB7, 0x9F, 0x9C, 0xA4, 0x86, 0x85, 0x86, 0x10,
-        0xB1, 0x97, 0x83, 0xBE, 0xF7, 0x84, 0xBF, 0x6B,
-        0x0F, 0x85, 0x8C, 0x1A, 0x79, 0x11, 0x30, 0xDA,
-        0x69, 0x57, 0xF2, 0x12, 0x23, 0x4E, 0xC9, 0x86,
-        0x79, 0x81, 0x4B, 0xE8, 0x39, 0xBF, 0x11, 0x0B,
-        0x45, 0xC1, 0xC8, 0x83, 0xEC, 0xDC, 0x3D, 0xB3,
-        0xF8, 0x22, 0xA4, 0xF7, 0xC1, 0x25, 0x56, 0x6E,
-        0xD1, 0x66, 0x35, 0x68, 0xC8, 0x41, 0x3C, 0xD0,
-        0x1C, 0x22, 0x46, 0x7A, 0xD5, 0x20, 0x1A, 0x0A,
-        0xDC, 0x76, 0x34, 0x35, 0xA2, 0xCB, 0x05, 0xCD,
-        0xC4, 0x70, 0x72, 0xA9, 0x43, 0x70, 0xF5, 0xB4,
-        0x34, 0xF7, 0x5C, 0x07, 0x8B, 0x41, 0x59, 0x93,
-        0xE8, 0x54, 0xDD, 0xE1, 0x7B, 0xBF, 0x86, 0xC0,
-        0xC6, 0xC9, 0xA3, 0x24, 0x85, 0x32, 0xD9, 0xC2,
-        0x13, 0x9E, 0xF3, 0xC7, 0x5A, 0x9B, 0xC6, 0x93,
-        0x78, 0x10, 0x60, 0xDC, 0xAE, 0x2F, 0xFA, 0x58,
-        0xD9, 0xCC, 0x54, 0x8F, 0x19, 0xC1, 0xCE, 0x53,
-        0x64, 0x88, 0x0C, 0x7F, 0xB5, 0x0C, 0xC7, 0xBE,
-        0x40, 0x53, 0x12, 0xD6, 0xCC, 0x94, 0x03, 0x76,
-        0x18, 0xF3, 0x88, 0xC4, 0x90, 0xAF, 0x8F, 0x61,
-        0xB9, 0xB4, 0x04, 0x4C, 0xF7, 0x5A, 0x5C, 0xD7,
-        0x1A, 0x15, 0x85, 0x3B, 0x5F, 0xD6, 0x22, 0x4C,
-        0x6B, 0x95, 0x90, 0xE5, 0x85, 0x01, 0xD2, 0x81,
-        0x42, 0x00, 0xC9, 0x19, 0xF2, 0x83, 0xCC, 0x2B,
-        0x49, 0xAD, 0x8B, 0xFA, 0x5B, 0xAA, 0xA2, 0x97,
-        0x7F, 0x03, 0x82, 0x3F, 0x60, 0x9E, 0xFB, 0x24,
-        0x26, 0xF9, 0x36, 0xC3, 0x02, 0x87, 0x09, 0x7B,
-        0xD6, 0xB7, 0xBD, 0xC6, 0x78, 0x62, 0x85, 0x88,
-        0x83, 0xDB, 0x59, 0x54, 0x08, 0x04, 0x29, 0xB9,
-        0xCD, 0x02, 0xCA, 0x96, 0xBC, 0x1C, 0xCB, 0xDB,
-        0x51, 0x21, 0xDF, 0xF8, 0x05, 0xB0, 0x82, 0x4A,
-        0xEE, 0x99, 0x9E, 0x2B, 0xBB, 0x2D, 0x82, 0x35,
-        0x3E, 0x6D, 0x3A, 0x30, 0x07, 0x92, 0x78, 0x10,
-        0x58, 0xC5, 0x6E, 0xF7, 0x09, 0x8A, 0xB3, 0x58,
-        0x4E, 0xA0, 0x62, 0x1E, 0x20, 0x33, 0x7D, 0x3A,
-        0x97, 0x5D, 0x93, 0xCF, 0x32, 0x58, 0x6D, 0x6A,
-        0x71, 0xA2, 0xC4, 0xBB, 0xB2, 0x02, 0xB8, 0x53,
-        0xFF, 0x09, 0xC4, 0x07, 0xB4, 0x3B, 0x1C, 0x19,
-        0xB1, 0xC4, 0xCC, 0xB8, 0x21, 0x48, 0x2D, 0xDD,
-        0x27, 0x37, 0x81, 0x77, 0xAA, 0x7F, 0x61, 0x78,
-        0x49, 0x7C, 0x3F, 0xBA, 0x79, 0x71, 0x53, 0x84,
-        0x8C, 0x5D, 0x0B, 0x1F, 0x40, 0xB5, 0x4E, 0x9D,
-        0x51, 0x93, 0x90, 0x4A, 0x30, 0x3F, 0x72, 0x5F,
-        0x0C, 0xCC, 0x66, 0xC6, 0xCC, 0xB1, 0x58, 0x85,
-        0x06, 0x05, 0x34, 0x6D, 0xB4, 0x2B, 0x87, 0x7D,
-        0xD9, 0xCE, 0xA5, 0xF6, 0x9C, 0x12, 0xB2, 0x21,
-        0xC7, 0xEC, 0x51, 0x00, 0xF7, 0x65, 0x87, 0xB9,
-        0x83, 0x4B, 0xC0, 0xC6, 0x41, 0x53, 0x8F, 0x83,
-        0xE8, 0x5B, 0xB3, 0x09, 0x0D, 0xBA, 0xFB, 0xCB,
-        0x0B, 0x71, 0x18, 0xFF, 0x7C, 0x97, 0xE9, 0x52,
-        0x63, 0x15, 0x70, 0x41, 0xF8, 0xAC, 0x40, 0x52,
-        0xD0, 0x40, 0x35, 0x00, 0xCC, 0x4F, 0x68, 0x94,
-        0x55, 0x97, 0x4C, 0xEB, 0x5B, 0x07, 0x67, 0x90,
-        0xA0, 0x50, 0xE0, 0xB3, 0xF6, 0x77, 0x2A, 0x77,
-        0x67, 0x54, 0x1F, 0xF6, 0xB6, 0x7B, 0x2A, 0x1D,
-        0x54, 0x07, 0x82, 0x06, 0x47, 0x68, 0x8F, 0x36,
-        0x0A, 0x2B, 0x01, 0x47, 0x37, 0x67, 0x71, 0x29,
-        0x09, 0xB2, 0x27, 0x65, 0x8B, 0xE6, 0x45, 0x78,
-        0x48, 0xC4, 0x40, 0x75, 0x71, 0x68, 0x06, 0x18,
-        0x88, 0x58, 0x9C, 0xB0, 0x5A, 0x99, 0x9E, 0x55,
-        0x49, 0x67, 0x91, 0xB1, 0x1A, 0xF2, 0x06, 0x6B,
-        0xB8, 0xCA, 0x74, 0x60, 0x51, 0xC4, 0x68, 0x0A,
-        0x0B, 0xC0, 0x73, 0x82, 0x41, 0x2A, 0xB8, 0xB8,
-        0xA3, 0x19, 0xDB, 0xC7, 0x94, 0xDD, 0xC6, 0x94,
-        0xBF, 0xDB, 0x81, 0x3F, 0x80, 0xB5, 0x8B, 0x72,
-        0x21, 0x8D, 0xD6, 0x4D, 0xFC, 0xDB, 0xA1, 0xAB,
-        0x48, 0xA9, 0x4F, 0x7A, 0x8D, 0xCA, 0x92, 0x66,
-        0xCD, 0x15, 0xA4, 0x2D, 0x9B, 0xA5, 0xFB, 0x67,
-        0x67, 0xA9, 0x55, 0x52, 0x6C, 0x05, 0x0D, 0xE2,
-        0x59, 0x8B, 0x11, 0x2A, 0x2B, 0x10, 0x3A, 0xA2,
-        0xD1, 0xF0, 0x60, 0x6F, 0xE6, 0x8A, 0x55, 0x19,
-        0x1E, 0xF5, 0x3B, 0x30, 0x2F, 0x7C, 0x19, 0x22,
-        0xC3, 0x01, 0xCE, 0xEA, 0x98, 0x9A, 0x62, 0x13,
-        0x40, 0x90, 0xA8, 0x60, 0x76, 0x77, 0x6F, 0xA4,
-        0x46, 0x27, 0xB7, 0x31, 0x63, 0x86, 0x57, 0x6A,
-        0x67, 0x81, 0x75, 0xB2, 0x18, 0xE6, 0xF4, 0x82,
-        0xB5, 0x2B, 0xC6, 0x02, 0x7B, 0xBE, 0xB3, 0x46,
-        0x98, 0xB9, 0x80, 0x2F, 0xD6, 0x76, 0x34, 0xC1,
-        0xA9, 0x4D, 0xD4, 0xC5, 0xCD, 0x49, 0xEC, 0x6E,
-        0x2D, 0x66, 0x5F, 0x72, 0x77, 0x81, 0xD1, 0xEC,
-        0x10, 0xAA, 0xF6, 0x6A, 0xD8, 0x27, 0x9B, 0x9B,
-        0xF2, 0x4C, 0x99, 0xE8, 0x75, 0xEC, 0x94, 0x35,
-        0x2D, 0x96, 0x05, 0xFA, 0x30, 0xCB, 0x3D, 0x8B,
-        0x26, 0x86, 0xB0, 0x39, 0x71, 0xA7, 0x60, 0xB3,
-        0x05, 0x3B, 0x34, 0x34, 0x6D, 0x0D, 0x71, 0xB4,
-        0x4D, 0x8B, 0x7D, 0x2E, 0xA6, 0x1A, 0x5C, 0x10,
-        0xA9, 0x33, 0xD3, 0x8B, 0xA4, 0x83, 0x36, 0x71,
-        0x11, 0x74, 0x54, 0x61, 0x47, 0xD4, 0x4B, 0x29,
-        0x14, 0xF8, 0x56, 0x89, 0xD9, 0xC1, 0xBF, 0x00,
-        0x37, 0xC7, 0xF7, 0x37, 0x7C, 0xD9, 0x30, 0xCF,
-        0xF6, 0x0F, 0x84, 0xB0, 0xA2, 0x00, 0x5D, 0x3E,
-        0xFE, 0x55, 0xC7, 0x31, 0x1B, 0x1B, 0x61, 0x32,
-        0x76, 0x8B, 0x52, 0x90, 0xD8, 0x36, 0xB8, 0x2B,
-        0xC4, 0x43, 0xC3, 0x2B, 0x4F, 0xEC, 0x96, 0x02,
-        0x19, 0xDB, 0x21, 0x32, 0xF7, 0x99, 0x0A, 0xD6,
-        0x84, 0xA3, 0x72, 0x9F, 0x3D, 0x1A, 0x2C, 0xEA,
-        0x3A, 0x1F, 0xE4, 0xB1, 0x26, 0x75, 0xC4, 0x89,
-        0xEF, 0x33, 0x19, 0x8F, 0x01, 0xA1, 0x06, 0x80,
-        0x6E, 0xFC, 0xE8, 0x92, 0x1D, 0xC4, 0x6E, 0x97,
-        0x1C, 0x0A, 0x0A, 0x56, 0x4A, 0xF9, 0xE5, 0x6C,
-        0xA7, 0x27, 0xA7, 0x64, 0x1C, 0x56, 0x8C, 0x95,
-        0xAA, 0x59, 0x56, 0x91, 0x0B, 0x28, 0x84, 0x29,
-        0xF8, 0x0E, 0xE7, 0x22, 0x6E, 0x9D, 0xC4, 0x06,
-        0x7E, 0x34, 0x94, 0x4F, 0x06, 0x92, 0x6D, 0x44,
-        0xB2, 0xCF, 0x87, 0x64, 0xF7, 0x13, 0x59, 0x3B,
-        0x44, 0x29, 0xF8, 0x2B, 0x8F, 0xCC, 0x60, 0x77,
-        0x98, 0x91, 0x6B, 0x81, 0x5B, 0x90, 0x98, 0x33,
-        0x0E, 0xC3, 0x34, 0x29, 0x0D, 0xB8, 0xC0, 0x4B,
-        0x08, 0x3D, 0xF3, 0xCA, 0x10, 0xCE, 0x35, 0x75,
-        0x07, 0x30, 0x28, 0xE9, 0x94, 0xA2, 0x5B, 0xE7,
-        0x28, 0x78, 0x49, 0x2F, 0xE1, 0xB6, 0x96, 0xBA,
-        0x5C, 0xB1, 0xA7, 0x73, 0x19, 0x3A, 0x3B, 0x28,
-        0xA4, 0xF4, 0x40, 0xAE, 0x58, 0x2D, 0xC7, 0xC2,
-        0x4F, 0xE7, 0x45, 0x1D, 0x66, 0x76, 0x23, 0x2B,
-        0xB9, 0x61, 0xC5, 0x04, 0x0C, 0x9E, 0x52, 0x01,
-        0xAA, 0xF3, 0xCD, 0x4D, 0xE4, 0x0A, 0xD5, 0xA9,
-        0x57, 0x8A, 0xF5, 0x28, 0x10, 0xB5, 0x93, 0xE9,
-        0x81, 0x5E, 0x23, 0xF6, 0x3F, 0x56, 0x40, 0x61,
-        0xA4, 0x84, 0x07, 0x21, 0x3A, 0xA1, 0xB0, 0x90,
-        0x8F, 0x4B, 0x17, 0x4F, 0x86, 0xD5, 0x73, 0xFA,
-        0x04, 0x38, 0x64, 0x98, 0xBE, 0x68, 0x39, 0x8E,
-        0x8D, 0x72, 0x0D, 0x27, 0x81, 0x11, 0xD8, 0xB1,
-        0x73, 0x03, 0x60, 0x2A, 0x96, 0xE3, 0x5F, 0x56,
-        0xFB, 0x25, 0x17, 0x3C, 0x4F, 0x4A, 0x03, 0xCA,
-        0x2A, 0xC9, 0xBF, 0x79, 0xDC, 0xAB, 0x76, 0x4B,
-        0xCE, 0x44, 0x10, 0x40, 0x1E, 0x10, 0x13, 0xE6,
-        0x52, 0x8C, 0xCC, 0x51, 0x13, 0x35, 0x85, 0x77,
-        0xDA, 0x83, 0x75, 0xE0, 0x23, 0x43, 0x10, 0x8C,
-        0x29, 0x24, 0xD2, 0x55, 0x1E, 0x5C, 0xC5, 0xA1,
-        0xB0, 0x4D, 0xEF, 0x88, 0x32, 0x4D, 0x85, 0x4F,
-        0xC9, 0x2C, 0x4A, 0xDF, 0x7C, 0x23, 0x01, 0x33,
-        0x7E, 0x45, 0x20, 0xBF, 0xC3, 0x65, 0x56, 0x6F,
-        0x66, 0x09, 0x2E, 0x36, 0x7A, 0xE6, 0x06, 0x12,
-        0x74, 0x46, 0x53, 0xC1, 0xEB, 0x47, 0xF0, 0x82,
-        0x09, 0x51, 0xA2, 0xA1, 0x4C, 0x42, 0x59, 0x09,
-        0x34, 0x0D, 0x87, 0x27, 0x18, 0x8E, 0xAA, 0x08,
-        0xE4, 0x86, 0x78, 0x98, 0x48, 0x76, 0xD0, 0x00,
-        0x8D, 0xAE, 0x99, 0x01, 0x5B, 0x36, 0x63, 0xFD,
-        0xCB, 0x72, 0x57, 0x41, 0x53, 0x0B, 0xC3, 0x89,
-        0x5B, 0x11, 0x62, 0x0C, 0xE3, 0xB4, 0x17, 0xA3,
-        0x20, 0xE1, 0x88, 0x13, 0xB9, 0x9C, 0x23, 0x5A,
-        0xC0, 0x6F, 0x55, 0x60, 0x0F, 0x98, 0x38, 0x82,
-        0xBF, 0xF0, 0x02, 0x36, 0x10, 0x7B, 0x50, 0x42,
-        0x54, 0x5B, 0x6B, 0x77, 0x58, 0x68, 0xAE, 0xFB,
-        0x79, 0xB5, 0x95, 0x59, 0x69, 0x02, 0xC6, 0x9B,
-        0x9E, 0xCA, 0x3D, 0x35, 0x8C, 0x61, 0xFE, 0xE0,
-        0x36, 0xD2, 0x18, 0xAC, 0x43, 0xBA, 0x3F, 0x52,
-        0xC0, 0x6A, 0x8F, 0x88, 0x1A, 0x7E, 0xD7, 0x03,
-        0x86, 0x14, 0x2C, 0xBA, 0xC5, 0xCC, 0x04, 0xFC,
-        0xC3, 0x1E, 0x16, 0x27, 0x76, 0x51, 0xCE, 0x2D,
-        0xCC, 0x50, 0x14, 0xF6, 0xBA, 0x5A, 0x91, 0x5C,
-        0x13, 0x38, 0x83, 0x4E, 0xF4, 0x74, 0xB6, 0x71,
-        0x59, 0x13, 0xBC, 0x7A, 0x4E, 0x59, 0x3C, 0x68,
-        0x87, 0x66, 0xAD, 0xD7, 0x06, 0x98, 0xB3, 0x7E,
-        0x06, 0xE5, 0x39, 0x15, 0xF3, 0x85, 0x38, 0x8C,
-        0x25, 0xC4, 0x26, 0x5E, 0x1C, 0xB4, 0x4F, 0xE3,
-        0xD0, 0x19, 0xD1, 0x21, 0xAE, 0x4C, 0x32, 0x43,
-        0x4F, 0x37, 0xB0, 0xA4, 0xCB, 0x69, 0xC7, 0xCC,
-        0x95, 0x70, 0x73, 0x50, 0xC3, 0x49, 0x3D, 0x0F,
-        0xB1, 0x1C, 0xD4, 0xD0, 0x9F, 0x29, 0xDC, 0x56,
-        0xC0, 0x7B, 0xC8, 0xEB, 0x0B, 0xD0, 0x08, 0x2B,
-        0x41, 0x44, 0x21, 0x45, 0x66, 0x3C, 0x21, 0xAB,
-        0x43, 0x34, 0x67, 0xB9, 0x5E, 0xC2, 0x47, 0x84,
-        0x23, 0xC1, 0x8B, 0xF2, 0xEC, 0x70, 0x3E, 0xFB,
-        0xA2, 0x8C, 0xDA, 0xBD, 0x42, 0xB7, 0xB8, 0x33,
-        0x15, 0x0D, 0x6D, 0xA2, 0x5E, 0xB0, 0x0A, 0x83,
-        0x28, 0x90, 0x2E, 0x2D, 0x08, 0x9B, 0x55, 0xD6,
-        0x9A, 0xAD, 0x9A, 0x94, 0xD8, 0x18, 0x26, 0x4C,
-        0x54, 0xB0, 0x4D, 0x61, 0x4D, 0x14, 0x7A, 0x30,
-        0xAB, 0xFC, 0x03, 0xD9, 0x92, 0x9D, 0x96, 0xBA,
-        0x7F, 0x81, 0x86, 0x5D, 0xA3, 0x53, 0xC4, 0x54,
-        0xBA, 0x7A, 0xA7, 0x88, 0x1A, 0xB9, 0x74, 0xC1,
-        0xB8, 0xF0, 0x83, 0x1E, 0x79, 0xC4, 0x41, 0x86,
-        0x64, 0xE9, 0x53, 0xA5, 0x4D, 0xE9, 0x32, 0x13,
-        0x69, 0x72, 0x81, 0x34, 0x1D, 0x37, 0xF5, 0x08,
-        0xE8, 0xCB, 0xAE, 0x3D, 0x81, 0x85, 0x05, 0x45,
-        0x67, 0xDE, 0xFC, 0x8E, 0x3B, 0xBC, 0xAA, 0x42,
-        0x47, 0x90, 0x7C, 0x48, 0x3B, 0x8F, 0x1B, 0x84,
-        0xB3, 0x24, 0xC1, 0xA7, 0xCA, 0x84, 0x42, 0xDB,
-        0x6B, 0x7B, 0x12, 0x8C, 0x83, 0x13, 0xBE, 0x1F,
-        0xE2, 0x57, 0x91, 0x20, 0x9B, 0x86, 0x4A, 0x3E,
-        0x1A, 0x61, 0x8D, 0x56, 0xD7, 0x10, 0xD6, 0xF3,
-        0xBF, 0x55, 0x95, 0x10, 0x16, 0x7C, 0x46, 0x4C,
-        0x6B, 0x9B, 0x8B, 0xC4, 0x90, 0xB8, 0xE0, 0x39,
-        0x25, 0xD0, 0x3D, 0x0E, 0xEB, 0x5D, 0x78, 0x17,
-        0x94, 0x28, 0xBB, 0x80, 0xD3, 0xFB, 0x14, 0x88,
-        0x40, 0x70, 0x9C, 0x41, 0x14, 0x7A, 0x68, 0x6F,
-        0xC9, 0xBC, 0xBD, 0xCD, 0xF7, 0xC7, 0xEA, 0x7C,
-        0x30, 0xFB, 0x64, 0x0F, 0xF0, 0x5B, 0x75, 0x39,
-        0xAB, 0xAB, 0x70, 0x89, 0x29, 0x08, 0xE9, 0x3C,
-        0xC9, 0xC3, 0x47, 0xF8, 0xAC, 0x88, 0x9E, 0x56,
-        0x46, 0x8A, 0x13, 0x5B, 0x99, 0x75, 0x47, 0x38,
-        0xE1, 0x5F, 0x4E, 0x67, 0x7D, 0xF3, 0x75, 0xBF,
-        0x1B, 0x43, 0x60, 0x6A, 0x2C, 0x47, 0x38, 0x0B,
-        0x10, 0xA0, 0xC1, 0x4C, 0x28, 0x58, 0x3C, 0x83,
-        0x31, 0x1A, 0x28, 0x54, 0xB2, 0xA9, 0x93, 0x1F,
-        0xD6, 0x60, 0x86, 0xC1, 0x07, 0x49, 0xF3, 0x34,
-        0x57, 0x7F, 0xD7, 0x0B, 0x51, 0xB9, 0x50, 0x60,
-        0x07, 0x51, 0x99, 0x31, 0x9B, 0x3F, 0x7C, 0xB5,
-        0xB2, 0x37, 0x30, 0x2C, 0x37, 0x0A, 0x23, 0x17,
-        0x5E, 0x4E, 0x01, 0x3C, 0x56, 0x28, 0x1B, 0xAF,
-        0xE2, 0xBE, 0x9F, 0x82, 0x5A, 0x30, 0x66, 0xAB,
-        0x8B, 0xBA, 0x57, 0x93, 0xE2, 0x1E, 0x7A, 0x48,
-        0x97, 0x8C, 0xF6, 0x0C, 0x09, 0x1B, 0x1F, 0x80,
-        0xC0, 0xC2, 0x38, 0x14, 0xA3, 0x0F, 0x77, 0x60,
-        0x60, 0x1A, 0xCE, 0xAB, 0xB1, 0x21, 0x52, 0x00,
-        0x94, 0x0F, 0xFA, 0x15, 0x22, 0x72, 0x09, 0x6D,
-        0x45, 0x8D, 0x00, 0xDD, 0x03, 0x9F, 0x23, 0x6B,
-        0x27, 0x27, 0xB5, 0x88, 0xC6, 0x22, 0x04, 0xE7,
-        0x9C, 0x45, 0x16, 0x81, 0xDF, 0xE4, 0x10, 0xEE,
-        0xC4, 0x2B, 0x74, 0x94, 0x5A, 0xEC, 0x03, 0x13,
-        0xA3, 0x91, 0x94, 0x2A, 0xE1, 0xB1, 0x22, 0x17,
-        0x4D, 0xBE, 0x59, 0xAB, 0x1E, 0x39, 0x0C, 0xD6,
-        0x49, 0x41, 0x43, 0x6C, 0x75, 0xA9, 0x32, 0x3C,
-        0x69, 0xA6, 0x41, 0x88, 0x08, 0x70, 0xFB, 0xB2,
-        0x80, 0xB3, 0xB3, 0x7B, 0x3B, 0xD9, 0x82, 0xB8,
-        0x29, 0x55, 0x62, 0x0B, 0x07, 0x83, 0xB8, 0x2E,
-        0x89, 0x61, 0xA4, 0x04, 0x3B, 0xC7, 0xF6, 0x6C,
-        0x0E, 0xF2, 0x5A, 0x5E, 0xD1, 0x53, 0x26, 0xF8,
-        0x81, 0x6E, 0x5E, 0xA4, 0x16, 0x7E, 0xE8, 0xBF,
-        0x66, 0x66, 0x45, 0x1D, 0x31, 0x5B, 0x2C, 0x75,
-        0x14, 0x41, 0x17, 0x2C, 0x27, 0x83, 0x00, 0x26,
-        0x82, 0x61, 0xC7, 0x8C, 0x6F, 0x0C, 0x46, 0x56,
-        0x27, 0x79, 0xB3, 0xA1, 0x19, 0x6F, 0x87, 0x83,
-        0x5F, 0x79, 0xFC, 0xB7, 0xE0, 0xCB, 0xA1, 0x53,
-        0x36, 0xCC, 0x83, 0xE1, 0x56, 0xC5, 0x02, 0x28,
-        0x87, 0xA8, 0x09, 0x86, 0xB4, 0x9C, 0x1B, 0x57,
-        0x65, 0x94, 0xA2, 0x31, 0x42, 0x62, 0x4A, 0xBF,
-        0x52, 0x48, 0x22, 0x41, 0x8C, 0x61, 0x01, 0x90,
-        0x52, 0x62, 0x80, 0x65, 0x72, 0x49, 0x4D, 0x37,
-        0x53, 0xC0, 0x62, 0x81, 0xE7, 0xF1, 0x7E, 0x0D,
-        0x79, 0x6C, 0xD7, 0x76, 0x7F, 0xDC, 0xE9, 0x01,
-        0xFE, 0x17, 0x12, 0xA0, 0x0A, 0x3D, 0x36, 0xEB,
-        0x42, 0x3E, 0x29, 0x86, 0x88, 0x46, 0x93, 0x2A,
-        0x94, 0x31, 0xB8, 0xCA, 0x66, 0x0F, 0xC1, 0x97,
-        0x5E, 0x23, 0xA7, 0x5B, 0x4A, 0x51, 0xDE, 0x10,
-        0x69, 0xD3, 0xA5, 0x9F, 0x6E, 0xEB, 0x2A, 0x5C,
-        0xE7, 0x2A, 0x89, 0x16, 0xB5, 0xE8, 0x63, 0x47,
-        0x6E, 0x6A, 0xC5, 0x72, 0x92, 0x9F, 0x2C, 0x29,
-        0xBC, 0x56, 0x27, 0xBA, 0x99, 0x41, 0x63, 0xCE,
-        0xD3, 0x5A, 0xB7, 0x03, 0x1C, 0x00, 0x49, 0x07,
-        0x24, 0x55, 0x5A, 0xCD, 0xE6, 0x13, 0xAE, 0xB4,
-        0xC3, 0xE9, 0x99, 0x81, 0xC6, 0x2B, 0x5D, 0xC6,
-        0xA9, 0xB3, 0x5B, 0xA7, 0x92, 0x20, 0x24, 0x36,
-        0x89, 0xE0, 0x59, 0x49, 0x96, 0x85, 0x7C, 0x04,
-        0x5D, 0x67, 0x19, 0x3D, 0x9E, 0x41, 0x1B, 0x4F,
-        0xF3, 0x9D, 0x0F, 0x8C, 0x3C, 0x0A, 0x70, 0xAD,
-        0xB7, 0x2A, 0x70, 0x21, 0xE3, 0x6D, 0x64, 0xFB,
-        0x29, 0x4D, 0x93, 0x2B, 0x24, 0xE1, 0xA2, 0xBC,
-        0x0B, 0xC4, 0x1C, 0x4A, 0xA3, 0xB5, 0xEC, 0x3C,
-        0xF0, 0xE6, 0x72, 0xDE, 0x14, 0x0F, 0x48, 0x47,
-        0x33, 0xFD, 0x82, 0xBF, 0x08, 0x29, 0x34, 0xB5,
-        0x40, 0xA6, 0x35, 0xC4, 0x48, 0x98, 0xE8, 0xAB,
-        0x8E, 0x06, 0x45, 0x70, 0x5A, 0xA5, 0x81, 0x71,
-        0x8B, 0x41, 0x32, 0xC4, 0x27, 0x92, 0x7F, 0xAE,
-        0x75, 0xBF, 0x96, 0x16, 0xA5, 0x42, 0x4C, 0x20,
-        0x20, 0xEB, 0xC5, 0xCF, 0xC1, 0xBC, 0x0E, 0xD1,
-        0x65, 0x3A, 0xE5, 0x00, 0x5A, 0x17, 0x54, 0x18,
-        0x16, 0x20, 0xB7, 0xF0, 0x6D, 0x71, 0x63, 0x13,
-        0x03, 0x3B, 0xB7, 0x2A, 0x40, 0x64, 0x7A, 0xDB,
-        0x2E, 0x66, 0x73, 0x70, 0xF2, 0xC7, 0x4F, 0xDB,
-        0x94, 0x42, 0x0D, 0xA4, 0x8D, 0xD1, 0x37, 0x9D,
-        0xBA, 0x59, 0xAA, 0x22, 0xF8, 0x57, 0xE2, 0x31,
-        0xC5, 0xC0, 0x83, 0x29, 0x00, 0x66, 0xC5, 0x48,
-        0x76, 0x1B, 0xDF, 0x38, 0x5F, 0x2F, 0x85, 0x81,
-        0x7B, 0x21, 0x20, 0x66, 0xD3, 0x9F, 0x03, 0xB7,
-        0x7F, 0x8E, 0xF4, 0x12, 0x19, 0xE4, 0xBF, 0xB9,
-        0xC1, 0x2E, 0x4F, 0xC9, 0x88, 0x00, 0x57, 0x1D,
-        0x22, 0x3A, 0xA9, 0x2A, 0x32, 0xC7, 0xA3, 0xC2,
-        0xA7, 0xCF, 0x9C, 0x99, 0x5A, 0xE0, 0xA7, 0xB5,
-        0x93, 0x91, 0xFE, 0x9A, 0x4F, 0x0D, 0x63, 0x3B,
-        0xFB, 0x79, 0x8C, 0x34, 0xB7, 0x2B, 0xBA, 0x6A,
-        0x9F, 0x16, 0xC4, 0x13, 0x2E, 0x88, 0xB5, 0x70,
-        0x75, 0x8B, 0xD5, 0x51, 0xC9, 0x1B, 0xD2, 0xAD,
-        0xEB, 0x53, 0xA7, 0x2A, 0xC6, 0xAA, 0x03, 0x68,
-        0x9D, 0xD6, 0x4B, 0x03, 0x57, 0x09, 0xA8, 0xAF,
-        0x46, 0x85, 0x43, 0xCB, 0x17, 0x36, 0xDB, 0xC9,
-        0xC7, 0x2B, 0x52, 0x9E, 0x70, 0x59, 0x6D, 0x18,
-        0xB1, 0x9C, 0xA6, 0x8E, 0x61, 0x7A, 0x14, 0x7C,
-        0x18, 0x9D, 0x28, 0x3A, 0x77, 0x68, 0x8C, 0xAF,
-        0x94, 0xDA, 0x5A, 0x0E, 0x9B, 0x63, 0x18, 0x1A,
-        0x40, 0xBB, 0xE7, 0xBD, 0x41, 0x68, 0xA2, 0x4D,
-        0x27, 0x43, 0x19, 0xA9, 0x93, 0xBC, 0xEA, 0x8A,
-        0xBF, 0x50, 0x5F, 0xE8, 0x62, 0x12, 0x96, 0x92,
-        0xB5, 0xBD, 0xE8, 0x49, 0xF3, 0x6A, 0xC9, 0x2F,
-        0x71, 0x71, 0xE5, 0x38, 0x59, 0x31, 0x36, 0x04,
-        0xEA, 0xC1, 0x0B, 0xE2, 0x78, 0x6F, 0xF3, 0x85,
-        0xB9, 0xC7, 0x18, 0x15, 0x48, 0x18, 0x77, 0x2F,
-        0xA7, 0xB8, 0x99, 0xC0, 0x4E, 0xFD, 0x18, 0xA8,
-        0x01, 0x9A, 0x79, 0xB6, 0xF6, 0x4D, 0x5B, 0x9A,
-        0x2C, 0x55, 0xE7, 0x84, 0xCB, 0x47, 0xCA, 0x29,
-        0x48, 0x56, 0x68, 0x9A, 0xA6, 0xA7, 0x0C, 0xC2,
-        0x7B, 0x6C, 0x20, 0xD4, 0xD1, 0xC7, 0x29, 0xC4,
-        0x09, 0xD0, 0xB9, 0x25, 0xC4, 0x0C, 0x30, 0xC0,
-        0x77, 0x78, 0x15, 0x07, 0x77, 0x49, 0x48, 0x8B,
-        0x8D, 0xF0, 0x39, 0x06, 0x95, 0xAB, 0xDB, 0x04,
-        0x8C, 0x7C, 0xE1, 0x85, 0x36, 0x02, 0xA5, 0x4D,
-        0x15, 0x3C, 0xF2, 0xA5, 0x16, 0x17, 0x84, 0x7B,
-        0x11, 0xE6, 0x3C, 0x4C, 0x76, 0x19, 0x66, 0xD5,
-        0xAD, 0x93, 0x35, 0x0D, 0xBA, 0xDA, 0x4A, 0x15,
-        0xC1, 0x24, 0xBD, 0x80, 0x88, 0x71, 0x99, 0x3F,
-        0xC7, 0x75, 0xB6, 0xE4, 0x10, 0xC3, 0x86, 0x59,
-        0x0F, 0x73, 0x0A, 0x8E, 0xC9, 0x47, 0x5E, 0xEE,
-        0x91, 0x50, 0x39, 0xE9, 0x1B, 0x6F, 0xE4, 0x25,
-        0xB9, 0x06, 0x68, 0xC6, 0xAC, 0x52, 0x58, 0xB7,
-        0xAF, 0x10, 0x3B, 0x9F, 0x5E, 0x23, 0x0B, 0x71,
-        0x9B, 0xBB, 0x09, 0x87, 0x1D, 0xC1, 0x62, 0x15,
-        0x17, 0xBA, 0x2A, 0x83, 0x9C, 0x96, 0xAA, 0xA6,
-        0x44, 0x0A, 0x87, 0x5E, 0xAC, 0x90, 0xB2, 0x98,
-        0xD6, 0x1B, 0xD3, 0xF3, 0xAC, 0x89, 0xB4, 0x05,
-        0xDB, 0x39, 0x42, 0x32, 0x68, 0x6A, 0x2B, 0xE0,
-        0xF3, 0xC7, 0x5F, 0x15, 0xE6, 0x4E, 0x61, 0xF0,
-        0x70, 0x79, 0x1E, 0xB4, 0xBB, 0x97, 0xB7, 0x01,
-        0x98, 0x25, 0xF1, 0x17, 0xC7, 0xD7, 0x3A, 0x12,
-        0xFD, 0x3D, 0xCC, 0x22, 0xD5, 0x81, 0xB0, 0xE4,
-        0x1B, 0x78, 0x63, 0x74, 0xA4, 0x61, 0xEA, 0x0D,
-        0x88, 0xDA, 0xA8, 0x9B, 0x65, 0x9F, 0x0D, 0xC8,
-        0x24, 0x43, 0x42, 0x35, 0x15, 0xB6, 0x33, 0xB0,
-        0x05, 0xC9, 0x58, 0xEC, 0x26, 0x56, 0x1B, 0x6D,
-        0xB8, 0x18, 0xF4, 0xB8, 0xCB, 0x2E, 0x28, 0x99,
-        0x0E, 0x74, 0x84, 0x17, 0x58, 0x7F, 0xEC, 0x38,
-        0xA1, 0x28, 0x4B, 0xBB, 0x4F, 0xF9, 0xE4, 0x78
+        0x84, 0x45, 0xC3, 0x36, 0xF3, 0x51, 0x8B, 0x29,
+        0x81, 0x63, 0xDC, 0xBB, 0x63, 0x57, 0x59, 0x79,
+        0x83, 0xCA, 0x2E, 0x87, 0x3D, 0xCB, 0x49, 0x61,
+        0x0C, 0xF5, 0x2F, 0x14, 0xDB, 0xCB, 0x94, 0x7C,
+        0x1F, 0x3E, 0xE9, 0x26, 0x69, 0x67, 0x27, 0x6B,
+        0x0C, 0x57, 0x6C, 0xF7, 0xC3, 0x0E, 0xE6, 0xB9,
+        0x3D, 0xEA, 0x51, 0x18, 0x67, 0x6C, 0xBE, 0xE1,
+        0xB1, 0xD4, 0x79, 0x42, 0x06, 0xFB, 0x36, 0x9A,
+        0xBA, 0x41, 0x16, 0x7B, 0x43, 0x93, 0x85, 0x5C,
+        0x84, 0xEB, 0xA8, 0xF3, 0x23, 0x73, 0xC0, 0x5B,
+        0xAE, 0x76, 0x31, 0xC8, 0x02, 0x74, 0x4A, 0xAD,
+        0xB6, 0xC2, 0xDE, 0x41, 0x25, 0x0C, 0x49, 0x43,
+        0x15, 0x23, 0x0B, 0x52, 0x82, 0x6C, 0x34, 0x58,
+        0x7C, 0xB2, 0x1B, 0x18, 0x3B, 0x49, 0xB2, 0xA5,
+        0xAC, 0x04, 0x92, 0x1A, 0xC6, 0xBF, 0xAC, 0x1B,
+        0x24, 0xA4, 0xB3, 0x7A, 0x93, 0xA4, 0xB1, 0x68,
+        0xCC, 0xE7, 0x59, 0x1B, 0xE6, 0x11, 0x1F, 0x47,
+        0x62, 0x60, 0xF2, 0x76, 0x29, 0x59, 0xF5, 0xC1,
+        0x64, 0x01, 0x18, 0xC2, 0x42, 0x37, 0x72, 0xE2,
+        0xAD, 0x03, 0xDC, 0x71, 0x68, 0xA3, 0x8C, 0x6D,
+        0xD3, 0x9F, 0x5F, 0x72, 0x54, 0x26, 0x42, 0x80,
+        0xC8, 0xBC, 0x10, 0xB9, 0x14, 0x16, 0x80, 0x70,
+        0x47, 0x2F, 0xA8, 0x80, 0xAC, 0xB8, 0x60, 0x1A,
+        0x8A, 0x08, 0x37, 0xF2, 0x5F, 0xE1, 0x94, 0x68,
+        0x7C, 0xD6, 0x8B, 0x7D, 0xE2, 0x34, 0x0F, 0x03,
+        0x6D, 0xAD, 0x89, 0x1D, 0x38, 0xD1, 0xB0, 0xCE,
+        0x9C, 0x26, 0x33, 0x35, 0x5C, 0xF5, 0x7B, 0x50,
+        0xB8, 0x96, 0x03, 0x6F, 0xCA, 0x26, 0x0D, 0x26,
+        0x69, 0xF8, 0x5B, 0xAC, 0x79, 0x71, 0x4F, 0xDA,
+        0xFB, 0x41, 0xEF, 0x80, 0xB8, 0xC3, 0x02, 0x64,
+        0xC3, 0x13, 0x86, 0xAE, 0x60, 0xB0, 0x5F, 0xAA,
+        0x54, 0x2A, 0x26, 0xB4, 0x1E, 0xB8, 0x5F, 0x67,
+        0x06, 0x8F, 0x08, 0x80, 0x34, 0xFF, 0x67, 0xAA,
+        0x2E, 0x81, 0x5A, 0xAB, 0x8B, 0xCA, 0x6B, 0xF7,
+        0x1F, 0x70, 0xEC, 0xC3, 0xCB, 0xCB, 0xC4, 0x5E,
+        0xF7, 0x01, 0xFC, 0xD5, 0x42, 0xBD, 0x21, 0xC7,
+        0xB0, 0x95, 0x68, 0xF3, 0x69, 0xC6, 0x69, 0xF3,
+        0x96, 0x47, 0x38, 0x44, 0xFB, 0xA1, 0x49, 0x57,
+        0xF5, 0x19, 0x74, 0xD8, 0x52, 0xB9, 0x78, 0x01,
+        0x46, 0x03, 0xA2, 0x10, 0xC0, 0x19, 0x03, 0x62,
+        0x87, 0x00, 0x89, 0x94, 0xF2, 0x12, 0x55, 0xB2,
+        0x50, 0x99, 0xAD, 0x82, 0xAA, 0x13, 0x24, 0x38,
+        0x96, 0x3B, 0x2C, 0x0A, 0x47, 0xCD, 0xF5, 0xF3,
+        0x2B, 0xA4, 0x6B, 0x76, 0xC7, 0xA6, 0x55, 0x9F,
+        0x18, 0xBF, 0xD5, 0x55, 0xB7, 0x62, 0xE4, 0x87,
+        0xB6, 0xAC, 0x99, 0x2F, 0xE2, 0x0E, 0x28, 0x3C,
+        0xA0, 0xB3, 0xF6, 0x16, 0x44, 0x96, 0x95, 0x59,
+        0x95, 0xC3, 0xB2, 0x8A, 0x57, 0xBB, 0xC2, 0x98,
+        0x26, 0xF0, 0x6F, 0xB3, 0x8B, 0x25, 0x34, 0x70,
+        0xAF, 0x63, 0x1B, 0xC4, 0x6C, 0x3A, 0x8F, 0x9C,
+        0xE8, 0x24, 0x32, 0x19, 0x85, 0xDD, 0x01, 0xC0,
+        0x5F, 0x69, 0xB8, 0x24, 0xF9, 0x16, 0x63, 0x3B,
+        0x40, 0x65, 0x4C, 0x75, 0xAA, 0xEB, 0x93, 0x85,
+        0x57, 0x6F, 0xFD, 0xE2, 0x99, 0x0A, 0x6B, 0x0A,
+        0x3B, 0xE8, 0x29, 0xD6, 0xD8, 0x4E, 0x34, 0xF1,
+        0x78, 0x05, 0x89, 0xC7, 0x92, 0x04, 0xC6, 0x3C,
+        0x79, 0x8F, 0x55, 0xD2, 0x31, 0x87, 0xE4, 0x61,
+        0xD4, 0x8C, 0x21, 0xE5, 0xC0, 0x47, 0xE5, 0x35,
+        0xB1, 0x9F, 0x45, 0x8B, 0xBA, 0x13, 0x45, 0xB9,
+        0xE4, 0x1E, 0x0C, 0xB4, 0xA9, 0xC2, 0xD8, 0xC4,
+        0x0B, 0x49, 0x0A, 0x3B, 0xAB, 0xC5, 0x53, 0xB3,
+        0x02, 0x6B, 0x16, 0x72, 0xD2, 0x8C, 0xBC, 0x8B,
+        0x49, 0x8A, 0x3A, 0x99, 0x57, 0x9A, 0x83, 0x2F,
+        0xEA, 0xE7, 0x46, 0x10, 0xF0, 0xB6, 0x25, 0x0C,
+        0xC3, 0x33, 0xE9, 0x49, 0x3E, 0xB1, 0x62, 0x1E,
+        0xD3, 0x4A, 0xA4, 0xAB, 0x17, 0x5F, 0x2C, 0xA2,
+        0x31, 0x15, 0x25, 0x09, 0xAC, 0xB6, 0xAC, 0x86,
+        0xB2, 0x0F, 0x6B, 0x39, 0x10, 0x84, 0x39, 0xE5,
+        0xEC, 0x12, 0xD4, 0x65, 0xA0, 0xFE, 0xF3, 0x50,
+        0x03, 0xE1, 0x42, 0x77, 0xA2, 0x18, 0x12, 0x14,
+        0x6B, 0x25, 0x44, 0x71, 0x6D, 0x6A, 0xB8, 0x2D,
+        0x1B, 0x07, 0x26, 0xC2, 0x7A, 0x98, 0xD5, 0x89,
+        0xEB, 0xDA, 0xCC, 0x4C, 0x54, 0xBA, 0x77, 0xB2,
+        0x49, 0x8F, 0x21, 0x7E, 0x14, 0xE3, 0x4E, 0x66,
+        0x02, 0x5A, 0x2A, 0x14, 0x3A, 0x99, 0x25, 0x20,
+        0xA6, 0x1C, 0x06, 0x72, 0xCC, 0x9C, 0xCE, 0xD7,
+        0xC9, 0x45, 0x0C, 0x68, 0x3E, 0x90, 0xA3, 0xE4,
+        0x65, 0x1D, 0xB6, 0x23, 0xA6, 0xDB, 0x39, 0xAC,
+        0x26, 0x12, 0x5B, 0x7F, 0xC1, 0x98, 0x6D, 0x7B,
+        0x04, 0x93, 0xB8, 0xB7, 0x2D, 0xE7, 0x70, 0x7D,
+        0xC2, 0x0B, 0xBD, 0xD4, 0x37, 0x13, 0x15, 0x6A,
+        0xF7, 0xD9, 0x43, 0x0E, 0xF4, 0x53, 0x99, 0x66,
+        0x3C, 0x22, 0x02, 0x73, 0x91, 0x68, 0x69, 0x2D,
+        0xD6, 0x57, 0x54, 0x5B, 0x05, 0x6D, 0x9C, 0x92,
+        0x38, 0x5A, 0x7F, 0x41, 0x4B, 0x34, 0xB9, 0x0C,
+        0x79, 0x60, 0xD5, 0x7B, 0x35, 0xBA, 0x7D, 0xDE,
+        0x7B, 0x81, 0xFC, 0xA0, 0x11, 0x9D, 0x74, 0x1B,
+        0x12, 0x78, 0x09, 0x26, 0x01, 0x8F, 0xE4, 0xC8,
+        0x03, 0x0B, 0xF0, 0x38, 0xE1, 0x8B, 0x4F, 0xA3,
+        0x37, 0x43, 0xD0, 0xD3, 0xC8, 0x46, 0x41, 0x7E,
+        0x9D, 0x59, 0x15, 0xC2, 0x46, 0x31, 0x59, 0x38,
+        0xB1, 0xE2, 0x33, 0x61, 0x45, 0x01, 0xD0, 0x26,
+        0x95, 0x95, 0x51, 0x25, 0x8B, 0x23, 0x32, 0x30,
+        0xD4, 0x28, 0xB1, 0x81, 0xB1, 0x32, 0xF1, 0xD0,
+        0xB0, 0x26, 0x06, 0x7B, 0xA8, 0x16, 0x99, 0x9B,
+        0xC0, 0xCD, 0x6B, 0x54, 0x7E, 0x54, 0x8B, 0x63,
+        0xC9, 0xEA, 0xA0, 0x91, 0xBA, 0xC4, 0x93, 0xDC,
+        0x59, 0x8D, 0xBC, 0x2B, 0x0E, 0x14, 0x6A, 0x25,
+        0x91, 0xC2, 0xA8, 0xC0, 0x09, 0xDD, 0x51, 0x70,
+        0xAA, 0xE0, 0x27, 0xC5, 0x41, 0xA1, 0xB5, 0xE6,
+        0x6E, 0x45, 0xC6, 0x56, 0x12, 0x98, 0x4C, 0x46,
+        0x77, 0x04, 0x93, 0xEC, 0x89, 0x6E, 0xF2, 0x5A,
+        0xA9, 0x30, 0x5E, 0x9F, 0x06, 0x69, 0x2C, 0xD0,
+        0xB2, 0xF0, 0x69, 0x62, 0xE2, 0x05, 0xBE, 0xBE,
+        0x11, 0x3A, 0x34, 0xEB, 0xB1, 0xA4, 0x83, 0x0A,
+        0x9B, 0x37, 0x49, 0x64, 0x1B, 0xB9, 0x35, 0x00,
+        0x7B, 0x23, 0xB2, 0x4B, 0xFE, 0x57, 0x69, 0x56,
+        0x25, 0x4D, 0x7A, 0x35, 0xAA, 0x49, 0x6A, 0xC4,
+        0x46, 0xC6, 0x7A, 0x7F, 0xEC, 0x85, 0xA6, 0x00,
+        0x57, 0xE8, 0x58, 0x06, 0x17, 0xBC, 0xB3, 0xFA,
+        0xD1, 0x5C, 0x76, 0x44, 0x0F, 0xED, 0x54, 0xCC,
+        0x78, 0x93, 0x94, 0xFE, 0xA2, 0x44, 0x52, 0xCC,
+        0x6B, 0x05, 0x85, 0xB7, 0xEB, 0x0A, 0x88, 0xBB,
+        0xA9, 0x50, 0x0D, 0x98, 0x00, 0xE6, 0x24, 0x1A,
+        0xFE, 0xB5, 0x23, 0xB5, 0x5A, 0x96, 0xA5, 0x35,
+        0x15, 0x1D, 0x10, 0x49, 0x57, 0x32, 0x06, 0xE5,
+        0x9C, 0x7F, 0xEB, 0x07, 0x09, 0x66, 0x82, 0x36,
+        0x34, 0xF7, 0x7D, 0x5F, 0x12, 0x91, 0x75, 0x5A,
+        0x24, 0x31, 0x19, 0x62, 0x1A, 0xF8, 0x08, 0x4A,
+        0xB7, 0xAC, 0x1E, 0x22, 0xA0, 0x56, 0x8C, 0x62,
+        0x01, 0x41, 0x7C, 0xBE, 0x36, 0x55, 0xD8, 0xA0,
+        0x8D, 0xD5, 0xB5, 0x13, 0x88, 0x4C, 0x98, 0xD5,
+        0xA4, 0x93, 0xFD, 0x49, 0x38, 0x2E, 0xA4, 0x18,
+        0x60, 0xF1, 0x33, 0xCC, 0xD6, 0x01, 0xE8, 0x85,
+        0x96, 0x64, 0x26, 0xA2, 0xB1, 0xF2, 0x3D, 0x42,
+        0xD8, 0x2E, 0x24, 0x58, 0x2D, 0x99, 0x72, 0x51,
+        0x92, 0xC2, 0x17, 0x77, 0x46, 0x7B, 0x14, 0x57,
+        0xB1, 0xDD, 0x42, 0x9A, 0x0C, 0x41, 0xA5, 0xC3,
+        0xD7, 0x04, 0xCE, 0xA0, 0x62, 0x78, 0xC5, 0x99,
+        0x41, 0xB4, 0x38, 0xC6, 0x27, 0x27, 0x09, 0x78,
+        0x09, 0xB4, 0x53, 0x0D, 0xBE, 0x83, 0x7E, 0xA3,
+        0x96, 0xB6, 0xD3, 0x10, 0x77, 0xFA, 0xD3, 0x73,
+        0x30, 0x53, 0x98, 0x9A, 0x84, 0x42, 0xAA, 0xC4,
+        0x25, 0x5C, 0xB1, 0x63, 0xB8, 0xCA, 0x2F, 0x27,
+        0x50, 0x1E, 0xA9, 0x67, 0x30, 0x56, 0x95, 0xAB,
+        0xD6, 0x59, 0xAA, 0x02, 0xC8, 0x3E, 0xE6, 0x0B,
+        0xB5, 0x74, 0x20, 0x3E, 0x99, 0x37, 0xAE, 0x1C,
+        0x62, 0x1C, 0x8E, 0xCB, 0x5C, 0xC1, 0xD2, 0x1D,
+        0x55, 0x69, 0x60, 0xB5, 0xB9, 0x16, 0x1E, 0xA9,
+        0x6F, 0xFF, 0xEB, 0xAC, 0x72, 0xE1, 0xB8, 0xA6,
+        0x15, 0x4F, 0xC4, 0xD8, 0x8B, 0x56, 0xC0, 0x47,
+        0x41, 0xF0, 0x90, 0xCB, 0xB1, 0x56, 0xA7, 0x37,
+        0xC9, 0xE6, 0xA2, 0x2B, 0xA8, 0xAC, 0x70, 0x4B,
+        0xC3, 0x04, 0xF8, 0xE1, 0x7E, 0x5E, 0xA8, 0x45,
+        0xFD, 0xE5, 0x9F, 0xBF, 0x78, 0x8C, 0xCE, 0x0B,
+        0x97, 0xC8, 0x76, 0x1F, 0x89, 0xA2, 0x42, 0xF3,
+        0x05, 0x25, 0x83, 0xC6, 0x84, 0x4A, 0x63, 0x20,
+        0x31, 0xC9, 0x64, 0xA6, 0xC4, 0xA8, 0x5A, 0x12,
+        0x8A, 0x28, 0x61, 0x9B, 0xA1, 0xBB, 0x3D, 0x1B,
+        0xEA, 0x4B, 0x49, 0x84, 0x1F, 0xC8, 0x47, 0x61,
+        0x4A, 0x06, 0x68, 0x41, 0xF5, 0x2E, 0xD0, 0xEB,
+        0x8A, 0xE0, 0xB8, 0xB0, 0x96, 0xE9, 0x2B, 0x81,
+        0x95, 0x40, 0x58, 0x15, 0xB2, 0x31, 0x26, 0x6F,
+        0x36, 0xB1, 0x8C, 0x1A, 0x53, 0x33, 0x3D, 0xAB,
+        0x95, 0xD2, 0xA9, 0xA3, 0x74, 0xB5, 0x47, 0x8A,
+        0x4A, 0x41, 0xFB, 0x87, 0x59, 0x95, 0x7C, 0x9A,
+        0xB2, 0x2C, 0xAE, 0x54, 0x5A, 0xB5, 0x44, 0xBA,
+        0x8D, 0xD0, 0x5B, 0x83, 0xF3, 0xA6, 0x13, 0xA2,
+        0x43, 0x7A, 0xDB, 0x07, 0x3A, 0x96, 0x35, 0xCB,
+        0x4B, 0xBC, 0x96, 0x5F, 0xB4, 0x54, 0xCF, 0x27,
+        0xB2, 0x98, 0xA4, 0x0C, 0xD0, 0xDA, 0x3B, 0x8F,
+        0x9C, 0xA9, 0x9D, 0x8C, 0xB4, 0x28, 0x6C, 0x5E,
+        0xB4, 0x76, 0x41, 0x67, 0x96, 0x07, 0x0B, 0xA5,
+        0x35, 0xAA, 0xA5, 0x8C, 0xDB, 0x45, 0x1C, 0xD6,
+        0xDB, 0x5C, 0xBB, 0x0C, 0xA2, 0x0F, 0x0C, 0x71,
+        0xDE, 0x97, 0xC3, 0x0D, 0xA9, 0x7E, 0xC7, 0x90,
+        0x6D, 0x06, 0xB4, 0xB9, 0x39, 0x39, 0x60, 0x28,
+        0xC4, 0x6B, 0xA0, 0xE7, 0xA8, 0x65, 0xBC, 0x83,
+        0x08, 0xA3, 0x81, 0x0F, 0x12, 0x12, 0x00, 0x63,
+        0x39, 0xF7, 0xBC, 0x16, 0x9B, 0x16, 0x66, 0xFD,
+        0xF4, 0x75, 0x91, 0x1B, 0xBC, 0x8A, 0xAA, 0xB4,
+        0x17, 0x55, 0xC9, 0xA8, 0xAA, 0xBF, 0xA2, 0x3C,
+        0x0E, 0x37, 0xF8, 0x4F, 0xE4, 0x69, 0x99, 0xE0,
+        0x30, 0x49, 0x4B, 0x92, 0x98, 0xEF, 0x99, 0x34,
+        0xE8, 0xA6, 0x49, 0xC0, 0xA5, 0xCC, 0xE2, 0xB2,
+        0x2F, 0x31, 0x80, 0x9A, 0xFE, 0xD2, 0x39, 0x55,
+        0xD8, 0x78, 0x81, 0xD9, 0x9F, 0xC1, 0xD3, 0x52,
+        0x89, 0x6C, 0xAC, 0x90, 0x55, 0xBE, 0xA0, 0xD0,
+        0x16, 0xCC, 0xBA, 0x78, 0x05, 0xA3, 0xA5, 0x0E,
+        0x22, 0x16, 0x30, 0x37, 0x9B, 0xD0, 0x11, 0x35,
+        0x22, 0x1C, 0xAD, 0x5D, 0x95, 0x17, 0xC8, 0xCC,
+        0x42, 0x63, 0x7B, 0x9F, 0xC0, 0x71, 0x8E, 0x9A,
+        0x9B, 0xB4, 0x94, 0x5C, 0x72, 0xD8, 0xD1, 0x1D,
+        0x3D, 0x65, 0x9D, 0x83, 0xA3, 0xC4, 0x19, 0x50,
+        0x9A, 0xF5, 0xB4, 0x70, 0xDD, 0x89, 0xB7, 0xF3,
+        0xAC, 0xCF, 0x5F, 0x35, 0xCF, 0xC3, 0x22, 0x11,
+        0x5F, 0xD6, 0x6A, 0x5C, 0xD2, 0x87, 0x56, 0x51,
+        0x32, 0x6F, 0x9B, 0x31, 0x68, 0x91, 0x3B, 0xE5,
+        0xB9, 0xC8, 0x7A, 0xE0, 0xB0, 0x25, 0xEC, 0x7A,
+        0x2F, 0x4A, 0x07, 0x27, 0x50, 0x94, 0x6A, 0xC6,
+        0x11, 0x70, 0xA7, 0x82, 0x6D, 0x97, 0x04, 0xC5,
+        0xA2, 0x3A, 0x1C, 0x0A, 0x23, 0x25, 0x14, 0x6C,
+        0x3B, 0xC1, 0x85, 0x88, 0x26, 0xC6, 0xB3, 0x92,
+        0x79, 0xC2, 0xDA, 0x74, 0x38, 0xA3, 0x70, 0xED,
+        0x8A, 0x0A, 0xA5, 0x16, 0x9E, 0x3B, 0xEC, 0x29,
+        0xED, 0x88, 0x47, 0x87, 0x32, 0x75, 0x8D, 0x45,
+        0x41, 0x43, 0xE2, 0x27, 0xF8, 0x59, 0x58, 0x83,
+        0x29, 0x78, 0x42, 0xE6, 0xAF, 0x13, 0x3B, 0x17,
+        0xE4, 0x81, 0x1B, 0x0F, 0x57, 0x13, 0xAC, 0x73,
+        0xB7, 0xE3, 0x47, 0x42, 0x3E, 0xB9, 0x28, 0x22,
+        0xD2, 0x30, 0x6F, 0xA1, 0x45, 0x00, 0xA7, 0x20,
+        0x7A, 0x06, 0x72, 0x67, 0x20, 0x46, 0x54, 0x4A,
+        0xCC, 0x4E, 0xA9, 0xC1, 0x6E, 0xD7, 0x42, 0x1A,
+        0x06, 0x9E, 0x0D, 0x73, 0x7A, 0x98, 0x62, 0x85,
+        0x19, 0xC6, 0xA2, 0x9A, 0x42, 0x4A, 0x86, 0x8B,
+        0x46, 0xD9, 0xA0, 0xCC, 0x7C, 0x6C, 0x9D, 0xDD,
+        0x8B, 0x8B, 0xCB, 0xF4, 0x22, 0xC8, 0xF4, 0x8A,
+        0x73, 0x14, 0x3D, 0x5A, 0xBB, 0x66, 0xBC, 0x55,
+        0x49, 0x94, 0x18, 0x43, 0x08, 0x02, 0xBA, 0xC5,
+        0x44, 0x46, 0x3C, 0xC7, 0x31, 0x9D, 0x17, 0x99,
+        0x8F, 0x29, 0x41, 0x13, 0x65, 0x76, 0x6D, 0x04,
+        0xC8, 0x47, 0xF3, 0x12, 0x9D, 0x90, 0x77, 0xB7,
+        0xD8, 0x33, 0x9B, 0xFB, 0x96, 0xA6, 0x73, 0x9C,
+        0x3F, 0x6B, 0x74, 0xA8, 0xF0, 0x5F, 0x91, 0x38,
+        0xAB, 0x2F, 0xE3, 0x7A, 0xCB, 0x57, 0x63, 0x4D,
+        0x18, 0x20, 0xB5, 0x01, 0x76, 0xF5, 0xA0, 0xB6,
+        0xBC, 0x29, 0x40, 0xF1, 0xD5, 0x93, 0x8F, 0x19,
+        0x36, 0xB5, 0xF9, 0x58, 0x28, 0xB9, 0x2E, 0xB7,
+        0x29, 0x73, 0xC1, 0x59, 0x0A, 0xEB, 0x7A, 0x55,
+        0x2C, 0xEC, 0xA1, 0x0B, 0x00, 0xC3, 0x03, 0xB7,
+        0xC7, 0x5D, 0x40, 0x20, 0x71, 0xA7, 0x9E, 0x2C,
+        0x81, 0x0A, 0xF7, 0xC7, 0x45, 0xE3, 0x33, 0x67,
+        0x12, 0x49, 0x2A, 0x42, 0x04, 0x3F, 0x29, 0x03,
+        0xA3, 0x7C, 0x64, 0x34, 0xCE, 0xE2, 0x0B, 0x1D,
+        0x15, 0x9B, 0x05, 0x76, 0x99, 0xFF, 0x9C, 0x1D,
+        0x3B, 0xD6, 0x80, 0x29, 0x83, 0x9A, 0x08, 0xF4,
+        0x3E, 0x6C, 0x1C, 0x81, 0x99, 0x13, 0x53, 0x2F,
+        0x91, 0x1D, 0xD3, 0x70, 0xC7, 0x02, 0x14, 0x88,
+        0xE1, 0x1C, 0xB5, 0x04, 0xCB, 0x9C, 0x70, 0x57,
+        0x0F, 0xFF, 0x35, 0xB4, 0xB4, 0x60, 0x11, 0x91,
+        0xDC, 0x1A, 0xD9, 0xE6, 0xAD, 0xC5, 0xFA, 0x96,
+        0x18, 0x79, 0x8D, 0x7C, 0xC8, 0x60, 0xC8, 0x7A,
+        0x93, 0x9E, 0x4C, 0xCF, 0x85, 0x33, 0x63, 0x22,
+        0x68, 0xCF, 0x1A, 0x51, 0xAF, 0xF0, 0xCB, 0x81,
+        0x1C, 0x55, 0x45, 0xCB, 0x16, 0x56, 0xE6, 0x52,
+        0x69, 0x47, 0x74, 0x30, 0x69, 0x9C, 0xCD, 0xEA,
+        0x38, 0x00, 0x63, 0x0B, 0x78, 0xCD, 0x58, 0x10,
+        0x33, 0x4C, 0xCF, 0x02, 0xE0, 0x13, 0xF3, 0xB8,
+        0x02, 0x44, 0xE7, 0x0A, 0xCD, 0xB0, 0x60, 0xBB,
+        0xE7, 0xA5, 0x53, 0xB0, 0x63, 0x45, 0x6B, 0x2E,
+        0xA8, 0x07, 0x47, 0x34, 0x13, 0x16, 0x5C, 0xE5,
+        0x7D, 0xD5, 0x63, 0x47, 0x3C, 0xFB, 0xC9, 0x06,
+        0x18, 0xAD, 0xE1, 0xF0, 0xB8, 0x88, 0xAA, 0x48,
+        0xE7, 0x22, 0xBB, 0x27, 0x51, 0x85, 0x8F, 0xE1,
+        0x96, 0x87, 0x44, 0x2A, 0x48, 0xE7, 0xCA, 0x0D,
+        0x2A, 0x29, 0xCD, 0x51, 0xBF, 0xD8, 0xF7, 0x8C,
+        0x17, 0xB9, 0x66, 0x0B, 0xFB, 0x54, 0xA4, 0x70,
+        0xB2, 0xAE, 0x9A, 0x95, 0x5C, 0x6A, 0xB8, 0xD6,
+        0xE5, 0xCC, 0x92, 0xAC, 0x8E, 0xD3, 0xC1, 0x85,
+        0xDA, 0xA8, 0xBC, 0x29, 0xF0, 0x57, 0x8E, 0xBB,
+        0x81, 0x2B, 0x97, 0xC9, 0xE5, 0xA8, 0x48, 0xA6,
+        0x38, 0x4D, 0xE4, 0xE7, 0x5A, 0x31, 0x47, 0x0B,
+        0x53, 0x06, 0x6A, 0x8D, 0x02, 0x7B, 0xA4, 0x4B,
+        0x21, 0x74, 0x9C, 0x04, 0x92, 0x46, 0x5F, 0x90,
+        0x72, 0xB2, 0x83, 0x76, 0xC4, 0xE2, 0x90, 0xB3,
+        0x0C, 0x18, 0x63, 0xF9, 0xE5, 0xB7, 0x99, 0x96,
+        0x08, 0x34, 0x22, 0xBD, 0x8C, 0x27, 0x2C, 0x10,
+        0xEC, 0xC6, 0xEB, 0x9A, 0x0A, 0x82, 0x25, 0xB3,
+        0x1A, 0xA0, 0xA6, 0x6E, 0x35, 0xB9, 0xC0, 0xB9,
+        0xA7, 0x95, 0x82, 0xBA, 0x20, 0xA3, 0xC0, 0x4C,
+        0xD2, 0x99, 0x14, 0xF0, 0x83, 0xA0, 0x15, 0x82,
+        0x88, 0xBA, 0x4D, 0x6E, 0xB6, 0x2D, 0x87, 0x26,
+        0x4B, 0x91, 0x2B, 0xCA, 0x39, 0x73, 0x2F, 0xBD,
+        0xE5, 0x36, 0xA3, 0x77, 0xAD, 0x02, 0xB8, 0xC8,
+        0x35, 0xD4, 0xA2, 0xF4, 0xE7, 0xB1, 0xCE, 0x11,
+        0x5D, 0x0C, 0x86, 0x0B, 0xEA, 0xA7, 0x95, 0x5A,
+        0x49, 0xAD, 0x68, 0x95, 0x86, 0xA8, 0x9A, 0x2B,
+        0x9F, 0x9B, 0x10, 0xD1, 0x59, 0x5D, 0x2F, 0xC0,
+        0x65, 0xAD, 0x01, 0x8A, 0x7D, 0x56, 0xC6, 0x14,
+        0x47, 0x1F, 0x8E, 0x94, 0x6F, 0xE8, 0xAB, 0x49,
+        0xE8, 0x22, 0x65, 0x91, 0x11, 0x9F, 0xCA, 0xDB,
+        0x4F, 0x9A, 0x86, 0x16, 0x31, 0x37, 0x87, 0x36,
+        0xB6, 0x68, 0x8B, 0x78, 0x2D, 0x58, 0xE9, 0x7E,
+        0x45, 0x72, 0x75, 0x3A, 0x96, 0x64, 0xB6, 0xB8,
+        0x53, 0x68, 0x12, 0xB2, 0x59, 0x11, 0xAA, 0x76,
+        0xA2, 0x42, 0x37, 0x54, 0x33, 0x19, 0x27, 0x38,
+        0xEE, 0xE7, 0x62, 0xF6, 0xB8, 0x43, 0x15, 0xBB,
+        0x34, 0x36, 0x23, 0x1E, 0x0A, 0x9B, 0x27, 0x7E,
+        0xD2, 0x8A, 0xE0, 0x05, 0x07, 0x28, 0x34, 0x64,
+        0x57, 0xE1, 0x34, 0x05, 0x06, 0x2D, 0xB2, 0x80,
+        0x4B, 0x8D, 0xA6, 0x0B, 0xB5, 0xC7, 0x93, 0xD4,
+        0xCC, 0x0E, 0x10, 0x1C, 0xBA, 0x2D, 0x91, 0x82,
+        0xFD, 0x71, 0x24, 0xFF, 0x52, 0xBF, 0x4C, 0xA2,
+        0x82, 0x92, 0xAC, 0x26, 0xD6, 0x78, 0x08, 0x89,
+        0x53, 0x97, 0x1D, 0xBA, 0x0B, 0x6F, 0xEC, 0x2C,
+        0x96, 0x59, 0x35, 0x32, 0x91, 0xC7, 0x0C, 0x5B,
+        0x92, 0x45, 0xA0, 0xCA, 0x25, 0x33, 0x04, 0xAF,
+        0xD3, 0xC9, 0x51, 0x02, 0xBE, 0xA6, 0x68, 0x75,
+        0xC6, 0x20, 0x16, 0x80, 0xB4, 0xBD, 0xA3, 0x86,
+        0x87, 0xB6, 0x48, 0xC2, 0x8E, 0xB3, 0x74, 0x78,
+        0xE3, 0xBC, 0x00, 0xCA, 0x8A, 0x3C, 0xC2, 0x72,
+        0x04, 0x64, 0x2B, 0x42, 0xB6, 0x8F, 0xCB, 0xE7,
+        0xB2, 0x1A, 0x36, 0x6D, 0x06, 0x68, 0xA5, 0x02,
+        0x9A, 0x7D, 0xEE, 0xF9, 0x4C, 0xDD, 0x6A, 0x95,
+        0xD7, 0xEA, 0x89, 0x31, 0x67, 0x3B, 0xF7, 0x11,
+        0x2D, 0x40, 0x42, 0x10, 0x7B, 0x1B, 0x8B, 0x97,
+        0x00, 0xC9, 0x74, 0xF9, 0xC4, 0xE8, 0x3A, 0x8F,
+        0xAC, 0xD8, 0x9B, 0xFE, 0x0C, 0xA3, 0xCC, 0x4C,
+        0x2F, 0xCE, 0x80, 0xA0, 0x3D, 0x35, 0x76, 0xC2,
+        0x22, 0xA7, 0x92, 0xB7, 0x2B, 0x1F, 0x07, 0x0A,
+        0xB7, 0xF6, 0xB6, 0xF2, 0xB5, 0xCA, 0x2A, 0xF5,
+        0x05, 0x4A, 0xFA, 0x70, 0xA8, 0x96, 0x99, 0x01,
+        0x59, 0xB4, 0x5D, 0x10, 0x03, 0xE2, 0xA0, 0x56,
+        0x48, 0x67, 0x5E, 0x59, 0x60, 0x16, 0xF1, 0xB7,
+        0x1D, 0xD0, 0xF7, 0xBD, 0xA7, 0xE2, 0x09, 0x7F,
+        0xC7, 0x3B, 0x3A, 0x14, 0x3D, 0x12, 0xC7, 0x26,
+        0x02, 0x0A, 0xC3, 0x49, 0x58, 0xAD, 0x70, 0x62,
+        0xB9, 0x2B, 0x9A, 0xBF, 0x3C, 0xA6, 0xBE, 0x5A,
+        0xE2, 0x9F, 0x57, 0x13, 0x5E, 0x62, 0x5A, 0x36,
+        0x79, 0x71, 0x83, 0x7E, 0x63, 0x63, 0xD1, 0x53,
+        0x20, 0x94, 0xE0, 0x22, 0xA2, 0x34, 0x67, 0xCF,
+        0x93, 0x2E, 0x1F, 0x89, 0xB5, 0xB0, 0x80, 0x3C,
+        0x1E, 0xC9, 0x9B, 0x58, 0x5A, 0x78, 0xB5, 0x86,
+        0x50, 0x96, 0x74, 0x6F, 0x32, 0x25, 0x82, 0x14,
+        0xEC, 0xB3, 0x80, 0x65, 0xC9, 0x7F, 0x45, 0x5E,
+        0x15, 0x5A, 0xCC, 0x2D, 0xD0, 0x05, 0xA9, 0xC7,
+        0x6B, 0xED, 0x59, 0xCD, 0xA7, 0x38, 0x37, 0xD3,
+        0x03, 0x50, 0x4E, 0x6C, 0x97, 0x6A, 0x60, 0x6A,
+        0x2B, 0xE7, 0xBB, 0xEC, 0x59, 0x48, 0xB9, 0x1A,
+        0x34, 0x9E, 0x89, 0x36, 0x68, 0x8C, 0xC0, 0x27,
+        0x97, 0x54, 0xB7, 0x43, 0xAB, 0xC5, 0x86, 0x66,
+        0xB1, 0x9B, 0x6C, 0x32, 0x60, 0x05, 0x1F, 0x19,
+        0x20, 0x6B, 0xB9, 0x62, 0xBB, 0x66, 0x33, 0xEB,
+        0x00, 0x48, 0xE3, 0x2B, 0xAA, 0xCC, 0x5B, 0x02,
+        0x0D, 0x02, 0xC8, 0x6C, 0xA9, 0x77, 0x0A, 0xD4,
+        0x69, 0xDB, 0x54, 0xA1, 0x06, 0xAC, 0x73, 0xA3,
+        0x5B, 0x80, 0x57, 0x42, 0x2B, 0x3D, 0xB2, 0x02,
+        0xC5, 0xA5, 0xB4, 0xE3, 0xD5, 0x35, 0xF0, 0xFC,
+        0x99, 0x32, 0x6C, 0x4B, 0x8B, 0x7B, 0x16, 0xF1,
+        0xCB, 0x5A, 0xF9, 0x68, 0x03, 0xFA, 0x8C, 0x19,
+        0x5F, 0xC0, 0xBC, 0xED, 0xDA, 0xAF, 0x01, 0x2A,
+        0x51, 0x72, 0x8B, 0x76, 0x48, 0x90, 0x82, 0x37,
+        0x3C, 0x91, 0xE9, 0x2C, 0x87, 0xAC, 0xCA, 0x79,
+        0x51, 0x60, 0x78, 0x2E, 0x3B, 0x0D, 0xD6, 0x43,
+        0x54, 0x4B, 0xB9, 0x6A, 0xBC, 0x27, 0x08, 0xD4,
+        0x9B, 0x75, 0x9C, 0xF0, 0x57, 0xAA, 0x22, 0x3B,
+        0xAF, 0xD9, 0x6A, 0x33, 0x0B, 0xAF, 0x39, 0x81,
+        0x0F, 0xE8, 0x67, 0x1B, 0x43, 0x43, 0xC2, 0x97,
+        0xDA, 0x1E, 0x19, 0x69, 0xC9, 0x96, 0x21, 0x6A,
+        0xB5, 0x10, 0x6D, 0xA6, 0x68, 0x94, 0x1B, 0x16,
+        0x0D, 0x44, 0x77, 0x01, 0x71, 0x36, 0xCB, 0xCA,
+        0x5B, 0x5A, 0x8D, 0x44, 0xC4, 0xA8, 0xB1, 0xCF,
+        0x3E, 0xF7, 0x97, 0x85, 0xE5, 0xAA, 0x25, 0xC3,
+        0xA1, 0xAD, 0x6C, 0x24, 0xFD, 0x14, 0x0F, 0x79,
+        0x20, 0x7D, 0xE5, 0xA4, 0x99, 0xF8, 0xA1, 0x53,
+        0x4F, 0xFA, 0x80, 0x4A, 0xA7, 0xB3, 0x88, 0x9C,
+        0xBE, 0x25, 0xC0, 0x41, 0x47, 0x04, 0xAA, 0x57,
+        0x89, 0x7F, 0x17, 0x86, 0x23, 0x64, 0xEC, 0xA5,
+        0x62, 0x58, 0x00, 0x72, 0x48, 0x81, 0x39, 0x12,
+        0xB8, 0x36, 0x49, 0x7F, 0x03, 0x59, 0xC2, 0xF7,
+        0x23, 0x8A, 0x05, 0xD3, 0x05, 0xA0, 0xEA, 0x15,
+        0x2E, 0x72, 0xB4, 0x44, 0x17, 0xA8, 0x68, 0x13,
+        0x4E, 0x91, 0xB3, 0xCA, 0x79, 0x31, 0x23, 0x2F,
+        0xD4, 0xC2, 0x5F, 0x8C, 0x2A, 0x49, 0x2A, 0x33,
+        0x9C, 0xDC, 0x0A, 0x13, 0x89, 0x67, 0x21, 0x14,
+        0x51, 0xF2, 0x56, 0x26, 0x78, 0xFA, 0x14, 0x08,
+        0x0A, 0x34, 0x43, 0x6C, 0x42, 0xB0, 0x78, 0x65,
+        0xAC, 0x03, 0x6A, 0x81, 0xE9, 0x7A, 0x77, 0x87,
+        0xA9, 0x38, 0x02, 0x5C, 0xAF, 0x81, 0x34, 0x50,
+        0x36, 0x8B, 0xED, 0x0C, 0x94, 0xB1, 0x85, 0x76,
+        0x04, 0x52, 0x64, 0x05, 0xD2, 0x7A, 0x1C, 0x1A,
+        0xBC, 0x81, 0xB5, 0xB6, 0xEC, 0x13, 0xC7, 0x19,
+        0x30, 0xA9, 0x7D, 0x92, 0x32, 0xCF, 0x70, 0x21,
+        0xEF, 0x87, 0xA4, 0xD1, 0x55, 0x32, 0x8E, 0x62,
+        0xB5, 0x83, 0xA8, 0x3B, 0x4A, 0xF2, 0x1F, 0x9F,
+        0x57, 0x50, 0xF8, 0x57, 0x51, 0x50, 0x42, 0x4F,
+        0x63, 0xB8, 0x99, 0xD7, 0x1C, 0xAD, 0x26, 0x7C,
+        0x09, 0xE4, 0x46, 0x71, 0x46, 0xE1, 0x6E, 0x9B,
+        0x6C, 0x65, 0x3F, 0x00, 0x8C, 0x31, 0x13, 0x75,
+        0xE2, 0xE0, 0x06, 0xD4, 0x07, 0x6A, 0x54, 0x6B,
+        0x82, 0xF5, 0x31, 0x42, 0x22, 0xF7, 0xC6, 0x54,
+        0x31, 0x7E, 0x79, 0xEC, 0x60, 0x35, 0xB7, 0x3F,
+        0xAF, 0x49, 0x17, 0x57, 0xE6, 0x1C, 0x82, 0x83,
+        0x26, 0xD5, 0x30, 0x44, 0x54, 0x1C, 0x4D, 0x45,
+        0x37, 0xAB, 0xD3, 0xEA, 0x1E, 0x67, 0x99, 0x8C,
+        0x33, 0x82, 0x97, 0x4C, 0xA7, 0x8A, 0xE1, 0xB1,
+        0x96, 0x0E, 0x4A, 0x92, 0x26, 0xB0, 0x21, 0x9A,
+        0xB0, 0x70, 0xF0, 0xD7, 0xAA, 0x66, 0xD7, 0x6F,
+        0x93, 0x16, 0xAD, 0xB8, 0x0C, 0x54, 0xD6, 0x49,
+        0x97, 0x71, 0xB4, 0x71, 0xE8, 0x16, 0x8D, 0x47,
+        0xBC, 0xAA, 0x08, 0x32, 0x4A, 0xB6, 0xBA, 0x92,
+        0xC3, 0xA7, 0x02, 0x75, 0xF2, 0x4F, 0xA4, 0xDC,
+        0x10, 0xE2, 0x51, 0x63, 0x3F, 0xB9, 0x8D, 0x16,
+        0x2B, 0xB5, 0x53, 0x72, 0x02, 0xC6, 0xA5, 0x53,
+        0xCE, 0x78, 0x41, 0xC4, 0xD4, 0x0B, 0x87, 0x3B,
+        0x85, 0xCA, 0x03, 0xA0, 0xA1, 0xE1, 0xCF, 0xAD,
+        0xE6, 0xBA, 0x51, 0x80, 0xAB, 0x13, 0x23, 0xCC,
+        0xBA, 0x9A, 0x3E, 0x9C, 0x53, 0xD3, 0x75, 0x75,
+        0xAB, 0x1F, 0xD9, 0xE7, 0x31, 0x6C, 0x6F, 0xEE,
+        0xCB, 0x0A, 0x14, 0xDF, 0x6F, 0x2D, 0xA5, 0x6C,
+        0x2F, 0x56, 0xF5, 0x5A, 0x89, 0x63, 0x5C, 0xFC,
+        0xFD, 0xA4, 0x79, 0x27, 0xAF, 0x1F, 0x0A, 0x47,
+        0xB2, 0xD4, 0xE4, 0xE6, 0x16, 0x34, 0xB1, 0xB5,
+        0x1D, 0x37, 0xA3, 0xA3, 0x07, 0xA9, 0x72, 0x42,
+        0x0D, 0xE1, 0xB7, 0xA4, 0x81, 0xB8, 0x3E, 0x58,
+        0x3B, 0x6A, 0xF1, 0x6F, 0x63, 0xCB, 0x00, 0xC6
     };
     static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = {
-        0x61, 0xFF, 0x1A, 0x8B, 0x61, 0x17, 0xEF, 0x11,
-        0x83, 0x28, 0xE8, 0x8B, 0x32, 0x27, 0x99, 0x30,
-        0x14, 0xDC, 0xD0, 0x75, 0xB8, 0xA1, 0xA7, 0xF9,
-        0x80, 0x18, 0x93, 0xEE, 0xE6, 0x40, 0x5B, 0xB9,
-        0x60, 0xB6, 0xB7, 0xF6, 0xA1, 0xA2, 0x75, 0x18,
-        0xA3, 0x40, 0x91, 0x39, 0xA4, 0x8B, 0x85, 0x96,
-        0x81, 0xCC, 0x75, 0x8F, 0x2B, 0xCC, 0x3E, 0xEF,
-        0xB0, 0x43, 0x94, 0xA3, 0x75, 0xA5, 0xCD, 0x71,
-        0x31, 0x64, 0x90, 0x93, 0x8A, 0xBF, 0xD1, 0x94,
-        0xB2, 0x0B, 0xCD, 0x31, 0xB3, 0x98, 0x02, 0x61,
-        0xC9, 0xED, 0x69, 0xBF, 0x9B, 0x1D, 0x7D, 0x76,
-        0x59, 0xA8, 0x04, 0x0D, 0xB1, 0xE2, 0x5D, 0x2B,
-        0xA6, 0xF7, 0x03, 0x48, 0x66, 0x24, 0xB7, 0x3C,
-        0xAC, 0xDC, 0xA2, 0x7D, 0xB0, 0xF7, 0xE2, 0x40,
-        0x8C, 0x94, 0x48, 0xE3, 0x88, 0x73, 0x28, 0x0F,
-        0x5E, 0x99, 0x50, 0xD7, 0xCC, 0xE2, 0x52, 0xA6,
-        0x47, 0x58, 0x0C, 0x19, 0x90, 0x4F, 0xAD, 0x62,
-        0xAE, 0xC3, 0x00, 0xBC, 0x8E, 0x38, 0xF0, 0x59,
-        0x48, 0xB6, 0x3B, 0xAD, 0x5C, 0xE7, 0xC9, 0x0E,
-        0x40, 0xC4, 0xBC, 0x65, 0x11, 0x77, 0x61, 0xF5,
-        0xF8, 0x86, 0x8F, 0x80, 0x25, 0xD6, 0xCE, 0xB2,
-        0xC5, 0xDF, 0x60, 0xDE, 0x38, 0xC3, 0x23, 0x29,
-        0x22, 0x08, 0x7E, 0xFC, 0xF2, 0xCD, 0x95, 0xDE,
-        0x5E, 0x87, 0xB6, 0x88, 0x8B, 0x88, 0xC8, 0x6C,
-        0xC7, 0x83, 0x15, 0x58, 0x5B, 0x2C, 0xC6, 0x88,
-        0xA7, 0x1B, 0x47, 0x7B, 0xFA, 0x38, 0x8D, 0xC2,
-        0x33, 0x4D, 0xFA, 0x8A, 0xA9, 0x55, 0x03, 0xD5,
-        0x39, 0x7E, 0x2A, 0xE0, 0x35, 0x29, 0x03, 0xEA,
-        0x6A, 0x0A, 0xE8, 0xB6, 0x49, 0xA9, 0x14, 0xB3,
-        0x52, 0x5F, 0xE5, 0x8F, 0x56, 0x4B, 0xF1, 0x9C,
-        0xC0, 0x9F, 0x54, 0xE1, 0x05, 0xD1, 0x9B, 0xD8,
-        0x10, 0x54, 0xE5, 0x70, 0x01, 0xF7, 0x0B, 0xBD,
-        0xD7, 0x71, 0x94, 0x49, 0x68, 0x7E, 0x9A, 0x53,
-        0xB1, 0x6C, 0xA5, 0x36, 0x6A, 0x19, 0x10, 0x5A,
-        0x8B, 0xA0, 0x85, 0x89, 0xAD, 0x08, 0xDF, 0x13,
-        0x00, 0xEF, 0x4F, 0x92, 0x3B, 0xA9, 0xE7, 0x62,
-        0xA8, 0x2F, 0xB0, 0x9B, 0x76, 0xE1, 0x25, 0xF2,
-        0xF2, 0x74, 0xD6, 0x17, 0xBF, 0x30, 0xEA, 0xB4,
-        0x65, 0xEC, 0xF2, 0x4D, 0x37, 0x07, 0xAD, 0x30,
-        0x0D, 0x9A, 0xFC, 0x1C, 0xF1, 0xDC, 0x40, 0xEE,
-        0x7D, 0x4E, 0xEA, 0x6D, 0x15, 0x0E, 0x6F, 0x0A,
-        0x31, 0xDB, 0x9F, 0x8F, 0x92, 0xBA, 0x8E, 0xEE,
-        0xB3, 0x5D, 0x74, 0x45, 0x58, 0x9B, 0x04, 0x6B,
-        0xA7, 0x9E, 0xFE, 0x23, 0x11, 0x06, 0xCF, 0x0A,
-        0x75, 0x71, 0x2A, 0xB3, 0x92, 0x72, 0x4C, 0x53,
-        0xEF, 0xF9, 0xF5, 0x73, 0x3B, 0xEE, 0x0D, 0x6A,
-        0x44, 0xD0, 0xB6, 0xF5, 0x15, 0xD0, 0xF5, 0xE4,
-        0x0B, 0x1B, 0x1E, 0x17, 0xE6, 0x7A, 0xED, 0x3C,
-        0x81, 0xD0, 0x0A, 0xC4, 0x68, 0xA2, 0x8F, 0x84,
-        0x53, 0xD4, 0xB0, 0xDA, 0x80, 0x9E, 0x57, 0xD8,
-        0x23, 0xF2, 0x8D, 0x61, 0xED, 0x0B, 0x59, 0xA0,
-        0x8C, 0x62, 0x29, 0x72, 0xD9, 0x91, 0x79, 0xDA,
-        0x86, 0x36, 0xC4, 0x5F, 0x1C, 0xE8, 0xF6, 0x25,
-        0x2A, 0xC8, 0x6D, 0x91, 0xB5, 0xE9, 0x29, 0x97,
-        0x01, 0x4E, 0x3F, 0x50, 0x89, 0xE6, 0x8B, 0xC5,
-        0x2C, 0xED, 0x5D, 0xAE, 0x6D, 0x5B, 0x17, 0x5F,
-        0xE2, 0xD6, 0x19, 0x28, 0x46, 0x50, 0x59, 0x72,
-        0x4C, 0x83, 0x59, 0x02, 0xD7, 0x61, 0x2C, 0xDB,
-        0x69, 0xCD, 0xAC, 0x66, 0x4F, 0xC1, 0xC9, 0xCB,
-        0x11, 0x20, 0x3A, 0x8C, 0x7B, 0x71, 0x48, 0x6E,
-        0x97, 0xB7, 0xD1, 0xBC, 0x6A, 0x98, 0xF4, 0x93,
-        0xDC, 0xBE, 0xC8, 0xE6, 0x29, 0x55, 0x8E, 0xD3,
-        0x61, 0x09, 0x12, 0x93, 0xD1, 0xB5, 0xD2, 0x09,
-        0x6C, 0xEB, 0x9F, 0xC7, 0xAF, 0xEE, 0x71, 0xDB,
-        0x7C, 0xCF, 0xE4, 0x82, 0xB6, 0x8A, 0x19, 0x64,
-        0x29, 0xFF, 0x04, 0xD1, 0x59, 0x03, 0xE7, 0xA7,
-        0x5C, 0x7B, 0xB5, 0xF6, 0x22, 0xC3, 0x69, 0x71,
-        0x69, 0x45, 0x59, 0xFF, 0x07, 0xDF, 0xAA, 0x79,
-        0xE4, 0x1C, 0x36, 0x2B, 0x22, 0x64, 0x3C, 0xD3,
-        0x9B, 0xD9, 0xE1, 0xD3, 0xD6, 0xC2, 0xA3, 0x06,
-        0xB5, 0xF1, 0x10, 0x2C, 0x26, 0x6E, 0xEE, 0x67,
-        0xDC, 0xDA, 0xCF, 0x36, 0x69, 0x7A, 0x83, 0x6F,
-        0x20, 0x38, 0x38, 0xEC, 0x11, 0x03, 0x08, 0xC9,
-        0x0A, 0x3D, 0x01, 0x57, 0x0C, 0xB3, 0x66, 0x8A,
-        0xBA, 0x50, 0x34, 0x0E, 0x40, 0xF5, 0x4C, 0xFA,
-        0x6A, 0x9E, 0x88, 0x62, 0x53, 0x2F, 0x5F, 0x19,
-        0x84, 0x8A, 0xA1, 0x1F, 0xD3, 0x4F, 0xC8, 0x6B,
-        0x7F, 0xCB, 0x16, 0x37, 0xF4, 0xE5, 0xA1, 0xD0,
-        0x3A, 0xFC, 0xE4, 0x41, 0x24, 0xE4, 0xE4, 0x60,
-        0xB8, 0x4C, 0x63, 0x49, 0x6A, 0xDE, 0xD5, 0x58,
-        0x01, 0xDF, 0x25, 0x17, 0xA9, 0x0A, 0xB0, 0x61,
-        0xC8, 0xE6, 0x3A, 0xB6, 0xB1, 0x4B, 0xE1, 0x69,
-        0x4D, 0x6F, 0x38, 0x9D, 0xD8, 0x5F, 0x56, 0x39,
-        0xC5, 0x78, 0x3A, 0xFC, 0xA0, 0x14, 0x6E, 0x6A,
-        0x1E, 0xB0, 0xC4, 0x05, 0x63, 0xC1, 0x37, 0x01,
-        0x0D, 0xB6, 0x0B, 0xBC, 0x3D, 0x63, 0x74, 0xD6,
-        0xF3, 0xA8, 0x92, 0xDE, 0xBC, 0x06, 0x47, 0x01,
-        0xC6, 0x4B, 0xEC, 0xCB, 0x8E, 0x2C, 0x33, 0xB7,
-        0x40, 0xCC, 0x7E, 0xD4, 0x9D, 0x10, 0x8A, 0x8C,
-        0x46, 0x56, 0x81, 0x8D, 0xF5, 0xF7, 0xD9, 0x1E,
-        0xAA, 0xA4, 0x46, 0xAC, 0x6C, 0xCD, 0xE3, 0x0C,
-        0x6D, 0x3D, 0x1B, 0xF6, 0x6E, 0x4E, 0x3B, 0x7B,
-        0x6B, 0x81, 0xE3, 0xCB, 0x17, 0x22, 0x7F, 0x80,
-        0xDB, 0x00, 0x96, 0xE6, 0xBE, 0x7D, 0x85, 0x9C,
-        0x09, 0x71, 0x37, 0x49, 0xFC, 0xA2, 0x15, 0x30,
-        0xFE, 0x1A, 0x71, 0x6E, 0xBE, 0x32, 0x55, 0x04,
-        0x31, 0x9B, 0xD0, 0xEA, 0x2A, 0x7D, 0x77, 0x13,
-        0x60, 0x7C, 0xB6, 0x79, 0xB0, 0xA0, 0xB2, 0x26,
-        0x8D, 0x49, 0x3B, 0x67, 0xC0, 0x48, 0x18, 0x72,
-        0x17, 0x7F, 0xFD, 0x25, 0x93, 0xF3, 0xAC, 0xF6,
-        0x91, 0xCE, 0xE9, 0x9A, 0x36, 0xEC, 0xA7, 0x22,
-        0x57, 0x9E, 0xFA, 0xA5, 0x9A, 0xCC, 0x59, 0xEF,
-        0x8C, 0xEA, 0x91, 0x08, 0xE6, 0x20, 0xB0, 0x60,
-        0x56, 0xC1, 0x9D, 0x3C, 0x1E, 0xB9, 0x1E, 0x86,
-        0x34, 0xDE, 0x49, 0x57, 0x70, 0x6D, 0xFA, 0x8F,
-        0x9D, 0x0A, 0x9E, 0x0C, 0xD4, 0x09, 0x4F, 0x6B,
-        0x95, 0xA8, 0x3F, 0x11, 0x8A, 0x51, 0x3E, 0xBF,
-        0xE5, 0xE9, 0x9A, 0xEB, 0x88, 0xA2, 0x68, 0xE0,
-        0x09, 0x7F, 0xCC, 0x3C, 0x7A, 0xE2, 0x50, 0xB6,
-        0x81, 0x93, 0x3B, 0xBC, 0x2A, 0x8F, 0x53, 0x81,
-        0xF9, 0x4D, 0x15, 0x64, 0x34, 0xA8, 0x7E, 0x9E,
-        0xE3, 0x7E, 0x78, 0xC2, 0x7A, 0x0C, 0xDA, 0xEE,
-        0xA9, 0x81, 0x4B, 0xCB, 0x43, 0xDF, 0x53, 0x8D,
-        0xBE, 0x62, 0x8C, 0x80, 0x2C, 0x1A, 0x94, 0xE0,
-        0xCD, 0xDC, 0xD0, 0xCD, 0x5A, 0x0F, 0x82, 0x20,
-        0xDA, 0x97, 0xC2, 0x38, 0x39, 0x36, 0xA3, 0x39,
-        0x19, 0xFC, 0xDC, 0x11, 0xD7, 0x0E, 0xD4, 0x43,
-        0x7D, 0xD2, 0xD7, 0xC7, 0x3C, 0xD0, 0xC3, 0xBB,
-        0x90, 0xCA, 0x70, 0x70, 0x22, 0x8F, 0xE8, 0xD6,
-        0x4A, 0x1C, 0x9D, 0x56, 0xE6, 0xB3, 0x48, 0x30,
-        0xEF, 0x30, 0x0B, 0x5A, 0xA6, 0xEC, 0x6C, 0x78,
-        0xA5, 0x42, 0x5A, 0xE6, 0xF7, 0xAD, 0x0E, 0xFD,
-        0xD5, 0x27, 0xCF, 0x0A, 0xF8, 0xE0, 0x9B, 0x56,
-        0xE4, 0x95, 0xBE, 0x66, 0xF6, 0x65, 0xC6, 0x4B,
-        0x0A, 0x42, 0xC5, 0xC4, 0xB2, 0x46, 0x80, 0x48,
-        0x0A, 0xD2, 0xE5, 0xC1, 0x1D, 0x99, 0x1F, 0x7E,
-        0x3D, 0xA7, 0x59, 0xAE, 0xC8, 0x02, 0xF1, 0x76,
-        0xDD, 0xF1, 0x1E, 0xF7, 0x14, 0x69, 0xDC, 0x13,
-        0xB3, 0xA3, 0xE0, 0x36, 0x99, 0x51, 0x98, 0x58,
-        0xAC, 0x6F, 0xC6, 0x5C, 0x27, 0xFA, 0x4C, 0xEF,
-        0xDA, 0x09, 0xC8, 0x2E, 0x8F, 0x95, 0x8E, 0x01,
-        0x8D, 0xD5, 0x25, 0x5C, 0xA2, 0xF6, 0x28, 0xE0,
-        0xDA, 0x73, 0x91, 0xAB, 0xED, 0x6D, 0x37, 0x70,
-        0x55, 0x28, 0xAB, 0x22, 0xEC, 0x71, 0xDC, 0x88,
-        0x36, 0xD7, 0xFD, 0x46, 0x45, 0x94, 0x47, 0x03,
-        0xA5, 0x1C, 0xC7, 0x4D, 0x29, 0x70, 0x92, 0xFC,
-        0xE1, 0x39, 0xE8, 0x97, 0x6F, 0x8B, 0xE9, 0xC5,
-        0xF8, 0x63, 0x90, 0xB7, 0x4D, 0x40, 0x1A, 0x8C,
-        0x81, 0x53, 0x11, 0x22, 0x01, 0x13, 0x3D, 0x0C,
-        0x51, 0x7C, 0x6C, 0xE7, 0xA3, 0x8C, 0x08, 0x60,
-        0x69, 0xCE, 0x39, 0x71, 0xF1, 0xAD, 0x28, 0xF3,
-        0xE5, 0xD0, 0x1B, 0x56, 0xA4, 0x80, 0xB4, 0x17,
-        0xA0, 0x16, 0xAE, 0xA4, 0x63, 0x94, 0xCD, 0xF7,
-        0x64, 0x81, 0x29, 0x18, 0xD8, 0xAB, 0x05, 0x01,
-        0xD5, 0xD1, 0x8C, 0xE1, 0x3F, 0xBD, 0x3D, 0xE9,
-        0x1F, 0x50, 0x42, 0x15, 0xCC, 0xD0, 0xE2, 0xD1,
-        0x7B, 0x7E, 0x96, 0x3C, 0x86, 0x7F, 0x6F, 0x13,
-        0x21, 0x14, 0xE3, 0x64, 0x59, 0xFC, 0x5A, 0xF7,
-        0xCE, 0xE9, 0x9B, 0x78, 0x96, 0x73, 0xE5, 0x24,
-        0x13, 0x1F, 0x7D, 0xC7, 0x13, 0x60, 0x95, 0x1A,
-        0x99, 0x7A, 0x9C, 0xE5, 0x0D, 0xD5, 0xFA, 0xFC,
-        0x45, 0x21, 0x14, 0x44, 0x41, 0xC0, 0x6B, 0xB4,
-        0x1C, 0x79, 0xE8, 0xED, 0x53, 0x28, 0x5D, 0x13,
-        0x7D, 0x54, 0xF3, 0x25, 0xA6, 0xC2, 0xF2, 0xEF,
-        0x74, 0xE3, 0x4C, 0x0F, 0x87, 0x7A, 0x61, 0x4C,
-        0xE4, 0x5D, 0xC0, 0xAE, 0xDD, 0xF9, 0x5A, 0x0E,
-        0x2E, 0x4E, 0xDA, 0xE2, 0x9A, 0xF4, 0x11, 0xC9,
-        0xCC, 0x2A, 0xF9, 0x5C, 0x9E, 0xA9, 0xA9, 0x4A,
-        0x79, 0x61, 0xC8, 0x24, 0x6E, 0x65, 0x4F, 0xA2,
-        0x8F, 0x3D, 0x56, 0x8D, 0x5F, 0xEE, 0x93, 0x35,
-        0x2C, 0x2E, 0x0D, 0x60, 0xCC, 0xAF, 0x5B, 0x00,
-        0x09, 0x0A, 0xB6, 0xE7, 0xA5, 0x3A, 0xA0, 0x6A,
-        0x8C, 0xD3, 0x73, 0x7E, 0xBF, 0x1B, 0x65, 0xD6,
-        0x25, 0xBC, 0xF2, 0x20, 0xF7, 0x4D, 0xE2, 0x2D,
-        0x98, 0x71, 0xEF, 0xC3, 0x76, 0xBF, 0x08, 0x2D,
-        0x4B, 0x87, 0x2A, 0x30, 0x3C, 0x32, 0x42, 0x7A,
-        0x0C, 0x98, 0xBE, 0xCF, 0x58, 0x95, 0x9C, 0x9F,
-        0x9E, 0x2E, 0x88, 0x7D, 0xBC, 0x42, 0xAA, 0xB1,
-        0x65, 0x6A, 0xD1, 0x56, 0x37, 0xA6, 0xA8, 0xF4,
-        0xBF, 0x96, 0x34, 0x09, 0x54, 0x91, 0xF8, 0xC9,
-        0x92, 0x42, 0x91, 0x38, 0x91, 0x43, 0x7E, 0x6C,
-        0x5B, 0x50, 0xA2, 0x13, 0xDD, 0xE8, 0x0D, 0x21,
-        0x96, 0xBE, 0x12, 0xC3, 0x93, 0x7F, 0xE3, 0x23,
-        0x9B, 0xF6, 0x75, 0x9A, 0xBB, 0x8C, 0x1C, 0x94,
-        0x66, 0xF4, 0x2F, 0xBD, 0x53, 0x89, 0x4A, 0xE5,
-        0x2F, 0xB5, 0x33, 0x32, 0x14, 0x29, 0xFC, 0xE4,
-        0xFE, 0xC1, 0xDB, 0x35, 0x2C, 0x49, 0x58, 0x3A,
-        0x7D, 0x81, 0x7E, 0xAF, 0x62, 0x00, 0x08, 0x88,
-        0xEC, 0xB0, 0xEB, 0xFF, 0xEF, 0x69, 0xFF, 0x8E,
-        0x59, 0x0C, 0xFA, 0x25, 0xBE, 0xAB, 0x21, 0x60,
-        0x5B, 0x63, 0x5A, 0xBC, 0x2C, 0xA2, 0x36, 0x80,
-        0x78, 0x97, 0x25, 0xCF, 0x70, 0x0F, 0x55, 0x3C,
-        0x88, 0x35, 0x2F, 0x31, 0x61, 0x61, 0x54, 0x87,
-        0x3D, 0x18, 0xB6, 0xC6, 0xEB, 0x51, 0x9F, 0xC6,
-        0x39, 0xB0, 0x70, 0xFD, 0x67, 0xF8, 0x6A, 0xAB,
-        0x62, 0x34, 0x9D, 0xBF, 0xFA, 0x89, 0xF9, 0x30,
-        0x51, 0xA7, 0xC7, 0xB7, 0xBD, 0x16, 0x1F, 0xCD,
-        0x73, 0x67, 0x2C, 0xEE, 0xF5, 0x9A, 0x9B, 0xB7,
-        0xF5, 0x71, 0xEA, 0xBE, 0x25, 0x70, 0xC5, 0xBF,
-        0x31, 0xEC, 0xAA, 0x1F, 0x9C, 0xA7, 0xA9, 0xC6,
-        0xD3, 0x1E, 0xA5, 0xFB, 0x7C, 0x97, 0x9C, 0xDD,
-        0x26, 0x13, 0x89, 0x7E, 0x7D, 0x15, 0x03, 0xFB,
-        0x0C, 0x19, 0xAD, 0xDC, 0xFB, 0x3A, 0x63, 0xE2,
-        0x18, 0x5F, 0xC4, 0x10, 0x18, 0x38, 0xDA, 0x66,
-        0xCC, 0xE2, 0xD3, 0xD9, 0xFF, 0xB4, 0x77, 0x46,
-        0xC2, 0x00, 0x3E, 0xDD, 0x86, 0xC2, 0xF8, 0xC3
+        0x0C, 0x68, 0x1B, 0x4A, 0xA8, 0x1F, 0x26, 0xAD,
+        0xFB, 0x64, 0x5E, 0xC2, 0x4B, 0x37, 0x52, 0xF6,
+        0xB3, 0x2C, 0x68, 0x64, 0x5A, 0xA5, 0xE7, 0xA9,
+        0x99, 0xB6, 0x20, 0x36, 0xA5, 0x3D, 0xC5, 0xCB,
+        0x06, 0x0A, 0x47, 0x3C, 0x08, 0xE5, 0xDA, 0x5C,
+        0x0F, 0x5A, 0xF0, 0xE5, 0x17, 0x0C, 0x65, 0x97,
+        0xE5, 0x0E, 0xC0, 0x80, 0x60, 0xF9, 0x9B, 0x0C,
+        0x00, 0xEE, 0x9B, 0xDD, 0xAD, 0x7E, 0x7D, 0x25,
+        0xA2, 0x2B, 0x22, 0x6F, 0x90, 0x14, 0x9B, 0x4C,
+        0xE8, 0x87, 0xC7, 0x2F, 0xB6, 0x0A, 0xFF, 0x21,
+        0x44, 0xEA, 0x2A, 0x72, 0x38, 0x3B, 0x31, 0x18,
+        0xF9, 0x22, 0xD0, 0x32, 0xA1, 0x6F, 0x55, 0x42,
+        0x89, 0x90, 0x2A, 0x14, 0xCF, 0x77, 0x55, 0x51,
+        0x2B, 0xB1, 0x18, 0x6B, 0xAF, 0xAF, 0xFE, 0x79,
+        0x4D, 0x2B, 0x6C, 0xDE, 0x90, 0x10, 0x9E, 0x65,
+        0x82, 0xD3, 0x9C, 0xE0, 0xC9, 0x61, 0x97, 0x48,
+        0x4B, 0x3F, 0xA0, 0x7F, 0xC9, 0x1D, 0x39, 0x4F,
+        0xC8, 0xD8, 0x8E, 0x7F, 0xC4, 0xBE, 0x00, 0x2E,
+        0x2D, 0xB5, 0x6F, 0x0C, 0x4D, 0x9D, 0x3F, 0xBD,
+        0xA2, 0x74, 0x53, 0x6A, 0x0B, 0x86, 0xAB, 0xC6,
+        0xE3, 0x9B, 0xDA, 0x52, 0x93, 0x1A, 0xEB, 0xB8,
+        0xF1, 0x08, 0x4C, 0x5C, 0x1F, 0x7C, 0xB3, 0x17,
+        0x77, 0x88, 0xB7, 0xF3, 0x31, 0xB7, 0x07, 0x43,
+        0x61, 0x16, 0x34, 0x91, 0xD4, 0x28, 0xE7, 0x8B,
+        0xCB, 0xB5, 0x7B, 0x63, 0x08, 0x41, 0xAA, 0x98,
+        0x73, 0x33, 0x37, 0x7C, 0xF0, 0x95, 0x69, 0xCF,
+        0xD1, 0x4C, 0xC2, 0xA1, 0x1C, 0x50, 0x1B, 0xDF,
+        0x82, 0xC9, 0x3D, 0xE0, 0x5B, 0xEA, 0x20, 0x06,
+        0x0D, 0xE8, 0x9C, 0x68, 0x6B, 0x82, 0x45, 0x71,
+        0xCE, 0xF9, 0x4A, 0xB3, 0xFD, 0xAF, 0xA8, 0x51,
+        0x26, 0x19, 0x81, 0x36, 0x69, 0xD4, 0xF5, 0x36,
+        0x37, 0xFE, 0xFA, 0x4D, 0x02, 0x8C, 0xB2, 0x33,
+        0xE5, 0x69, 0x30, 0xE2, 0x23, 0x5F, 0x7E, 0x60,
+        0x34, 0xCA, 0x94, 0xB1, 0x43, 0xB7, 0x7A, 0xD4,
+        0xA6, 0x87, 0x56, 0xE8, 0xA9, 0x18, 0x4D, 0xBA,
+        0x61, 0xA8, 0x9F, 0x91, 0xED, 0xFB, 0x51, 0xA3,
+        0x92, 0x11, 0x40, 0x24, 0x73, 0xA5, 0xF8, 0x91,
+        0x45, 0x73, 0x6B, 0x2B, 0xF8, 0x56, 0x9C, 0x70,
+        0x5B, 0x0C, 0xDB, 0x89, 0x80, 0xA4, 0x47, 0xE4,
+        0xE1, 0xEA, 0xAD, 0x3E, 0x7E, 0x05, 0x78, 0xF5,
+        0xF8, 0x6B, 0x8D, 0x03, 0xC9, 0xDA, 0xFE, 0x87,
+        0x5E, 0x33, 0x9B, 0x44, 0x23, 0x84, 0x56, 0x16,
+        0x79, 0x9E, 0xDC, 0xE0, 0x5F, 0x31, 0xB9, 0x26,
+        0x64, 0xC5, 0xA5, 0x92, 0x53, 0xA6, 0x0E, 0x9D,
+        0x89, 0x54, 0x8A, 0x30, 0x0C, 0x1A, 0xDB, 0x6D,
+        0x19, 0x0A, 0x77, 0x5C, 0x5E, 0xE6, 0xE8, 0xA8,
+        0x9B, 0x6E, 0x77, 0x9B, 0x03, 0x4C, 0x34, 0x00,
+        0xA6, 0x25, 0xF4, 0xBB, 0xED, 0xBF, 0x91, 0x9C,
+        0x45, 0xB2, 0xBC, 0xD1, 0x4C, 0x66, 0x92, 0x48,
+        0xFC, 0x43, 0xC3, 0xEF, 0x47, 0xE1, 0x00, 0x75,
+        0x89, 0x42, 0xE7, 0x5E, 0x8E, 0xD6, 0x07, 0x5A,
+        0x96, 0xD7, 0x0D, 0x4E, 0xBD, 0x2B, 0x61, 0x35,
+        0x82, 0x24, 0xDD, 0xA1, 0xEC, 0x4C, 0x19, 0xC2,
+        0xA9, 0x28, 0x98, 0x17, 0x6F, 0xEB, 0x3C, 0x02,
+        0xED, 0xCB, 0x99, 0x08, 0xBA, 0xE4, 0x9B, 0xD9,
+        0x4A, 0xF0, 0x28, 0xED, 0xF8, 0xCF, 0xC2, 0xE5,
+        0xF2, 0xE0, 0xBD, 0x37, 0x50, 0x06, 0x98, 0x6A,
+        0xD4, 0x9E, 0x71, 0x75, 0x48, 0xE7, 0x46, 0xFE,
+        0xF4, 0x9C, 0x86, 0x8B, 0xCE, 0xA2, 0x79, 0x0A,
+        0xA9, 0x7E, 0x04, 0x06, 0x1B, 0x75, 0x60, 0x5C,
+        0xB3, 0x9E, 0xFD, 0x46, 0x3D, 0x7B, 0x3D, 0x68,
+        0xBA, 0x57, 0x44, 0x34, 0xFF, 0x7B, 0xE8, 0xE2,
+        0xB8, 0x4B, 0xFC, 0x47, 0xE6, 0x7E, 0x9C, 0xD1,
+        0x5F, 0x3E, 0xD4, 0x50, 0xC6, 0x1A, 0xFB, 0xA7,
+        0x9A, 0x20, 0xB0, 0xB6, 0xF2, 0x87, 0x77, 0x7C,
+        0x72, 0xF4, 0xAD, 0x24, 0x81, 0x74, 0xF1, 0x95,
+        0x94, 0x77, 0xAA, 0x7A, 0x7C, 0x97, 0xF1, 0x22,
+        0xC5, 0x04, 0x47, 0xC7, 0x48, 0x4F, 0x38, 0x2B,
+        0xC4, 0x7D, 0x81, 0xFC, 0xC9, 0xC7, 0xE8, 0x92,
+        0xC8, 0x83, 0x9D, 0x37, 0xB3, 0x53, 0x94, 0xB5,
+        0x3E, 0x6B, 0x2B, 0x18, 0x95, 0xAB, 0xB0, 0xDE,
+        0x8C, 0x98, 0xF2, 0x63, 0x3D, 0xC4, 0x41, 0x3A,
+        0x8D, 0x57, 0x35, 0xDF, 0xC9, 0xA6, 0x40, 0x26,
+        0xB6, 0xF3, 0x47, 0x79, 0xD6, 0xAC, 0x8A, 0xD9,
+        0x9C, 0xC3, 0x1A, 0xA8, 0x98, 0xC2, 0xE7, 0x05,
+        0x7F, 0x3D, 0xB8, 0xA1, 0xA8, 0xA9, 0x85, 0x27,
+        0xA7, 0x9E, 0x43, 0x55, 0x2F, 0x28, 0xD1, 0x02,
+        0x3E, 0x1F, 0x6A, 0x6B, 0x84, 0x85, 0x5C, 0xF5,
+        0xE6, 0xDF, 0x88, 0x9B, 0xA2, 0x69, 0xF0, 0x48,
+        0x94, 0x6E, 0x84, 0x02, 0x1C, 0x65, 0xC5, 0xA9,
+        0x3B, 0x00, 0x7B, 0x07, 0x74, 0x1C, 0x1E, 0xE1,
+        0x76, 0xC7, 0x39, 0x49, 0x11, 0x0F, 0x54, 0x8E,
+        0xF4, 0x33, 0x2D, 0xCD, 0xD4, 0x91, 0xD2, 0xCE,
+        0xFD, 0x02, 0x48, 0x88, 0x3F, 0x5E, 0x95, 0x25,
+        0xBC, 0x91, 0xF3, 0x0A, 0xF1, 0x7C, 0xF5, 0xA9,
+        0x8D, 0xD4, 0x4E, 0xF9, 0xA7, 0x1F, 0x99, 0xBB,
+        0x73, 0x29, 0x85, 0xBA, 0x10, 0xA7, 0x23, 0xEF,
+        0x47, 0x6F, 0xCF, 0x96, 0x6D, 0xA9, 0x45, 0x6B,
+        0x24, 0x97, 0x8E, 0x33, 0x05, 0x0D, 0x0E, 0xC9,
+        0x0D, 0x3C, 0xE4, 0x63, 0x78, 0x85, 0x1C, 0x9E,
+        0xCF, 0xCF, 0xD3, 0x6C, 0x89, 0x5D, 0x44, 0xE9,
+        0xE5, 0x06, 0x99, 0x30, 0x82, 0x52, 0x3D, 0x26,
+        0x18, 0x57, 0x66, 0xB2, 0x35, 0x68, 0xCB, 0x95,
+        0xE6, 0x41, 0x08, 0xF8, 0x9D, 0x10, 0x14, 0x74,
+        0x7C, 0x67, 0xB6, 0xF3, 0xC8, 0x76, 0x7B, 0xE5,
+        0xFC, 0x34, 0x12, 0x27, 0xDE, 0x94, 0x88, 0x86,
+        0x1C, 0x5F, 0xE8, 0x11, 0x40, 0x9F, 0x80, 0x95,
+        0x7D, 0x07, 0x52, 0x2A, 0x72, 0xCF, 0x6A, 0xB0,
+        0x37, 0x8D, 0x0F, 0x2F, 0x28, 0xAF, 0x54, 0x81,
+        0x85, 0xC3, 0x93, 0x67, 0x77, 0x99, 0x44, 0x66,
+        0xA0, 0x19, 0xD3, 0x3B, 0x18, 0xA5, 0x4F, 0x38,
+        0x0A, 0x33, 0x89, 0x2A, 0xB4, 0xD4, 0xBD, 0x50,
+        0x7B, 0x5A, 0x61, 0xD0, 0xD3, 0x58, 0x34, 0x1A,
+        0xC9, 0x2F, 0x07, 0xB4, 0x3B, 0x8F, 0x6A, 0xFC,
+        0x69, 0x91, 0xBB, 0x6A, 0x1E, 0xAC, 0x23, 0xCA,
+        0x6F, 0x73, 0xE9, 0x1F, 0x24, 0x64, 0xBD, 0x11,
+        0x90, 0x98, 0xD7, 0xE7, 0x68, 0xE7, 0x7E, 0xCE,
+        0x53, 0xFB, 0x89, 0x9B, 0xEB, 0x42, 0x26, 0x5E,
+        0xCF, 0x7B, 0x27, 0x1F, 0x66, 0x54, 0x62, 0x82,
+        0xD4, 0x72, 0xC3, 0x62, 0x39, 0x00, 0x6B, 0xB0,
+        0xAB, 0xAB, 0xCC, 0xA2, 0x45, 0x50, 0xBA, 0xA0,
+        0xA6, 0x01, 0x34, 0x8C, 0x81, 0x0F, 0xF5, 0xF9,
+        0xEE, 0x50, 0x4B, 0xF7, 0x15, 0x5D, 0xEE, 0x41,
+        0x41, 0xA1, 0x16, 0x05, 0xA4, 0xF3, 0x50, 0x9A,
+        0xC9, 0xCA, 0xEF, 0x66, 0x24, 0xD2, 0x1D, 0xE3,
+        0x32, 0xD5, 0xD5, 0x08, 0x28, 0xB5, 0x2E, 0x92,
+        0x88, 0x5D, 0x3B, 0x90, 0x55, 0x3B, 0x14, 0x46,
+        0x3A, 0xFB, 0x1E, 0xDC, 0xCD, 0x3B, 0x56, 0x9B,
+        0x5A, 0x7F, 0x00, 0xBB, 0x66, 0x76, 0x9D, 0xAD,
+        0xAC, 0x23, 0xAD, 0x8B, 0xB5, 0xD7, 0x3A, 0x6F,
+        0x39, 0x0E, 0x6F, 0xC2, 0xF6, 0xF8, 0xEE, 0x3C,
+        0xF4, 0x00, 0x9A, 0x5C, 0x3E, 0x1E, 0xF6, 0x0E,
+        0x8F, 0x04, 0x06, 0x72, 0xD2, 0x62, 0xE6, 0x49,
+        0x03, 0x79, 0xBB, 0xC7, 0x04, 0x95, 0xDF, 0xF2,
+        0x37, 0xBE, 0xCD, 0x99, 0x52, 0xCD, 0x7E, 0xDE,
+        0xB6, 0xD1, 0xDF, 0xC3, 0x60, 0xB3, 0xFC, 0x8B,
+        0x0A, 0xF4, 0x80, 0xFF, 0xE0, 0x24, 0xAE, 0xEF,
+        0xCD, 0x4E, 0x9C, 0xE9, 0x5D, 0x9B, 0x46, 0x9C,
+        0x9A, 0x70, 0xE5, 0x11, 0x0D, 0xA0, 0xBA, 0xC1,
+        0x24, 0xFC, 0x37, 0x41, 0xDC, 0xF4, 0x91, 0x16,
+        0x26, 0x17, 0x96, 0x50, 0x4D, 0x5F, 0x49, 0x0B,
+        0x43, 0x3C, 0x33, 0xC4, 0x0E, 0xDC, 0xE2, 0xB7,
+        0x51, 0x51, 0xDA, 0x25, 0x6A, 0x86, 0x8A, 0x5E,
+        0x35, 0xF8, 0x62, 0x26, 0xB8, 0x15, 0x1C, 0x91,
+        0x93, 0x4C, 0xCC, 0x3D, 0xAC, 0xA3, 0x91, 0xDE,
+        0xCC, 0xA7, 0x45, 0x37, 0x56, 0x60, 0xB6, 0xEC,
+        0x41, 0xAE, 0x5D, 0x81, 0x08, 0x38, 0xCB, 0xEE,
+        0xFF, 0xA1, 0x25, 0x57, 0x88, 0x44, 0x12, 0x35,
+        0x7B, 0x10, 0x08, 0x36, 0x3D, 0x32, 0xB2, 0x37,
+        0xAA, 0x1D, 0xD8, 0xE2, 0xD9, 0xC6, 0x36, 0x7A,
+        0xDA, 0x09, 0xB2, 0xC9, 0x50, 0x60, 0x20, 0x6C,
+        0xEC, 0x3E, 0xED, 0x39, 0x1F, 0xDC, 0x5D, 0xBE,
+        0xF6, 0xF0, 0x8B, 0xDF, 0x04, 0x08, 0xE5, 0x85,
+        0xAE, 0x5E, 0xBC, 0x8E, 0x97, 0x45, 0xD4, 0x4F,
+        0xEC, 0xA9, 0x75, 0xAB, 0xBC, 0x14, 0x0B, 0xB3,
+        0x7B, 0x8A, 0xDD, 0x16, 0xFC, 0xC2, 0x95, 0x69,
+        0x10, 0xDC, 0x72, 0xBB, 0x3F, 0x02, 0xE9, 0xA1,
+        0x30, 0xC9, 0xA8, 0x4F, 0x9C, 0xCB, 0x74, 0xD1,
+        0x34, 0xCD, 0xF4, 0x0A, 0xFC, 0xBA, 0x20, 0x09,
+        0xC8, 0xF0, 0x04, 0x02, 0x39, 0xBC, 0x99, 0x22,
+        0x0E, 0xF6, 0x4C, 0x4D, 0xCC, 0xDE, 0x2E, 0x2E,
+        0x5C, 0x9B, 0x68, 0x60, 0x2F, 0xBE, 0x8E, 0xF4,
+        0xC9, 0x8B, 0x34, 0x68, 0xC7, 0x9D, 0xF4, 0xE0,
+        0x78, 0x51, 0x1B, 0xFB, 0x8A, 0xA3, 0xDA, 0x09,
+        0x59, 0x7A, 0x02, 0x51, 0x1E, 0x7C, 0x21, 0xA7,
+        0xCF, 0x66, 0xA9, 0x38, 0x43, 0xA9, 0x48, 0x68,
+        0xF1, 0x9E, 0x85, 0x52, 0x55, 0x2E, 0x3A, 0xCD,
+        0xF6, 0xCB, 0x81, 0x06, 0x34, 0xDB, 0x97, 0xCB,
+        0xC4, 0xBB, 0x56, 0x97, 0x09, 0xDA, 0xD4, 0x84,
+        0x56, 0x45, 0x44, 0x6F, 0xA8, 0xD2, 0x89, 0xFC,
+        0x59, 0x30, 0x7B, 0x80, 0x1E, 0x60, 0xCE, 0x2A,
+        0x91, 0xE0, 0x6E, 0x9C, 0x22, 0xC1, 0x6E, 0x2E,
+        0x59, 0xBD, 0xE3, 0x8A, 0x41, 0x6B, 0xB1, 0xB4,
+        0xAC, 0x54, 0x57, 0x43, 0x8F, 0xDC, 0x5D, 0x64,
+        0x45, 0x0A, 0x89, 0xEC, 0xB8, 0x32, 0xC1, 0xBB,
+        0x27, 0x9D, 0xBF, 0x59, 0x33, 0x46, 0x81, 0x77,
+        0x6A, 0xC0, 0x04, 0x09, 0x84, 0x6D, 0x09, 0xD6,
+        0xF6, 0x87, 0x77, 0x2E, 0x34, 0x08, 0x50, 0xAB,
+        0x86, 0x73, 0x38, 0x42, 0x15, 0xE1, 0x2C, 0x8D,
+        0x0F, 0x53, 0x1C, 0x45, 0x1E, 0x58, 0x49, 0x3E,
+        0x0E, 0xE4, 0x15, 0xAD, 0x59, 0x4D, 0xF3, 0x8C,
+        0x34, 0x40, 0x8C, 0x7E, 0xD9, 0xF0, 0xC3, 0x92,
+        0xF1, 0x53, 0x46, 0x04, 0xEA, 0xC3, 0xD9, 0xC1,
+        0x54, 0x65, 0xA9, 0xA4, 0x66, 0x32, 0x21, 0x4B,
+        0x53, 0x69, 0x90, 0xD7, 0x80, 0x78, 0xE5, 0xBD,
+        0x7E, 0xAE, 0x20, 0x13, 0xFF, 0xF8, 0xFD, 0xD8,
+        0xB2, 0x75, 0xC8, 0x9D, 0x97, 0xC9, 0x35, 0x3D,
+        0xF3, 0xC4, 0x2A, 0x28, 0xE8, 0x14, 0xD8, 0x46,
+        0x8E, 0x2B, 0x48, 0xDB, 0x09, 0x76, 0xD8, 0x8F,
+        0x5E, 0xEC, 0xEF, 0xEA, 0xFB, 0x8F, 0x7F, 0x4A,
+        0xF2, 0x91, 0xA7, 0x28, 0xF6, 0x24, 0x9E, 0xCF,
+        0x56, 0x22, 0x33, 0x92, 0x69, 0xAA, 0x94, 0x53,
+        0x29, 0xE9, 0x19, 0xF8, 0xB4, 0x41, 0xC8, 0x3D,
+        0x55, 0x07, 0xF3, 0x0D, 0xF0, 0xFD, 0x2B, 0x13,
+        0xFF, 0x80, 0x6F, 0x52, 0x2D, 0xAA, 0x11, 0xAF,
+        0x67, 0x6A, 0x51, 0x3C, 0x14, 0x9C, 0x70, 0xF0,
+        0xD6, 0xE9, 0x9A, 0x88, 0x04, 0x50, 0xA5, 0x4E,
+        0x04, 0x17, 0xFE, 0x3C, 0x1E, 0x51, 0x3E, 0x9D,
+        0x92, 0x0E, 0x30, 0xA8, 0xB4, 0x28, 0x91, 0x26,
+        0x7A, 0x2D, 0xC5, 0x0A, 0xD8, 0x1F, 0x98, 0x04,
+        0x49, 0x20, 0xC0, 0x99, 0xDF, 0x22, 0xC7, 0x39,
+        0x98, 0xA2, 0x5C, 0x58, 0x1A, 0x51, 0x78, 0xC7,
+        0x2B, 0x17, 0xAC, 0x87, 0x5B, 0xC6, 0x85, 0x48,
+        0xA0, 0xFB, 0x0C, 0xBE, 0xE3, 0x8F, 0x05, 0x01,
+        0x7B, 0x12, 0x43, 0x33, 0x43, 0xA6, 0x58, 0xF1,
+        0x98, 0x0C, 0x81, 0x24, 0xEA, 0x6D, 0xD8, 0x1F
     };
     static const byte kprime_1024[KYBER_SS_SZ] = {
-        0xC6, 0x1F, 0x73, 0xD2, 0xBF, 0xB1, 0x85, 0x94,
-        0xE1, 0xBA, 0x5D, 0x3B, 0x58, 0xB4, 0xC9, 0x34,
-        0x20, 0x6D, 0x3A, 0x6F, 0x8E, 0xC9, 0x13, 0x95,
-        0xAB, 0x77, 0x79, 0xC6, 0x1F, 0xA1, 0xDD, 0x6F
+        0x8F, 0x33, 0x6E, 0x9C, 0x28, 0xDF, 0x34, 0x9E,
+        0x03, 0x22, 0x0A, 0xF0, 0x1C, 0x42, 0x83, 0x2F,
+        0xEF, 0xAB, 0x1F, 0x2A, 0x74, 0xC1, 0x6F, 0xAF,
+        0x6F, 0x64, 0xAD, 0x07, 0x1C, 0x1A, 0x33, 0x94
     };
 #endif
     static byte ss[KYBER_SS_SZ];
@@ -30860,542 +31785,475 @@ static int test_wc_kyber_decapsulate_kats(void)
 #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
     !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_NO_ML_DSA_44)
 static const byte ml_dsa_44_pub_key[] = {
-    0xf1, 0xdf, 0x1e, 0xfc, 0x6b, 0x41, 0xe7,
-    0x5e, 0xcb, 0xb5, 0xb5, 0xd2, 0x3c, 0xc8,
-    0xd3, 0x99, 0x73, 0x36, 0x9a, 0x0b, 0x32,
-    0x71, 0x7a, 0x9f, 0x6d, 0x66, 0x07, 0xb8,
-    0x31, 0x5f, 0x25, 0xb6, 0x2e, 0xee, 0x4f,
-    0x63, 0x13, 0x02, 0x45, 0x3c, 0xd1, 0x3d,
-    0x79, 0x6b, 0x3c, 0xfe, 0xd9, 0x2f, 0x39,
-    0xe8, 0x62, 0x60, 0xf0, 0x04, 0x83, 0x28,
-    0xaa, 0xdc, 0x15, 0x90, 0xef, 0x55, 0x48,
-    0xf9, 0xd2, 0xcd, 0x53, 0x87, 0x0e, 0x42,
-    0xba, 0x16, 0x87, 0x7b, 0x32, 0xa8, 0xbf,
-    0xed, 0x32, 0xa1, 0x19, 0x66, 0x44, 0xfe,
-    0x57, 0xec, 0x26, 0xed, 0x9e, 0x73, 0xa0,
-    0x87, 0xe8, 0x8a, 0x93, 0x3c, 0xec, 0x1d,
-    0xa0, 0xcc, 0x2e, 0x0d, 0x37, 0x5b, 0xb1,
-    0x74, 0x77, 0x18, 0x4b, 0xde, 0x4b, 0xc9,
-    0xac, 0xf8, 0xda, 0x23, 0x7a, 0x2a, 0x39,
-    0xfa, 0x96, 0x01, 0xff, 0xf0, 0xc7, 0xa7,
-    0x34, 0xca, 0x9d, 0xe9, 0xda, 0x4d, 0x85,
-    0x00, 0xc9, 0xe9, 0xcf, 0xb0, 0x3e, 0x21,
-    0xe6, 0xae, 0x52, 0x67, 0x4f, 0xe3, 0x93,
-    0x2f, 0x50, 0x47, 0xdd, 0x89, 0xa2, 0x48,
-    0xf8, 0xfe, 0x93, 0xfe, 0xce, 0x68, 0x9c,
-    0xe9, 0x4d, 0xdd, 0xbd, 0x9f, 0xeb, 0x14,
-    0x8d, 0x38, 0x7a, 0xc6, 0xf2, 0x50, 0x00,
-    0x91, 0x65, 0xd0, 0xd1, 0xeb, 0x51, 0xab,
-    0x3a, 0x0e, 0x45, 0x5c, 0xbd, 0x65, 0xf5,
-    0x78, 0xc6, 0xa0, 0xaa, 0xae, 0x50, 0xf2,
-    0x19, 0x1f, 0x90, 0x1a, 0x9f, 0x34, 0xa0,
-    0xa1, 0x95, 0x94, 0x86, 0x30, 0xc2, 0xb2,
-    0x95, 0x82, 0x13, 0xf6, 0x73, 0xe2, 0x03,
-    0xe3, 0x7c, 0x09, 0x8e, 0x5d, 0x07, 0xd6,
-    0x33, 0x93, 0x8a, 0x1b, 0x67, 0xc9, 0xb1,
-    0x76, 0x74, 0x1c, 0x22, 0x58, 0x05, 0x5a,
-    0xa8, 0x83, 0x68, 0xce, 0x64, 0xfc, 0x52,
-    0x7f, 0x35, 0x80, 0x6e, 0xdf, 0xf5, 0x2d,
-    0xd2, 0xd1, 0x17, 0xdc, 0xce, 0x95, 0xe8,
-    0xe6, 0x42, 0xb1, 0xb1, 0x61, 0xc1, 0x24,
-    0x79, 0x1c, 0x51, 0xfc, 0x3c, 0xba, 0x40,
-    0xf7, 0x70, 0x35, 0x22, 0x73, 0x31, 0x53,
-    0x21, 0xea, 0x09, 0xf7, 0xaa, 0x07, 0xb8,
-    0xfa, 0x0b, 0xa0, 0xa9, 0xb4, 0x8c, 0x83,
-    0xbb, 0x25, 0xfe, 0x39, 0x29, 0xef, 0x34,
-    0xd5, 0xe2, 0xc7, 0x9e, 0x87, 0xbd, 0x50,
-    0x86, 0x71, 0x12, 0x3e, 0x8a, 0x78, 0xe2,
-    0xb3, 0xe1, 0xfa, 0x5b, 0x73, 0x3b, 0x34,
-    0x9f, 0x4e, 0x7d, 0xd5, 0x1b, 0xb9, 0x8e,
-    0x43, 0x76, 0xef, 0x3e, 0x37, 0x70, 0x33,
-    0x36, 0xd1, 0xa1, 0xba, 0x1b, 0xb1, 0x79,
-    0xfb, 0x2c, 0xb1, 0x9b, 0xc3, 0x1b, 0x26,
-    0x83, 0x89, 0x4d, 0x53, 0x40, 0xa5, 0xf9,
-    0x8b, 0xe2, 0xec, 0x30, 0x1f, 0xf6, 0x16,
-    0xd6, 0x55, 0xce, 0x0e, 0x1b, 0xed, 0xe0,
-    0xeb, 0xc9, 0x7a, 0x2e, 0x1a, 0x85, 0x81,
-    0xa4, 0xe2, 0xa8, 0xbe, 0x9f, 0xac, 0x0b,
-    0x23, 0xb4, 0xbb, 0xc2, 0x0f, 0x66, 0x43,
-    0x45, 0x93, 0x20, 0x37, 0x4d, 0x47, 0x23,
-    0x7f, 0x4a, 0x5e, 0x8b, 0x19, 0xec, 0xd9,
-    0x57, 0x69, 0xc4, 0x91, 0xb0, 0xcd, 0x25,
-    0x2a, 0x7d, 0x52, 0xdb, 0x59, 0x18, 0x8b,
-    0x96, 0xad, 0x75, 0x21, 0x81, 0x1a, 0x2c,
-    0xb3, 0x26, 0x30, 0x78, 0x19, 0x2b, 0x22,
-    0x74, 0x6e, 0x92, 0x57, 0xec, 0x3c, 0x75,
-    0x8b, 0xd8, 0x4b, 0x7c, 0xd1, 0x72, 0x1b,
-    0x1f, 0xed, 0xae, 0x15, 0x82, 0xd3, 0xf6,
-    0xaf, 0x01, 0x31, 0xec, 0x1b, 0xca, 0xa5,
-    0xf8, 0x78, 0x7f, 0x8a, 0x8a, 0x03, 0xbd,
-    0x03, 0x0a, 0xc5, 0x4e, 0x15, 0xab, 0xa4,
-    0x76, 0x56, 0x5b, 0xf8, 0x50, 0xa9, 0xee,
-    0x61, 0xbd, 0x05, 0xe0, 0xdf, 0xc6, 0xbe,
-    0x4a, 0xaf, 0xdb, 0x96, 0x0a, 0x7e, 0xcb,
-    0x2e, 0xb0, 0x68, 0x4e, 0x2d, 0x88, 0x32,
-    0x1e, 0xe1, 0xbc, 0x08, 0x15, 0x15, 0x71,
-    0xe6, 0x77, 0x2b, 0xeb, 0x47, 0x81, 0xb7,
-    0xe8, 0x82, 0x9f, 0x5f, 0x94, 0xd2, 0xac,
-    0xa5, 0x89, 0x52, 0xe1, 0x3c, 0x59, 0xe0,
-    0x06, 0xe6, 0x66, 0xe1, 0xf9, 0x9d, 0x32,
-    0x42, 0x9d, 0x77, 0xfe, 0x6a, 0x12, 0x4a,
-    0xa3, 0xd2, 0x49, 0xbb, 0x39, 0xad, 0x42,
-    0xb7, 0x37, 0xfb, 0xde, 0x9d, 0xaf, 0x1b,
-    0xd5, 0x5a, 0x3b, 0x06, 0xa6, 0x51, 0x7d,
-    0x6a, 0x5c, 0x32, 0xdb, 0xde, 0x5d, 0x0d,
-    0x20, 0x88, 0xee, 0x8b, 0xa8, 0x49, 0x5b,
-    0x6c, 0x50, 0x72, 0xdb, 0x68, 0x44, 0x17,
-    0x28, 0xd4, 0xbb, 0x43, 0x8e, 0x00, 0xa5,
-    0xc8, 0x27, 0x00, 0xaa, 0x2b, 0xa4, 0xc2,
-    0x16, 0xcd, 0x2d, 0x59, 0xdc, 0x1a, 0xa2,
-    0x66, 0xe2, 0x96, 0x6b, 0xcc, 0x39, 0xc6,
-    0xe9, 0x2b, 0x14, 0xa7, 0x7d, 0x67, 0x5d,
-    0x54, 0xfc, 0x93, 0x73, 0x52, 0x47, 0xc7,
-    0x24, 0x1e, 0x7e, 0xc9, 0x2d, 0x87, 0x60,
-    0xd3, 0xd8, 0x76, 0xf0, 0x51, 0x04, 0xc7,
-    0xcb, 0x68, 0x0f, 0xd8, 0x4b, 0x22, 0xb2,
-    0x51, 0x87, 0xe9, 0x1e, 0x05, 0x3d, 0xe2,
-    0x8a, 0x6b, 0xb8, 0x96, 0xd6, 0xe0, 0x6e,
-    0x38, 0x74, 0x96, 0xad, 0x7e, 0x4f, 0x52,
-    0x35, 0xcf, 0x4a, 0x50, 0xe7, 0x60, 0x2e,
-    0x58, 0xcf, 0xdc, 0x7a, 0x9a, 0x21, 0x76,
-    0x1d, 0x2c, 0xd1, 0x98, 0xab, 0xab, 0xed,
-    0xf9, 0xec, 0xd5, 0x7b, 0x09, 0xad, 0x2e,
-    0xad, 0x5a, 0xdc, 0xad, 0xd6, 0x46, 0xba,
-    0x2d, 0x55, 0xf7, 0x0c, 0x9a, 0x23, 0x10,
-    0x50, 0x3e, 0x4f, 0xe1, 0xeb, 0x58, 0x8a,
-    0xc0, 0x17, 0x48, 0x41, 0x40, 0x65, 0x0b,
-    0xfb, 0x43, 0x9e, 0xf0, 0x37, 0x4a, 0x89,
-    0x4e, 0x71, 0xad, 0x44, 0x19, 0x13, 0xbb,
-    0x4a, 0x63, 0x83, 0x9e, 0x6a, 0x49, 0x1b,
-    0x28, 0xb0, 0x8e, 0x9c, 0x7b, 0xaf, 0xf9,
-    0x57, 0x5d, 0x35, 0x16, 0x5c, 0xa7, 0x5e,
-    0xd1, 0x0d, 0x83, 0xdc, 0x49, 0xdd, 0x40,
-    0x58, 0x9c, 0x97, 0x91, 0xa6, 0xb0, 0x68,
-    0xb0, 0xfa, 0x9e, 0xc0, 0x3f, 0x81, 0xc6,
-    0xce, 0x58, 0xc5, 0x87, 0xc6, 0xf4, 0x06,
-    0xec, 0x91, 0x57, 0x81, 0xce, 0x3a, 0xe8,
-    0xf1, 0x29, 0x3f, 0x01, 0x93, 0xf0, 0x74,
-    0x22, 0xea, 0x6b, 0x06, 0xd8, 0x65, 0xdb,
-    0xd7, 0x41, 0xd9, 0x60, 0x23, 0xe7, 0x83,
-    0xc8, 0x69, 0x6b, 0x90, 0xc5, 0xc7, 0xb9,
-    0xd5, 0xba, 0x79, 0xc9, 0x4a, 0x87, 0x23,
-    0x1c, 0x95, 0x78, 0xf3, 0x73, 0x10, 0xbe,
-    0xb2, 0x0f, 0x32, 0xec, 0xff, 0x15, 0x51,
-    0x4d, 0xb5, 0x48, 0x3c, 0xca, 0x4c, 0x5b,
-    0x32, 0x29, 0x47, 0x21, 0xba, 0x2a, 0x5d,
-    0xc9, 0x59, 0xfa, 0x8f, 0x33, 0x10, 0x83,
-    0x40, 0x80, 0xf3, 0xce, 0xee, 0x6d, 0xcd,
-    0x9c, 0xbb, 0x23, 0x0b, 0x45, 0xba, 0x7a,
-    0x07, 0xdc, 0x4d, 0x57, 0x97, 0xb4, 0xa4,
-    0xef, 0x94, 0xe8, 0x43, 0xfe, 0x18, 0x47,
-    0x1a, 0xb0, 0xf6, 0xb6, 0x0b, 0x55, 0x05,
-    0xbd, 0x67, 0x2d, 0x37, 0x27, 0x17, 0x13,
-    0x65, 0x22, 0xf2, 0x7c, 0xf7, 0x47, 0xd2,
-    0x85, 0x63, 0x98, 0x83, 0xd2, 0xc1, 0xbf,
-    0x8f, 0x4c, 0xda, 0xbf, 0xa4, 0x10, 0x6b,
-    0x4e, 0x6b, 0x78, 0x5e, 0x3f, 0x7a, 0xec,
-    0x15, 0x84, 0xbe, 0x1a, 0x94, 0xa2, 0x2b,
-    0xb5, 0x3e, 0x55, 0x86, 0x51, 0xec, 0x2e,
-    0x62, 0xcb, 0xd6, 0x9f, 0xe5, 0xa4, 0xb8,
-    0xc0, 0xaa, 0x4e, 0x6d, 0x8a, 0xb1, 0xd6,
-    0xf7, 0x8d, 0x1c, 0x04, 0x32, 0x8b, 0x20,
-    0xf5, 0x80, 0x33, 0xbd, 0xcc, 0x3e, 0x4c,
-    0x16, 0x04, 0xab, 0xd8, 0x64, 0x6d, 0xf9,
-    0xc9, 0x15, 0x7d, 0x4b, 0x00, 0x86, 0xb2,
-    0x70, 0x1d, 0x20, 0xcb, 0x7a, 0xed, 0x7e,
-    0x81, 0x7f, 0x41, 0x33, 0xb8, 0x7b, 0xc0,
-    0xa3, 0xbd, 0x12, 0xd1, 0x67, 0x48, 0xa0,
-    0xb9, 0xeb, 0xd5, 0x29, 0xab, 0x91, 0x9c,
-    0xa2, 0x2f, 0x8e, 0x01, 0x1c, 0x88, 0xc1,
-    0x3e, 0x34, 0x47, 0x36, 0x8a, 0x35, 0x6c,
-    0x2f, 0xc1, 0x8a, 0xb6, 0xd0, 0xa5, 0x01,
-    0x82, 0xee, 0x4f, 0x44, 0xb9, 0xcd, 0x16,
-    0x9c, 0x3a, 0xf8, 0xe9, 0x2a, 0xd2, 0xb6,
-    0x1d, 0xfd, 0x3c, 0x06, 0xdc, 0x42, 0xdd,
-    0x2d, 0x60, 0x6a, 0x44, 0x21, 0xc3, 0x37,
-    0x75, 0x79, 0xc5, 0x29, 0x5c, 0x7e, 0xf5,
-    0x86, 0xbb, 0x56, 0x05, 0x21, 0x46, 0xaf,
-    0x6d, 0x3a, 0xa2, 0x9e, 0x11, 0x6d, 0x9e,
-    0x05, 0x74, 0x8a, 0xfe, 0x84, 0x88, 0x3e,
-    0x76, 0xb4, 0xef, 0x2f, 0xeb, 0x52, 0xcd,
-    0x97, 0x82, 0xba, 0x0c, 0xcc, 0xcb, 0x72,
-    0x8d, 0x8d, 0xd2, 0x32, 0x7c, 0x41, 0x39,
-    0xa6, 0x22, 0xb7, 0xdc, 0x3f, 0x39, 0x43,
-    0xf5, 0xee, 0x0c, 0xfc, 0xbb, 0x2b, 0x43,
-    0xe8, 0xce, 0xae, 0x0c, 0xd9, 0x15, 0x22,
-    0x32, 0xbd, 0x69, 0xad, 0x76, 0xd9, 0xdf,
-    0x81, 0xdf, 0x24, 0x76, 0x7b, 0x53, 0x0b,
-    0xe6, 0xc7, 0x6c, 0x38, 0x2c, 0xbf, 0x28,
-    0x95, 0x03, 0x18, 0xef, 0x98, 0x88, 0xc2,
-    0x6b, 0x1a, 0xf5, 0xb4, 0xf9, 0x19, 0x76,
-    0x25, 0x1d, 0xcf, 0x9b, 0xcd, 0x4c, 0x00,
-    0x06, 0xde, 0x55, 0x58, 0x95, 0x9a, 0x06,
-    0xfb, 0xf9, 0x88, 0x20, 0x85, 0x80, 0xe3,
-    0x27, 0xdf, 0xc5, 0x20, 0x29, 0x7c, 0x58,
-    0x02, 0x07, 0x2e, 0xd2, 0xeb, 0xdc, 0x68,
-    0x58, 0x91, 0x08, 0x71, 0x16, 0xb3, 0x82,
-    0x2f, 0x6c, 0x45, 0xcd, 0xbe, 0xe5, 0x0c,
-    0x07, 0x77, 0x95, 0x3b, 0x2c, 0x59, 0x8e,
-    0xba, 0x07, 0xa8, 0xa1, 0xc6, 0xe5, 0x6a,
-    0x49, 0xb5, 0x85, 0xf2, 0x70, 0x05, 0x22,
-    0xc4, 0x2f, 0x8d, 0xdd, 0x48, 0x8d, 0x87,
-    0xfa, 0xb6, 0xf8, 0x59, 0xc8, 0xb1, 0x18,
-    0x03, 0x5f, 0xce, 0x53, 0x28, 0x96, 0x15,
-    0xd4, 0xb4, 0x10, 0x2c, 0xe2, 0x22, 0x9e,
-    0x88, 0xe5, 0xcd, 0xda, 0xfc, 0xf9, 0x64,
-    0xa4, 0x7b, 0xfb, 0xeb, 0xa8, 0x6a, 0xb6,
-    0xf6, 0x17, 0x84, 0x26, 0x3d, 0xe4, 0x66,
-    0x7e, 0x5c, 0x85, 0x01, 0xaf, 0xdc, 0xdb,
-    0x48, 0x33, 0x4a, 0x20, 0x7c, 0x22, 0x1b,
-    0xd5, 0xeb, 0x2d,
+    0x7c, 0x33, 0x31, 0x41, 0x15, 0xa7, 0x2d, 0x6b,
+    0x17, 0x7c, 0x10, 0xab, 0x75, 0xf7, 0x83, 0xb3,
+    0x30, 0x75, 0x6f, 0xa9, 0x42, 0xb0, 0x9b, 0x59,
+    0x59, 0x99, 0x2b, 0x5d, 0x7d, 0x6e, 0xeb, 0xdd,
+    0xd9, 0x99, 0x8f, 0x7b, 0xad, 0xe5, 0x90, 0x0f,
+    0xa4, 0x80, 0xd8, 0xa2, 0x0d, 0x95, 0xea, 0x63,
+    0x2b, 0xcf, 0xb4, 0x5b, 0x3c, 0xd1, 0x5a, 0xc4,
+    0xc4, 0xd1, 0x71, 0x28, 0x4b, 0x0b, 0x28, 0x32,
+    0x73, 0xb5, 0x0d, 0xd6, 0x8f, 0x6b, 0x01, 0x26,
+    0x04, 0x45, 0xa3, 0x80, 0xc0, 0x21, 0x12, 0xee,
+    0x52, 0x0f, 0x35, 0xe4, 0x8e, 0xca, 0xf8, 0x91,
+    0xf4, 0x99, 0x51, 0xe2, 0x80, 0x76, 0xa7, 0x2d,
+    0x09, 0xf5, 0x04, 0xcc, 0xa6, 0x6b, 0x20, 0xc4,
+    0xac, 0xcd, 0x6c, 0x9c, 0x09, 0xe7, 0x51, 0xa2,
+    0x29, 0x60, 0xfd, 0xf2, 0xbd, 0x7e, 0x4c, 0x9d,
+    0xc0, 0xba, 0x62, 0x2f, 0x53, 0xb2, 0x47, 0x03,
+    0xf2, 0x6f, 0x70, 0x51, 0xa8, 0xe1, 0xb7, 0x9f,
+    0x37, 0x15, 0xfa, 0xd1, 0x6c, 0x74, 0x1a, 0x2b,
+    0x4f, 0x39, 0x4f, 0x43, 0x49, 0x71, 0x6a, 0xf8,
+    0x7c, 0x65, 0x1a, 0xdd, 0x1a, 0x25, 0xf8, 0x79,
+    0xfa, 0x8c, 0x02, 0xf2, 0xf7, 0xf7, 0x7b, 0x9f,
+    0xe4, 0xaf, 0x9e, 0x1a, 0x0b, 0x5b, 0x2e, 0x41,
+    0xbb, 0xa9, 0x4f, 0xd0, 0xdb, 0xad, 0xe5, 0x25,
+    0xff, 0x36, 0x3b, 0x9a, 0xc3, 0xdf, 0xb6, 0x27,
+    0xd3, 0xba, 0xb0, 0xd4, 0xb2, 0x07, 0xc3, 0xd8,
+    0xab, 0x10, 0x3d, 0xcd, 0x23, 0x52, 0x46, 0xe6,
+    0x96, 0x57, 0x85, 0xc7, 0x60, 0xe2, 0x8c, 0x46,
+    0x65, 0x7d, 0x76, 0x1c, 0x45, 0x20, 0x5d, 0x51,
+    0xd6, 0x13, 0xde, 0xe5, 0x3d, 0xc2, 0x8c, 0x36,
+    0xdb, 0x7f, 0x83, 0x6f, 0x6a, 0xc2, 0xa3, 0xf2,
+    0xdc, 0x63, 0x69, 0x7f, 0xbd, 0xd0, 0xc1, 0x90,
+    0xfb, 0x62, 0x42, 0xa1, 0xf6, 0xf7, 0xdd, 0xc2,
+    0x4a, 0x38, 0x62, 0x9b, 0xef, 0x67, 0xf9, 0x5c,
+    0xd8, 0xff, 0xf4, 0xf2, 0x67, 0x90, 0x42, 0x85,
+    0xaf, 0xe2, 0x92, 0x6e, 0xc4, 0x9b, 0x63, 0xc3,
+    0x91, 0xa5, 0x11, 0x66, 0x13, 0x83, 0xbc, 0xbb,
+    0xc7, 0x34, 0x3b, 0x30, 0x40, 0x53, 0x91, 0xdf,
+    0x7c, 0x3d, 0x17, 0xdd, 0xa1, 0xa6, 0x80, 0xfd,
+    0x26, 0x9d, 0x60, 0x7b, 0xcd, 0xb4, 0x2b, 0xba,
+    0x61, 0x0f, 0x43, 0x7c, 0x51, 0x3c, 0xb9, 0xfa,
+    0xdb, 0x48, 0x35, 0x9f, 0x0d, 0x0c, 0x04, 0xe8,
+    0xf9, 0x6e, 0x07, 0x65, 0x7d, 0x46, 0x1b, 0xd2,
+    0x51, 0xdb, 0x55, 0x27, 0xd7, 0x3d, 0x1e, 0x36,
+    0x07, 0x59, 0x18, 0xec, 0x04, 0x4b, 0x87, 0xbb,
+    0xfb, 0x27, 0xac, 0xeb, 0x8f, 0x43, 0x46, 0xd0,
+    0x39, 0x00, 0x90, 0x54, 0x70, 0xb1, 0x71, 0xf2,
+    0xe7, 0x3d, 0x02, 0x1a, 0xcf, 0x87, 0x16, 0x67,
+    0xa2, 0x3c, 0x31, 0x48, 0xe8, 0xbd, 0x4f, 0xb3,
+    0xc2, 0xfd, 0x3d, 0xa1, 0x9c, 0x87, 0x54, 0x60,
+    0x30, 0x21, 0x52, 0x57, 0xcd, 0x03, 0x96, 0x9e,
+    0xa7, 0x8d, 0xe5, 0x02, 0x04, 0x78, 0x43, 0x72,
+    0xda, 0xb2, 0x22, 0xf1, 0xee, 0x8f, 0x27, 0x0b,
+    0x8f, 0x7b, 0xf8, 0xbc, 0x16, 0xa1, 0xef, 0x0b,
+    0x35, 0xda, 0xfc, 0x29, 0x1b, 0xf8, 0xa1, 0x35,
+    0x40, 0xe7, 0xed, 0x4c, 0x02, 0x4a, 0x83, 0xb7,
+    0x49, 0x75, 0x34, 0x3f, 0x2b, 0xb3, 0x61, 0xf5,
+    0xa3, 0x9b, 0x23, 0xca, 0xfb, 0x58, 0x16, 0x4f,
+    0x3c, 0x50, 0xbf, 0x81, 0xab, 0x54, 0x50, 0x1a,
+    0x39, 0x57, 0x5f, 0x9a, 0x72, 0x22, 0xba, 0xa4,
+    0xf6, 0xbf, 0xac, 0x31, 0x5c, 0xc5, 0x96, 0xd7,
+    0xa9, 0xe4, 0x3b, 0x0c, 0xd0, 0x7f, 0x79, 0x68,
+    0x4d, 0x41, 0x04, 0x81, 0x73, 0xcf, 0x47, 0x4a,
+    0x7b, 0x37, 0xac, 0x8e, 0x47, 0x0d, 0x72, 0x65,
+    0x0f, 0x9d, 0x44, 0xd7, 0x08, 0x21, 0x5b, 0x3f,
+    0xc8, 0x9d, 0xea, 0xa2, 0x64, 0x7b, 0x0d, 0x98,
+    0xc1, 0x61, 0xcd, 0xa4, 0xf7, 0x8c, 0x4a, 0xa3,
+    0x3b, 0xdd, 0x92, 0xce, 0x61, 0x97, 0x0e, 0x98,
+    0xa4, 0x10, 0xb5, 0x1f, 0xc5, 0xfb, 0xee, 0x49,
+    0x36, 0x8f, 0xe3, 0x2d, 0x46, 0x9c, 0xa9, 0xff,
+    0xdd, 0x1a, 0x48, 0x1b, 0x5a, 0x99, 0x84, 0x0a,
+    0x3d, 0x5c, 0xd7, 0x67, 0x32, 0x88, 0x87, 0x2a,
+    0x34, 0x50, 0x04, 0xad, 0xe6, 0xbb, 0x3c, 0xb5,
+    0xee, 0x80, 0x99, 0x70, 0xaa, 0x9d, 0x5a, 0x63,
+    0xec, 0xd5, 0x9a, 0x6a, 0x3a, 0xe8, 0xaa, 0x3d,
+    0x3f, 0xe8, 0x15, 0x2c, 0x16, 0x3e, 0x86, 0x46,
+    0x21, 0xf2, 0xd2, 0x6e, 0x74, 0x3d, 0x53, 0x94,
+    0x7c, 0x41, 0xec, 0x5b, 0xf5, 0xa4, 0xc8, 0x1f,
+    0x75, 0x22, 0x50, 0x58, 0x31, 0xf5, 0x29, 0x9a,
+    0xc2, 0x2c, 0x67, 0xd9, 0xf6, 0x2e, 0xa1, 0xa9,
+    0x0a, 0x69, 0x90, 0x7a, 0xd8, 0xed, 0x5c, 0x09,
+    0x3d, 0x14, 0xa3, 0x2b, 0xc0, 0x47, 0x88, 0xb7,
+    0xea, 0x14, 0x8a, 0xec, 0xaf, 0x0c, 0xb7, 0xc6,
+    0x7c, 0x32, 0x0f, 0x57, 0xea, 0x9f, 0xd4, 0x99,
+    0x8d, 0xab, 0xd6, 0xc9, 0x31, 0x07, 0x81, 0x37,
+    0x3d, 0xf5, 0x07, 0xb3, 0x93, 0xb7, 0x04, 0x20,
+    0xdf, 0x91, 0xef, 0xfb, 0xa6, 0x7d, 0x4b, 0x5d,
+    0xd4, 0x24, 0xd2, 0x0b, 0xc5, 0x34, 0xf6, 0x7a,
+    0xf9, 0x4a, 0x48, 0xc7, 0xab, 0xaf, 0xa8, 0xd2,
+    0xfc, 0x41, 0xc9, 0x8b, 0xa8, 0xc4, 0x2f, 0x94,
+    0x4e, 0xb0, 0xab, 0xd3, 0xd9, 0x09, 0x4b, 0x1f,
+    0x35, 0xb7, 0xb4, 0x4c, 0x2d, 0x6b, 0xe6, 0xb4,
+    0x2e, 0x8a, 0x09, 0xd3, 0x9d, 0x54, 0x3f, 0x53,
+    0xcc, 0x8e, 0x16, 0x18, 0x4e, 0x9a, 0xe8, 0x52,
+    0x84, 0x3a, 0x3e, 0xdb, 0xab, 0x65, 0xc4, 0xa1,
+    0x3c, 0xd0, 0xf6, 0x57, 0x3c, 0x0e, 0x10, 0xed,
+    0xb2, 0xa9, 0x7d, 0x70, 0x3f, 0x18, 0x1a, 0xba,
+    0x31, 0x33, 0xcb, 0x2a, 0xfd, 0x13, 0xf5, 0x23,
+    0xd7, 0x71, 0xfa, 0xb6, 0xe8, 0xda, 0x63, 0xca,
+    0x55, 0x3c, 0x5b, 0x87, 0x27, 0x96, 0x3d, 0xd0,
+    0x43, 0x9d, 0x76, 0x9f, 0x28, 0x5a, 0xb6, 0xc8,
+    0x81, 0xe4, 0x7c, 0x2a, 0x7a, 0x84, 0x0f, 0x2d,
+    0x1b, 0xd0, 0xe4, 0x0e, 0x1b, 0x47, 0x32, 0xc8,
+    0x02, 0x2d, 0x39, 0x0e, 0x7d, 0xb1, 0x12, 0x56,
+    0x50, 0x00, 0xae, 0xcc, 0x45, 0x0a, 0xd5, 0x30,
+    0x16, 0xe7, 0x3a, 0x53, 0x02, 0xbc, 0xd5, 0xef,
+    0xca, 0x00, 0xea, 0x5f, 0xbe, 0x15, 0x0d, 0x08,
+    0x76, 0xc1, 0x03, 0x93, 0x96, 0x4a, 0x88, 0xda,
+    0x9d, 0x0b, 0x51, 0x39, 0x9a, 0xef, 0xd2, 0xde,
+    0x8a, 0x2c, 0xe6, 0xf3, 0xa5, 0x70, 0x15, 0x3a,
+    0x17, 0x43, 0x31, 0xfc, 0x47, 0x9d, 0xec, 0x3b,
+    0x28, 0x6f, 0xdf, 0x45, 0x6f, 0x9e, 0x10, 0xbb,
+    0x8e, 0x43, 0xc5, 0x59, 0xe5, 0x61, 0x9b, 0xa7,
+    0xa1, 0xb8, 0x7a, 0x1c, 0xd4, 0x25, 0x26, 0xca,
+    0xe9, 0x2b, 0x0b, 0x3d, 0x06, 0xeb, 0x44, 0x44,
+    0xab, 0x4a, 0x5e, 0x68, 0x5c, 0x93, 0xf1, 0x3f,
+    0x39, 0x01, 0xb9, 0xf1, 0x01, 0xb7, 0xb6, 0x14,
+    0x44, 0x1d, 0x6d, 0x6b, 0x03, 0x45, 0x0d, 0xf3,
+    0xbf, 0x71, 0x4e, 0xf3, 0x84, 0x3d, 0xef, 0xea,
+    0x60, 0x2e, 0x2e, 0xf7, 0x33, 0xa6, 0xbe, 0x53,
+    0x49, 0x26, 0xed, 0xb4, 0xbf, 0x7f, 0xb0, 0x1d,
+    0x39, 0xb2, 0xc2, 0x88, 0xc2, 0xa2, 0xd4, 0x7f,
+    0x0e, 0x1c, 0x44, 0xa3, 0x38, 0x76, 0xa7, 0xa6,
+    0x19, 0x7e, 0x4c, 0x84, 0x25, 0x01, 0xb2, 0x78,
+    0xb4, 0x56, 0xc5, 0xc1, 0x50, 0x3f, 0xf2, 0xb6,
+    0x76, 0x09, 0x55, 0x57, 0x1c, 0xd1, 0x55, 0x23,
+    0x16, 0x2a, 0x51, 0x16, 0xaa, 0x13, 0x4f, 0x35,
+    0x69, 0xaf, 0xea, 0x01, 0x5f, 0x22, 0xc9, 0x2e,
+    0xe9, 0x8c, 0x6c, 0xa2, 0x17, 0x92, 0xdc, 0x3d,
+    0xd6, 0xf0, 0xfa, 0x5a, 0x53, 0xe0, 0xcd, 0x55,
+    0xa2, 0x91, 0x62, 0xba, 0xae, 0x67, 0x40, 0x1c,
+    0xda, 0xb4, 0xcc, 0xfc, 0x67, 0x1f, 0x44, 0xa0,
+    0x50, 0xa5, 0xde, 0xc5, 0xde, 0x5e, 0xa0, 0x3b,
+    0x05, 0x84, 0x1c, 0x2a, 0xc4, 0x96, 0x47, 0xd6,
+    0x97, 0x56, 0x40, 0x33, 0x99, 0x7c, 0x8b, 0x56,
+    0xb4, 0xfb, 0xf4, 0x23, 0xcb, 0x48, 0x81, 0x6c,
+    0xa4, 0x53, 0x41, 0x8c, 0x28, 0x61, 0xd7, 0x8c,
+    0xde, 0xde, 0xeb, 0xd4, 0xe7, 0x8a, 0x2a, 0x40,
+    0x83, 0x1c, 0xa4, 0x19, 0x0f, 0x6c, 0x73, 0xa5,
+    0x0e, 0xb6, 0x5c, 0x14, 0x36, 0xff, 0xc9, 0x99,
+    0x56, 0x53, 0x8c, 0x4e, 0x4f, 0x4a, 0x82, 0xc8,
+    0x76, 0x83, 0x81, 0xf1, 0x17, 0x82, 0x98, 0x3e,
+    0x9c, 0x99, 0x3a, 0x7c, 0x08, 0x77, 0x3e, 0xe2,
+    0x10, 0x98, 0xb0, 0xf6, 0x1d, 0xd3, 0x24, 0xe8,
+    0x98, 0xcf, 0xd8, 0x9a, 0xb8, 0xd7, 0xbe, 0x56,
+    0xa2, 0xb6, 0xf8, 0x2e, 0xfe, 0xeb, 0x96, 0xfa,
+    0xd0, 0xba, 0x79, 0x9e, 0xde, 0x72, 0x0d, 0x53,
+    0x5f, 0xdd, 0x0d, 0xb2, 0x0a, 0x8f, 0x14, 0x94,
+    0x87, 0x25, 0x5e, 0xcd, 0xd4, 0x4b, 0xaa, 0xc9,
+    0x7e, 0x41, 0x9f, 0x33, 0x77, 0xbe, 0x6d, 0x57,
+    0x68, 0xef, 0xee, 0x1a, 0xc4, 0x5c, 0x7b, 0xca,
+    0x7e, 0x33, 0x93, 0x3d, 0x88, 0x91, 0xd1, 0x34,
+    0x6a, 0x39, 0x98, 0x92, 0x50, 0x1a, 0x02, 0xcf,
+    0x89, 0x34, 0x33, 0x10, 0x65, 0x23, 0x4d, 0xb7,
+    0x00, 0xcc, 0xc1, 0x60, 0xdd, 0x7d, 0x8e, 0xd1,
+    0x16, 0xa7, 0x71, 0x7b, 0x20, 0xcb, 0xe4, 0xe8,
+    0xcc, 0xfc, 0xb8, 0x5f, 0xe4, 0xe2, 0xd6, 0x8c,
+    0x43, 0x9c, 0x06, 0xf4, 0x8d, 0xbc, 0x56, 0xd0,
+    0x0c, 0xd6, 0x0b, 0x6c, 0x33, 0x0e, 0x08, 0x77,
+    0x66, 0x52, 0x1f, 0x48, 0x0c, 0x50, 0x4a, 0xc2,
+    0x99, 0x0a, 0x15, 0x86, 0xc3, 0x9b, 0x7a, 0x5f,
+    0xfb, 0x58, 0xbd, 0x63, 0x0c, 0xbe, 0x83, 0x40,
+    0x8f, 0xba, 0x39, 0xfb, 0x45, 0xb9, 0xf7, 0x96,
+    0x62, 0xec, 0x7e, 0x77, 0xa4, 0xfb, 0xe1, 0x86,
+    0x5c, 0x0a, 0xae, 0x32, 0xbd, 0x79, 0x76, 0x8b
 };
 static const byte ml_dsa_44_good_sig[] = {
-    0xfc, 0x2d, 0xa0, 0x06, 0x85, 0xc2, 0xfc,
-    0x92, 0x47, 0x77, 0x0b, 0x39, 0xbf, 0xe5,
-    0xba, 0xd4, 0x44, 0xbf, 0xde, 0xce, 0x1f,
-    0x04, 0xa2, 0x87, 0xed, 0x4a, 0xce, 0x0e,
-    0xf3, 0x95, 0x61, 0x1e, 0x66, 0x4e, 0x9a,
-    0x5d, 0x00, 0x31, 0x32, 0xf0, 0x90, 0x3d,
-    0x7e, 0xf2, 0x9d, 0xe2, 0x93, 0xa1, 0xc8,
-    0x64, 0x36, 0xf2, 0x59, 0xc7, 0x9e, 0xb6,
-    0xb3, 0x6f, 0xe5, 0x80, 0x8d, 0x92, 0x77,
-    0xd6, 0xb6, 0xe4, 0xc5, 0x5e, 0x79, 0x45,
-    0x4b, 0xd0, 0xfe, 0x53, 0x55, 0xb6, 0x66,
-    0x88, 0xfe, 0x95, 0x40, 0x07, 0xfd, 0xdb,
-    0x40, 0x33, 0x39, 0x67, 0x03, 0x30, 0x8e,
-    0x80, 0x4e, 0xa7, 0x0e, 0xe4, 0x05, 0x04,
-    0xc5, 0x33, 0x72, 0x47, 0x5b, 0x85, 0x0f,
-    0xe1, 0xeb, 0x98, 0x1a, 0x76, 0x79, 0x84,
-    0xce, 0x26, 0x66, 0xe8, 0x92, 0xc9, 0x1f,
-    0x40, 0x96, 0x72, 0xfe, 0x61, 0xae, 0xba,
-    0x84, 0x70, 0xb7, 0x92, 0x2f, 0x7e, 0xc8,
-    0xe8, 0xe4, 0x34, 0x73, 0xd4, 0x69, 0x57,
-    0x3e, 0x28, 0x2b, 0x18, 0x0f, 0xef, 0xb1,
-    0x06, 0xe2, 0xf8, 0x79, 0x70, 0x5a, 0x84,
-    0x84, 0x6c, 0xb3, 0x57, 0x5b, 0x18, 0x42,
-    0xdf, 0xd5, 0xdb, 0xf8, 0x35, 0x5f, 0x7b,
-    0x23, 0x25, 0x2f, 0x0f, 0x17, 0x0b, 0x9a,
-    0xb6, 0xe8, 0x31, 0x30, 0x6b, 0x90, 0x06,
-    0x2c, 0xfd, 0xca, 0xaa, 0xa6, 0xc3, 0xdc,
-    0x88, 0xa7, 0x31, 0x74, 0x67, 0xe2, 0x64,
-    0x8f, 0x5c, 0xc4, 0xc0, 0x4d, 0x34, 0x15,
-    0x0d, 0xd2, 0x23, 0x69, 0xfc, 0x6e, 0xbb,
-    0x82, 0xca, 0xc4, 0xee, 0xf1, 0x14, 0xc1,
-    0xd4, 0x5a, 0x71, 0x78, 0x9b, 0x40, 0x01,
-    0xb9, 0xe4, 0x6e, 0x68, 0xf6, 0x13, 0xca,
-    0xc1, 0xea, 0x70, 0x71, 0x3d, 0xc9, 0x1a,
-    0x62, 0xb9, 0xa9, 0xe0, 0x1e, 0xe2, 0x34,
-    0xf2, 0x9a, 0xf7, 0x23, 0xb3, 0xc1, 0xca,
-    0x35, 0x0e, 0x5e, 0xa7, 0xd1, 0x3d, 0xea,
-    0x51, 0xdc, 0xe2, 0x0e, 0xfc, 0x7d, 0x26,
-    0x75, 0xec, 0x9a, 0x6e, 0x40, 0x1f, 0x60,
-    0x06, 0xd7, 0x56, 0xf8, 0xa4, 0x2a, 0x82,
-    0x9c, 0xef, 0x51, 0x4a, 0xe1, 0x01, 0x2b,
-    0xb0, 0x8b, 0x34, 0x7b, 0xe1, 0x63, 0xa4,
-    0xcc, 0x72, 0x81, 0xd9, 0xb4, 0x20, 0xcc,
-    0x60, 0xe2, 0x15, 0x6d, 0xc7, 0x6c, 0x75,
-    0x65, 0x4d, 0xb6, 0xc0, 0x36, 0x49, 0x87,
-    0x06, 0x3e, 0xca, 0x1c, 0x32, 0x36, 0x2f,
-    0xe3, 0xf6, 0x06, 0x0a, 0xb1, 0xd2, 0xfb,
-    0xee, 0x4e, 0xd7, 0xce, 0x65, 0xcc, 0x89,
-    0xf2, 0x77, 0x14, 0x27, 0x27, 0x84, 0x52,
-    0x97, 0x1b, 0x89, 0x17, 0x31, 0x8d, 0xc4,
-    0x0f, 0xc7, 0xc6, 0x45, 0x44, 0x9a, 0x97,
-    0xd3, 0x88, 0x71, 0x73, 0x97, 0x64, 0xa6,
-    0xe6, 0x3d, 0xf2, 0xd3, 0x7f, 0x7f, 0xfa,
-    0x4f, 0xf4, 0xe9, 0x76, 0x8a, 0x2a, 0xfe,
-    0x28, 0x8e, 0xa5, 0xb3, 0x46, 0x2b, 0xad,
-    0x50, 0x5e, 0x12, 0xcd, 0xf8, 0x46, 0xe4,
-    0x06, 0x12, 0xc2, 0xb8, 0xcd, 0x04, 0x76,
-    0x07, 0x7c, 0xed, 0x2f, 0x0f, 0xd6, 0x97,
-    0x31, 0xa4, 0x0c, 0x18, 0x85, 0x75, 0xd3,
-    0x55, 0xfd, 0xe3, 0x1a, 0xbf, 0x43, 0xde,
-    0x20, 0xa9, 0x19, 0xcd, 0x03, 0x01, 0xdf,
-    0x04, 0x71, 0x09, 0x94, 0x99, 0x51, 0xb0,
-    0x8e, 0x32, 0x80, 0xe6, 0x64, 0x4b, 0xdf,
-    0xa5, 0xec, 0xfa, 0xce, 0xf6, 0xf3, 0xce,
-    0x51, 0xe8, 0x6d, 0x03, 0x1e, 0x69, 0x59,
-    0xef, 0x20, 0x98, 0x71, 0xe2, 0xc3, 0xec,
-    0x19, 0x03, 0xa9, 0x2d, 0x12, 0x21, 0x79,
-    0x7e, 0xb0, 0xcb, 0x76, 0x68, 0x2f, 0x11,
-    0x01, 0x2b, 0x11, 0xef, 0xd6, 0xb7, 0x8b,
-    0x5e, 0x31, 0x78, 0x7b, 0x2d, 0xe6, 0x4a,
-    0xfb, 0xc1, 0xbb, 0x78, 0x92, 0x11, 0xcb,
-    0x91, 0x97, 0x52, 0x1b, 0x8e, 0xfb, 0x59,
-    0x02, 0x22, 0xbe, 0xf7, 0x33, 0xaa, 0x7b,
-    0xfd, 0x93, 0xf7, 0xa8, 0x9b, 0xfc, 0x99,
-    0x36, 0x22, 0x04, 0x1e, 0xdc, 0xa3, 0x2b,
-    0xe6, 0xac, 0x2e, 0x4b, 0x38, 0x0a, 0x25,
-    0xde, 0x3d, 0x8e, 0x0b, 0x95, 0x04, 0x48,
-    0x3d, 0x66, 0x52, 0x99, 0x79, 0xe1, 0x8d,
-    0xe0, 0xa7, 0xd5, 0x23, 0x0d, 0x45, 0x89,
-    0x88, 0xa9, 0x59, 0x4e, 0xc7, 0x64, 0x39,
-    0x93, 0xdd, 0xcb, 0xfe, 0x97, 0xe7, 0x7d,
-    0xab, 0x61, 0x08, 0xf7, 0x7a, 0xff, 0x10,
-    0x1d, 0x8d, 0x11, 0xa9, 0x97, 0xbd, 0x16,
-    0xb5, 0x6c, 0x84, 0x71, 0x61, 0x72, 0x36,
-    0x51, 0xe7, 0x43, 0x8b, 0x15, 0xb2, 0x48,
-    0x6a, 0x14, 0x8a, 0xbe, 0x92, 0xa7, 0xfa,
-    0xce, 0x02, 0x1a, 0x7f, 0xc5, 0xdb, 0x76,
-    0x0a, 0x4c, 0xc7, 0x20, 0x2a, 0x34, 0xf4,
-    0x92, 0x3b, 0x34, 0x69, 0x71, 0x3d, 0xe1,
-    0xf2, 0x2f, 0x52, 0xe1, 0x48, 0xbe, 0x27,
-    0x47, 0x1d, 0x55, 0x96, 0x6e, 0xa3, 0x39,
-    0xc6, 0xd8, 0x12, 0xe0, 0xb2, 0x93, 0x56,
-    0xef, 0x10, 0xf4, 0xa6, 0xf4, 0x5f, 0xa9,
-    0xfd, 0x5d, 0x01, 0x87, 0xb8, 0xe5, 0x4f,
-    0x86, 0x2c, 0xa5, 0x09, 0xfc, 0x29, 0x84,
-    0x5b, 0x44, 0xf9, 0x8d, 0x9c, 0xbb, 0x19,
-    0x97, 0x52, 0xbb, 0xac, 0x19, 0x57, 0x68,
-    0x7d, 0x74, 0xb5, 0x4f, 0xda, 0x8a, 0x9c,
-    0xcf, 0x5d, 0x7b, 0xd9, 0xf0, 0xb3, 0x11,
-    0x76, 0x50, 0x03, 0x06, 0x44, 0xe7, 0x68,
-    0x35, 0xe9, 0x14, 0x20, 0xbd, 0x0d, 0x90,
-    0x96, 0x21, 0xa1, 0x17, 0x8f, 0xf7, 0x50,
-    0x6c, 0xc0, 0x76, 0x3d, 0x34, 0x8d, 0xf2,
-    0x75, 0xf0, 0xa2, 0x6c, 0x8a, 0xc1, 0x56,
-    0x95, 0xb2, 0xd9, 0x87, 0xf2, 0xe4, 0x80,
-    0x25, 0xc7, 0x97, 0xd2, 0xd2, 0xf8, 0x1c,
-    0x7a, 0x48, 0x70, 0x99, 0x6b, 0xf2, 0x50,
-    0x83, 0xf3, 0x10, 0xb1, 0x9b, 0x6d, 0x75,
-    0x53, 0x86, 0x23, 0xc9, 0x60, 0x4d, 0x73,
-    0xc7, 0x52, 0x90, 0x12, 0x6b, 0x92, 0x2d,
-    0x35, 0xbc, 0x4d, 0x86, 0x67, 0xfe, 0x35,
-    0x11, 0x6c, 0xbb, 0x9b, 0x76, 0xaf, 0x26,
-    0xae, 0x50, 0x23, 0x76, 0x68, 0x16, 0x80,
-    0xf0, 0xa4, 0xcc, 0x76, 0x6b, 0xf3, 0x99,
-    0x04, 0x8b, 0x39, 0xf2, 0xa6, 0xa9, 0x72,
-    0x6f, 0xbe, 0xa8, 0xdb, 0x53, 0xf3, 0x93,
-    0x00, 0xac, 0x3e, 0x8f, 0xdd, 0x68, 0x9e,
-    0x2f, 0xe3, 0x48, 0x0b, 0x11, 0xe2, 0x9a,
-    0xfa, 0x98, 0x32, 0x40, 0x26, 0xf8, 0x83,
-    0xc6, 0x00, 0x02, 0x7d, 0xb5, 0xd2, 0xd4,
-    0xdd, 0xc6, 0x02, 0xec, 0xb3, 0x98, 0xd6,
-    0x8e, 0xab, 0x75, 0x06, 0x37, 0x97, 0x4c,
-    0x50, 0xc5, 0xe1, 0x43, 0x34, 0xd6, 0xbd,
-    0xb6, 0xfc, 0xb7, 0x04, 0x0d, 0xd8, 0x35,
-    0xb4, 0x3e, 0x0e, 0x43, 0x22, 0x83, 0xf5,
-    0x5d, 0x2e, 0x0a, 0x8f, 0xa0, 0xec, 0x17,
-    0xd9, 0xa1, 0x84, 0x98, 0x32, 0x5c, 0x99,
-    0x66, 0x05, 0x70, 0x9a, 0xa4, 0x9b, 0xbe,
-    0xd3, 0x3d, 0x2a, 0x13, 0xb1, 0x96, 0x37,
-    0x4f, 0xe7, 0x6f, 0x6b, 0x5e, 0x80, 0xe4,
-    0xb6, 0x98, 0x56, 0xed, 0xff, 0x5b, 0x21,
-    0x5f, 0x79, 0x9a, 0x0f, 0x53, 0x69, 0x76,
-    0xdb, 0xc0, 0x12, 0x9c, 0xed, 0xd4, 0x00,
-    0x64, 0xca, 0xf4, 0xc3, 0x17, 0x49, 0xbb,
-    0xef, 0xbc, 0x7b, 0x73, 0x24, 0x4f, 0x6e,
-    0xcf, 0x25, 0x49, 0x30, 0x4f, 0x9a, 0xb7,
-    0x2a, 0x2f, 0xc2, 0x69, 0x74, 0xe5, 0xa6,
-    0xd7, 0x29, 0x4d, 0x80, 0xe6, 0xf6, 0x66,
-    0x4b, 0xdf, 0xef, 0xfd, 0xb5, 0xaa, 0x53,
-    0x75, 0x0e, 0xf5, 0x92, 0xb3, 0x30, 0x3d,
-    0x5d, 0xa8, 0x49, 0x74, 0xa2, 0x13, 0xb3,
-    0x99, 0x7e, 0xf9, 0x34, 0x08, 0xc2, 0xa6,
-    0xc9, 0xd1, 0xb7, 0x65, 0xf4, 0xa9, 0xda,
-    0x11, 0x07, 0x89, 0x08, 0x92, 0xdf, 0x1a,
-    0x8d, 0xd7, 0x1e, 0xe9, 0xa3, 0x5c, 0x66,
-    0x79, 0xa0, 0x2d, 0xd1, 0xd9, 0x65, 0xa2,
-    0xd3, 0x47, 0xb1, 0xa1, 0xf4, 0xa1, 0x18,
-    0x7f, 0xb0, 0xd1, 0x20, 0x05, 0x06, 0x6f,
-    0xda, 0xe3, 0xef, 0xee, 0x47, 0xdf, 0x80,
-    0x22, 0x14, 0x4b, 0xc2, 0xe4, 0xea, 0x02,
-    0xe7, 0x06, 0xc8, 0x2d, 0x2d, 0xbd, 0xd2,
-    0xef, 0xd3, 0x3b, 0xf0, 0xc8, 0xc1, 0x04,
-    0x53, 0x81, 0x27, 0xb2, 0xf2, 0xf8, 0x5d,
-    0xe1, 0x27, 0xd6, 0xd8, 0x2e, 0x0d, 0x43,
-    0xf4, 0xf0, 0x7a, 0x8c, 0x78, 0x3f, 0x23,
-    0x4d, 0x05, 0xf6, 0xc6, 0x9a, 0xc1, 0x19,
-    0x58, 0x48, 0x02, 0x71, 0xc4, 0xf1, 0x16,
-    0xc2, 0xbf, 0xc2, 0xf5, 0xa6, 0x70, 0x25,
-    0x8b, 0x6c, 0x31, 0xa6, 0x2b, 0x6a, 0x1f,
-    0x26, 0x4a, 0x6b, 0x05, 0x67, 0xa9, 0x5e,
-    0xa6, 0xc7, 0x19, 0xf0, 0x6f, 0xc2, 0xa4,
-    0x07, 0xe1, 0xf8, 0xb6, 0x70, 0x79, 0x85,
-    0x97, 0x1f, 0xc2, 0x97, 0xf3, 0x57, 0x3d,
-    0xd1, 0x70, 0xb1, 0xe8, 0x43, 0x11, 0xe6,
-    0x2f, 0x8a, 0x12, 0x97, 0xe1, 0x1f, 0x86,
-    0x33, 0xa1, 0x30, 0xb3, 0x8e, 0xd7, 0x43,
-    0x99, 0x35, 0xd3, 0x48, 0x04, 0x29, 0xa3,
-    0xf3, 0x2c, 0x0e, 0xda, 0x66, 0xc8, 0xa9,
-    0xd3, 0x28, 0x7f, 0xf0, 0xaa, 0x53, 0xc8,
-    0x4b, 0xa3, 0xde, 0xcc, 0x5f, 0xae, 0x9b,
-    0x2f, 0x20, 0xf7, 0x9a, 0x41, 0xb7, 0xdb,
-    0x7a, 0x92, 0xa1, 0x45, 0x2c, 0x49, 0xb7,
-    0x2d, 0xe5, 0x6e, 0x84, 0xb1, 0xa4, 0x6e,
-    0xea, 0xf9, 0xca, 0xc6, 0x0f, 0xd3, 0xdc,
-    0xad, 0x79, 0xf4, 0x3b, 0xc0, 0x8c, 0x8c,
-    0x6f, 0xdf, 0x2c, 0xbb, 0x2a, 0x9f, 0x74,
-    0x2f, 0x31, 0x7b, 0x05, 0xc5, 0xc4, 0x22,
-    0xfd, 0xfc, 0xdf, 0x95, 0x3b, 0x21, 0x41,
-    0xab, 0x5b, 0xe9, 0x37, 0xdf, 0xd3, 0x4c,
-    0x97, 0x73, 0xac, 0xbd, 0x82, 0x97, 0xd0,
-    0x00, 0x55, 0x47, 0xa4, 0x67, 0x12, 0xcd,
-    0xe3, 0x01, 0x31, 0xe6, 0x1c, 0x61, 0xf8,
-    0xa4, 0xce, 0x23, 0xed, 0xeb, 0x8f, 0x57,
-    0xbf, 0x97, 0x4b, 0x26, 0x75, 0xa0, 0x4b,
-    0xf6, 0x7e, 0xda, 0x1c, 0x90, 0x8a, 0xc4,
-    0xf4, 0x60, 0xfc, 0x65, 0x45, 0x8c, 0x1b,
-    0x5c, 0x65, 0xc4, 0x5d, 0x99, 0x9a, 0xed,
-    0x62, 0xd6, 0x74, 0x43, 0xac, 0x5e, 0x0c,
-    0xfd, 0x7d, 0xf2, 0x4f, 0xc3, 0x02, 0xc8,
-    0x24, 0xa7, 0x17, 0x49, 0xf9, 0xdd, 0xc9,
-    0x64, 0x71, 0x08, 0xb9, 0xac, 0x47, 0x3d,
-    0x6a, 0x4f, 0xdc, 0xa6, 0x56, 0x00, 0x01,
-    0x53, 0x2d, 0xca, 0x32, 0x4e, 0x40, 0xec,
-    0x14, 0x03, 0x69, 0x75, 0xfa, 0x93, 0x49,
-    0x98, 0x04, 0x25, 0x29, 0xe5, 0x78, 0x6e,
-    0x3e, 0x99, 0x58, 0x18, 0x48, 0xf3, 0x29,
-    0x56, 0x8d, 0x23, 0xd1, 0x5d, 0xb2, 0x2a,
-    0x74, 0xa7, 0x53, 0xc5, 0xc6, 0xc4, 0x12,
-    0xfe, 0x65, 0x6c, 0xde, 0xc3, 0x6c, 0x18,
-    0xde, 0xc3, 0x97, 0xaa, 0xed, 0x69, 0x3c,
-    0x4d, 0xc9, 0xa9, 0x63, 0xa9, 0x4d, 0x91,
-    0x63, 0xa3, 0x1c, 0x87, 0x36, 0x19, 0x4a,
-    0xc5, 0xd1, 0xcb, 0xf4, 0x88, 0xfd, 0xa0,
-    0x9b, 0x37, 0x9a, 0x7e, 0xcc, 0x09, 0xac,
-    0x3b, 0xf0, 0xf5, 0xb5, 0x15, 0x72, 0x47,
-    0xb0, 0x42, 0x0d, 0xed, 0x19, 0x42, 0x93,
-    0x5a, 0x56, 0xbf, 0x2c, 0x4b, 0xec, 0xf4,
-    0x13, 0x30, 0x0b, 0xdf, 0x0e, 0xc1, 0x22,
-    0xa5, 0x6c, 0xf4, 0xcf, 0x09, 0x83, 0xe2,
-    0xd0, 0x05, 0x62, 0x8d, 0xda, 0xea, 0x79,
-    0xa9, 0x6c, 0xe1, 0x90, 0xc0, 0xe7, 0x6d,
-    0x63, 0x8e, 0xe5, 0xe0, 0xa9, 0x67, 0x80,
-    0xb7, 0x80, 0x43, 0xfc, 0xa1, 0x11, 0x6d,
-    0xc9, 0x91, 0xa3, 0xcb, 0x1a, 0x6e, 0xf8,
-    0x6e, 0xdb, 0xf0, 0x7d, 0xeb, 0x45, 0x6a,
-    0xee, 0xd8, 0x3e, 0x6b, 0x9a, 0xc4, 0xcd,
-    0x7b, 0x35, 0x19, 0x73, 0x14, 0x22, 0x47,
-    0x86, 0x54, 0x34, 0xc9, 0x02, 0x49, 0xe6,
-    0xb9, 0x45, 0xf7, 0x2c, 0xf7, 0xa4, 0x12,
-    0xc4, 0x7a, 0x95, 0x41, 0x54, 0x8d, 0x51,
-    0xc5, 0x1a, 0x19, 0x75, 0x0c, 0x11, 0x03,
-    0xd0, 0x6f, 0x56, 0x04, 0xb2, 0x87, 0x21,
-    0xdb, 0x47, 0xed, 0x9b, 0xe8, 0xec, 0xa3,
-    0xe1, 0x74, 0x3e, 0x21, 0x50, 0xf2, 0x09,
-    0x2c, 0x5e, 0x3d, 0xca, 0xa7, 0x31, 0x7c,
-    0xbd, 0xe4, 0xf1, 0x15, 0x0d, 0xe6, 0x3d,
-    0x4c, 0x8e, 0x36, 0x45, 0xf7, 0x08, 0x3d,
-    0x56, 0x63, 0xb6, 0x99, 0x46, 0x34, 0x48,
-    0xfa, 0xcf, 0x88, 0xe5, 0x43, 0xf7, 0x88,
-    0xd5, 0x55, 0x13, 0xfe, 0x79, 0x02, 0x49,
-    0x1e, 0x82, 0x45, 0x45, 0x29, 0x8e, 0x0a,
-    0x7c, 0x77, 0x51, 0x1b, 0x8e, 0x75, 0xd5,
-    0xd6, 0x61, 0xff, 0xa5, 0xfe, 0x59, 0x48,
-    0xbf, 0xfc, 0xf2, 0xcd, 0x37, 0x09, 0x4c,
-    0xb6, 0xfc, 0xb0, 0x20, 0x5f, 0x12, 0x7a,
-    0x3f, 0x64, 0x96, 0xdb, 0xc8, 0xe8, 0xd0,
-    0x11, 0x19, 0x47, 0x95, 0x2d, 0x3d, 0xbf,
-    0x56, 0x9c, 0x23, 0x30, 0x07, 0x1f, 0x2c,
-    0x04, 0x5c, 0x7e, 0x4e, 0x2e, 0xa6, 0x20,
-    0x38, 0xa0, 0x88, 0x47, 0x8a, 0x3f, 0x8f,
-    0x8a, 0xe7, 0x6d, 0x0a, 0xf1, 0x2d, 0xd6,
-    0x10, 0x23, 0x01, 0x62, 0x71, 0x5a, 0xbb,
-    0x51, 0x98, 0xa1, 0x27, 0x7d, 0xba, 0x5f,
-    0xe4, 0xdc, 0xd6, 0xd7, 0x4c, 0x1a, 0xe0,
-    0x4d, 0xe1, 0xee, 0x61, 0xb7, 0xc5, 0x50,
-    0x92, 0x99, 0xc7, 0x7b, 0x18, 0xf9, 0x89,
-    0x2b, 0x57, 0xf9, 0xe9, 0xac, 0x23, 0x6e,
-    0xff, 0xbd, 0x5a, 0x93, 0xdf, 0x15, 0x74,
-    0x92, 0x0b, 0x76, 0x84, 0x96, 0x94, 0x1b,
-    0x8f, 0xe4, 0x6e, 0x2b, 0xd7, 0x47, 0xfd,
-    0x24, 0x3b, 0xe4, 0xe4, 0x99, 0xf9, 0x0b,
-    0xf9, 0x29, 0x25, 0x25, 0x6a, 0xc0, 0x1e,
-    0xb8, 0x8c, 0xd6, 0xd0, 0x6e, 0x13, 0x86,
-    0xa8, 0x7c, 0xc3, 0x31, 0x30, 0x2e, 0x9b,
-    0x51, 0xc1, 0x21, 0xea, 0x15, 0x8e, 0xd8,
-    0x06, 0xa2, 0xe9, 0x12, 0x9f, 0xcb, 0x6b,
-    0x24, 0xef, 0x4e, 0x19, 0x6c, 0xa5, 0x98,
-    0x47, 0x8b, 0x4d, 0xbe, 0x00, 0x0c, 0x04,
-    0xe3, 0x4d, 0x84, 0x64, 0x36, 0x20, 0x9f,
-    0xde, 0xe2, 0x55, 0x89, 0x3e, 0x40, 0xe1,
-    0xe3, 0x63, 0x0a, 0xe7, 0x15, 0x4c, 0xcd,
-    0x4b, 0x63, 0x6f, 0x70, 0xc2, 0x84, 0x30,
-    0x5d, 0x22, 0xd0, 0xe4, 0x65, 0xfb, 0x8a,
-    0x07, 0x1a, 0x54, 0xf5, 0x4b, 0x65, 0xad,
-    0x64, 0x91, 0x6e, 0x23, 0x98, 0x31, 0x26,
-    0x79, 0x70, 0x94, 0xff, 0xc0, 0x65, 0x70,
-    0xb4, 0x9d, 0x74, 0x8e, 0x76, 0x6b, 0x9a,
-    0x24, 0x28, 0x0d, 0x8a, 0x93, 0x87, 0x18,
-    0x04, 0x10, 0xfd, 0x0b, 0xaf, 0xd3, 0x92,
-    0xbb, 0xb5, 0x41, 0xd2, 0x87, 0xc7, 0x69,
-    0x89, 0x0c, 0x52, 0xf8, 0x46, 0x70, 0x8e,
-    0xf0, 0x99, 0x96, 0x57, 0x40, 0x9c, 0xef,
-    0x9a, 0xc2, 0x63, 0x47, 0x13, 0x11, 0x68,
-    0x40, 0xab, 0x36, 0x16, 0x53, 0xd6, 0x8f,
-    0x58, 0x5a, 0xdd, 0x0c, 0xd7, 0x17, 0x6a,
-    0x39, 0x34, 0xf1, 0xe7, 0x75, 0x3b, 0x41,
-    0x7e, 0x5a, 0x70, 0xfe, 0x5b, 0x08, 0x30,
-    0xf4, 0x7b, 0x1d, 0xd0, 0x70, 0xae, 0x18,
-    0xad, 0xd4, 0xff, 0xbb, 0xa4, 0x31, 0xec,
-    0x28, 0x72, 0x64, 0x9a, 0x24, 0x16, 0x30,
-    0xe4, 0xc5, 0x3c, 0xb0, 0x3c, 0x81, 0x4f,
-    0xb9, 0xfc, 0xe1, 0x3a, 0x05, 0x17, 0xb2,
-    0x18, 0x4c, 0x98, 0x3b, 0xfc, 0x93, 0xf0,
-    0x0d, 0xb6, 0x3c, 0x54, 0x7b, 0x10, 0xfd,
-    0x7f, 0x63, 0xfe, 0xa5, 0xc6, 0xb5, 0x24,
-    0xb4, 0xf2, 0x2f, 0xb2, 0x6f, 0x7f, 0xdb,
-    0x01, 0xdb, 0xaf, 0x57, 0xdc, 0xdb, 0xf4,
-    0xc8, 0x31, 0xb0, 0xdd, 0x05, 0x8b, 0x9b,
-    0x6e, 0x7c, 0x5e, 0x5e, 0x31, 0x2c, 0x7f,
-    0xbb, 0xa4, 0x26, 0x88, 0xe1, 0x55, 0x3d,
-    0x8d, 0x36, 0x69, 0xb7, 0xc8, 0xcc, 0x05,
-    0xfe, 0x6e, 0xcc, 0xcb, 0xfd, 0x81, 0x14,
-    0x8b, 0xbc, 0x0c, 0xd4, 0x7e, 0xb4, 0x13,
-    0xc0, 0xe2, 0x51, 0xf4, 0x07, 0xde, 0xc4,
-    0x1c, 0xf0, 0xc8, 0x92, 0xd4, 0x38, 0xd7,
-    0x1e, 0x57, 0xa7, 0x4b, 0xc7, 0xf8, 0xca,
-    0xcc, 0x61, 0x86, 0x96, 0x50, 0x4e, 0x6a,
-    0x71, 0xbd, 0x5f, 0xc6, 0x48, 0x8b, 0x6f,
-    0xeb, 0x53, 0x50, 0xea, 0x35, 0x39, 0x79,
-    0xcc, 0xee, 0xae, 0x81, 0x0f, 0xe2, 0xd2,
-    0xbb, 0x81, 0x03, 0x8a, 0xeb, 0x98, 0xc2,
-    0xad, 0xb7, 0xc0, 0x14, 0x68, 0xb9, 0x7e,
-    0x8e, 0x30, 0x11, 0x43, 0x59, 0x8f, 0x04,
-    0x2f, 0x7a, 0x99, 0x36, 0xd0, 0x75, 0x07,
-    0x6b, 0x8e, 0xc2, 0x10, 0xac, 0xc6, 0x4d,
-    0x30, 0x91, 0x9f, 0xde, 0x33, 0x0e, 0xe7,
-    0xbc, 0xe5, 0x94, 0xbf, 0x80, 0xdb, 0xb7,
-    0xe0, 0x8f, 0xb7, 0x74, 0xc3, 0x77, 0x18,
-    0x76, 0x33, 0x34, 0xb8, 0xe4, 0x81, 0xa5,
-    0xd9, 0xf7, 0x78, 0xba, 0xec, 0x62, 0x34,
-    0xcb, 0x54, 0xbe, 0x90, 0xc1, 0x56, 0x59,
-    0x22, 0x94, 0x5b, 0x1a, 0x8f, 0xc6, 0x8f,
-    0xf2, 0x84, 0x1f, 0x61, 0x4e, 0xeb, 0x98,
-    0x72, 0xdd, 0xde, 0xc9, 0xc6, 0xab, 0xd1,
-    0xad, 0xd1, 0x02, 0x60, 0x82, 0x89, 0xba,
-    0xf5, 0x1a, 0x6b, 0xde, 0x96, 0x19, 0x64,
-    0x44, 0x0a, 0xd6, 0x27, 0x9f, 0x67, 0x96,
-    0x44, 0xcc, 0x4b, 0xfd, 0x8f, 0x9e, 0xa1,
-    0x1f, 0x06, 0xac, 0x2e, 0xcf, 0xdb, 0xc7,
-    0x08, 0x5e, 0xe3, 0xa2, 0x59, 0xa2, 0x22,
-    0xf1, 0x7a, 0xce, 0xf5, 0x30, 0x53, 0xc0,
-    0xbb, 0x36, 0x13, 0x95, 0x69, 0xe2, 0x28,
-    0x47, 0xad, 0xb1, 0x82, 0xfd, 0x14, 0xf6,
-    0x6e, 0xed, 0x5b, 0xe0, 0xeb, 0x13, 0x5c,
-    0xc6, 0x72, 0xd5, 0x2c, 0xd0, 0xae, 0xc3,
-    0xad, 0xa9, 0x60, 0x2a, 0x68, 0x7b, 0x03,
-    0x54, 0xc5, 0xd1, 0x71, 0xc4, 0x99, 0x48,
-    0x75, 0x18, 0x1e, 0xda, 0x0a, 0x8b, 0xe1,
-    0x2d, 0x67, 0x1f, 0xae, 0x91, 0xc0, 0x37,
-    0x39, 0x8c, 0x7c, 0x9e, 0x42, 0xd3, 0x6e,
-    0xaf, 0x7e, 0x8e, 0xa0, 0x01, 0x45, 0xc1,
-    0xc6, 0xef, 0xc6, 0x2e, 0x87, 0x7b, 0x5a,
-    0x60, 0xe0, 0xec, 0x3b, 0x76, 0x8e, 0xb3,
-    0x0d, 0x57, 0x86, 0xa2, 0xc9, 0x1a, 0x1b,
-    0x38, 0x6b, 0x75, 0x7a, 0x81, 0x8b, 0x97,
-    0x99, 0xa1, 0xbb, 0xd8, 0xda, 0xdf, 0xea,
-    0xef, 0xf0, 0xf9, 0x01, 0x08, 0x11, 0x18,
-    0x26, 0x36, 0x4b, 0x52, 0x56, 0x68, 0x7b,
-    0x98, 0xca, 0xd3, 0xd6, 0xef, 0xf6, 0x05,
-    0x07, 0x09, 0x10, 0x1f, 0x21, 0x28, 0x32,
-    0x39, 0x3a, 0x3c, 0x54, 0x77, 0x7b, 0x81,
-    0x99, 0xa9, 0xb0, 0xb2, 0xce, 0xe5, 0xe7,
-    0x1f, 0x23, 0x3f, 0x4e, 0x50, 0x5d, 0x71,
-    0x7a, 0x7c, 0x91, 0xa7, 0xab, 0xae, 0xd0,
-    0xd6, 0xe1, 0xe6, 0xf1, 0xf3, 0xfa, 0x00,
-    0x00, 0x13, 0x24, 0x3a, 0x4e,
+    0x09, 0xf0, 0xae, 0xbb, 0x25, 0xc7, 0xfc, 0xdd,
+    0x93, 0x25, 0x9c, 0x50, 0xd9, 0x2e, 0x72, 0x5d,
+    0x53, 0xf5, 0x29, 0xd7, 0x4c, 0xc2, 0xd6, 0x81,
+    0x5c, 0xf3, 0x3f, 0x9a, 0x8a, 0xa9, 0x00, 0x21,
+    0x6c, 0xc6, 0xb9, 0x72, 0xb7, 0x0e, 0x00, 0x55,
+    0x9f, 0xd7, 0xae, 0x92, 0xc3, 0xbc, 0x8f, 0x2d,
+    0x4f, 0x54, 0x87, 0x56, 0x52, 0xd3, 0xdd, 0xaf,
+    0xe0, 0xff, 0xda, 0x80, 0x1b, 0xf3, 0x56, 0x90,
+    0xdd, 0x07, 0x86, 0xad, 0xf7, 0xf3, 0x8e, 0xcf,
+    0x3a, 0x57, 0x30, 0x52, 0xaa, 0xd2, 0xb1, 0xf0,
+    0x66, 0xea, 0x67, 0xab, 0x94, 0x1d, 0x96, 0x04,
+    0xaa, 0xcf, 0x0e, 0xb0, 0xbc, 0x7d, 0x8a, 0x4c,
+    0x62, 0x21, 0x82, 0x81, 0x98, 0x63, 0x22, 0x91,
+    0xb9, 0xfe, 0x53, 0x63, 0x8d, 0xdf, 0xe6, 0x19,
+    0xc1, 0x54, 0x3b, 0xf0, 0xf5, 0xe4, 0xc4, 0x36,
+    0x66, 0x2f, 0xcc, 0x4f, 0xed, 0xc6, 0x62, 0x7d,
+    0x8b, 0x7b, 0x89, 0xac, 0x23, 0x0b, 0x40, 0x4e,
+    0x2d, 0xdc, 0xe5, 0xa2, 0xbc, 0x8b, 0xac, 0xe7,
+    0x0b, 0xaa, 0x15, 0xa0, 0x79, 0x4a, 0x97, 0x8a,
+    0xc8, 0xb1, 0x31, 0xea, 0x29, 0x99, 0x14, 0x5d,
+    0x5b, 0x8c, 0xc2, 0xd0, 0xc2, 0x29, 0xd0, 0x85,
+    0xb9, 0x25, 0x16, 0x08, 0xe8, 0x41, 0xa7, 0x77,
+    0x1a, 0xbf, 0x5a, 0x48, 0x5a, 0x7f, 0x97, 0x44,
+    0x62, 0xb4, 0x68, 0x2e, 0x05, 0x48, 0xde, 0x0f,
+    0x69, 0xcc, 0x05, 0x3c, 0xa4, 0x85, 0x20, 0x60,
+    0xfd, 0x45, 0x6a, 0x14, 0xb9, 0x76, 0x8d, 0x48,
+    0xe7, 0x71, 0xd0, 0xd7, 0xbe, 0xe3, 0x36, 0xd6,
+    0x94, 0x5c, 0x22, 0x6e, 0x28, 0xc6, 0x34, 0x93,
+    0xf4, 0x6c, 0xf2, 0x62, 0xbf, 0x8f, 0x6d, 0x07,
+    0xff, 0x38, 0x92, 0x23, 0x19, 0x55, 0xd0, 0x66,
+    0x72, 0x76, 0xc1, 0x43, 0xbc, 0x60, 0x5d, 0xaa,
+    0x61, 0x10, 0xdb, 0x0c, 0x49, 0x7b, 0x99, 0xce,
+    0x14, 0xe3, 0x0b, 0x80, 0xdc, 0x8a, 0x3d, 0xa5,
+    0x3a, 0x0e, 0x29, 0x88, 0x09, 0x1f, 0x9c, 0x03,
+    0x32, 0x13, 0xc2, 0xe1, 0x49, 0x26, 0xc7, 0x11,
+    0xfa, 0x7f, 0x2d, 0x64, 0xfc, 0xf9, 0xaf, 0xd0,
+    0x4d, 0xcf, 0x3a, 0x23, 0x49, 0xde, 0xf2, 0x5d,
+    0xad, 0xf3, 0xde, 0xe0, 0x9a, 0xa2, 0x96, 0x0a,
+    0x9d, 0x97, 0x39, 0x88, 0x60, 0x75, 0xec, 0x29,
+    0x9b, 0x93, 0xfc, 0x80, 0xb3, 0xeb, 0xb0, 0xc6,
+    0xa8, 0xea, 0x75, 0x67, 0xed, 0xbd, 0x42, 0x2a,
+    0xed, 0x22, 0x27, 0xdb, 0x41, 0x3a, 0x94, 0x86,
+    0xd7, 0x4a, 0xf1, 0x8f, 0xa5, 0x47, 0x38, 0xa3,
+    0x3c, 0xe7, 0x17, 0x5d, 0xce, 0xdc, 0x32, 0x7c,
+    0xe4, 0x05, 0x58, 0x98, 0x67, 0xc8, 0xaf, 0x35,
+    0x5d, 0xf9, 0xc0, 0x10, 0x6d, 0x9d, 0xd3, 0x27,
+    0x79, 0x3c, 0x1d, 0xdd, 0xfb, 0x53, 0x3c, 0x03,
+    0x4c, 0xb3, 0x1b, 0x0b, 0x3a, 0x60, 0x80, 0xcd,
+    0x9b, 0x1e, 0x5f, 0x3f, 0x29, 0xfa, 0xb1, 0x09,
+    0x9a, 0x88, 0x58, 0x4a, 0xf5, 0xed, 0xe9, 0x7c,
+    0x9d, 0x70, 0xbe, 0x57, 0xfb, 0x92, 0x12, 0xc9,
+    0x8c, 0x6b, 0x77, 0xe2, 0x44, 0xc6, 0x82, 0x2a,
+    0x29, 0xb3, 0x9c, 0xb0, 0x60, 0xda, 0x3d, 0xcd,
+    0x4e, 0x49, 0x96, 0x8c, 0xd7, 0x2b, 0x29, 0x28,
+    0x7b, 0xec, 0xf1, 0x46, 0x40, 0xf0, 0xe1, 0xd7,
+    0x48, 0x9e, 0xdf, 0xfd, 0xa6, 0xd0, 0xaa, 0x35,
+    0x94, 0x7a, 0x94, 0x57, 0xf3, 0xd4, 0x15, 0x19,
+    0xd3, 0xc5, 0x35, 0x73, 0xc4, 0xf5, 0x86, 0x0d,
+    0x2a, 0x5b, 0x67, 0x0d, 0x8d, 0xaa, 0x18, 0x3e,
+    0xea, 0x9d, 0x80, 0xe7, 0xf8, 0xbb, 0x23, 0xea,
+    0x5d, 0x1c, 0x4d, 0xb2, 0x58, 0x7e, 0xe5, 0xef,
+    0x80, 0xc1, 0x63, 0x44, 0xaf, 0x1d, 0xed, 0xf6,
+    0x92, 0x05, 0x0c, 0xda, 0xcc, 0x58, 0x39, 0x27,
+    0xdd, 0x24, 0xac, 0x63, 0x23, 0x34, 0xaa, 0x2d,
+    0xd0, 0x5b, 0xd7, 0x7f, 0x6d, 0xcb, 0x64, 0xed,
+    0xb3, 0x9b, 0x05, 0x90, 0x79, 0xc2, 0x25, 0x68,
+    0xed, 0xf6, 0xa8, 0x7e, 0x30, 0x4a, 0x46, 0x44,
+    0xad, 0xc8, 0x12, 0x8d, 0x04, 0xc3, 0x11, 0x83,
+    0x7e, 0x77, 0xef, 0x9c, 0xa2, 0xf9, 0x3b, 0x06,
+    0x84, 0x7f, 0x72, 0xd9, 0x2f, 0x22, 0x95, 0xb7,
+    0x7b, 0x4e, 0x35, 0x6a, 0xfa, 0x73, 0x7d, 0x88,
+    0x5b, 0xac, 0x7b, 0xc5, 0x53, 0xc1, 0xfe, 0x6b,
+    0x7c, 0x05, 0xc3, 0xe4, 0xae, 0x48, 0x1a, 0xea,
+    0x6e, 0x51, 0x46, 0x1e, 0x82, 0x80, 0xde, 0x31,
+    0xe1, 0x41, 0x71, 0x88, 0x41, 0xa7, 0xb2, 0xcd,
+    0x3d, 0xf7, 0x5c, 0x4f, 0x4c, 0xfd, 0x3f, 0x6f,
+    0x6c, 0x82, 0xc1, 0xba, 0xe0, 0xf0, 0xb4, 0x8c,
+    0xd5, 0xb5, 0x32, 0xbf, 0x91, 0x49, 0x7e, 0x39,
+    0x5e, 0x0a, 0xdf, 0x4b, 0xd6, 0x07, 0x72, 0xff,
+    0x58, 0x65, 0x1b, 0x1f, 0xc6, 0x56, 0xd2, 0x00,
+    0xec, 0x60, 0xd1, 0x22, 0xc9, 0x1a, 0xa4, 0xcc,
+    0x26, 0xb4, 0xd1, 0x93, 0xbc, 0xfc, 0x52, 0xdf,
+    0xa1, 0x23, 0x37, 0x9b, 0xa2, 0xa8, 0x8f, 0xf3,
+    0x39, 0x03, 0xa5, 0x4c, 0xf0, 0x68, 0xe5, 0x95,
+    0x62, 0xfb, 0xd8, 0x88, 0x39, 0xf6, 0x02, 0x0a,
+    0x4e, 0x7c, 0xf0, 0xbf, 0x71, 0x99, 0x0f, 0x19,
+    0x61, 0xd9, 0x39, 0xe8, 0x3f, 0x59, 0x22, 0x4a,
+    0xaa, 0xdd, 0x03, 0xf8, 0x09, 0xb8, 0xaf, 0xd9,
+    0xb9, 0x9c, 0x3f, 0xf1, 0xfe, 0x49, 0xae, 0x99,
+    0x2f, 0xa2, 0x22, 0x5a, 0x3c, 0xe9, 0xe9, 0xf7,
+    0xba, 0x2d, 0xeb, 0x1f, 0x6c, 0xa7, 0xe1, 0x87,
+    0x2f, 0xa5, 0xff, 0xcf, 0x1c, 0x22, 0x8d, 0xf2,
+    0x5f, 0x63, 0xf5, 0xbb, 0x36, 0x66, 0xcc, 0x62,
+    0x89, 0x8e, 0xf7, 0x78, 0xc5, 0x97, 0x95, 0xde,
+    0xec, 0x43, 0x39, 0x6e, 0x0d, 0xe0, 0x8e, 0xbd,
+    0x2b, 0x3b, 0xe6, 0xff, 0xf5, 0x8f, 0x90, 0xd2,
+    0xd2, 0xce, 0x3b, 0x6f, 0x78, 0xf5, 0xd3, 0x42,
+    0xf3, 0x0f, 0x27, 0x4b, 0x2b, 0xe4, 0xd8, 0x0d,
+    0x31, 0xfa, 0xba, 0xdc, 0x54, 0x21, 0x9a, 0xbf,
+    0x1e, 0x1d, 0x06, 0x8e, 0xd9, 0x58, 0xce, 0x9a,
+    0x71, 0x79, 0x4d, 0xcb, 0xfb, 0x99, 0x4b, 0x66,
+    0xed, 0xef, 0x75, 0x20, 0x4d, 0x47, 0x9b, 0x40,
+    0xd5, 0xcf, 0xd9, 0x00, 0xfe, 0x32, 0x45, 0xae,
+    0x4b, 0x7e, 0x8e, 0x7b, 0xf9, 0xd4, 0xd4, 0x2e,
+    0x1a, 0x2a, 0xac, 0x73, 0xdb, 0x79, 0xb7, 0x02,
+    0x6a, 0x3d, 0xa2, 0xfe, 0x52, 0x27, 0x25, 0x43,
+    0xd1, 0xb5, 0x48, 0x0e, 0xef, 0xf1, 0x0f, 0xe7,
+    0x27, 0xc2, 0x59, 0x4e, 0x47, 0xe2, 0x12, 0xaa,
+    0x1e, 0xae, 0xbc, 0x86, 0x22, 0x70, 0x33, 0xa5,
+    0x50, 0x3f, 0xed, 0x3c, 0x98, 0xbb, 0xd5, 0xb3,
+    0x3e, 0x43, 0x21, 0x8e, 0x3e, 0x8c, 0xcc, 0x0c,
+    0xcf, 0x50, 0xcd, 0xeb, 0x1b, 0x9d, 0x0c, 0xc9,
+    0xe3, 0x2f, 0xbb, 0x4b, 0x43, 0xfc, 0x37, 0x27,
+    0xcb, 0xc9, 0x5a, 0xe9, 0x45, 0x92, 0x9d, 0xe9,
+    0x60, 0x8f, 0x93, 0x1b, 0xd8, 0x6a, 0x68, 0x86,
+    0xc2, 0x1d, 0x49, 0x92, 0x11, 0x29, 0x62, 0x14,
+    0x15, 0x4c, 0xe9, 0x33, 0xe3, 0x70, 0x2d, 0x6b,
+    0x8b, 0xb5, 0x22, 0x44, 0x82, 0xbe, 0x43, 0xe2,
+    0x80, 0xfb, 0xb5, 0xfa, 0x6a, 0x30, 0x04, 0x20,
+    0xb6, 0x58, 0xe1, 0xf4, 0x8c, 0xe6, 0x4c, 0x7c,
+    0x8d, 0x38, 0xf6, 0xdd, 0x59, 0xfc, 0x5a, 0xd7,
+    0x9f, 0x34, 0x92, 0xcc, 0xde, 0x65, 0x89, 0xa7,
+    0xd9, 0x57, 0xf7, 0xf2, 0x71, 0x39, 0xaf, 0xb6,
+    0x88, 0x02, 0x40, 0x24, 0x8b, 0x4f, 0xc5, 0xfc,
+    0xdc, 0x5c, 0xc0, 0x1d, 0xa6, 0x68, 0x87, 0xe0,
+    0x8f, 0xdc, 0xf0, 0xac, 0xd8, 0x5f, 0x1c, 0xb3,
+    0x07, 0xac, 0x58, 0x97, 0x3f, 0x3e, 0x72, 0x19,
+    0x18, 0x64, 0x55, 0x73, 0x11, 0x71, 0xd1, 0xa4,
+    0xa6, 0x57, 0xb0, 0x27, 0xaf, 0xad, 0x8a, 0xf7,
+    0xdf, 0xde, 0x1e, 0xdb, 0x31, 0xc9, 0x32, 0x85,
+    0x90, 0x40, 0x3d, 0xfe, 0x64, 0x5d, 0xe3, 0x94,
+    0x74, 0x98, 0xa7, 0xed, 0x84, 0x44, 0x13, 0x76,
+    0xba, 0xe9, 0x09, 0x9a, 0x17, 0xe0, 0x38, 0x03,
+    0x3b, 0x7a, 0xa7, 0x0e, 0x74, 0xbd, 0x93, 0xb1,
+    0x85, 0x64, 0xc9, 0xc4, 0x22, 0xb9, 0xdf, 0x80,
+    0xac, 0xa1, 0x17, 0xdb, 0x11, 0xdb, 0xfa, 0xeb,
+    0x90, 0x3c, 0x28, 0xfb, 0xa2, 0x36, 0x76, 0x61,
+    0x20, 0x00, 0x88, 0x15, 0xc0, 0x79, 0x9f, 0x7d,
+    0x9f, 0x90, 0xdb, 0x79, 0xbf, 0x1c, 0xdf, 0x86,
+    0xc9, 0x60, 0x8c, 0xea, 0xa6, 0x24, 0x81, 0xd6,
+    0x6d, 0xd8, 0x8d, 0x17, 0x5f, 0x5c, 0x6d, 0x93,
+    0xbc, 0xed, 0xe5, 0x41, 0x05, 0xbe, 0xc6, 0x0f,
+    0x66, 0x50, 0xc3, 0xce, 0x7e, 0x6c, 0x80, 0x88,
+    0xf5, 0x52, 0x61, 0xaf, 0xdb, 0xc0, 0x80, 0xbe,
+    0x78, 0x49, 0x64, 0x39, 0x54, 0x26, 0xeb, 0xab,
+    0x07, 0x4d, 0x38, 0x66, 0x06, 0x98, 0x58, 0xaa,
+    0x40, 0xc4, 0x89, 0xb2, 0x08, 0x85, 0xf3, 0x14,
+    0x58, 0x5d, 0x36, 0xf7, 0xf0, 0x6b, 0x72, 0x79,
+    0x6d, 0xbe, 0x5e, 0x24, 0x68, 0xf1, 0x3c, 0xa2,
+    0x82, 0x22, 0x6e, 0xc4, 0x46, 0x94, 0x8e, 0x00,
+    0xcb, 0xc0, 0x07, 0x69, 0xa5, 0x6d, 0x57, 0x04,
+    0x79, 0xeb, 0x06, 0x7a, 0x42, 0x20, 0x6e, 0xdc,
+    0xb5, 0xa4, 0xdd, 0x74, 0xb3, 0x92, 0x16, 0x71,
+    0x7d, 0x99, 0xfa, 0x26, 0x35, 0x57, 0xe2, 0x83,
+    0xc2, 0xb6, 0xfb, 0x0a, 0xae, 0x22, 0xed, 0xe3,
+    0x98, 0x65, 0x18, 0x32, 0xf8, 0xe5, 0xed, 0xa9,
+    0xf9, 0x7d, 0xb8, 0xea, 0x21, 0x51, 0x6c, 0x70,
+    0x4c, 0xfa, 0xec, 0x6d, 0x4c, 0xf4, 0xcb, 0x1c,
+    0x43, 0xfb, 0xfc, 0xbb, 0xa9, 0xcb, 0xc5, 0x21,
+    0xb3, 0x89, 0xd6, 0x4c, 0xc4, 0x42, 0xd1, 0x55,
+    0x3d, 0x43, 0x74, 0xbf, 0xb7, 0x47, 0xb3, 0x5b,
+    0x14, 0xc3, 0x8f, 0x42, 0x30, 0x57, 0xb0, 0x22,
+    0x56, 0xbe, 0x8d, 0x88, 0x7e, 0x7d, 0x63, 0xc8,
+    0xec, 0x01, 0x41, 0xd5, 0x9d, 0xb6, 0x7a, 0x3b,
+    0xfe, 0x8b, 0x95, 0x94, 0xdb, 0xca, 0xf1, 0xb4,
+    0x56, 0xd7, 0x83, 0xf4, 0x11, 0x05, 0x65, 0xde,
+    0x7a, 0xa3, 0x5a, 0x7a, 0x70, 0xe4, 0xd2, 0xad,
+    0xc0, 0xff, 0x3f, 0x66, 0x2e, 0x1a, 0x65, 0x38,
+    0xda, 0x1f, 0x3f, 0xac, 0x04, 0x2f, 0x0f, 0xde,
+    0x7e, 0x55, 0x05, 0x12, 0xe9, 0xe7, 0x69, 0xf9,
+    0x34, 0x2c, 0x84, 0x97, 0xa8, 0x86, 0x0c, 0x24,
+    0x32, 0x87, 0xfd, 0xbe, 0x67, 0xd1, 0x02, 0x21,
+    0x3b, 0x33, 0xfd, 0x11, 0xb1, 0xca, 0x4f, 0xeb,
+    0x40, 0x38, 0xf6, 0x19, 0x83, 0x9d, 0x73, 0x44,
+    0x37, 0xd6, 0x69, 0x6d, 0x85, 0xda, 0xf7, 0x69,
+    0xfb, 0x88, 0x2b, 0xe7, 0xe7, 0x3c, 0x18, 0xa8,
+    0x13, 0xb7, 0xee, 0x5c, 0x50, 0x5b, 0xa3, 0x09,
+    0x1c, 0xef, 0x8d, 0x37, 0x89, 0x75, 0x0f, 0x8b,
+    0xea, 0x17, 0x02, 0x47, 0x21, 0xcb, 0xa8, 0x73,
+    0x71, 0x23, 0x4c, 0xf7, 0x50, 0xdd, 0x21, 0xe5,
+    0xdb, 0x40, 0x3a, 0x87, 0x40, 0x8d, 0x60, 0x89,
+    0x9e, 0x20, 0x00, 0x58, 0xeb, 0xbb, 0x24, 0x9b,
+    0x0a, 0x17, 0x8f, 0xf6, 0x56, 0x07, 0x11, 0x5b,
+    0xa7, 0xcd, 0x93, 0x0a, 0x31, 0x3d, 0x1f, 0x45,
+    0xa0, 0x08, 0x8f, 0x88, 0x34, 0xa5, 0x01, 0x3b,
+    0xea, 0x07, 0xa3, 0x7b, 0x66, 0x3e, 0x96, 0xe8,
+    0xf7, 0x4d, 0x63, 0x04, 0x55, 0x89, 0xf1, 0x02,
+    0x1e, 0x4a, 0x21, 0xb1, 0x2b, 0x8c, 0x7f, 0x2e,
+    0x0c, 0x64, 0x26, 0x36, 0xd8, 0x63, 0xab, 0xf5,
+    0x22, 0xaf, 0xa9, 0xfa, 0xfa, 0x21, 0x4b, 0x7e,
+    0x6f, 0x8c, 0xce, 0x98, 0xf2, 0x85, 0x3f, 0x2c,
+    0x07, 0x90, 0xc3, 0x2c, 0x06, 0xc5, 0xde, 0xc8,
+    0xc2, 0x7c, 0xd7, 0x9b, 0x64, 0x25, 0x8a, 0x9b,
+    0x77, 0x07, 0xc7, 0x4c, 0xd7, 0x67, 0xff, 0xe6,
+    0xdb, 0x17, 0xf5, 0xc4, 0x2a, 0x14, 0x44, 0x1a,
+    0xff, 0xda, 0xe0, 0xa7, 0x09, 0x1c, 0xe9, 0x03,
+    0xde, 0x4a, 0x59, 0xe4, 0xdf, 0xa3, 0x0d, 0x3a,
+    0x43, 0xdf, 0x80, 0x82, 0x87, 0xfa, 0x75, 0xf5,
+    0xe8, 0xef, 0x6f, 0xd0, 0x89, 0xdd, 0xa1, 0x75,
+    0x17, 0x5b, 0x71, 0x47, 0xe8, 0x8d, 0xae, 0xf6,
+    0x18, 0x7f, 0xb9, 0x24, 0x68, 0x3f, 0x17, 0x6b,
+    0xa8, 0x30, 0x67, 0x7e, 0x02, 0x9b, 0xf6, 0x4d,
+    0x03, 0xa8, 0xfb, 0x33, 0x2f, 0xb4, 0x65, 0x72,
+    0x2a, 0x30, 0xa6, 0x93, 0x94, 0x7a, 0x41, 0x0f,
+    0xd3, 0x67, 0x0b, 0xba, 0xa4, 0x49, 0x7c, 0xcf,
+    0x1f, 0x59, 0x1e, 0x2e, 0x45, 0xd4, 0xa8, 0xb1,
+    0x98, 0x2b, 0xd7, 0x6f, 0x55, 0xb8, 0xf2, 0x65,
+    0x7b, 0x96, 0x18, 0xf7, 0x2e, 0xde, 0x9c, 0x39,
+    0x7a, 0x08, 0x2e, 0xe7, 0x3c, 0x9e, 0x4a, 0xfe,
+    0xba, 0x49, 0xce, 0xba, 0x65, 0x18, 0xae, 0xae,
+    0x9b, 0xd5, 0xf5, 0xeb, 0xd3, 0xdc, 0xd7, 0x2c,
+    0x92, 0x3c, 0xe2, 0x93, 0xb9, 0x69, 0xf2, 0x20,
+    0xea, 0xbd, 0xa9, 0x01, 0x2b, 0x72, 0x7c, 0x93,
+    0x6c, 0x1f, 0x80, 0x3a, 0xd2, 0x2d, 0xf6, 0xc1,
+    0x31, 0x63, 0xd2, 0x2f, 0x6c, 0x1a, 0x54, 0x1f,
+    0x74, 0xe6, 0xa0, 0xac, 0xb1, 0x04, 0x03, 0xb3,
+    0x22, 0x19, 0x48, 0x0a, 0xa7, 0x55, 0x25, 0xc1,
+    0x77, 0x28, 0xb9, 0xbe, 0xef, 0xa8, 0xc6, 0x2b,
+    0xd5, 0x6c, 0x5d, 0x7b, 0x85, 0xcd, 0x10, 0x2d,
+    0x9e, 0xfd, 0xb8, 0xa5, 0x10, 0x65, 0xf7, 0x29,
+    0xa7, 0x41, 0x18, 0xc8, 0xc2, 0x23, 0xe5, 0xcb,
+    0x96, 0x91, 0x8a, 0x7e, 0x45, 0x30, 0x6b, 0x91,
+    0xf1, 0x88, 0xb3, 0x2e, 0x92, 0x96, 0x0a, 0x42,
+    0x4a, 0x16, 0x9d, 0x0c, 0xa8, 0xa7, 0xe5, 0x64,
+    0x38, 0x8a, 0x53, 0x41, 0x28, 0xbf, 0xd7, 0xa4,
+    0x14, 0x05, 0x59, 0x11, 0x2e, 0x0f, 0xc8, 0x5c,
+    0x97, 0x8d, 0xd3, 0x92, 0xbf, 0xb9, 0x05, 0xfa,
+    0xff, 0x38, 0xbf, 0xd6, 0xc5, 0x22, 0xf8, 0xa4,
+    0x75, 0x30, 0x45, 0x93, 0x14, 0xda, 0xc0, 0x7f,
+    0xea, 0x24, 0xe0, 0x33, 0x68, 0xf2, 0x6d, 0xe1,
+    0xb1, 0x0c, 0x7d, 0x40, 0xaa, 0x16, 0x53, 0xa1,
+    0xf6, 0x26, 0xb1, 0x25, 0xe8, 0x83, 0xe9, 0xea,
+    0xea, 0xd2, 0x5a, 0x24, 0xda, 0xe2, 0x6e, 0xd1,
+    0x2a, 0x87, 0x64, 0x48, 0x13, 0x55, 0xb1, 0x2c,
+    0x1a, 0x58, 0x43, 0x5b, 0x63, 0x14, 0x3e, 0x02,
+    0xf0, 0xcf, 0x61, 0x7d, 0x83, 0x81, 0xb9, 0x65,
+    0x4b, 0x72, 0xee, 0xff, 0xfb, 0x6a, 0xbe, 0x71,
+    0x26, 0x56, 0x28, 0x13, 0x9f, 0x31, 0xda, 0x8c,
+    0x2f, 0xdb, 0x21, 0xbe, 0x4b, 0x66, 0xbb, 0xad,
+    0x7a, 0x13, 0x55, 0x92, 0x7c, 0xb5, 0x6e, 0x5f,
+    0x45, 0x1b, 0x64, 0x2d, 0xad, 0x6d, 0x32, 0x07,
+    0xe4, 0x91, 0xdc, 0x0c, 0x1b, 0x5f, 0xcd, 0x86,
+    0xe2, 0x99, 0x2b, 0xb9, 0x7e, 0x60, 0xbd, 0xad,
+    0xa1, 0x5c, 0xab, 0x7f, 0x76, 0xf3, 0x77, 0xba,
+    0x73, 0x7f, 0x6a, 0x88, 0x4e, 0xff, 0x40, 0x72,
+    0x7a, 0x4d, 0x9b, 0x20, 0x2d, 0xc9, 0x2a, 0x30,
+    0x0f, 0x8f, 0x0f, 0xc9, 0x79, 0xc8, 0xc3, 0x8a,
+    0x83, 0x52, 0xff, 0x66, 0x7a, 0x42, 0x04, 0x08,
+    0x6e, 0x5b, 0x13, 0xda, 0xb9, 0xb6, 0x2d, 0x45,
+    0x77, 0x9a, 0xa0, 0x2b, 0xc1, 0x87, 0xc2, 0xa6,
+    0x35, 0x7f, 0x39, 0x34, 0x2e, 0x95, 0x1e, 0x8c,
+    0xbf, 0x89, 0x6d, 0xcf, 0x82, 0xb8, 0x9f, 0x9b,
+    0xd1, 0xbc, 0xa2, 0x55, 0x83, 0xf4, 0xca, 0x21,
+    0x11, 0x8f, 0x28, 0xa9, 0x5e, 0x28, 0x23, 0xb4,
+    0x43, 0x60, 0xb6, 0x11, 0x1a, 0x6f, 0xb4, 0xd1,
+    0x96, 0xc8, 0x79, 0xf2, 0x39, 0x8b, 0x82, 0xae,
+    0xe0, 0xc2, 0xe4, 0xf9, 0xfb, 0xf8, 0x85, 0x64,
+    0x28, 0xad, 0xb5, 0xfd, 0x37, 0xc5, 0x21, 0x38,
+    0x31, 0x94, 0x0d, 0xbe, 0xd8, 0xaf, 0x9b, 0x8a,
+    0x7d, 0xfb, 0x56, 0xd8, 0x23, 0xf7, 0x55, 0x55,
+    0xe7, 0xd9, 0x63, 0x65, 0xfd, 0x64, 0x2e, 0x8a,
+    0x1d, 0x1b, 0xac, 0x4e, 0x2f, 0xef, 0x1b, 0x77,
+    0xca, 0x01, 0xd6, 0xfc, 0xb0, 0x11, 0xda, 0x6b,
+    0xef, 0x9f, 0x76, 0x81, 0x3e, 0x3f, 0x26, 0x4b,
+    0x3b, 0x97, 0xa0, 0x7d, 0xd6, 0xcf, 0x51, 0x0d,
+    0x06, 0xf7, 0xf5, 0x88, 0x64, 0x34, 0x7a, 0xe3,
+    0xb9, 0x16, 0xc3, 0x06, 0x04, 0xf3, 0xe9, 0x55,
+    0xd2, 0xff, 0x49, 0xec, 0x57, 0x84, 0x1f, 0x39,
+    0x28, 0x71, 0x57, 0x87, 0x40, 0xf2, 0x7a, 0x30,
+    0xa0, 0x88, 0xba, 0x6c, 0xb1, 0x09, 0x30, 0x3a,
+    0x11, 0x75, 0xcf, 0xbe, 0x4c, 0xf7, 0xf7, 0xca,
+    0x44, 0x52, 0x91, 0xd0, 0x4c, 0x12, 0x3e, 0x3a,
+    0x4b, 0x31, 0x20, 0xfe, 0x27, 0xd2, 0x08, 0x5b,
+    0x83, 0x7b, 0x82, 0xd3, 0xa3, 0x72, 0xba, 0x2f,
+    0x5f, 0xa3, 0x71, 0xcd, 0x8d, 0x3f, 0x94, 0xce,
+    0x86, 0xa8, 0x6b, 0x43, 0xb7, 0x06, 0x80, 0x70,
+    0x64, 0x06, 0xab, 0x54, 0xce, 0xb5, 0x29, 0xaf,
+    0x73, 0xf7, 0x0f, 0x65, 0x70, 0xa7, 0x84, 0x1a,
+    0x0b, 0xdb, 0x0c, 0xa9, 0x20, 0xea, 0x06, 0x7a,
+    0xba, 0x80, 0xc6, 0xae, 0x3e, 0x0a, 0x7b, 0xd6,
+    0x21, 0x99, 0xe0, 0xae, 0x6e, 0x8f, 0x80, 0xa9,
+    0x97, 0x27, 0x3d, 0x7e, 0xb2, 0xd8, 0x06, 0x10,
+    0x36, 0x07, 0x64, 0x12, 0xd0, 0xc7, 0x91, 0xd2,
+    0x81, 0x74, 0x22, 0x8b, 0x8f, 0xe0, 0x48, 0xc4,
+    0xe1, 0x9b, 0x05, 0xc8, 0xc5, 0xc3, 0x9a, 0x7b,
+    0x9d, 0xee, 0x23, 0xe0, 0x98, 0xc0, 0xd0, 0x05,
+    0x21, 0x89, 0x9a, 0xf4, 0x45, 0xd1, 0x1d, 0x80,
+    0x79, 0xb7, 0xfe, 0x3c, 0xff, 0x84, 0x86, 0xf0,
+    0x2a, 0x69, 0x8b, 0x2d, 0x3b, 0x82, 0xa0, 0xab,
+    0xee, 0xe6, 0xf4, 0x64, 0x84, 0x2b, 0x7a, 0x42,
+    0x12, 0x8d, 0x10, 0xa6, 0xae, 0x10, 0x6d, 0x03,
+    0xb5, 0x72, 0x09, 0xf8, 0x3f, 0xe4, 0x1c, 0x0a,
+    0x08, 0x0d, 0x1a, 0x45, 0x5b, 0x70, 0x7b, 0x95,
+    0xa1, 0xa7, 0xb4, 0xb6, 0xbf, 0xcc, 0xfc, 0x09,
+    0x1a, 0x30, 0x40, 0x44, 0x5e, 0x69, 0x73, 0x7a,
+    0x81, 0xa5, 0xb9, 0xd7, 0xdd, 0xe3, 0xee, 0xfb,
+    0x16, 0x1a, 0x1d, 0x40, 0x41, 0x4e, 0x8d, 0x90,
+    0x92, 0x9d, 0xaf, 0xb0, 0xbb, 0xc2, 0xe0, 0xfc,
+    0x06, 0x0b, 0x20, 0x37, 0x47, 0x50, 0x53, 0x65,
+    0x87, 0x89, 0x99, 0xa4, 0xb7, 0xdb, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0f, 0x20, 0x30, 0x3e
 };
 #endif
 
@@ -31440,8 +32298,8 @@ static int test_wc_dilithium(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
 #endif
 
-    ExpectIntEQ(wc_dilithium_init(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_init_ex(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_init_ex(NULL, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     wc_dilithium_free(NULL);
 
     ExpectIntEQ(wc_dilithium_init(key), 0);
@@ -31450,48 +32308,48 @@ static int test_wc_dilithium(void)
 
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
     ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef WOLFSSL_DILITHIUM_NO_SIGN
     ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
 #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
-    ExpectIntEQ(wc_dilithium_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_priv_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #endif
 #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_pub_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
-    ExpectIntEQ(wc_dilithium_sig_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
-    ExpectIntEQ(wc_dilithium_size(key), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_priv_size(key), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_priv_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #endif
 #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_pub_size(key), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_pub_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
-    ExpectIntEQ(wc_dilithium_sig_size(key), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_sig_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
-    ExpectIntEQ(wc_dilithium_set_level(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_set_level(key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_set_level(NULL, WC_ML_DSA_44), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_set_level(key, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_set_level(key, 4), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_set_level(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(NULL, WC_ML_DSA_44), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(key, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(key, 4), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
-    ExpectIntEQ(wc_dilithium_get_level(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_get_level(key, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_get_level(NULL, &level), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_get_level(key, &level), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_get_level(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_get_level(key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_get_level(NULL, &level), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_get_level(key, &level), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #ifndef WOLFSSL_NO_ML_DSA_87
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
@@ -31510,7 +32368,7 @@ static int test_wc_dilithium(void)
     ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL5_SIG_SIZE);
 #endif
 #else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), NOT_COMPILED_IN);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
@@ -31529,7 +32387,7 @@ static int test_wc_dilithium(void)
     ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL3_SIG_SIZE);
 #endif
 #else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), NOT_COMPILED_IN);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_44
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
@@ -31548,16 +32406,16 @@ static int test_wc_dilithium(void)
     ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL2_SIG_SIZE);
 #endif
 #else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), NOT_COMPILED_IN);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
     ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef WOLFSSL_DILITHIUM_NO_SIGN
     ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wc_dilithium_free(key);
@@ -31591,7 +32449,7 @@ static int test_wc_dilithium_make_key(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
     ExpectIntEQ(wc_dilithium_init(key), 0);
 
-    ExpectIntEQ(wc_dilithium_make_key(key, &rng), BAD_STATE_E);
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), WC_NO_ERR_TRACE(BAD_STATE_E));
 
 #ifndef WOLFSSL_NO_ML_DSA_44
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
@@ -31601,9 +32459,9 @@ static int test_wc_dilithium_make_key(void)
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
 #endif
 
-    ExpectIntEQ(wc_dilithium_make_key(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_make_key(key, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_make_key(NULL, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_make_key(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_make_key(key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_make_key(NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
 
     wc_dilithium_free(key);
@@ -31676,46 +32534,46 @@ static int test_wc_dilithium_sign(void)
 #endif
 
     ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, &sigLen, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, key, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, &sigLen, key, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, &sigLen, key, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, NULL, key, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, NULL, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
 
     ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_private(key, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, &privKeyLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, &privKeyLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_private(key, NULL, &privKeyLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_private(key, privKey, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     badKeyLen = 0;
     ExpectIntEQ(wc_dilithium_export_private(key, privKey, &badKeyLen),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
 #ifndef WOLFSSL_NO_ML_DSA_44
     ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_KEY_SIZE);
 #elif !defined(WOLFSSL_NO_ML_DSA_65)
@@ -31735,7 +32593,7 @@ static int test_wc_dilithium_sign(void)
 
     ExpectIntEQ(wc_dilithium_init(importKey), 0);
     ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef WOLFSSL_NO_ML_DSA_44
     ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0);
 #elif !defined(WOLFSSL_NO_ML_DSA_65)
@@ -31744,24 +32602,24 @@ static int test_wc_dilithium_sign(void)
     ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0);
 #endif
     ExpectIntEQ(wc_dilithium_import_private(NULL, 0, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_private(privKey, 0, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_private(NULL, 0, importKey),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, importKey),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_private(privKey, 0, importKey),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey),
         0);
     ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
 #ifdef WOLFSSL_DILITHIUM_CHECK_KEY
-    ExpectIntEQ(wc_dilithium_check_key(importKey), PUBLIC_KEY_E);
+    ExpectIntEQ(wc_dilithium_check_key(importKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E));
 #endif
     wc_dilithium_free(importKey);
 
@@ -31804,8 +32662,7 @@ static int test_wc_dilithium_verify(void)
     pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     ExpectNotNull(pubKey);
-    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
+    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     ExpectNotNull(sig);
 
     if (key != NULL) {
@@ -31852,22 +32709,22 @@ static int test_wc_dilithium_verify(void)
 #endif /* !WOLFSSL_NO_ML_DSA_44 */
 
     ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_public(key, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, &pubKeyLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, &pubKeyLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_public(key, NULL, &pubKeyLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_public(key, pubKey, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     badKeyLen = 0;
     ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &badKeyLen),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
 #ifndef WOLFSSL_NO_ML_DSA_44
     ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE);
 #elif !defined(WOLFSSL_NO_ML_DSA_65)
@@ -31885,32 +32742,32 @@ static int test_wc_dilithium_verify(void)
 #endif
 
     ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, NULL),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, NULL, 32, NULL, NULL),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, msg, 32, NULL, NULL),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, &res, NULL),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, key),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_verify_msg(NULL, sigLen, msg, 32, &res, key),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, msg, 32, &res, key),
-       BUFFER_E);
+       WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, NULL, 32, &res, key),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, NULL, key),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, NULL),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     res = 0;
     ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), 0);
     ExpectIntEQ(res, 1);
 
     ExpectIntEQ(wc_dilithium_init(importKey), 0);
     ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef WOLFSSL_NO_ML_DSA_44
     ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0);
 #elif !defined(WOLFSSL_NO_ML_DSA_65)
@@ -31919,26 +32776,26 @@ static int test_wc_dilithium_verify(void)
     ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0);
 #endif
     ExpectIntEQ(wc_dilithium_import_public(NULL, 0, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_public(NULL, 0, importKey),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, importKey),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, importKey),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey), 0);
     res = 0;
     ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, importKey),
         0);
     ExpectIntEQ(res, 1);
 #ifdef WOLFSSL_DILITHIUM_CHECK_KEY
-    ExpectIntEQ(wc_dilithium_check_key(importKey), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_check_key(importKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     wc_dilithium_free(importKey);
 
@@ -31949,7 +32806,7 @@ static int test_wc_dilithium_verify(void)
             sig[sigLen - 5] = 0xff;
             res = 1;
             ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res,
-                key), SIG_VERIFY_E);
+                key), WC_NO_ERR_TRACE(SIG_VERIFY_E));
             ExpectIntEQ(res, 0);
             sig[sigLen - 5] = 0x00;
         }
@@ -31959,7 +32816,7 @@ static int test_wc_dilithium_verify(void)
         sig[sigLen - 1] = 0xff;
         res = 1;
         ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
-            SIG_VERIFY_E);
+            WC_NO_ERR_TRACE(SIG_VERIFY_E));
         ExpectIntEQ(res, 0);
         sig[sigLen - 1] = b;
 
@@ -31969,7 +32826,7 @@ static int test_wc_dilithium_verify(void)
             sig[sigLen - 84] = 0xff;
             res = 1;
             ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res,
-                key), SIG_VERIFY_E);
+                key), WC_NO_ERR_TRACE(SIG_VERIFY_E));
             ExpectIntEQ(res, 0);
             sig[sigLen - 84] = b;
         }
@@ -31989,6 +32846,12 @@ static int test_wc_dilithium_verify(void)
             0);
         ExpectIntEQ(res, 0);
         sig[100] ^= 0x80;
+
+        /* Set all indeces to 0. */
+        XMEMSET(sig + sigLen - 4, 0, 4);
+        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
+            WC_NO_ERR_TRACE(SIG_VERIFY_E));
+        ExpectIntEQ(res, 0);
     }
 #endif
 
@@ -32003,6 +32866,107 @@ static int test_wc_dilithium_verify(void)
     return EXPECT_RESULT();
 }
 
+static int test_wc_dilithium_sign_vfy(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    dilithium_key* key;
+    WC_RNG rng;
+    byte msg[64];
+    byte* sig = NULL;
+    word32 sigLen;
+    byte ctx[10];
+    int res;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(sig);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(msg, 0xAA, sizeof(msg));
+    XMEMSET(ctx, 0x01, sizeof(ctx));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg),
+        sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg,
+        sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    wc_dilithium_free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg),
+        sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg,
+        sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    wc_dilithium_free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg),
+        sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg,
+        sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    wc_dilithium_free(key);
+#endif
+
+    wc_FreeRng(&rng);
+    XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wc_dilithium_check_key(void)
 {
     EXPECT_DECLS;
@@ -32033,18 +32997,18 @@ static int test_wc_dilithium_check_key(void)
 
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
-    ExpectIntEQ(wc_dilithium_check_key(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_dilithium_check_key(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_dilithium_init(checkKey), 0);
 
     ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey,
-        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG);
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
-        privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL), BAD_FUNC_ARG);
+        privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
-        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG);
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
-        privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), BAD_FUNC_ARG);
+        privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #ifndef WOLFSSL_NO_ML_DSA_44
     ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_44), 0);
@@ -32056,27 +33020,27 @@ static int test_wc_dilithium_check_key(void)
     ExpectIntEQ(wc_dilithium_make_key(checkKey, &rng), 0);
 
     ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, &privCheckKeyLen, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, pubCheckKey, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL,
-        &pubCheckKeyLen), BAD_FUNC_ARG);
+        &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(NULL     , privCheckKey,
-        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG);
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL        ,
-        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG);
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
-        NULL            , pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG);
+        NULL            , pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
-        &privCheckKeyLen, NULL       , &pubCheckKeyLen), BAD_FUNC_ARG);
+        &privCheckKeyLen, NULL       , &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
-        &privCheckKeyLen, pubCheckKey, NULL           ), BAD_FUNC_ARG);
+        &privCheckKeyLen, pubCheckKey, NULL           ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
         &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), 0);
 
@@ -32084,38 +33048,38 @@ static int test_wc_dilithium_check_key(void)
     if (pubCheckKey != NULL) {
         pubCheckKey[0] ^= 0x80;
         ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, NULL),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_dilithium_import_key(privCheckKey, 0, NULL, 0, NULL),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_dilithium_import_key(NULL, 0, pubCheckKey, 0, NULL),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, checkKey),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_dilithium_import_key(NULL        ,
             privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
             0              , pubCheckKey, pubCheckKeyLen, checkKey),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
             privCheckKeyLen, NULL       , pubCheckKeyLen, checkKey),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
             privCheckKeyLen, pubCheckKey, 0             , checkKey),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
             privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL     ),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
             privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), 0);
-        ExpectIntEQ(wc_dilithium_check_key(checkKey), PUBLIC_KEY_E);
+        ExpectIntEQ(wc_dilithium_check_key(checkKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E));
         pubCheckKey[0] ^= 0x80;
 
         /* Modify encoded t1. */
         pubCheckKey[48] ^= 0x80;
         ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
             privCheckKeyLen,pubCheckKey, pubCheckKeyLen, checkKey), 0);
-        ExpectIntEQ(wc_dilithium_check_key(checkKey), PUBLIC_KEY_E);
+        ExpectIntEQ(wc_dilithium_check_key(checkKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E));
         pubCheckKey[48] ^= 0x80;
     }
 
@@ -32129,6 +33093,789 @@ static int test_wc_dilithium_check_key(void)
     return EXPECT_RESULT();
 }
 
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+static const unsigned char dilithium_public_der[] = {
+#ifndef WOLFSSL_NO_ML_DSA_44
+    0x30, 0x82, 0x05, 0x34, 0x30, 0x0d, 0x06, 0x0b,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x04, 0x04, 0x03, 0x82, 0x05, 0x21, 0x00,
+    0x0a, 0xf7, 0xc8, 0xa4, 0x96, 0x01, 0xa7, 0xb2,
+    0x2e, 0x4d, 0xc9, 0xd9, 0x1c, 0xa1, 0x86, 0x09,
+    0xce, 0x14, 0x6f, 0xe8, 0x33, 0x3c, 0x7b, 0xdb,
+    0x19, 0x9c, 0x56, 0x39, 0x6a, 0x6c, 0x5d, 0x1f,
+    0xe4, 0x26, 0xcb, 0x16, 0x91, 0x4d, 0xeb, 0x5a,
+    0x36, 0x22, 0xee, 0xda, 0xdf, 0x46, 0x3e, 0xa1,
+    0x4f, 0x9a, 0x30, 0xb5, 0x3f, 0x60, 0xf7, 0x75,
+    0x47, 0xdc, 0x55, 0xf1, 0xbe, 0xbc, 0x87, 0x6c,
+    0x50, 0x7c, 0x21, 0x55, 0x35, 0xad, 0xa7, 0xf9,
+    0x1c, 0xf8, 0xa1, 0x92, 0x79, 0x10, 0x52, 0x7a,
+    0xc3, 0xba, 0xd3, 0x9d, 0xc6, 0x9b, 0xf4, 0xcb,
+    0x1b, 0xa2, 0xde, 0x83, 0x86, 0xa6, 0x35, 0xea,
+    0xf2, 0x8c, 0xdc, 0xba, 0x3e, 0xef, 0x9c, 0xf5,
+    0x8e, 0xc3, 0xb0, 0xc0, 0x5b, 0xcc, 0x35, 0x6a,
+    0x81, 0xe5, 0x17, 0xb3, 0x9a, 0x57, 0xa6, 0x4a,
+    0x87, 0xb1, 0xa7, 0xf5, 0xa2, 0x96, 0x40, 0x8b,
+    0xc1, 0x62, 0xb2, 0xd9, 0x76, 0xe8, 0x51, 0x33,
+    0x44, 0x3d, 0xeb, 0x14, 0x86, 0x88, 0x2c, 0xc1,
+    0x47, 0xba, 0x2b, 0x85, 0x3b, 0x72, 0xcb, 0x9f,
+    0x40, 0xba, 0x19, 0x58, 0xa4, 0x34, 0x0a, 0xd2,
+    0x8c, 0x97, 0xbd, 0x3d, 0x09, 0xb0, 0x4a, 0xeb,
+    0xaa, 0xee, 0x58, 0x1e, 0xc1, 0x19, 0x26, 0x70,
+    0x15, 0xa5, 0x17, 0x7e, 0xd0, 0xa1, 0x08, 0xf9,
+    0x6d, 0xcf, 0x20, 0x62, 0x95, 0x8e, 0x61, 0xf4,
+    0x29, 0x96, 0x6f, 0x38, 0x1c, 0x67, 0xd5, 0xa6,
+    0x4c, 0xf5, 0x1f, 0xda, 0x12, 0x22, 0x24, 0x6b,
+    0x0d, 0xb7, 0x6a, 0xe5, 0xaf, 0x6c, 0x89, 0x52,
+    0xc2, 0x85, 0x85, 0x5f, 0x16, 0x33, 0x0c, 0xc6,
+    0x7a, 0xe0, 0xa8, 0xed, 0x13, 0x58, 0xf3, 0xa0,
+    0x80, 0x42, 0x3c, 0xe3, 0x57, 0xd1, 0xe2, 0x66,
+    0xc4, 0xe0, 0x3d, 0x49, 0x32, 0x21, 0xd9, 0xa1,
+    0x3c, 0x93, 0x0a, 0xf7, 0x5f, 0x34, 0x65, 0xa4,
+    0x30, 0xf9, 0xe7, 0x8a, 0x96, 0x04, 0xdb, 0xc5,
+    0x16, 0x15, 0x10, 0x74, 0x4f, 0xc9, 0x6b, 0x4b,
+    0x66, 0x29, 0xb0, 0xd1, 0x3b, 0xdd, 0x41, 0x0a,
+    0xfe, 0xdf, 0x5f, 0x72, 0x91, 0xbc, 0x99, 0x2f,
+    0x8d, 0x72, 0x3a, 0x4a, 0xde, 0x11, 0x3a, 0x20,
+    0xb2, 0x56, 0xb5, 0x73, 0x89, 0xb4, 0x63, 0x37,
+    0x86, 0xbd, 0x99, 0x8b, 0x03, 0x56, 0x50, 0x21,
+    0x11, 0x78, 0x8c, 0xd5, 0xc1, 0x92, 0x33, 0x72,
+    0x6e, 0x8d, 0x88, 0x2d, 0x10, 0x8f, 0x31, 0xd3,
+    0x23, 0xe5, 0xaa, 0x1f, 0xe1, 0x37, 0xec, 0x34,
+    0x42, 0x30, 0x75, 0xff, 0xb2, 0x1a, 0x8e, 0x29,
+    0x03, 0x4c, 0xfd, 0xdf, 0x53, 0xf2, 0x0b, 0x2d,
+    0xf9, 0x1c, 0x9e, 0xb6, 0x5a, 0x6c, 0x5e, 0x88,
+    0x48, 0x29, 0x89, 0x42, 0xfc, 0x97, 0xfb, 0x27,
+    0x1c, 0x99, 0x2a, 0xbf, 0x7f, 0x04, 0xb2, 0xcd,
+    0xc9, 0x3a, 0x39, 0xfe, 0x4f, 0x47, 0x92, 0x0b,
+    0x85, 0xfc, 0x92, 0x57, 0xc5, 0x0b, 0x23, 0x1f,
+    0x0b, 0x72, 0xb4, 0xde, 0xfe, 0xbe, 0xb7, 0x39,
+    0xb3, 0xd7, 0x48, 0x03, 0xed, 0x76, 0xac, 0x63,
+    0xf7, 0x2a, 0x58, 0xef, 0xdb, 0x63, 0x5a, 0x56,
+    0x68, 0xcc, 0xb2, 0x8b, 0x22, 0xac, 0xdf, 0xc4,
+    0xad, 0x6f, 0xad, 0x24, 0xfd, 0x30, 0xfb, 0xed,
+    0x6e, 0xde, 0x65, 0x2b, 0xb4, 0x57, 0x35, 0x49,
+    0xc1, 0xc9, 0x82, 0xf4, 0x72, 0x69, 0xef, 0x34,
+    0xc0, 0x37, 0x8b, 0x8b, 0xd3, 0xd3, 0x25, 0xcc,
+    0xe5, 0xf5, 0xf6, 0x9c, 0xa3, 0xe7, 0x88, 0xd7,
+    0x55, 0x73, 0x31, 0x4c, 0xb1, 0x7b, 0x64, 0xb3,
+    0x38, 0xde, 0x47, 0x9a, 0xfc, 0xf1, 0xfa, 0xf8,
+    0x6e, 0xc5, 0x95, 0xb9, 0xaf, 0x6a, 0x7a, 0x94,
+    0x80, 0x0d, 0x29, 0x62, 0x99, 0x0a, 0x34, 0xa2,
+    0x8f, 0xa1, 0x5e, 0x98, 0x7c, 0x4e, 0x18, 0xcd,
+    0x63, 0x68, 0x0e, 0xfa, 0x6f, 0x49, 0x01, 0x02,
+    0xcd, 0xf1, 0xc1, 0x09, 0x57, 0xa3, 0x03, 0xec,
+    0x94, 0x36, 0xab, 0xc6, 0x1c, 0xc0, 0x98, 0x22,
+    0x15, 0x5b, 0x5b, 0x61, 0x3c, 0xc2, 0x5b, 0x6f,
+    0x1c, 0x82, 0x41, 0x39, 0x87, 0xde, 0x92, 0xa9,
+    0xe4, 0x12, 0x74, 0x3b, 0x31, 0x36, 0xac, 0x92,
+    0xb0, 0x23, 0x26, 0xfa, 0xd8, 0xa3, 0xe8, 0x84,
+    0xfc, 0x52, 0xc5, 0x7b, 0xd1, 0x4b, 0xe2, 0x1a,
+    0x33, 0xdd, 0x3c, 0xdf, 0x27, 0x50, 0x6f, 0x12,
+    0xd3, 0x17, 0x66, 0xd7, 0x54, 0x33, 0x30, 0x2b,
+    0xe8, 0xd1, 0x1f, 0x2d, 0xf3, 0x37, 0x81, 0xa0,
+    0x3c, 0x21, 0x8c, 0xea, 0x95, 0xa5, 0x5b, 0x3a,
+    0x24, 0xed, 0xf7, 0x67, 0x7b, 0x72, 0x3a, 0xda,
+    0x31, 0xbd, 0xa7, 0x63, 0xa6, 0x6f, 0xf9, 0xdf,
+    0x06, 0x36, 0xb4, 0xe2, 0x35, 0x4b, 0xa5, 0x8e,
+    0x29, 0x8e, 0x6c, 0x02, 0xc5, 0x06, 0x9b, 0x98,
+    0x6e, 0x5e, 0x00, 0x6a, 0x42, 0x09, 0x4b, 0xc3,
+    0x09, 0x37, 0x67, 0x19, 0x58, 0x6d, 0x40, 0x50,
+    0xb0, 0x62, 0x5b, 0xd6, 0x63, 0x7f, 0xed, 0xb0,
+    0x97, 0x80, 0x9e, 0x91, 0x3f, 0x82, 0xfd, 0x83,
+    0x36, 0xce, 0x06, 0xc4, 0xdc, 0xa4, 0x1e, 0x70,
+    0xd4, 0x94, 0xfc, 0x6e, 0x46, 0xa3, 0xc8, 0xed,
+    0x34, 0x0a, 0xb1, 0x9a, 0x66, 0x5d, 0xc0, 0xce,
+    0x73, 0xd3, 0x65, 0xcb, 0xfb, 0x79, 0xdd, 0xf6,
+    0x19, 0xf6, 0xd8, 0xa9, 0xe6, 0x34, 0x15, 0x86,
+    0x7a, 0x30, 0x79, 0xde, 0x2b, 0x06, 0xa4, 0xc0,
+    0xc8, 0xa2, 0xc1, 0x41, 0xb3, 0x4c, 0xf6, 0xdb,
+    0x16, 0xcd, 0xd2, 0x8b, 0xf1, 0x18, 0x5a, 0xc8,
+    0x3e, 0xd9, 0x54, 0x40, 0xd4, 0xce, 0x88, 0xbb,
+    0x66, 0xf1, 0x74, 0x20, 0xa2, 0x3c, 0x31, 0x09,
+    0xba, 0xac, 0x61, 0x15, 0x9f, 0x73, 0x5f, 0xa7,
+    0xe5, 0x0d, 0xb3, 0xab, 0xa2, 0x72, 0x25, 0xc9,
+    0x87, 0x9b, 0x18, 0xdb, 0xff, 0xfb, 0x39, 0x84,
+    0x8d, 0xf8, 0x97, 0x47, 0xab, 0xc4, 0xfb, 0xc2,
+    0xd8, 0xe8, 0xce, 0x6e, 0x65, 0x76, 0x88, 0x4a,
+    0x22, 0x2f, 0xdd, 0x43, 0xa7, 0xc4, 0x8d, 0x32,
+    0x12, 0x75, 0x0b, 0x72, 0xd6, 0xb7, 0x43, 0x84,
+    0xc8, 0x59, 0xa8, 0xb7, 0x8b, 0x84, 0x33, 0x92,
+    0x8f, 0x94, 0xe8, 0xd0, 0xaf, 0x11, 0x35, 0xde,
+    0xb7, 0x63, 0xb8, 0x91, 0x4c, 0x96, 0x4e, 0x9c,
+    0x62, 0x28, 0xa2, 0xbc, 0x0b, 0x90, 0xae, 0x94,
+    0x90, 0xe9, 0x32, 0xeb, 0xe3, 0x77, 0x60, 0x5f,
+    0x87, 0x48, 0x4b, 0xb0, 0x78, 0x0e, 0xe2, 0x85,
+    0x47, 0x06, 0xa4, 0xc9, 0x26, 0xac, 0x8f, 0xe7,
+    0xc2, 0xc7, 0xce, 0xf5, 0xd1, 0x20, 0xa8, 0x56,
+    0xe1, 0x4f, 0x50, 0x90, 0xb3, 0xc1, 0x03, 0x57,
+    0xd3, 0x62, 0x0e, 0x2a, 0xe8, 0x86, 0xf4, 0x94,
+    0x0e, 0xa5, 0x8b, 0x4e, 0x73, 0xa2, 0x76, 0xac,
+    0x00, 0x29, 0xe5, 0x80, 0x26, 0x02, 0x13, 0xd1,
+    0xb2, 0x68, 0x72, 0x23, 0x38, 0x55, 0xfc, 0x4d,
+    0x05, 0x60, 0x49, 0x7b, 0xfb, 0xaa, 0x17, 0x8f,
+    0x26, 0x0a, 0x08, 0x33, 0x8d, 0x7f, 0x4e, 0xe5,
+    0x6e, 0xf8, 0x84, 0x9b, 0x9f, 0xcb, 0xa2, 0x2b,
+    0xfb, 0xaf, 0xad, 0x21, 0xe2, 0x4f, 0x6f, 0x55,
+    0xc1, 0x78, 0x46, 0xe3, 0xb5, 0x63, 0x06, 0x9b,
+    0x93, 0x7d, 0xac, 0xd4, 0xe0, 0x64, 0x01, 0x8d,
+    0xac, 0x30, 0x8b, 0x8b, 0x55, 0xb7, 0x8a, 0x16,
+    0x3f, 0xc9, 0x82, 0x7f, 0xb5, 0x3b, 0x0d, 0xc0,
+    0x46, 0x89, 0x5c, 0x6c, 0x45, 0x21, 0x78, 0xda,
+    0x84, 0x1f, 0xc8, 0xcf, 0xf1, 0x1e, 0x79, 0x71,
+    0x3b, 0xc8, 0xe2, 0x8b, 0x41, 0xfe, 0xaf, 0x2f,
+    0x3b, 0x23, 0x13, 0xc5, 0x46, 0x87, 0xc6, 0x24,
+    0x37, 0x21, 0x68, 0x8a, 0x3e, 0x45, 0x61, 0xf4,
+    0xad, 0xf5, 0x1c, 0x23, 0x45, 0xa3, 0x42, 0xf2,
+    0xa9, 0xac, 0x94, 0x50, 0xc9, 0x3d, 0x5e, 0x70,
+    0x33, 0x2b, 0x78, 0xd1, 0x5c, 0x13, 0x35, 0xe6,
+    0x13, 0x80, 0x5e, 0x55, 0xa7, 0xcc, 0x67, 0xb0,
+    0x6c, 0xfe, 0xa2, 0x24, 0x02, 0x6d, 0xb3, 0xcb,
+    0x9e, 0x94, 0xb3, 0xc6, 0x01, 0xf3, 0x01, 0x3a,
+    0xe4, 0xa7, 0xa3, 0xdf, 0x56, 0x4c, 0x30, 0xce,
+    0xb1, 0xd5, 0x1b, 0x68, 0x9b, 0x75, 0xae, 0xf4,
+    0xb9, 0x2a, 0xe5, 0x8b, 0x7b, 0xe5, 0x99, 0x46,
+    0x5f, 0x29, 0xf6, 0x82, 0xd0, 0x42, 0xb1, 0x45,
+    0x09, 0x16, 0x5b, 0x32, 0x11, 0xca, 0x48, 0xea,
+    0x51, 0x12, 0x0a, 0x9f, 0x6e, 0x3f, 0x74, 0xe6,
+    0xe0, 0xfe, 0xf8, 0xa5, 0xc0, 0xfd, 0x15, 0x6e,
+    0x2b, 0x4a, 0xd5, 0x76, 0xa8, 0x3d, 0xe3, 0x0d,
+    0xfe, 0x44, 0x11, 0x5e, 0x7a, 0xde, 0x12, 0x29,
+    0x5a, 0x5a, 0x25, 0xc0, 0x8e, 0x98, 0xd1, 0x11,
+    0xc8, 0x00, 0x65, 0xb2, 0xf4, 0xd7, 0x56, 0x32,
+    0x46, 0x2b, 0x4f, 0x7e, 0xc3, 0x4e, 0xf1, 0x17,
+    0xff, 0x03, 0x32, 0xae, 0xe3, 0xbe, 0x0b, 0xab,
+    0xfb, 0x43, 0x0f, 0x6d, 0xa5, 0xc6, 0x44, 0xba,
+    0xc9, 0xe3, 0x3d, 0x40, 0xe7, 0x6c, 0xe8, 0x21,
+    0xb2, 0x46, 0x7b, 0x3b, 0x3d, 0xde, 0x80, 0xc8,
+    0xea, 0xf4, 0x6b, 0xf3, 0x53, 0xca, 0x51, 0x84,
+    0xcf, 0xad, 0x7e, 0xce, 0xce, 0xc2, 0x65, 0xfc,
+    0x03, 0x8c, 0xcb, 0xfa, 0xcb, 0x37, 0x89, 0x82,
+    0x59, 0x5e, 0x36, 0x52, 0xe4, 0xbc, 0x8d, 0x47,
+    0x7c, 0xb8, 0x3f, 0x63, 0x59, 0xdc, 0xd3, 0x74,
+    0x11, 0x33, 0xb4, 0x69, 0x74, 0x40, 0x0d, 0x42,
+    0x63, 0x1d, 0xe6, 0x5c, 0x1b, 0xca, 0x41, 0xff,
+    0x23, 0x4e, 0xe8, 0x3d, 0x14, 0xa8, 0x17, 0x18,
+    0xd0, 0x78, 0x08, 0x87, 0x7d, 0x5e, 0xdc, 0x3a,
+    0x07, 0xba, 0x12, 0x8e, 0x8e, 0x56, 0x0a, 0xcb,
+    0x37, 0xf6, 0x54, 0xeb, 0x55, 0x16, 0x8f, 0x06,
+    0x15, 0x28, 0x6b, 0xfb, 0xed, 0x38, 0x9e, 0x9b,
+    0x98, 0x5b, 0xdc, 0x67, 0x33, 0x0e, 0x02, 0x36,
+    0x1b, 0x7a, 0x9a, 0x43, 0xcd, 0xf2, 0x65, 0xef,
+    0x37, 0x19, 0x24, 0x6f, 0x4b, 0xb9, 0x4d, 0x3e,
+    0x0b, 0x47, 0xd1, 0x67, 0x50, 0x6a, 0x7f, 0x07
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    0x30, 0x82, 0x07, 0xb4, 0x30, 0x0d, 0x06, 0x0b,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x06, 0x05, 0x03, 0x82, 0x07, 0xa1, 0x00,
+    0xff, 0x89, 0xee, 0xad, 0x20, 0x8f, 0x61, 0xa4,
+    0x07, 0x1c, 0x54, 0x98, 0x8c, 0xf4, 0x2e, 0xd9,
+    0xe6, 0x0f, 0xcb, 0x0e, 0xab, 0xa1, 0x37, 0x4d,
+    0xc0, 0x48, 0x24, 0x78, 0xd6, 0x2d, 0x9b, 0x6f,
+    0x0f, 0x17, 0x08, 0x71, 0xc3, 0xd1, 0xc8, 0x7a,
+    0xe7, 0x32, 0xcb, 0xcd, 0xd6, 0xb5, 0x90, 0x08,
+    0xe1, 0xda, 0xaa, 0x89, 0x3e, 0x4a, 0x62, 0x98,
+    0x3d, 0xc6, 0x71, 0x30, 0xb4, 0x63, 0xa5, 0x3b,
+    0xb3, 0x69, 0x75, 0x10, 0xaf, 0x5e, 0x72, 0x78,
+    0xa2, 0xef, 0x63, 0x63, 0x21, 0xe7, 0xf4, 0xa7,
+    0x9c, 0x50, 0x74, 0x14, 0x3e, 0xdd, 0x73, 0x9e,
+    0x97, 0x65, 0xdd, 0xdf, 0x3c, 0x40, 0x4d, 0x03,
+    0x49, 0xe4, 0xbf, 0x65, 0xe7, 0x44, 0x8f, 0x59,
+    0x00, 0xe2, 0x98, 0xb5, 0x66, 0xa3, 0x3b, 0x11,
+    0x9f, 0xc7, 0xc2, 0x16, 0x61, 0xf0, 0x1e, 0x89,
+    0xc8, 0x96, 0x8d, 0x18, 0xac, 0x86, 0xa0, 0xe2,
+    0xd9, 0x8c, 0xef, 0x53, 0x6d, 0x4e, 0x74, 0xc9,
+    0x66, 0x28, 0x16, 0xf3, 0x62, 0xc4, 0x6f, 0x2b,
+    0x6e, 0x36, 0x03, 0xad, 0xc5, 0xe4, 0x8f, 0x0b,
+    0x90, 0x8c, 0x8f, 0xff, 0x5d, 0xdf, 0x7a, 0xe6,
+    0xaf, 0x9a, 0x43, 0xbc, 0xd4, 0x73, 0x22, 0xdc,
+    0x5f, 0x08, 0xa1, 0x17, 0x97, 0x89, 0x79, 0xf5,
+    0xdc, 0xed, 0x4f, 0x85, 0x8e, 0x0c, 0x23, 0x35,
+    0x3c, 0x34, 0x19, 0x65, 0xf5, 0xd6, 0xc9, 0x2d,
+    0x7a, 0x2e, 0x67, 0xd5, 0xf1, 0x82, 0x97, 0xaa,
+    0x05, 0x26, 0x84, 0x25, 0x47, 0x58, 0x2c, 0xe6,
+    0x59, 0xc7, 0x98, 0x7a, 0xdb, 0x40, 0x45, 0x1c,
+    0x71, 0x55, 0x2e, 0xea, 0x3f, 0x6e, 0x7c, 0x82,
+    0x52, 0x6a, 0x19, 0x3a, 0xd3, 0xa1, 0x3c, 0xce,
+    0x00, 0x06, 0xec, 0xed, 0x97, 0xce, 0xd8, 0xdf,
+    0xde, 0xa3, 0xed, 0xe7, 0x81, 0x62, 0x02, 0x9c,
+    0x1b, 0x51, 0xa1, 0xf4, 0x9d, 0x1b, 0x28, 0x76,
+    0x93, 0x96, 0x20, 0x55, 0x60, 0x1f, 0xaf, 0x52,
+    0xc3, 0xce, 0xb9, 0x12, 0x66, 0xf5, 0x64, 0x22,
+    0x87, 0x86, 0x29, 0x80, 0x8f, 0x18, 0x33, 0xba,
+    0x48, 0x71, 0x1d, 0x00, 0xfe, 0xa5, 0xfc, 0xc6,
+    0x87, 0xbe, 0x44, 0x3c, 0xc9, 0x49, 0xfb, 0x68,
+    0x3c, 0xdf, 0xca, 0xef, 0xa7, 0xdc, 0x67, 0xb8,
+    0x28, 0xd6, 0xad, 0x18, 0xaf, 0xad, 0x1f, 0x4c,
+    0x85, 0xa3, 0x64, 0xac, 0x3f, 0xa9, 0x39, 0x28,
+    0xef, 0x8a, 0x45, 0x7e, 0xb0, 0xf4, 0x89, 0x72,
+    0xf7, 0xb1, 0xef, 0x9d, 0x1c, 0x3c, 0x93, 0xcb,
+    0xa0, 0xfb, 0x2a, 0x90, 0xe2, 0x1d, 0x49, 0x8e,
+    0x36, 0xb8, 0x07, 0xf4, 0xb3, 0x09, 0xf0, 0x6f,
+    0x3c, 0xd9, 0x37, 0x19, 0x57, 0xd4, 0x1e, 0x2a,
+    0xa2, 0xa7, 0x2e, 0xc1, 0xcd, 0x8d, 0x48, 0x47,
+    0xb5, 0x8a, 0x12, 0x93, 0x34, 0xb8, 0xec, 0x32,
+    0x07, 0x49, 0xb6, 0x8d, 0x73, 0xd4, 0x2c, 0x6a,
+    0xa0, 0x33, 0x29, 0x21, 0x5d, 0x37, 0xa9, 0x39,
+    0x40, 0xbe, 0x71, 0x29, 0xbe, 0xd1, 0x4b, 0xbc,
+    0x9a, 0x17, 0x93, 0x52, 0xb8, 0x81, 0xee, 0xc5,
+    0xff, 0x25, 0x78, 0x2f, 0x52, 0x0a, 0x8f, 0xb2,
+    0xef, 0xf3, 0x1d, 0x68, 0x56, 0x31, 0x29, 0x84,
+    0x55, 0x47, 0x32, 0x34, 0x0f, 0x60, 0x07, 0xd6,
+    0x2b, 0xb9, 0x29, 0xaf, 0x0f, 0xcd, 0x1c, 0xc0,
+    0x77, 0x4c, 0xc6, 0x31, 0xdb, 0xf4, 0x17, 0xbe,
+    0x3d, 0xf8, 0x8c, 0xf1, 0x02, 0x7c, 0x6b, 0xd4,
+    0xaf, 0x03, 0xb2, 0xf4, 0x78, 0x8d, 0xd3, 0x4e,
+    0x5c, 0x04, 0xb9, 0x01, 0xe3, 0x73, 0xb4, 0x67,
+    0xe9, 0xa8, 0x77, 0x6f, 0x87, 0x2b, 0xe2, 0x00,
+    0x98, 0x5f, 0x02, 0x43, 0x85, 0x03, 0x4c, 0x71,
+    0xd2, 0xe7, 0x61, 0x03, 0x22, 0x9e, 0xe5, 0xc2,
+    0xa7, 0x66, 0x42, 0x7c, 0x9f, 0xf4, 0xb8, 0x6b,
+    0x2d, 0xe4, 0xaa, 0x51, 0xda, 0x08, 0x73, 0x75,
+    0x26, 0x45, 0xdc, 0xa6, 0x20, 0xd7, 0xcb, 0x00,
+    0xfc, 0xe4, 0xdb, 0x28, 0x92, 0xf8, 0xb0, 0xc7,
+    0xf0, 0x4b, 0x6d, 0xe8, 0xc1, 0x84, 0x38, 0xed,
+    0x1a, 0xd4, 0x66, 0x69, 0xc4, 0x96, 0x40, 0xc4,
+    0x7d, 0xfa, 0x58, 0x70, 0x7e, 0x70, 0x40, 0xba,
+    0xfc, 0x95, 0xb6, 0x4c, 0x7c, 0x58, 0xbc, 0xb3,
+    0x59, 0x08, 0x14, 0x03, 0x35, 0xf3, 0xf1, 0xaa,
+    0xd5, 0xa2, 0x57, 0x70, 0xb6, 0x20, 0x75, 0x0a,
+    0x58, 0x66, 0x74, 0xf7, 0x1c, 0xfd, 0x99, 0x7c,
+    0x20, 0xda, 0xe7, 0x76, 0xcb, 0xf4, 0xa3, 0x9b,
+    0xbc, 0x8f, 0x74, 0xef, 0xe2, 0x46, 0x5a, 0x72,
+    0x33, 0x06, 0x32, 0x1e, 0xbd, 0x4e, 0x4c, 0xf6,
+    0x16, 0x43, 0xa5, 0xa5, 0xa5, 0x6c, 0x76, 0x33,
+    0x35, 0x63, 0xdc, 0xe4, 0xec, 0x7f, 0x8a, 0xfa,
+    0xc3, 0x53, 0x69, 0x28, 0xf7, 0xd6, 0x97, 0xb9,
+    0x3a, 0xf4, 0x15, 0x90, 0x50, 0xd3, 0xdf, 0xf5,
+    0xd3, 0xcf, 0x15, 0x76, 0xe3, 0x3d, 0x24, 0x14,
+    0xfd, 0xd3, 0x01, 0x25, 0x82, 0xb4, 0xe3, 0xd8,
+    0x68, 0x89, 0x86, 0xa8, 0x26, 0x02, 0x5f, 0xc6,
+    0xf4, 0x99, 0x3b, 0x97, 0xa8, 0x65, 0xed, 0x18,
+    0xbb, 0x3c, 0x43, 0x4a, 0x6e, 0xaa, 0xbc, 0x83,
+    0x85, 0x19, 0x9f, 0x9b, 0xb8, 0xa4, 0xa3, 0xb2,
+    0xb7, 0x56, 0x07, 0x6c, 0xbf, 0x7d, 0xff, 0x5d,
+    0xb5, 0x1e, 0x83, 0xc8, 0x74, 0x70, 0x98, 0x17,
+    0x40, 0xe0, 0x2d, 0xad, 0x31, 0x00, 0x8e, 0x42,
+    0xd5, 0xb2, 0x25, 0xaa, 0x82, 0xaf, 0x33, 0xd8,
+    0x5b, 0xe2, 0x07, 0xed, 0xda, 0x84, 0xe9, 0xa2,
+    0xff, 0xbb, 0xa5, 0x47, 0x95, 0x6e, 0xa1, 0x8d,
+    0x59, 0x52, 0xeb, 0xf3, 0x3c, 0x18, 0x29, 0x92,
+    0x72, 0x27, 0x18, 0xfc, 0x95, 0xb9, 0xde, 0x46,
+    0xda, 0xcc, 0x4c, 0x31, 0x1d, 0x78, 0x86, 0xd2,
+    0x8c, 0x38, 0x9c, 0x32, 0xab, 0xf7, 0xca, 0x73,
+    0x85, 0xa5, 0xf1, 0xe0, 0x25, 0x06, 0xf9, 0x18,
+    0x14, 0xab, 0x3b, 0x73, 0x26, 0xee, 0xa0, 0xfd,
+    0x15, 0xac, 0xd6, 0x4e, 0x6b, 0xdb, 0x01, 0xa1,
+    0xdc, 0xd1, 0x2f, 0xd2, 0xb7, 0x5e, 0x12, 0x4f,
+    0x4b, 0x59, 0xd8, 0x03, 0x12, 0x60, 0xc9, 0x81,
+    0xb7, 0x06, 0x23, 0x09, 0xc4, 0xd9, 0xa8, 0x93,
+    0x6e, 0x96, 0xf4, 0x93, 0x53, 0xf0, 0x3d, 0xde,
+    0x10, 0x88, 0xb1, 0xd0, 0xcc, 0xad, 0x2c, 0xbf,
+    0x88, 0x98, 0x8f, 0x25, 0x76, 0xd7, 0x65, 0x77,
+    0xcc, 0x36, 0x1d, 0x1b, 0x6b, 0x60, 0x58, 0xc4,
+    0xfe, 0xe6, 0xca, 0xa8, 0x29, 0x33, 0x69, 0x36,
+    0xb8, 0x12, 0x95, 0x38, 0xd9, 0xd4, 0x16, 0xe9,
+    0x3e, 0x40, 0x8c, 0xc7, 0xae, 0x04, 0x11, 0xdf,
+    0x51, 0xd3, 0xdd, 0xbf, 0xa9, 0x41, 0x43, 0x4c,
+    0xff, 0x87, 0x2f, 0xea, 0x0f, 0x13, 0x66, 0x2a,
+    0x2b, 0x18, 0xe8, 0xc4, 0xff, 0xa0, 0x1c, 0x78,
+    0x79, 0x21, 0xf8, 0xaa, 0x8a, 0xf8, 0x92, 0xdf,
+    0x7b, 0x5f, 0x6a, 0x71, 0x60, 0x67, 0x5d, 0x94,
+    0xf6, 0xbb, 0x1d, 0x90, 0x7c, 0x51, 0x70, 0x1d,
+    0x87, 0xde, 0xf8, 0x91, 0xcb, 0x42, 0x9f, 0xc7,
+    0x4b, 0xa0, 0x16, 0xee, 0xb4, 0x73, 0xe8, 0xe0,
+    0x0b, 0xa5, 0xd3, 0x26, 0x9e, 0x52, 0xda, 0x4a,
+    0x1f, 0xae, 0x76, 0xbf, 0xbb, 0x4d, 0x74, 0x98,
+    0xa6, 0xae, 0xc0, 0x60, 0x96, 0xc5, 0xad, 0x9b,
+    0x91, 0x31, 0xb9, 0x50, 0x3d, 0x9a, 0x0f, 0xe1,
+    0x93, 0xef, 0x08, 0x72, 0xb2, 0x66, 0xe5, 0x5d,
+    0xe4, 0x15, 0x53, 0x8e, 0xb0, 0xb3, 0xf8, 0x78,
+    0xfc, 0x5d, 0x44, 0xc5, 0xbf, 0xf5, 0x01, 0x54,
+    0xc5, 0x45, 0xa9, 0x30, 0xa4, 0xf1, 0x49, 0x79,
+    0x4e, 0xab, 0xfc, 0xb2, 0x93, 0xe7, 0x3a, 0xe1,
+    0x7f, 0x1f, 0x2f, 0x45, 0x3a, 0x53, 0x2b, 0x68,
+    0xb3, 0xa4, 0xac, 0x23, 0x54, 0xb7, 0x5d, 0x25,
+    0xa3, 0xe3, 0x90, 0x8a, 0xb0, 0x02, 0xfb, 0x7f,
+    0x2d, 0xeb, 0x80, 0xc2, 0x5c, 0x62, 0xe1, 0x36,
+    0x5a, 0x82, 0x8f, 0x4e, 0x74, 0xeb, 0x7d, 0x70,
+    0xaf, 0x23, 0x92, 0x65, 0x3a, 0x11, 0xc0, 0x29,
+    0xdb, 0xf7, 0x9a, 0xdc, 0x81, 0x45, 0x25, 0x0c,
+    0x2e, 0x4f, 0x88, 0x41, 0x34, 0x53, 0xc6, 0x08,
+    0x21, 0x77, 0xc1, 0xbb, 0x61, 0x48, 0x20, 0x69,
+    0x1a, 0xbb, 0x71, 0x1b, 0x56, 0x18, 0x79, 0x75,
+    0x16, 0x9a, 0xb3, 0x79, 0x31, 0x11, 0xa2, 0x89,
+    0x8d, 0xea, 0x10, 0xb0, 0x04, 0x7f, 0xf8, 0x6e,
+    0xdc, 0x08, 0x9b, 0x51, 0xa7, 0x64, 0xbd, 0x8d,
+    0xd4, 0xd0, 0x1e, 0x38, 0x50, 0x1a, 0xa8, 0x7e,
+    0x20, 0xae, 0xee, 0x8c, 0xa7, 0x72, 0x94, 0xc9,
+    0xba, 0xf0, 0x67, 0xbd, 0x25, 0x1a, 0x3a, 0xdf,
+    0x75, 0x39, 0xb7, 0xd3, 0x83, 0x3b, 0x89, 0xdf,
+    0xb5, 0x2d, 0xd3, 0x12, 0x24, 0x21, 0x7c, 0x9e,
+    0x92, 0x1c, 0x19, 0xae, 0x28, 0xcb, 0x2e, 0x2e,
+    0x3c, 0xa9, 0x9b, 0xbd, 0xf9, 0x33, 0x30, 0xb2,
+    0xbd, 0x8b, 0xbf, 0xc1, 0x8b, 0x32, 0xf1, 0x20,
+    0xa1, 0x00, 0xfd, 0x11, 0x7d, 0x9a, 0xa8, 0x14,
+    0x2c, 0xce, 0x16, 0x16, 0x4b, 0xdd, 0x56, 0x91,
+    0x15, 0x36, 0x83, 0xcb, 0x01, 0x58, 0x35, 0xe1,
+    0xdc, 0x22, 0x3d, 0xf8, 0xc2, 0x06, 0x54, 0x68,
+    0x77, 0xd1, 0x47, 0x28, 0xdc, 0x09, 0x2a, 0x86,
+    0x13, 0x80, 0xa6, 0xe9, 0xd0, 0xb4, 0xa3, 0x41,
+    0x47, 0xf4, 0x71, 0x24, 0x10, 0x4c, 0x9f, 0xb7,
+    0x57, 0x34, 0x48, 0x1b, 0xb4, 0xed, 0x0e, 0x89,
+    0x4c, 0xf1, 0x73, 0x44, 0xff, 0x35, 0xb6, 0xe0,
+    0x8f, 0x02, 0xa3, 0xa3, 0x81, 0x55, 0x38, 0xb5,
+    0xc1, 0x99, 0xb3, 0x88, 0x84, 0x0d, 0xd9, 0x73,
+    0x77, 0x65, 0x0b, 0xd7, 0xf8, 0x03, 0x88, 0xcb,
+    0xdf, 0x25, 0xaf, 0xc6, 0xf1, 0xfa, 0x5c, 0x4d,
+    0xfa, 0xc3, 0x7b, 0x8f, 0xb8, 0x38, 0x5d, 0x29,
+    0xbb, 0x3d, 0x3e, 0x62, 0x1c, 0xdd, 0xe6, 0x97,
+    0xe6, 0xe9, 0xbe, 0x6e, 0xd2, 0xb7, 0x7a, 0x9a,
+    0x8e, 0xaf, 0xb3, 0xc8, 0x9e, 0x19, 0xee, 0x3d,
+    0x5b, 0x1f, 0xec, 0x34, 0x3a, 0x1c, 0x27, 0x90,
+    0xbd, 0x1e, 0x49, 0x72, 0x25, 0x2e, 0x38, 0x48,
+    0x7d, 0xe1, 0x85, 0x46, 0xa7, 0x1b, 0x4a, 0xd5,
+    0x23, 0x75, 0x6d, 0x8b, 0xc3, 0xf1, 0x87, 0xec,
+    0x8b, 0x45, 0xf0, 0x9b, 0xb2, 0x14, 0x7a, 0x7c,
+    0x8d, 0x78, 0x9c, 0x82, 0x64, 0x14, 0xfe, 0x01,
+    0xfa, 0x04, 0x33, 0x96, 0xdd, 0x5f, 0x56, 0xbc,
+    0xb2, 0x03, 0xe3, 0x0c, 0xa1, 0x09, 0x66, 0xa0,
+    0x5e, 0x44, 0xde, 0x21, 0xae, 0x7d, 0x7a, 0x0e,
+    0x81, 0x27, 0xd2, 0xfb, 0x85, 0xed, 0x27, 0x27,
+    0xac, 0x11, 0x1c, 0xa1, 0x6d, 0xe9, 0xc1, 0xca,
+    0xf6, 0x40, 0x7c, 0x95, 0x01, 0xb7, 0xa8, 0x29,
+    0x9a, 0xd2, 0xcc, 0x62, 0x70, 0x1c, 0x7d, 0x0e,
+    0xe5, 0x60, 0xcb, 0x79, 0xa3, 0xd7, 0x5d, 0x48,
+    0x4b, 0x3c, 0xf8, 0x12, 0xe8, 0x7a, 0x7e, 0x83,
+    0xab, 0x24, 0x33, 0x0f, 0x7b, 0x0a, 0x38, 0xae,
+    0xb1, 0xfc, 0xc3, 0x50, 0x5c, 0x83, 0x53, 0xfd,
+    0x15, 0xd6, 0x49, 0x54, 0xb6, 0x40, 0xe5, 0xe8,
+    0x55, 0xba, 0x08, 0x2f, 0x21, 0xd7, 0x0e, 0x71,
+    0x8a, 0xb2, 0xe1, 0x6b, 0xc6, 0x7e, 0x0f, 0x1c,
+    0x4d, 0x41, 0x9f, 0x38, 0xc2, 0xce, 0x41, 0x41,
+    0x48, 0xcd, 0xec, 0x16, 0x1d, 0x23, 0x8e, 0x41,
+    0xcd, 0x5e, 0xf9, 0x5f, 0x01, 0x5e, 0x73, 0xa2,
+    0xa1, 0xef, 0xe9, 0x57, 0xe0, 0xba, 0xe6, 0xbb,
+    0x2b, 0xff, 0x3e, 0xb8, 0xad, 0xd5, 0x12, 0xc1,
+    0x54, 0x49, 0xca, 0x93, 0xb0, 0x7d, 0x7b, 0xcf,
+    0xf0, 0xc5, 0x94, 0x43, 0x30, 0x94, 0x11, 0x8d,
+    0x15, 0x79, 0x2e, 0x57, 0xb8, 0x24, 0xcd, 0x2e,
+    0xc2, 0x49, 0x3d, 0x92, 0x44, 0x23, 0x0c, 0x3e,
+    0xa0, 0xf9, 0xa5, 0xad, 0x2a, 0x56, 0xec, 0xf4,
+    0x6d, 0x0f, 0x5b, 0xb5, 0xd4, 0x2a, 0x3f, 0x2b,
+    0x17, 0x9f, 0x5d, 0x33, 0x97, 0x42, 0xd4, 0x1e,
+    0x14, 0x49, 0x01, 0xfb, 0xb6, 0x72, 0xbc, 0x14,
+    0x5b, 0x79, 0xf4, 0x0a, 0xc5, 0x49, 0xe1, 0x76,
+    0x44, 0x78, 0x87, 0xd1, 0x8e, 0x5b, 0xd5, 0x95,
+    0xad, 0x19, 0x7c, 0x0d, 0x39, 0x7f, 0x41, 0x2e,
+    0xd7, 0x9e, 0xbc, 0xfd, 0x2c, 0xde, 0xfa, 0x01,
+    0x7d, 0x2b, 0x04, 0xef, 0x4d, 0xf9, 0xf4, 0x5b,
+    0xed, 0x05, 0x9a, 0x50, 0x35, 0xe7, 0xb0, 0xba,
+    0x24, 0xea, 0x16, 0x51, 0xe1, 0x6f, 0x32, 0x08,
+    0x94, 0xd6, 0x19, 0x9d, 0x0e, 0x4c, 0xc1, 0xbb,
+    0x01, 0x87, 0xa5, 0x90, 0x5f, 0x6f, 0xc4, 0xed,
+    0xa1, 0x4c, 0x06, 0x4d, 0x2c, 0x47, 0x24, 0xda,
+    0xae, 0xd2, 0x41, 0x92, 0x1f, 0x46, 0xce, 0xec,
+    0xb1, 0xcc, 0x80, 0x1e, 0xb2, 0xcb, 0x66, 0x48,
+    0x22, 0xec, 0x0e, 0x47, 0xfc, 0xad, 0x17, 0xfe,
+    0x7b, 0xc5, 0x4d, 0x34, 0x95, 0x40, 0xd0, 0x02,
+    0x7e, 0x90, 0xaa, 0x92, 0xaf, 0x48, 0x64, 0xc5,
+    0xc1, 0x56, 0xd8, 0x9b, 0x6c, 0x5f, 0x2e, 0xfa,
+    0xd7, 0x84, 0xdc, 0x71, 0x65, 0x1b, 0xfb, 0xbc,
+    0x21, 0xc7, 0x57, 0xf4, 0x71, 0x2e, 0x6f, 0x34,
+    0x85, 0x99, 0xa8, 0x5c, 0x6f, 0x34, 0x22, 0x44,
+    0x89, 0x01, 0xf9, 0x48, 0xd2, 0xe2, 0xe4, 0x71,
+    0x9d, 0x48, 0x07, 0x97, 0xd4, 0x66, 0xe4, 0x4d,
+    0x48, 0xa3, 0x08, 0x7f, 0x6e, 0xaa, 0x7b, 0xe9,
+    0x93, 0x81, 0x03, 0x0c, 0xd2, 0x48, 0xcf, 0x3f,
+    0x5f, 0xbe, 0x03, 0xfb, 0x0f, 0xad, 0xc3, 0x81,
+    0xd9, 0xce, 0x88, 0x0b, 0xfa, 0xed, 0x29, 0x7e,
+    0x0b, 0xa1, 0x6f, 0x4c, 0x7d, 0xe4, 0x36, 0xff,
+    0xdf, 0x94, 0x1a, 0x24, 0xb3, 0x7b, 0xca, 0x24,
+    0x7e, 0x3a, 0x19, 0x53, 0x13, 0x4a, 0x17, 0x58,
+    0xe7, 0x16, 0x9b, 0x50, 0xd8, 0xda, 0xcc, 0x6e,
+    0x05, 0x25, 0xfe, 0x16, 0xcb, 0x5b, 0xd5, 0x35,
+    0x76, 0x40, 0x44, 0x96, 0x23, 0x97, 0xe2, 0x4a,
+    0x72, 0x0c, 0x54, 0x43, 0xc0, 0x09, 0x85, 0x8e,
+    0x15, 0x85, 0xaf, 0x3c, 0x5e, 0x5f, 0x3c, 0x2d,
+    0x21, 0x42, 0x75, 0xb7, 0xe4, 0x50, 0xf9, 0x00,
+    0xa3, 0x4f, 0xb1, 0x7c, 0xfe, 0x62, 0xd0, 0xe9,
+    0x6d, 0x51, 0xcc, 0x83, 0xc1, 0xdc, 0x37, 0x10,
+    0x90, 0x0a, 0x15, 0xd8, 0xd5, 0x02, 0xf7, 0x74,
+    0xb8, 0x46, 0x84, 0xc3, 0x61, 0x17, 0x26, 0x0f,
+    0xe4, 0xde, 0x1a, 0xcf, 0x42, 0x53, 0x63, 0x2f,
+    0x8d, 0xf7, 0x06, 0x07, 0xc3, 0x33, 0x39, 0x59,
+    0xe9, 0x17, 0xc8, 0x05, 0xd2, 0xa2, 0xae, 0x53,
+    0x2c, 0x7e, 0xd0, 0x9d, 0x5c, 0xb5, 0x42, 0x9f,
+    0x84, 0xd7, 0xfe, 0x93, 0x74, 0xfb, 0xbb, 0xd2,
+    0x1e, 0x57, 0x4e, 0x7f, 0x79, 0xaf, 0xd2, 0xf9,
+    0x5e, 0x41, 0x9e, 0x63, 0x54, 0x61, 0x47, 0x0c,
+    0x92, 0x4c, 0xc9, 0xfe, 0x4f, 0xcb, 0xe5, 0x8e,
+    0x65, 0xb3, 0x97, 0x1b, 0xd8, 0xd1, 0x62, 0xfd
+#else
+    0x30, 0x82, 0x0a, 0x34, 0x30, 0x0d, 0x06, 0x0b,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x08, 0x07, 0x03, 0x82, 0x0a, 0x21, 0x00,
+    0x7f, 0x5f, 0x63, 0x81, 0x6f, 0x04, 0x4c, 0xec,
+    0xa8, 0xaf, 0x7b, 0x99, 0x41, 0xc6, 0xff, 0xdf,
+    0x77, 0x66, 0x28, 0xc0, 0xe2, 0x58, 0xea, 0x9c,
+    0x60, 0xbb, 0x03, 0x3e, 0xca, 0xa8, 0x38, 0x64,
+    0xfb, 0xf7, 0x1b, 0x3f, 0xec, 0xfd, 0x0f, 0xf1,
+    0x9c, 0xe4, 0xfd, 0xad, 0x83, 0xf7, 0x03, 0x66,
+    0x6e, 0x7f, 0x4d, 0x42, 0xab, 0x6b, 0x73, 0x26,
+    0xde, 0x6f, 0x8c, 0xc4, 0xca, 0x21, 0x66, 0x31,
+    0x79, 0x57, 0x88, 0xcb, 0x1e, 0xab, 0xda, 0x1d,
+    0x56, 0x70, 0xd9, 0x83, 0xa1, 0xb4, 0x83, 0xce,
+    0xcc, 0x0f, 0xeb, 0xd6, 0x63, 0xbd, 0xf6, 0x02,
+    0x5d, 0x5b, 0x0c, 0x17, 0x3c, 0x3e, 0x15, 0x02,
+    0x22, 0xa1, 0x5d, 0xb5, 0xc5, 0x81, 0x28, 0x95,
+    0x0b, 0x34, 0x2b, 0x96, 0x0a, 0xae, 0x6a, 0xa8,
+    0xb5, 0x1d, 0x56, 0xbb, 0x7d, 0x83, 0x9a, 0x15,
+    0xad, 0x63, 0x9e, 0x86, 0x8c, 0x6e, 0x6a, 0xa8,
+    0xde, 0x55, 0xd0, 0xce, 0xc0, 0x2e, 0x05, 0xfe,
+    0x1f, 0x4d, 0xd7, 0x12, 0xa4, 0x5a, 0xe9, 0x04,
+    0x0d, 0x20, 0x84, 0x90, 0xb9, 0xca, 0x64, 0xe4,
+    0xad, 0x2e, 0x74, 0x4b, 0x1d, 0x2f, 0xcc, 0xac,
+    0xd8, 0x1a, 0x5e, 0xb2, 0x78, 0xbe, 0x61, 0xf7,
+    0x36, 0xa3, 0xd1, 0x93, 0x86, 0xb5, 0x15, 0xf1,
+    0x74, 0xf8, 0x9f, 0x6d, 0x6a, 0x8f, 0x6d, 0x86,
+    0x8b, 0x36, 0x61, 0x10, 0xc9, 0x1a, 0x31, 0x39,
+    0x09, 0xe6, 0x15, 0xa0, 0xb1, 0xfa, 0x69, 0xd4,
+    0xc2, 0xb2, 0x56, 0x4c, 0x06, 0x33, 0x13, 0xc4,
+    0x78, 0x53, 0x16, 0xfc, 0x52, 0x99, 0xe6, 0x27,
+    0xc9, 0x3b, 0x24, 0x5c, 0x3e, 0x85, 0x73, 0x76,
+    0x61, 0xa3, 0x61, 0xf0, 0x95, 0xd5, 0xb2, 0xf5,
+    0x21, 0xe7, 0x09, 0xc3, 0x0c, 0x5c, 0xb0, 0x36,
+    0xce, 0x45, 0x68, 0x41, 0x45, 0xcb, 0x1c, 0x36,
+    0x2f, 0x3a, 0x00, 0x07, 0x56, 0xbe, 0x61, 0xd2,
+    0x77, 0x37, 0x63, 0xa4, 0xdb, 0xfa, 0xa9, 0x6b,
+    0x37, 0x90, 0x35, 0xd1, 0x1e, 0x27, 0x5b, 0x3e,
+    0xc0, 0x0a, 0x02, 0x64, 0xe4, 0x58, 0x49, 0xab,
+    0x2d, 0xc1, 0x38, 0x29, 0x3d, 0x44, 0xf9, 0xac,
+    0xb7, 0x65, 0xd1, 0x5f, 0xf8, 0xce, 0x52, 0x76,
+    0x22, 0x15, 0x61, 0x02, 0x1f, 0xa7, 0xcd, 0xff,
+    0xeb, 0xa6, 0x7f, 0x6b, 0xba, 0x75, 0xe3, 0x09,
+    0x01, 0x06, 0x41, 0x20, 0x88, 0x75, 0x64, 0x6b,
+    0x97, 0x38, 0x13, 0xab, 0x4c, 0x0a, 0xd4, 0x7e,
+    0xd2, 0xfa, 0x78, 0xe8, 0x9f, 0x5d, 0xf9, 0x53,
+    0x30, 0x17, 0xf1, 0x10, 0x9e, 0x4a, 0x32, 0x17,
+    0x3a, 0x9b, 0xb9, 0x25, 0x8e, 0xeb, 0xd9, 0x41,
+    0x01, 0xa2, 0xc6, 0x58, 0x4a, 0x9f, 0xc3, 0x73,
+    0xfd, 0xe2, 0xe4, 0x2c, 0x92, 0xb4, 0xa2, 0x3d,
+    0x0f, 0x1f, 0x37, 0x64, 0xf1, 0x17, 0x2a, 0x8c,
+    0xc6, 0xb5, 0xb0, 0x69, 0x7d, 0xfe, 0x08, 0xe0,
+    0x8e, 0xaa, 0xe0, 0x08, 0xd5, 0x28, 0x92, 0x51,
+    0x73, 0x8a, 0x2f, 0x7a, 0x4a, 0xbf, 0x52, 0x8d,
+    0x3e, 0x9b, 0x36, 0x6a, 0xfb, 0x19, 0xf0, 0xea,
+    0xfe, 0x05, 0xbd, 0x2d, 0xa9, 0x58, 0x48, 0x02,
+    0xa8, 0x20, 0x9e, 0xdc, 0x04, 0x57, 0xc2, 0x0c,
+    0xae, 0xc1, 0x03, 0xe7, 0x17, 0x48, 0x80, 0x00,
+    0x8d, 0x1b, 0xd0, 0xc5, 0xdc, 0x2a, 0x02, 0x6e,
+    0x8e, 0x54, 0xf3, 0x79, 0x31, 0x02, 0x93, 0xc5,
+    0xf2, 0x55, 0xea, 0x61, 0xd0, 0xb2, 0x8e, 0xc9,
+    0x74, 0x17, 0x0d, 0x38, 0xf8, 0xab, 0xf4, 0x42,
+    0xd4, 0xc2, 0xdc, 0xf7, 0x1b, 0xdb, 0x65, 0x36,
+    0x9f, 0x56, 0xe2, 0xeb, 0xf7, 0xe5, 0x2d, 0x45,
+    0xae, 0xc0, 0x95, 0xbc, 0xe4, 0x1f, 0x22, 0xdc,
+    0x0f, 0x54, 0xed, 0x14, 0xb8, 0xf1, 0x2f, 0x5d,
+    0xd1, 0x79, 0xa0, 0x81, 0x17, 0x71, 0xa1, 0xd6,
+    0xf0, 0x88, 0x9c, 0x1c, 0xc7, 0x95, 0x07, 0xb0,
+    0xea, 0xf7, 0xd3, 0xa2, 0x55, 0xfe, 0x85, 0x65,
+    0x42, 0x06, 0xec, 0xd2, 0xbe, 0x03, 0x8f, 0x63,
+    0x84, 0x4b, 0xb1, 0x47, 0x48, 0x20, 0x71, 0xd2,
+    0xdf, 0xc9, 0x59, 0xb0, 0x24, 0x8a, 0x6e, 0xf9,
+    0x4a, 0xa1, 0x7b, 0xed, 0x11, 0xb6, 0xf9, 0x9b,
+    0xf7, 0x93, 0x0e, 0xcb, 0x7a, 0x32, 0x22, 0x23,
+    0x4e, 0x86, 0xce, 0xad, 0x9d, 0x1b, 0x84, 0x57,
+    0xaf, 0xa5, 0x04, 0x03, 0x0a, 0xc9, 0x04, 0x97,
+    0xd0, 0xce, 0x8e, 0x2a, 0x9a, 0x00, 0x15, 0xeb,
+    0xac, 0x96, 0x57, 0xde, 0xe6, 0xc1, 0x2d, 0xbd,
+    0xfc, 0xd6, 0x95, 0x0f, 0x5f, 0x19, 0xac, 0xaf,
+    0x6c, 0xd8, 0xa6, 0x1e, 0xd8, 0xdb, 0x14, 0xfd,
+    0xba, 0x0f, 0xd0, 0x3f, 0x61, 0xe3, 0x76, 0xfc,
+    0x47, 0x61, 0x07, 0x24, 0x49, 0x17, 0xca, 0x24,
+    0x31, 0x16, 0x26, 0x4f, 0xdc, 0x2b, 0x39, 0xae,
+    0x5f, 0xfa, 0x4f, 0x82, 0xef, 0xe1, 0x41, 0x8c,
+    0x3e, 0x8e, 0xa7, 0x6c, 0xf2, 0x51, 0xf7, 0x85,
+    0x35, 0x6c, 0xad, 0xea, 0x32, 0x35, 0xf3, 0xc0,
+    0x14, 0x17, 0xe2, 0x98, 0x27, 0x36, 0x7e, 0x60,
+    0x2f, 0x01, 0x60, 0x3e, 0x18, 0xf4, 0x4e, 0xe0,
+    0xf5, 0x14, 0x21, 0x81, 0x05, 0x78, 0x1c, 0x5f,
+    0x4e, 0x89, 0xbb, 0x23, 0x60, 0xb1, 0x8f, 0x07,
+    0x53, 0x16, 0x6e, 0xfb, 0x86, 0x07, 0x90, 0xff,
+    0xa6, 0x27, 0x60, 0xe6, 0x3e, 0x92, 0x2a, 0x3c,
+    0xa3, 0x57, 0xec, 0x97, 0x23, 0xaf, 0xd2, 0x44,
+    0xac, 0x09, 0x87, 0xb0, 0x54, 0xe9, 0x5b, 0x50,
+    0x37, 0xfa, 0x12, 0xa4, 0xcb, 0x6f, 0xed, 0x9f,
+    0x29, 0x73, 0xa7, 0x09, 0x29, 0x91, 0x93, 0x5c,
+    0x54, 0xf4, 0x44, 0xc2, 0x04, 0x64, 0xfc, 0xd2,
+    0xf2, 0x0a, 0x0b, 0x45, 0x1f, 0xc5, 0x18, 0xf0,
+    0xff, 0x10, 0x1f, 0x3a, 0x97, 0xf8, 0xb1, 0x83,
+    0x0e, 0x08, 0xe2, 0x55, 0x75, 0x6a, 0x45, 0x96,
+    0xf8, 0x1b, 0xdc, 0xb6, 0x57, 0x83, 0x8c, 0x28,
+    0xc0, 0x4a, 0x57, 0xc6, 0xfb, 0x27, 0x3d, 0xfa,
+    0x5a, 0x0d, 0x69, 0x56, 0x23, 0x66, 0x02, 0x78,
+    0xca, 0xf1, 0xfa, 0xcb, 0xc1, 0xf6, 0x92, 0x1c,
+    0xa0, 0xe3, 0x09, 0x7d, 0x48, 0x5e, 0x86, 0xa0,
+    0x82, 0xa8, 0xf1, 0x1e, 0xe1, 0xfe, 0xc6, 0x9d,
+    0x4f, 0x2e, 0xf4, 0xfc, 0xc6, 0x48, 0x1d, 0xc1,
+    0x2a, 0x6a, 0xb7, 0xea, 0x46, 0x89, 0x04, 0xe9,
+    0xbd, 0xf1, 0xed, 0x16, 0x76, 0xd8, 0x4b, 0x42,
+    0xd5, 0x43, 0xa4, 0xfb, 0x02, 0x01, 0x54, 0x00,
+    0xaf, 0x55, 0x52, 0x27, 0xff, 0x00, 0xe2, 0xbb,
+    0x4a, 0xf2, 0x69, 0xb4, 0x4e, 0x6c, 0x6b, 0xa3,
+    0x96, 0x4f, 0xf4, 0x65, 0x90, 0x2d, 0xc8, 0x57,
+    0x1f, 0xb2, 0xf0, 0x86, 0x7b, 0x93, 0x09, 0x49,
+    0x31, 0xc4, 0xf4, 0x8f, 0xc8, 0x2d, 0xac, 0x1d,
+    0xfc, 0xba, 0xa4, 0xa5, 0x41, 0x90, 0x76, 0x7d,
+    0x9e, 0x47, 0xdc, 0x10, 0xe6, 0x0c, 0xf7, 0x0f,
+    0xa4, 0xba, 0x4f, 0xe2, 0x46, 0x38, 0x4c, 0x28,
+    0xa0, 0x57, 0xb5, 0x3c, 0xb3, 0x4b, 0x8f, 0x03,
+    0x04, 0xff, 0xf6, 0xec, 0x60, 0x90, 0x62, 0xfe,
+    0x74, 0x76, 0x48, 0xb3, 0xf4, 0x0a, 0x6a, 0x5a,
+    0x5b, 0xad, 0xc8, 0x54, 0x62, 0x11, 0x52, 0xd9,
+    0x84, 0x1a, 0x09, 0x4b, 0xca, 0x66, 0xaa, 0x3c,
+    0x36, 0x08, 0x9d, 0x58, 0xd0, 0x4a, 0x3a, 0x8b,
+    0x24, 0xe0, 0x80, 0x9f, 0xe3, 0x76, 0xb6, 0x07,
+    0xb1, 0xbc, 0x00, 0x98, 0xb0, 0xc1, 0xe0, 0xf6,
+    0x1f, 0x4d, 0xa8, 0xd1, 0x69, 0x44, 0x9c, 0x33,
+    0xb0, 0x0f, 0x9c, 0xc9, 0x0c, 0x8c, 0xbc, 0x03,
+    0x58, 0x81, 0x76, 0xab, 0x0d, 0xef, 0x25, 0x5a,
+    0xf6, 0xab, 0x3b, 0xf1, 0x1f, 0x97, 0x12, 0x8e,
+    0x7f, 0x28, 0x77, 0x26, 0x18, 0xc4, 0xc4, 0xda,
+    0x2c, 0x43, 0x57, 0xd2, 0x1f, 0x67, 0x95, 0x40,
+    0x2c, 0x94, 0x41, 0x69, 0x22, 0x8a, 0x24, 0xd9,
+    0xc7, 0xfc, 0xea, 0x49, 0x83, 0x8f, 0x5d, 0x2e,
+    0x9d, 0xac, 0x17, 0xb6, 0xe0, 0xc4, 0xe7, 0xe6,
+    0xd5, 0xc2, 0x73, 0xa1, 0x8f, 0x33, 0x14, 0x02,
+    0xae, 0x01, 0x9f, 0x6f, 0x40, 0x92, 0x4e, 0x03,
+    0xc2, 0xa9, 0xf1, 0x36, 0x78, 0xe4, 0xde, 0x39,
+    0x4d, 0x29, 0x2e, 0xc2, 0x00, 0x93, 0x79, 0xe4,
+    0xb2, 0x29, 0x4b, 0x81, 0x5c, 0x06, 0x06, 0xbc,
+    0xc1, 0x01, 0x1c, 0xa7, 0x08, 0xf7, 0x47, 0x1f,
+    0x52, 0x4f, 0xdf, 0x94, 0x1e, 0xe6, 0x89, 0xe6,
+    0x26, 0x71, 0x2e, 0xa2, 0xd2, 0xfe, 0x04, 0xf2,
+    0x12, 0x4c, 0x06, 0x78, 0x34, 0xc0, 0xb9, 0x76,
+    0x62, 0x3b, 0x72, 0x25, 0x8c, 0x0d, 0x73, 0x24,
+    0xcf, 0x4b, 0x4c, 0x47, 0x20, 0x9d, 0x04, 0x7f,
+    0x86, 0x2c, 0x45, 0xb8, 0xfe, 0xb2, 0xaa, 0x36,
+    0xf8, 0xe0, 0x24, 0x25, 0x05, 0x23, 0x12, 0x16,
+    0xbf, 0x64, 0x10, 0xdd, 0xe4, 0xc0, 0xb0, 0x85,
+    0xa7, 0xd3, 0xd1, 0x18, 0x1b, 0x81, 0x6b, 0x94,
+    0xfd, 0x07, 0x43, 0xdd, 0x12, 0x37, 0x78, 0x69,
+    0xec, 0x8c, 0xd0, 0x41, 0x2c, 0x42, 0x94, 0x3e,
+    0x9f, 0xe3, 0x49, 0xb3, 0xb8, 0x45, 0x0b, 0x1d,
+    0xc1, 0x9b, 0x4d, 0x21, 0x85, 0x62, 0xea, 0xd1,
+    0xc9, 0x12, 0x30, 0x8c, 0x4b, 0x63, 0xeb, 0x7d,
+    0x02, 0x52, 0x15, 0xa1, 0x95, 0x48, 0x9f, 0xc2,
+    0xce, 0xf3, 0x4b, 0xff, 0x5a, 0xb6, 0x8f, 0xce,
+    0xcd, 0x42, 0x21, 0x40, 0x82, 0xad, 0x08, 0x99,
+    0x4d, 0x24, 0x58, 0x25, 0xf3, 0x7e, 0x42, 0x86,
+    0x06, 0x33, 0x1f, 0x53, 0xbb, 0x07, 0x33, 0xca,
+    0xc0, 0x02, 0x18, 0x30, 0x3c, 0xc5, 0x67, 0x1c,
+    0x32, 0x3f, 0x2d, 0x58, 0x4c, 0x24, 0x6e, 0x60,
+    0x96, 0x1a, 0xf4, 0xd0, 0x55, 0xb8, 0x84, 0xf0,
+    0xb9, 0x83, 0xbf, 0x3d, 0x37, 0xe4, 0xa6, 0x06,
+    0x1c, 0xd1, 0xd7, 0x91, 0x24, 0xdc, 0x3f, 0xcc,
+    0x71, 0xf3, 0x0c, 0x90, 0x2c, 0x1d, 0x2f, 0x90,
+    0xc8, 0x3c, 0x6f, 0x2c, 0x5d, 0xad, 0x8c, 0xdf,
+    0xbb, 0x0d, 0x2a, 0x7f, 0x4a, 0x34, 0x5a, 0xd9,
+    0x83, 0xfd, 0x61, 0x36, 0xe0, 0x0a, 0xb3, 0xf6,
+    0x69, 0xb1, 0xaf, 0x81, 0x22, 0xd6, 0x9e, 0x9a,
+    0xf8, 0xa6, 0x24, 0x8e, 0x0c, 0xcb, 0x25, 0xc2,
+    0xfc, 0xc5, 0x94, 0xbd, 0x23, 0x9c, 0xa9, 0xbd,
+    0x76, 0x28, 0xa4, 0x55, 0x92, 0x7c, 0xe6, 0x76,
+    0xf7, 0x30, 0xf8, 0x7d, 0xdc, 0x0a, 0x93, 0x9e,
+    0x7c, 0x39, 0x0a, 0x70, 0xa0, 0xb2, 0x77, 0xe0,
+    0x7a, 0x89, 0x50, 0xce, 0x75, 0xca, 0x2f, 0xa4,
+    0x12, 0x0e, 0xcb, 0x75, 0x1f, 0x0a, 0x83, 0xe8,
+    0x14, 0x80, 0xa7, 0xb0, 0xe8, 0x11, 0xca, 0x12,
+    0x5e, 0xf7, 0x31, 0x65, 0xbd, 0x20, 0x3d, 0x8c,
+    0xa6, 0x89, 0x83, 0x68, 0x66, 0x03, 0x28, 0x49,
+    0x17, 0xc4, 0x3f, 0x43, 0x02, 0x9b, 0xf8, 0xed,
+    0xae, 0x8e, 0x68, 0xbc, 0x8e, 0x39, 0xe7, 0x15,
+    0x32, 0x45, 0x66, 0x2c, 0x1f, 0xce, 0x56, 0xc7,
+    0xc0, 0x15, 0x52, 0x19, 0x40, 0xcf, 0x87, 0x20,
+    0xcd, 0x3d, 0xec, 0x90, 0x8d, 0x04, 0x01, 0x31,
+    0x0b, 0x74, 0x80, 0x6e, 0x61, 0xa7, 0xf3, 0x4c,
+    0xb2, 0x16, 0x00, 0xd5, 0xdb, 0xcc, 0xbb, 0x2c,
+    0x9f, 0xb6, 0x02, 0x4a, 0xcf, 0x71, 0x06, 0xfd,
+    0x60, 0xe0, 0x00, 0xbe, 0x22, 0xba, 0x39, 0x36,
+    0xa8, 0x7e, 0xe5, 0xcb, 0xea, 0x87, 0xb1, 0xee,
+    0xa2, 0x6c, 0x85, 0x94, 0x18, 0x6c, 0xab, 0x9a,
+    0x93, 0xa7, 0xab, 0x4e, 0x3b, 0x85, 0xf3, 0xef,
+    0x8f, 0x15, 0x74, 0x21, 0x9f, 0x5d, 0x9c, 0x22,
+    0x32, 0x71, 0xb5, 0x4d, 0x7f, 0xaa, 0x85, 0xe0,
+    0x05, 0x2a, 0x53, 0xbb, 0x3c, 0xab, 0xc3, 0xd2,
+    0x73, 0x6e, 0x97, 0xa3, 0xfd, 0x05, 0x58, 0xaa,
+    0x49, 0xc8, 0x69, 0xa9, 0x0b, 0x73, 0xd4, 0xe9,
+    0x1d, 0x84, 0x60, 0x34, 0x2a, 0x09, 0xb3, 0x0f,
+    0x08, 0x13, 0x67, 0x77, 0xb3, 0x24, 0xdf, 0xad,
+    0xbf, 0x51, 0x71, 0x2b, 0xbe, 0x4f, 0x5d, 0xf4,
+    0xe7, 0x25, 0x4c, 0x24, 0xa2, 0x4a, 0x22, 0xec,
+    0xcc, 0x7c, 0x6c, 0x62, 0xee, 0x47, 0x12, 0x43,
+    0x88, 0xe4, 0x71, 0xaa, 0x63, 0xaa, 0x2b, 0xed,
+    0x70, 0xbf, 0x26, 0x37, 0xcc, 0xa4, 0xff, 0xe9,
+    0xb6, 0x65, 0x31, 0x4d, 0x0d, 0x32, 0xd6, 0x84,
+    0xb8, 0xab, 0x98, 0xa7, 0x10, 0x44, 0x77, 0xc7,
+    0x2a, 0x60, 0xf0, 0xf5, 0xd5, 0xd4, 0x3a, 0x73,
+    0x11, 0xa5, 0x1b, 0x18, 0x3c, 0x13, 0xfb, 0xda,
+    0x76, 0x9d, 0xeb, 0x3e, 0xb9, 0x7a, 0xce, 0x02,
+    0xa7, 0x5e, 0x25, 0x96, 0xd2, 0xbc, 0x85, 0x1a,
+    0xd1, 0xa4, 0xe2, 0x02, 0x15, 0x08, 0x49, 0x16,
+    0x7c, 0xaf, 0xc6, 0x38, 0x7b, 0x95, 0xf9, 0x37,
+    0xc0, 0x87, 0x73, 0x6f, 0x01, 0xcd, 0x2b, 0xf1,
+    0xe7, 0x6e, 0x47, 0x18, 0x30, 0xb8, 0x16, 0x87,
+    0x1d, 0x23, 0x62, 0x22, 0x85, 0x92, 0x69, 0x46,
+    0x9c, 0x65, 0xd8, 0xf1, 0x27, 0x32, 0xe4, 0x16,
+    0x7f, 0x9a, 0xba, 0x46, 0x61, 0x60, 0x34, 0xe5,
+    0xc0, 0x14, 0xb5, 0xde, 0x4d, 0xd1, 0x71, 0x39,
+    0x26, 0xdc, 0x0c, 0x0a, 0x53, 0x9e, 0x31, 0x10,
+    0x45, 0x7a, 0xf9, 0xc8, 0xfa, 0x1d, 0x69, 0x5e,
+    0x25, 0xc1, 0xe2, 0x00, 0xbf, 0x94, 0xa3, 0xa2,
+    0x97, 0xca, 0xb4, 0x6a, 0x89, 0x68, 0xdd, 0xed,
+    0x6b, 0x99, 0x5a, 0x87, 0x9e, 0xe9, 0x68, 0xe4,
+    0xf2, 0xc2, 0x7e, 0x37, 0x02, 0xdf, 0x96, 0x1a,
+    0x5b, 0xed, 0xa1, 0xe8, 0xdf, 0x3c, 0xf7, 0xd2,
+    0x25, 0xac, 0xf7, 0x4a, 0x7f, 0x10, 0x27, 0x2b,
+    0x02, 0xc7, 0x95, 0x10, 0x5a, 0xb5, 0xb0, 0xcd,
+    0xa9, 0xe1, 0x36, 0xe2, 0x1c, 0x87, 0x99, 0x0e,
+    0x0a, 0x44, 0xec, 0x97, 0x75, 0xa7, 0x03, 0x27,
+    0x38, 0x3b, 0x16, 0x30, 0x00, 0x98, 0xbe, 0x77,
+    0xfe, 0x3a, 0xac, 0x6f, 0x8f, 0x4d, 0xe1, 0xa9,
+    0x9c, 0xba, 0x39, 0x52, 0xe8, 0xf7, 0xe4, 0xe6,
+    0xf9, 0xe9, 0xb3, 0x57, 0x82, 0xb2, 0x23, 0xd6,
+    0xa5, 0x14, 0xc0, 0x78, 0xb4, 0xa0, 0xf9, 0x96,
+    0xe4, 0x03, 0xe8, 0x6c, 0x27, 0xd8, 0x37, 0x7c,
+    0x8f, 0xf4, 0x80, 0x09, 0x09, 0xc9, 0x32, 0x15,
+    0xe0, 0x3f, 0x37, 0xa7, 0x1a, 0x5f, 0x8c, 0xfb,
+    0xdd, 0xfe, 0x6b, 0x34, 0x28, 0x53, 0x03, 0x4b,
+    0x39, 0x91, 0xf2, 0x48, 0x4c, 0x2a, 0x45, 0xfe,
+    0x66, 0xf7, 0x23, 0x74, 0xb8, 0x30, 0x70, 0xb4,
+    0x0c, 0x2c, 0x65, 0xb1, 0x4e, 0x32, 0x0f, 0x50,
+    0xbb, 0x46, 0x9b, 0x03, 0x34, 0x38, 0xfb, 0xe4,
+    0x25, 0x37, 0x8d, 0x0f, 0xa1, 0x41, 0x50, 0x85,
+    0x92, 0x07, 0x71, 0xff, 0x3c, 0xe6, 0xd9, 0x1d,
+    0x55, 0xb7, 0x10, 0x9c, 0xea, 0x70, 0x5f, 0xa3,
+    0xba, 0x84, 0x99, 0x91, 0x30, 0x3d, 0x4c, 0x98,
+    0x0b, 0x1f, 0x1f, 0xcc, 0x17, 0x94, 0xdd, 0x78,
+    0x7d, 0x50, 0xe5, 0xf5, 0x21, 0x88, 0x5a, 0x52,
+    0x76, 0x5a, 0x97, 0xbe, 0xba, 0xa9, 0xfe, 0x82,
+    0x8a, 0xb5, 0x46, 0xcf, 0x9c, 0xbe, 0xe8, 0x2f,
+    0x01, 0x2f, 0x6a, 0x03, 0x8a, 0xfa, 0x4b, 0x0b,
+    0xdc, 0x78, 0x79, 0x9c, 0x49, 0xc4, 0x01, 0x26,
+    0x16, 0x58, 0xc6, 0xb8, 0xee, 0x6c, 0xc9, 0xa9,
+    0x38, 0x7c, 0xcf, 0xf3, 0xf8, 0xd0, 0x6b, 0x99,
+    0x43, 0x13, 0xe0, 0x43, 0x8e, 0xfb, 0xb2, 0xdb,
+    0x61, 0x67, 0xf4, 0xfc, 0x01, 0x21, 0xd9, 0xb1,
+    0x1e, 0x6c, 0x6f, 0x2a, 0x9a, 0x4b, 0x86, 0x3c,
+    0x62, 0x03, 0x53, 0x83, 0x11, 0x18, 0x1a, 0x59,
+    0x9e, 0x25, 0xfe, 0xdb, 0x85, 0xd0, 0xee, 0x7c,
+    0x97, 0x72, 0xca, 0xf3, 0x0d, 0xd4, 0x19, 0x66,
+    0x14, 0xaf, 0x46, 0x68, 0x75, 0xdb, 0x8f, 0x5f,
+    0x77, 0x7f, 0xfe, 0xa9, 0xe6, 0xa1, 0x9e, 0x46,
+    0x5e, 0x92, 0xda, 0xea, 0xdd, 0x89, 0x01, 0xd9,
+    0xab, 0x25, 0x7d, 0xb4, 0x64, 0x50, 0x8f, 0xa3,
+    0xbe, 0xe2, 0x03, 0xd5, 0xc6, 0x9c, 0xc2, 0xf8,
+    0xac, 0xa4, 0x36, 0xa9, 0x37, 0x10, 0x59, 0x00,
+    0x45, 0xbb, 0x55, 0x33, 0xb9, 0x6f, 0xbc, 0xa2,
+    0x02, 0x9e, 0xa3, 0x1d, 0xf4, 0x17, 0x78, 0x9b,
+    0xbc, 0x42, 0x4e, 0x21, 0xc3, 0xde, 0xb5, 0x70,
+    0x4a, 0x23, 0x1e, 0xd4, 0x36, 0x5d, 0x7a, 0x08,
+    0x37, 0x55, 0x98, 0x07, 0xa0, 0x16, 0xa3, 0x4e,
+    0xa1, 0x2b, 0x96, 0x8b, 0x51, 0x63, 0x48, 0xab,
+    0xc9, 0x19, 0x6f, 0x5f, 0x25, 0x9d, 0xe7, 0x25,
+    0x63, 0xf0, 0x8e, 0xdb, 0x06, 0x2d, 0x42, 0x31,
+    0xfd, 0x14, 0x2b, 0x7a, 0x31, 0x43, 0x04, 0xd5,
+    0xe2, 0x89, 0x2e, 0xa8, 0xe4, 0x6e, 0xd5, 0xa5,
+    0x21, 0x67, 0x9b, 0x92, 0x61, 0x79, 0xdd, 0xe5,
+    0x44, 0x43, 0x45, 0x57, 0x13, 0xec, 0x04, 0xc1,
+    0x41, 0xa3, 0x14, 0x70, 0x86, 0xda, 0x76, 0x5d,
+    0xe8, 0x61, 0xd2, 0xfb, 0x7b, 0xe4, 0x71, 0x46,
+    0xa3, 0x52, 0xbf, 0xf2, 0xa0, 0x3c, 0xc1, 0x90,
+    0x0c, 0x2e, 0xeb, 0xb3, 0x38, 0xae, 0x13, 0x27,
+    0x84, 0xe9, 0x7a, 0xd6, 0x02, 0x40, 0x84, 0xff,
+    0x87, 0x1f, 0x37, 0x44, 0xd8, 0x2e, 0x93, 0xf7,
+    0x0a, 0xff, 0x5b, 0x4d, 0x07, 0x82, 0xfd, 0x6e,
+    0x44, 0xcc, 0x19, 0xc3, 0x7d, 0x7c, 0x31, 0xf9,
+    0x0e, 0xa8, 0x1c, 0x0d, 0xcb, 0x8e, 0xe8, 0x33,
+    0xb2, 0xff, 0x9e, 0x1d, 0x99, 0x7c, 0x46, 0x5b,
+    0xc7, 0x28, 0xec, 0x01, 0x62, 0x82, 0xfe, 0x2a,
+    0x22, 0xa3, 0x86, 0x4e, 0x47, 0xe2, 0x57, 0xf1,
+    0xb4, 0x58, 0x94, 0x89, 0xe5, 0xf1, 0xcd, 0x4d,
+    0x90, 0xd1, 0xa4, 0x4c, 0x34, 0x5d, 0xde, 0xdc,
+    0x39, 0x63, 0x8b, 0x85, 0xfd, 0x02, 0x21, 0xf1,
+    0x12, 0xa3, 0x6d, 0x65, 0x0f, 0x8d, 0xe5, 0xcd,
+    0x70, 0xd5, 0x1d, 0xf8, 0x65, 0x99, 0xfb, 0xe8,
+    0xb5, 0x5a, 0x09, 0x39, 0x9e, 0x09, 0x45, 0x62,
+    0x22, 0x1d, 0xa2, 0x46, 0xbf, 0x75, 0x20, 0xd1,
+    0xe7, 0xb0, 0x06, 0x68, 0xc3, 0x50, 0x48, 0xfc,
+    0xf8, 0x5c, 0x67, 0x69, 0x68, 0x66, 0xb6, 0x81,
+    0x95, 0x91, 0x81, 0x3d, 0xf6, 0x34, 0xd9, 0x4b,
+    0x06, 0x35, 0x17, 0x59, 0x89, 0x18, 0x74, 0x32,
+    0x50, 0xcf, 0x81, 0x16, 0x8e, 0x53, 0x9d, 0x1c,
+    0xad, 0x2d, 0x8e, 0x16, 0x41, 0xda, 0xca, 0xab,
+    0x78, 0x0d, 0xc9, 0x49, 0x61, 0xaa, 0x18, 0xf4,
+    0x56, 0x48, 0x29, 0x8c, 0xe3, 0x9a, 0x7d, 0x58,
+    0xf8, 0x99, 0x72, 0xf1, 0x78, 0xa8, 0x5a, 0x97,
+    0xe3, 0x2a, 0xc6, 0xa9, 0x59, 0xde, 0xcc, 0x62,
+    0xfb, 0xab, 0xc5, 0x9a, 0x0b, 0xc7, 0x16, 0x8f,
+    0x18, 0x20, 0x6e, 0x01, 0x7e, 0x04, 0xef, 0x72,
+    0x83, 0x61, 0xb8, 0x1a, 0x77, 0x0f, 0xd1, 0xa9,
+    0x75, 0xe0, 0x4a, 0x11, 0x69, 0x9d, 0xb6, 0xc9,
+    0x2e, 0xd3, 0xbf, 0xe2, 0x5b, 0x24, 0x77, 0x30,
+    0x85, 0x91, 0xef, 0xa8, 0x93, 0x4e, 0xad, 0x99,
+    0xad, 0xcb, 0x6d, 0x9d, 0x8f, 0xd8, 0x0f, 0xe5,
+    0x41, 0xd9, 0x9e, 0x0b, 0xce, 0x33, 0xd9, 0xbb,
+    0x87, 0x66, 0x2c, 0xa3, 0x0b, 0x68, 0x1b, 0xb0,
+    0x71, 0x30, 0xfa, 0x15, 0x2e, 0xe8, 0xc1, 0x99,
+    0x71, 0x01, 0xcc, 0xdb, 0x6f, 0x9f, 0x8a, 0xfd,
+    0xb4, 0x0f, 0x35, 0xa1, 0x36, 0xf4, 0x3a, 0xc4,
+    0x17, 0x77, 0x43, 0x60, 0x10, 0x18, 0xb4, 0xc2,
+    0xe5, 0xc0, 0x64, 0xd8, 0x38, 0x7c, 0x05, 0x9a,
+    0xfb, 0x2b, 0xb3, 0x9b, 0x9e, 0x34, 0x6b, 0x4b,
+    0xc8, 0x3b, 0x77, 0xe0, 0x6f, 0x08, 0xa1, 0x7b,
+    0x66, 0x69, 0x2f, 0xdb, 0x34, 0x9e, 0x98, 0x90,
+    0x5b, 0x4d, 0x7b, 0xa2, 0x32, 0x8e, 0x64, 0xe6,
+    0x0d, 0x75, 0xc9, 0x96, 0xe3, 0x57, 0xba, 0xad,
+    0x3e, 0x3b, 0x23, 0xfb, 0x9e, 0x7f, 0xc0, 0x3c,
+    0xd5, 0x41, 0x9c, 0xfb, 0xbc, 0xb3, 0x52, 0x49
+#endif
+};
+#endif
+
+static int test_wc_dilithium_public_der_decode(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+    dilithium_key* key;
+    word32 idx = 0;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(dilithium_public_der, &idx, key,
+        (word32)sizeof(dilithium_public_der)), 0);
+
+    wc_dilithium_free(key);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wc_dilithium_der(void)
 {
     EXPECT_DECLS;
@@ -32176,15 +33923,15 @@ static int test_wc_dilithium_der(void)
     ExpectIntEQ(wc_dilithium_init(key), 0);
 
     ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
-        1), BAD_FUNC_ARG);
+        1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #ifndef WOLFSSL_NO_ML_DSA_44
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
@@ -32195,24 +33942,24 @@ static int test_wc_dilithium_der(void)
 #endif
 
     ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
-        1), BAD_FUNC_ARG);
+        1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
 
     ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, 0                     ,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , 0                     ,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , der , 0                     ,
-        0), BUFFER_E);
+        0), WC_NO_ERR_TRACE(BUFFER_E));
     /* Get length only. */
     ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0                     ,
         0), pubLen);
@@ -32224,74 +33971,74 @@ static int test_wc_dilithium_der(void)
         1), pubDerLen);
 
     ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL,
-        0                     ), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL,
-        0                     ), BAD_FUNC_ARG);
+        0                     ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntGT(wc_Dilithium_PrivateKeyToDer(key , NULL,
+        0                     ), 0);
     ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der ,
-        0                     ), BAD_FUNC_ARG);
+        0                     ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL,
-        DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG);
+        DILITHIUM_MAX_DER_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der ,
-        DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG);
+        DILITHIUM_MAX_DER_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , der ,
-        0                     ), BAD_FUNC_ARG);
+        0                     ), WC_NO_ERR_TRACE(BUFFER_E));
     /* Get length only. */
     ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL,
         DILITHIUM_MAX_DER_SIZE), privDerLen);
 
     ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, 0                     ),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, 0                     ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntGT(wc_Dilithium_KeyToDer(key , NULL, 0                     ),
+        0           );
     ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , 0                     ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_KeyToDer(key , der , 0                     ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BUFFER_E));
     /* Get length only. */
     ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE),
         keyDerLen);
 
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, 0        ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, NULL, 0        ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, NULL, 0        ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, key , 0        ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, pubDerLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, key , pubDerLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, key , pubDerLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, NULL, pubDerLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, key , 0        ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, 0         ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, NULL, 0         ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, NULL, 0         ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, key , 0         ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, privDerLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, key , privDerLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, key , privDerLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, NULL, privDerLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, key , 0         ),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der,
         DILITHIUM_MAX_DER_SIZE, 0), pubLen);
@@ -32300,6 +34047,15 @@ static int test_wc_dilithium_der(void)
     ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der,
         DILITHIUM_MAX_DER_SIZE, 1), pubDerLen);
     idx = 0;
+{
+    fprintf(stderr, "\n");
+    for (int ii = 0; ii < pubDerLen; ii++) {
+        if ((ii % 8) == 0) fprintf(stderr, "    ");
+        fprintf(stderr, "0x%02x,", der[ii]);
+        if ((ii % 8) == 7) fprintf(stderr, "\n");
+        else               fprintf(stderr, " ");
+    }
+}
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0);
 
     ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der,
@@ -32328,6 +34084,2212 @@ static int test_wc_dilithium_make_key_from_seed(void)
 #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
     !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
     dilithium_key* key;
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte seed_44[] = {
+        0x93, 0xEF, 0x2E, 0x6E, 0xF1, 0xFB, 0x08, 0x99,
+        0x9D, 0x14, 0x2A, 0xBE, 0x02, 0x95, 0x48, 0x23,
+        0x70, 0xD3, 0xF4, 0x3B, 0xDB, 0x25, 0x4A, 0x78,
+        0xE2, 0xB0, 0xD5, 0x16, 0x8E, 0xCA, 0x06, 0x5F
+    };
+    static const byte pk_44[] = {
+        0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48,
+        0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16,
+        0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64,
+        0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7,
+        0x23, 0x0A, 0x19, 0xD7, 0x5A, 0xDB, 0xDE, 0xD5,
+        0x2D, 0xB8, 0x55, 0xE2, 0x52, 0xA7, 0x19, 0xFC,
+        0xBD, 0x14, 0x7B, 0xA6, 0x7B, 0x2F, 0xAD, 0x14,
+        0xED, 0x0E, 0x68, 0xFD, 0xFE, 0x8C, 0x65, 0xBA,
+        0xDE, 0xAC, 0xB0, 0x91, 0x11, 0x93, 0xAD, 0xFA,
+        0x87, 0x94, 0xD7, 0x8F, 0x8E, 0x3D, 0x66, 0x2A,
+        0x1C, 0x49, 0xDA, 0x81, 0x9F, 0xD9, 0x59, 0xE7,
+        0xF0, 0x78, 0xF2, 0x03, 0xC4, 0x56, 0xF8, 0xB6,
+        0xE7, 0xC9, 0x41, 0x58, 0x98, 0xE5, 0x41, 0xC7,
+        0x30, 0x32, 0xDB, 0xD6, 0x19, 0xEA, 0xF6, 0x0F,
+        0x8D, 0x64, 0xF8, 0x68, 0x3D, 0xA9, 0x9E, 0xCA,
+        0x51, 0x22, 0x0B, 0x0A, 0xCA, 0x28, 0x46, 0x40,
+        0x99, 0xF5, 0x47, 0xC0, 0x27, 0x77, 0xBD, 0x37,
+        0xD8, 0x4A, 0x59, 0xBD, 0x37, 0xED, 0x7A, 0x8A,
+        0x92, 0x63, 0x3C, 0x75, 0xD0, 0x7C, 0x79, 0x3F,
+        0xE7, 0x25, 0x2B, 0x58, 0x4A, 0xBF, 0x6A, 0x15,
+        0xEE, 0x14, 0x50, 0x7E, 0x5E, 0x19, 0x3F, 0x89,
+        0x86, 0x4D, 0x09, 0xAC, 0x87, 0x27, 0xA6, 0xD0,
+        0x42, 0x1F, 0x0C, 0x19, 0xF0, 0xE2, 0xFB, 0xFC,
+        0x21, 0x3D, 0x3F, 0xBD, 0x70, 0xF4, 0xF9, 0x76,
+        0x2C, 0xEC, 0xFF, 0x23, 0x1E, 0x9C, 0x8A, 0x76,
+        0x28, 0xD3, 0xF8, 0xB0, 0x85, 0x7B, 0x03, 0x2D,
+        0x32, 0xDE, 0x62, 0xFF, 0x8E, 0xCB, 0xF4, 0x00,
+        0x82, 0x89, 0xBF, 0x34, 0x40, 0x36, 0x65, 0xF8,
+        0x1A, 0x08, 0x1A, 0xD5, 0xA8, 0x5A, 0x28, 0x2F,
+        0x99, 0xBA, 0xB9, 0xE5, 0x38, 0x5A, 0xFB, 0xCC,
+        0xCF, 0x44, 0xB7, 0x4C, 0x01, 0x96, 0xC7, 0x54,
+        0x55, 0x27, 0xEC, 0x30, 0x26, 0xDA, 0x12, 0x80,
+        0xC4, 0xEB, 0x37, 0xD0, 0x9C, 0xFE, 0x3E, 0xC4,
+        0xB4, 0x91, 0x0B, 0x62, 0xEB, 0x98, 0x15, 0xA4,
+        0x25, 0xC6, 0x59, 0x0F, 0xC4, 0xAD, 0x3F, 0xBB,
+        0x22, 0x57, 0x52, 0xCC, 0x1F, 0xC5, 0x69, 0x3F,
+        0x18, 0x7E, 0x7D, 0xEC, 0x4E, 0xEF, 0xBE, 0xB6,
+        0xB9, 0x1B, 0xD9, 0x1C, 0x5E, 0x2E, 0xA6, 0xA9,
+        0x1D, 0x14, 0xD0, 0x97, 0xBE, 0x20, 0x3F, 0xBA,
+        0x0B, 0xF9, 0x37, 0xC9, 0x75, 0x07, 0xDC, 0x00,
+        0x7C, 0x4C, 0xAA, 0x9B, 0x07, 0x85, 0x89, 0x29,
+        0x66, 0xFF, 0x15, 0x90, 0x09, 0x24, 0xE5, 0x79,
+        0xD4, 0xFB, 0xA0, 0x2B, 0xDA, 0x87, 0x55, 0x5F,
+        0x07, 0x3D, 0xAE, 0x00, 0x51, 0x3E, 0x70, 0x80,
+        0x9A, 0xBB, 0xC7, 0x11, 0xFB, 0xA2, 0xE7, 0x64,
+        0x95, 0x77, 0xC4, 0x2A, 0xFD, 0xC2, 0x4B, 0xF7,
+        0x41, 0x3E, 0x51, 0x26, 0x8A, 0xD6, 0xDB, 0x61,
+        0x13, 0xB7, 0xD9, 0x19, 0x1A, 0xF9, 0xD0, 0x61,
+        0xDB, 0xDE, 0xD5, 0xD6, 0x30, 0x87, 0x76, 0x50,
+        0xC1, 0x24, 0xF1, 0x1B, 0xC4, 0xBD, 0xC3, 0xFD,
+        0xC6, 0xA9, 0x00, 0xF6, 0x31, 0x26, 0xF9, 0x21,
+        0xE8, 0x38, 0xAD, 0x0C, 0x22, 0x75, 0xA3, 0x38,
+        0x9A, 0x39, 0xBD, 0x99, 0xA1, 0x34, 0x50, 0x45,
+        0x50, 0x10, 0x1C, 0xD3, 0xE9, 0x5E, 0x6D, 0x14,
+        0x96, 0xBE, 0x7D, 0xE6, 0x62, 0x7D, 0xF4, 0xFD,
+        0x6C, 0x28, 0xBB, 0xF4, 0x0B, 0x30, 0xEF, 0xA9,
+        0xB5, 0xC3, 0xD5, 0xC8, 0x5A, 0xB1, 0x4A, 0x65,
+        0xC0, 0x2D, 0x6D, 0x47, 0x81, 0xFF, 0x13, 0xD3,
+        0x28, 0x60, 0x85, 0x54, 0xB6, 0xD1, 0x5E, 0xD9,
+        0x12, 0x89, 0xA6, 0xD5, 0x5A, 0xAC, 0x0C, 0x38,
+        0xE3, 0x77, 0x06, 0xF7, 0x35, 0x5E, 0x9A, 0x4F,
+        0xDA, 0x61, 0x5B, 0x87, 0x59, 0x26, 0xBF, 0xE5,
+        0xA5, 0x9D, 0x9E, 0xF2, 0x73, 0xBF, 0x94, 0xA0,
+        0x7C, 0xFA, 0x57, 0x31, 0x78, 0xF0, 0xE0, 0x04,
+        0xB6, 0xE1, 0xEF, 0x0A, 0x83, 0x49, 0xE9, 0xBC,
+        0xC0, 0x19, 0x81, 0xF2, 0x46, 0x0F, 0x0A, 0x27,
+        0x43, 0xC2, 0x8D, 0x1E, 0x13, 0x8F, 0xFB, 0x76,
+        0x5E, 0x7E, 0x33, 0x97, 0xB7, 0x91, 0x33, 0x35,
+        0xD4, 0x02, 0xFE, 0x91, 0x80, 0x6A, 0xA8, 0xFC,
+        0x81, 0x92, 0x53, 0xAF, 0x32, 0x69, 0x2F, 0xA6,
+        0x51, 0xE8, 0x67, 0xF5, 0x90, 0x7E, 0xF4, 0x6F,
+        0x00, 0x62, 0x5A, 0x03, 0x0E, 0xC9, 0x04, 0xED,
+        0xAB, 0x21, 0x42, 0x6D, 0x59, 0x11, 0x9D, 0x2C,
+        0xAA, 0x43, 0xBD, 0x93, 0x5D, 0xEC, 0x0A, 0x55,
+        0x0C, 0x61, 0xEE, 0x4B, 0x27, 0x9C, 0x1C, 0xA3,
+        0xA7, 0x9C, 0x79, 0xA6, 0x6E, 0x3F, 0x2D, 0x2F,
+        0xAD, 0xB0, 0x0F, 0x59, 0xA3, 0xA4, 0x38, 0xAA,
+        0x44, 0x57, 0x01, 0x06, 0x07, 0x30, 0x17, 0xFA,
+        0x1C, 0x87, 0x57, 0x50, 0x01, 0x09, 0x72, 0x0D,
+        0x12, 0x5B, 0xBA, 0x23, 0x1A, 0x0C, 0x36, 0x35,
+        0x0C, 0x78, 0x08, 0x6D, 0xFD, 0xC8, 0xD6, 0x13,
+        0xAE, 0xCA, 0x88, 0xC4, 0xCC, 0xAE, 0xB4, 0xA4,
+        0x4D, 0x13, 0xAD, 0xB3, 0xC7, 0x17, 0xD6, 0x5C,
+        0x82, 0xA3, 0x51, 0xB9, 0xB6, 0xEA, 0xBF, 0x6A,
+        0x10, 0xF4, 0xB4, 0xE9, 0x62, 0x3E, 0x3A, 0x95,
+        0xB4, 0xD4, 0x0A, 0x12, 0xA8, 0x18, 0xAC, 0x6B,
+        0x38, 0x22, 0xDB, 0x82, 0xFB, 0x05, 0xDC, 0x42,
+        0x02, 0x64, 0x8B, 0x44, 0x54, 0x68, 0x9A, 0xEB,
+        0x69, 0xEA, 0x32, 0x5F, 0x03, 0xE3, 0x5D, 0xEF,
+        0xA5, 0x47, 0x08, 0x48, 0x14, 0x20, 0xC6, 0xD6,
+        0x97, 0xBB, 0x91, 0x2F, 0xCA, 0x0D, 0x3F, 0x19,
+        0x2E, 0xF2, 0x97, 0xDF, 0xE7, 0x7F, 0xF3, 0x6B,
+        0x21, 0x03, 0xF1, 0xAD, 0x1A, 0xEE, 0xCE, 0xD1,
+        0xC8, 0x14, 0xC2, 0xCD, 0x7E, 0xF1, 0x6B, 0xCE,
+        0x47, 0x6A, 0xD0, 0x4F, 0x94, 0x1A, 0xFC, 0x79,
+        0xE3, 0x29, 0x54, 0x74, 0xA4, 0x10, 0x62, 0x51,
+        0x8C, 0x00, 0x37, 0x86, 0x09, 0x34, 0xF0, 0xE5,
+        0xE6, 0x52, 0xF7, 0x27, 0x49, 0xA6, 0x98, 0x63,
+        0x2A, 0x09, 0x91, 0xF6, 0x13, 0xF5, 0xCB, 0x96,
+        0xCA, 0x11, 0x78, 0xF9, 0x74, 0xF2, 0xC4, 0xAA,
+        0x0C, 0xE6, 0x3D, 0xC2, 0x4E, 0x36, 0x4C, 0x92,
+        0xA6, 0x43, 0xB9, 0x0A, 0x5F, 0x85, 0xA6, 0x2F,
+        0xD4, 0xD8, 0xD2, 0xB1, 0x93, 0xD2, 0x9B, 0x18,
+        0xBE, 0xDE, 0x26, 0x53, 0xFC, 0x5D, 0x3F, 0x24,
+        0xF5, 0xB2, 0xC0, 0x18, 0xDB, 0xBC, 0xB6, 0xEF,
+        0x00, 0xF3, 0x05, 0xBF, 0x93, 0x66, 0x6B, 0xD4,
+        0x7F, 0xEA, 0x91, 0x93, 0xBC, 0x23, 0x3D, 0xB3,
+        0x91, 0x21, 0x44, 0x2E, 0x93, 0x8D, 0xA5, 0xDD,
+        0x07, 0xEE, 0x6E, 0x87, 0x9C, 0x5B, 0x9D, 0xFF,
+        0x41, 0xEC, 0xEE, 0x5E, 0x05, 0x89, 0xAE, 0x61,
+        0x75, 0xFF, 0x5E, 0xC6, 0xF6, 0xD2, 0x62, 0x9F,
+        0x56, 0xB1, 0x8B, 0x4D, 0xE6, 0x6F, 0xCB, 0x13,
+        0xDF, 0x04, 0x00, 0xA7, 0x97, 0xC9, 0x22, 0x70,
+        0xF6, 0x9B, 0xDE, 0xBD, 0xDC, 0xB8, 0x8C, 0x42,
+        0x48, 0x91, 0x9B, 0x56, 0xCD, 0xA7, 0x0B, 0x8A,
+        0xC4, 0xF9, 0x42, 0x9C, 0x29, 0x2D, 0xA9, 0x4D,
+        0x64, 0x78, 0x28, 0x07, 0x64, 0xFE, 0x23, 0x86,
+        0xFC, 0x38, 0xCB, 0x09, 0x31, 0x45, 0x88, 0x39,
+        0xEF, 0x4E, 0x7D, 0xE8, 0xF0, 0x68, 0x9D, 0x99,
+        0x80, 0x59, 0x88, 0xC7, 0xF9, 0x61, 0x11, 0x85,
+        0x2C, 0x89, 0x29, 0xE5, 0xA5, 0x40, 0xD3, 0xB7,
+        0x8D, 0x71, 0x2D, 0xEC, 0xC3, 0x96, 0xFE, 0xF3,
+        0xEC, 0x34, 0x40, 0x21, 0x84, 0xE4, 0xFD, 0x29,
+        0xF3, 0x63, 0xEA, 0x80, 0xF6, 0xFC, 0x50, 0xBA,
+        0x9A, 0x11, 0x35, 0x1A, 0xCE, 0xEA, 0x8F, 0xE6,
+        0x8D, 0x54, 0x1E, 0x1A, 0xA5, 0x84, 0x8D, 0x9F,
+        0x6E, 0x61, 0xDF, 0xB6, 0x2B, 0x2F, 0x23, 0xBC,
+        0x50, 0x81, 0xE8, 0x2F, 0x76, 0x22, 0x6E, 0x03,
+        0x28, 0x49, 0x82, 0xEC, 0x48, 0x48, 0x12, 0x09,
+        0xB1, 0xA7, 0xD4, 0xC8, 0x79, 0x7E, 0x44, 0xBF,
+        0xA8, 0x70, 0xB2, 0x20, 0x04, 0xDB, 0x74, 0xBD,
+        0x7D, 0x47, 0x8D, 0x5B, 0x36, 0x14, 0xD2, 0xB1,
+        0xDA, 0x75, 0x02, 0xB3, 0x98, 0xEB, 0x9D, 0xA8,
+        0x0D, 0x06, 0x46, 0x1E, 0x90, 0xE0, 0x30, 0x60,
+        0x44, 0x6A, 0xB4, 0xA8, 0x23, 0x84, 0x32, 0xBF,
+        0xAF, 0x75, 0x2F, 0x39, 0x17, 0x91, 0x21, 0x4F,
+        0x1E, 0x6B, 0x63, 0x59, 0x0D, 0x53, 0x60, 0x60,
+        0xD1, 0xC2, 0x45, 0x30, 0x7B, 0xC5, 0xC1, 0xBA,
+        0xC4, 0xAA, 0xA0, 0x99, 0xD3, 0x6B, 0xB6, 0xDC,
+        0xBC, 0x97, 0x3C, 0xF2, 0xE6, 0x9F, 0x27, 0x34,
+        0xD0, 0xF2, 0x9A, 0xEE, 0xC4, 0x56, 0x7B, 0x99,
+        0xA1, 0x6B, 0xC1, 0x7C, 0x6C, 0xDD, 0xAC, 0xEF,
+        0xE4, 0x99, 0x27, 0xFB, 0x14, 0xE7, 0xD9, 0x8D,
+        0xD4, 0x26, 0x35, 0x19, 0x46, 0x9C, 0xCA, 0x3D,
+        0xB4, 0x67, 0x9A, 0x68, 0xCE, 0xED, 0xA9, 0x55,
+        0x59, 0x22, 0x10, 0xFC, 0x49, 0xAA, 0x5F, 0xBE,
+        0x93, 0x4C, 0xC7, 0x3D, 0x84, 0xE4, 0xBA, 0x54,
+        0x78, 0x00, 0x2D, 0x68, 0x90, 0x98, 0x90, 0x68,
+        0xEF, 0x8F, 0xC9, 0x8C, 0x25, 0x32, 0xB8, 0x3B,
+        0xF3, 0xCB, 0x9E, 0xF0, 0x28, 0x93, 0xC2, 0x15,
+        0x24, 0x26, 0xB9, 0xD1, 0xA9, 0x47, 0x34, 0xDF,
+        0xB4, 0xF9, 0x11, 0x35, 0x14, 0x3C, 0x9E, 0xED,
+        0x18, 0xFD, 0x51, 0xAE, 0x87, 0x5D, 0x07, 0xA2,
+        0x37, 0x75, 0x60, 0x6A, 0x73, 0x4F, 0xBA, 0x98,
+        0xC0, 0x63, 0xB4, 0xA1, 0x62, 0x2E, 0x7F, 0xF2,
+        0x1A, 0xA7, 0xE6, 0x52, 0xA3, 0xD6, 0xC1, 0x9F,
+        0xE0, 0xDC, 0x67, 0x61, 0xB7, 0xD3, 0x53, 0x02,
+        0xBF, 0x21, 0x4D, 0x30, 0x79, 0xF7, 0x60, 0x51,
+        0x08, 0x2A, 0x87, 0x59, 0x29, 0x92, 0x0D, 0xC3,
+        0xB3, 0xCB, 0x43, 0x21, 0x1A, 0x23, 0xA4, 0x3A,
+        0x50, 0x33, 0x2F, 0xAF, 0x1A, 0xC2, 0x19, 0x1E,
+        0x71, 0x71, 0x25, 0xF6, 0x3E, 0x25, 0x86, 0xC4,
+        0xD8, 0x6D, 0xCA, 0x6B, 0xCD, 0x3D, 0x03, 0x8F,
+        0x9D, 0x3A, 0x7B, 0x66, 0xCB, 0xC7, 0xDF, 0x34
+    };
+    static const byte sk_44[] = {
+        0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48,
+        0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16,
+        0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64,
+        0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7,
+        0xBA, 0x2B, 0x57, 0xC4, 0x46, 0x55, 0x6E, 0xE2,
+        0xB7, 0x2C, 0x78, 0xB9, 0x6B, 0xB7, 0xA8, 0x50,
+        0x3D, 0xE4, 0x0A, 0xFB, 0x54, 0x18, 0x4E, 0x3B,
+        0x54, 0x63, 0xC2, 0x1A, 0xF7, 0x48, 0x53, 0x23,
+        0xDF, 0x98, 0xF0, 0x16, 0x0A, 0xE5, 0xD1, 0x37,
+        0x51, 0x27, 0x25, 0xF8, 0x9D, 0x56, 0x3B, 0xC9,
+        0xA1, 0x89, 0xD3, 0x1D, 0x20, 0xB3, 0xB3, 0xC8,
+        0xFF, 0xAA, 0xF5, 0xE4, 0x86, 0xE7, 0x90, 0x51,
+        0xF6, 0xF3, 0x60, 0x5C, 0xCA, 0x25, 0x69, 0xFD,
+        0xB4, 0x6B, 0x33, 0x18, 0xD2, 0x38, 0x42, 0xCE,
+        0x40, 0xD6, 0x43, 0x86, 0x13, 0xF6, 0x8B, 0x45,
+        0x5B, 0x0D, 0x3B, 0xCA, 0x0E, 0x05, 0x0D, 0x4D,
+        0x11, 0x99, 0x88, 0xA2, 0xC4, 0x80, 0x1B, 0x90,
+        0x84, 0xE0, 0xB0, 0x48, 0xC9, 0x28, 0x09, 0x22,
+        0x30, 0x90, 0x24, 0x06, 0x49, 0x98, 0x40, 0x65,
+        0x5A, 0x26, 0x8A, 0xDA, 0x32, 0x90, 0xDA, 0x48,
+        0x08, 0x22, 0x81, 0x90, 0xC8, 0x14, 0x61, 0xDC,
+        0x16, 0x6A, 0x21, 0x47, 0x8E, 0x08, 0xB2, 0x21,
+        0xE3, 0x08, 0x68, 0x1A, 0x02, 0x44, 0x14, 0xC6,
+        0x65, 0xE1, 0x98, 0x71, 0x90, 0xC6, 0x69, 0x0C,
+        0x15, 0x44, 0xC9, 0xA0, 0x11, 0xCC, 0x34, 0x71,
+        0x83, 0x40, 0x45, 0x00, 0x12, 0x4D, 0x91, 0x08,
+        0x00, 0x83, 0x36, 0x84, 0x12, 0x85, 0x4C, 0xCC,
+        0x00, 0x41, 0x09, 0x90, 0x70, 0x18, 0x95, 0x00,
+        0xA2, 0xB2, 0x85, 0x94, 0x26, 0x41, 0x0B, 0x00,
+        0x41, 0x0A, 0xB9, 0x80, 0xC0, 0xC6, 0x10, 0x0C,
+        0x33, 0x29, 0xA3, 0xA6, 0x28, 0x1C, 0x26, 0x10,
+        0x1A, 0x37, 0x49, 0x13, 0x35, 0x8A, 0x0B, 0x29,
+        0x2E, 0x82, 0xA2, 0x70, 0x8B, 0x38, 0x49, 0x94,
+        0x04, 0x80, 0x9B, 0x26, 0x10, 0xA4, 0x80, 0x30,
+        0x04, 0x37, 0x0C, 0x48, 0xB2, 0x60, 0x04, 0x17,
+        0x2E, 0x19, 0x49, 0x64, 0xC8, 0xC4, 0x64, 0x1A,
+        0x96, 0x60, 0x10, 0x83, 0x6D, 0x20, 0x38, 0x22,
+        0x49, 0x06, 0x08, 0x1B, 0xB7, 0x20, 0x01, 0x48,
+        0x4D, 0xE1, 0x10, 0x49, 0x08, 0x38, 0x44, 0x4C,
+        0x16, 0x8E, 0x04, 0xB2, 0x2C, 0x09, 0x91, 0x50,
+        0x83, 0x36, 0x06, 0x5C, 0x02, 0x8C, 0x8A, 0x38,
+        0x05, 0x1A, 0xB5, 0x81, 0x82, 0xC0, 0x09, 0x51,
+        0x12, 0x72, 0x22, 0x10, 0x0D, 0x04, 0x08, 0x2A,
+        0xA4, 0x84, 0x10, 0x58, 0x08, 0x52, 0x08, 0x26,
+        0x0A, 0x02, 0xB6, 0x2D, 0x8A, 0x12, 0x0E, 0x14,
+        0x22, 0x10, 0x48, 0x44, 0x0A, 0x14, 0x23, 0x91,
+        0x50, 0x40, 0x90, 0x0A, 0x27, 0x92, 0xA4, 0xB0,
+        0x60, 0x08, 0x84, 0x11, 0xC4, 0x40, 0x22, 0x63,
+        0x46, 0x2A, 0xDA, 0xA6, 0x90, 0xC1, 0xB2, 0x30,
+        0x50, 0x10, 0x00, 0xA0, 0xB4, 0x6C, 0x53, 0xB4,
+        0x50, 0x13, 0x05, 0x8D, 0x02, 0x31, 0x0E, 0x08,
+        0x20, 0x10, 0x91, 0xC8, 0x4C, 0x22, 0xA7, 0x50,
+        0xC2, 0xA6, 0x70, 0x92, 0x46, 0x41, 0x63, 0x16,
+        0x8C, 0x84, 0x00, 0x11, 0x0B, 0x81, 0x90, 0x13,
+        0x83, 0x71, 0x21, 0x85, 0x30, 0x1B, 0x18, 0x46,
+        0xA3, 0x10, 0x84, 0x14, 0x43, 0x40, 0x80, 0x98,
+        0x25, 0x0C, 0x27, 0x2C, 0x94, 0x42, 0x41, 0xA2,
+        0x88, 0x45, 0x02, 0x13, 0x05, 0x44, 0xB6, 0x44,
+        0x52, 0x22, 0x92, 0xD0, 0x80, 0x50, 0x4B, 0xA6,
+        0x04, 0x84, 0x36, 0x70, 0x09, 0xB2, 0x4D, 0x19,
+        0xA8, 0x84, 0x24, 0x93, 0x49, 0x94, 0xA2, 0x80,
+        0x49, 0xB4, 0x48, 0x91, 0x28, 0x64, 0xA1, 0xC8,
+        0x65, 0x4B, 0x82, 0x85, 0x93, 0x30, 0x06, 0x63,
+        0x12, 0x66, 0x10, 0x37, 0x01, 0x4A, 0x40, 0x80,
+        0x18, 0x18, 0x90, 0x44, 0xC4, 0x0D, 0x4B, 0x28,
+        0x81, 0xA2, 0x06, 0x40, 0xD4, 0x30, 0x2C, 0x1B,
+        0x96, 0x4C, 0xE1, 0xB2, 0x60, 0x44, 0x28, 0x41,
+        0xD8, 0x30, 0x65, 0x24, 0x09, 0x04, 0x64, 0x00,
+        0x89, 0x63, 0xC2, 0x24, 0xC0, 0x00, 0x49, 0x92,
+        0x16, 0x52, 0x23, 0xC1, 0x29, 0x42, 0x26, 0x91,
+        0xD0, 0x38, 0x31, 0x83, 0x28, 0x28, 0x4C, 0x28,
+        0x61, 0x1A, 0xB2, 0x88, 0x80, 0x26, 0x2D, 0x0C,
+        0x19, 0x52, 0x5B, 0x22, 0x60, 0x8A, 0x92, 0x28,
+        0xA2, 0x18, 0x90, 0xD9, 0x42, 0x52, 0xCB, 0x40,
+        0x8E, 0x9B, 0x16, 0x06, 0x4B, 0xC8, 0x05, 0xE0,
+        0x06, 0x6C, 0x49, 0xC2, 0x25, 0xD4, 0x22, 0x69,
+        0x14, 0x11, 0x69, 0x1C, 0x34, 0x90, 0x0C, 0x85,
+        0x8D, 0x1C, 0x84, 0x49, 0x63, 0x10, 0x85, 0x08,
+        0x34, 0x89, 0x58, 0x16, 0x66, 0xA0, 0x38, 0x68,
+        0x0B, 0xA2, 0x50, 0xE0, 0x84, 0x61, 0xC1, 0x26,
+        0x6E, 0xC9, 0x14, 0x6A, 0xC0, 0xC0, 0x31, 0x84,
+        0x18, 0x2E, 0xDC, 0x16, 0x52, 0x14, 0x18, 0x91,
+        0x0A, 0x39, 0x2C, 0x83, 0xA6, 0x8D, 0x12, 0x29,
+        0x62, 0x92, 0xA6, 0x60, 0x08, 0xA5, 0x10, 0xD9,
+        0xC8, 0x4D, 0x24, 0x48, 0x24, 0x83, 0x98, 0x24,
+        0x1A, 0x44, 0x42, 0x08, 0x08, 0x48, 0xC8, 0x96,
+        0x2D, 0xA1, 0x10, 0x20, 0x60, 0x24, 0x51, 0x9C,
+        0x30, 0x11, 0xDB, 0xC8, 0x04, 0x11, 0x22, 0x51,
+        0x18, 0x04, 0x68, 0xE2, 0x24, 0x4E, 0x10, 0xC4,
+        0x0D, 0x18, 0x37, 0x29, 0x11, 0xB7, 0x84, 0x43,
+        0x84, 0x8D, 0x54, 0x40, 0x70, 0x64, 0x80, 0x70,
+        0x21, 0xB0, 0x4D, 0x00, 0x26, 0x62, 0x00, 0x45,
+        0x25, 0x1B, 0x83, 0x84, 0x84, 0x80, 0x70, 0x19,
+        0xB0, 0x04, 0x0A, 0xC9, 0x28, 0xCA, 0x80, 0x05,
+        0x1B, 0x21, 0x4E, 0xD4, 0xB0, 0x49, 0x8C, 0x96,
+        0x6C, 0xD0, 0x96, 0x25, 0x48, 0x32, 0x72, 0x54,
+        0x12, 0x05, 0x09, 0x98, 0x8C, 0x8A, 0x32, 0x6D,
+        0xC0, 0x04, 0x31, 0x63, 0xC8, 0x61, 0xC8, 0xC2,
+        0x68, 0x9B, 0xB4, 0x8C, 0x5B, 0xC0, 0x2D, 0xC3,
+        0xA8, 0x8D, 0x1B, 0x16, 0x6C, 0xD8, 0x96, 0x41,
+        0x98, 0x34, 0x02, 0x44, 0x14, 0x2C, 0xD3, 0x86,
+        0x44, 0x0A, 0x18, 0x8A, 0x1A, 0x46, 0x92, 0x1A,
+        0xB7, 0x08, 0x4C, 0x34, 0x24, 0x21, 0x91, 0x0D,
+        0x9A, 0x96, 0x2D, 0xCB, 0x24, 0x22, 0x92, 0x86,
+        0x08, 0x98, 0xA0, 0x50, 0xDA, 0x44, 0x6A, 0x19,
+        0xB1, 0x05, 0x8B, 0x20, 0x6E, 0x24, 0xC4, 0x81,
+        0xC9, 0x98, 0x40, 0x22, 0x19, 0x32, 0x11, 0x05,
+        0x69, 0xD3, 0x94, 0x91, 0x08, 0xA7, 0x71, 0xDB,
+        0xC0, 0x70, 0x02, 0xB8, 0x28, 0x83, 0xB4, 0x49,
+        0xA0, 0x44, 0x8A, 0x0B, 0xB4, 0x10, 0x61, 0x02,
+        0x48, 0x1C, 0xA6, 0x11, 0xE3, 0x20, 0x66, 0x40,
+        0xB4, 0x70, 0x03, 0xB6, 0x04, 0x60, 0x48, 0x21,
+        0x5B, 0x21, 0x83, 0x39, 0x88, 0xDB, 0x67, 0x4A,
+        0x61, 0xE7, 0xC2, 0x08, 0xDE, 0xBE, 0x8D, 0xAE,
+        0x41, 0x19, 0xAF, 0xB0, 0x26, 0x61, 0xA6, 0x9A,
+        0xBC, 0x8B, 0xDD, 0x24, 0x5B, 0x5D, 0x0F, 0xB1,
+        0xA2, 0x67, 0x01, 0xC9, 0xB9, 0xC9, 0xA8, 0xF7,
+        0xD9, 0xFC, 0xD4, 0xC2, 0x87, 0xFF, 0x3D, 0x60,
+        0x8C, 0xF2, 0x58, 0x28, 0x2A, 0x1E, 0xB2, 0x9F,
+        0x93, 0x04, 0xE8, 0x9C, 0x14, 0xF3, 0xE1, 0xCE,
+        0x56, 0x12, 0x89, 0x1C, 0x60, 0x29, 0x34, 0x52,
+        0x60, 0x06, 0xC9, 0x9B, 0x4A, 0xA2, 0x39, 0x9B,
+        0xF4, 0x94, 0xBC, 0xF8, 0xDF, 0x61, 0xD6, 0xDF,
+        0x4C, 0x69, 0xBC, 0x93, 0xE0, 0x2D, 0x49, 0x95,
+        0xE2, 0xF7, 0x6E, 0x9F, 0xDA, 0x4E, 0xF6, 0x7E,
+        0xB7, 0x25, 0x6C, 0xA8, 0x9A, 0x3F, 0x38, 0xFE,
+        0xB2, 0xE9, 0xDF, 0x6A, 0x01, 0x0D, 0xC1, 0xC1,
+        0x50, 0x02, 0xFB, 0xD4, 0x56, 0xFA, 0xE8, 0x84,
+        0x82, 0x1A, 0x34, 0x16, 0x6B, 0x06, 0x58, 0xA2,
+        0x41, 0x25, 0x95, 0x71, 0x8E, 0x14, 0x9B, 0xBC,
+        0x6E, 0x22, 0x0A, 0xEE, 0x26, 0x8D, 0x4D, 0x82,
+        0x18, 0xC2, 0x5F, 0x6A, 0x95, 0x7D, 0xE5, 0xB2,
+        0x6C, 0xEA, 0x7B, 0x14, 0xCB, 0x32, 0x0D, 0x89,
+        0xE1, 0x69, 0x9A, 0xD9, 0xF2, 0xB3, 0x89, 0xC6,
+        0x7E, 0xF9, 0x33, 0x86, 0xA2, 0xC6, 0x5F, 0x2C,
+        0x32, 0x23, 0x33, 0x67, 0xD7, 0x6A, 0xE4, 0xAB,
+        0x2A, 0xBB, 0xD4, 0x22, 0xE9, 0x8E, 0x49, 0x3D,
+        0xCC, 0x3C, 0xC5, 0xDA, 0xF6, 0x89, 0xB6, 0x5C,
+        0xC4, 0xBC, 0x3F, 0xA5, 0x1C, 0x9C, 0x59, 0xEE,
+        0xAF, 0x07, 0x55, 0x17, 0x0C, 0x24, 0x95, 0x80,
+        0x4D, 0x02, 0xA6, 0x07, 0xC5, 0xBF, 0x88, 0x7C,
+        0xD8, 0x6A, 0x03, 0x89, 0xF2, 0x8F, 0xC9, 0x72,
+        0x5E, 0xF4, 0x60, 0x03, 0xF1, 0x3B, 0x01, 0x87,
+        0x68, 0x4B, 0xEA, 0xB1, 0xF2, 0x4A, 0x29, 0xF5,
+        0x31, 0x96, 0x01, 0xF3, 0x09, 0xC9, 0x1D, 0x2A,
+        0x33, 0x3D, 0x1B, 0x88, 0xDF, 0x20, 0x5A, 0x51,
+        0x20, 0xC4, 0xCF, 0xDC, 0x22, 0x38, 0x12, 0x4E,
+        0x4E, 0x2B, 0x47, 0xD0, 0xB5, 0xE6, 0x6A, 0x65,
+        0x4F, 0xE4, 0xCC, 0xCB, 0x07, 0x8F, 0x07, 0xCB,
+        0xD4, 0x55, 0xD1, 0x5D, 0x3E, 0xEC, 0x7D, 0xA2,
+        0x74, 0xD2, 0x4A, 0x2E, 0x57, 0x18, 0x84, 0xDE,
+        0x41, 0xC3, 0xA9, 0xA4, 0xFD, 0xB3, 0xF6, 0x09,
+        0x8A, 0x17, 0x2C, 0x30, 0x96, 0x80, 0x39, 0xBD,
+        0x0E, 0x4E, 0xB3, 0xE2, 0xFB, 0x6D, 0x6E, 0xEE,
+        0xD3, 0x9E, 0x0B, 0x63, 0x62, 0xD5, 0x4E, 0x7B,
+        0x88, 0x95, 0x98, 0x69, 0xDD, 0xD5, 0xD8, 0x73,
+        0xD9, 0x65, 0x24, 0x01, 0xA2, 0x9F, 0x27, 0xA2,
+        0x8E, 0xA6, 0x6D, 0x32, 0xCC, 0xB0, 0xEF, 0x3B,
+        0xF4, 0x60, 0x0F, 0x75, 0x57, 0xEE, 0x8D, 0x54,
+        0xBF, 0x1D, 0xAD, 0x18, 0xF4, 0x5D, 0xDC, 0xD4,
+        0xC9, 0xED, 0x57, 0xB1, 0x3E, 0x44, 0x5B, 0xF1,
+        0x22, 0xA4, 0x3F, 0x53, 0x94, 0x03, 0x89, 0xBF,
+        0x87, 0x14, 0xFF, 0xAC, 0x72, 0x1E, 0x59, 0x31,
+        0x7E, 0x4B, 0x70, 0x50, 0x0A, 0xD0, 0xD1, 0xB9,
+        0xA6, 0x27, 0x05, 0x4D, 0x31, 0x93, 0x20, 0x8C,
+        0x77, 0x4E, 0x0B, 0x20, 0xED, 0x04, 0x1A, 0x8C,
+        0x05, 0x5E, 0x75, 0xEE, 0xCD, 0x37, 0x38, 0xF0,
+        0x07, 0x15, 0x8F, 0xAD, 0xDF, 0xCA, 0x5F, 0x43,
+        0x56, 0x2D, 0x63, 0x6A, 0x5A, 0xCF, 0x3A, 0x39,
+        0x83, 0xD3, 0xCF, 0xEB, 0xCA, 0x10, 0xB8, 0x13,
+        0xF9, 0xF6, 0x52, 0x65, 0x19, 0x19, 0x9A, 0x03,
+        0x13, 0xCD, 0x1D, 0xE1, 0x3F, 0x06, 0xAD, 0x53,
+        0x86, 0xE1, 0xE1, 0x20, 0x79, 0x5F, 0xD2, 0x67,
+        0xB7, 0xF4, 0x20, 0x19, 0xD8, 0x4D, 0xF6, 0xCD,
+        0x1B, 0xF9, 0x19, 0x30, 0xFC, 0xA7, 0xAF, 0xD5,
+        0x2E, 0x80, 0x70, 0x0F, 0x4C, 0xF5, 0xCD, 0xC3,
+        0x8A, 0x5F, 0x7A, 0x57, 0x49, 0x79, 0x1C, 0x2F,
+        0xDF, 0xFC, 0x4A, 0x10, 0x75, 0x3C, 0x24, 0xDB,
+        0x19, 0xE8, 0xEB, 0x65, 0x1C, 0x5B, 0x36, 0x32,
+        0x00, 0xF0, 0xB5, 0xD1, 0x69, 0x94, 0x70, 0x26,
+        0xE9, 0xF7, 0x4F, 0x01, 0x2D, 0xC7, 0xC5, 0xB3,
+        0x39, 0xDD, 0x49, 0xD2, 0x61, 0xCA, 0x1D, 0x37,
+        0xF8, 0xF2, 0x83, 0x46, 0xE6, 0x19, 0x78, 0x05,
+        0x4F, 0x45, 0xAE, 0xE4, 0x36, 0xDC, 0xCB, 0xE7,
+        0xBF, 0xAF, 0xE0, 0x7C, 0xE9, 0xA8, 0xB8, 0x3C,
+        0x90, 0xA2, 0x68, 0x6F, 0xA9, 0x54, 0x02, 0x85,
+        0x09, 0x25, 0xC8, 0x58, 0x2B, 0xC9, 0xB7, 0x34,
+        0xE4, 0xEC, 0xA1, 0xF7, 0xB2, 0x0B, 0x08, 0x6F,
+        0x12, 0x9F, 0x27, 0x7A, 0x5C, 0xBD, 0xAA, 0x96,
+        0x3C, 0x92, 0x71, 0x7E, 0xF7, 0x0E, 0xC1, 0x9B,
+        0xF3, 0xDB, 0xC6, 0xDA, 0x20, 0x3A, 0xD9, 0x0F,
+        0x3B, 0x13, 0xBB, 0xC2, 0x2F, 0xBD, 0x98, 0x0B,
+        0xB1, 0xB9, 0xD3, 0xA3, 0x44, 0x52, 0xB3, 0x35,
+        0x70, 0x21, 0xCE, 0x36, 0x13, 0x58, 0x4E, 0x09,
+        0x36, 0xBF, 0x1D, 0x09, 0x42, 0x09, 0x37, 0x81,
+        0x5E, 0x11, 0xCC, 0x5D, 0x5D, 0xDB, 0x4B, 0xF1,
+        0xD8, 0x30, 0xC4, 0xF8, 0x3F, 0x30, 0xE5, 0x15,
+        0x92, 0x1C, 0x78, 0x4D, 0x87, 0xBB, 0x20, 0xC0,
+        0x9E, 0x3C, 0x64, 0xBD, 0xCE, 0x9A, 0xB1, 0xC6,
+        0x9F, 0xD3, 0x07, 0xEF, 0xE3, 0x59, 0xC7, 0xF9,
+        0x38, 0x56, 0x6C, 0x9F, 0x25, 0x17, 0xB0, 0x63,
+        0x38, 0x51, 0x67, 0xE2, 0x47, 0xF3, 0x10, 0x81,
+        0x11, 0x9B, 0xAC, 0x6B, 0x55, 0xA0, 0xBD, 0xD7,
+        0x14, 0x25, 0x51, 0x0F, 0xFA, 0x2A, 0xBD, 0xFA,
+        0x88, 0x83, 0x76, 0xA3, 0x7F, 0x20, 0xC2, 0x48,
+        0x01, 0x52, 0xBB, 0x36, 0x16, 0x34, 0x52, 0x00,
+        0x07, 0xC5, 0xB3, 0x4B, 0xF2, 0x28, 0x17, 0xCB,
+        0x2E, 0x67, 0xAC, 0x1A, 0x82, 0x67, 0x0B, 0x71,
+        0xF1, 0x96, 0xC8, 0x9F, 0x23, 0xBA, 0x31, 0x4B,
+        0x16, 0xA9, 0x48, 0x49, 0x93, 0x04, 0xEF, 0x5C,
+        0x03, 0xDC, 0xF5, 0x8E, 0x52, 0xBE, 0x31, 0x48,
+        0x63, 0xE7, 0x23, 0xC5, 0x6D, 0x3A, 0xEB, 0x34,
+        0x0B, 0xFF, 0x18, 0xAB, 0xFA, 0x20, 0xDC, 0x03,
+        0x44, 0x20, 0x30, 0x23, 0x05, 0x33, 0xD9, 0x12,
+        0x9B, 0x83, 0xED, 0x22, 0xC3, 0x51, 0xF2, 0x32,
+        0x81, 0x72, 0xE3, 0x63, 0x44, 0x74, 0x44, 0xAE,
+        0x5C, 0x69, 0x02, 0xB7, 0x92, 0x79, 0x9F, 0x54,
+        0x44, 0x50, 0x78, 0x71, 0x19, 0x61, 0x2E, 0x9B,
+        0xB4, 0x13, 0x0A, 0x33, 0xA2, 0xA5, 0x96, 0x2A,
+        0xC0, 0x9D, 0x57, 0x7D, 0x6D, 0xDC, 0x88, 0x1F,
+        0xE6, 0x61, 0x61, 0x26, 0xD8, 0xA0, 0xA7, 0xDF,
+        0x2B, 0x22, 0x53, 0xBC, 0x8E, 0xC4, 0xE3, 0x53,
+        0x86, 0xEA, 0x55, 0x11, 0xF0, 0xF1, 0x58, 0x87,
+        0x14, 0x5B, 0x6C, 0x23, 0xAB, 0x3D, 0x40, 0x33,
+        0x39, 0xE4, 0x04, 0x07, 0x3E, 0xD9, 0xC6, 0xA8,
+        0x96, 0xA2, 0xF9, 0xEC, 0x70, 0xC4, 0x4B, 0xD2,
+        0xAE, 0xC1, 0x0F, 0xC4, 0x36, 0x0E, 0x87, 0x63,
+        0x6B, 0xE1, 0x55, 0xB6, 0xA6, 0x7B, 0x7E, 0xDF,
+        0x38, 0xCF, 0x73, 0x00, 0x48, 0x13, 0xC9, 0xE7,
+        0xD2, 0xC6, 0x54, 0xC2, 0x53, 0x0A, 0x71, 0xE5,
+        0xF8, 0xC1, 0x09, 0x42, 0xFB, 0x6D, 0x88, 0x41,
+        0x53, 0x5A, 0xB1, 0xDA, 0x43, 0xE8, 0xCB, 0x0B,
+        0xB8, 0x9E, 0x78, 0xEC, 0x91, 0xF8, 0xDE, 0x15,
+        0x31, 0xA0, 0x36, 0x65, 0xCC, 0xD5, 0xA7, 0x5B,
+        0xDA, 0x0E, 0xD0, 0xE5, 0x98, 0x64, 0xEE, 0xEF,
+        0x51, 0xA8, 0x3F, 0xA5, 0x53, 0xAF, 0x66, 0x2A,
+        0xEE, 0x00, 0xD1, 0xF8, 0x36, 0x7B, 0x4D, 0x5D,
+        0xDD, 0xC3, 0x45, 0x54, 0x4C, 0x6B, 0xD5, 0x14,
+        0xF8, 0x88, 0xE6, 0x03, 0x3C, 0x25, 0x5D, 0xB6,
+        0x50, 0xDA, 0x73, 0x4A, 0xD3, 0x3A, 0x3C, 0xF8,
+        0x4B, 0xD3, 0xF0, 0x6F, 0xA1, 0xA7, 0xCA, 0x02,
+        0xE4, 0xB8, 0xE9, 0x93, 0xAE, 0x7A, 0xE6, 0x34,
+        0x20, 0xA4, 0x6B, 0xA8, 0xA3, 0x81, 0x3D, 0x1E,
+        0x9D, 0x29, 0x66, 0xBB, 0x85, 0x60, 0xD7, 0x1C,
+        0x62, 0xA0, 0x44, 0xEA, 0x94, 0x17, 0x9F, 0x4E,
+        0xB1, 0xB6, 0xED, 0x60, 0x71, 0x9D, 0x51, 0xE0,
+        0xEE, 0xF6, 0xCD, 0x07, 0x91, 0x52, 0xF6, 0xBE,
+        0x48, 0x8E, 0xC9, 0x19, 0x11, 0xC6, 0xD3, 0xF1,
+        0xD1, 0x17, 0x3C, 0x54, 0x1F, 0x9D, 0x25, 0xBF,
+        0x34, 0x2F, 0xCA, 0xA3, 0xFF, 0x46, 0xC1, 0x8F,
+        0x2A, 0x04, 0x41, 0xD8, 0x3B, 0xDE, 0x35, 0x46,
+        0xA9, 0x82, 0x6C, 0x34, 0x96, 0xE0, 0x6F, 0x2F,
+        0x2B, 0x0E, 0xEB, 0x9D, 0x5B, 0xE8, 0x73, 0x9F,
+        0x83, 0xA4, 0x2D, 0x3B, 0x30, 0x0E, 0x70, 0xEE,
+        0x84, 0xDF, 0xFF, 0xB2, 0x07, 0x64, 0xA0, 0x60,
+        0x21, 0x2F, 0x05, 0x8C, 0x8A, 0x5F, 0xFA, 0x9A,
+        0x34, 0xE9, 0x28, 0xD6, 0xA7, 0xE0, 0x77, 0x08,
+        0xFE, 0x53, 0x93, 0xE3, 0x01, 0x7C, 0xE4, 0x70,
+        0xEB, 0x96, 0x58, 0xA7, 0x4E, 0x49, 0x51, 0xE6,
+        0xFA, 0x48, 0x54, 0xC9, 0xE9, 0xC2, 0x89, 0x88,
+        0x81, 0x2E, 0x44, 0x18, 0xA2, 0xE8, 0x32, 0x58,
+        0x0B, 0x4A, 0x27, 0x03, 0x72, 0xBC, 0x69, 0x67,
+        0x68, 0x89, 0xD0, 0xCC, 0x43, 0x24, 0x0E, 0xDA,
+        0xBC, 0x1D, 0x31, 0x14, 0xD8, 0xF3, 0x5A, 0xB2,
+        0xE9, 0xEA, 0x95, 0x30, 0x82, 0xE9, 0x53, 0x62,
+        0x79, 0xAC, 0xB3, 0xBE, 0x16, 0xD3, 0xA2, 0x05,
+        0xF4, 0x6C, 0xB6, 0x7B, 0x22, 0x14, 0x96, 0x93,
+        0x5A, 0xC0, 0x42, 0x92, 0xBB, 0xFB, 0x9A, 0x61,
+        0xC0, 0xA0, 0x3E, 0xF4, 0xC9, 0xB6, 0x82, 0x04,
+        0x95, 0xF3, 0xD8, 0x0E, 0x4A, 0x6F, 0xB7, 0xE1,
+        0xC6, 0x99, 0x03, 0xFA, 0x22, 0x6E, 0x02, 0x3E,
+        0x95, 0xBA, 0x41, 0x6D, 0xF2, 0xE5, 0xE4, 0x54,
+        0x1E, 0x15, 0xDC, 0xC0, 0x00, 0xB5, 0xE6, 0x5C,
+        0x97, 0x20, 0xDA, 0xF6, 0x96, 0x01, 0x2F, 0xA2,
+        0xA6, 0xCF, 0x75, 0x8E, 0xD6, 0xD2, 0x25, 0xA3,
+        0xE4, 0xFE, 0xE4, 0x5A, 0xC5, 0xFB, 0x48, 0x70,
+        0x7F, 0xAE, 0x13, 0x3D, 0x59, 0x2C, 0xFD, 0x2E,
+        0x8C, 0x43, 0xC2, 0x12, 0x6F, 0x65, 0x2B, 0xEE,
+        0x9B, 0xAB, 0x43, 0xA1, 0xA1, 0x0B, 0xE2, 0x41,
+        0x1A, 0x67, 0x94, 0xB2, 0x6C, 0xB5, 0x5C, 0xC2,
+        0x17, 0xEB, 0x7B, 0x0B, 0x14, 0x6D, 0x23, 0xF7,
+        0x92, 0x2D, 0x32, 0x22, 0xAE, 0x5E, 0xE8, 0xC6,
+        0xD3, 0x8E, 0x83, 0x99, 0xBA, 0x51, 0xC6, 0x81,
+        0xB8, 0x38, 0x16, 0xFC, 0xF7, 0x44, 0x38, 0x82,
+        0x59, 0x20, 0xF9, 0xCE, 0x8A, 0x20, 0x2A, 0x8F,
+        0x6D, 0x94, 0x2D, 0xA8, 0x62, 0x38, 0xFB, 0x4C,
+        0x9F, 0x21, 0x98, 0xEA, 0x8D, 0xFF, 0x81, 0xC1,
+        0x72, 0x86, 0xE0, 0x18, 0xDF, 0x4B, 0x7F, 0xE3,
+        0x88, 0x4D, 0x17, 0x59, 0xE4, 0xC5, 0x9B, 0xB5,
+        0x26, 0x17, 0xAE, 0xD4, 0xE7, 0x8E, 0x4E, 0x7C,
+        0x4E, 0x9A, 0x36, 0xE4, 0xE9, 0x96, 0xD3, 0x23,
+        0x91, 0xA3, 0x4A, 0x0D, 0xAA, 0xAB, 0x6B, 0x54,
+        0x08, 0x15, 0xA3, 0x4D, 0x20, 0x40, 0x7A, 0xEF,
+        0x81, 0x94, 0x9B, 0xE6, 0x7B, 0x90, 0x69, 0x50,
+        0xD8, 0x9B, 0xE9, 0xF0, 0x85, 0xE9, 0x9E, 0xB5,
+        0x87, 0x26, 0x95, 0x17, 0x3B, 0x3E, 0xFA, 0xCA,
+        0xE9, 0x45, 0x5D, 0x2B, 0x2C, 0xD4, 0xF7, 0x10,
+        0xB8, 0x72, 0xCF, 0x66, 0x2B, 0x73, 0x62, 0x16,
+        0xB1, 0xBB, 0xFB, 0x1F, 0x5F, 0x3D, 0x48, 0x6C,
+        0x7B, 0x4B, 0x87, 0x56, 0x12, 0x33, 0x3F, 0x8E,
+        0x4B, 0xA9, 0x33, 0xDC, 0x79, 0xF0, 0xED, 0xFD,
+        0x7B, 0xAA, 0xDE, 0x2C, 0x16, 0xF2, 0x14, 0x6A,
+        0x49, 0x6F, 0x79, 0xC4, 0x2A, 0x4D, 0x6B, 0x52,
+        0x39, 0xA3, 0x0D, 0xD3, 0xC4, 0x8B, 0xEB, 0x09,
+        0x2C, 0xA0, 0x75, 0x00, 0x10, 0xF6, 0x9E, 0xD4,
+        0xB9, 0x23, 0x20, 0x14, 0x7D, 0xBB, 0xE2, 0x08,
+        0xF6, 0xE8, 0xEB, 0x1C, 0xF2, 0x47, 0xD2, 0x1A,
+        0x3A, 0x3B, 0x01, 0xDF, 0x58, 0xC0, 0xAA, 0x62,
+        0x94, 0x4D, 0xA0, 0xEF, 0x04, 0x50, 0xE8, 0xCE,
+        0x48, 0xAA, 0x13, 0x7E, 0x7E, 0x15, 0x16, 0xC1,
+        0xD5, 0xC8, 0x6E, 0xEA, 0x17, 0xFD, 0xFA, 0xC1,
+        0x69, 0x07, 0x46, 0xE7, 0x26, 0x70, 0x45, 0xA3,
+        0xE9, 0x05, 0x96, 0xBD, 0xB7, 0x5D, 0x50, 0xB6,
+        0xDD, 0x5C, 0x34, 0xE5, 0xC8, 0xD8, 0x9D, 0xC6,
+        0xF2, 0xF1, 0xD2, 0x44, 0x40, 0xE5, 0x7B, 0x47,
+        0x59, 0xB8, 0x62, 0x5F, 0x72, 0xBC, 0x4A, 0x7B,
+        0x10, 0xD5, 0x19, 0xD3, 0x31, 0xF9, 0xC4, 0x00,
+        0xAA, 0xE1, 0xE5, 0x0D, 0x48, 0x0C, 0xAA, 0xE5,
+        0xA1, 0xC0, 0xFA, 0x99, 0xD7, 0x79, 0x24, 0xCF,
+        0x8D, 0xFE, 0x56, 0xCD, 0x70, 0x92, 0xE7, 0xB9
+    };
+#endif /* !WOLFSSL_NO_ML_DSA_44 */
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte seed_65[] = {
+        0x70, 0xCE, 0xFB, 0x9A, 0xED, 0x5B, 0x68, 0xE0,
+        0x18, 0xB0, 0x79, 0xDA, 0x82, 0x84, 0xB9, 0xD5,
+        0xCA, 0xD5, 0x49, 0x9E, 0xD9, 0xC2, 0x65, 0xFF,
+        0x73, 0x58, 0x80, 0x05, 0xD8, 0x5C, 0x22, 0x5C
+    };
+    static const byte pk_65[] = {
+        0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35,
+        0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52,
+        0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC,
+        0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C,
+        0xBB, 0x11, 0x19, 0x23, 0xF1, 0x94, 0xA7, 0xCC,
+        0x8A, 0x7B, 0xB2, 0xEB, 0xC5, 0xC0, 0xE7, 0x1A,
+        0xA6, 0x37, 0xCC, 0x80, 0x0E, 0x61, 0x03, 0xB8,
+        0x50, 0xA5, 0x39, 0xB2, 0xA3, 0x9E, 0x1B, 0x6D,
+        0x71, 0x3E, 0x5D, 0xB8, 0x31, 0x4C, 0x9A, 0xE1,
+        0xF8, 0xBF, 0x8A, 0x38, 0xF0, 0x6A, 0xFB, 0x9D,
+        0x73, 0xB1, 0x61, 0xB0, 0xFF, 0xE3, 0xA4, 0x89,
+        0x17, 0x06, 0xAE, 0x26, 0xD5, 0x4F, 0xFB, 0x49,
+        0x6D, 0xF8, 0xDC, 0x0F, 0x19, 0x83, 0x50, 0x95,
+        0x00, 0xC9, 0xAB, 0xBD, 0x28, 0xE5, 0x9B, 0x3F,
+        0xCD, 0xAB, 0xBD, 0xAD, 0xAB, 0xD4, 0x5E, 0xC3,
+        0x14, 0x99, 0x37, 0x8B, 0xDE, 0x84, 0x9E, 0x7C,
+        0x1F, 0x19, 0xB7, 0x04, 0x4D, 0x67, 0xE0, 0x51,
+        0x06, 0xD7, 0x13, 0x6D, 0x95, 0x38, 0x0D, 0x56,
+        0x05, 0xD4, 0x46, 0x5D, 0x87, 0x75, 0x57, 0x06,
+        0x5D, 0xF0, 0xA7, 0x5D, 0x3C, 0x28, 0x54, 0x2F,
+        0x40, 0xFE, 0xED, 0x42, 0xEC, 0x7E, 0x28, 0x06,
+        0x37, 0xB0, 0x83, 0xD9, 0x88, 0xBC, 0xA5, 0xF6,
+        0x39, 0x4E, 0x02, 0x39, 0x6C, 0x46, 0x76, 0x18,
+        0x4F, 0xB6, 0x33, 0x18, 0xDA, 0xFA, 0xF5, 0xBB,
+        0xDD, 0xE0, 0x0E, 0x30, 0x8F, 0xE8, 0x40, 0x19,
+        0xC2, 0x34, 0x0A, 0x3F, 0x3E, 0x1C, 0x08, 0x65,
+        0x62, 0x49, 0x70, 0x71, 0x12, 0x83, 0x35, 0x6A,
+        0xE1, 0x4B, 0xD6, 0xB9, 0x4D, 0x1C, 0x9A, 0xE1,
+        0x88, 0xDE, 0x1A, 0x8A, 0x2C, 0xA8, 0x24, 0xA8,
+        0xEA, 0xE2, 0xFE, 0x6A, 0xFB, 0x38, 0xD8, 0x3A,
+        0x2D, 0x99, 0x99, 0x6A, 0xB2, 0x1F, 0xE3, 0xE8,
+        0x4C, 0x0B, 0xE6, 0xB6, 0xDA, 0x08, 0x87, 0x9B,
+        0x67, 0x73, 0x74, 0xFA, 0x7C, 0x69, 0x1B, 0x13,
+        0xD4, 0x0F, 0xA9, 0xD4, 0xCC, 0x26, 0xB2, 0x28,
+        0x8D, 0x5A, 0x8C, 0x9A, 0x43, 0x72, 0x43, 0x81,
+        0x00, 0x4D, 0x61, 0xB0, 0xD5, 0x7F, 0xF4, 0x00,
+        0x31, 0x4C, 0x8E, 0x30, 0xEE, 0x79, 0x6A, 0xF1,
+        0x0F, 0x7E, 0xE2, 0x1B, 0xF1, 0x3D, 0x08, 0x18,
+        0x04, 0x65, 0xAB, 0xC7, 0x2E, 0xDD, 0xB0, 0x80,
+        0xC6, 0xA0, 0x71, 0x84, 0xE3, 0xEE, 0xDC, 0x47,
+        0xC1, 0x9A, 0xA7, 0xF0, 0x9D, 0x1F, 0x33, 0x09,
+        0xE1, 0x83, 0xA2, 0xBD, 0x9B, 0x05, 0x73, 0xDD,
+        0xE4, 0x74, 0xA8, 0x1B, 0xA4, 0xF7, 0x8D, 0x0C,
+        0x52, 0x3D, 0x0C, 0x04, 0xF9, 0x00, 0x60, 0xFD,
+        0x57, 0x1A, 0x35, 0xC0, 0x37, 0xE0, 0x79, 0xC5,
+        0xE2, 0x10, 0xD7, 0x39, 0x0D, 0xF5, 0x68, 0xF2,
+        0xE2, 0xF0, 0x3C, 0xE4, 0x44, 0x20, 0xC8, 0x2F,
+        0x3F, 0xE6, 0x9E, 0xB9, 0xB4, 0x8E, 0xE9, 0x09,
+        0x62, 0xD6, 0xB0, 0xF2, 0x44, 0x40, 0x64, 0x8F,
+        0x71, 0xED, 0xB2, 0x41, 0xEE, 0x65, 0x66, 0xFC,
+        0x1A, 0x64, 0xCA, 0xBF, 0x66, 0xBE, 0x6F, 0xEC,
+        0xBC, 0xB1, 0x38, 0x7C, 0x82, 0xA7, 0xBC, 0x20,
+        0x2D, 0x9E, 0x36, 0x79, 0x98, 0xE2, 0xA2, 0x91,
+        0xAF, 0x0C, 0xD1, 0x57, 0x06, 0x77, 0xFE, 0x8D,
+        0x63, 0xA3, 0x28, 0x5A, 0x2E, 0xA6, 0xEB, 0x29,
+        0xAF, 0x9D, 0xC1, 0xAE, 0xC1, 0xC3, 0x6C, 0x47,
+        0x06, 0xB1, 0x2B, 0xAA, 0x20, 0x83, 0x96, 0x92,
+        0xF2, 0x86, 0xA6, 0xE0, 0x32, 0x14, 0x68, 0xF7,
+        0x47, 0x93, 0x45, 0xC4, 0xD5, 0x2F, 0xBD, 0xB2,
+        0xF0, 0x67, 0x25, 0xB5, 0x54, 0xB8, 0x9E, 0x24,
+        0x92, 0x61, 0x26, 0x81, 0xAC, 0xEB, 0xC6, 0xC7,
+        0xBA, 0xDA, 0x92, 0x25, 0x81, 0x8D, 0xBC, 0x35,
+        0xD6, 0x4C, 0x22, 0xC4, 0x8B, 0xFF, 0x80, 0xA7,
+        0x30, 0xD0, 0x71, 0x6D, 0xFA, 0xC9, 0x9D, 0xFD,
+        0x5B, 0x89, 0x92, 0x61, 0x1D, 0x0C, 0x93, 0xEE,
+        0x90, 0xBD, 0xB2, 0x60, 0x02, 0x2A, 0xFE, 0x25,
+        0xD9, 0x13, 0xE0, 0x6E, 0xFF, 0xB5, 0x9C, 0xB1,
+        0xF8, 0xA6, 0x0C, 0xBF, 0xA5, 0xAB, 0x2F, 0x45,
+        0x9A, 0x16, 0xF4, 0x67, 0xE9, 0x89, 0x52, 0x5E,
+        0x0A, 0x37, 0xEB, 0xE5, 0x6E, 0x83, 0x3F, 0xDE,
+        0x55, 0xDB, 0x9D, 0x15, 0x30, 0xAD, 0xCF, 0x45,
+        0x84, 0x6D, 0xF2, 0x81, 0xE4, 0x7C, 0xAA, 0x1E,
+        0x0A, 0x27, 0xEF, 0xDE, 0x21, 0x07, 0xD3, 0x54,
+        0xCE, 0xA0, 0xF6, 0xA4, 0x54, 0x69, 0x2F, 0x04,
+        0xCD, 0x83, 0x8E, 0xBD, 0xD4, 0x6E, 0x19, 0x1E,
+        0x5D, 0x9C, 0x11, 0x83, 0x9A, 0x2C, 0x3F, 0x48,
+        0x8A, 0x4F, 0xC7, 0xCD, 0x26, 0x5A, 0x7B, 0x5D,
+        0x32, 0xB0, 0x8C, 0xBD, 0xBF, 0xAB, 0x9D, 0x2C,
+        0xCD, 0x76, 0x22, 0x2C, 0x8E, 0xE3, 0x7D, 0xDC,
+        0xBD, 0x2A, 0xA0, 0x63, 0xED, 0x86, 0x14, 0x73,
+        0xA6, 0x45, 0x4C, 0xAE, 0xA3, 0x77, 0x85, 0x0B,
+        0x1A, 0x2B, 0x9D, 0xDB, 0xBC, 0xB3, 0x74, 0xFA,
+        0xB5, 0xB1, 0x2F, 0x35, 0x1C, 0x8E, 0x58, 0x88,
+        0x87, 0x2E, 0x5C, 0xD1, 0xF6, 0x0A, 0x4F, 0xAE,
+        0x1F, 0xF8, 0x37, 0xD1, 0x92, 0xC2, 0x2B, 0xEB,
+        0x41, 0xEE, 0x6F, 0xA3, 0x92, 0xFC, 0xDF, 0x45,
+        0x50, 0xFF, 0x46, 0xB5, 0xCE, 0x90, 0x6D, 0x01,
+        0x7E, 0xF3, 0x07, 0x7D, 0xF1, 0x32, 0x30, 0x0D,
+        0x8B, 0xBF, 0xA9, 0xBB, 0x03, 0xC7, 0x5E, 0x79,
+        0xE2, 0xF0, 0x4C, 0x28, 0x4A, 0xD0, 0x6A, 0x44,
+        0x39, 0x96, 0x49, 0xC3, 0xE2, 0xA2, 0xA8, 0xD1,
+        0xEF, 0xE9, 0xB7, 0xA4, 0xE0, 0xC2, 0x71, 0x04,
+        0x7A, 0xB7, 0x59, 0x08, 0xBF, 0xF7, 0xDF, 0x9E,
+        0x30, 0xEC, 0xA5, 0x47, 0x74, 0x5B, 0xAE, 0x23,
+        0xA8, 0x6F, 0xF9, 0xA8, 0xB5, 0x8C, 0x25, 0x38,
+        0xB8, 0x8B, 0x86, 0x64, 0x01, 0x07, 0x69, 0x02,
+        0xDC, 0x5F, 0x0B, 0xD7, 0x61, 0x68, 0x7B, 0x49,
+        0xEA, 0xFE, 0x36, 0xD3, 0x50, 0xCB, 0xED, 0xFD,
+        0xD3, 0x6C, 0x12, 0x1C, 0xF2, 0x37, 0x86, 0xBF,
+        0xCF, 0x7E, 0x47, 0x07, 0x64, 0x96, 0xEA, 0xB6,
+        0xBB, 0xDA, 0x77, 0x40, 0x49, 0xC2, 0xEB, 0xAB,
+        0xE2, 0xDE, 0x99, 0xC4, 0xC2, 0x4F, 0x2D, 0xB7,
+        0x36, 0x84, 0x01, 0x5B, 0x37, 0x39, 0x77, 0x49,
+        0x67, 0x60, 0xCF, 0x9A, 0xC2, 0x3D, 0x8B, 0x62,
+        0x31, 0x33, 0xDB, 0x2D, 0xE1, 0x0D, 0x73, 0xFA,
+        0x6A, 0xD1, 0xC6, 0xDA, 0xC8, 0x43, 0x4F, 0x28,
+        0xC6, 0xE2, 0x51, 0xCE, 0x72, 0x93, 0xCF, 0xF3,
+        0xF3, 0xB6, 0x1E, 0xFC, 0xB5, 0xA4, 0x35, 0x12,
+        0x36, 0x70, 0xF2, 0x98, 0x46, 0xA1, 0x3D, 0xF3,
+        0xEE, 0x71, 0x26, 0x04, 0x46, 0x1F, 0x1B, 0xAB,
+        0x8F, 0x4E, 0xBC, 0x83, 0x6D, 0xE0, 0x58, 0x97,
+        0x8A, 0xE7, 0x34, 0x39, 0x6A, 0x98, 0x08, 0x1B,
+        0x35, 0xCC, 0x98, 0x18, 0x8A, 0x86, 0x94, 0x9C,
+        0x99, 0x27, 0x0D, 0x47, 0x09, 0x85, 0x4C, 0x5B,
+        0x35, 0xB1, 0x7F, 0x48, 0xA3, 0x73, 0x13, 0x4C,
+        0x81, 0x4C, 0xC8, 0xA0, 0xF3, 0xE2, 0xFA, 0x80,
+        0x7F, 0x2A, 0x91, 0x85, 0x30, 0x90, 0x78, 0x64,
+        0x77, 0x82, 0x82, 0xD7, 0x5E, 0x03, 0xA4, 0x1B,
+        0x25, 0x04, 0xEE, 0xD8, 0x16, 0xA4, 0x17, 0xA3,
+        0xAC, 0x6B, 0xA1, 0x60, 0x80, 0xC3, 0x9B, 0x73,
+        0x10, 0x19, 0x20, 0x02, 0xA7, 0x28, 0xF7, 0xF2,
+        0x03, 0x95, 0x00, 0x9A, 0x9E, 0x16, 0x76, 0x7C,
+        0xE1, 0x97, 0x1F, 0x5D, 0xE7, 0xD2, 0x29, 0xA5,
+        0x06, 0x13, 0x36, 0x9E, 0x43, 0x82, 0x04, 0x5A,
+        0x8E, 0x81, 0x90, 0x1F, 0x4D, 0xBA, 0x81, 0x02,
+        0xF3, 0xD4, 0x13, 0xFE, 0x35, 0xB3, 0x26, 0xA8,
+        0x74, 0xF2, 0x33, 0xB7, 0x19, 0xA7, 0x13, 0x76,
+        0x00, 0xD3, 0x5D, 0x33, 0xAE, 0xB6, 0xB7, 0x25,
+        0x96, 0x24, 0x08, 0x3A, 0xA9, 0x68, 0x73, 0x0C,
+        0x8F, 0x78, 0x29, 0x2A, 0xD2, 0x8F, 0x14, 0xEE,
+        0xAB, 0xE6, 0x60, 0x83, 0x59, 0x84, 0xFE, 0x69,
+        0xEF, 0x23, 0xDE, 0xC8, 0xC3, 0x27, 0xC0, 0xEB,
+        0x0B, 0x88, 0x2D, 0x58, 0x7E, 0x1E, 0xC4, 0x33,
+        0xDA, 0x85, 0xC9, 0xFD, 0x1E, 0x0A, 0x34, 0x99,
+        0x4D, 0xEA, 0x24, 0x0C, 0x85, 0x44, 0x52, 0xD1,
+        0x8C, 0x30, 0xF4, 0x96, 0xE4, 0x9E, 0xC9, 0x04,
+        0xB6, 0x02, 0xE0, 0xF5, 0x06, 0x2E, 0xDC, 0xDA,
+        0x03, 0x28, 0x0A, 0x53, 0xB4, 0x31, 0x35, 0x74,
+        0xCC, 0x2C, 0x0D, 0x54, 0x71, 0xBC, 0x96, 0x13,
+        0xBD, 0xFD, 0x66, 0x41, 0xF5, 0xBD, 0x12, 0x7B,
+        0xAB, 0x5B, 0x5E, 0xB3, 0xD4, 0x99, 0xA3, 0x31,
+        0x14, 0x04, 0x82, 0x20, 0xE8, 0x19, 0xF8, 0xEE,
+        0x12, 0xCA, 0x92, 0x2C, 0x8F, 0x17, 0xD9, 0xC9,
+        0xF5, 0x1A, 0xD5, 0xBD, 0x68, 0x83, 0xB1, 0x0E,
+        0x6A, 0xA2, 0x48, 0x3B, 0xA4, 0x9D, 0xC5, 0x47,
+        0xDA, 0x76, 0x86, 0x15, 0x13, 0x44, 0xF4, 0xE9,
+        0x09, 0x9B, 0x38, 0xE4, 0x30, 0xB5, 0x22, 0x6B,
+        0x05, 0x98, 0x32, 0xCF, 0x03, 0xDB, 0x48, 0xFB,
+        0x02, 0xDB, 0xA4, 0xE6, 0x15, 0x93, 0xDC, 0x45,
+        0x76, 0x36, 0x04, 0x91, 0x89, 0x0E, 0x53, 0xEC,
+        0x0E, 0x6A, 0xC7, 0x3C, 0xF3, 0x2B, 0x25, 0xD8,
+        0x23, 0xB3, 0x84, 0x56, 0xE2, 0x86, 0x50, 0x5A,
+        0x54, 0x1E, 0x5A, 0xEE, 0xE9, 0x6B, 0x19, 0x14,
+        0xF5, 0xF7, 0x66, 0x87, 0xCE, 0x2B, 0x01, 0x60,
+        0x22, 0x7A, 0xBE, 0xD7, 0x79, 0x93, 0x59, 0x4B,
+        0xCD, 0x83, 0x13, 0x66, 0x20, 0x6D, 0x75, 0x71,
+        0x40, 0x82, 0xF1, 0xC4, 0x6F, 0x1F, 0x44, 0x39,
+        0xAC, 0x81, 0xA5, 0x7A, 0xF3, 0x1C, 0x81, 0xC5,
+        0x55, 0x30, 0x7A, 0x07, 0x0F, 0xFA, 0x94, 0xE0,
+        0x47, 0x9B, 0x78, 0x4B, 0xBD, 0x88, 0xA6, 0x0C,
+        0xD4, 0xC7, 0xCF, 0xD9, 0x4E, 0x6A, 0xFE, 0x02,
+        0xF6, 0xB2, 0x1F, 0x72, 0xAF, 0x0D, 0xCD, 0x66,
+        0x09, 0xD4, 0x0C, 0x96, 0x5C, 0x14, 0xE5, 0xF2,
+        0x38, 0x91, 0x83, 0xE5, 0x3D, 0xE9, 0x30, 0xF7,
+        0xDE, 0x1D, 0x44, 0x21, 0x5C, 0xF4, 0x91, 0x44,
+        0x84, 0x4E, 0x8B, 0x87, 0xF7, 0x8A, 0x7F, 0x13,
+        0x2A, 0xEF, 0xE2, 0x2B, 0xE8, 0x0B, 0x4E, 0x3A,
+        0x05, 0xEE, 0x3A, 0x68, 0xCC, 0xF6, 0x09, 0xEF,
+        0x44, 0x04, 0x74, 0x02, 0xE4, 0x49, 0x30, 0x46,
+        0xE6, 0xF9, 0xC7, 0x67, 0xFF, 0x8A, 0x75, 0xE2,
+        0x8B, 0x3C, 0xE0, 0x77, 0xFD, 0xE7, 0xE7, 0xEE,
+        0xD3, 0x13, 0xB5, 0xBF, 0x7E, 0x46, 0x01, 0x27,
+        0xCA, 0x81, 0x82, 0xE9, 0xBC, 0x79, 0x4C, 0x0D,
+        0xFA, 0x73, 0x0F, 0xB9, 0x20, 0x08, 0x05, 0x75,
+        0xA7, 0x51, 0xB5, 0xCA, 0xEC, 0x85, 0xA1, 0x09,
+        0xB4, 0x42, 0x2B, 0xA2, 0x66, 0x74, 0x3F, 0x0D,
+        0x03, 0x2B, 0xDA, 0x8F, 0x1C, 0xA6, 0x24, 0x8C,
+        0xDB, 0x91, 0x75, 0x30, 0xDF, 0x13, 0x02, 0xA5,
+        0xF8, 0xC1, 0x8D, 0xC6, 0x42, 0xD5, 0x24, 0x78,
+        0xC9, 0x8C, 0x12, 0xA3, 0xF1, 0x6E, 0xF2, 0xB6,
+        0x2B, 0x4F, 0x59, 0xEA, 0x1B, 0xB5, 0x8D, 0xE7,
+        0xB6, 0x5B, 0x3C, 0x71, 0x53, 0xCE, 0x6D, 0xA5,
+        0xE4, 0x95, 0x07, 0x46, 0xF8, 0x0E, 0x08, 0x7A,
+        0x0E, 0x35, 0x86, 0xD0, 0x97, 0x79, 0x1B, 0xF3,
+        0x6D, 0xEF, 0x86, 0x5D, 0x68, 0x59, 0x1D, 0x39,
+        0xD0, 0x90, 0x37, 0x73, 0xEE, 0xA9, 0x62, 0x14,
+        0x7F, 0x34, 0x70, 0x41, 0x38, 0xB5, 0x4D, 0xF7,
+        0x92, 0x4C, 0xDD, 0x8C, 0x33, 0x3D, 0xB5, 0xE1,
+        0xA4, 0x09, 0xCC, 0xB2, 0xB3, 0x4E, 0x2C, 0x3C,
+        0x8C, 0x7F, 0xDD, 0x3F, 0xD8, 0xD0, 0x12, 0xCB,
+        0xF3, 0x82, 0xAA, 0xA8, 0x5E, 0x83, 0xA1, 0x2F,
+        0x23, 0x5A, 0x2D, 0x14, 0x7D, 0x03, 0x5B, 0x7B,
+        0x28, 0xB3, 0x4B, 0x6F, 0x57, 0x94, 0x9F, 0x32,
+        0x24, 0x82, 0xA7, 0xD4, 0xD3, 0xB1, 0x50, 0x45,
+        0xC4, 0x20, 0xD5, 0xAD, 0xDC, 0x7F, 0x0E, 0x69,
+        0xB4, 0xDC, 0x1C, 0xBA, 0x58, 0xB0, 0x1D, 0x87,
+        0x24, 0x80, 0xB0, 0x6A, 0x26, 0x0D, 0x82, 0x7D,
+        0x89, 0x1B, 0x13, 0xC4, 0xC5, 0xCA, 0x50, 0xC7,
+        0x48, 0xDE, 0x3C, 0x77, 0x1B, 0xE6, 0x1E, 0x9A,
+        0xA1, 0x70, 0x16, 0x5C, 0xB0, 0x1F, 0x4B, 0xF5,
+        0xDA, 0x27, 0xA7, 0x79, 0x1D, 0x3A, 0xD3, 0xF6,
+        0x26, 0x7B, 0x4C, 0xB4, 0xE6, 0x1B, 0x28, 0xFA,
+        0x17, 0x08, 0x41, 0x8D, 0x93, 0x2D, 0xFC, 0x41,
+        0x61, 0x88, 0x0C, 0x5D, 0x3B, 0x17, 0xA9, 0x66,
+        0x3A, 0x90, 0x61, 0xFA, 0x8F, 0x18, 0x04, 0x31,
+        0x58, 0x50, 0xFE, 0x4E, 0x73, 0x06, 0xC8, 0x82,
+        0xB3, 0x82, 0x27, 0xE8, 0x67, 0xF8, 0x08, 0x72,
+        0xCD, 0xC1, 0x94, 0x4D, 0x47, 0x26, 0x15, 0xEA,
+        0x49, 0x00, 0xEF, 0x7D, 0x27, 0x0B, 0x88, 0x1D,
+        0x41, 0x30, 0xF5, 0x6C, 0x5C, 0xC9, 0x80, 0xD9,
+        0x2A, 0x47, 0xAD, 0xA6, 0x65, 0x7E, 0xB6, 0xF3,
+        0x7A, 0x38, 0x5D, 0x2D, 0x8C, 0xC9, 0x93, 0xE1,
+        0x44, 0x2E, 0xB0, 0x52, 0x81, 0x85, 0x36, 0x36,
+        0x99, 0x1E, 0x34, 0xAA, 0xDC, 0x68, 0x95, 0x4D,
+        0x04, 0xE7, 0xAD, 0xEF, 0x76, 0xBF, 0x88, 0x0F,
+        0x05, 0x9B, 0x0C, 0xBB, 0x55, 0xD9, 0x15, 0xA4,
+        0xB1, 0x23, 0xE2, 0xF1, 0x33, 0x9A, 0x07, 0x3C,
+        0xBF, 0xBC, 0x40, 0x9B, 0xEF, 0xF6, 0x40, 0x0A,
+        0xE0, 0x96, 0xD5, 0xAE, 0x18, 0xEC, 0x42, 0xCF,
+        0xFA, 0xD5, 0xB4, 0x98, 0x0F, 0xA3, 0x5B, 0xF0,
+        0x34, 0x13, 0xAD, 0xB5, 0xD7, 0xE6, 0x87, 0x6A,
+        0xC3, 0x55, 0xD1, 0xC9, 0xED, 0x70, 0xCA, 0x2B,
+        0x97, 0x39, 0x54, 0xD1, 0x2B, 0x3C, 0xDD, 0x76,
+        0xAC, 0x68, 0x35, 0xDB, 0x96, 0x00, 0x3E, 0xD8,
+        0xC4, 0xE2, 0x88, 0xB7, 0x1F, 0xD7, 0x7D, 0xBA,
+        0xA7, 0x63, 0x57, 0x20, 0xE1, 0x2A, 0xE0, 0xA3,
+        0x17, 0xDE, 0x80, 0x8C, 0x66, 0x4E, 0x31, 0x7F,
+        0x55, 0x27, 0x57, 0x91, 0xF3, 0x24, 0x5C, 0xA4,
+        0xFE, 0x5D, 0x4D, 0x41, 0x07, 0x7F, 0xC1, 0x50,
+        0xA6, 0xE4, 0x03, 0xD5, 0xA2, 0x08, 0xE4, 0x6E,
+        0xAD, 0xBE, 0x8F, 0x2C, 0xFB, 0x8A, 0xF4, 0x72,
+        0xF4, 0xA0, 0xCE, 0xAC, 0x01, 0x52, 0x19, 0x47,
+        0x8E, 0x6B, 0x86, 0xC9, 0x58, 0xCF, 0x86, 0x52,
+        0x5B, 0x74, 0x85, 0xC1, 0x73, 0x4C, 0x7E, 0xF0,
+        0x0E, 0x90, 0x68, 0x3F, 0xFF, 0x5D, 0xBD, 0x0A,
+        0x7D, 0x41, 0x3A, 0x85, 0x50, 0x21, 0x02, 0x6A,
+        0x1B, 0x32, 0x01, 0x3A, 0x46, 0x16, 0xCB, 0xCD,
+        0x37, 0x00, 0xAC, 0xBC, 0x70, 0x5B, 0xE3, 0xEF,
+        0xBA, 0x62, 0x5C, 0x69, 0xA0, 0x25, 0x26, 0x7B,
+        0xCE, 0x9D, 0x13, 0x5E, 0x3F, 0x5B, 0x5C, 0xC8,
+        0xC4, 0x39, 0x56, 0x40, 0x7E, 0x84, 0xB6, 0x66,
+        0x31, 0x03, 0xE2, 0x9C, 0x24, 0x20, 0x35, 0x55,
+        0x1A, 0xE7, 0x97, 0xF5, 0x6C, 0x63, 0x74, 0xBE,
+        0x0C, 0x79, 0x8C, 0x0C, 0xF3, 0x98, 0xF1, 0xED
+    };
+    static const byte sk_65[] = {
+        0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35,
+        0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52,
+        0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC,
+        0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C,
+        0xE3, 0x8D, 0x1C, 0x14, 0xF6, 0x46, 0x7C, 0x35,
+        0xA9, 0xF3, 0x80, 0xD2, 0x7D, 0xE6, 0x1F, 0x7C,
+        0x75, 0x03, 0x15, 0x69, 0xEA, 0x2E, 0xC8, 0x26,
+        0x0E, 0xEE, 0x91, 0x05, 0x26, 0x1B, 0x7F, 0xE1,
+        0x60, 0xC9, 0x13, 0x44, 0xB0, 0xC6, 0x76, 0x4C,
+        0x20, 0x4E, 0x5B, 0x8D, 0x42, 0x46, 0x50, 0xBE,
+        0xC0, 0x6B, 0x9E, 0x2E, 0x62, 0x5A, 0xF0, 0x7E,
+        0x23, 0xF4, 0x95, 0x0C, 0xA2, 0x4F, 0xB4, 0xD6,
+        0xEC, 0x2C, 0x8B, 0x3A, 0x71, 0x7C, 0x93, 0x11,
+        0xEB, 0x87, 0x27, 0x9F, 0xE2, 0x5E, 0x31, 0x1F,
+        0x48, 0xB8, 0x25, 0x65, 0x01, 0xF6, 0x46, 0x34,
+        0x12, 0xB5, 0x0D, 0xBC, 0x89, 0xA8, 0x69, 0xBA,
+        0x22, 0x41, 0x11, 0x26, 0x48, 0x40, 0x07, 0x38,
+        0x73, 0x02, 0x12, 0x44, 0x25, 0x44, 0x57, 0x54,
+        0x83, 0x72, 0x50, 0x33, 0x35, 0x62, 0x58, 0x42,
+        0x32, 0x01, 0x62, 0x11, 0x83, 0x61, 0x02, 0x45,
+        0x66, 0x56, 0x48, 0x35, 0x61, 0x20, 0x84, 0x52,
+        0x60, 0x68, 0x50, 0x45, 0x65, 0x55, 0x12, 0x72,
+        0x47, 0x47, 0x21, 0x21, 0x25, 0x40, 0x22, 0x21,
+        0x42, 0x81, 0x17, 0x65, 0x03, 0x06, 0x42, 0x61,
+        0x52, 0x13, 0x43, 0x25, 0x24, 0x33, 0x82, 0x12,
+        0x11, 0x35, 0x62, 0x33, 0x32, 0x07, 0x47, 0x86,
+        0x22, 0x31, 0x50, 0x83, 0x70, 0x84, 0x26, 0x43,
+        0x45, 0x64, 0x51, 0x48, 0x31, 0x14, 0x86, 0x24,
+        0x66, 0x86, 0x74, 0x33, 0x71, 0x36, 0x67, 0x26,
+        0x01, 0x47, 0x07, 0x72, 0x11, 0x61, 0x58, 0x85,
+        0x58, 0x38, 0x71, 0x83, 0x80, 0x67, 0x01, 0x65,
+        0x78, 0x70, 0x64, 0x77, 0x85, 0x60, 0x02, 0x88,
+        0x53, 0x48, 0x46, 0x62, 0x25, 0x83, 0x54, 0x88,
+        0x04, 0x74, 0x40, 0x12, 0x57, 0x43, 0x71, 0x07,
+        0x75, 0x44, 0x38, 0x71, 0x21, 0x14, 0x22, 0x08,
+        0x88, 0x72, 0x23, 0x58, 0x87, 0x46, 0x14, 0x85,
+        0x53, 0x71, 0x67, 0x73, 0x82, 0x28, 0x22, 0x74,
+        0x14, 0x03, 0x57, 0x73, 0x28, 0x71, 0x83, 0x80,
+        0x78, 0x14, 0x34, 0x87, 0x52, 0x07, 0x64, 0x74,
+        0x01, 0x60, 0x75, 0x61, 0x06, 0x08, 0x61, 0x32,
+        0x21, 0x46, 0x15, 0x65, 0x42, 0x67, 0x08, 0x20,
+        0x84, 0x10, 0x73, 0x13, 0x03, 0x61, 0x02, 0x86,
+        0x50, 0x45, 0x26, 0x12, 0x16, 0x68, 0x33, 0x55,
+        0x25, 0x84, 0x73, 0x53, 0x54, 0x52, 0x65, 0x17,
+        0x10, 0x60, 0x00, 0x38, 0x57, 0x77, 0x81, 0x24,
+        0x26, 0x80, 0x41, 0x46, 0x43, 0x26, 0x67, 0x41,
+        0x06, 0x03, 0x55, 0x41, 0x28, 0x33, 0x37, 0x25,
+        0x23, 0x06, 0x77, 0x82, 0x15, 0x16, 0x31, 0x73,
+        0x00, 0x08, 0x75, 0x26, 0x58, 0x46, 0x34, 0x63,
+        0x88, 0x08, 0x84, 0x64, 0x51, 0x11, 0x24, 0x05,
+        0x32, 0x10, 0x11, 0x18, 0x18, 0x64, 0x78, 0x22,
+        0x41, 0x00, 0x38, 0x55, 0x75, 0x42, 0x10, 0x46,
+        0x83, 0x43, 0x73, 0x38, 0x80, 0x07, 0x83, 0x43,
+        0x78, 0x74, 0x13, 0x57, 0x62, 0x32, 0x68, 0x80,
+        0x65, 0x86, 0x48, 0x53, 0x48, 0x35, 0x51, 0x58,
+        0x50, 0x74, 0x46, 0x05, 0x88, 0x70, 0x07, 0x72,
+        0x01, 0x31, 0x00, 0x87, 0x54, 0x88, 0x14, 0x20,
+        0x84, 0x16, 0x61, 0x15, 0x60, 0x56, 0x85, 0x11,
+        0x58, 0x08, 0x05, 0x88, 0x63, 0x01, 0x82, 0x86,
+        0x13, 0x14, 0x17, 0x22, 0x01, 0x68, 0x17, 0x17,
+        0x86, 0x58, 0x53, 0x10, 0x62, 0x28, 0x52, 0x82,
+        0x26, 0x15, 0x04, 0x31, 0x42, 0x88, 0x54, 0x31,
+        0x78, 0x05, 0x80, 0x11, 0x50, 0x45, 0x68, 0x82,
+        0x33, 0x66, 0x36, 0x36, 0x40, 0x65, 0x15, 0x24,
+        0x47, 0x67, 0x06, 0x45, 0x36, 0x42, 0x26, 0x86,
+        0x75, 0x06, 0x35, 0x41, 0x33, 0x47, 0x85, 0x12,
+        0x17, 0x80, 0x83, 0x87, 0x65, 0x51, 0x42, 0x31,
+        0x38, 0x87, 0x56, 0x62, 0x05, 0x17, 0x40, 0x85,
+        0x28, 0x14, 0x17, 0x21, 0x38, 0x12, 0x60, 0x81,
+        0x24, 0x41, 0x45, 0x75, 0x01, 0x82, 0x87, 0x10,
+        0x10, 0x02, 0x13, 0x25, 0x57, 0x04, 0x21, 0x72,
+        0x42, 0x78, 0x61, 0x11, 0x70, 0x05, 0x30, 0x47,
+        0x72, 0x13, 0x20, 0x30, 0x21, 0x67, 0x44, 0x31,
+        0x57, 0x71, 0x45, 0x57, 0x10, 0x54, 0x16, 0x65,
+        0x74, 0x15, 0x24, 0x02, 0x43, 0x71, 0x51, 0x20,
+        0x55, 0x11, 0x67, 0x83, 0x67, 0x82, 0x52, 0x53,
+        0x35, 0x66, 0x42, 0x46, 0x13, 0x70, 0x22, 0x32,
+        0x74, 0x00, 0x07, 0x06, 0x81, 0x87, 0x17, 0x57,
+        0x80, 0x28, 0x68, 0x01, 0x72, 0x10, 0x04, 0x27,
+        0x55, 0x22, 0x86, 0x42, 0x53, 0x15, 0x81, 0x76,
+        0x30, 0x86, 0x40, 0x83, 0x11, 0x43, 0x30, 0x53,
+        0x82, 0x73, 0x53, 0x03, 0x72, 0x35, 0x68, 0x70,
+        0x45, 0x41, 0x15, 0x73, 0x14, 0x12, 0x31, 0x64,
+        0x32, 0x66, 0x63, 0x56, 0x21, 0x51, 0x50, 0x82,
+        0x10, 0x30, 0x23, 0x38, 0x17, 0x21, 0x27, 0x10,
+        0x23, 0x14, 0x22, 0x75, 0x77, 0x28, 0x37, 0x71,
+        0x62, 0x75, 0x06, 0x88, 0x72, 0x14, 0x18, 0x73,
+        0x13, 0x03, 0x01, 0x50, 0x71, 0x58, 0x62, 0x86,
+        0x62, 0x88, 0x86, 0x86, 0x03, 0x27, 0x01, 0x46,
+        0x17, 0x22, 0x71, 0x38, 0x53, 0x81, 0x70, 0x33,
+        0x88, 0x68, 0x13, 0x78, 0x81, 0x04, 0x86, 0x57,
+        0x30, 0x16, 0x52, 0x31, 0x40, 0x83, 0x07, 0x56,
+        0x82, 0x10, 0x32, 0x31, 0x28, 0x50, 0x06, 0x50,
+        0x81, 0x63, 0x06, 0x75, 0x76, 0x65, 0x11, 0x60,
+        0x14, 0x17, 0x12, 0x12, 0x55, 0x56, 0x48, 0x11,
+        0x41, 0x13, 0x28, 0x82, 0x62, 0x07, 0x47, 0x64,
+        0x24, 0x48, 0x23, 0x24, 0x77, 0x53, 0x26, 0x08,
+        0x17, 0x58, 0x11, 0x56, 0x37, 0x48, 0x35, 0x51,
+        0x47, 0x86, 0x85, 0x66, 0x66, 0x81, 0x73, 0x20,
+        0x21, 0x36, 0x75, 0x22, 0x74, 0x66, 0x83, 0x44,
+        0x57, 0x00, 0x66, 0x64, 0x77, 0x20, 0x47, 0x22,
+        0x28, 0x56, 0x87, 0x12, 0x47, 0x02, 0x48, 0x07,
+        0x02, 0x54, 0x23, 0x01, 0x25, 0x71, 0x37, 0x36,
+        0x75, 0x36, 0x00, 0x52, 0x68, 0x15, 0x33, 0x35,
+        0x82, 0x06, 0x13, 0x73, 0x24, 0x08, 0x71, 0x76,
+        0x15, 0x22, 0x42, 0x60, 0x18, 0x53, 0x43, 0x11,
+        0x64, 0x57, 0x76, 0x17, 0x61, 0x56, 0x68, 0x76,
+        0x60, 0x65, 0x54, 0x78, 0x10, 0x33, 0x63, 0x14,
+        0x21, 0x83, 0x21, 0x60, 0x15, 0x55, 0x80, 0x42,
+        0x38, 0x42, 0x03, 0x13, 0x12, 0x34, 0x36, 0x25,
+        0x27, 0x30, 0x82, 0x81, 0x25, 0x47, 0x51, 0x35,
+        0x44, 0x12, 0x67, 0x35, 0x00, 0x10, 0x01, 0x83,
+        0x85, 0x74, 0x42, 0x40, 0x13, 0x03, 0x61, 0x27,
+        0x81, 0x26, 0x26, 0x81, 0x18, 0x87, 0x43, 0x51,
+        0x20, 0x62, 0x71, 0x27, 0x51, 0x56, 0x10, 0x22,
+        0x22, 0x81, 0x11, 0x81, 0x41, 0x66, 0x66, 0x38,
+        0x20, 0x86, 0x75, 0x56, 0x12, 0x40, 0x06, 0x54,
+        0x61, 0x12, 0x74, 0x40, 0x34, 0x58, 0x58, 0x78,
+        0x10, 0x07, 0x85, 0x25, 0x72, 0x88, 0x57, 0x22,
+        0x22, 0x25, 0x50, 0x84, 0x00, 0x41, 0x26, 0x08,
+        0x36, 0x46, 0x28, 0x78, 0x46, 0x78, 0x05, 0x02,
+        0x28, 0x20, 0x77, 0x13, 0x60, 0x75, 0x14, 0x43,
+        0x68, 0x78, 0x64, 0x31, 0x38, 0x77, 0x73, 0x73,
+        0x55, 0x41, 0x27, 0x00, 0x54, 0x07, 0x08, 0x28,
+        0x68, 0x80, 0x04, 0x53, 0x83, 0x43, 0x22, 0x81,
+        0x00, 0x64, 0x35, 0x48, 0x67, 0x66, 0x50, 0x17,
+        0x75, 0x76, 0x12, 0x75, 0x43, 0x81, 0x62, 0x40,
+        0x33, 0x43, 0x45, 0x38, 0x87, 0x21, 0x66, 0x14,
+        0x70, 0x48, 0x41, 0x43, 0x14, 0x66, 0x58, 0x78,
+        0x45, 0x82, 0x02, 0x25, 0x45, 0x73, 0x15, 0x21,
+        0x32, 0x03, 0x02, 0x48, 0x80, 0x80, 0x13, 0x71,
+        0x25, 0x54, 0x32, 0x72, 0x05, 0x68, 0x65, 0x24,
+        0x68, 0x04, 0x06, 0x16, 0x83, 0x50, 0x54, 0x53,
+        0x37, 0x37, 0x27, 0x22, 0x20, 0x68, 0x08, 0x25,
+        0x50, 0x84, 0x72, 0x86, 0x74, 0x22, 0x36, 0x16,
+        0x80, 0x07, 0x55, 0x18, 0x12, 0x17, 0x84, 0x44,
+        0x81, 0x15, 0x64, 0x50, 0x71, 0x10, 0x58, 0x15,
+        0x51, 0x10, 0x10, 0x47, 0x16, 0x21, 0x07, 0x58,
+        0x61, 0x18, 0x78, 0x00, 0x52, 0x72, 0x64, 0x52,
+        0x17, 0x43, 0x23, 0x40, 0x76, 0x48, 0x67, 0x30,
+        0x77, 0x63, 0x64, 0x87, 0x51, 0x31, 0x63, 0x84,
+        0x68, 0x74, 0x53, 0x63, 0x84, 0x23, 0x54, 0x66,
+        0x10, 0x48, 0x36, 0x33, 0x85, 0x21, 0x48, 0x42,
+        0x03, 0x82, 0x51, 0x10, 0x33, 0x57, 0x46, 0x80,
+        0x16, 0x43, 0x34, 0x02, 0x07, 0x03, 0x53, 0x22,
+        0x12, 0x75, 0x73, 0x34, 0x65, 0x83, 0x33, 0x87,
+        0x43, 0x85, 0x17, 0x50, 0x36, 0x60, 0x88, 0x02,
+        0x58, 0x75, 0x80, 0x88, 0x31, 0x63, 0x60, 0x18,
+        0x21, 0x32, 0x26, 0x15, 0x68, 0x74, 0x11, 0x10,
+        0x33, 0x14, 0x13, 0x05, 0x34, 0x16, 0x72, 0x65,
+        0x35, 0x50, 0x13, 0x34, 0x80, 0x87, 0x10, 0x26,
+        0x48, 0x68, 0x84, 0x52, 0x71, 0x44, 0x23, 0x58,
+        0x80, 0x35, 0x57, 0x70, 0x54, 0x84, 0x28, 0x70,
+        0x55, 0x88, 0x86, 0x83, 0x86, 0x25, 0x21, 0x82,
+        0x72, 0x61, 0x17, 0x78, 0x85, 0x17, 0x67, 0x73,
+        0x00, 0x57, 0x71, 0x11, 0x78, 0x51, 0x10, 0x65,
+        0x63, 0x57, 0x02, 0x87, 0x40, 0x13, 0x40, 0x01,
+        0x26, 0x53, 0x45, 0x12, 0x05, 0x46, 0x75, 0x18,
+        0x80, 0x70, 0x33, 0x35, 0x66, 0x22, 0x62, 0x00,
+        0x70, 0x23, 0x26, 0x87, 0x72, 0x63, 0x11, 0x13,
+        0x33, 0x33, 0x81, 0x41, 0x70, 0x62, 0x28, 0x61,
+        0x51, 0x47, 0x31, 0x30, 0x25, 0x46, 0x51, 0x17,
+        0x61, 0x58, 0x07, 0x41, 0x61, 0x37, 0x37, 0x06,
+        0x14, 0x00, 0x54, 0x88, 0x77, 0x75, 0x67, 0x77,
+        0x66, 0x53, 0x16, 0x72, 0x66, 0x66, 0x88, 0x76,
+        0x43, 0x58, 0x31, 0x04, 0x87, 0x57, 0x06, 0x76,
+        0x47, 0x00, 0x43, 0x63, 0x58, 0x60, 0x52, 0x03,
+        0x44, 0x27, 0x36, 0x48, 0x61, 0x23, 0x72, 0x16,
+        0x10, 0x62, 0x42, 0x08, 0x60, 0x83, 0x23, 0x54,
+        0x03, 0x55, 0x55, 0x73, 0x00, 0x61, 0x03, 0x65,
+        0x34, 0x27, 0x14, 0x15, 0x86, 0x62, 0x55, 0x80,
+        0x16, 0x53, 0x10, 0x18, 0x26, 0x11, 0x35, 0x46,
+        0x82, 0x46, 0x13, 0x25, 0x83, 0x47, 0x70, 0x50,
+        0x06, 0x01, 0x56, 0x02, 0x11, 0x68, 0x54, 0x53,
+        0x03, 0x68, 0x73, 0x36, 0x41, 0x88, 0x86, 0x33,
+        0x42, 0x52, 0x01, 0x58, 0x33, 0x42, 0x32, 0x88,
+        0x56, 0x81, 0x77, 0x55, 0x51, 0x48, 0x48, 0x12,
+        0x01, 0x58, 0x13, 0x85, 0x04, 0x14, 0x71, 0x83,
+        0x57, 0x07, 0x54, 0x55, 0x54, 0x55, 0x28, 0x27,
+        0x31, 0x36, 0x02, 0x12, 0x32, 0x68, 0x32, 0x13,
+        0x82, 0x58, 0x70, 0x28, 0x58, 0x53, 0x44, 0x86,
+        0x72, 0x73, 0x42, 0x84, 0x18, 0x22, 0x08, 0x83,
+        0x61, 0x02, 0x14, 0x16, 0x17, 0x12, 0x41, 0x57,
+        0x48, 0x85, 0x25, 0x10, 0x26, 0x07, 0x36, 0x76,
+        0x12, 0x66, 0x17, 0x21, 0x32, 0x36, 0x03, 0x25,
+        0x41, 0x10, 0x11, 0x22, 0x66, 0x60, 0x16, 0x16,
+        0x32, 0x64, 0x26, 0x05, 0x18, 0x63, 0x51, 0x58,
+        0x51, 0x31, 0x42, 0x53, 0x84, 0x56, 0x66, 0x27,
+        0x83, 0x33, 0x54, 0x50, 0x76, 0x46, 0x50, 0x80,
+        0x25, 0x43, 0x41, 0x57, 0x35, 0x78, 0x25, 0x43,
+        0x02, 0x82, 0x38, 0x47, 0x45, 0x70, 0x15, 0x67,
+        0x51, 0x77, 0x47, 0x80, 0x31, 0x52, 0x75, 0x00,
+        0x00, 0x94, 0x7B, 0xCA, 0x93, 0xC2, 0x7D, 0x58,
+        0x4E, 0x2C, 0x66, 0xEA, 0xC9, 0xC7, 0x64, 0x0C,
+        0x1C, 0xA2, 0x17, 0xEE, 0xF6, 0x6D, 0xAB, 0xBC,
+        0xB2, 0x60, 0xB4, 0xC3, 0x43, 0x00, 0xFA, 0x05,
+        0x13, 0x57, 0x82, 0x0F, 0x57, 0x39, 0x25, 0x44,
+        0x98, 0x2F, 0xD1, 0x10, 0x57, 0xDE, 0x23, 0x3E,
+        0x6D, 0x2D, 0xD8, 0x49, 0x72, 0xA7, 0xE4, 0x7D,
+        0x4D, 0xBA, 0x99, 0xBC, 0x30, 0xCF, 0x8F, 0x2A,
+        0xD5, 0xA2, 0xC0, 0x24, 0x31, 0x95, 0xED, 0x27,
+        0x30, 0xFF, 0xA9, 0x2D, 0x22, 0x7D, 0x15, 0x30,
+        0x95, 0x97, 0x2D, 0x4B, 0x34, 0x47, 0xFF, 0xAC,
+        0x45, 0xA2, 0x3E, 0xB4, 0x1C, 0xBC, 0x87, 0xCD,
+        0xD1, 0x25, 0x0A, 0x8A, 0x47, 0x8B, 0x0F, 0x7A,
+        0x1D, 0x5B, 0x39, 0xAA, 0x22, 0x06, 0xE4, 0x86,
+        0x45, 0x58, 0x4F, 0xE7, 0xBF, 0x7A, 0x13, 0x16,
+        0x8F, 0x48, 0x27, 0x65, 0xE5, 0x7B, 0xB9, 0x24,
+        0xAC, 0x6D, 0x9A, 0x11, 0x36, 0x9F, 0x4A, 0x6A,
+        0xFF, 0xCD, 0x16, 0x9B, 0x7D, 0x75, 0x12, 0x9B,
+        0x35, 0xD5, 0x13, 0x4A, 0x31, 0x76, 0x1B, 0xB8,
+        0x35, 0x5A, 0xEE, 0xED, 0x27, 0xE2, 0x01, 0xA0,
+        0x63, 0x13, 0x01, 0x3E, 0x30, 0x7A, 0x01, 0xA7,
+        0x3A, 0xEA, 0x79, 0x55, 0xC0, 0x57, 0x8C, 0x8C,
+        0x5E, 0x5A, 0x1A, 0x2D, 0x2F, 0xA4, 0x59, 0x3F,
+        0xAC, 0xD9, 0x04, 0xC6, 0x20, 0x40, 0xBD, 0xB9,
+        0xF3, 0x29, 0x93, 0x35, 0x36, 0xBF, 0x8D, 0x81,
+        0xC4, 0x25, 0x6B, 0xAA, 0xE8, 0x72, 0x3F, 0xD4,
+        0xDC, 0x66, 0xBB, 0x5E, 0x7F, 0x9C, 0xA4, 0x90,
+        0x31, 0xA1, 0x93, 0xEC, 0xEC, 0xBB, 0x5D, 0xC3,
+        0x90, 0xEC, 0x6D, 0x55, 0x13, 0xC7, 0x9A, 0x05,
+        0x2B, 0x3F, 0xD4, 0x36, 0x12, 0xFB, 0x73, 0x75,
+        0x31, 0x5D, 0x80, 0x91, 0xF7, 0x9B, 0xAB, 0x13,
+        0x18, 0xF1, 0x78, 0x54, 0x56, 0x1B, 0xC9, 0x3A,
+        0xE0, 0xE5, 0xCD, 0x6D, 0x13, 0x1E, 0x56, 0x2C,
+        0x81, 0x14, 0x81, 0x0C, 0x93, 0x9A, 0xE5, 0x63,
+        0xAA, 0x10, 0xB4, 0x7C, 0xE4, 0x48, 0x43, 0x17,
+        0xF3, 0x4A, 0xBD, 0x02, 0xD0, 0xCC, 0xAD, 0x58,
+        0xDD, 0x29, 0xBC, 0xF6, 0x57, 0xBB, 0xD9, 0x25,
+        0x4B, 0x01, 0xCA, 0x97, 0x26, 0x09, 0x19, 0x38,
+        0xED, 0x32, 0x05, 0x4B, 0x37, 0xDD, 0x61, 0x72,
+        0x40, 0xF4, 0x43, 0x4C, 0x1A, 0x4A, 0x87, 0x11,
+        0xAA, 0x3A, 0x39, 0x9A, 0x8A, 0x53, 0x88, 0x33,
+        0x0B, 0x70, 0x59, 0xEC, 0xCB, 0xB6, 0xB1, 0xB9,
+        0xCF, 0x71, 0x87, 0xAD, 0xF1, 0x0B, 0x0C, 0x91,
+        0x71, 0xD3, 0xC0, 0xF6, 0xE2, 0xD4, 0x60, 0xA4,
+        0x19, 0x24, 0x76, 0x72, 0xE3, 0xB9, 0xFE, 0xA2,
+        0xC9, 0x59, 0x10, 0xBF, 0x2F, 0xB6, 0xA5, 0xD6,
+        0x1F, 0x25, 0x74, 0x53, 0xB0, 0x7A, 0xFB, 0x64,
+        0xB0, 0xBA, 0x27, 0x58, 0xBC, 0xD7, 0x35, 0x75,
+        0x1F, 0x2D, 0x53, 0x51, 0x5E, 0x23, 0x6F, 0xE8,
+        0xA5, 0xB4, 0x39, 0x3B, 0x80, 0xBF, 0x06, 0xDF,
+        0x97, 0xBD, 0xC6, 0x38, 0x00, 0x87, 0xE6, 0xAA,
+        0x8D, 0xDE, 0x6E, 0x09, 0x81, 0x11, 0xA7, 0x34,
+        0x3F, 0xCD, 0xD1, 0xE9, 0x03, 0x70, 0x8E, 0x63,
+        0x7E, 0xBF, 0x28, 0x32, 0x3C, 0xDA, 0x6B, 0x94,
+        0x05, 0x81, 0x0E, 0xDC, 0xFB, 0x36, 0x91, 0x14,
+        0x9E, 0xCF, 0x22, 0x4C, 0x50, 0xF8, 0xDF, 0x92,
+        0xA9, 0x4A, 0xA4, 0x77, 0x0A, 0x0E, 0x91, 0x46,
+        0x61, 0x94, 0xBB, 0x0E, 0x27, 0xBF, 0x1C, 0xAB,
+        0xF1, 0x6A, 0xDF, 0xD3, 0x51, 0x22, 0x00, 0x33,
+        0xF7, 0x6F, 0x59, 0x25, 0x55, 0x7B, 0xCF, 0x96,
+        0x34, 0xE9, 0x46, 0x13, 0x59, 0x62, 0x1D, 0x80,
+        0xB4, 0xBB, 0xAD, 0x7E, 0x2A, 0x6E, 0x43, 0x2D,
+        0xC4, 0x3B, 0x12, 0x6C, 0xA4, 0x2A, 0xB8, 0x8A,
+        0xA8, 0x8F, 0x0A, 0x84, 0xAF, 0x58, 0x02, 0x9C,
+        0x99, 0xA0, 0x24, 0x8F, 0x0C, 0x45, 0x40, 0x71,
+        0xF3, 0x5B, 0x83, 0x1F, 0xED, 0x12, 0x54, 0xD6,
+        0xF4, 0xE2, 0x72, 0x04, 0x85, 0x78, 0x62, 0x15,
+        0xF7, 0xC7, 0xF0, 0xC4, 0xED, 0x15, 0xFA, 0x85,
+        0x3C, 0xD3, 0xAA, 0x07, 0x25, 0x9B, 0x39, 0x24,
+        0x0A, 0x82, 0x13, 0x5C, 0x29, 0x23, 0xA7, 0x2B,
+        0x87, 0x6F, 0xAB, 0xB3, 0xF0, 0xF2, 0xC0, 0x96,
+        0x13, 0xDE, 0x39, 0xD4, 0x59, 0xA0, 0x7C, 0x14,
+        0xE7, 0xBA, 0x43, 0x7D, 0x80, 0x41, 0x49, 0x1F,
+        0xCE, 0xC1, 0x43, 0x34, 0x04, 0xBA, 0xD1, 0xDA,
+        0x9E, 0xE9, 0x47, 0x1E, 0x17, 0xCB, 0x69, 0x1B,
+        0x2A, 0x35, 0x37, 0x10, 0xC9, 0xFF, 0xA4, 0xE5,
+        0x17, 0x81, 0x12, 0x02, 0x77, 0x64, 0xEB, 0x7D,
+        0xE8, 0x09, 0xC3, 0xE1, 0xF1, 0xFA, 0x41, 0x78,
+        0xA5, 0xD4, 0xDC, 0x9E, 0xE2, 0x78, 0x57, 0xEF,
+        0xF2, 0x6B, 0x91, 0x71, 0x1F, 0xC1, 0x44, 0xD5,
+        0xA7, 0x75, 0xB8, 0xB5, 0x0D, 0x5D, 0xB9, 0x39,
+        0xBA, 0x32, 0x07, 0x68, 0x0C, 0x24, 0x2F, 0xC8,
+        0x21, 0x94, 0x7F, 0x93, 0x4C, 0x8D, 0xAE, 0xE2,
+        0x03, 0x56, 0x3D, 0x28, 0x60, 0x6B, 0xE6, 0x24,
+        0xA3, 0x29, 0x01, 0x93, 0x2D, 0xAE, 0x85, 0x71,
+        0x2A, 0xF6, 0xC8, 0x01, 0x60, 0x26, 0x92, 0x7E,
+        0x9B, 0x81, 0x29, 0x57, 0x4B, 0xE3, 0xCB, 0x1E,
+        0x95, 0x33, 0x2B, 0x05, 0x27, 0x07, 0xAC, 0x8A,
+        0xA8, 0xF4, 0x35, 0xE8, 0x8B, 0x7E, 0x56, 0x8D,
+        0x49, 0x87, 0xC6, 0xAC, 0x0E, 0x90, 0x2B, 0x06,
+        0x09, 0xA0, 0x2D, 0x91, 0xB3, 0xF5, 0xFD, 0x3F,
+        0xD9, 0x01, 0xDD, 0xD0, 0xDB, 0x98, 0x73, 0xBD,
+        0x7C, 0x71, 0xED, 0x92, 0x1D, 0x45, 0x77, 0xA7,
+        0x8C, 0x4F, 0xCC, 0x9B, 0xF0, 0x75, 0x20, 0x3D,
+        0x38, 0xF5, 0xE7, 0x6E, 0x74, 0xF2, 0x77, 0x48,
+        0x4E, 0x05, 0x7B, 0x61, 0x89, 0x00, 0x41, 0x31,
+        0xB0, 0xC9, 0xB1, 0xA1, 0x55, 0x29, 0x4D, 0x1C,
+        0xD3, 0xD5, 0x20, 0x8E, 0x26, 0x69, 0x01, 0xD7,
+        0xD3, 0x14, 0xFA, 0xCC, 0xE7, 0xE2, 0xAA, 0x58,
+        0x45, 0x83, 0xA1, 0x1E, 0x4D, 0x7C, 0x21, 0xB9,
+        0x4A, 0x32, 0xE5, 0x08, 0xED, 0xDB, 0xBD, 0x7A,
+        0x65, 0xAA, 0x86, 0xB4, 0xFD, 0xFA, 0x6B, 0xC2,
+        0x85, 0xD4, 0xCF, 0xF5, 0x39, 0x26, 0xC7, 0x17,
+        0x3F, 0xBE, 0x1F, 0x89, 0xCC, 0x30, 0x32, 0x34,
+        0xB8, 0x78, 0xC6, 0xB8, 0x10, 0x1F, 0x58, 0xAC,
+        0x8D, 0x3E, 0x5E, 0x1B, 0xF5, 0xAB, 0x6B, 0x26,
+        0x29, 0x7C, 0xC9, 0x7B, 0x95, 0x95, 0x4A, 0xAB,
+        0xDB, 0x25, 0xBE, 0x00, 0x8A, 0x3F, 0x47, 0xE5,
+        0x64, 0x87, 0xB0, 0x0D, 0x3D, 0xED, 0xA8, 0x90,
+        0xD9, 0x2C, 0x83, 0x95, 0x7F, 0xEA, 0xC6, 0xB8,
+        0x29, 0x1A, 0xF6, 0x59, 0x59, 0xE1, 0xD1, 0xFC,
+        0xA3, 0xBD, 0x19, 0x6E, 0x9F, 0xC9, 0xE6, 0x7E,
+        0x06, 0x07, 0x09, 0x48, 0x22, 0xE5, 0xB4, 0x19,
+        0x1D, 0xB9, 0x68, 0x24, 0xB9, 0xF0, 0x3F, 0x2E,
+        0xF5, 0x7F, 0x52, 0x38, 0xBA, 0x7E, 0x1E, 0x84,
+        0xED, 0x55, 0xB7, 0xDF, 0xF3, 0xD6, 0xC2, 0xC1,
+        0x27, 0x36, 0x92, 0xA9, 0xA1, 0x92, 0x72, 0x16,
+        0x61, 0x30, 0xDB, 0x89, 0xFC, 0x67, 0xDC, 0x94,
+        0xDB, 0x61, 0x4E, 0x3E, 0x82, 0xBA, 0x3A, 0x35,
+        0x12, 0xB0, 0x12, 0xD5, 0x1F, 0xB4, 0x86, 0xB5,
+        0xA3, 0x15, 0x0B, 0x78, 0xE7, 0x24, 0xE2, 0xA1,
+        0x2D, 0xE0, 0x7D, 0x86, 0x71, 0xFB, 0xA2, 0xDA,
+        0x7F, 0xD5, 0xD1, 0x47, 0x20, 0x8F, 0xC3, 0xAF,
+        0x65, 0x3E, 0x65, 0x20, 0xFC, 0x40, 0x87, 0x1A,
+        0xF2, 0x17, 0x7E, 0x65, 0xCB, 0xD0, 0xEA, 0xF3,
+        0x04, 0x21, 0x7B, 0x36, 0x7A, 0x66, 0x5F, 0x22,
+        0x4C, 0xAE, 0xDF, 0xE9, 0x30, 0x06, 0xAC, 0x1E,
+        0x14, 0xBC, 0xD6, 0x7A, 0x88, 0xD1, 0x71, 0xF3,
+        0xD8, 0xF3, 0xE3, 0x58, 0xA7, 0x19, 0x26, 0xBA,
+        0x3E, 0x5C, 0x23, 0x9A, 0x53, 0x12, 0x63, 0xEC,
+        0x94, 0x37, 0xBF, 0x2A, 0x03, 0x3B, 0x8B, 0x55,
+        0xB2, 0xC0, 0xCB, 0x6E, 0x7E, 0x97, 0x31, 0x6E,
+        0x22, 0xDF, 0x77, 0xCA, 0xD9, 0x10, 0xD2, 0x0E,
+        0xEC, 0xE1, 0xC5, 0x09, 0x10, 0xA5, 0xCC, 0x32,
+        0xAD, 0xAB, 0x09, 0x37, 0x75, 0x50, 0xF9, 0x2D,
+        0x5B, 0xB1, 0xF4, 0xC0, 0x7F, 0x4A, 0x28, 0x22,
+        0x33, 0x8E, 0x2C, 0xFF, 0x53, 0x48, 0xDF, 0x77,
+        0xCF, 0x8E, 0xF8, 0xE6, 0x65, 0x7D, 0xED, 0x1E,
+        0x0C, 0xE0, 0x58, 0xE3, 0xCC, 0xFB, 0xF3, 0x9B,
+        0x3F, 0x16, 0x6E, 0x30, 0x3D, 0x33, 0xC3, 0x55,
+        0x6C, 0x9A, 0xC8, 0xEC, 0xB3, 0xDF, 0x7C, 0x74,
+        0xAB, 0x36, 0xD0, 0xF2, 0x79, 0x44, 0x41, 0xBA,
+        0x98, 0x08, 0x82, 0x7B, 0x57, 0x8F, 0xB5, 0xC2,
+        0x9E, 0x49, 0x4E, 0x21, 0x53, 0x9A, 0xD3, 0xAB,
+        0x2B, 0x41, 0xBF, 0x16, 0x1D, 0x7F, 0x69, 0x58,
+        0x9D, 0x45, 0x24, 0xC5, 0x4C, 0x89, 0xB4, 0x86,
+        0xF7, 0x5D, 0x25, 0x2F, 0x54, 0x1C, 0xC6, 0x3B,
+        0x9E, 0x70, 0x6D, 0x64, 0xA1, 0x28, 0x9A, 0x23,
+        0x06, 0xC5, 0x95, 0x36, 0x3C, 0xB6, 0xFB, 0xEF,
+        0x0A, 0x1B, 0x5B, 0x17, 0xAB, 0x5B, 0x17, 0x94,
+        0xBF, 0x27, 0x03, 0x6F, 0x64, 0xEA, 0xF0, 0xBD,
+        0x43, 0x0D, 0xD5, 0x8D, 0x80, 0x01, 0x0C, 0xCD,
+        0xAD, 0xA4, 0xA5, 0xA3, 0xA1, 0xE4, 0x1A, 0x6F,
+        0xBF, 0x12, 0x9D, 0x73, 0x77, 0x9A, 0x37, 0xAE,
+        0x5C, 0x8D, 0x68, 0x41, 0xA9, 0x99, 0x3C, 0x51,
+        0xE3, 0x64, 0xE0, 0x4F, 0xAC, 0x8E, 0x25, 0xA4,
+        0xE6, 0x87, 0x2F, 0x6C, 0x86, 0x0F, 0xA2, 0x65,
+        0xC1, 0xC4, 0x42, 0x6A, 0xD9, 0xC2, 0x1D, 0x26,
+        0xDA, 0x8C, 0x27, 0x85, 0x46, 0xAD, 0xCD, 0x83,
+        0x1F, 0x2B, 0x8B, 0x26, 0xD4, 0xE1, 0xF6, 0x70,
+        0x62, 0x3D, 0x95, 0xC8, 0x36, 0x2D, 0xA6, 0x62,
+        0xD1, 0xFF, 0x0A, 0xB6, 0x87, 0x50, 0x3F, 0x32,
+        0x8D, 0xE0, 0x95, 0x81, 0x0E, 0xDE, 0x12, 0xB4,
+        0x9E, 0xAD, 0x15, 0x33, 0x51, 0x95, 0x58, 0xC1,
+        0xE9, 0x40, 0xB4, 0x6E, 0x4E, 0xDB, 0x02, 0x7B,
+        0xE9, 0xDA, 0x20, 0x39, 0xB2, 0x5D, 0xCF, 0x73,
+        0x57, 0xE1, 0x9E, 0x54, 0x16, 0xAE, 0x26, 0x8C,
+        0x14, 0xFB, 0x3A, 0x8B, 0xAB, 0xCB, 0x3D, 0x23,
+        0xF7, 0x0C, 0xC9, 0xD5, 0x96, 0x81, 0xC5, 0xD8,
+        0x33, 0xAC, 0x22, 0xE6, 0x53, 0xD8, 0x6E, 0x22,
+        0xCE, 0x82, 0x25, 0x40, 0x75, 0x5D, 0x8D, 0x24,
+        0x3C, 0x15, 0x21, 0x3D, 0x07, 0x6C, 0x6B, 0x26,
+        0x43, 0x6D, 0xDC, 0x07, 0xC7, 0xE0, 0x01, 0x34,
+        0x7B, 0x0C, 0xB8, 0x78, 0x3D, 0xFE, 0xFE, 0xDF,
+        0x27, 0x5F, 0xEC, 0x47, 0x92, 0x68, 0x67, 0x34,
+        0x00, 0x7F, 0x0F, 0xF8, 0x54, 0x08, 0x11, 0xC2,
+        0xAF, 0xE6, 0xCA, 0x15, 0x14, 0x20, 0x53, 0x2F,
+        0xA5, 0x52, 0x6A, 0x10, 0x74, 0xC3, 0xD7, 0x89,
+        0xF2, 0x93, 0x2D, 0xE4, 0x2E, 0x3A, 0xCF, 0xBF,
+        0x94, 0x76, 0x0F, 0x42, 0x6D, 0x96, 0xCF, 0x03,
+        0x3F, 0xA4, 0x9E, 0x2F, 0x45, 0x8F, 0x9A, 0x9C,
+        0x2E, 0x71, 0xDA, 0xCF, 0xE0, 0x09, 0xDD, 0x9C,
+        0x3F, 0x3C, 0x8A, 0xB3, 0x28, 0x2D, 0x6F, 0x38,
+        0x3B, 0x98, 0x1C, 0x82, 0xD6, 0x36, 0x4F, 0x0E,
+        0x4B, 0xDB, 0x2A, 0xF6, 0xA9, 0x5B, 0xA6, 0x1F,
+        0x47, 0x41, 0x50, 0xCA, 0xD7, 0x23, 0x3F, 0x89,
+        0x03, 0xDF, 0x97, 0x2D, 0xBB, 0x03, 0x28, 0xC0,
+        0xCB, 0x9D, 0x0C, 0xCB, 0xEF, 0x88, 0x3D, 0x2E,
+        0x6A, 0xDD, 0x18, 0x0E, 0xCA, 0x1B, 0x66, 0x2F,
+        0xC1, 0xD2, 0xDB, 0xBD, 0xDB, 0x36, 0x34, 0x21,
+        0x9E, 0x1E, 0xFF, 0x38, 0xB1, 0xE5, 0x28, 0x75,
+        0x35, 0x6C, 0x03, 0xEA, 0xDE, 0x94, 0x20, 0x55,
+        0xF4, 0x83, 0x50, 0x4B, 0xBB, 0xCB, 0x43, 0x02,
+        0xA4, 0x17, 0xCF, 0x6D, 0x32, 0x8E, 0xD7, 0x93,
+        0xB1, 0xA3, 0xC0, 0x96, 0x9B, 0x7B, 0x34, 0x18,
+        0xF5, 0x0A, 0xB3, 0x9F, 0x83, 0xC5, 0x66, 0x6C,
+        0x90, 0xE3, 0x83, 0x56, 0xF7, 0xF9, 0xD4, 0x94,
+        0xA6, 0xDC, 0xB6, 0x3D, 0x67, 0xC3, 0x4E, 0x3D,
+        0x14, 0xA4, 0xE1, 0x55, 0x96, 0x49, 0x79, 0x26,
+        0xC8, 0x56, 0x8D, 0x8E, 0xC3, 0xDB, 0xD9, 0xC2,
+        0xE8, 0x2C, 0x38, 0x5B, 0xCF, 0xB8, 0xD9, 0x67,
+        0x48, 0x63, 0xBD, 0x4F, 0xBF, 0x17, 0x57, 0xDB,
+        0x44, 0x7B, 0xF8, 0x04, 0xAE, 0x95, 0x01, 0x47,
+        0xC9, 0x1F, 0xBF, 0x9A, 0xA1, 0x78, 0x91, 0x04,
+        0x4C, 0xCA, 0xA7, 0x3B, 0x45, 0x52, 0x85, 0x97,
+        0x46, 0x2C, 0xED, 0x75, 0x1D, 0x01, 0x5E, 0xBB,
+        0xA9, 0xE2, 0xB7, 0xCD, 0xCB, 0xE6, 0xDC, 0x05,
+        0xAA, 0x9E, 0xAE, 0x0C, 0x86, 0x84, 0x8A, 0x34,
+        0x75, 0xBB, 0x1C, 0x57, 0x44, 0xF5, 0x90, 0x3E,
+        0xE4, 0xA8, 0x42, 0xA4, 0x69, 0xCC, 0x18, 0x12,
+        0x71, 0xF2, 0x45, 0xAD, 0x70, 0xD0, 0x2A, 0x48,
+        0x37, 0x86, 0x3B, 0x29, 0x6B, 0x4A, 0xDB, 0x4E,
+        0x8D, 0x03, 0xD8, 0x2B, 0x64, 0xAA, 0x11, 0xDD,
+        0x31, 0xCD, 0xF2, 0x1E, 0xDF, 0x1D, 0xFE, 0x32,
+        0x76, 0xC4, 0xDB, 0xC8, 0x77, 0xE3, 0x5B, 0x15,
+        0xFB, 0x28, 0x35, 0xEC, 0x3A, 0x1C, 0x45, 0x31,
+        0x68, 0xA3, 0x8C, 0xA8, 0xE5, 0x63, 0xCF, 0x3E,
+        0x9A, 0x00, 0x73, 0x6C, 0xD5, 0xCF, 0xBD, 0x28,
+        0x41, 0xD1, 0x0F, 0x94, 0xAD, 0x55, 0x79, 0x9C,
+        0x29, 0x27, 0xE5, 0x46, 0x1B, 0x28, 0xBA, 0xC5,
+        0x17, 0x4D, 0x0C, 0xE3, 0xF8, 0xF7, 0xCD, 0x76,
+        0x09, 0xFB, 0xC8, 0xDA, 0x0C, 0x38, 0xCC, 0x21,
+        0x69, 0x5C, 0xED, 0xAD, 0x12, 0xF8, 0xD2, 0xE6,
+        0x49, 0x51, 0xA8, 0x99, 0x6E, 0x51, 0x0D, 0x6D,
+        0x52, 0x79, 0x7C, 0x5B, 0xA0, 0xEB, 0x4A, 0xFA,
+        0x6B, 0xF2, 0xCC, 0x43, 0xDA, 0x09, 0xDE, 0x31,
+        0x79, 0xE8, 0x99, 0xBD, 0x71, 0x88, 0xB3, 0x2A,
+        0x98, 0xA4, 0x99, 0xD3, 0x72, 0xF3, 0x70, 0x7C,
+        0xED, 0x47, 0x9B, 0x09, 0x81, 0xCB, 0x50, 0xC0,
+        0xC0, 0x53, 0x9C, 0xF7, 0xE3, 0x10, 0x0B, 0x72,
+        0x0E, 0x46, 0x66, 0x52, 0xA4, 0xF4, 0x99, 0xC2,
+        0xBA, 0x3A, 0x17, 0xF5, 0x23, 0x22, 0x68, 0x73,
+        0x0B, 0x96, 0x2B, 0xC5, 0x72, 0xC0, 0xDE, 0x96,
+        0xE8, 0xC9, 0xE2, 0x8F, 0x7E, 0x35, 0x32, 0xC2,
+        0x22, 0x41, 0x96, 0xAA, 0x9E, 0x27, 0x68, 0x8D,
+        0xD0, 0x50, 0xD7, 0xCB, 0x78, 0x54, 0xFB, 0x3C,
+        0x35, 0xF9, 0xC6, 0x2E, 0xFB, 0x10, 0xDA, 0x84,
+        0x83, 0x3F, 0x29, 0xBB, 0x1B, 0xE5, 0xEF, 0x3B,
+        0x53, 0x36, 0x38, 0xEE, 0xF7, 0x43, 0xD8, 0x11,
+        0x9D, 0xDC, 0x29, 0x0B, 0xDF, 0x08, 0xB6, 0xF0,
+        0xF9, 0xE4, 0xE1, 0xE1, 0x34, 0x46, 0xC5, 0x3E,
+        0xD6, 0x98, 0x05, 0xDA, 0x26, 0x90, 0x8A, 0x15,
+        0xDF, 0x1C, 0x48, 0xE0, 0x09, 0xEC, 0x12, 0x53,
+        0xBD, 0x5A, 0x58, 0x98, 0xEB, 0xB5, 0x12, 0x1C,
+        0xC2, 0x49, 0x04, 0xC8, 0xB1, 0x0E, 0x24, 0xE6,
+        0x80, 0xE5, 0x65, 0x98, 0x50, 0x76, 0xFD, 0xA1,
+        0x1D, 0x13, 0xFF, 0xDF, 0xA4, 0xDB, 0x28, 0xAC,
+        0x9F, 0x0A, 0xEA, 0x2F, 0x81, 0xFD, 0x7E, 0xD4,
+        0xDC, 0xA8, 0xD3, 0xB2, 0xE3, 0x84, 0x8B, 0x4D,
+        0x60, 0x46, 0xF6, 0xE0, 0xDE, 0x3A, 0x4F, 0x68,
+        0x3F, 0x25, 0xE0, 0x60, 0x5E, 0x84, 0xB3, 0x6F,
+        0x48, 0x3C, 0x40, 0x4E, 0xF8, 0x99, 0xCB, 0x3F,
+        0xCC, 0xBE, 0x8C, 0xB2, 0xA6, 0xF0, 0xA7, 0xE1,
+        0x0B, 0x19, 0x48, 0xCD, 0x4F, 0x93, 0xF1, 0x81,
+        0x55, 0x5F, 0x66, 0x1D, 0x31, 0xD4, 0x26, 0x80,
+        0x8B, 0xBF, 0x9F, 0x66, 0xFD, 0x60, 0xD6, 0x49,
+        0x26, 0x9C, 0xA3, 0xFE, 0x99, 0x1B, 0x22, 0x42,
+        0x8C, 0x37, 0xAD, 0x2A, 0x08, 0x68, 0x0F, 0x74,
+        0x7C, 0xC0, 0x36, 0x0C, 0xCD, 0x37, 0x3D, 0xC6,
+        0xA9, 0xF4, 0x3A, 0x66, 0x47, 0x0E, 0x01, 0x4E,
+        0x72, 0xB3, 0xD8, 0xC3, 0x8E, 0x02, 0x04, 0x42,
+        0xD8, 0xAA, 0xB9, 0x74, 0xE6, 0x04, 0x93, 0x74,
+        0x14, 0x5B, 0x04, 0xCB, 0x7F, 0x30, 0x44, 0xAA,
+        0xC1, 0xEF, 0xDA, 0xB2, 0xA1, 0x8B, 0xB4, 0x64,
+        0xD4, 0xF2, 0xF2, 0xD8, 0x14, 0x39, 0x74, 0xC9,
+        0x5E, 0xEE, 0x85, 0x6D, 0x59, 0xEC, 0x00, 0x28,
+        0x8E, 0xD4, 0x3F, 0xF5, 0xCC, 0x88, 0x03, 0x00,
+        0x6C, 0x99, 0x55, 0x14, 0xA2, 0xCC, 0x9C, 0xA6,
+        0x22, 0xB6, 0x1B, 0xCD, 0x75, 0xEC, 0x51, 0xC2,
+        0x02, 0xA9, 0x17, 0x10, 0x5B, 0x4A, 0x4B, 0xED,
+        0x1B, 0x80, 0x14, 0x68, 0x31, 0xDC, 0xED, 0x07,
+        0xEF, 0xD2, 0xED, 0x25, 0x73, 0x9F, 0x54, 0x09,
+        0x69, 0x11, 0xB1, 0x50, 0xD3, 0x07, 0x7C, 0xCD,
+        0x73, 0x1A, 0x03, 0x61, 0x68, 0x27, 0x25, 0xD5,
+        0x38, 0x03, 0xF8, 0xFC, 0xEA, 0xA8, 0x39, 0x19,
+        0x29, 0x1E, 0xDB, 0x44, 0x93, 0xEC, 0x84, 0xCC,
+        0xE1, 0xD0, 0xF8, 0x2A, 0x67, 0x92, 0x36, 0xEA,
+        0xD1, 0x00, 0x2A, 0xE8, 0x01, 0x8C, 0xAC, 0x9F,
+        0xDB, 0xD2, 0x46, 0xFF, 0x09, 0x3D, 0x80, 0x3C,
+        0x0D, 0xE3, 0x32, 0x6A, 0x57, 0x90, 0x7B, 0x0D,
+        0xD6, 0xB0, 0x1D, 0x08, 0x14, 0x58, 0xC7, 0x57,
+        0x28, 0xC6, 0x00, 0x82, 0x99, 0x28, 0x89, 0x0A,
+        0x56, 0xAA, 0xAF, 0xEF, 0xCF, 0x74, 0x23, 0xB7,
+        0x0A, 0x6D, 0x86, 0xB4, 0x15, 0xB8, 0x35, 0x8D,
+        0xD0, 0x44, 0xAB, 0xEE, 0x00, 0xB9, 0xC9, 0x79,
+        0x5F, 0xC8, 0xF6, 0x1A, 0x64, 0x68, 0x6D, 0xF5,
+        0xF8, 0x76, 0xA8, 0xF3, 0x30, 0x61, 0x59, 0x9A,
+        0xE8, 0x30, 0xF7, 0xEB, 0x4C, 0x4B, 0xFF, 0x87,
+        0x5F, 0x4A, 0x93, 0x6C, 0x40, 0x3C, 0x5D, 0x16,
+        0x0D, 0xE5, 0xD3, 0x3C, 0xAE, 0xE4, 0x0F, 0xB7,
+        0x18, 0xDD, 0xA4, 0x47, 0x8A, 0xC6, 0xF5, 0x1C,
+        0x59, 0xC2, 0x15, 0x52, 0x54, 0xBD, 0x77, 0x67,
+        0x11, 0x18, 0x41, 0x1E, 0x26, 0x09, 0xD0, 0x00,
+        0x30, 0x6F, 0xC9, 0x50, 0x70, 0x04, 0xA3, 0x1E,
+        0x89, 0x57, 0xEA, 0x40, 0xC2, 0x56, 0x4B, 0x83,
+        0xC3, 0xAB, 0xB7, 0x1A, 0x87, 0xC1, 0x1B, 0xD1,
+        0x8D, 0x78, 0x91, 0xC4, 0x49, 0xDB, 0xBE, 0x79,
+        0xB4, 0xA4, 0xFB, 0x04, 0x83, 0x07, 0xCE, 0x0E,
+        0x81, 0x2B, 0x2C, 0x68, 0xEC, 0xAB, 0x77, 0xFD,
+        0x11, 0x11, 0x52, 0x6A, 0xB0, 0x81, 0x73, 0x06,
+        0xCE, 0xBC, 0xB0, 0x49, 0x7C, 0x55, 0x24, 0x31,
+        0xCE, 0x15, 0xE4, 0xAB, 0x52, 0x28, 0x3F, 0x67,
+        0x94, 0x80, 0xD6, 0x9D, 0xDD, 0xE1, 0xF2, 0x57,
+        0x9C, 0xFD, 0xBE, 0x0B, 0xCA, 0x95, 0xFC, 0x5B,
+        0x2D, 0xB0, 0xC5, 0xCC, 0x76, 0xA3, 0x19, 0x50,
+        0xF5, 0x11, 0x6A, 0xAE, 0x5F, 0x02, 0xD4, 0x67,
+        0x10, 0xE4, 0x25, 0x7A, 0x75, 0xFD, 0xED, 0xF2,
+        0xF4, 0x7C, 0xE3, 0x7C, 0x20, 0x3E, 0x7F, 0x24,
+        0xD3, 0xC9, 0x17, 0x97, 0x13, 0xC5, 0xD8, 0x07,
+        0xC2, 0x96, 0x14, 0x9A, 0x75, 0xCC, 0xB4, 0x44,
+        0xF0, 0xC6, 0xF6, 0xAB, 0xDD, 0x2D, 0xBB, 0x29,
+        0x85, 0xFE, 0x26, 0x74, 0x82, 0x85, 0x8A, 0x1E
+    };
+#endif /* WOLFSSL_NO_ML_DSA_65 */
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte seed_87[] = {
+        0x38, 0x35, 0x9F, 0xBC, 0xD7, 0x95, 0x82, 0xCF,
+        0xFE, 0x60, 0x9E, 0x13, 0x7E, 0xE2, 0xEF, 0xE8,
+        0xA8, 0xDB, 0xCB, 0xAD, 0x18, 0xBA, 0x92, 0xBB,
+        0x43, 0x3A, 0xB4, 0xF0, 0x9B, 0x49, 0x29, 0x9D
+    };
+    static const byte pk_87[] = {
+        0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF,
+        0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4,
+        0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA,
+        0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00,
+        0x83, 0x01, 0xE6, 0x66, 0xF5, 0x9D, 0x3E, 0xC5,
+        0x04, 0x4D, 0xE4, 0x56, 0x78, 0x8F, 0xDE, 0x19,
+        0xEB, 0x39, 0x67, 0x7B, 0x5F, 0x9F, 0xE1, 0x41,
+        0x50, 0xDA, 0x46, 0x3A, 0x70, 0x6F, 0x3B, 0xAF,
+        0x71, 0x5B, 0x95, 0x33, 0x6B, 0x2D, 0x68, 0x5A,
+        0x7C, 0xD7, 0x88, 0x07, 0x13, 0xE4, 0x58, 0x7B,
+        0xF7, 0xD8, 0x57, 0xBF, 0x7E, 0x31, 0x56, 0x96,
+        0xB8, 0xD0, 0xD9, 0xD4, 0x9E, 0x14, 0x29, 0x18,
+        0xBF, 0x09, 0x74, 0xE7, 0xF4, 0x32, 0x37, 0xD4,
+        0xBE, 0x3A, 0xD3, 0x94, 0x59, 0x9E, 0x3D, 0x39,
+        0xBB, 0x76, 0x49, 0x93, 0x25, 0x53, 0x44, 0x7E,
+        0x5D, 0x5A, 0xCC, 0x34, 0x99, 0x93, 0x01, 0x76,
+        0xEC, 0xD3, 0xA8, 0x44, 0xA4, 0x25, 0xF5, 0x0D,
+        0x05, 0x11, 0xC9, 0x22, 0x6C, 0x4B, 0x9A, 0x24,
+        0xF2, 0xA0, 0x11, 0xCD, 0x88, 0xD3, 0x23, 0x08,
+        0xE0, 0x31, 0x2A, 0x0C, 0x87, 0xCC, 0x34, 0xA9,
+        0x95, 0x82, 0x3C, 0x65, 0xF4, 0xF0, 0xF9, 0x8E,
+        0x50, 0xC3, 0x77, 0x88, 0xCE, 0x38, 0xDC, 0x28,
+        0xFB, 0x8B, 0x9B, 0xFA, 0xAF, 0xA9, 0x04, 0xB5,
+        0x41, 0xEE, 0x71, 0x2F, 0x6A, 0x04, 0x1E, 0x06,
+        0x11, 0x37, 0x4F, 0x6B, 0xF1, 0x7E, 0xAC, 0x0B,
+        0xD5, 0x6F, 0x3B, 0x6B, 0xF3, 0x36, 0xDA, 0x92,
+        0x42, 0x07, 0x0C, 0x24, 0x69, 0xA2, 0x0C, 0x4D,
+        0x16, 0x16, 0x14, 0x9A, 0x61, 0x59, 0x25, 0x20,
+        0x11, 0xD2, 0x99, 0xF9, 0x3F, 0x98, 0x6D, 0x87,
+        0x5D, 0xD3, 0x0B, 0x38, 0xA2, 0x25, 0x49, 0x17,
+        0x45, 0x70, 0x13, 0x8C, 0x2B, 0xB3, 0xAA, 0x9C,
+        0xBE, 0xA9, 0x19, 0x74, 0xF3, 0xD8, 0x9B, 0xF5,
+        0xAE, 0x32, 0xBE, 0x9E, 0x58, 0xB8, 0x54, 0xA2,
+        0xF8, 0xE8, 0x6F, 0xF7, 0x67, 0x80, 0xC0, 0x34,
+        0x90, 0xF4, 0x67, 0xDB, 0x06, 0x51, 0xC2, 0x0B,
+        0x1D, 0xF6, 0x0E, 0xB9, 0x7A, 0x3C, 0x99, 0xD9,
+        0xBD, 0x66, 0x4B, 0xE6, 0xA5, 0xE4, 0xC8, 0xA8,
+        0xAD, 0x4C, 0xC3, 0x63, 0x90, 0xD7, 0x00, 0x4E,
+        0x4B, 0xB4, 0x21, 0xDA, 0xED, 0x65, 0x4C, 0x35,
+        0x7D, 0xA4, 0xD6, 0x84, 0x98, 0x93, 0x3E, 0xC7,
+        0x17, 0x77, 0xAD, 0x64, 0xC2, 0xAE, 0x01, 0x3C,
+        0x73, 0xEB, 0x45, 0x7C, 0x68, 0xEF, 0x9A, 0x74,
+        0x5A, 0xDE, 0xEB, 0x4F, 0xDF, 0xC8, 0x79, 0xE7,
+        0x74, 0xD0, 0x3F, 0xAF, 0x6B, 0x14, 0xAA, 0xB1,
+        0x07, 0x52, 0xE2, 0x4B, 0x52, 0xD0, 0xF2, 0xD9,
+        0x4D, 0x54, 0x0A, 0x1E, 0xBE, 0x10, 0xF5, 0x97,
+        0xE5, 0x14, 0x44, 0x2D, 0x6C, 0x13, 0xC2, 0xE2,
+        0x49, 0x8E, 0x8A, 0xF3, 0x01, 0x7C, 0x52, 0xDB,
+        0x23, 0x3A, 0x90, 0x71, 0x7D, 0xF2, 0x5B, 0x4D,
+        0x07, 0x2B, 0x7D, 0x88, 0xEE, 0x87, 0x31, 0xD1,
+        0x68, 0x24, 0xC9, 0x5D, 0x1F, 0xB9, 0x83, 0xC4,
+        0x49, 0xDE, 0xB4, 0x66, 0x27, 0x60, 0x60, 0xFE,
+        0xE4, 0xC7, 0xEE, 0x38, 0x14, 0x51, 0xF2, 0x32,
+        0xC2, 0x9C, 0x7C, 0x32, 0x20, 0x85, 0x0C, 0x61,
+        0xD1, 0xC3, 0xC0, 0x0D, 0xB1, 0xCD, 0x97, 0x26,
+        0xA0, 0x2A, 0x56, 0x60, 0x9F, 0x3A, 0x65, 0xD3,
+        0xD1, 0x64, 0x60, 0x45, 0x88, 0xCD, 0x9B, 0x43,
+        0x14, 0x12, 0xF1, 0xAD, 0xD9, 0x14, 0xC5, 0xC2,
+        0xDA, 0xBB, 0xC9, 0x04, 0x67, 0xC0, 0xC4, 0xEA,
+        0x5F, 0x76, 0xE2, 0x4A, 0xA6, 0x18, 0x76, 0x5F,
+        0x8B, 0x06, 0x36, 0xD7, 0xB0, 0x65, 0xE1, 0xF4,
+        0xE6, 0xF6, 0x22, 0xEA, 0xE1, 0x71, 0x52, 0x45,
+        0x8C, 0x76, 0x65, 0x86, 0x77, 0x2D, 0x36, 0x3F,
+        0xA9, 0x92, 0x14, 0xF4, 0x72, 0xB0, 0xDB, 0x8A,
+        0x1E, 0x49, 0xD8, 0x2D, 0x02, 0x78, 0xF2, 0x95,
+        0x8B, 0x0A, 0xAA, 0x15, 0x86, 0xDB, 0x13, 0x4B,
+        0xDF, 0xD2, 0x43, 0x87, 0x42, 0x49, 0x50, 0x07,
+        0xE2, 0xFE, 0x5B, 0x60, 0xE2, 0x46, 0x39, 0x92,
+        0x26, 0x94, 0x7A, 0x12, 0xEA, 0x17, 0x63, 0x1C,
+        0xAA, 0x53, 0x46, 0x87, 0xCB, 0x75, 0xC0, 0x60,
+        0xB4, 0x79, 0x7E, 0xAB, 0x82, 0x77, 0xCC, 0x4F,
+        0x8A, 0x7A, 0x20, 0x38, 0x76, 0x06, 0xEF, 0xE2,
+        0xDB, 0xD3, 0xE7, 0x36, 0x24, 0x92, 0x77, 0xD9,
+        0x0F, 0xCA, 0xB9, 0x92, 0xA8, 0xC9, 0x9E, 0x85,
+        0xAB, 0x03, 0xEB, 0x4C, 0xAC, 0x5D, 0x88, 0x55,
+        0x39, 0x58, 0x52, 0x8A, 0xF9, 0x29, 0x74, 0x71,
+        0x81, 0x35, 0xF1, 0xD0, 0xC7, 0x93, 0xEB, 0x00,
+        0x0E, 0xA0, 0xAE, 0xC3, 0xEC, 0x18, 0x58, 0xFD,
+        0xD1, 0x86, 0x88, 0xD1, 0xDA, 0x27, 0x27, 0x8D,
+        0xEB, 0xF2, 0xCA, 0x81, 0x10, 0xBA, 0x4A, 0x20,
+        0x4F, 0x79, 0x30, 0xE1, 0xC8, 0xCE, 0xEC, 0xAF,
+        0xB7, 0x3F, 0x75, 0xDD, 0xB3, 0x4C, 0x5C, 0x55,
+        0x96, 0x8A, 0x79, 0x33, 0x05, 0x84, 0x26, 0xB5,
+        0x5D, 0x03, 0x9F, 0x72, 0x92, 0xAC, 0x43, 0xF6,
+        0x45, 0x84, 0xF6, 0xDF, 0x18, 0x7A, 0x1D, 0x6B,
+        0x00, 0x3F, 0x51, 0x4C, 0xC1, 0x3B, 0x26, 0xC2,
+        0xF3, 0x48, 0x19, 0x5A, 0xA3, 0x21, 0xDE, 0x6A,
+        0x27, 0xEC, 0x11, 0x34, 0x8D, 0xE5, 0x0D, 0x82,
+        0x5A, 0x29, 0x64, 0xC6, 0x31, 0x99, 0x2E, 0x4B,
+        0x0B, 0x42, 0x5B, 0x1B, 0xEB, 0x4F, 0x96, 0x00,
+        0xE3, 0xAD, 0xC4, 0x43, 0x1C, 0xF2, 0xE8, 0x8B,
+        0x42, 0x23, 0xD2, 0xDB, 0x66, 0x3C, 0x3C, 0xE7,
+        0x0E, 0xF8, 0x5D, 0xDD, 0x56, 0xA9, 0xBA, 0xF1,
+        0x38, 0xA9, 0xD7, 0xED, 0xD8, 0x94, 0x13, 0x1C,
+        0x3A, 0x8F, 0x41, 0xA0, 0x4E, 0xF9, 0xF8, 0x67,
+        0x52, 0xB7, 0x21, 0x81, 0xFA, 0xBB, 0x37, 0xC8,
+        0x6B, 0x87, 0x7E, 0x61, 0xD6, 0x0E, 0xED, 0x95,
+        0xEE, 0xFF, 0xAB, 0xE6, 0x37, 0x6E, 0x14, 0xAC,
+        0xA8, 0x17, 0xC5, 0xF4, 0x19, 0x61, 0xAF, 0x8A,
+        0x78, 0x49, 0xBA, 0xC0, 0x94, 0x91, 0x7B, 0x2D,
+        0x13, 0x22, 0x76, 0xB6, 0xB3, 0x48, 0x6A, 0xFF,
+        0x95, 0x0D, 0x23, 0xD4, 0xAA, 0xDC, 0x24, 0xCE,
+        0x98, 0xA5, 0x26, 0x9E, 0x1C, 0x69, 0x91, 0x79,
+        0x60, 0xA3, 0x1E, 0xE0, 0x9A, 0x52, 0x7C, 0x35,
+        0x81, 0x75, 0xCA, 0xA0, 0xCB, 0x1B, 0x01, 0x8E,
+        0x95, 0x26, 0xD9, 0x35, 0x34, 0xEA, 0xDB, 0xAC,
+        0xB5, 0x2B, 0x27, 0x3D, 0x73, 0x5E, 0x22, 0xDD,
+        0x0D, 0x5C, 0x28, 0xFA, 0x3E, 0x47, 0xCF, 0xE9,
+        0x0B, 0x52, 0x15, 0xAE, 0x24, 0xF1, 0x46, 0xC3,
+        0x46, 0x4B, 0xFE, 0xAF, 0x01, 0xD2, 0x8D, 0xAA,
+        0x55, 0x3C, 0x1E, 0x94, 0x42, 0x8A, 0x10, 0x4A,
+        0x9D, 0x78, 0xAE, 0xC7, 0x62, 0x59, 0x1E, 0x88,
+        0x79, 0xF7, 0x68, 0x51, 0xCF, 0xB4, 0x64, 0x85,
+        0x66, 0x72, 0x1B, 0x0C, 0xAC, 0x1F, 0x14, 0xFE,
+        0x16, 0x14, 0x9A, 0x9D, 0x82, 0x10, 0xCC, 0x8F,
+        0x2F, 0x50, 0xDE, 0xF7, 0xB4, 0x6C, 0x84, 0x3B,
+        0xE9, 0x3B, 0xD8, 0xD5, 0x56, 0x02, 0x49, 0x33,
+        0x50, 0xAB, 0x56, 0x0E, 0xA5, 0xBA, 0x17, 0x71,
+        0x64, 0x23, 0xBE, 0x0E, 0xB8, 0x36, 0x0A, 0xB1,
+        0x09, 0xD8, 0xFB, 0x18, 0xBF, 0xEA, 0x04, 0x08,
+        0x47, 0xB7, 0x33, 0x51, 0x45, 0xD4, 0xF2, 0x00,
+        0xD1, 0x9C, 0xF6, 0xFE, 0x7B, 0xAC, 0x91, 0x7F,
+        0x42, 0x6C, 0x9B, 0x3D, 0x39, 0xA9, 0xCA, 0x43,
+        0x29, 0x81, 0x8F, 0x24, 0x0E, 0x7D, 0xA3, 0x82,
+        0x76, 0x10, 0x72, 0xF4, 0xA6, 0x50, 0x5E, 0xA8,
+        0xE7, 0x6C, 0x1E, 0x44, 0x6F, 0xEB, 0x66, 0x25,
+        0xE3, 0x8D, 0xDB, 0xCD, 0x3C, 0xDA, 0x81, 0xE8,
+        0x3B, 0xF7, 0x68, 0xF3, 0xE0, 0x1D, 0x9D, 0x26,
+        0x3B, 0x36, 0x73, 0x03, 0xAE, 0x15, 0x6C, 0x0B,
+        0x71, 0x83, 0x36, 0x4A, 0x1E, 0x79, 0x41, 0xA0,
+        0x92, 0x98, 0xA3, 0xAD, 0xF7, 0xBD, 0x23, 0x1E,
+        0x61, 0x14, 0xB9, 0xDC, 0xE7, 0x95, 0x2B, 0x11,
+        0x3F, 0x78, 0x16, 0x31, 0x38, 0xB9, 0x26, 0x6F,
+        0x84, 0x3F, 0x1E, 0xD9, 0x7D, 0x9C, 0x2B, 0x16,
+        0x3A, 0x6E, 0x8B, 0xD4, 0xC1, 0xAB, 0x4E, 0x17,
+        0x93, 0x67, 0xC5, 0xAC, 0x96, 0xCE, 0xCF, 0x50,
+        0x50, 0xFE, 0x82, 0x1F, 0xDF, 0xA4, 0x4E, 0x9E,
+        0x68, 0x0B, 0x61, 0xC6, 0x01, 0x89, 0x32, 0xDF,
+        0x71, 0x78, 0x11, 0x45, 0x9A, 0xF2, 0x54, 0x2E,
+        0x2C, 0xDE, 0x77, 0x17, 0x8C, 0x2E, 0x98, 0x80,
+        0xF0, 0x11, 0xE4, 0x05, 0xEA, 0xFA, 0x59, 0xC8,
+        0xCB, 0xBE, 0xD7, 0x6E, 0x5A, 0x19, 0x41, 0x10,
+        0x4B, 0x1B, 0x9D, 0x3A, 0x60, 0x49, 0x1C, 0x95,
+        0x47, 0x55, 0xE0, 0x2E, 0x89, 0x41, 0x03, 0xF1,
+        0xF4, 0x97, 0x74, 0x75, 0xE9, 0xEA, 0x36, 0x60,
+        0x9F, 0xD6, 0x7C, 0x9D, 0xE3, 0x18, 0xED, 0xA2,
+        0x37, 0x0D, 0xCC, 0xDB, 0xB9, 0xCE, 0xF7, 0xAE,
+        0x63, 0x60, 0x90, 0x5E, 0xC2, 0x20, 0x83, 0x8C,
+        0x97, 0x69, 0x82, 0x34, 0x41, 0xCD, 0xD0, 0xDA,
+        0x8E, 0xF0, 0xAB, 0xE5, 0xF2, 0xD1, 0xD7, 0x6E,
+        0x2F, 0xE0, 0x8F, 0xEF, 0x53, 0xDE, 0x1D, 0x61,
+        0x66, 0xAB, 0x1A, 0x92, 0xB1, 0xAC, 0x09, 0x3E,
+        0x5A, 0xBF, 0x76, 0x58, 0xC4, 0xB5, 0x72, 0x87,
+        0xF2, 0xD1, 0xFD, 0x7B, 0x82, 0xDE, 0xDA, 0xF8,
+        0xD5, 0xA4, 0xFB, 0xAC, 0x4B, 0x35, 0xD5, 0x82,
+        0x31, 0x69, 0x4E, 0x16, 0x24, 0x97, 0x57, 0x8A,
+        0xBD, 0x7A, 0xA7, 0xC8, 0xFE, 0x7B, 0x35, 0x41,
+        0xA7, 0xF1, 0x8E, 0x54, 0xE8, 0xB7, 0xF0, 0x87,
+        0x64, 0xC5, 0xE6, 0x84, 0x49, 0xDF, 0x65, 0x59,
+        0x01, 0x54, 0x98, 0x32, 0xD6, 0x28, 0xFA, 0x63,
+        0xD2, 0xB2, 0xC5, 0xA1, 0x50, 0x93, 0x39, 0x94,
+        0xA9, 0x86, 0x33, 0x17, 0xAD, 0x40, 0xD7, 0x78,
+        0xD9, 0xD2, 0xC0, 0x5C, 0x78, 0x98, 0x85, 0x0B,
+        0x90, 0x17, 0x32, 0x23, 0xC7, 0xA0, 0xAF, 0x89,
+        0x0F, 0xD7, 0xE6, 0x62, 0x21, 0xB6, 0xF0, 0x63,
+        0x18, 0xB2, 0xED, 0x5E, 0x19, 0x9C, 0xB4, 0x24,
+        0x88, 0x5A, 0xB8, 0x41, 0xE7, 0xA4, 0x72, 0x6F,
+        0xAB, 0xA2, 0xF9, 0xBB, 0x53, 0xBC, 0x32, 0x36,
+        0x43, 0x4C, 0x35, 0xFB, 0xBE, 0x4B, 0x1A, 0x0F,
+        0x93, 0xF5, 0x0C, 0x37, 0x89, 0x6C, 0x29, 0xF8,
+        0xE3, 0x02, 0xAD, 0x31, 0xED, 0x33, 0x31, 0xD6,
+        0x20, 0xE3, 0xB6, 0x29, 0x45, 0x51, 0x01, 0xA1,
+        0xF1, 0xCC, 0x7B, 0xA5, 0xE4, 0x6E, 0x68, 0xED,
+        0x4A, 0x8C, 0xCC, 0x87, 0xB4, 0xDC, 0x75, 0xBC,
+        0x01, 0x62, 0xB6, 0x33, 0x0F, 0x83, 0x3F, 0xBA,
+        0x25, 0x75, 0xDF, 0xAF, 0x5B, 0x5F, 0x28, 0xBC,
+        0x54, 0xFF, 0x2B, 0xA8, 0x1E, 0x7A, 0x47, 0x31,
+        0x3C, 0x15, 0x48, 0x2B, 0x60, 0x5E, 0x66, 0xBB,
+        0x38, 0xC6, 0x19, 0x8F, 0x13, 0x92, 0x10, 0x40,
+        0x80, 0xFB, 0xE7, 0x8B, 0x86, 0xB1, 0xBC, 0x9A,
+        0x6F, 0xB8, 0x81, 0xF5, 0xC7, 0x82, 0x01, 0x47,
+        0xE6, 0xBA, 0x14, 0xB8, 0x1A, 0xCC, 0xF2, 0x0C,
+        0xAE, 0x96, 0x64, 0x10, 0x94, 0xC2, 0x16, 0x90,
+        0x2E, 0xA5, 0xC1, 0x25, 0xF6, 0xC9, 0x35, 0xA1,
+        0x50, 0xD7, 0xC9, 0xAC, 0xC5, 0xD9, 0xE2, 0xE5,
+        0xD9, 0x0E, 0x38, 0xC0, 0x50, 0x3A, 0xA9, 0x42,
+        0x60, 0x17, 0xC7, 0x6A, 0xAF, 0xCD, 0x52, 0x61,
+        0xB5, 0x06, 0x27, 0x4E, 0xC1, 0x3A, 0x96, 0x79,
+        0xFB, 0x09, 0x79, 0x60, 0x27, 0xA4, 0xBB, 0x75,
+        0x9D, 0x92, 0x82, 0x79, 0xB9, 0x4D, 0x84, 0x1A,
+        0x09, 0x73, 0x93, 0xBF, 0x7E, 0x5B, 0xD6, 0x9A,
+        0x49, 0x6C, 0xC3, 0xDE, 0xCD, 0x2B, 0x0F, 0x07,
+        0xF8, 0x33, 0x92, 0xAA, 0xDE, 0x33, 0xDC, 0x51,
+        0xB2, 0xA8, 0x4F, 0x6A, 0x07, 0x63, 0x5D, 0xC0,
+        0xEF, 0x57, 0xA9, 0xAD, 0x59, 0x59, 0xB6, 0xA5,
+        0x0B, 0x7B, 0xA5, 0x09, 0xAD, 0x5B, 0x11, 0xFA,
+        0xD2, 0x6B, 0x41, 0x9F, 0x9F, 0x1E, 0x3F, 0x9C,
+        0x73, 0x29, 0xB5, 0xA9, 0x53, 0xD7, 0xCC, 0x87,
+        0xB2, 0xDE, 0x21, 0x06, 0x11, 0xCF, 0x52, 0xA6,
+        0x39, 0xEF, 0x2B, 0x39, 0x08, 0x01, 0x2C, 0xB8,
+        0x8E, 0x1D, 0x6F, 0x57, 0x62, 0x50, 0x79, 0xCB,
+        0x10, 0x3D, 0x6C, 0x98, 0x10, 0x1A, 0x11, 0xBD,
+        0x22, 0x33, 0xB6, 0x56, 0x02, 0xCA, 0x30, 0x49,
+        0xBD, 0x32, 0x05, 0x20, 0x41, 0x9F, 0x76, 0xB0,
+        0x61, 0xE3, 0x59, 0x8D, 0xE3, 0x81, 0x52, 0xC8,
+        0x87, 0x67, 0xD1, 0xA2, 0x4F, 0xBD, 0x02, 0xBB,
+        0x10, 0xC3, 0x8E, 0xAC, 0xAE, 0x31, 0x7D, 0xE6,
+        0xBB, 0x28, 0x7B, 0x4D, 0x2C, 0xAE, 0x5D, 0xA0,
+        0x21, 0x49, 0x65, 0xD8, 0x77, 0x37, 0x78, 0x62,
+        0x6E, 0x9B, 0x97, 0x28, 0x59, 0xD8, 0x48, 0x2B,
+        0x8D, 0x05, 0x47, 0xE4, 0xF5, 0x6D, 0xFF, 0x87,
+        0x68, 0x1D, 0x5B, 0xC5, 0x12, 0x0F, 0x61, 0x3F,
+        0xBB, 0xD9, 0x1E, 0x1F, 0x14, 0xE6, 0xDE, 0xFE,
+        0x67, 0x2E, 0x2A, 0x7E, 0xAB, 0xCB, 0xBB, 0x9B,
+        0x11, 0x08, 0x2C, 0x5E, 0x70, 0x0A, 0xA0, 0xB1,
+        0xF7, 0xC1, 0x78, 0x5F, 0xCE, 0xD1, 0x9A, 0x93,
+        0xAF, 0xE7, 0xC5, 0x9F, 0xA2, 0x51, 0x9B, 0xCD,
+        0xEB, 0x49, 0x4C, 0x3D, 0x13, 0xB2, 0x12, 0x5F,
+        0x38, 0x53, 0x23, 0xB8, 0x16, 0xC6, 0x8F, 0x8F,
+        0x56, 0x28, 0xC7, 0xC2, 0xAB, 0xFD, 0x02, 0x78,
+        0xA3, 0x37, 0x07, 0x3D, 0xA7, 0x4D, 0x16, 0x09,
+        0x96, 0x98, 0xC4, 0xB1, 0x14, 0xE8, 0xA8, 0xCE,
+        0x34, 0x4E, 0x0A, 0x15, 0xD0, 0xFC, 0x7E, 0xD4,
+        0x97, 0xB0, 0x01, 0xD5, 0x3D, 0x4C, 0x96, 0xDC,
+        0x39, 0x54, 0xD3, 0xB4, 0xB9, 0x56, 0xCB, 0x9D,
+        0x2A, 0x27, 0x2C, 0x51, 0xF1, 0x55, 0x9B, 0x22,
+        0x90, 0x4B, 0x40, 0xCC, 0x85, 0x31, 0xE4, 0x0C,
+        0xC4, 0x12, 0xC6, 0x8C, 0xB6, 0xEE, 0xA4, 0xA4,
+        0x09, 0x0B, 0x38, 0xE2, 0x79, 0x73, 0x29, 0x98,
+        0x54, 0x67, 0xE8, 0x18, 0xA5, 0x24, 0xD3, 0x22,
+        0x8E, 0xAC, 0xAE, 0x78, 0x25, 0xD3, 0xDA, 0xD2,
+        0xEA, 0xA4, 0x22, 0xFD, 0xC7, 0x7A, 0xED, 0x71,
+        0xA2, 0x05, 0xDA, 0x78, 0x38, 0xD9, 0x45, 0xE7,
+        0xFE, 0xC3, 0x7E, 0x4D, 0xCA, 0x67, 0xE5, 0x04,
+        0xCE, 0x35, 0xE5, 0xB0, 0x45, 0xF5, 0x6F, 0x1E,
+        0x8D, 0x75, 0x29, 0xEB, 0xD6, 0xF1, 0xAF, 0x7B,
+        0x6E, 0x93, 0x9E, 0x2B, 0x7A, 0xB4, 0x02, 0x7D,
+        0x37, 0xA5, 0x13, 0x5D, 0x17, 0x2D, 0xA1, 0xAF,
+        0x9C, 0xA2, 0xF7, 0x28, 0xA6, 0xF3, 0x7D, 0xE6,
+        0x0D, 0xD2, 0x3D, 0x97, 0xD1, 0x1E, 0x75, 0xAB,
+        0x1F, 0xD5, 0x1F, 0x8E, 0x9A, 0x13, 0x97, 0xE5,
+        0x82, 0x21, 0x59, 0xDB, 0x58, 0x38, 0x02, 0xB3,
+        0x2E, 0xEB, 0xB4, 0x56, 0x7E, 0xCE, 0x37, 0x46,
+        0xD1, 0xAE, 0x33, 0x31, 0x47, 0x85, 0x64, 0x3D,
+        0xD2, 0xA0, 0x74, 0x1E, 0x7F, 0x1B, 0xF2, 0xD2,
+        0x61, 0xF2, 0x21, 0x24, 0xE8, 0xDD, 0xD0, 0x8C,
+        0x64, 0x0A, 0x48, 0xB5, 0x47, 0x17, 0x51, 0x7C,
+        0x21, 0xCD, 0x32, 0x53, 0x28, 0xBC, 0x23, 0x9C,
+        0xA0, 0x28, 0xB2, 0x63, 0x0D, 0x06, 0x3C, 0x8C,
+        0xC2, 0x0B, 0xE9, 0xBD, 0xB4, 0x85, 0x02, 0xDA,
+        0xDD, 0xE7, 0x3F, 0xFE, 0xD5, 0x96, 0x38, 0x16,
+        0x53, 0x3E, 0x02, 0x0A, 0xED, 0x12, 0x08, 0x53,
+        0x62, 0x55, 0xB1, 0xCC, 0xE9, 0x85, 0x43, 0x31,
+        0x27, 0xFF, 0x4F, 0x04, 0xD5, 0xB1, 0xE2, 0xF2,
+        0x10, 0x87, 0x04, 0xB8, 0xB9, 0x66, 0x58, 0x8C,
+        0x01, 0x56, 0xAF, 0xC2, 0xAE, 0x19, 0x29, 0x86,
+        0xFB, 0xEC, 0x44, 0x3B, 0xAE, 0xF6, 0xCB, 0x85,
+        0xA6, 0xF2, 0x9C, 0x77, 0x92, 0x40, 0x5A, 0x24,
+        0x11, 0x47, 0x10, 0xAE, 0x1C, 0x74, 0x64, 0x44,
+        0xFD, 0xF5, 0xFB, 0x65, 0x9E, 0x5E, 0x34, 0x68,
+        0x26, 0x20, 0x7B, 0x8C, 0x54, 0x46, 0x3A, 0x06,
+        0x17, 0xCE, 0x17, 0xFF, 0x33, 0xE4, 0x0F, 0x93,
+        0x1F, 0xE5, 0x76, 0x71, 0x5C, 0x93, 0x2E, 0xF2,
+        0x9F, 0xD7, 0x6B, 0x04, 0xA6, 0x9B, 0x58, 0xE0,
+        0x30, 0x3D, 0x8E, 0xF2, 0x56, 0x78, 0xC8, 0xB7,
+        0x0A, 0xF1, 0x2E, 0x90, 0x45, 0x59, 0x1C, 0x04,
+        0xE8, 0xB7, 0x71, 0x06, 0x94, 0x04, 0x15, 0x17,
+        0x7E, 0x86, 0x85, 0x93, 0xA0, 0x9C, 0x7E, 0x14,
+        0x61, 0x9A, 0x4B, 0x33, 0x2F, 0x9A, 0xDC, 0x3A,
+        0x65, 0x8B, 0x86, 0x01, 0x7F, 0x32, 0x65, 0x6C,
+        0x54, 0x29, 0xC1, 0x15, 0xE1, 0x10, 0x03, 0x7A,
+        0x8C, 0xC7, 0xE5, 0x44, 0x67, 0x7D, 0x2D, 0xD2,
+        0x39, 0xA5, 0x9D, 0x54, 0xD0, 0xF3, 0xC7, 0x46,
+        0x0E, 0xC1, 0x52, 0x08, 0x34, 0x6B, 0xA5, 0x6D,
+        0xF5, 0x08, 0x6C, 0x5D, 0xBC, 0xC4, 0x1E, 0x0C,
+        0x95, 0xFC, 0xB6, 0x86, 0x1C, 0x2C, 0x0C, 0x32,
+        0xAA, 0xF3, 0x45, 0x4E, 0xFE, 0xE2, 0xFF, 0xBA,
+        0x21, 0x4B, 0x43, 0x0E, 0xF2, 0x48, 0xA5, 0x9B,
+        0x32, 0x44, 0x4D, 0x8D, 0x0D, 0x3D, 0xB8, 0x7C,
+        0x9D, 0x4B, 0x15, 0x36, 0xD1, 0x57, 0x72, 0x8E,
+        0xE7, 0x58, 0x5E, 0xF5, 0x32, 0x77, 0x6A, 0x00,
+        0x3A, 0x02, 0x3C, 0x0A, 0xB0, 0xE9, 0xFF, 0x55,
+        0x71, 0x08, 0xC3, 0x90, 0x68, 0x4D, 0x56, 0x5A,
+        0x66, 0x50, 0x63, 0x26, 0x6A, 0xE6, 0x67, 0x0E,
+        0xD5, 0x3B, 0x0F, 0xAF, 0x8F, 0xF6, 0x78, 0x29,
+        0xBB, 0x73, 0x78, 0x25, 0xB1, 0x53, 0xA9, 0x33,
+        0x8C, 0xBE, 0x3D, 0xF1, 0xA4, 0x62, 0x84, 0x9B,
+        0x93, 0xA8, 0x1F, 0x84, 0xED, 0x07, 0xBE, 0x6D,
+        0x62, 0x40, 0x00, 0x32, 0x74, 0x73, 0x7F, 0x61,
+        0x8D, 0xCB, 0x26, 0xE4, 0x82, 0x52, 0xCE, 0x42,
+        0x04, 0xDD, 0x31, 0x39, 0xFF, 0x68, 0x76, 0xF4,
+        0x3B, 0x30, 0x5D, 0x83, 0x56, 0x20, 0xFE, 0xDF,
+        0x79, 0xAA, 0x67, 0x43, 0x3D, 0xC2, 0x52, 0x87,
+        0x32, 0x0E, 0x99, 0x17, 0x96, 0x7B, 0x70, 0xB2,
+        0xD8, 0x66, 0xD1, 0x7B, 0x69, 0x8B, 0xFF, 0xF2,
+        0xB3, 0xAB, 0x95, 0x14, 0x94, 0x9E, 0x58, 0xB5,
+        0x7C, 0x68, 0xA4, 0x54, 0x12, 0xC1, 0xFC, 0x42,
+        0x1C, 0x76, 0x8B, 0xF5, 0xEE, 0x8A, 0x10, 0xC8,
+        0xAE, 0xF5, 0x69, 0x26, 0xF5, 0x1E, 0xC6, 0x2C,
+        0x11, 0x56, 0x9F, 0x31, 0xAA, 0x51, 0x78, 0x68,
+        0xE5, 0xCA, 0xD8, 0x9E, 0x95, 0x80, 0x66, 0xEB,
+        0x9E, 0xDD, 0x72, 0x71, 0xB3, 0x1C, 0xB4, 0xB1,
+        0xD6, 0xCE, 0x21, 0x12, 0x25, 0xAE, 0xB5, 0xB5,
+        0x7F, 0x74, 0x97, 0x19, 0xDA, 0x07, 0xEC, 0xBE,
+        0xFE, 0x03, 0x88, 0x1D, 0xDE, 0x3D, 0x81, 0xE4,
+        0x13, 0x5F, 0x2D, 0xC8, 0x1A, 0xF7, 0x79, 0x77,
+        0x6C, 0x1B, 0x80, 0x57, 0x16, 0x2A, 0x6C, 0x98,
+        0x2F, 0xBB, 0x4D, 0xA6, 0xA9, 0xAD, 0x28, 0x4A,
+        0xB1, 0x0C, 0x70, 0x02, 0x20, 0x44, 0xF4, 0x6D,
+        0x40, 0x0B, 0xF6, 0xAD, 0x71, 0x82, 0xD1, 0x97,
+        0x78, 0x99, 0x83, 0xBE, 0x99, 0x22, 0x79, 0x79,
+        0xA1, 0x33, 0x4B, 0xA1, 0x49, 0xD8, 0x69, 0xBA,
+        0x1C, 0x40, 0x88, 0x12, 0x34, 0x35, 0xBF, 0x97,
+        0x85, 0x41, 0x35, 0x6D, 0xAF, 0x17, 0x1F, 0x33,
+        0xAD, 0xB1, 0xC9, 0x79, 0x07, 0xA0, 0xFB, 0x58,
+        0x45, 0x07, 0x4A, 0x85, 0xD2, 0x6F, 0x54, 0x61,
+        0x35, 0xAE, 0xD0, 0xF9, 0x1B, 0xE4, 0x53, 0x9C,
+        0x12, 0xBF, 0x94, 0x11, 0xE4, 0xB5, 0x56, 0xF6,
+        0x87, 0xD0, 0x69, 0xDB, 0x6B, 0x21, 0xFE, 0x2B,
+        0x7F, 0x32, 0x18, 0x87, 0x44, 0x8C, 0xEA, 0x55,
+        0xDB, 0x19, 0xFB, 0xB8, 0xB0, 0x48, 0x2A, 0x55,
+        0xAE, 0xC1, 0x67, 0x38, 0xD7, 0x4C, 0xD2, 0x65,
+        0x09, 0x38, 0x36, 0xBE, 0x99, 0xD4, 0xFB, 0x53,
+        0xE9, 0xB0, 0x14, 0xB0, 0x37, 0xCD, 0xBF, 0xE9
+    };
+    static const byte sk_87[] = {
+        0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF,
+        0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4,
+        0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA,
+        0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00,
+        0x3B, 0x9A, 0xC2, 0xC1, 0x42, 0x2A, 0x1A, 0xE8,
+        0x02, 0xDD, 0xD7, 0x46, 0x4D, 0x3F, 0x32, 0x72,
+        0x9A, 0x3C, 0x7D, 0xE8, 0x94, 0xD5, 0x06, 0xAC,
+        0xAD, 0x25, 0xCE, 0xB3, 0x72, 0xEA, 0x31, 0x49,
+        0xC9, 0x87, 0x80, 0xDC, 0xD1, 0x31, 0x4B, 0xAA,
+        0x29, 0xB9, 0xB8, 0x07, 0x75, 0x4C, 0x47, 0xDE,
+        0x5D, 0xCA, 0x95, 0x40, 0x64, 0xF2, 0x85, 0x28,
+        0xB8, 0x15, 0xFE, 0x27, 0xB7, 0x9A, 0xC5, 0x06,
+        0xB3, 0xAD, 0x76, 0x29, 0xD2, 0xC9, 0x71, 0xAB,
+        0x8F, 0x28, 0x2E, 0x0C, 0x6E, 0x7E, 0x55, 0x48,
+        0xEE, 0x0E, 0x11, 0x32, 0x42, 0xB7, 0xA0, 0xE0,
+        0x64, 0xA6, 0xDB, 0xCE, 0x30, 0xC5, 0x61, 0x9B,
+        0x19, 0x80, 0x08, 0x89, 0xA0, 0x44, 0x04, 0xB5,
+        0x00, 0x13, 0xC0, 0x88, 0xC1, 0x30, 0x29, 0x62,
+        0x12, 0x4C, 0xD3, 0xB4, 0x91, 0x0A, 0x35, 0x2C,
+        0x43, 0x12, 0x31, 0x19, 0x99, 0x65, 0x22, 0x18,
+        0x52, 0x02, 0xC3, 0x85, 0x23, 0x44, 0x0D, 0x90,
+        0x24, 0x4A, 0x1A, 0x30, 0x22, 0x44, 0x28, 0x61,
+        0x81, 0x06, 0x29, 0x18, 0x97, 0x68, 0x0A, 0x20,
+        0x09, 0x08, 0x32, 0x6A, 0x44, 0xA4, 0x4C, 0x44,
+        0x90, 0x21, 0x8A, 0x16, 0x68, 0x9A, 0xA8, 0x51,
+        0x1A, 0xA5, 0x2C, 0x62, 0x46, 0x8D, 0x04, 0xC3,
+        0x40, 0xD3, 0x86, 0x28, 0x60, 0xA4, 0x60, 0x13,
+        0x18, 0x70, 0x84, 0x94, 0x8C, 0x63, 0xC0, 0x44,
+        0x04, 0xA9, 0x28, 0x20, 0x08, 0x20, 0x43, 0x16,
+        0x2A, 0x23, 0x29, 0x2D, 0x1A, 0xB1, 0x29, 0x48,
+        0xB6, 0x09, 0x21, 0x88, 0x31, 0x00, 0xC5, 0x30,
+        0x00, 0xC4, 0x8C, 0xD9, 0x82, 0x68, 0xE1, 0x30,
+        0x4C, 0x63, 0x32, 0x45, 0x0C, 0x32, 0x86, 0x18,
+        0x08, 0x31, 0x91, 0x98, 0x0D, 0x10, 0xB8, 0x70,
+        0x9B, 0x30, 0x22, 0x64, 0x04, 0x08, 0x93, 0xA4,
+        0x8C, 0x21, 0xC9, 0x70, 0x0C, 0x35, 0x71, 0x5B,
+        0x00, 0x0D, 0x14, 0x31, 0x22, 0xCC, 0x98, 0x10,
+        0x21, 0x04, 0x80, 0x9B, 0x28, 0x64, 0x1C, 0x30,
+        0x80, 0x21, 0x30, 0x71, 0x18, 0x33, 0x50, 0x24,
+        0x25, 0x44, 0x08, 0x17, 0x8C, 0xC0, 0x08, 0x48,
+        0x84, 0x44, 0x90, 0x48, 0x98, 0x30, 0xCA, 0x44,
+        0x00, 0x09, 0x19, 0x51, 0x19, 0x23, 0x0C, 0x52,
+        0x20, 0x0E, 0x49, 0x06, 0x32, 0x1C, 0x15, 0x4E,
+        0x19, 0x48, 0x85, 0x13, 0x25, 0x49, 0xA3, 0x00,
+        0x04, 0x08, 0x15, 0x6D, 0x20, 0x41, 0x0C, 0xDA,
+        0x42, 0x52, 0xC1, 0x34, 0x8C, 0x00, 0x31, 0x69,
+        0x43, 0x82, 0x24, 0x64, 0x94, 0x6D, 0x1C, 0x81,
+        0x11, 0x01, 0x96, 0x21, 0x4B, 0x02, 0x00, 0xCA,
+        0x28, 0x84, 0xCC, 0x46, 0x64, 0x51, 0x18, 0x6A,
+        0x18, 0x10, 0x00, 0xA4, 0x98, 0x21, 0x60, 0xB0,
+        0x68, 0x03, 0x94, 0x6C, 0x94, 0x48, 0x51, 0x80,
+        0x40, 0x46, 0x92, 0x22, 0x2C, 0x23, 0x44, 0x69,
+        0x98, 0x26, 0x4D, 0x1C, 0x01, 0x08, 0x52, 0x02,
+        0x20, 0x8A, 0xA6, 0x08, 0x0A, 0x31, 0x61, 0x93,
+        0x40, 0x0E, 0x9C, 0xC8, 0x11, 0x81, 0x32, 0x2E,
+        0x21, 0x15, 0x84, 0x84, 0xC2, 0x41, 0x00, 0x22,
+        0x72, 0x54, 0x22, 0x62, 0x58, 0x06, 0x92, 0x48,
+        0x48, 0x44, 0x11, 0x27, 0x04, 0x04, 0xC0, 0x11,
+        0x92, 0x82, 0x45, 0xA1, 0xC6, 0x8C, 0xE3, 0x32,
+        0x66, 0xC1, 0x38, 0x72, 0x5A, 0x86, 0x01, 0x0C,
+        0xC9, 0x90, 0x84, 0x34, 0x08, 0x58, 0xA8, 0x60,
+        0x80, 0xC0, 0x70, 0xD0, 0x26, 0x62, 0x9B, 0x30,
+        0x2A, 0x04, 0x29, 0x69, 0x04, 0x10, 0x8D, 0x0B,
+        0xB9, 0x04, 0x50, 0x46, 0x28, 0x50, 0x48, 0x24,
+        0xD0, 0x48, 0x05, 0xA2, 0x48, 0x02, 0xC3, 0x20,
+        0x8C, 0xA0, 0x14, 0x00, 0x41, 0x38, 0x21, 0x4B,
+        0x24, 0x01, 0x04, 0xB5, 0x49, 0x42, 0x00, 0x00,
+        0x0C, 0x24, 0x28, 0x12, 0x40, 0x84, 0xA2, 0x20,
+        0x44, 0x9B, 0x06, 0x90, 0x63, 0xC0, 0x88, 0x8C,
+        0x14, 0x21, 0x49, 0x12, 0x10, 0x54, 0x16, 0x24,
+        0x20, 0x87, 0x44, 0x50, 0x10, 0x85, 0x0C, 0xB5,
+        0x64, 0xDB, 0x24, 0x41, 0xD0, 0x42, 0x29, 0x9A,
+        0x16, 0x8A, 0x21, 0xB4, 0x4C, 0x13, 0xB7, 0x70,
+        0x10, 0xC0, 0x85, 0x19, 0x02, 0x69, 0xCC, 0x40,
+        0x61, 0x1C, 0x48, 0x46, 0x98, 0x06, 0x25, 0x60,
+        0x14, 0x46, 0xE4, 0x22, 0x62, 0x24, 0x27, 0x22,
+        0x62, 0x24, 0x29, 0x44, 0xC6, 0x2D, 0x08, 0x31,
+        0x84, 0x20, 0x32, 0x21, 0x04, 0xB4, 0x61, 0x0A,
+        0x38, 0x12, 0xD9, 0x28, 0x44, 0xA4, 0x08, 0x20,
+        0xCC, 0xA8, 0x29, 0x0B, 0x21, 0x31, 0x0A, 0x34,
+        0x29, 0x03, 0x21, 0x40, 0xC1, 0xA2, 0x6C, 0x8A,
+        0x16, 0x12, 0x52, 0xA6, 0x64, 0xA3, 0xB2, 0x51,
+        0x04, 0x29, 0x51, 0xC4, 0x04, 0x91, 0x63, 0xB0,
+        0x2D, 0x14, 0x44, 0x30, 0x8C, 0x40, 0x66, 0x0C,
+        0x40, 0x0C, 0x01, 0xA5, 0x2C, 0x09, 0x94, 0x2D,
+        0x62, 0xC6, 0x11, 0x03, 0x98, 0x50, 0x19, 0x10,
+        0x4D, 0x19, 0xA8, 0x28, 0xD3, 0x86, 0x40, 0xC0,
+        0x30, 0x65, 0x54, 0xA6, 0x71, 0xE0, 0xB4, 0x85,
+        0x9B, 0x86, 0x10, 0x04, 0x36, 0x69, 0xD0, 0x46,
+        0x29, 0x18, 0xA3, 0x71, 0x40, 0x22, 0x49, 0x00,
+        0x43, 0x85, 0xCB, 0x40, 0x28, 0x89, 0x36, 0x66,
+        0x41, 0x22, 0x69, 0xA4, 0x28, 0x51, 0xD9, 0x80,
+        0x29, 0x14, 0x07, 0x21, 0xDA, 0x80, 0x91, 0x1B,
+        0x26, 0x50, 0x5B, 0xA0, 0x60, 0x99, 0x42, 0x71,
+        0x50, 0x88, 0x49, 0x10, 0x23, 0x09, 0x5A, 0x90,
+        0x21, 0x22, 0x27, 0x8E, 0x43, 0xB2, 0x70, 0x0C,
+        0xC9, 0x4C, 0xA4, 0x02, 0x70, 0x92, 0x40, 0x10,
+        0x0A, 0x39, 0x70, 0x02, 0x36, 0x0E, 0x11, 0x30,
+        0x41, 0xD8, 0x40, 0x2D, 0x1B, 0x24, 0x6D, 0xC3,
+        0x92, 0x61, 0x4C, 0x86, 0x8D, 0x21, 0xB8, 0x00,
+        0xD3, 0x24, 0x22, 0x12, 0xC8, 0x21, 0x12, 0x99,
+        0x85, 0x09, 0x16, 0x0C, 0x5A, 0xA2, 0x24, 0x09,
+        0x34, 0x42, 0x10, 0xA2, 0x24, 0x03, 0x42, 0x8C,
+        0xC0, 0xB2, 0x8D, 0x12, 0xB6, 0x69, 0x63, 0x34,
+        0x0D, 0xCC, 0xB0, 0x65, 0xA1, 0x12, 0x11, 0x4A,
+        0x38, 0x69, 0xCC, 0x14, 0x81, 0x58, 0x44, 0x09,
+        0x54, 0xA6, 0x80, 0x0C, 0xA8, 0x05, 0xC4, 0x38,
+        0x8A, 0x84, 0x06, 0x01, 0x9B, 0x32, 0x2D, 0x83,
+        0x12, 0x90, 0x09, 0x02, 0x60, 0xA1, 0x28, 0x88,
+        0x58, 0x10, 0x41, 0x24, 0x40, 0x02, 0x19, 0x34,
+        0x48, 0x18, 0xA0, 0x4D, 0x00, 0x10, 0x62, 0x13,
+        0x22, 0x50, 0xE3, 0x38, 0x21, 0x9A, 0x96, 0x21,
+        0x53, 0x08, 0x80, 0x51, 0x26, 0x01, 0x99, 0xC4,
+        0x28, 0x1B, 0xB9, 0x71, 0x04, 0x97, 0x84, 0x04,
+        0x05, 0x2C, 0xA0, 0xC2, 0x10, 0xD3, 0x42, 0x81,
+        0x81, 0x42, 0x4D, 0x61, 0x84, 0x6C, 0x5A, 0x30,
+        0x49, 0x1B, 0xC2, 0x24, 0xC0, 0x20, 0x28, 0xCA,
+        0x92, 0x2D, 0x4A, 0x90, 0x10, 0x04, 0x27, 0x86,
+        0x4C, 0x96, 0x21, 0x09, 0x19, 0x45, 0x14, 0x82,
+        0x2C, 0x11, 0xA6, 0x91, 0x13, 0xB8, 0x04, 0x03,
+        0x18, 0x70, 0x01, 0xA2, 0x51, 0x52, 0x14, 0x49,
+        0x5A, 0x02, 0x30, 0xCB, 0x30, 0x2C, 0x94, 0x10,
+        0x2C, 0x00, 0x49, 0x86, 0x09, 0xA0, 0x25, 0xC2,
+        0x12, 0x4C, 0x1B, 0x02, 0x69, 0x40, 0xA4, 0x44,
+        0x41, 0x16, 0x62, 0x02, 0x25, 0x28, 0xDC, 0xA2,
+        0x2D, 0x00, 0x16, 0x42, 0x58, 0x30, 0x66, 0x5B,
+        0x86, 0x24, 0xD4, 0x24, 0x48, 0xDB, 0x26, 0x0C,
+        0x4C, 0x08, 0x85, 0x01, 0x90, 0x49, 0x21, 0x24,
+        0x41, 0x54, 0x06, 0x84, 0x02, 0x43, 0x4A, 0x24,
+        0x42, 0x05, 0x40, 0x14, 0x48, 0xCA, 0x44, 0x84,
+        0xC0, 0x42, 0x0C, 0x98, 0x26, 0x04, 0x9C, 0xA2,
+        0x05, 0xD1, 0xC2, 0x51, 0x13, 0x01, 0x86, 0x1C,
+        0xA1, 0x50, 0xD9, 0x02, 0x50, 0x0C, 0x39, 0x86,
+        0x8C, 0x00, 0x31, 0x22, 0x05, 0x48, 0xD3, 0x10,
+        0x81, 0x12, 0x48, 0x05, 0xD1, 0x08, 0x69, 0x62,
+        0x38, 0x2C, 0x0A, 0x23, 0x70, 0x9B, 0x44, 0x72,
+        0xE3, 0x48, 0x6E, 0x22, 0x96, 0x70, 0x14, 0x33,
+        0x6C, 0xD8, 0x90, 0x29, 0x03, 0x00, 0x49, 0x63,
+        0x20, 0x8A, 0x03, 0x91, 0x25, 0x08, 0x89, 0x21,
+        0xC0, 0x82, 0x0C, 0x99, 0x40, 0x32, 0xC2, 0x34,
+        0x4E, 0x4B, 0x98, 0x69, 0x09, 0x80, 0x44, 0xE4,
+        0x04, 0x69, 0x94, 0x20, 0x09, 0x99, 0x24, 0x6D,
+        0x09, 0xA9, 0x60, 0x01, 0x29, 0x2D, 0xC8, 0x42,
+        0x28, 0x8A, 0x34, 0x02, 0xE4, 0x08, 0x70, 0x0C,
+        0x23, 0x6E, 0x0A, 0x05, 0x49, 0x64, 0x44, 0x2A,
+        0x82, 0xC8, 0x00, 0x02, 0x48, 0x31, 0xCB, 0x90,
+        0x50, 0x1C, 0x05, 0x68, 0x12, 0x12, 0x2C, 0xD0,
+        0x80, 0x0C, 0x59, 0x48, 0x61, 0xCB, 0xA6, 0x09,
+        0x9C, 0xC0, 0x81, 0x42, 0xB8, 0x00, 0x24, 0x41,
+        0x8A, 0x94, 0x20, 0x40, 0x42, 0x14, 0x4D, 0x19,
+        0x46, 0x62, 0x18, 0x05, 0x09, 0x24, 0x33, 0x6A,
+        0xD4, 0x00, 0x61, 0x12, 0x48, 0x32, 0x8A, 0x04,
+        0x72, 0x93, 0xB4, 0x69, 0x62, 0xC2, 0x71, 0x41,
+        0xA6, 0x89, 0x44, 0x96, 0x31, 0x62, 0x30, 0x46,
+        0x83, 0x42, 0x6C, 0x00, 0x19, 0x22, 0x09, 0x46,
+        0x4D, 0x8B, 0x06, 0x49, 0xE1, 0xB0, 0x70, 0x42,
+        0x44, 0x31, 0xC1, 0x80, 0x65, 0x9C, 0x00, 0x24,
+        0x11, 0xA8, 0x31, 0x13, 0x21, 0x2C, 0x4B, 0x46,
+        0x28, 0x1B, 0x18, 0x0D, 0x88, 0x42, 0x70, 0xD1,
+        0xB0, 0x0D, 0x90, 0xC8, 0x45, 0xDA, 0xC2, 0x48,
+        0x59, 0x14, 0x26, 0x22, 0x44, 0x00, 0xC2, 0x94,
+        0x41, 0x50, 0xC8, 0x04, 0x18, 0x00, 0x00, 0xCB,
+        0xA6, 0x24, 0x19, 0x02, 0x10, 0x10, 0x89, 0x0C,
+        0x18, 0x22, 0x21, 0x62, 0xA8, 0x81, 0xC8, 0x92,
+        0x48, 0xD3, 0x94, 0x20, 0x82, 0x06, 0x72, 0x09,
+        0xA8, 0x90, 0x0C, 0x49, 0x8A, 0x41, 0x86, 0x28,
+        0x19, 0xC5, 0x80, 0x9A, 0x18, 0x4D, 0x14, 0x10,
+        0x2E, 0x22, 0x12, 0x52, 0x00, 0x08, 0x12, 0x0C,
+        0x33, 0x45, 0x63, 0xC6, 0x30, 0x10, 0x93, 0x4C,
+        0x60, 0xC6, 0x31, 0xDC, 0x40, 0x0E, 0x98, 0x82,
+        0x50, 0x60, 0x02, 0x2A, 0xD2, 0x22, 0x40, 0xE4,
+        0x06, 0x2D, 0xDB, 0x32, 0x0E, 0xCA, 0x32, 0x4E,
+        0xD4, 0x18, 0x24, 0x08, 0xC3, 0x28, 0x4A, 0xC2,
+        0x68, 0xE2, 0x80, 0x40, 0xA1, 0xC8, 0x64, 0x51,
+        0xC2, 0x65, 0xCB, 0x16, 0x60, 0x23, 0x09, 0x4C,
+        0x82, 0x04, 0x68, 0xD9, 0x22, 0x2E, 0x1C, 0x49,
+        0x92, 0x42, 0x24, 0x21, 0x00, 0x37, 0x0E, 0xC8,
+        0x12, 0x72, 0x64, 0x08, 0x25, 0x0A, 0x20, 0x2A,
+        0x58, 0x24, 0x04, 0x59, 0x16, 0x4C, 0x08, 0x17,
+        0x30, 0x00, 0x46, 0x05, 0x12, 0x90, 0x40, 0x03,
+        0x07, 0x21, 0x52, 0xC0, 0x64, 0x1C, 0x83, 0x6D,
+        0x9C, 0x32, 0x2E, 0x11, 0x15, 0x8A, 0x10, 0x35,
+        0x88, 0x5A, 0xA0, 0x8D, 0xD9, 0x80, 0x48, 0x03,
+        0xB6, 0x4C, 0x01, 0x10, 0x65, 0x10, 0x86, 0x40,
+        0x11, 0x01, 0x42, 0x0A, 0xC1, 0x64, 0xDB, 0x22,
+        0x4D, 0x64, 0xB2, 0x51, 0x02, 0x36, 0x0D, 0x93,
+        0x46, 0x31, 0x14, 0xB6, 0x68, 0x63, 0x84, 0x29,
+        0xC8, 0x10, 0x24, 0x94, 0x30, 0x08, 0x19, 0x37,
+        0x02, 0x14, 0x82, 0x45, 0x88, 0x28, 0x40, 0x54,
+        0xA8, 0x29, 0x90, 0x14, 0x12, 0x61, 0x36, 0x12,
+        0x0B, 0x09, 0x8C, 0xA4, 0x98, 0x28, 0xC2, 0x92,
+        0x45, 0x4C, 0x00, 0x60, 0x63, 0xC4, 0x81, 0xC0,
+        0x36, 0x25, 0xCA, 0x88, 0x2D, 0x24, 0x40, 0x30,
+        0xD3, 0xA8, 0x2D, 0xC9, 0xC8, 0x25, 0xD2, 0x84,
+        0x48, 0x00, 0x32, 0x92, 0x50, 0xA2, 0x71, 0xD3,
+        0x44, 0x0D, 0x22, 0x34, 0x60, 0x12, 0x13, 0x12,
+        0x86, 0x8C, 0x5F, 0x86, 0x20, 0x79, 0x4A, 0x05,
+        0x0E, 0x20, 0xD0, 0xE1, 0x01, 0x17, 0x86, 0x24,
+        0x0E, 0xA6, 0x64, 0xF2, 0xF6, 0x9B, 0xB1, 0xB7,
+        0xE3, 0x0E, 0xC6, 0x6B, 0x1A, 0x4A, 0x0B, 0xE5,
+        0x9B, 0x79, 0xF2, 0x19, 0x8A, 0xD9, 0x80, 0x44,
+        0x83, 0xE4, 0x75, 0xE5, 0x3B, 0x3C, 0x49, 0xCB,
+        0x0C, 0xE5, 0xEF, 0x92, 0x91, 0x2A, 0xF4, 0x40,
+        0xF2, 0x3B, 0x99, 0x58, 0x13, 0xD1, 0x1B, 0x59,
+        0xF7, 0x98, 0xE9, 0x3C, 0x9D, 0x13, 0x53, 0x98,
+        0x17, 0xC7, 0xAC, 0x68, 0xCA, 0xD1, 0xAA, 0x1A,
+        0xC2, 0x76, 0x56, 0xBD, 0x0C, 0x47, 0x97, 0xE9,
+        0xC8, 0xEC, 0x17, 0x78, 0x4C, 0x1A, 0x32, 0x7A,
+        0x9D, 0xFE, 0xAF, 0x4D, 0x61, 0x91, 0xEE, 0xCD,
+        0xAF, 0xE0, 0x49, 0xB7, 0x33, 0xFE, 0x39, 0xD5,
+        0xEB, 0x40, 0x00, 0x93, 0x6F, 0xEE, 0xFC, 0xF8,
+        0x29, 0x28, 0xE9, 0xF9, 0x4C, 0xFD, 0x5C, 0xF4,
+        0xC1, 0xE3, 0xDE, 0xB1, 0x43, 0x3A, 0x47, 0xF6,
+        0xD3, 0x28, 0xB5, 0xE8, 0x3D, 0xD1, 0x56, 0xD0,
+        0x18, 0x2D, 0xC6, 0x92, 0x34, 0x75, 0x91, 0xAA,
+        0x6F, 0x73, 0x2C, 0xFB, 0xE9, 0x82, 0x93, 0x5F,
+        0xD1, 0x84, 0x6C, 0xAC, 0xF4, 0xCB, 0x85, 0x15,
+        0xC5, 0x5A, 0xB8, 0x5E, 0xE5, 0xAD, 0x44, 0xCB,
+        0x09, 0xD3, 0x26, 0x9E, 0x2E, 0x6D, 0x11, 0x78,
+        0x09, 0x61, 0xFD, 0x13, 0x1D, 0x5E, 0x6F, 0xBF,
+        0x89, 0x84, 0x9F, 0x47, 0xF2, 0xB7, 0x1D, 0x82,
+        0x83, 0xFF, 0x25, 0x38, 0x5E, 0x52, 0xB0, 0x7D,
+        0xBB, 0x26, 0x6C, 0x67, 0x4C, 0xEE, 0x3D, 0x0B,
+        0x5D, 0xF5, 0xA5, 0x6D, 0x8B, 0xDC, 0xDC, 0xFA,
+        0xAE, 0xE6, 0xA2, 0x48, 0xE7, 0x1D, 0xB1, 0x34,
+        0x5A, 0xFC, 0x59, 0x7C, 0xA8, 0x30, 0xA1, 0xA3,
+        0x5B, 0x43, 0x96, 0xEF, 0x4C, 0x1A, 0xDF, 0x9E,
+        0xD0, 0x1B, 0xCE, 0x9B, 0x6E, 0xB6, 0x37, 0xFA,
+        0x24, 0xAA, 0x16, 0x0B, 0x90, 0x76, 0xBA, 0xE3,
+        0x05, 0x59, 0xF8, 0xB2, 0x9D, 0xED, 0xB3, 0xD2,
+        0x5B, 0x79, 0x06, 0x4A, 0xB0, 0xCF, 0x8B, 0x8D,
+        0x70, 0xAD, 0xDD, 0xEB, 0x8B, 0x17, 0x42, 0x48,
+        0xD5, 0xAE, 0xA4, 0xD1, 0x8D, 0xE4, 0x3B, 0x89,
+        0x38, 0xCD, 0xD2, 0xAC, 0xBA, 0x54, 0x77, 0xBD,
+        0x4A, 0xAC, 0xC3, 0xCE, 0x59, 0x5E, 0x5D, 0x26,
+        0x9F, 0xE6, 0x75, 0x21, 0x0D, 0x23, 0x15, 0x2B,
+        0x04, 0x71, 0x0F, 0x36, 0x84, 0x28, 0x79, 0x4A,
+        0x75, 0xF4, 0x9B, 0x68, 0x3E, 0xD2, 0x0D, 0xD6,
+        0x47, 0x51, 0x57, 0x77, 0x95, 0x5A, 0x8C, 0xB3,
+        0x8A, 0x36, 0xAF, 0xCD, 0x2C, 0xE0, 0xAC, 0xEC,
+        0x4F, 0x0D, 0xFE, 0x80, 0x77, 0x02, 0xD1, 0xEB,
+        0x3B, 0xDE, 0x72, 0xE9, 0xE0, 0x85, 0xAA, 0x4E,
+        0x09, 0xEB, 0x1B, 0x09, 0x47, 0x41, 0x38, 0x52,
+        0xEC, 0x3C, 0x0A, 0xC5, 0x2F, 0x06, 0xCB, 0x95,
+        0x9C, 0x85, 0x39, 0x4E, 0xB3, 0x74, 0x81, 0x19,
+        0xED, 0xBE, 0x6C, 0x80, 0xD2, 0xD8, 0xF7, 0x92,
+        0xCE, 0x0D, 0x91, 0x5E, 0x4F, 0x4B, 0x15, 0x1E,
+        0xFB, 0x13, 0x5E, 0x7F, 0x4D, 0xC9, 0x7D, 0x85,
+        0x81, 0x41, 0xC5, 0x7F, 0x70, 0x41, 0x7B, 0x43,
+        0xA6, 0xA1, 0x26, 0x95, 0x69, 0x78, 0xD7, 0x8E,
+        0xFB, 0x9F, 0x03, 0x72, 0x43, 0xB4, 0xCB, 0x41,
+        0xDF, 0x96, 0x8B, 0x7E, 0xE5, 0xB5, 0x20, 0x87,
+        0xF0, 0x5A, 0xA9, 0xFE, 0x48, 0x7B, 0xD1, 0x6C,
+        0x03, 0x47, 0xCF, 0x13, 0x35, 0x76, 0x0B, 0xD2,
+        0x39, 0x8A, 0xD5, 0x4D, 0xDA, 0x00, 0xA5, 0xAA,
+        0xC4, 0x46, 0xD8, 0x0B, 0x1C, 0x79, 0x98, 0xC6,
+        0x02, 0x19, 0x2A, 0xDA, 0xFC, 0xB8, 0x09, 0xD1,
+        0x4E, 0xE3, 0x28, 0x64, 0x1B, 0xA3, 0xAA, 0x00,
+        0xF8, 0xD2, 0x9C, 0x3A, 0x84, 0x8A, 0xCB, 0xDC,
+        0x19, 0x46, 0xBC, 0x0D, 0x35, 0xE0, 0xBE, 0x0F,
+        0x8F, 0x7E, 0x3D, 0xA3, 0xF6, 0x8D, 0x9F, 0xA9,
+        0x76, 0x8F, 0x5C, 0xF2, 0x75, 0x53, 0x4A, 0x0E,
+        0xCA, 0x9E, 0x60, 0xFC, 0xEA, 0x38, 0xF1, 0xE0,
+        0x42, 0xC3, 0x16, 0x14, 0x3A, 0x76, 0x7B, 0x33,
+        0xAC, 0xCA, 0xD8, 0xC8, 0xD6, 0x6C, 0x70, 0xC7,
+        0x5F, 0xD1, 0xF0, 0xB2, 0x58, 0x6B, 0x65, 0x3A,
+        0xD4, 0xAF, 0x54, 0xE5, 0x6E, 0xF0, 0x69, 0x33,
+        0xEA, 0xD3, 0x1D, 0xE3, 0x65, 0xD1, 0x10, 0xB9,
+        0xC4, 0xA2, 0xA9, 0x8B, 0xCB, 0xA1, 0x65, 0xCA,
+        0xFE, 0x38, 0x6F, 0x88, 0x7C, 0x72, 0x15, 0x6E,
+        0xB1, 0x4F, 0xF0, 0xDA, 0xD6, 0x65, 0x61, 0x6C,
+        0xE3, 0xCE, 0x65, 0xC1, 0x90, 0x4F, 0x2C, 0x17,
+        0x47, 0xB2, 0xEC, 0x2B, 0x5C, 0x9D, 0x67, 0x76,
+        0xBC, 0xD7, 0x9E, 0x5A, 0xC6, 0x4B, 0x79, 0x33,
+        0xBD, 0xDE, 0xDE, 0xDD, 0xBB, 0xC7, 0x25, 0xBF,
+        0xDB, 0xCC, 0xDE, 0x2F, 0xB3, 0x75, 0xAE, 0x2B,
+        0xE3, 0x53, 0x7B, 0xDF, 0x89, 0xBF, 0x4C, 0x25,
+        0xF8, 0x3A, 0x49, 0xD6, 0xA6, 0xA8, 0xD0, 0x76,
+        0x1C, 0xF3, 0x9D, 0x62, 0x0C, 0x53, 0xED, 0x83,
+        0x7D, 0x19, 0x82, 0x55, 0xCF, 0x5B, 0x91, 0x0A,
+        0x6D, 0xB5, 0x78, 0x77, 0xDF, 0x92, 0xD8, 0xBB,
+        0x6E, 0x9C, 0x52, 0x6B, 0x8C, 0x4E, 0xC9, 0x31,
+        0x00, 0xDE, 0xE0, 0x50, 0x0A, 0x21, 0x0C, 0x98,
+        0x45, 0x83, 0xE1, 0x53, 0x81, 0x60, 0xED, 0xAC,
+        0x2C, 0x6F, 0x86, 0x6E, 0x7F, 0x5D, 0x99, 0xD7,
+        0xB1, 0xB8, 0x15, 0x82, 0xF5, 0xD0, 0xEB, 0xBF,
+        0x27, 0x86, 0xE3, 0xF5, 0x56, 0x01, 0x3B, 0xA9,
+        0xB6, 0xF6, 0x56, 0xEB, 0x79, 0x88, 0x38, 0xEA,
+        0x05, 0x79, 0x20, 0x1A, 0x95, 0xD5, 0x6B, 0xBC,
+        0x3B, 0xCD, 0xB9, 0x51, 0x1A, 0xFB, 0xD4, 0xD8,
+        0x12, 0x88, 0x89, 0x6F, 0x87, 0x10, 0x8C, 0x07,
+        0x7F, 0x1A, 0x81, 0xA3, 0xBD, 0x29, 0x7B, 0xB1,
+        0x24, 0xA8, 0x00, 0x86, 0x89, 0x02, 0x42, 0x99,
+        0x5E, 0x03, 0xCF, 0x42, 0xA0, 0xC2, 0x1E, 0x27,
+        0x2A, 0x9A, 0xFA, 0x1D, 0xC1, 0x03, 0x46, 0x3D,
+        0x2A, 0xB4, 0x94, 0xF7, 0xD0, 0x17, 0x68, 0x6D,
+        0x31, 0x89, 0x4D, 0xD2, 0xF6, 0xEB, 0xB0, 0xC3,
+        0xCB, 0x62, 0x23, 0xEC, 0x79, 0xC6, 0x5D, 0x45,
+        0xC1, 0xB0, 0xD4, 0xEF, 0x19, 0x61, 0xF1, 0x6D,
+        0x65, 0x3F, 0xCF, 0x25, 0x97, 0x7B, 0x65, 0x1E,
+        0xC5, 0x1A, 0x13, 0xAE, 0x8D, 0x4A, 0x34, 0x72,
+        0xEE, 0x71, 0x96, 0x9A, 0x7A, 0x93, 0x6F, 0x5D,
+        0xBB, 0xB9, 0x39, 0x6A, 0x46, 0xD9, 0x76, 0x42,
+        0x35, 0x8C, 0xAF, 0x48, 0x94, 0xC9, 0xA6, 0xDF,
+        0x84, 0xA5, 0x9C, 0x59, 0x62, 0xA6, 0x99, 0x0A,
+        0x76, 0xF0, 0x61, 0x48, 0x90, 0x16, 0x9F, 0x00,
+        0x18, 0x70, 0xD4, 0x9C, 0xF2, 0xE7, 0x50, 0x08,
+        0xCC, 0x4A, 0x5D, 0x85, 0xE7, 0x2D, 0xE2, 0xD6,
+        0xCF, 0x3F, 0xA7, 0x18, 0x52, 0x25, 0x35, 0x22,
+        0xFE, 0x8B, 0x0E, 0x42, 0x3C, 0xB4, 0x17, 0xA3,
+        0x8E, 0xB7, 0x8C, 0x87, 0x63, 0xC3, 0x72, 0x0C,
+        0x04, 0xE6, 0x7F, 0xF8, 0x89, 0x79, 0xEB, 0xA0,
+        0x9E, 0x34, 0x53, 0x8B, 0xB5, 0x23, 0xB9, 0x9B,
+        0x8E, 0x34, 0x16, 0x74, 0x12, 0xF7, 0x7A, 0xEA,
+        0x89, 0x4D, 0x83, 0xAC, 0xF9, 0x46, 0xFC, 0x05,
+        0x4D, 0x0A, 0xF4, 0x72, 0x95, 0xE5, 0x1E, 0xD8,
+        0x3F, 0x74, 0x86, 0x94, 0x0A, 0x4D, 0x41, 0xC0,
+        0x4A, 0xD7, 0xEB, 0xEE, 0x61, 0x0B, 0xF1, 0xD0,
+        0x3F, 0xA5, 0x40, 0x71, 0xD5, 0x1A, 0x15, 0x09,
+        0xE4, 0xF4, 0x91, 0x63, 0xA2, 0x50, 0x81, 0xBE,
+        0x87, 0x90, 0xD0, 0x87, 0xF5, 0xF4, 0xF0, 0x5C,
+        0x88, 0x55, 0x0F, 0xCA, 0x9B, 0xF9, 0x9C, 0x9B,
+        0xE5, 0x95, 0x3D, 0x51, 0xDD, 0x08, 0x45, 0xC9,
+        0x3E, 0x41, 0xEE, 0xEF, 0x62, 0xE0, 0x79, 0x4B,
+        0x29, 0x27, 0xC4, 0xF5, 0xED, 0x9B, 0xD3, 0xE3,
+        0x4E, 0xA9, 0x20, 0x0A, 0x79, 0xDD, 0xEB, 0x4B,
+        0x2D, 0x8F, 0x30, 0x5F, 0xE0, 0x5F, 0x82, 0x7C,
+        0x7E, 0x2E, 0xD1, 0x86, 0x34, 0x1C, 0xB5, 0xD1,
+        0x15, 0x2F, 0xC8, 0x01, 0x04, 0xE0, 0xE1, 0x36,
+        0x83, 0xD9, 0x41, 0x29, 0x4C, 0x77, 0x84, 0x17,
+        0x16, 0x4B, 0x68, 0x4A, 0x97, 0x6E, 0x56, 0xE7,
+        0x8D, 0xA4, 0xD1, 0x7C, 0x3C, 0x73, 0x22, 0x93,
+        0x14, 0x87, 0x0B, 0x85, 0xC4, 0x55, 0xC2, 0x3B,
+        0x83, 0x0B, 0x9A, 0x28, 0xA3, 0xD8, 0xC0, 0xB5,
+        0x66, 0x42, 0x6D, 0xC1, 0x69, 0xF3, 0x26, 0xAB,
+        0xCE, 0x2E, 0xFF, 0xF3, 0x9E, 0x9B, 0x19, 0x9A,
+        0xE5, 0xC1, 0x29, 0x2B, 0x6F, 0x2E, 0xF3, 0x7A,
+        0xF1, 0xDE, 0xA9, 0x27, 0x2C, 0x8D, 0x54, 0x23,
+        0xDF, 0x8A, 0x56, 0x32, 0xF9, 0x91, 0xE1, 0x4D,
+        0xCA, 0x25, 0x14, 0x78, 0x8B, 0x62, 0xBE, 0x16,
+        0x48, 0x28, 0xE9, 0xAC, 0xB8, 0x93, 0xDD, 0xA6,
+        0x02, 0xA5, 0xE2, 0xFB, 0x9E, 0xFC, 0xBE, 0xFD,
+        0x95, 0xAB, 0xFB, 0x82, 0xD2, 0xB0, 0x2D, 0x49,
+        0xCC, 0x53, 0x08, 0x4A, 0x49, 0xAB, 0x1B, 0xEC,
+        0x23, 0xE5, 0xB4, 0xC8, 0xE7, 0x14, 0xCB, 0x03,
+        0x40, 0x5F, 0x1B, 0xCF, 0x7E, 0x11, 0xBB, 0x59,
+        0x72, 0x9D, 0xDC, 0x0B, 0x7B, 0xEF, 0xB2, 0x91,
+        0x27, 0x6D, 0xCE, 0xDA, 0xCA, 0xAD, 0x39, 0xA2,
+        0xF0, 0x1C, 0x7D, 0xC9, 0x8B, 0x9E, 0x06, 0x5E,
+        0xAF, 0xED, 0x1C, 0xC8, 0xCE, 0x3E, 0x84, 0x80,
+        0x80, 0xA2, 0xFC, 0x5B, 0x98, 0xC9, 0xF6, 0xBF,
+        0x50, 0x40, 0x27, 0x33, 0x42, 0xF0, 0x31, 0x2F,
+        0x8B, 0x98, 0x44, 0x59, 0x4A, 0x50, 0x3D, 0xD3,
+        0xE6, 0xAF, 0x1C, 0x9E, 0x35, 0xC1, 0x03, 0x2A,
+        0x4A, 0x8A, 0x5E, 0x7B, 0xF3, 0x3A, 0x82, 0xF3,
+        0x5E, 0x16, 0xED, 0xF8, 0xC6, 0x0C, 0x90, 0x02,
+        0x1D, 0x8C, 0x0B, 0xA4, 0xC3, 0x86, 0x24, 0x5D,
+        0xFE, 0xF0, 0x94, 0x48, 0x43, 0x1D, 0x8C, 0x00,
+        0xD1, 0xE2, 0x6E, 0xE4, 0xD8, 0xC7, 0x7D, 0xAA,
+        0x1A, 0x70, 0x5E, 0xD4, 0x79, 0x2A, 0xCB, 0x4E,
+        0xA2, 0x7C, 0x15, 0x66, 0xFB, 0x56, 0x68, 0x3C,
+        0x43, 0xBF, 0x67, 0x84, 0x2E, 0x67, 0x53, 0x4C,
+        0xB3, 0xF9, 0x67, 0x7C, 0x8A, 0xB9, 0xD0, 0xEE,
+        0xE7, 0x82, 0x7C, 0xDE, 0xFC, 0x22, 0x3A, 0xC9,
+        0x48, 0xB8, 0x80, 0xB5, 0xF1, 0xCE, 0x95, 0x37,
+        0x27, 0x29, 0x32, 0x00, 0x2C, 0x1A, 0x4D, 0xD2,
+        0x18, 0xF5, 0x27, 0x16, 0x6E, 0xBF, 0xB2, 0xB2,
+        0xFA, 0x2B, 0xF3, 0x72, 0x46, 0xEC, 0xDF, 0xDF,
+        0xA7, 0x2B, 0x6D, 0xA1, 0x1C, 0x30, 0xD1, 0xC7,
+        0xD2, 0x48, 0xAD, 0x64, 0x81, 0x8F, 0x69, 0x1D,
+        0x59, 0xB7, 0x55, 0xDA, 0xF7, 0x1B, 0xED, 0x9A,
+        0xB5, 0xFB, 0x52, 0xE0, 0x36, 0x22, 0xA9, 0x00,
+        0xD6, 0x6B, 0x4C, 0x63, 0x84, 0x16, 0x9B, 0xDF,
+        0x9E, 0xB6, 0x1C, 0x02, 0xDF, 0x45, 0xFB, 0x76,
+        0xB1, 0xA2, 0x6F, 0x34, 0xE9, 0x38, 0xB1, 0x90,
+        0x86, 0x17, 0x45, 0xC0, 0x21, 0xFA, 0x87, 0x62,
+        0x00, 0xC7, 0xFC, 0x8E, 0x22, 0x2D, 0xDB, 0xFA,
+        0xD8, 0xBE, 0x78, 0x1B, 0x18, 0x54, 0x24, 0xAA,
+        0xAF, 0xC6, 0x58, 0x62, 0xDB, 0x13, 0x2B, 0xEC,
+        0x6D, 0x18, 0x83, 0x7A, 0x1F, 0x58, 0xA8, 0x76,
+        0xC9, 0x9E, 0x63, 0xF5, 0x14, 0x20, 0xB8, 0x3F,
+        0x45, 0x96, 0x75, 0x61, 0x2F, 0x7A, 0xCF, 0x80,
+        0xB4, 0xEB, 0x1D, 0xD0, 0x72, 0x1C, 0xAA, 0x1B,
+        0x49, 0x70, 0xDA, 0x60, 0x86, 0x79, 0xC6, 0x38,
+        0x3E, 0x81, 0x7F, 0xE1, 0x6B, 0x66, 0xB1, 0x91,
+        0x81, 0xED, 0xFC, 0x39, 0x27, 0x0C, 0x7E, 0x91,
+        0x7B, 0x1F, 0x10, 0xEB, 0x7A, 0x01, 0x19, 0x97,
+        0xE9, 0x67, 0x85, 0x3B, 0x78, 0xE0, 0x0C, 0xFD,
+        0x58, 0xD2, 0x24, 0xD9, 0x33, 0xCC, 0x5A, 0x99,
+        0x55, 0x32, 0xDC, 0xD4, 0xE5, 0x32, 0xE4, 0x03,
+        0x05, 0x15, 0xF4, 0xA0, 0x5B, 0x33, 0x1D, 0x57,
+        0x5D, 0xDA, 0xC2, 0x9B, 0xAB, 0x06, 0x9F, 0x09,
+        0xAF, 0x0D, 0x17, 0x33, 0x73, 0xDB, 0x1E, 0xC2,
+        0xB6, 0x36, 0x6B, 0xB3, 0x71, 0x00, 0x8A, 0x23,
+        0x86, 0xFD, 0x88, 0xBE, 0x77, 0xF5, 0xED, 0x5E,
+        0x19, 0x8C, 0xBE, 0x88, 0xDF, 0x24, 0xBC, 0x6E,
+        0x39, 0x3F, 0xEB, 0xC1, 0x0C, 0x47, 0x0A, 0x72,
+        0xD4, 0x7C, 0x0F, 0x83, 0x46, 0x53, 0xC9, 0xAE,
+        0x80, 0x0E, 0x89, 0x3C, 0x6B, 0xA6, 0x8E, 0xA2,
+        0x8A, 0x83, 0x8F, 0xCB, 0xB6, 0x9C, 0x3E, 0x96,
+        0x4A, 0x5F, 0xAF, 0xC2, 0x06, 0x7D, 0xD4, 0x06,
+        0xB2, 0x57, 0xC9, 0x8D, 0xD3, 0x97, 0x9E, 0xC7,
+        0xC7, 0xEC, 0xBE, 0x96, 0xA3, 0x3D, 0x85, 0x51,
+        0x5D, 0xA2, 0xCB, 0x6A, 0xA5, 0xE1, 0xFF, 0xF2,
+        0x04, 0xAF, 0x62, 0xDD, 0x41, 0x19, 0xA0, 0xE4,
+        0x8C, 0x04, 0xA3, 0xF2, 0xB3, 0x86, 0x60, 0xF5,
+        0x29, 0x64, 0xD8, 0xD4, 0xAE, 0xE1, 0x46, 0xA9,
+        0xC5, 0x3C, 0x31, 0x90, 0x6D, 0xAD, 0x0F, 0xD9,
+        0x0B, 0x5D, 0x83, 0xB3, 0xE3, 0x1B, 0x69, 0x0A,
+        0x4C, 0x49, 0x35, 0x24, 0x99, 0x81, 0xBE, 0x1F,
+        0x1A, 0x85, 0xEC, 0x6E, 0x0F, 0xEE, 0x4C, 0x88,
+        0xF2, 0xD8, 0x9E, 0x29, 0x69, 0xAB, 0x8C, 0xBB,
+        0xEB, 0x50, 0x19, 0x16, 0x55, 0x8D, 0x29, 0xEA,
+        0x7C, 0x3E, 0xCF, 0x1C, 0x9E, 0xF1, 0xA0, 0x43,
+        0x50, 0x63, 0x3B, 0x4C, 0xDA, 0x73, 0x7D, 0xFB,
+        0x15, 0x1C, 0xB5, 0xE7, 0x36, 0x11, 0x73, 0xF3,
+        0xAE, 0xDD, 0xDF, 0x52, 0x7D, 0x73, 0xF2, 0xF9,
+        0xD5, 0xB6, 0x21, 0x3A, 0xA6, 0x8F, 0x88, 0x3E,
+        0x9A, 0x26, 0x33, 0x78, 0x5E, 0xC6, 0xBE, 0x64,
+        0x2A, 0x9F, 0xD0, 0xF2, 0x1A, 0x42, 0xF6, 0xB9,
+        0xDA, 0xAB, 0xDC, 0xD1, 0xE6, 0xAD, 0xBE, 0xF6,
+        0x48, 0x41, 0xB5, 0x96, 0x86, 0xEA, 0xE3, 0xEC,
+        0x88, 0xEE, 0xF0, 0xA9, 0xCB, 0xC1, 0x2B, 0xC0,
+        0x12, 0x62, 0x2D, 0xF2, 0xDD, 0x93, 0xA8, 0x62,
+        0x29, 0x04, 0x4A, 0xF2, 0xF2, 0x60, 0xD2, 0x18,
+        0x3F, 0x51, 0xE8, 0x33, 0xEE, 0x92, 0xD9, 0x8F,
+        0x02, 0x51, 0xE3, 0xF8, 0x5F, 0xAB, 0x74, 0xCE,
+        0x36, 0x7B, 0x8B, 0x7A, 0xA6, 0x3D, 0x3C, 0xF8,
+        0xC8, 0xBF, 0x4D, 0x78, 0x35, 0x8B, 0xAE, 0x0A,
+        0x02, 0x41, 0xE2, 0x10, 0xAC, 0x69, 0x35, 0x30,
+        0x87, 0xCC, 0x73, 0x31, 0x35, 0x7E, 0xB4, 0x45,
+        0x0F, 0x95, 0x09, 0xCF, 0xE5, 0x95, 0xF5, 0x40,
+        0x32, 0xEE, 0x05, 0x77, 0x54, 0xA8, 0xED, 0xD7,
+        0x46, 0xCB, 0x92, 0x82, 0xE7, 0x68, 0xDC, 0x6B,
+        0x83, 0x0C, 0x5B, 0x4A, 0x21, 0x93, 0x43, 0xAD,
+        0x12, 0x4E, 0xDB, 0x3B, 0xBC, 0x42, 0x50, 0x55,
+        0x66, 0xA7, 0x03, 0x8C, 0x95, 0x9B, 0xC3, 0x55,
+        0x85, 0xB6, 0x05, 0x5F, 0x19, 0x68, 0xDA, 0x24,
+        0x3F, 0x77, 0x8F, 0x4E, 0x46, 0xDB, 0x46, 0x2A,
+        0xBE, 0xB9, 0x3B, 0x81, 0x24, 0x3C, 0x31, 0xEB,
+        0x59, 0x62, 0x2E, 0xDF, 0x81, 0xF0, 0x6C, 0xCC,
+        0x61, 0xD2, 0xA6, 0xEA, 0x73, 0xE1, 0x09, 0xC3,
+        0x87, 0x91, 0x5F, 0x27, 0x7B, 0xCF, 0x1F, 0xC1,
+        0x11, 0x05, 0xBB, 0xA7, 0x02, 0x93, 0xC0, 0xFA,
+        0xB5, 0xC0, 0x65, 0xF2, 0x3B, 0xAA, 0x19, 0x29,
+        0x0A, 0x30, 0x2F, 0x08, 0x09, 0x11, 0x07, 0xA4,
+        0xB1, 0xD5, 0x68, 0x85, 0x26, 0x22, 0x09, 0x83,
+        0x83, 0x42, 0x77, 0x60, 0xEF, 0x8F, 0x29, 0x28,
+        0x62, 0x5B, 0xDD, 0xA5, 0xF5, 0x14, 0xC5, 0xAD,
+        0xE9, 0x59, 0x89, 0x1E, 0xF2, 0x95, 0x9F, 0x24,
+        0x8A, 0x35, 0x32, 0xBF, 0x9D, 0x30, 0xE7, 0x14,
+        0x05, 0x9E, 0xBD, 0xEC, 0x95, 0x87, 0x08, 0xF8,
+        0xA8, 0x3C, 0x26, 0x8B, 0xEF, 0x26, 0x82, 0xD6,
+        0x03, 0xCA, 0x88, 0x63, 0x47, 0xE1, 0x98, 0xFD,
+        0x68, 0x23, 0x39, 0x99, 0xC7, 0x7D, 0x30, 0xD7,
+        0x45, 0x5D, 0xE6, 0xBC, 0xFD, 0x01, 0x44, 0x27,
+        0x70, 0x62, 0xB3, 0x04, 0xBE, 0xF0, 0xE3, 0x4C,
+        0x5A, 0x9D, 0x8D, 0x78, 0x0D, 0x29, 0xEC, 0x23,
+        0x21, 0xE0, 0x73, 0x40, 0x77, 0x1C, 0x46, 0x36,
+        0x04, 0x83, 0xAD, 0xCA, 0xF1, 0x2D, 0x5B, 0x79,
+        0xFD, 0xBF, 0xE2, 0x85, 0x6A, 0xCE, 0x88, 0x59,
+        0xF6, 0xB1, 0x24, 0x14, 0xB3, 0xF7, 0xE8, 0xBB,
+        0x58, 0x13, 0x49, 0x89, 0x60, 0xF3, 0x4F, 0xDC,
+        0x64, 0xFC, 0x84, 0x85, 0x79, 0xCA, 0xF9, 0xDC,
+        0xCF, 0x19, 0xB4, 0xFB, 0x82, 0x5E, 0xD5, 0x71,
+        0x6D, 0xCC, 0xCD, 0x68, 0x72, 0xCB, 0xDE, 0x38,
+        0x31, 0xD6, 0x73, 0x84, 0x94, 0x2C, 0xD8, 0xA9,
+        0xEC, 0x4B, 0xBF, 0xEF, 0x57, 0x06, 0xB8, 0xF9,
+        0xF0, 0x5F, 0xE1, 0xE8, 0xFE, 0x69, 0xD3, 0xEA,
+        0x6A, 0x86, 0x21, 0xC2, 0x21, 0x44, 0x17, 0x7B,
+        0x1C, 0x12, 0x59, 0xE1, 0xA7, 0x9D, 0xFD, 0xF8,
+        0x97, 0x28, 0x88, 0x7B, 0xEF, 0x1A, 0x70, 0x48,
+        0x25, 0x56, 0x83, 0x1B, 0x67, 0x24, 0x40, 0xE1,
+        0x3F, 0xE3, 0xE3, 0xFC, 0x82, 0x04, 0xA0, 0x2E,
+        0xA1, 0xEF, 0xF1, 0x9D, 0x95, 0x25, 0x38, 0x87,
+        0x28, 0x5B, 0xFB, 0xEA, 0x16, 0xA0, 0xF2, 0x19,
+        0xEF, 0xBC, 0xEC, 0x30, 0xA8, 0xAE, 0x86, 0x58,
+        0x9A, 0x57, 0x03, 0x10, 0x3A, 0x8A, 0x39, 0x3F,
+        0xA6, 0xF6, 0xB6, 0x57, 0x70, 0x4A, 0xC6, 0x77,
+        0xC1, 0x4C, 0xD1, 0x0D, 0x3D, 0x62, 0xD1, 0x3F,
+        0xBD, 0x37, 0x8C, 0x2D, 0xDA, 0x32, 0x5B, 0x61,
+        0xB8, 0x59, 0x52, 0xD5, 0x12, 0x93, 0x87, 0x1E,
+        0x1F, 0xCD, 0xC9, 0x48, 0xC7, 0x7B, 0xEA, 0xE9,
+        0xA6, 0xF0, 0xE8, 0x7C, 0xE1, 0xA8, 0x05, 0x1C,
+        0x8F, 0x80, 0x87, 0x68, 0x5C, 0x12, 0x62, 0x4B,
+        0xDF, 0x58, 0x38, 0x0E, 0xD6, 0x6F, 0x55, 0xB4,
+        0x3D, 0xDD, 0x6D, 0x36, 0x21, 0x73, 0xA5, 0xBD,
+        0x38, 0x98, 0x59, 0xC1, 0x7D, 0x95, 0xEC, 0xE3,
+        0xAB, 0x73, 0x26, 0x39, 0xFF, 0xE4, 0x51, 0xCD,
+        0x10, 0x3E, 0xE4, 0x85, 0x4D, 0xB2, 0xF3, 0x96,
+        0x14, 0xF6, 0x58, 0xBA, 0xA3, 0x84, 0xBC, 0x99,
+        0x48, 0xD0, 0x71, 0x4E, 0xB4, 0x8A, 0x88, 0x71,
+        0x43, 0xE7, 0xA1, 0xFA, 0x4B, 0x69, 0x0C, 0x22,
+        0xB4, 0x92, 0xA7, 0x0C, 0x61, 0x2B, 0x59, 0xFF,
+        0xD2, 0xD6, 0xB3, 0xB5, 0xE9, 0x9C, 0x20, 0x03,
+        0xE2, 0xC3, 0x59, 0xB1, 0xE6, 0x2D, 0xCB, 0x62,
+        0x0C, 0x7A, 0x24, 0x6A, 0x7B, 0x9B, 0x32, 0x46,
+        0x13, 0x15, 0x56, 0xF2, 0xF3, 0xD5, 0x13, 0xA2,
+        0x3C, 0x6A, 0x9F, 0xD2, 0x28, 0x0E, 0xD6, 0x86,
+        0xD7, 0x67, 0xCC, 0xD0, 0x17, 0x54, 0xEB, 0x4C,
+        0x99, 0x69, 0x2F, 0x2B, 0x38, 0x0C, 0x36, 0x08,
+        0x13, 0x44, 0xC1, 0xD3, 0x5E, 0xE1, 0x94, 0x97,
+        0x36, 0xB6, 0x97, 0x6F, 0x48, 0x52, 0xCF, 0xBE,
+        0x64, 0xFA, 0xBC, 0xF1, 0x1B, 0x9A, 0xFB, 0x82,
+        0x85, 0x76, 0xB4, 0xF9, 0x78, 0x7A, 0xA7, 0xD0,
+        0x3E, 0x84, 0x59, 0x8A, 0x71, 0x43, 0xEF, 0x73,
+        0x11, 0xFA, 0xF2, 0x97, 0x0E, 0x23, 0xED, 0x4C,
+        0x17, 0x3F, 0x98, 0x5D, 0x64, 0x50, 0x16, 0x5A,
+        0xE3, 0xE2, 0x41, 0xA1, 0x82, 0x34, 0xE7, 0x4F,
+        0xF3, 0xDD, 0xB9, 0x21, 0xA5, 0x30, 0x0B, 0x1C,
+        0x4F, 0xB6, 0xE4, 0x32, 0xE6, 0x98, 0xF5, 0x3F,
+        0x66, 0xE3, 0x8C, 0x07, 0xBC, 0xD6, 0xE7, 0x76,
+        0x05, 0xDF, 0x46, 0x24, 0xD5, 0x79, 0x07, 0x62,
+        0x92, 0xDE, 0x1C, 0xE6, 0xFC, 0x6F, 0x00, 0x81,
+        0xA3, 0x8B, 0xD9, 0x2D, 0x39, 0xB2, 0x4B, 0x73,
+        0xBA, 0xC1, 0xC5, 0x2B, 0xD6, 0x8E, 0x91, 0x81,
+        0xD3, 0xDC, 0xD0, 0xAC, 0x75, 0x34, 0xDB, 0x48,
+        0x90, 0x1E, 0x59, 0x84, 0xF9, 0x90, 0x25, 0x57,
+        0xBF, 0xA2, 0x31, 0xB2, 0xEA, 0x28, 0xC3, 0x18,
+        0x32, 0x62, 0xA1, 0xB2, 0x22, 0x1F, 0x74, 0x26,
+        0xEA, 0x88, 0xA5, 0x81, 0x60, 0x93, 0xA5, 0xCA,
+        0xE2, 0xCD, 0x5D, 0x59, 0xA9, 0x39, 0x0F, 0xC9,
+        0x3A, 0x29, 0x56, 0x94, 0x4B, 0x06, 0x4C, 0xF0,
+        0x13, 0xBC, 0xDB, 0x67, 0xFB, 0x42, 0x3D, 0x13,
+        0x28, 0xD2, 0xC6, 0xD7, 0xBA, 0x32, 0x90, 0x13,
+        0xFA, 0x2D, 0x30, 0xEF, 0xD6, 0x9F, 0xDC, 0xA1,
+        0xA9, 0x5E, 0xA6, 0xD0, 0x6C, 0x73, 0x63, 0x53,
+        0x4B, 0x2F, 0x3F, 0x7D, 0xAA, 0xFA, 0x29, 0x6E,
+        0xAA, 0x09, 0xB3, 0x66, 0x8E, 0x9C, 0xF8, 0x2D,
+        0x9B, 0xA9, 0x59, 0xB3, 0x2F, 0x3C, 0xAD, 0x3C,
+        0x10, 0xC6, 0xEA, 0x48, 0x61, 0x15, 0x54, 0x53,
+        0x9C, 0x37, 0xDF, 0x6B, 0xCA, 0x33, 0x85, 0xEA,
+        0xD3, 0xFC, 0xFF, 0x96, 0xD3, 0x72, 0xB4, 0x23,
+        0x93, 0xB7, 0x3C, 0x8D, 0xAA, 0xAA, 0x31, 0x50,
+        0x6E, 0xE0, 0x52, 0x7B, 0x7F, 0xB3, 0xE5, 0x93,
+        0xDC, 0xCC, 0xA5, 0x7C, 0x8F, 0xBB, 0xD4, 0xA3,
+        0xC7, 0xF8, 0xA5, 0x38, 0x99, 0x86, 0x91, 0x32,
+        0xFB, 0xC3, 0xE4, 0x05, 0x06, 0x07, 0xBB, 0xFE,
+        0x29, 0xC6, 0x75, 0xE3, 0x94, 0x5E, 0x74, 0xA3,
+        0x1C, 0xD5, 0x31, 0xBA, 0x7A, 0xEB, 0x2E, 0x2F,
+        0x0C, 0xD9, 0x90, 0xB8, 0xF9, 0x83, 0xA9, 0x0D,
+        0xFE, 0xA0, 0x56, 0x8F, 0x06, 0x77, 0xEA, 0x95,
+        0x63, 0xF7, 0xC4, 0x79, 0xDE, 0x96, 0x89, 0x40,
+        0xCF, 0x24, 0x29, 0x92, 0x69, 0x28, 0x65, 0xCF,
+        0xDA, 0x89, 0xFA, 0x07, 0x8B, 0xBE, 0xF4, 0x9C,
+        0xE4, 0x57, 0x5B, 0xDF, 0xB3, 0x80, 0x36, 0x60,
+        0x11, 0xC8, 0x43, 0x5F, 0x12, 0xB4, 0x2D, 0x9A,
+        0xB9, 0x9A, 0xB6, 0xA3, 0x19, 0x12, 0xC4, 0x35,
+        0x41, 0x49, 0xD7, 0x23, 0x10, 0x1D, 0x13, 0x65,
+        0xA6, 0x5E, 0x7C, 0xC6, 0x8D, 0x82, 0xE3, 0x05,
+        0x17, 0x77, 0x39, 0x02, 0xFB, 0x38, 0xDD, 0xA2,
+        0xB3, 0x24, 0xE7, 0x20, 0x8E, 0x98, 0x7E, 0xD2,
+        0x87, 0xD0, 0x92, 0xE7, 0x66, 0x2A, 0x43, 0x02,
+        0x41, 0xBF, 0xCA, 0x55, 0x2D, 0x31, 0x41, 0x27,
+        0xE3, 0x8C, 0x85, 0x97, 0xA8, 0x95, 0x19, 0xD4,
+        0xF1, 0xE6, 0x2A, 0x79, 0x46, 0x5A, 0xD5, 0xF4,
+        0xEA, 0xA3, 0xFA, 0x77, 0xCD, 0x98, 0x32, 0x6D,
+        0x2F, 0x92, 0xCE, 0x98, 0x52, 0x05, 0x5C, 0xEC,
+        0xCF, 0x62, 0xD6, 0x3C, 0xB9, 0xD7, 0xF1, 0x98,
+        0xAE, 0x08, 0x5E, 0x4D, 0x45, 0xC8, 0xE4, 0x8F,
+        0xCF, 0xFE, 0x59, 0x3A, 0xD6, 0x52, 0xD9, 0x15,
+        0x41, 0x67, 0xBF, 0x3E, 0x61, 0x95, 0x81, 0x0A,
+        0x44, 0x5A, 0xE1, 0x58, 0xF1, 0xF9, 0xA6, 0x79,
+        0x33, 0x63, 0xAF, 0xC1, 0xF2, 0x2C, 0xA8, 0x82,
+        0xFE, 0xED, 0x3A, 0x5F, 0x57, 0x27, 0xCA, 0x76,
+        0x47, 0x7C, 0x5F, 0x23, 0xF0, 0xFC, 0x87, 0x00,
+        0xCD, 0xC6, 0xA5, 0xBC, 0xB2, 0xB2, 0x0B, 0x4F,
+        0x92, 0x66, 0x35, 0x1D, 0x30, 0x4A, 0x96, 0xA8,
+        0x2B, 0xF5, 0xF3, 0x14, 0xAF, 0x68, 0x5C, 0x1C,
+        0x70, 0x7C, 0x92, 0xE3, 0xE8, 0x47, 0xB7, 0x04,
+        0x7D, 0x68, 0x9C, 0x70, 0xB2, 0x5E, 0x55, 0x01,
+        0xCA, 0xEC, 0x99, 0x19, 0x62, 0x6F, 0x4A, 0x0F,
+        0xC8, 0x15, 0x86, 0xAF, 0x1E, 0xC8, 0x88, 0x89,
+        0xB4, 0x23, 0x38, 0x7D, 0x5D, 0x95, 0x48, 0x26,
+        0x18, 0xA6, 0x50, 0xE8, 0x0B, 0x53, 0xB0, 0x7C,
+        0xAC, 0xE3, 0x22, 0x89, 0x40, 0x60, 0x2E, 0x3D,
+        0xB4, 0x74, 0x66, 0xCE, 0x9B, 0xCC, 0xB6, 0xE4,
+        0xD8, 0xAA, 0x61, 0xC8, 0x91, 0x25, 0x83, 0xE8,
+        0x10, 0xB3, 0xB2, 0xE7, 0xE9, 0xCB, 0x48, 0xBD,
+        0x40, 0x3E, 0xCF, 0x08, 0xD2, 0x8C, 0x70, 0xAE,
+        0x0B, 0x62, 0x08, 0x59, 0xC1, 0xF0, 0x9B, 0x61,
+        0x13, 0x14, 0x04, 0xC3, 0xD5, 0xBF, 0xFC, 0xD8,
+        0x60, 0xE0, 0xF4, 0x2A, 0xB2, 0x99, 0x00, 0x62,
+        0x30, 0xB2, 0x87, 0x6D, 0x77, 0xDD, 0xA9, 0x1C,
+        0x8C, 0x62, 0xBD, 0x93, 0xA8, 0x44, 0xE4, 0xB3,
+        0x44, 0xE3, 0x25, 0x5E, 0xEA, 0x53, 0x1C, 0x6C,
+        0x45, 0x8D, 0x04, 0xAB, 0xDB, 0x0F, 0xAE, 0xF2,
+        0xD1, 0xC0, 0xB4, 0xC5, 0x5F, 0x57, 0x0A, 0x5A,
+        0x51, 0x02, 0x3F, 0x4D, 0x4E, 0xFF, 0xF5, 0x9F,
+        0x9A, 0xBE, 0x17, 0x92, 0x2F, 0xE7, 0x32, 0xCA,
+        0x71, 0xBC, 0xD4, 0x34, 0xAD, 0x77, 0x10, 0xB8,
+        0x4C, 0xD4, 0xAC, 0x9F, 0x25, 0x07, 0xA0, 0x68,
+        0x26, 0x56, 0x2A, 0xD7, 0xF6, 0x47, 0x82, 0x6F,
+        0x9D, 0xBB, 0xE4, 0xED, 0xD2, 0x3F, 0x12, 0x43,
+        0x69, 0xDB, 0x85, 0x26, 0xFC, 0x2B, 0x4D, 0x52,
+        0xF0, 0x74, 0x14, 0x15, 0xF9, 0x72, 0xBE, 0xF6,
+        0xA9, 0x35, 0xBD, 0x81, 0x2A, 0x56, 0xC8, 0x22,
+        0x1B, 0x7D, 0xEF, 0x0F, 0x51, 0x06, 0xBC, 0x01,
+        0xE9, 0x13, 0xE3, 0xD4, 0x3D, 0xB8, 0x6C, 0x2B,
+        0xB4, 0xC7, 0xE0, 0x76, 0x26, 0x63, 0xC6, 0xDE,
+        0x78, 0x87, 0x21, 0xC2, 0xAA, 0x07, 0xF8, 0x95,
+        0x48, 0x87, 0xE2, 0x14, 0x2F, 0x2E, 0x91, 0x4A,
+        0x09, 0x9E, 0xFC, 0x0A, 0xEE, 0x13, 0x39, 0x21,
+        0x0D, 0x3E, 0x53, 0xDA, 0x3E, 0xCF, 0x88, 0x62,
+        0x4B, 0x11, 0x19, 0xBE, 0x34, 0x01, 0x0B, 0x88,
+        0x6C, 0x80, 0xF5, 0x1D, 0x18, 0x50, 0x83, 0x8F,
+        0x21, 0x50, 0xE7, 0x2B, 0x04, 0x2A, 0xF3, 0x28,
+        0x99, 0xC0, 0xD3, 0xD7, 0xB0, 0x2A, 0x57, 0xF8,
+        0xCF, 0x26, 0x3A, 0x36, 0x95, 0x62, 0xE4, 0xE9,
+        0x45, 0xA3, 0x12, 0x82, 0xA5, 0x02, 0xA9, 0x5E,
+        0xE9, 0xBB, 0x03, 0x16, 0xC6, 0x86, 0x10, 0x06,
+        0xDA, 0xC1, 0x7F, 0x93, 0x6F, 0x54, 0xC4, 0xC7
+    };
+#endif /* WOLFSSL_NO_ML_DSA_87 */
+#else
 #ifndef WOLFSSL_NO_ML_DSA_44
     static const byte seed_44[] = {
         0xBA, 0xC0, 0x59, 0x52, 0x75, 0x5B, 0x26, 0x47,
@@ -34532,6 +38494,7 @@ static int test_wc_dilithium_make_key_from_seed(void)
         0x03, 0x23, 0x9F, 0x66, 0x85, 0x4B, 0x70, 0x45
     };
 #endif /* WOLFSSL_NO_ML_DSA_87 */
+#endif
 
     key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     ExpectNotNull(key);
@@ -34566,12 +38529,6930 @@ static int test_wc_dilithium_make_key_from_seed(void)
     return EXPECT_RESULT();
 }
 
+static int test_wc_dilithium_sig_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+    dilithium_key* key;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte sk_44[] = {
+        0x5D, 0xFB, 0x07, 0xA2, 0x04, 0x4B, 0x93, 0x16,
+        0x75, 0xC7, 0x89, 0x43, 0xEA, 0xC3, 0xC4, 0xC5,
+        0x7B, 0x07, 0x77, 0x8A, 0xD9, 0xAF, 0x2E, 0x87,
+        0xC4, 0x70, 0xB9, 0xCC, 0x2C, 0x8D, 0xA1, 0xE3,
+        0x75, 0xBC, 0xB3, 0xBC, 0xD1, 0x9E, 0x7B, 0xB9,
+        0x83, 0xC9, 0x63, 0x66, 0xCC, 0xEA, 0x14, 0x1E,
+        0xAE, 0x22, 0x07, 0x75, 0x52, 0x24, 0xC8, 0xC6,
+        0xC6, 0x1F, 0x90, 0x89, 0x89, 0xCF, 0xF2, 0xF6,
+        0x27, 0x98, 0xA6, 0x86, 0x45, 0x77, 0x95, 0x15,
+        0xD4, 0x74, 0xDD, 0xA6, 0x1F, 0x33, 0x41, 0x42,
+        0x4E, 0xDA, 0x24, 0x79, 0x60, 0x27, 0x34, 0x4E,
+        0x36, 0x94, 0x14, 0x74, 0x81, 0x9A, 0x58, 0x44,
+        0x2B, 0x74, 0xBF, 0x50, 0x60, 0xB8, 0x40, 0x94,
+        0x4A, 0xEF, 0xDE, 0xA7, 0xA4, 0xCF, 0xFC, 0xB3,
+        0x9D, 0xE2, 0x07, 0xFD, 0x9E, 0x6A, 0xC6, 0x2E,
+        0x6D, 0x0D, 0xB2, 0xB4, 0x51, 0x2E, 0x20, 0x26,
+        0x00, 0xB5, 0x30, 0x01, 0xA9, 0x2D, 0xE2, 0x42,
+        0x02, 0x42, 0x12, 0x71, 0x24, 0xB7, 0x28, 0x94,
+        0x30, 0x86, 0xDA, 0x22, 0x30, 0x00, 0x87, 0x65,
+        0xCC, 0x22, 0x91, 0x1B, 0x05, 0x82, 0x03, 0x46,
+        0x8A, 0xA0, 0x32, 0x26, 0x40, 0xB4, 0x84, 0xC3,
+        0x14, 0x2D, 0x88, 0x14, 0x8C, 0x94, 0x92, 0x49,
+        0x23, 0x15, 0x0E, 0xCA, 0x88, 0x09, 0x18, 0x94,
+        0x68, 0x82, 0x38, 0x00, 0x21, 0x41, 0x28, 0x8C,
+        0xB8, 0x80, 0x02, 0x09, 0x49, 0x5A, 0xB4, 0x11,
+        0x9B, 0x28, 0x05, 0xE4, 0x42, 0x30, 0xCA, 0x24,
+        0x80, 0xA4, 0x06, 0x2A, 0xD3, 0x92, 0x05, 0x1C,
+        0x03, 0x6A, 0x22, 0x36, 0x4A, 0x92, 0x44, 0x52,
+        0xE2, 0x48, 0x28, 0x19, 0x83, 0x68, 0x88, 0xC6,
+        0x31, 0x41, 0x90, 0x50, 0x00, 0x43, 0x8E, 0x23,
+        0x87, 0x60, 0x19, 0x43, 0x81, 0x50, 0x32, 0x69,
+        0x81, 0xC0, 0x51, 0x12, 0x06, 0x08, 0x02, 0x08,
+        0x82, 0xC4, 0xA6, 0x81, 0x03, 0xA5, 0x90, 0x8C,
+        0xB6, 0x00, 0x90, 0x14, 0x66, 0x01, 0xB1, 0x08,
+        0x12, 0x25, 0x48, 0x1A, 0x88, 0x11, 0x43, 0x38,
+        0x60, 0x23, 0x26, 0x2E, 0x14, 0x45, 0x0D, 0x9C,
+        0x92, 0x8C, 0xA2, 0x46, 0x12, 0x94, 0xA6, 0x05,
+        0x88, 0xB0, 0x11, 0x0A, 0xB0, 0x28, 0xA4, 0x42,
+        0x09, 0x9C, 0x82, 0x80, 0x1A, 0x80, 0x61, 0x59,
+        0xB0, 0x8D, 0x40, 0xA6, 0x6D, 0x12, 0xC9, 0x0C,
+        0xD9, 0x18, 0x68, 0xA3, 0x84, 0x2C, 0x02, 0xB6,
+        0x25, 0x01, 0x40, 0x2C, 0xD8, 0x20, 0x4D, 0x1B,
+        0x35, 0x30, 0x11, 0x10, 0x49, 0x63, 0x44, 0x31,
+        0x8A, 0xB2, 0x70, 0x4B, 0x24, 0x28, 0xA0, 0x46,
+        0x08, 0xC9, 0x06, 0x81, 0x08, 0xC5, 0x04, 0x4A,
+        0xB2, 0x30, 0x08, 0x15, 0x04, 0x24, 0xA2, 0x65,
+        0x9B, 0x88, 0x41, 0x19, 0x36, 0x2E, 0xE2, 0xB8,
+        0x29, 0xD9, 0x12, 0x64, 0x41, 0xA6, 0x30, 0x22,
+        0xB7, 0x8C, 0x93, 0x38, 0x69, 0x93, 0x30, 0x0A,
+        0xC8, 0xB6, 0x85, 0x23, 0xB1, 0x8D, 0x01, 0x38,
+        0x0A, 0x59, 0xA0, 0x09, 0x64, 0x12, 0x6E, 0x88,
+        0x08, 0x22, 0xDB, 0x00, 0x08, 0x0C, 0x08, 0x12,
+        0x99, 0x42, 0x44, 0x1B, 0x00, 0x68, 0x08, 0x13,
+        0x26, 0x53, 0xA2, 0x40, 0x5A, 0x34, 0x25, 0x98,
+        0x90, 0x8C, 0x00, 0x34, 0x2D, 0x93, 0x94, 0x48,
+        0xC8, 0x22, 0x4C, 0xE2, 0x44, 0x29, 0xE2, 0x00,
+        0x28, 0x14, 0x22, 0x40, 0x48, 0x28, 0x24, 0x22,
+        0x49, 0x06, 0xCA, 0xC8, 0x0C, 0x4C, 0x12, 0x80,
+        0x1B, 0xA5, 0x41, 0x11, 0x06, 0x48, 0x1B, 0x27,
+        0x72, 0x20, 0x07, 0x31, 0x24, 0x10, 0x8E, 0x9C,
+        0x94, 0x91, 0x1B, 0x37, 0x82, 0x51, 0x28, 0x2E,
+        0x11, 0x06, 0x42, 0x01, 0x34, 0x6E, 0x8C, 0x22,
+        0x25, 0x24, 0x34, 0x6A, 0x19, 0x47, 0x21, 0x23,
+        0xB6, 0x09, 0x51, 0xB2, 0x31, 0x18, 0x34, 0x45,
+        0x8C, 0xB8, 0x20, 0x1C, 0x19, 0x0A, 0x19, 0xB7,
+        0x6D, 0x18, 0x97, 0x48, 0x09, 0x82, 0x04, 0x9C,
+        0x12, 0x8A, 0x41, 0x08, 0x46, 0x24, 0x13, 0x31,
+        0xD0, 0x42, 0x46, 0xC3, 0x16, 0x80, 0x51, 0x10,
+        0x2E, 0x51, 0x48, 0x04, 0x5C, 0xC2, 0x64, 0x1A,
+        0x10, 0x8E, 0xD9, 0x86, 0x64, 0x90, 0x24, 0x68,
+        0x93, 0xB4, 0x45, 0x94, 0x30, 0x4A, 0xE3, 0x12,
+        0x0C, 0x54, 0x04, 0x90, 0x03, 0x31, 0x40, 0x62,
+        0x92, 0x4D, 0x5C, 0xC8, 0x10, 0x8A, 0xB8, 0x61,
+        0x5C, 0x04, 0x6A, 0xC8, 0xB0, 0x85, 0x93, 0x00,
+        0x05, 0xC3, 0x06, 0x69, 0x1B, 0x34, 0x8E, 0x03,
+        0x84, 0x0C, 0x50, 0x00, 0x2C, 0x8C, 0x96, 0x90,
+        0x08, 0x32, 0x68, 0x0B, 0x90, 0x8C, 0x02, 0x86,
+        0x2D, 0x18, 0x38, 0x09, 0x1C, 0xB2, 0x21, 0x1B,
+        0x48, 0x04, 0x5C, 0x10, 0x86, 0xD8, 0x34, 0x51,
+        0x43, 0x84, 0x88, 0x43, 0xB2, 0x65, 0x12, 0xB6,
+        0x8D, 0x03, 0x01, 0x45, 0x19, 0xB8, 0x8D, 0x92,
+        0x26, 0x4E, 0x12, 0x12, 0x88, 0x52, 0xB2, 0x64,
+        0x21, 0x09, 0x26, 0x49, 0x38, 0x05, 0x24, 0x11,
+        0x0A, 0x22, 0x38, 0x32, 0x23, 0x31, 0x20, 0x4A,
+        0x24, 0x42, 0xC4, 0xA2, 0x44, 0x20, 0x10, 0x0D,
+        0xA1, 0xA8, 0x51, 0x23, 0x86, 0x84, 0x81, 0x38,
+        0x8E, 0x02, 0x00, 0x4A, 0x1C, 0xB7, 0x24, 0x4C,
+        0x06, 0x0A, 0x1C, 0x26, 0x4E, 0xCC, 0x22, 0x48,
+        0x4C, 0x92, 0x2D, 0xC0, 0x20, 0x2D, 0xA1, 0x16,
+        0x89, 0xC3, 0x44, 0x82, 0x19, 0xA7, 0x6D, 0xC4,
+        0x90, 0x10, 0x01, 0x82, 0x89, 0xD8, 0x44, 0x22,
+        0xD9, 0x98, 0x20, 0xC0, 0x88, 0x45, 0x88, 0x22,
+        0x0C, 0x90, 0x36, 0x90, 0x90, 0xA4, 0x05, 0xD3,
+        0x82, 0x21, 0xD0, 0xA6, 0x28, 0x00, 0x33, 0x25,
+        0xA2, 0xC2, 0x6C, 0xD8, 0x10, 0x71, 0xD1, 0x96,
+        0x50, 0xC3, 0x34, 0x08, 0x8B, 0x94, 0x2D, 0x61,
+        0x88, 0x04, 0x1B, 0xC8, 0x2D, 0xE2, 0x30, 0x64,
+        0x20, 0x28, 0x24, 0x1A, 0x34, 0x50, 0x10, 0x25,
+        0x6A, 0x64, 0x36, 0x81, 0x09, 0xC1, 0x45, 0xE3,
+        0x30, 0x80, 0xC3, 0xA6, 0x8C, 0xE0, 0xB6, 0x10,
+        0xC3, 0x34, 0x8D, 0xD1, 0x06, 0x11, 0x88, 0x20,
+        0x0A, 0x0A, 0xC8, 0x21, 0x20, 0x81, 0x30, 0x9C,
+        0x14, 0x61, 0x9B, 0xC2, 0x50, 0x22, 0x15, 0x8D,
+        0x80, 0xA0, 0x41, 0x89, 0x24, 0x41, 0x20, 0x93,
+        0x40, 0x01, 0xA6, 0x09, 0x08, 0x25, 0x2E, 0xC1,
+        0xC6, 0x85, 0x00, 0x17, 0x62, 0x41, 0x30, 0x32,
+        0xDC, 0x06, 0x6D, 0x48, 0x88, 0x08, 0x84, 0xC8,
+        0x30, 0x5B, 0x96, 0x8D, 0x42, 0xB4, 0x4C, 0xD0,
+        0x34, 0x88, 0xD0, 0x04, 0x02, 0x18, 0x15, 0x52,
+        0x52, 0x26, 0x30, 0x8C, 0x46, 0x28, 0x20, 0x94,
+        0x4C, 0x21, 0x18, 0x00, 0xD0, 0xB2, 0x48, 0x1B,
+        0x17, 0x0A, 0x09, 0x30, 0x4C, 0x44, 0xC2, 0x04,
+        0x47, 0x5E, 0xF2, 0x33, 0x31, 0xFF, 0x66, 0x73,
+        0xE2, 0x6E, 0x6A, 0x32, 0xF2, 0x94, 0xBE, 0xFB,
+        0xD5, 0x96, 0x4F, 0xED, 0x98, 0x7A, 0x42, 0xA2,
+        0x35, 0xFC, 0x5B, 0x16, 0x08, 0x61, 0x45, 0xC0,
+        0xB8, 0xA8, 0x23, 0xFB, 0xC1, 0x4F, 0x1C, 0x8C,
+        0xD0, 0x3F, 0xD6, 0xEE, 0xC4, 0x95, 0x28, 0x3E,
+        0x03, 0x5C, 0x0D, 0xCA, 0xE5, 0x2E, 0x68, 0xF3,
+        0x29, 0xDE, 0x7A, 0xDF, 0xD6, 0x4F, 0xEE, 0x0B,
+        0x11, 0x6D, 0x4A, 0x14, 0xE1, 0x53, 0x94, 0xB3,
+        0x1D, 0xF8, 0x8B, 0xCA, 0x10, 0xD1, 0xC9, 0x06,
+        0xAA, 0x82, 0x28, 0x7C, 0x11, 0x74, 0x99, 0xE9,
+        0xD8, 0xC7, 0x7D, 0x17, 0xA9, 0x5C, 0xCC, 0x14,
+        0xAF, 0xF9, 0xC2, 0x05, 0xD2, 0x64, 0x80, 0xA5,
+        0x70, 0xB5, 0x77, 0x0B, 0x04, 0x81, 0x99, 0xCF,
+        0x3F, 0x0E, 0x1B, 0x91, 0xAB, 0x39, 0x4B, 0x1F,
+        0x65, 0xD4, 0x7F, 0x92, 0x98, 0xD0, 0x96, 0xCA,
+        0x25, 0xC0, 0x99, 0xBC, 0x67, 0xF4, 0x33, 0x42,
+        0x63, 0xE3, 0x6B, 0xD9, 0xE6, 0x6B, 0x99, 0x8A,
+        0x07, 0xDC, 0x1E, 0x18, 0x1E, 0x05, 0x38, 0x6E,
+        0x96, 0x8F, 0x1C, 0xB0, 0xAB, 0x1E, 0x9A, 0x67,
+        0xD5, 0xD3, 0x30, 0x11, 0x20, 0x37, 0x82, 0x24,
+        0x88, 0x1F, 0x65, 0x17, 0x59, 0xEC, 0x7D, 0xBF,
+        0x45, 0x78, 0x1E, 0xF8, 0xA8, 0x4D, 0xAD, 0xAF,
+        0xE6, 0x13, 0xD6, 0x01, 0x69, 0x66, 0xBD, 0x88,
+        0x44, 0xB6, 0xA6, 0x17, 0xAC, 0xA1, 0xEE, 0xF6,
+        0x73, 0xB7, 0x74, 0xCC, 0x80, 0x7B, 0x36, 0xDD,
+        0x02, 0xDD, 0x45, 0x21, 0x66, 0x86, 0x03, 0x7F,
+        0x9A, 0xC0, 0xB1, 0x2F, 0x57, 0x26, 0xF2, 0x51,
+        0xC5, 0x72, 0x43, 0xE2, 0xC1, 0x88, 0xF5, 0xEC,
+        0xC0, 0x97, 0xE0, 0xB9, 0x89, 0xB5, 0x8A, 0x5D,
+        0x80, 0x4A, 0xBF, 0xD7, 0x20, 0x25, 0x55, 0x77,
+        0x66, 0x8E, 0xE3, 0x04, 0xD0, 0x1C, 0x50, 0xFE,
+        0x8B, 0x6D, 0x90, 0x68, 0x53, 0xCF, 0x7A, 0x49,
+        0x4F, 0xB4, 0x79, 0x91, 0xF1, 0x81, 0xB7, 0x42,
+        0x0E, 0x74, 0x19, 0x9C, 0x82, 0xE7, 0x1A, 0x82,
+        0x4B, 0xF8, 0xC6, 0x13, 0x1D, 0xF4, 0xD1, 0x85,
+        0x6F, 0x11, 0xE7, 0x04, 0x07, 0x70, 0x72, 0x4D,
+        0xE7, 0x2C, 0x81, 0x5A, 0xC0, 0x44, 0x3F, 0x2E,
+        0x77, 0xEC, 0x22, 0xA1, 0x28, 0xDB, 0x18, 0xE1,
+        0x18, 0x3E, 0xE7, 0x96, 0x82, 0xC4, 0x30, 0x24,
+        0xC9, 0x07, 0x46, 0x6C, 0x35, 0x4B, 0x1C, 0x7B,
+        0x0E, 0x0E, 0xF0, 0x9F, 0x16, 0x48, 0x7B, 0xD8,
+        0xA9, 0x9C, 0x3A, 0x0A, 0x9E, 0xDB, 0xF0, 0x0F,
+        0x15, 0xA5, 0xEB, 0x1C, 0x50, 0xD4, 0x27, 0x36,
+        0xDB, 0x07, 0x63, 0xBD, 0x56, 0xBD, 0xFA, 0x81,
+        0x09, 0x9A, 0xDE, 0xCE, 0xE8, 0x4A, 0xEA, 0x06,
+        0x9C, 0x06, 0x5B, 0x67, 0x03, 0x14, 0xB9, 0xE4,
+        0x8C, 0x66, 0x75, 0xA3, 0xCC, 0x69, 0x39, 0x57,
+        0xDA, 0x1D, 0x21, 0xBA, 0xCE, 0xD8, 0x70, 0x02,
+        0xFF, 0xF5, 0x6F, 0x25, 0x3A, 0x3D, 0xFC, 0x79,
+        0xA3, 0xF0, 0x3A, 0x3F, 0x2B, 0x10, 0x51, 0x9A,
+        0xCB, 0xC9, 0x1A, 0xF5, 0xF1, 0x98, 0x5B, 0x5C,
+        0x87, 0x96, 0x4E, 0xC8, 0x00, 0x8A, 0x3A, 0x6E,
+        0x85, 0x02, 0xA5, 0xF1, 0x69, 0x32, 0x6E, 0xC1,
+        0x95, 0x68, 0xCF, 0xA8, 0xE8, 0x85, 0x55, 0x4D,
+        0x6A, 0x68, 0x1F, 0x00, 0xDD, 0x26, 0xB3, 0x24,
+        0xF4, 0x9D, 0xD2, 0x4D, 0x81, 0x06, 0xDA, 0xE6,
+        0x4D, 0x11, 0x73, 0xDF, 0xFE, 0x4F, 0xA6, 0x22,
+        0x5E, 0x6C, 0x6D, 0x5E, 0xE3, 0x59, 0xCF, 0xF4,
+        0x35, 0xA0, 0x80, 0x86, 0x89, 0x49, 0xB2, 0xED,
+        0x0C, 0xC7, 0x3B, 0x42, 0x06, 0x68, 0x8D, 0x90,
+        0x04, 0x1A, 0xBD, 0x51, 0xF6, 0xB9, 0x29, 0x2E,
+        0xB6, 0xF0, 0x79, 0x40, 0x1E, 0x6E, 0x59, 0x94,
+        0xFB, 0xF5, 0x6B, 0x72, 0x82, 0x4C, 0xB6, 0xC7,
+        0x2B, 0x12, 0x71, 0x77, 0xDD, 0x89, 0xCC, 0x2F,
+        0x98, 0xB0, 0x93, 0x1C, 0x98, 0xCE, 0x5E, 0x89,
+        0x0D, 0x95, 0x7B, 0x98, 0xE1, 0xEA, 0xDC, 0xB7,
+        0xFF, 0x22, 0xC5, 0x31, 0x40, 0x9E, 0x1C, 0x80,
+        0x59, 0x47, 0x01, 0x49, 0xEC, 0x81, 0xEF, 0x16,
+        0x32, 0x6B, 0xB0, 0x4E, 0xE2, 0x3B, 0xA3, 0xC1,
+        0x03, 0x12, 0x0D, 0xA6, 0x65, 0xDE, 0x8D, 0xB0,
+        0xA0, 0xBB, 0x75, 0xEF, 0x5C, 0xDA, 0xF4, 0xEE,
+        0x47, 0x6E, 0x55, 0x02, 0x38, 0xCD, 0xC1, 0xAC,
+        0xDD, 0x71, 0xA6, 0x34, 0xAB, 0xCE, 0xA5, 0x5C,
+        0x90, 0xFF, 0xF8, 0xE0, 0xA7, 0x87, 0xBD, 0x21,
+        0x36, 0x91, 0x4F, 0x23, 0xD8, 0x75, 0x58, 0xC5,
+        0xF6, 0xBA, 0xAC, 0x54, 0x6C, 0x24, 0xB1, 0x41,
+        0x02, 0x02, 0xB9, 0x44, 0x31, 0x0E, 0xC4, 0xC9,
+        0xC6, 0x87, 0x85, 0x36, 0x05, 0xC8, 0xAE, 0xC9,
+        0xF1, 0xEF, 0x6B, 0x67, 0x52, 0xD3, 0x9A, 0x15,
+        0xBF, 0xA2, 0x47, 0xEF, 0x89, 0xFC, 0x06, 0x99,
+        0xA1, 0x1A, 0xE4, 0x5A, 0x75, 0xE5, 0x09, 0xD4,
+        0x54, 0xE9, 0x89, 0xF2, 0x60, 0x6E, 0xAB, 0x10,
+        0xF8, 0x42, 0xE4, 0xAD, 0x57, 0xC6, 0xE3, 0x65,
+        0x48, 0x94, 0x14, 0x05, 0x4F, 0x62, 0x20, 0x0F,
+        0x3A, 0x1E, 0xC7, 0x62, 0xDC, 0x5C, 0x8E, 0xFA,
+        0x19, 0x88, 0x47, 0x5D, 0xE8, 0xC3, 0xD5, 0x8C,
+        0x2B, 0x71, 0xBA, 0x11, 0x98, 0x7C, 0x0A, 0xC6,
+        0x42, 0x08, 0x3B, 0xAC, 0x76, 0xFB, 0x50, 0x78,
+        0x8C, 0x26, 0x8F, 0xEE, 0x7B, 0xE2, 0x59, 0x9B,
+        0x34, 0x58, 0x09, 0x2A, 0x8B, 0xCB, 0x1F, 0x31,
+        0x94, 0x8F, 0xE4, 0x82, 0xDF, 0x9A, 0x54, 0x5B,
+        0x63, 0x85, 0x94, 0xD6, 0x7A, 0x44, 0x06, 0x91,
+        0x5C, 0xCD, 0xC7, 0x55, 0x57, 0x47, 0xC0, 0x4E,
+        0x72, 0xA5, 0x48, 0xAB, 0x8F, 0xEE, 0x87, 0x6B,
+        0x25, 0x82, 0x61, 0x3C, 0xCA, 0xBD, 0xA9, 0x6C,
+        0xF1, 0x4A, 0xAA, 0xF6, 0x71, 0x6B, 0x79, 0x0B,
+        0xFE, 0x4D, 0x92, 0x32, 0xD9, 0x03, 0x70, 0xD6,
+        0x0B, 0xBC, 0x18, 0x4B, 0xA3, 0x3B, 0xCF, 0x77,
+        0x83, 0x16, 0xE3, 0x4B, 0x11, 0x83, 0x8D, 0x8F,
+        0x71, 0xFE, 0xEA, 0xC0, 0x42, 0xF0, 0x35, 0xB0,
+        0x76, 0xEA, 0xC1, 0xC2, 0x62, 0xFA, 0x9C, 0x32,
+        0xBC, 0x8D, 0x69, 0xB1, 0x38, 0xB3, 0x51, 0x31,
+        0x8E, 0xD1, 0xF3, 0x44, 0x95, 0x95, 0x11, 0x52,
+        0x36, 0xF4, 0xCA, 0x7C, 0xBA, 0x2B, 0xA9, 0xE1,
+        0x03, 0xF0, 0xF5, 0x09, 0xAB, 0x91, 0x6E, 0x48,
+        0xB8, 0xAF, 0x03, 0x9B, 0xDC, 0xD5, 0x1C, 0xAB,
+        0xFA, 0xCA, 0xDC, 0xEE, 0x8E, 0x49, 0x84, 0xF5,
+        0x61, 0xF9, 0x7D, 0x17, 0xCB, 0xF1, 0xDE, 0x9A,
+        0x7A, 0x7B, 0xDA, 0xF3, 0x26, 0xE6, 0xD8, 0xAD,
+        0x90, 0xE9, 0x5B, 0xAF, 0x15, 0x45, 0xD3, 0xE2,
+        0x46, 0x69, 0xD1, 0xC5, 0xF4, 0x28, 0xE0, 0x7E,
+        0x2C, 0x71, 0x10, 0xFF, 0x43, 0x59, 0x80, 0x93,
+        0xE6, 0xF9, 0x28, 0xA0, 0x34, 0xC6, 0x86, 0xBA,
+        0xE7, 0x5A, 0x56, 0x7A, 0xE4, 0xF5, 0x20, 0xB4,
+        0x4D, 0xAC, 0xB4, 0x95, 0xE5, 0xB2, 0xC6, 0x43,
+        0x9E, 0x2E, 0x67, 0x8E, 0x7C, 0x05, 0x4F, 0xF7,
+        0x60, 0x14, 0x88, 0xC6, 0xAE, 0x4A, 0x05, 0x36,
+        0x99, 0x73, 0x55, 0x10, 0xF9, 0xDB, 0xC3, 0x4C,
+        0xD7, 0x6A, 0x19, 0x94, 0xC0, 0xFE, 0x74, 0x12,
+        0xC0, 0xCE, 0x95, 0x15, 0xBF, 0x60, 0x3A, 0x8E,
+        0xB5, 0xFC, 0x8A, 0xBC, 0xAC, 0x9F, 0x15, 0x10,
+        0x44, 0x73, 0x58, 0x60, 0x5D, 0xA1, 0x33, 0xFD,
+        0xDE, 0xBD, 0xF2, 0x22, 0x69, 0xEE, 0x1D, 0x46,
+        0x8E, 0x2E, 0xE8, 0x21, 0x62, 0x1D, 0x27, 0x84,
+        0xC4, 0x6D, 0xA8, 0x30, 0x02, 0xA6, 0x26, 0x94,
+        0xFA, 0xB1, 0xEF, 0xEC, 0x3B, 0x8D, 0x6F, 0x1B,
+        0x2C, 0xCE, 0x2A, 0x4E, 0xC4, 0x28, 0x35, 0x4E,
+        0x39, 0xA4, 0xF4, 0x5C, 0x96, 0x65, 0xC1, 0xB8,
+        0x55, 0xA5, 0x09, 0x15, 0xBC, 0x4D, 0x3B, 0xD0,
+        0x1F, 0x7F, 0xBA, 0x90, 0x20, 0xCD, 0xBD, 0xC2,
+        0xC8, 0xE5, 0xC6, 0xB0, 0x6F, 0x14, 0x4E, 0x6B,
+        0xEA, 0x8A, 0x24, 0x44, 0xE1, 0x0A, 0xCD, 0xB2,
+        0x05, 0xF3, 0x15, 0x71, 0x7C, 0x86, 0xFC, 0xF1,
+        0xFD, 0x6B, 0xA6, 0xE3, 0xFC, 0x86, 0xE3, 0xBA,
+        0x56, 0x6B, 0x8F, 0xBE, 0x02, 0x9A, 0x03, 0x0C,
+        0x8C, 0x69, 0xE5, 0x7C, 0x15, 0xAE, 0x13, 0x12,
+        0x25, 0x2B, 0x36, 0xFB, 0x51, 0xA1, 0x61, 0x5E,
+        0x37, 0x46, 0x92, 0x0C, 0x0B, 0x71, 0x5C, 0x1D,
+        0xA4, 0xDB, 0x04, 0xC1, 0x08, 0xED, 0x5C, 0x44,
+        0x80, 0x70, 0xC1, 0x0E, 0x63, 0x6D, 0x92, 0xC2,
+        0x1E, 0x18, 0x8E, 0x71, 0x0E, 0x7C, 0x10, 0x21,
+        0x1E, 0xC2, 0xCF, 0xD6, 0x38, 0x7A, 0x9B, 0x5C,
+        0x9E, 0xE8, 0x82, 0x3D, 0xDD, 0x40, 0x0C, 0x96,
+        0x17, 0xEF, 0xB1, 0x25, 0xBA, 0x84, 0x45, 0x4F,
+        0x64, 0xA6, 0x8E, 0x2B, 0xBA, 0xF1, 0xED, 0xB3,
+        0x4F, 0x92, 0x5F, 0x1A, 0x73, 0x2A, 0x2A, 0x22,
+        0x68, 0x19, 0x4C, 0x8A, 0x87, 0x51, 0x75, 0x78,
+        0xCF, 0x3C, 0xC5, 0x97, 0xFD, 0x77, 0x43, 0xCB,
+        0xAE, 0x3D, 0x9C, 0xB6, 0x45, 0x54, 0x45, 0xF4,
+        0x1B, 0x92, 0xEE, 0xF4, 0x9D, 0xC4, 0x32, 0x10,
+        0x6A, 0x48, 0xAB, 0xE9, 0x47, 0xBF, 0x2B, 0x92,
+        0x49, 0x84, 0x23, 0x52, 0x05, 0xA1, 0x92, 0x3B,
+        0xD7, 0x78, 0x2D, 0x9A, 0x15, 0xB4, 0xD9, 0xD3,
+        0x45, 0xD0, 0x69, 0xF1, 0x38, 0x4D, 0x39, 0xEA,
+        0x49, 0x7E, 0xC0, 0xE7, 0x7A, 0x07, 0x88, 0x1D,
+        0x1F, 0xA3, 0xAC, 0xE9, 0xC3, 0xFD, 0x6B, 0x5D,
+        0xF6, 0xB2, 0xB9, 0xAA, 0x9A, 0xBE, 0xF4, 0x06,
+        0xD9, 0x5E, 0x81, 0xE5, 0x68, 0xDF, 0xEA, 0x20,
+        0x4C, 0xEE, 0xED, 0x42, 0xA4, 0xD3, 0x7B, 0xA8,
+        0x82, 0x98, 0x0D, 0xB4, 0xC8, 0xC3, 0x43, 0x28,
+        0x13, 0xE9, 0x6B, 0x11, 0x0E, 0x54, 0xE6, 0xCD,
+        0x11, 0x0A, 0x01, 0x36, 0x41, 0x78, 0xC5, 0x7D,
+        0x00, 0xC6, 0x8D, 0xE7, 0x7B, 0x4C, 0xE6, 0x35,
+        0x57, 0x8F, 0x56, 0xA9, 0x73, 0x5A, 0xEF, 0x93,
+        0xF0, 0xD8, 0x16, 0xE3, 0x44, 0x8A, 0xA0, 0xA9,
+        0xF1, 0x9C, 0x2E, 0x02, 0xD1, 0x3C, 0x66, 0xDD,
+        0xE5, 0x35, 0xFE, 0x81, 0x77, 0x8D, 0xC2, 0x46,
+        0x64, 0x03, 0x23, 0xCC, 0x37, 0x22, 0x60, 0x68,
+        0xCC, 0x7F, 0x79, 0xE8, 0x6B, 0xD0, 0xEE, 0x1C,
+        0x6A, 0xC3, 0x3C, 0xEB, 0x51, 0x95, 0xFA, 0xE4,
+        0x28, 0x17, 0x94, 0x49, 0x22, 0x69, 0x64, 0x98,
+        0x82, 0x8B, 0x68, 0x9F, 0x69, 0x35, 0xF9, 0xBF,
+        0x33, 0x22, 0xA4, 0x32, 0x0F, 0x4C, 0x26, 0xE4,
+        0x8D, 0xDF, 0xAE, 0xBD, 0xF4, 0x4D, 0x01, 0xAF,
+        0xA1, 0xFA, 0x3E, 0xCE, 0xD3, 0xB0, 0x5D, 0x02,
+        0xDB, 0x3B, 0xB4, 0x23, 0xB8, 0x55, 0x97, 0xB5,
+        0x1F, 0x25, 0x64, 0xA7, 0x5D, 0x4A, 0x8C, 0x90,
+        0xD4, 0xB6, 0x85, 0x20, 0x32, 0x09, 0x37, 0x26,
+        0x00, 0xD5, 0x4D, 0x98, 0x5A, 0xCF, 0x29, 0x3B,
+        0x0E, 0xAF, 0x69, 0x88, 0x78, 0x18, 0xAD, 0xD1,
+        0xE1, 0xB7, 0xC5, 0xD7, 0xB7, 0x5F, 0xFE, 0xB5,
+        0x64, 0xE0, 0x68, 0x0B, 0x4F, 0x46, 0x7B, 0xDE,
+        0x0B, 0x11, 0x7A, 0x42, 0x10, 0x86, 0x09, 0x60,
+        0xB5, 0xE0, 0x22, 0x17, 0x28, 0x68, 0x7A, 0xE9,
+        0xEB, 0xBC, 0x6B, 0xD5, 0x95, 0x4C, 0xE0, 0xAE,
+        0x57, 0xB1, 0x45, 0xFF, 0xC2, 0x7E, 0xB6, 0xA0,
+        0xD3, 0x8E, 0x46, 0x16, 0xCE, 0xBE, 0x76, 0xCE,
+        0x59, 0x5B, 0xA4, 0x96, 0x1E, 0x9F, 0x80, 0xF0,
+        0x06, 0x7E, 0xCD, 0x6E, 0x27, 0xB8, 0x7D, 0x26,
+        0xB6, 0x60, 0xA3, 0xAB, 0x52, 0xC1, 0x37, 0x9A,
+        0xDD, 0x46, 0xF5, 0xB9, 0x39, 0x75, 0xAA, 0x19,
+        0xF3, 0xE4, 0xA8, 0x95, 0x4B, 0x25, 0x3F, 0x0B,
+        0x44, 0x13, 0xF5, 0x82, 0x10, 0x68, 0x03, 0xD5,
+        0x0F, 0x99, 0xB5, 0xB2, 0x8B, 0x85, 0x77, 0x2E,
+        0x78, 0x3E, 0xEE, 0x21, 0x6E, 0xAD, 0x2D, 0xCF,
+        0x95, 0x62, 0x94, 0x1C, 0x50, 0xAB, 0xC5, 0xFA,
+        0x8E, 0x24, 0xB6, 0x14, 0x86, 0x46, 0x8A, 0xAA,
+        0x20, 0xDF, 0x15, 0xD1, 0x72, 0xF6, 0xAC, 0x03,
+        0xAF, 0xDF, 0xCD, 0x53, 0x81, 0xBA, 0xDB, 0x07,
+        0x8B, 0x8E, 0xBB, 0x70, 0x91, 0x57, 0x04, 0xB9,
+        0x88, 0xE5, 0x8F, 0x45, 0xD3, 0xD6, 0x31, 0x12,
+        0xA5, 0xC1, 0x28, 0xC6, 0x49, 0x90, 0x0F, 0x1D,
+        0x69, 0x66, 0xE3, 0x98, 0x56, 0x7D, 0xE3, 0x48,
+        0xAC, 0xC0, 0xDE, 0xE4, 0x2B, 0x88, 0x01, 0x19,
+        0x4E, 0x99, 0xBB, 0x1A, 0xAF, 0x02, 0x5A, 0x91,
+        0xE3, 0x2C, 0xE6, 0x56, 0x4D, 0x05, 0x10, 0xB9,
+        0x10, 0xF2, 0x2A, 0x27, 0xDE, 0xCF, 0x9D, 0x2E
+    };
+    static const byte msg_44[] = {
+        0xB1, 0x34, 0x49, 0x15, 0xCC, 0xD6, 0x93, 0x41,
+        0x6B, 0x37, 0xFE, 0xBD, 0x8D, 0xC7, 0xC7, 0xDB,
+        0x9F, 0x25, 0x3E, 0x9D, 0xF5, 0x3C, 0xEC, 0x51,
+        0x49, 0x23, 0xAA, 0xA2, 0x67, 0x6F, 0xBF, 0xA4,
+        0xCC, 0x04, 0xFC, 0x68, 0xF9, 0xE3, 0x2F, 0x9E,
+        0x86, 0x4C, 0x68, 0x95, 0xDB, 0x37, 0xE9, 0xFF,
+        0xEB, 0x80, 0xF0, 0xF6, 0xB8, 0x6C, 0xB6, 0xAD,
+        0x9C, 0x42, 0xF8, 0xFC, 0x75, 0x19, 0x8D, 0xD3,
+        0xCC, 0xDA, 0xF5, 0x77, 0xC7, 0xB3, 0x5B, 0x8F,
+        0x1B, 0xF6, 0x0A, 0xAB, 0xEA, 0x89, 0x94, 0x42,
+        0x20, 0x1F, 0xBB, 0xF4, 0x42, 0x8C, 0x7E, 0xC1,
+        0x7B, 0xC3, 0x1B, 0x54, 0x72, 0x4B, 0x95, 0x90,
+        0xF7, 0x53, 0x1E, 0x6F, 0x79, 0x0A, 0x1F, 0xA7,
+        0x74, 0x32, 0x83, 0x37, 0x2D, 0x31, 0x71, 0xB8,
+        0x96, 0x6B, 0x47, 0x0A, 0xAA, 0x85, 0x26, 0xEB,
+        0x4A, 0x6E, 0x81, 0xE6, 0x5A, 0xD0, 0xC2, 0x9F,
+        0x2D, 0x37, 0xDD, 0x5B, 0x41, 0x2B, 0xAE, 0x68,
+        0x2A, 0x66, 0x79, 0x68, 0x77, 0xC8, 0x2F, 0xFD,
+        0xA9, 0x76, 0x24, 0x34, 0xEA, 0xC2, 0xC7, 0xD4,
+        0xAF, 0x60, 0x9B, 0x27, 0x72, 0x49, 0x0D, 0xEE,
+        0x9B, 0xFB, 0x00, 0x5D, 0x2F, 0x1A, 0x2E, 0xBB,
+        0xA0, 0x32, 0xCD, 0x71, 0x59, 0xD5, 0x4B, 0xE5,
+        0x96, 0xF3, 0x30, 0x68, 0xBE, 0x5D, 0x9A, 0x2D,
+        0x94, 0x0C, 0x76, 0x70, 0xE6, 0x4E, 0x9A, 0xF7,
+        0xD7, 0xD3, 0x3E, 0xC3, 0xAE, 0xC6, 0xF1, 0xD9,
+        0xDE, 0xE3, 0x92, 0x84, 0xF0, 0x5C, 0xE0, 0x25,
+        0xD1, 0x81, 0x76, 0x0D, 0x40, 0xE5, 0xC2, 0xD9,
+        0xBE, 0xAE, 0x24, 0x20, 0xF4, 0x0D, 0x9F, 0x32,
+        0xB7, 0xBD, 0xCD, 0x3A, 0xFB, 0x1C, 0x66, 0x0D,
+        0x01, 0x71, 0x4D, 0x81, 0x37, 0x58, 0xDB, 0xB8,
+        0x2C, 0x6B, 0x7E, 0x85, 0x80, 0x52, 0xB5, 0xA5,
+        0x0E, 0x39, 0xE0, 0x15, 0xD3, 0xF2, 0x4A, 0x2C,
+        0x64, 0xC9, 0xDD, 0xCC, 0x15, 0x0D, 0x90, 0x4F,
+        0x07, 0xF6, 0x5F, 0xF6, 0x8A, 0xD0, 0x12, 0x9E,
+        0xC3, 0xF8, 0x12, 0x3F, 0x3A, 0x03, 0xFC, 0x95,
+        0x8A, 0xE2, 0x47, 0x8C, 0x6C, 0x6E, 0x03, 0x61,
+        0x67, 0xD8, 0x51, 0x49, 0xF7, 0x9F, 0xB0, 0x3F,
+        0xAA, 0xB9, 0x89, 0x7C, 0xE7, 0x3F, 0x88, 0x55,
+        0xC5, 0x4C, 0x83, 0xD7, 0x53, 0xB1, 0x04, 0xB5,
+        0x13, 0xD5, 0x6B, 0xC6, 0x4C, 0x3B, 0x08, 0x91,
+        0x73, 0x47, 0x35, 0x13, 0x26, 0xD8, 0xEB, 0x47,
+        0xCF, 0x66, 0xF1, 0x3F, 0xB9, 0x0F, 0x6A, 0xF5,
+        0xA8, 0x94, 0xC7, 0x75, 0x00, 0x77, 0xA8, 0x9C,
+        0xEB, 0x77, 0x22, 0xE2, 0xE6, 0x80, 0xA5, 0x9B,
+        0xF8, 0x43, 0x8C, 0x52, 0x35, 0x31, 0xEA, 0x8C,
+        0xC2, 0x83, 0x4F, 0xFC, 0x4E, 0xF0, 0x2D, 0x35,
+        0xB8, 0x51, 0x46, 0xF2, 0xD6, 0x01, 0xD5, 0x00,
+        0x99, 0x6A, 0x44, 0x10, 0x64, 0xAD, 0xCA, 0x1F,
+        0x62, 0x3F, 0x2F, 0xE7, 0x45, 0x22, 0x47, 0xEF,
+        0x86, 0x9D, 0x76, 0xD5, 0x78, 0x42, 0x07, 0x30,
+        0x88, 0x86, 0x90, 0xB1, 0xA0, 0x08, 0xDA, 0x28,
+        0x2A, 0xD1, 0x75, 0x7D, 0x21, 0x71, 0x29, 0x38,
+        0x59, 0xC7, 0x3F, 0x55, 0x20, 0xB5, 0xBB, 0x48,
+        0x03, 0xE7, 0xFA, 0xB0, 0x29, 0x00, 0xD2, 0x0F,
+        0xE7, 0x65, 0x81, 0x8E, 0xE6, 0x24, 0xE7, 0xA1,
+        0x94, 0x50, 0x9D, 0x01, 0x6B, 0x4B, 0xD7, 0x81,
+        0x4E, 0xA0, 0xD5, 0x4A, 0x51, 0xEE, 0x95, 0x0A,
+        0x14, 0x76, 0xD5, 0x87, 0xAA, 0x6F, 0x78, 0xC8,
+        0xD2, 0xE0, 0xC8, 0xF8, 0xF2, 0x78, 0xD8, 0x2E,
+        0x11, 0x90, 0x44, 0xB6, 0xBF, 0xD0, 0xBE, 0xD8,
+        0x6F, 0xA4, 0x20, 0xA2, 0xC8, 0xA4, 0xEF, 0xB0,
+        0x5D, 0x73, 0x06, 0xBE, 0x52, 0xF9, 0x32, 0xD8,
+        0x06, 0x5D, 0xD1, 0x29, 0x23, 0x46, 0x25, 0x6E,
+        0x42, 0x9D, 0xEE, 0x41, 0x9E, 0xF3, 0x7D, 0x1B,
+        0x35, 0x28, 0x81, 0xDC, 0x47, 0x7F, 0x25, 0xA4,
+        0x0A, 0xEB, 0x3E, 0x17, 0xE6, 0x1B, 0xCC, 0x00,
+        0xD2, 0xE2, 0xA9, 0x3D, 0xEC, 0xF3, 0x00, 0xF0,
+        0x81, 0x68, 0x21, 0xED, 0x49, 0xF9, 0x9B, 0x9B,
+        0x8B, 0xED, 0xD9, 0x1E, 0xFA, 0x04, 0xBB, 0xB0,
+        0x9A, 0xBD, 0x1D, 0x24, 0x36, 0xA7, 0xD6, 0x64,
+        0x8A, 0x38, 0x3A, 0x3A, 0x8F, 0x09, 0x08, 0x0E,
+        0x46, 0x7B, 0xE1, 0x03, 0x30, 0xBF, 0x62, 0x27,
+        0x10, 0x74, 0xBE, 0xBD, 0x7F, 0x56, 0x39, 0x0D,
+        0x1D, 0x39, 0x47, 0xF4, 0x02, 0x47, 0x6B, 0x62,
+        0x6B, 0x52, 0xAC, 0xAB, 0x21, 0xAC, 0x10, 0x4A,
+        0xAB, 0x59, 0x75, 0x33, 0x11, 0xD9, 0xE9, 0xE2,
+        0xB2, 0x20, 0x6B, 0xA1, 0x09, 0x42, 0xB6, 0x37,
+        0xE4, 0x5C, 0xE6, 0x9F, 0x54, 0xB4, 0x67, 0xBC,
+        0xAE, 0xF3, 0xDC, 0x1A, 0xA2, 0x15, 0x47, 0x7B,
+        0x15, 0xC8, 0x00, 0x35, 0x8E, 0x1D, 0x69, 0x04,
+        0xD8, 0x9C, 0xA9, 0x6A, 0x03, 0x1A, 0x55, 0x48,
+        0x6C, 0x4F, 0xC1, 0x68, 0x27, 0x26, 0x13, 0xAB,
+        0x8E, 0x03, 0x50, 0x7B, 0xDD, 0xC2, 0x7E, 0x5C,
+        0x8A, 0x6F, 0xBB, 0x5F, 0x8B, 0x22, 0x86, 0xA5,
+        0xC5, 0x0E, 0xC5, 0x68, 0x60, 0xF6, 0xBF, 0xFF,
+        0x6E, 0xBA, 0xDC, 0x21, 0x71, 0xD2, 0xEB, 0xD1,
+        0x27, 0x8C, 0x58, 0x14, 0xC3, 0x2E, 0x13, 0x9E,
+        0x04, 0x09, 0x61, 0xC3, 0x19, 0xC3, 0x03, 0x48,
+        0x70, 0x33, 0x3B, 0x12, 0xF7, 0x3B, 0x38, 0xE7,
+        0x18, 0x14, 0xA9, 0xF1, 0x60, 0x83, 0x65, 0xEB,
+        0x32, 0xD5, 0x23, 0x8F, 0x6B, 0xF7, 0xD8, 0x00,
+        0x21, 0xBD, 0xA3, 0x98, 0xDE, 0xD7, 0x13, 0x17,
+        0xAB, 0x3C, 0xA4, 0xD7, 0xBE, 0x1D, 0xA7, 0x4A,
+        0x1B, 0xC4, 0x0C, 0x9B, 0x2E, 0x34, 0x5B, 0xA7,
+        0xA2, 0x3F, 0x9B, 0x2D, 0xDB, 0xAF, 0x85, 0x14,
+        0x0A, 0xF9, 0x30, 0x9E, 0x86, 0x53, 0xAC, 0x24,
+        0xAF, 0xD8, 0x25, 0xBC, 0x2A, 0x07, 0x2B, 0xCD,
+        0x02, 0xFE, 0x3E, 0xF0, 0x0B, 0xE3, 0xF9, 0x51,
+        0x5C, 0x29, 0xEB, 0x8A, 0xFB, 0xC3, 0xEF, 0xD1,
+        0xF9, 0xCF, 0xDF, 0xE9, 0xEB, 0xA9, 0x49, 0x59,
+        0xB5, 0x17, 0x7E, 0x28, 0x86, 0xB8, 0xD1, 0x8D,
+        0xCA, 0x97, 0xF0, 0xCB, 0x80, 0x7E, 0xE3, 0xEA,
+        0xE3, 0x1B, 0x48, 0xCF, 0xAC, 0x61, 0x3C, 0x2E,
+        0x00, 0xAB, 0x74, 0xFB, 0x95, 0xF6, 0x64, 0xF3,
+        0xCA, 0xBF, 0x6E, 0xEF, 0xCD, 0xDD, 0x6D, 0xA5,
+        0xF8, 0x98, 0xEC, 0x38, 0xF2, 0xF0, 0x7D, 0x6D,
+        0xCB, 0x75, 0xE0, 0x50, 0x9D, 0x13, 0x19, 0x24,
+        0x07, 0x4C, 0x05, 0xF4, 0x5D, 0xCA, 0x25, 0xB7,
+        0xCF, 0xE2, 0xBC, 0xFE, 0xEC, 0xAF, 0x5F, 0xC3,
+        0x6C, 0xE6, 0xE3, 0xC5, 0x85, 0x43, 0x7B, 0x06,
+        0x9F, 0xD2, 0xC6, 0xBB, 0xAD, 0x33, 0xD6, 0x86,
+        0xBD, 0x5B, 0x9E, 0x2C, 0xA0, 0xD9, 0x8B, 0xDC,
+        0x5E, 0x71, 0x7B, 0x6D, 0xF7, 0x1D, 0x40, 0x91,
+        0x30, 0x8E, 0x84, 0x73, 0x9A, 0xD6, 0x7F, 0xA6,
+        0x79, 0xA6, 0xCE, 0xE9, 0xA6, 0x83, 0x28, 0x4B,
+        0x4F, 0xB3, 0x1B, 0x2C, 0x40, 0x8F, 0x52, 0xF0,
+        0x59, 0x7D, 0x9C, 0x04, 0xEA, 0xF4, 0xAC, 0x6D,
+        0xBB, 0x6C, 0x3F, 0xD6, 0x7F, 0x25, 0x39, 0xD8,
+        0x87, 0xDF, 0xBC, 0xF3, 0xCA, 0xE4, 0x59, 0xFA,
+        0x76, 0x66, 0x61, 0xA4, 0x8B, 0xFC, 0xFD, 0x6F,
+        0x64, 0x03, 0x99, 0xD3, 0xAF, 0x07, 0x86, 0x35,
+        0x99, 0x98, 0xCE, 0xFF, 0x7E, 0x9E, 0xB1, 0xB0,
+        0x57, 0xA6, 0x29, 0x3D, 0xFF, 0xB7, 0xF3, 0xF2,
+        0x51, 0x4B, 0x0B, 0x70, 0x29, 0x46, 0x06, 0x8A,
+        0x6B, 0xBD, 0x75, 0x30, 0xD6, 0x91, 0x7F, 0xB1,
+        0x1D, 0xBB, 0xAA, 0xBE, 0xD7, 0xAA, 0x46, 0x81,
+        0xD7, 0x8A, 0xEA, 0x91, 0x86, 0x69, 0x2D, 0xDA,
+        0x34, 0x70, 0x65, 0x2E, 0xB8, 0xA3, 0xF1, 0x44,
+        0x56, 0xA5, 0xAA, 0xC4, 0x20, 0x88, 0x3B, 0x42,
+        0x37, 0xB0, 0xA7, 0x2D, 0x91, 0x27, 0x63, 0xB6,
+        0x7A, 0xC4, 0x13, 0x1A, 0x8A, 0x5D, 0x2F, 0x16,
+        0x82, 0x96, 0xB9, 0x12, 0xD3, 0xB6, 0x61, 0xC4,
+        0xE8, 0x3C, 0xE6, 0x3A, 0x61, 0xC0, 0x45, 0xEB,
+        0xA5, 0x75, 0xEE, 0xB6, 0x7F, 0xB0, 0x70, 0xED,
+        0x82, 0x39, 0xE5, 0x1A, 0x67, 0xD9, 0x80, 0x3C,
+        0xE0, 0x0B, 0x85, 0x66, 0x74, 0xE0, 0xB7, 0x26,
+        0x66, 0x26, 0xDD, 0x02, 0x15, 0xE5, 0xEF, 0x5F,
+        0xDE, 0x7B, 0xF4, 0x0B, 0x99, 0x10, 0x21, 0x08,
+        0xFC, 0x2D, 0xF2, 0x8B, 0xDC, 0xC8, 0xEA, 0xC6,
+        0x3E, 0xFB, 0x20, 0x50, 0x1F, 0x24, 0x66, 0x99,
+        0x80, 0x88, 0xC7, 0xA0, 0xB9, 0x6D, 0x1B, 0x75,
+        0xC4, 0xC2, 0xE2, 0x52, 0xA0, 0xBF, 0x38, 0x01,
+        0x5C, 0xA5, 0x8A, 0xDA, 0x79, 0x38, 0xAE, 0x2E,
+        0xC7, 0x96, 0x6F, 0x30, 0x5B, 0xB4, 0x21, 0xC0,
+        0xCD, 0x95, 0xCA, 0xD2, 0x12, 0x7D, 0xAD, 0x87,
+        0x08, 0x6C, 0xC3, 0x8B, 0xF6, 0xB1, 0x5D, 0xAD,
+        0x2C, 0x7C, 0x04, 0x41, 0xE5, 0x34, 0x2E, 0x4B,
+        0x5A, 0xD9, 0x1E, 0x66, 0xF4, 0x23, 0xE2, 0x88,
+        0x4D, 0xD9, 0x03, 0xFE, 0x6C, 0x64, 0x7D, 0x61,
+        0xE6, 0x70, 0x0E, 0xA8, 0x83, 0x08, 0x07, 0xE6,
+        0xFD, 0x64, 0x54, 0x3E, 0x3C, 0x6E, 0x9A, 0xD1,
+        0x93, 0x37, 0x36, 0x90, 0xDE, 0x94, 0xF7, 0x16,
+        0x15, 0x47, 0x94, 0xFE, 0x97, 0x5B, 0x11, 0x80,
+        0xBA, 0x40, 0xAF, 0x7F, 0x05, 0xC1, 0x82, 0x91,
+        0x69, 0xFD, 0xFB, 0xEC, 0x3A, 0xF7, 0xCF, 0xE1,
+        0xD7, 0x9B, 0x59, 0x7E, 0xE4, 0x38, 0xA2, 0x96,
+        0xEF, 0x14, 0x6A, 0x05, 0x99, 0x71, 0xE3, 0xF9,
+        0x50, 0x8E, 0x35, 0x0B, 0x50, 0x71, 0x6D, 0xEC,
+        0xB5, 0x1B, 0xC8, 0x80, 0x2A, 0xE6, 0x2A, 0x7F,
+        0x4C, 0x2E, 0x6F, 0x7B, 0x54, 0x62, 0x0E, 0xF0,
+        0x4C, 0x00, 0xF0, 0x72, 0xAE, 0x37, 0xAC, 0x32,
+        0x7E, 0x26, 0xD3, 0x65, 0x76, 0x1C, 0x10, 0x46,
+        0x17, 0xAE, 0xE0, 0xF3, 0x28, 0xEE, 0x97, 0xE0,
+        0x86, 0x18, 0x3D, 0x46, 0xA3, 0x62, 0x1F, 0x23,
+        0xF3, 0xAC, 0x27, 0x60, 0xB8, 0x85, 0x9A, 0x96,
+        0x0E, 0xF1, 0x6F, 0xC1, 0xC6, 0xB1, 0x97, 0x8A,
+        0x74, 0x12, 0xDD, 0x73, 0x85, 0x02, 0x9C, 0x73,
+        0x61, 0xA8, 0xF7, 0x49, 0xCE, 0xBA, 0x23, 0xED,
+        0xE7, 0x9A, 0x17, 0x0E, 0xA6, 0x84, 0x59, 0xF5,
+        0x21, 0x66, 0xF5, 0xC5, 0x61, 0xF8, 0x88, 0x7E,
+        0x62, 0x0C, 0x00, 0xC6, 0x4F, 0x06, 0xBD, 0x0A,
+        0xBB, 0xCD, 0xE5, 0x11, 0x7A, 0xBC, 0xFD, 0x03,
+        0xB6, 0xD1, 0xBA, 0x4F, 0x30, 0xFA, 0x96, 0x75,
+        0xD8, 0x2D, 0x7A, 0x43, 0x0D, 0x58, 0x41, 0x46,
+        0xBA, 0x72, 0x06, 0xCB, 0xBD, 0xD9, 0xBE, 0xA1,
+        0xEA, 0x47, 0x08, 0x3D, 0xF9, 0x32, 0x23, 0x9C,
+        0xAA, 0x02, 0x1D, 0xA3, 0x3E, 0x43, 0xF1, 0x68,
+        0xD8, 0xBE, 0x9F, 0x0E, 0xA8, 0xA8, 0x52, 0xC4,
+        0x0A, 0xDE, 0x43, 0x9D, 0x58, 0xA8, 0x05, 0xD4,
+        0x74, 0xF8, 0x93, 0x21, 0x62, 0x6E, 0x33, 0x78,
+        0x3C, 0x23, 0xEB, 0x60, 0x1C, 0x4C, 0x25, 0xFE,
+        0x0F, 0x5E, 0x73, 0xC3, 0xAD, 0x33, 0x9A, 0x7D,
+        0x69, 0x6B, 0xAB, 0x2C, 0xAA, 0x5F, 0xBF, 0x96,
+        0x62, 0x3A, 0xF0, 0x63, 0x41, 0x00, 0xC7, 0x4C,
+        0x81, 0x4D, 0x42, 0x43, 0x25, 0xBC, 0x30, 0xB6,
+        0x0B, 0xEE, 0xFC, 0x18, 0x3E, 0x68, 0x0E, 0x64,
+        0x5C, 0xD4, 0x22, 0x2A, 0xBA, 0xB5, 0xC6, 0x7E,
+        0x67, 0x11, 0x1C, 0x4C, 0x03, 0x30, 0xEC, 0x0C,
+        0x77, 0xB2, 0x2B, 0xBC, 0x98, 0xF7, 0x52, 0x8C,
+        0x95, 0x66, 0xE1, 0x71, 0xDD, 0x26, 0xA7, 0x7F,
+        0x87, 0xF3, 0x94, 0x2E, 0x0D, 0x3E, 0xFE, 0xAD,
+        0x0A, 0xDA, 0x3B, 0x77, 0x49, 0xC5, 0x1D, 0xED,
+        0x5F, 0xDA, 0x3F, 0xE6, 0xE7, 0x96, 0x58, 0xF1,
+        0x02, 0x30, 0x68, 0xB9, 0x62, 0xD0, 0x58, 0xA2,
+        0x89, 0x65, 0x12, 0x20, 0x1E, 0x4C, 0xE7, 0xB6,
+        0x98, 0x12, 0x52, 0xF0, 0xE8, 0x55, 0xBC, 0xFE,
+        0x1F, 0x44, 0x42, 0x36, 0xC9, 0x30, 0xE4, 0x9A,
+        0x13, 0xB3, 0x7A, 0xF4, 0xF5, 0x97, 0xC0, 0x5D,
+        0xCA, 0x23, 0xCC, 0x05, 0xC4, 0x3C, 0x32, 0xA2,
+        0x11, 0x08, 0x17, 0xCB, 0x30, 0x6B, 0xA4, 0x7D,
+        0x24, 0x5E, 0x50, 0x22, 0x2E, 0x23, 0xC6, 0x55,
+        0x6B, 0xD7, 0x5D, 0x50, 0xEE, 0xF8, 0xBE, 0xB0,
+        0xDE, 0x83, 0x5C, 0x8D, 0xD2, 0xE1, 0x5C, 0x70,
+        0x66, 0x70, 0x59, 0x8F, 0x86, 0x50, 0x71, 0x71,
+        0x04, 0x69, 0xEC, 0xB3, 0x47, 0x9E, 0xE0, 0x26,
+        0xB1, 0x9F, 0xE6, 0x21, 0xAC, 0x99, 0x12, 0x6B,
+        0x97, 0x9E, 0x1B, 0xA1, 0xDD, 0xA8, 0xE6, 0x11,
+        0x12, 0x97, 0xC1, 0x0E, 0x4A, 0x77, 0xF5, 0x52,
+        0xF8, 0x09, 0xE9, 0x01, 0x63, 0x56, 0x4E, 0xFA,
+        0x24, 0x39, 0x36, 0xB9, 0xF2, 0x6E, 0x07, 0x28,
+        0x7F, 0xA4, 0x07, 0x7C, 0xA2, 0x69, 0x7B, 0xED,
+        0x6A, 0x4F, 0x0A, 0x95, 0x99, 0x05, 0x60, 0xE7,
+        0x58, 0xD9, 0x90, 0xB4, 0xC1, 0x92, 0x0F, 0x9E,
+        0x1A, 0xBE, 0x0B, 0x58, 0x96, 0x50, 0x61, 0x1C,
+        0x2D, 0x5A, 0x13, 0xAA, 0x5F, 0x4E, 0x2B, 0x88,
+        0xBE, 0xAB, 0x93, 0x72, 0xF4, 0x68, 0xB8, 0x30,
+        0x91, 0xCD, 0x0A, 0x53, 0x8A, 0x35, 0x82, 0x93,
+        0x4F, 0x66, 0xCA, 0xCD, 0xF2, 0x39, 0x98, 0xFE,
+        0xC2, 0xFE, 0xFE, 0x51, 0x35, 0xF1, 0xB5, 0x62,
+        0x2D, 0x1A, 0xE9, 0x43, 0x25, 0x5E, 0x05, 0xE4,
+        0x8B, 0xFE, 0x91, 0x2F, 0x4F, 0x24, 0x1B, 0x2B,
+        0xAC, 0x49, 0x9C, 0x14, 0xB0, 0x58, 0xA3, 0xA8,
+        0xEE, 0xB9, 0xD1, 0xFA, 0x4D, 0x44, 0x2E, 0x23,
+        0xFC, 0x59, 0x77, 0xA5, 0x60, 0x2E, 0xDC, 0xEB,
+        0x7B, 0x7B, 0x26, 0x95, 0xE1, 0x87, 0xB7, 0x94,
+        0xF8, 0x4B, 0x96, 0x63, 0x15, 0xB1, 0xBB, 0xA5,
+        0xC0, 0x4A, 0x72, 0x02, 0x4A, 0x80, 0x5F, 0xB1,
+        0x94, 0x73, 0xB7, 0x06, 0xB8, 0x13, 0x76, 0x42,
+        0xAD, 0xB1, 0xC6, 0x6C, 0xFD, 0x64, 0xF2, 0x60,
+        0xBB, 0x1B, 0x7A, 0xAD, 0xF6, 0xC2, 0x96, 0xB3,
+        0x5F, 0x30, 0xB9, 0xD7, 0x70, 0x8A, 0x9D, 0x41,
+        0xE7, 0x23, 0xFA, 0xD4, 0xE8, 0x72, 0xAF, 0x73,
+        0xF8, 0x8C, 0x26, 0xAB, 0x65, 0x1B, 0xD5, 0x7A,
+        0x21, 0xE2, 0x8C, 0xE8, 0xC2, 0x47, 0xD5, 0x8E,
+        0x47, 0x9F, 0x79, 0x68, 0x87, 0x6F, 0xCE, 0xD3,
+        0x5D, 0x2B, 0x87, 0xD2, 0xDF, 0x14, 0x43, 0x47,
+        0x03, 0x3D, 0xF4, 0xCB, 0x50, 0xDE, 0x52, 0xD8,
+        0x98, 0x41, 0x46, 0x3F, 0x5D, 0xFB, 0x6D, 0x6F,
+        0xF6, 0xD9, 0xE8, 0x2B, 0xBA, 0xB3, 0xB1, 0xEC,
+        0x58, 0x77, 0x8A, 0xB8, 0xF3, 0x6D, 0xBC, 0x68,
+        0x22, 0xEA, 0xE3, 0x2F, 0xB6, 0xCB, 0x67, 0x30,
+        0xCB, 0x33, 0x1C, 0x39, 0x5C, 0x27, 0x4A, 0xE7,
+        0xE3, 0x7B, 0x40, 0x9B, 0x7C, 0x66, 0x32, 0xE7,
+        0x6D, 0xAA, 0x97, 0xB8, 0x0F, 0x1E, 0x0C, 0xB4,
+        0x7A, 0xA3, 0x66, 0xA8, 0xE3, 0x50, 0xEA, 0x36,
+        0x74, 0x65, 0x92, 0xEC, 0x9B, 0x1E, 0x97, 0xF0,
+        0x2F, 0x99, 0xD6, 0x00, 0x21, 0x37, 0x0B, 0x89,
+        0x93, 0xC6, 0x80, 0xA1, 0x02, 0xDC, 0x96, 0x5D,
+        0x20, 0xB7, 0x57, 0xF4, 0x17, 0x7A, 0x81, 0xBA,
+        0x7B, 0x61, 0xD2, 0x88, 0xEF, 0xC5, 0xAD, 0xED,
+        0x4C, 0x9A, 0x94, 0xA5, 0x7B, 0x2C, 0x6B, 0xD2,
+        0x97, 0x7E, 0x23, 0x64, 0x0A, 0x66, 0x98, 0x47,
+        0xEE, 0x81, 0xB1, 0x49, 0x0B, 0xE3, 0x8A, 0xC4,
+        0x3E, 0x52, 0x2C, 0x8D, 0x09, 0xA2, 0x07, 0xB6,
+        0x2A, 0x8B, 0x07, 0x9A, 0x24, 0x84, 0xDE, 0xD1,
+        0x00, 0x63, 0xD7, 0xA1, 0x3F, 0xBF, 0x0C, 0xA8,
+        0xEE, 0xDC, 0x2B, 0xF6, 0x7B, 0xD8, 0x78, 0x53,
+        0x35, 0xB8, 0x29, 0x5A, 0xFE, 0x6B, 0x35, 0x6E,
+        0x20, 0x62, 0x24, 0x17, 0x0E, 0x87, 0x23, 0x1A,
+        0x77, 0x2D, 0x21, 0x84, 0x37, 0xBF, 0x7D, 0x68,
+        0xAC, 0x2A, 0xF9, 0x3F, 0x11, 0x27, 0x18, 0x4F,
+        0xA2, 0x15, 0x21, 0x47, 0x9E, 0x56, 0xFF, 0x22,
+        0xE8, 0x0F, 0x61, 0xBC, 0x28, 0xB8, 0xD2, 0xE7,
+        0x1B, 0x3D, 0x1D, 0x94, 0x28, 0x1B, 0x69, 0x56,
+        0x00, 0xC8, 0xB0, 0xFD, 0x8E, 0x1D, 0x7E, 0x81,
+        0x1F, 0x4C, 0xCF, 0xE1, 0x6E, 0x3F, 0x57, 0x95,
+        0xC2, 0x4A, 0xA0, 0xA0, 0x16, 0x7E, 0x30, 0x5C,
+        0x28, 0x87, 0x5C, 0x8F, 0xA9, 0x38, 0x9B, 0x72,
+        0xF7, 0x90, 0x86, 0xF6, 0xEC, 0xC1, 0x6C, 0x88,
+        0xB0, 0x78, 0x3A, 0x58, 0x15, 0xFB, 0x6F, 0x77,
+        0xCD, 0xC7, 0xCC, 0xC3, 0x8D, 0x60, 0xE7, 0x87,
+        0xBE, 0x9C, 0xBF, 0xFA, 0xA6, 0x2E, 0xF9, 0x59,
+        0xA5, 0xE5, 0xDC, 0xDE, 0xB6, 0x25, 0x5C, 0x8E,
+        0x0D, 0x2E, 0x01, 0xFE, 0x05, 0xEF, 0xF9, 0xE7,
+        0x81, 0x02, 0xBE, 0xA2, 0x91, 0x40, 0x57, 0xD3,
+        0x6E, 0x3D, 0x1B, 0x48, 0x50, 0x7A, 0xB6, 0xB1,
+        0x76, 0x40, 0x47, 0x0F, 0xE3, 0xF1, 0x7A, 0x8B,
+        0x6A, 0x5E, 0x04, 0xE5, 0x34, 0x56, 0xC5, 0xD9,
+        0xE5, 0x0F, 0x74, 0x5D, 0xE0, 0x6F, 0x9A, 0xED,
+        0xF4, 0xBF, 0xCF, 0x31, 0xB0, 0xC6, 0xED, 0x12,
+        0x13, 0x36, 0x54, 0xCB, 0xC8, 0xDE, 0xF7, 0xF6,
+        0x60, 0x9E, 0x12, 0x2C, 0x2E, 0x4C, 0x93, 0x3E,
+        0x6F, 0xCB, 0x0F, 0x3D, 0x8C, 0xCA, 0xE8, 0xCA,
+        0x0B, 0x10, 0xED, 0xDA, 0xE8, 0xDB, 0x29, 0x7C,
+        0x8B, 0x32, 0x31, 0xC8, 0x94, 0x34, 0xA5, 0xF5,
+        0x4D, 0x01, 0x28, 0xC8, 0x3A, 0xA6, 0xFD, 0xE2,
+        0x9A, 0xB7, 0x0C, 0xDA, 0x43, 0x78, 0x45, 0x45,
+        0xFE, 0xE9, 0xFF, 0x6E, 0xD4, 0x44, 0xF8, 0x88,
+        0x66, 0x4D, 0xD2, 0x2B, 0x2E, 0x2D, 0xF5, 0x7C,
+        0xA6, 0x53, 0xB6, 0xD2, 0x10, 0xE6, 0xB4, 0x0B,
+        0x7F, 0xC2, 0x1F, 0xE0, 0x63, 0x90, 0xCA, 0x5D,
+        0x5E, 0x60, 0xF5, 0x8A, 0xB1, 0x4C, 0x49, 0x03,
+        0xD4, 0x38, 0xAE, 0xEF, 0xB1, 0x7C, 0xA4, 0xB9,
+        0x98, 0x70, 0x6A, 0x0E, 0xD6, 0xA4, 0xA6, 0xF4,
+        0x74, 0xB1, 0xBA, 0x1D, 0x48, 0xCC, 0xC1, 0x14,
+        0x3C, 0x84, 0xA8, 0xD2, 0xE7, 0x8D, 0xEC, 0x11,
+        0x61, 0x8C, 0x76, 0xB6, 0xDA, 0x28, 0xBC, 0x39,
+        0xDF, 0x68, 0xAD, 0x24, 0xA4, 0x07, 0xE1, 0x07,
+        0x33, 0xDD, 0x18, 0x9D, 0x5D, 0xAA, 0x90, 0x4B,
+        0xEF, 0x88, 0x18, 0x6E, 0xB6, 0x83, 0x21, 0x45,
+        0x94, 0x0F, 0x15, 0xB8, 0xAC, 0xD9, 0xD1, 0x8D,
+        0x4F, 0x17, 0xC8, 0xD9, 0x17, 0xB0, 0x9D, 0x54,
+        0xF2, 0x5F, 0x56, 0x09, 0xD3, 0x80, 0x20, 0x77,
+        0x44, 0x23, 0x90, 0xAB, 0xB6, 0x0B, 0x51, 0xA7,
+        0x41, 0xC5, 0xD4, 0x42, 0x5B, 0xD4, 0x67, 0x89,
+        0xE6, 0xEC, 0x1E, 0x7D, 0x22, 0xD5, 0x6E, 0x7F,
+        0x34, 0xCE, 0x7A, 0x07, 0x2B, 0x63, 0x0A, 0x69,
+        0x51, 0x71, 0x8C, 0x13, 0x63, 0xB8, 0x79, 0x6D,
+        0x94, 0xEA, 0xAF, 0x86, 0x30, 0xD2, 0x22, 0x6C,
+        0x67, 0x82, 0x6C, 0xDE, 0xEA, 0x71, 0xE8, 0xD1,
+        0x36, 0xF3, 0x64, 0x2F, 0x79, 0xE6, 0x92, 0xF0,
+        0x4B, 0x05, 0x14, 0x7E, 0x40, 0xCE, 0x0C, 0x53,
+        0xCA, 0x08, 0xEF, 0x0A, 0xA6, 0xA5, 0x73, 0x99,
+        0xFD, 0xF3, 0xED, 0xBD, 0x54, 0x56, 0x6E, 0x66,
+        0xEF, 0xCC, 0xE1, 0x6F, 0x0C, 0x44, 0x76, 0x84,
+        0xF5, 0x55, 0x2B, 0xA3, 0x6B, 0x20, 0x60, 0x54,
+        0x3F, 0xC1, 0x35, 0x58, 0xD8, 0xD8, 0x9E, 0x18,
+        0x63, 0x70, 0x73, 0xEF, 0x6A, 0x87, 0x46, 0x77,
+        0xA9, 0x7F, 0x9F, 0xA0, 0x23, 0x4B, 0x14, 0x00,
+        0x61, 0xC7, 0xE3, 0x44, 0xBE, 0xD6, 0x09, 0x71,
+        0xE3, 0x58, 0x44, 0x9A, 0xCD, 0x17, 0xE5, 0x8E,
+        0x6D, 0x05, 0xBB, 0x21, 0x44, 0xD7, 0x4B, 0xD8,
+        0x9A, 0xE9, 0x7A, 0x75, 0x91, 0x43, 0xAD, 0x84,
+        0x5B, 0x02, 0x70, 0xBE, 0x67, 0x0B, 0x1E, 0x1E,
+        0x92, 0xB8, 0xC7, 0xB6, 0x5F, 0xE1, 0x60, 0x23,
+        0xF5, 0x30, 0xE4, 0xD0, 0xCF, 0x70, 0x03, 0xD1,
+        0x85, 0x4A, 0x50, 0xDC, 0xF4, 0x9C, 0x29, 0xAB,
+        0x0E, 0xA4, 0x7B, 0x2E, 0x3B, 0xDB, 0xBF, 0x52,
+        0xD5, 0x8A, 0x91, 0x47, 0xA9, 0xD1, 0x23, 0xEB,
+        0xC5, 0x6F, 0x11, 0xBB, 0xEE, 0xBB, 0x29, 0xD7,
+        0x31, 0xAB, 0x99, 0x27, 0x5E, 0xF3, 0xA9, 0x23,
+        0xFF, 0x70, 0x87, 0x83, 0xCC, 0x26, 0x92, 0x06,
+        0xEC, 0xD3, 0x8C, 0xF9, 0x47, 0x34, 0x7D, 0x1E,
+        0x71, 0xAF, 0xCF, 0x9D, 0xBF, 0x29, 0x1B, 0x95,
+        0x27, 0x48, 0x55, 0xCE, 0xE2, 0xAC, 0x25, 0x61,
+        0x83, 0xD9, 0x7B, 0x26, 0xEF, 0x94, 0x9A, 0x95,
+        0x0C, 0xD1, 0xE4, 0x0A, 0x51, 0x50, 0x1F, 0x86,
+        0x7A, 0x7B, 0xD3, 0x83, 0x55, 0x2D, 0xFC, 0x7B,
+        0x97, 0x77, 0x17, 0x67, 0xBB, 0x9F, 0xD7, 0xD1,
+        0xDD, 0xDD, 0x49, 0x67, 0xBB, 0xF7, 0x9A, 0x45,
+        0x33, 0x24, 0xCA, 0xBC, 0xA5, 0xB2, 0x0D, 0x3F,
+        0xB0, 0x10, 0x6D, 0xB9, 0x7D, 0x03, 0x3F, 0xCD,
+        0x40, 0x37, 0x1E, 0x8A, 0xDA, 0xCD, 0xBA, 0xD7,
+        0x8D, 0x89, 0xBD, 0x5E, 0x90, 0xCF, 0x97, 0xE8,
+        0x35, 0x51, 0x87, 0x94, 0xFA, 0x3D, 0xB2, 0xB5,
+        0x01, 0xF2, 0x35, 0x75, 0x77, 0x65, 0x5B, 0x9A,
+        0x3C, 0xDA, 0x36, 0x52, 0xDF, 0xCF, 0x96, 0xBA,
+        0xB9, 0xC5, 0xF9, 0x57, 0x67, 0x0E, 0x32, 0xE5,
+        0x86, 0xE5, 0x1F, 0xD8, 0x9D, 0x7B, 0xA8, 0x76,
+        0x89, 0xFD, 0x59, 0x70, 0x88, 0x73, 0x9D, 0x87,
+        0xE1, 0x24, 0x6D, 0xC2, 0xB5, 0x1E, 0xCD, 0x54,
+        0x29, 0x25, 0x10, 0xA3, 0xB4, 0x3C, 0xB2, 0x5A,
+        0x62, 0xBD, 0xE9, 0x14, 0xEC, 0x3C, 0xBF, 0xA9,
+        0x9D, 0xEC, 0x70, 0xAC, 0x23, 0xC0, 0xDF, 0xC9,
+        0x69, 0xAD, 0x94, 0x1A, 0x69, 0x94, 0xA3, 0x70,
+        0xF9, 0x0B, 0x15, 0x5D, 0x25, 0x45, 0x63, 0xFA,
+        0xAA, 0x7D, 0x30, 0x67, 0x3C, 0x06, 0x34, 0x75,
+        0x3F, 0xD6, 0x57, 0x58, 0x8E, 0xC6, 0x60, 0x3F,
+        0x82, 0x35, 0xE9, 0x17, 0x36, 0x5D, 0xD8, 0x93,
+        0x25, 0x25, 0x1B, 0x21, 0xB2, 0xFF, 0x80, 0xF5,
+        0x44, 0xFE, 0x73, 0x84, 0xFF, 0x62, 0xFE, 0x52,
+        0xC4, 0xCA, 0x77, 0x41, 0x28, 0xC8, 0x95, 0x15,
+        0x2C, 0xC7, 0x5C, 0xA6, 0x3B, 0xA8, 0xF8, 0x1E,
+        0x01, 0x30, 0xC9, 0x3B, 0x59, 0xF9, 0x40, 0xB7,
+        0x18, 0x80, 0x21, 0x24, 0xDB, 0x8D, 0x07, 0xDF,
+        0xDC, 0x24, 0xBF, 0x2F, 0x7B, 0xD9, 0xC4, 0xEF,
+        0x61, 0x74, 0x1A, 0xF2, 0xB6, 0x98, 0x75, 0x66,
+        0x22, 0x4F, 0x11, 0x06, 0x41, 0xDB, 0x77, 0x83,
+        0xFA, 0xF3, 0x1B, 0xEC, 0xB8, 0xF7, 0x89, 0x47,
+        0xBA, 0x12, 0x3F, 0xB0, 0x0E, 0x1B, 0x6D, 0x13,
+        0x36, 0x0B, 0x16, 0xD0, 0x7C, 0x3A, 0xAA, 0x33,
+        0x6D, 0xDA, 0x1B, 0x65, 0xD4, 0xC2, 0xF2, 0x1B,
+        0xD5, 0xCD, 0x4B, 0xE9, 0xED, 0xFA, 0xFA, 0x78,
+        0x45, 0x97, 0x2D, 0x60, 0xCC, 0xE3, 0x40, 0x3E,
+        0xB5, 0xE5, 0xC8, 0x33, 0xF6, 0x4C, 0x51, 0x45,
+        0xDC, 0x08, 0xE7, 0xB3, 0x6F, 0xCF, 0xDE, 0xE8,
+        0x73, 0x0B, 0x94, 0x4F, 0x5A, 0x23, 0xF9, 0xFF,
+        0x3F, 0x0D, 0x1D, 0xCE, 0x80, 0x86, 0x3B, 0x55,
+        0x8D, 0x8A, 0x35, 0xB2, 0xAA, 0x65, 0x27, 0x69,
+        0x1D, 0xA5, 0x0C, 0xE6, 0xFA, 0x39, 0x85, 0x62,
+        0x65, 0xAD, 0xE6, 0x08, 0x38, 0xCE, 0xC9, 0xEA,
+        0x98, 0x73, 0x99, 0x1D, 0xB5, 0x6F, 0xEA, 0xE8,
+        0xEE, 0xE2, 0xEC, 0xF4, 0x32, 0x44, 0x96, 0x5A,
+        0x13, 0xCC, 0x1D, 0x23, 0x0E, 0x91, 0x72, 0xD8,
+        0x2A, 0xD2, 0x3D, 0x6A, 0x6E, 0x2A, 0x37, 0x7A,
+        0x7F, 0x67, 0xF6, 0x40, 0xBF, 0x3A, 0x36, 0x3B,
+        0xC8, 0x1A, 0x78, 0x6D, 0x12, 0xB0, 0x35, 0xA3,
+        0x18, 0x55, 0x33, 0x70, 0x48, 0x48, 0x52, 0x8F,
+        0xB4, 0x59, 0x58, 0xEB, 0xAA, 0xB3, 0x03, 0x67,
+        0x4F, 0xFF, 0xA5, 0x68, 0xE7, 0xAE, 0xAF, 0x46,
+        0x3D, 0x66, 0x6B, 0x60, 0x21, 0x26, 0x31, 0x83,
+        0xBE, 0xE8, 0x1E, 0x72, 0x92, 0x87, 0x79, 0x24,
+        0xCF, 0xDE, 0xEF, 0x6F, 0x81, 0x73, 0xA1, 0x34,
+        0x7B, 0x99, 0x94, 0x43, 0x33, 0xF4, 0x8B, 0x36,
+        0xC8, 0xC5, 0xF8, 0xC1, 0x6D, 0x22, 0x6D, 0xA3,
+        0xC9, 0xDA, 0x5F, 0x4C, 0xE7, 0x7F, 0x00, 0xE4,
+        0x42, 0xD8, 0x5C, 0x73, 0xE5, 0x78, 0x0C, 0x36,
+        0x28, 0xD9, 0x83, 0x8F, 0xCA, 0xFA, 0x5D, 0x1D,
+        0x34, 0x05, 0xF1, 0x93, 0x6C, 0xBC, 0xFD, 0x2C,
+        0x52, 0xD4, 0xE8, 0x8D, 0xA9, 0xC9, 0x0D, 0xFF,
+        0x28, 0x5E, 0x3E, 0x91, 0x12, 0xC0, 0x3C, 0xBA,
+        0x58, 0x64, 0x7E, 0x6B, 0x4E, 0xC0, 0x77, 0xB1,
+        0x67, 0x08, 0x16, 0xF5, 0x7E, 0x29, 0x42, 0x81,
+        0x6A, 0x6F, 0x34, 0x21, 0x32, 0x64, 0x9A, 0xA6,
+        0x44, 0xD1, 0x4F, 0x41, 0xAB, 0xC5, 0x26, 0x4A,
+        0xFA, 0x70, 0xBC, 0xAE, 0x3D, 0x67, 0x9B, 0x86,
+        0xF5, 0x1A, 0xF2, 0x44, 0x70, 0x52, 0xD0, 0x78,
+        0xA0, 0xEA, 0x56, 0x39, 0x0B, 0x37, 0x2A, 0x15,
+        0x13, 0xBC, 0xD2, 0xEA, 0x46, 0x6D, 0xCB, 0x5A,
+        0x4D, 0x86, 0x47, 0x4F, 0xA1, 0xE2, 0x6B, 0xC0,
+        0xA8, 0x3F, 0x58, 0x5C, 0x79, 0xAD, 0x62, 0x17,
+        0xBC, 0x96, 0xAF, 0x77, 0x1F, 0x74, 0xD1, 0x42,
+        0xBF, 0x5E, 0x91, 0xA9, 0x28, 0x44, 0xC5, 0x4E,
+        0x76, 0x6B, 0xF2, 0xD3, 0x69, 0x8C, 0x0E, 0x4F,
+        0x61, 0x76, 0xAD, 0xDC, 0x79, 0xE9, 0x74, 0xA4,
+        0x66, 0xFB, 0x2E, 0x0C, 0xBB, 0x42, 0xC5, 0x3F,
+        0x59, 0xB0, 0xDC, 0xB0, 0x32, 0xCD, 0x37, 0x56,
+        0x1B, 0xD2, 0x46, 0xED, 0x52, 0xC8, 0x12, 0xEA,
+        0xA3, 0x6B, 0xB9, 0xE5, 0xB3, 0x2A, 0xF3, 0x9B,
+        0x0F, 0xC3, 0x77, 0x5F, 0x9A, 0xE1, 0x20, 0xBC,
+        0x59, 0x44, 0x9B, 0x7B, 0x77, 0xB1, 0xBA, 0x1A,
+        0x5B, 0x60, 0x06, 0x6C, 0x85, 0x83, 0x68, 0xDD,
+        0x5A, 0xC8, 0xEE, 0xDC, 0xFE, 0x1F, 0x83, 0xF5,
+        0x2C, 0x53, 0x62, 0xED, 0xE8, 0x93, 0xB7, 0x22,
+        0x3E, 0xCB, 0x70, 0xBA, 0xA6, 0x6D, 0xB2, 0x91,
+        0x47, 0xB8, 0x04, 0x37, 0x20, 0x1F, 0xEF, 0x71,
+        0xB0, 0x5F, 0xF2, 0x51, 0x03, 0x5F, 0x88, 0xCA,
+        0xFF, 0x42, 0xE8, 0x2A, 0x43, 0x02, 0xD3, 0x60,
+        0x98, 0x26, 0x8B, 0x74, 0xF4, 0x18, 0x3D, 0x4D,
+        0x19, 0xF1, 0x3B, 0x87, 0xE9, 0x83, 0x37, 0x15,
+        0x7D, 0xA5, 0xEF, 0xBB, 0xF3, 0x4F, 0x48, 0xCA,
+        0x40, 0x65, 0xD3, 0xE3, 0xBA, 0xCC, 0x83, 0x83,
+        0x3F, 0xEE, 0xBA, 0x57, 0x34, 0x6D, 0x16, 0x9F,
+        0x1B, 0xE6, 0xA0, 0x4C, 0x29, 0xC8, 0x2F, 0xD2,
+        0x25, 0xA3, 0xF7, 0xC6, 0x85, 0x12, 0x4F, 0x53,
+        0x7E, 0xC0, 0xE1, 0x0A, 0xB8, 0x58, 0x34, 0xBA,
+        0x3E, 0x65, 0x4F, 0x19, 0x55, 0x5C, 0xB9, 0x74,
+        0x6B, 0x74, 0xCE, 0x43, 0xA2, 0xC7, 0x8B, 0x21,
+        0x70, 0x8C, 0x3B, 0xEF, 0x87, 0xC1, 0xE8, 0x8F,
+        0x08, 0x10, 0xB4, 0xED, 0xE1, 0x81, 0x14, 0xE9,
+        0x2A, 0x43, 0x13, 0xB4, 0xEA, 0xA0, 0x5F, 0x60,
+        0x93, 0x7E, 0x87, 0x6D, 0xA2, 0x57, 0x63, 0x32,
+        0xAE, 0xC3, 0x8C, 0xCD, 0x42, 0x5E, 0xFD, 0x51,
+        0x1A, 0x39, 0xB9, 0xB4, 0xBD, 0x4C, 0xF3, 0xF2,
+        0xE2, 0x70, 0x9A, 0x05, 0xF9, 0x39, 0xE5, 0xFC,
+        0x59, 0x7D, 0x4E, 0x85, 0x12, 0x02, 0xC9, 0xC2,
+        0xC5, 0x71, 0x3A, 0xD5, 0x73, 0xF7, 0x5A, 0xC5,
+        0x49, 0x0D, 0xEE, 0xCF, 0x9D, 0xB8, 0xDE, 0xE2,
+        0x03, 0x99, 0x70, 0x6B, 0x19, 0x29, 0xA4, 0xE8,
+        0x99, 0x00, 0xC4, 0x9C, 0x24, 0x46, 0x5E, 0x08,
+        0x09, 0x56, 0x6D, 0x9C, 0x2E, 0xF7, 0x8C, 0x52,
+        0xDB, 0xB4, 0x2F, 0x9E, 0x22, 0x7E, 0xFD, 0x1E,
+        0x1A, 0x72, 0xCB, 0x71, 0x0B, 0xD2, 0x19, 0x33,
+        0x0E, 0x69, 0xCC, 0x00, 0x49, 0x36, 0x79, 0x78,
+        0xAB, 0x11, 0x4D, 0x9A, 0xD7, 0xF9, 0x55, 0xCF,
+        0x0B, 0x7B, 0x3D, 0x32, 0x5C, 0xB3, 0x51, 0x65,
+        0x00, 0x0E, 0xD2, 0x9D, 0xBE, 0x0A, 0x19, 0x56,
+        0xF1, 0x45, 0x95, 0x83, 0xC6, 0x97, 0xCD, 0x19,
+        0xE7, 0x8B, 0x51, 0x74, 0xE4, 0xFD, 0x2C, 0xEC,
+        0x10, 0x8A, 0x7C, 0x24, 0x28, 0x0A, 0x78, 0xA3,
+        0xEC, 0x93, 0x97, 0x16, 0x4F, 0x60, 0x03, 0xFD,
+        0x85, 0x31, 0x98, 0x04, 0xE5, 0x65, 0x5A, 0x87,
+        0x9F, 0x66, 0x3D, 0xD4, 0x56, 0x3E, 0xF9, 0x98,
+        0x25, 0x21, 0xFE, 0xC2, 0x07, 0x9E, 0x88, 0x89,
+        0x49, 0x7B, 0xE9, 0x20, 0x1F, 0x6D, 0x7F, 0x24,
+        0x60, 0xA8, 0xB2, 0xDD, 0x96, 0x51, 0x0E, 0x0E,
+        0x4C, 0x83, 0xC3, 0xB1, 0x93, 0xC1, 0x1F, 0xD6,
+        0xB4, 0xB6, 0x84, 0xCE, 0x85, 0x63, 0xA5, 0x38,
+        0x0F, 0x2E, 0x55, 0xF4, 0x74, 0xA6, 0x0B, 0x63,
+        0x17, 0xD0, 0x96, 0x76, 0x15, 0xAD, 0x4F, 0xA9,
+        0xF0, 0x83, 0x25, 0xAD, 0xD7, 0x97, 0xB7, 0x9E,
+        0x6F, 0x5D, 0xC7, 0x2A, 0xD1, 0x97, 0xF5, 0xF6,
+        0x1E, 0xC8, 0x8B, 0xE5, 0xFB, 0xFF, 0x92, 0x72,
+        0x31, 0x9A, 0x49, 0x4B, 0x60, 0x8F, 0x34, 0x7C,
+        0xE1, 0x55, 0x66, 0x7A, 0x59, 0xC3, 0x00, 0x9A,
+        0x14, 0x50, 0xF3, 0x06, 0x19, 0x3C, 0xFE, 0x61,
+        0x1C, 0xF7, 0x05, 0x49, 0x2A, 0x30, 0xFF, 0x56,
+        0xFE, 0x7F, 0x71, 0xD7, 0x32, 0xCC, 0xEF, 0x63,
+        0x64, 0xE1, 0x66, 0xCF, 0xF8, 0x12, 0xED, 0x23,
+        0x11, 0xB5, 0x16, 0xFA, 0x56, 0x90, 0xF2, 0xA2,
+        0x72, 0x7B, 0x18, 0x50, 0xF2, 0x98, 0x5D, 0x48,
+        0x25, 0x5E, 0x8C, 0x47, 0xE7, 0x11, 0x50, 0x2A,
+        0x4B, 0x4A, 0x97, 0x0B, 0xDF, 0x70, 0xDC, 0x34,
+        0x47, 0xF8, 0xE2, 0x88, 0x78, 0x24, 0xB5, 0x8A,
+        0xC7, 0x58, 0xE8, 0x83, 0xF7, 0x3B, 0xAD, 0xFC,
+        0xED, 0x46, 0x40, 0xD5, 0x46, 0x35, 0x1B, 0xF3,
+        0x3E, 0x8F, 0x1E, 0x0B, 0x1B, 0xB9, 0xFB, 0x5A,
+        0xFF, 0x0F, 0x8B, 0xA0, 0x95, 0x4A, 0x8E, 0x65,
+        0x33, 0xD3, 0x7C, 0x03, 0x04, 0x8E, 0xBA, 0x6A,
+        0x55, 0xB3, 0xC5, 0xDA, 0xCB, 0xDC, 0x44, 0xD3,
+        0x98, 0x77, 0xD3, 0x07, 0x8A, 0xE9, 0x5E, 0x44,
+        0x5B, 0xED, 0x12, 0xB1, 0xA5, 0x03, 0xAF, 0xB2,
+        0x20, 0x0C, 0xB1, 0x8B, 0x08, 0xB4, 0x6A, 0x11,
+        0x96, 0xA9, 0xF5, 0x7A, 0xFD, 0x56, 0x48, 0x11,
+        0xC0, 0x30, 0xA4, 0x45, 0xFC, 0xAE, 0x72, 0xE5,
+        0x5E, 0x85, 0xB7, 0x6F, 0xA0, 0x50, 0x13, 0x4B,
+        0x2E, 0xC2, 0x31, 0x13, 0xED, 0x04, 0x04, 0x3D,
+        0xBC, 0xD0, 0xB6, 0xFC, 0xCE, 0xBD, 0xC9, 0x13,
+        0x5C, 0xB2, 0x02, 0xB8, 0x4F, 0xDD, 0x74, 0x51,
+        0x1F, 0x9E, 0x8F, 0x0C, 0xF2, 0x26, 0xE1, 0x4C,
+        0xA5, 0xC4, 0x38, 0xC7, 0x6A, 0xA5, 0xC3, 0xC2,
+        0xE9, 0xF3, 0x22, 0x71, 0x00, 0x91, 0x83, 0xEE,
+        0x92, 0xA9, 0x95, 0x81, 0x9D, 0xB9, 0x0F, 0x66,
+        0x89, 0x9B, 0xB9, 0xB0, 0xC7, 0xED, 0x31, 0xDF,
+        0x41, 0xB6, 0x8E, 0x52, 0xAC, 0x5B, 0xBD, 0xF2,
+        0x33, 0x9F, 0x71, 0x5E, 0x43, 0xFE, 0xED, 0xD9,
+        0x4F, 0x57, 0xF9, 0x23, 0x05, 0x23, 0x03, 0x34,
+        0x17, 0xE4, 0x22, 0x27, 0x97, 0xF7, 0x62, 0x5B,
+        0x52, 0x66, 0x70, 0xEE, 0x6B, 0xD3, 0x46, 0x8C,
+        0xCD, 0x9B, 0xA4, 0xA1, 0xED, 0x26, 0x4A, 0xAC,
+        0xC2, 0x50, 0xA8, 0x2A, 0x48, 0x83, 0x46, 0xB2,
+        0xA5, 0xF9, 0x26, 0xF2, 0xE7, 0x8A, 0x8E, 0xD8,
+        0x40, 0x5F, 0x85, 0x8E, 0xAB, 0xB0, 0x29, 0xF7,
+        0x81, 0x42, 0xA7, 0x4B, 0xD5, 0xA8, 0x2D, 0x3D,
+        0xD7, 0x0A, 0xB1, 0x26, 0xCF, 0xA3, 0xBA, 0xD7,
+        0xF5, 0x1B, 0x9E, 0x95, 0xCB, 0xC8, 0xCE, 0x75,
+        0xE7, 0x7A, 0x4A, 0x1B, 0x63, 0x21, 0xB7, 0x74,
+        0x77, 0x78, 0xCD, 0x03, 0x5B, 0x3B, 0xCD, 0x44,
+        0x8E, 0xF1, 0xBB, 0xB6, 0xFF, 0x75, 0x52, 0x8A,
+        0x7A, 0xE9, 0xAF, 0x62, 0x24, 0xA1, 0x6F, 0x4F,
+        0x45, 0x03, 0x87, 0xA3, 0xED, 0xBC, 0x2E, 0x92,
+        0xC0, 0xB1, 0x9C, 0x22, 0x2E, 0x35, 0xC1, 0xA5,
+        0x7E, 0xC3, 0x36, 0x3B, 0x18, 0x14, 0x78, 0x6E,
+        0x1D, 0x37, 0xD7, 0x92, 0xB3, 0x78, 0x26, 0x13,
+        0x9A, 0xFB, 0x38, 0x1D, 0xE0, 0x4C, 0x07, 0xC4,
+        0x2C, 0xD3, 0xCA, 0x78, 0xE4, 0x70, 0xC2, 0x52,
+        0x7C, 0x63, 0xDB, 0x4B, 0xB4, 0x0A, 0x4B, 0x7D,
+        0x20, 0x67, 0xF0, 0xF4, 0x80, 0x5B, 0x65, 0x8B,
+        0x29, 0x80, 0x92, 0xF0, 0x87, 0x3D, 0x09, 0x5A,
+        0x0E, 0xEA, 0x45, 0x63, 0x92, 0x99, 0xD6, 0x0D,
+        0x2B, 0x58, 0xEE, 0x19, 0x03, 0x4F, 0x94, 0x2D,
+        0xEC, 0xBF, 0x5A, 0xE9, 0xA6, 0x16, 0xAF, 0x72,
+        0x37, 0x5C, 0x12, 0xBB, 0x7D, 0xED, 0xAA, 0x6A,
+        0x7D, 0xDF, 0x9A, 0x48, 0x37, 0x37, 0x3D, 0x7B,
+        0x51, 0x96, 0x0B, 0x30, 0xCE, 0x9C, 0xE7, 0x3B,
+        0x3C, 0x10, 0xDE, 0x32, 0xA7, 0x86, 0x39, 0xA9,
+        0x33, 0x7D, 0x9B, 0xCF, 0x15, 0x27, 0xA4, 0x36,
+        0x88, 0xBD, 0xB6, 0xEB, 0x8B, 0xD0, 0x3D, 0xCA,
+        0xF1, 0x02, 0x70, 0xDF, 0xC0, 0xE2, 0xF0, 0xD2,
+        0x2C, 0x27, 0xE3, 0x22, 0x24, 0x33, 0x27, 0x34,
+        0xCA, 0x26, 0x19, 0x74, 0x02, 0x2F, 0x7E, 0xC1,
+        0x76, 0xCB, 0x12, 0xBE, 0x6F, 0x13, 0x62, 0x1F,
+        0x32, 0x03, 0x65, 0xCF, 0xBB, 0x03, 0xD0, 0x4C,
+        0xF2, 0x9E, 0xFE, 0x93, 0xE9, 0x1B, 0x02, 0x9B,
+        0x7B, 0x26, 0xFF, 0xEE, 0xF0, 0x6F, 0xCE, 0x57,
+        0xD1, 0x2B, 0xE3, 0x90, 0x2E, 0xE2, 0x71, 0x2A,
+        0xBA, 0xCC, 0x3D, 0x27, 0xCE, 0xA3, 0x5A, 0xCA,
+        0x15, 0x09, 0xE4, 0xD0, 0x86, 0x4F, 0xEC, 0x5A,
+        0x5B, 0x41, 0xA0, 0xE0, 0x3E, 0x1D, 0xEC, 0x6F,
+        0x2A, 0x33, 0x72, 0x15, 0xCD, 0xE5, 0x55, 0xD6,
+        0x6F, 0x84, 0xE3, 0xD6, 0x75, 0x5D, 0xDC, 0x1C,
+        0x07, 0x3D, 0x0C, 0xDC, 0xDE, 0xF8, 0x8A, 0x44,
+        0x40, 0xB1, 0x76, 0x84, 0xB8, 0xE0, 0xAF, 0x9D,
+        0xA2, 0xB2, 0x84, 0xAA, 0xBF, 0x61, 0x08, 0x21,
+        0xE5, 0xC2, 0xC9, 0x11, 0x94, 0x2D, 0x0B, 0xD1,
+        0xC6, 0x59, 0xC1, 0xEE, 0xBA, 0x8E, 0x21, 0xAF,
+        0xDE, 0x32, 0x77, 0xD5, 0x07, 0x3B, 0x98, 0x39,
+        0x95, 0x77, 0x03, 0x80, 0x2F, 0xA2, 0x76, 0xC8,
+        0x2C, 0xC6, 0x6A, 0x00, 0xA8, 0x69, 0x77, 0xB8,
+        0x87, 0x7D, 0xC0, 0x51, 0x19, 0x45, 0x14, 0xA6,
+        0x33, 0xB3, 0x4D, 0x36, 0x29, 0x34, 0xE8, 0x50,
+        0xC2, 0x71, 0x7A, 0x0B, 0xE5, 0x92, 0x4E, 0x86,
+        0xAA, 0xDA, 0x33, 0xCF, 0x34, 0x54, 0x63, 0x2C,
+        0x68, 0xA1, 0x0A, 0xEF, 0x8B, 0x5B, 0xAA, 0x10,
+        0x83, 0xE9, 0x13, 0x7D, 0x29, 0x20, 0xA2, 0x5F,
+        0x96, 0x9F, 0x54, 0x0B, 0x95, 0xDF, 0x59, 0x91,
+        0x6C, 0x4C, 0xAC, 0xC4, 0x55, 0x98, 0x8F, 0x46,
+        0x31, 0x77, 0x56, 0xCC, 0x93, 0x7E, 0xF0, 0x17,
+        0x7C, 0x0F, 0xEB, 0x3F, 0x23, 0xBB, 0xD3, 0x56,
+        0x9E, 0x89, 0x67, 0xC4, 0x9B, 0x95, 0xA3, 0xBF,
+        0x6D, 0x9D, 0x6D, 0x7C, 0x72, 0x27, 0x20, 0x6E,
+        0x28, 0x37, 0x39, 0xFC, 0x77, 0x41, 0xE9, 0xFE,
+        0x64, 0xEF, 0xA0, 0x38, 0x9F, 0xC7, 0x2F, 0xDA,
+        0xC8, 0x1F, 0xEB, 0x75, 0x07, 0xB8, 0x7E, 0x6B,
+        0x73, 0xCE, 0x0E, 0x7C, 0x7C, 0x54, 0x06, 0x1D,
+        0x48, 0x8A, 0x06, 0x53, 0x95, 0x9B, 0x75, 0x8A,
+        0xFF, 0x6F, 0x7D, 0x19, 0x00, 0x17, 0x8D, 0x7C,
+        0x1A, 0xEA, 0xD0, 0x79, 0x45, 0x68, 0xF9, 0x2F,
+        0x8A, 0xCE, 0x98, 0xED, 0xCC, 0xE8, 0x6D, 0xE1,
+        0x08, 0xA0, 0x50, 0x2C, 0x43, 0x49, 0xC4, 0x99,
+        0x98, 0x31, 0xDE, 0x00, 0xE8, 0x08, 0x39, 0x0B,
+        0xBB, 0xDB, 0x65, 0xEA, 0x36, 0x0F, 0xBE, 0x98,
+        0xB7, 0x4A, 0x9C, 0x59, 0x34, 0x0E, 0xBB, 0xDD,
+        0x6F, 0x65, 0x21, 0x39, 0x23, 0x48, 0x57, 0x7F,
+        0xD4, 0x07, 0x89, 0x03, 0x01, 0xB0, 0x79, 0x27,
+        0x28, 0xCC, 0xFB, 0x88, 0xC5, 0xDD, 0x47, 0x2A,
+        0xDA, 0x73, 0x75, 0x9B, 0xC9, 0x99, 0xA0, 0x21,
+        0x34, 0xDF, 0xB1, 0x62, 0x2F, 0x61, 0xD8, 0xB7,
+        0x63, 0x2A, 0xC7, 0x7E, 0x3A, 0x98, 0x0B, 0x2C,
+        0xE5, 0x66, 0xF3, 0xD5, 0x30, 0xF0, 0xBC, 0x21,
+        0xC7, 0x51, 0x9B, 0xFB, 0x00, 0xBB, 0xAA, 0x9C,
+        0x85, 0xC3, 0x9B, 0x0C, 0xDC, 0x5F, 0x8D, 0x1B,
+        0xA1, 0x2B, 0x78, 0x82, 0xFE, 0x0F, 0x7C, 0x75,
+        0x6E, 0x75, 0x56, 0x74, 0x35, 0x25, 0xE5, 0xD0,
+        0xEC, 0x8E, 0xC1, 0xBD, 0x7D, 0x7A, 0xE3, 0xDC,
+        0xAD, 0xC6, 0x8D, 0xB6, 0x0D, 0x7A, 0xA1, 0x3C,
+        0xDB, 0x29, 0xFA, 0x15, 0xC0, 0xA9, 0xAF, 0x89,
+        0x0F, 0x18, 0x75, 0xE3, 0x97, 0x58, 0x62, 0x12,
+        0x79, 0xA9, 0x87, 0x7D, 0x9C, 0x69, 0x44, 0x9C,
+        0x41, 0x39, 0x2C, 0xAD, 0x98, 0x8B, 0x8D, 0xE4,
+        0x58, 0xEE, 0xCD, 0x98, 0x38, 0x5F, 0x79, 0x73,
+        0x0B, 0x5E, 0x26, 0xC1, 0x16, 0x24, 0x15, 0xD9,
+        0x73, 0x26, 0x41, 0x9B, 0x5F, 0xF9, 0x2A, 0xA8,
+        0xC1, 0x33, 0x74, 0x39, 0x1D, 0xBB, 0xE7, 0x36,
+        0xD9, 0x8C, 0x07, 0xAD, 0x32, 0xD6, 0x38, 0xBB,
+        0x44, 0xE6, 0x77, 0xC7, 0x11, 0x05, 0xCF, 0xB5,
+        0x72, 0x49, 0x68, 0x80, 0xC1, 0x67, 0x71, 0x5F,
+        0x9B, 0xFF, 0x6E, 0x71, 0x1A, 0xBE, 0x5A, 0x83,
+        0x25, 0x38, 0xC7, 0xE6, 0xDA, 0x88, 0x22, 0xDC,
+        0xA6, 0x03, 0x02, 0xD1, 0x59, 0xC6, 0xA8, 0x2F,
+        0xA4, 0x8F, 0xF8, 0x77, 0x3E, 0x0C, 0x6F, 0xA1,
+        0x73, 0xE1, 0x35, 0x55, 0xB2, 0xDF, 0xBF, 0x47,
+        0xB7, 0xD0, 0x8D, 0xBA, 0x35, 0x74, 0x44, 0x6B,
+        0xC0, 0xA7, 0x8D, 0x30, 0x08, 0xE4, 0x41, 0xD1,
+        0x55, 0x21, 0x50, 0xD9, 0x06, 0x12, 0x54, 0xB2,
+        0xF3, 0xFC, 0x5A, 0x1E, 0xF3, 0xE3, 0x84, 0x33,
+        0x34, 0x0B, 0xB5, 0x9A, 0x97, 0xFD, 0x51, 0xF4,
+        0x68, 0xFE, 0x8A, 0x92, 0xBF, 0x62, 0x9D, 0xCD,
+        0x00, 0x29, 0x39, 0x37, 0x12, 0xF3, 0x53, 0x6D,
+        0x6B, 0x24, 0xB8, 0x86, 0x68, 0xAD, 0x6A, 0x4B,
+        0x3A, 0x4C, 0x93, 0xA6, 0xB1, 0x41, 0xFA, 0x8E,
+        0x58, 0x63, 0xCD, 0x59, 0x80, 0xBF, 0xD7, 0xAB,
+        0x83, 0xC3, 0xCC, 0x5D, 0x2F, 0xBE, 0x80, 0xC7,
+        0xB1, 0x67, 0xDC, 0x92, 0x8C, 0xA9, 0x57, 0x36,
+        0x58, 0x0A, 0x52, 0x96, 0x0E, 0x20, 0x90, 0xCD,
+        0x87, 0x68, 0xF5, 0x93, 0xBB, 0x04, 0xD4, 0x48,
+        0xB6, 0x45, 0x30, 0xC0, 0xE3, 0xC2, 0x56, 0x8C,
+        0xE3, 0xA2, 0xC6, 0x42, 0x0F, 0x81, 0xF7, 0x4D,
+        0xF6, 0x88, 0x5D, 0x55, 0x07, 0x8E, 0xF1, 0xB3,
+        0x83, 0xB0, 0x20, 0x85, 0x4A, 0x63, 0x6A, 0x78,
+        0xA9, 0xEC, 0x13, 0x84, 0xF7, 0x4E, 0xBE, 0xB6,
+        0x5F, 0x5A, 0x25, 0xFF, 0xD4, 0x14, 0x7D, 0xA7,
+        0xEE, 0x40, 0xF6, 0x25, 0x7C, 0x7E, 0x34, 0xCA,
+        0xC9, 0x27, 0x0E, 0xA2, 0x78, 0xB6, 0xE6, 0x08,
+        0xA1, 0x9B, 0x56, 0x8D, 0x29, 0xE5, 0x8D, 0xEC,
+        0xAD, 0xDA, 0xD3, 0x3C, 0x59, 0xBA, 0xDB, 0x92,
+        0x52, 0x99, 0x3B, 0x31, 0x6B, 0x0B, 0x13, 0x00,
+        0x79, 0x3D, 0x69, 0x85, 0x3A, 0x6B, 0x90, 0x33,
+        0x96
+    };
+    static const byte rnd_44[] = {
+        0x08, 0x34, 0x57, 0xD4, 0x0E, 0x25, 0x04, 0x88,
+        0xA6, 0x0E, 0x76, 0x34, 0xA0, 0x1D, 0x43, 0x0A,
+        0x60, 0xE8, 0x57, 0x2B, 0xA8, 0x8A, 0xED, 0xC5,
+        0x54, 0x49, 0x18, 0x81, 0x37, 0x13, 0xA0, 0xB1
+    };
+    static const byte sig_44[] = {
+        0x63, 0xA8, 0x23, 0x20, 0xD4, 0xCE, 0x09, 0xC4,
+        0x7A, 0xD1, 0x27, 0xC5, 0xBB, 0x7F, 0x6C, 0x2D,
+        0xFF, 0x15, 0x29, 0xCD, 0xAF, 0x9F, 0x74, 0x56,
+        0xFF, 0xC2, 0xC6, 0xED, 0x90, 0x51, 0x17, 0xDC,
+        0xAD, 0x8C, 0x08, 0x7A, 0xC0, 0xD8, 0x9E, 0x0C,
+        0xE9, 0x61, 0xC0, 0x94, 0xFA, 0x9C, 0x2E, 0xDE,
+        0x27, 0x9C, 0x65, 0xE6, 0x99, 0xD1, 0xD1, 0x7E,
+        0xA6, 0x95, 0x98, 0x8F, 0xA1, 0xC4, 0x98, 0x3F,
+        0x7E, 0x1F, 0x18, 0x86, 0x2A, 0xFE, 0xB2, 0xEC,
+        0x9D, 0x0F, 0x5B, 0x0C, 0x11, 0xB2, 0xAA, 0x0B,
+        0xDE, 0x95, 0x7C, 0x40, 0xA1, 0x5B, 0xFF, 0x97,
+        0xD7, 0xCB, 0xCF, 0x4E, 0x59, 0xDA, 0xE9, 0xD5,
+        0xA3, 0xC9, 0xF8, 0x7D, 0xDD, 0xA5, 0xB9, 0x06,
+        0x9D, 0x82, 0xCC, 0x18, 0x10, 0x20, 0x80, 0x92,
+        0xBC, 0xBA, 0x1C, 0x43, 0x73, 0xF2, 0xA8, 0x3E,
+        0x19, 0x15, 0x80, 0x9E, 0x81, 0xD8, 0xD2, 0x06,
+        0xEA, 0x78, 0x10, 0x3F, 0x68, 0x66, 0x3D, 0xBE,
+        0xB1, 0x79, 0xB0, 0x28, 0x83, 0xCD, 0xD3, 0x33,
+        0xEE, 0xFE, 0x6D, 0x02, 0x39, 0x17, 0xC6, 0xF2,
+        0xA4, 0x6E, 0x5A, 0x5C, 0x45, 0x14, 0xF5, 0x7D,
+        0xCA, 0x7B, 0x62, 0x4A, 0xF4, 0xE7, 0x71, 0x7B,
+        0xD7, 0x1B, 0x51, 0x26, 0xE6, 0xDE, 0x2D, 0xC9,
+        0x65, 0x24, 0x30, 0x2C, 0x08, 0x04, 0xD7, 0xBE,
+        0x3A, 0xDA, 0x64, 0xAF, 0x11, 0x6F, 0xC6, 0xE7,
+        0x38, 0xEF, 0xA6, 0xE6, 0x5E, 0x87, 0x90, 0xB4,
+        0x0E, 0xB1, 0xB4, 0x83, 0x64, 0xD2, 0x15, 0xEF,
+        0xD6, 0x1F, 0x7A, 0x44, 0x75, 0x3A, 0x95, 0x50,
+        0x6E, 0x52, 0xC9, 0x9C, 0xE9, 0xB4, 0x56, 0xDC,
+        0x93, 0x85, 0x92, 0xF1, 0x35, 0xEC, 0x50, 0x1B,
+        0x3B, 0xCF, 0x82, 0xDA, 0x69, 0xA1, 0xDD, 0x44,
+        0xE8, 0xB3, 0xC1, 0xCB, 0x8D, 0xD5, 0x13, 0xD0,
+        0xF3, 0x14, 0x2C, 0x80, 0x82, 0x2C, 0x31, 0xBF,
+        0x75, 0x20, 0x14, 0x39, 0x9F, 0x81, 0x79, 0x76,
+        0x0F, 0xB6, 0x7D, 0xB6, 0x58, 0x1C, 0xF3, 0xE6,
+        0x93, 0x5A, 0x9B, 0xE1, 0x8B, 0x92, 0xC2, 0xDB,
+        0xF1, 0x89, 0xAA, 0x46, 0x67, 0xFA, 0x80, 0x45,
+        0x72, 0xAA, 0xB4, 0xE2, 0x5E, 0xE9, 0xD1, 0xA7,
+        0xA0, 0xD7, 0x05, 0x5C, 0xC6, 0xC7, 0x6D, 0x1D,
+        0x66, 0x3D, 0x35, 0x0C, 0xB7, 0x1A, 0xFA, 0xB1,
+        0xDB, 0xD0, 0xCB, 0x3A, 0x8B, 0xB7, 0x1B, 0x03,
+        0x60, 0xA0, 0xA4, 0xDA, 0xD0, 0xE2, 0x3A, 0x1E,
+        0xB5, 0xE4, 0x59, 0x68, 0x6A, 0x02, 0x94, 0x66,
+        0x05, 0x60, 0x08, 0x64, 0xB4, 0xEE, 0x0F, 0x3A,
+        0xCE, 0xFD, 0x40, 0x7B, 0x6F, 0xF5, 0x8D, 0x1E,
+        0xFF, 0x0C, 0x75, 0xAF, 0xC1, 0x41, 0xC6, 0x24,
+        0x1D, 0xF3, 0x76, 0x02, 0x48, 0x6B, 0xBA, 0x58,
+        0xBC, 0xBB, 0xFE, 0xD3, 0x51, 0xC2, 0x68, 0x21,
+        0x4B, 0x20, 0x4E, 0xAF, 0x8A, 0x0C, 0x74, 0x7F,
+        0x5F, 0xB7, 0xAA, 0x43, 0xFC, 0x5A, 0x77, 0xA1,
+        0x81, 0xCD, 0xBA, 0xE1, 0x31, 0x87, 0x1F, 0xA8,
+        0x1F, 0x76, 0x30, 0x6C, 0xE0, 0x84, 0xCD, 0x14,
+        0x4A, 0xDB, 0x67, 0xFD, 0x65, 0x8C, 0x35, 0xC0,
+        0x91, 0x6C, 0x2B, 0xCF, 0x5B, 0x89, 0x29, 0x58,
+        0x42, 0x9B, 0x65, 0xDB, 0x34, 0x7D, 0xD8, 0x31,
+        0xC9, 0xB8, 0x0D, 0x07, 0xD1, 0x94, 0x60, 0x63,
+        0x65, 0xDC, 0xB3, 0x70, 0x48, 0x46, 0x37, 0x18,
+        0x4D, 0x5D, 0xE0, 0xAC, 0x77, 0xD0, 0x9E, 0xE1,
+        0xD9, 0xB2, 0x2D, 0x09, 0xD6, 0xF8, 0x94, 0x96,
+        0x7B, 0x43, 0xD9, 0x76, 0x36, 0xE6, 0x24, 0xA4,
+        0x4A, 0xFF, 0x12, 0xFE, 0x30, 0x95, 0xD7, 0xCB,
+        0xA9, 0xA0, 0x3A, 0xCA, 0xFC, 0x52, 0x57, 0xB8,
+        0x20, 0x80, 0xF2, 0xD8, 0xAE, 0x3E, 0x18, 0xFC,
+        0x0D, 0xE0, 0x9D, 0x01, 0x7B, 0x03, 0xAD, 0x6B,
+        0xEE, 0xA4, 0xEC, 0x38, 0x40, 0xAC, 0x85, 0x42,
+        0xF8, 0xCF, 0x93, 0x10, 0x8F, 0x8C, 0xFE, 0xF8,
+        0x22, 0x64, 0xFC, 0xDD, 0x2C, 0xDD, 0x86, 0x97,
+        0x5B, 0x3F, 0x8F, 0xDF, 0x1F, 0x58, 0x22, 0x08,
+        0x26, 0x8A, 0x76, 0xE6, 0xC9, 0xFE, 0xDF, 0x42,
+        0x90, 0x8D, 0x52, 0x78, 0xA2, 0xBF, 0xBD, 0x3F,
+        0xD5, 0xD5, 0xDB, 0xAF, 0xDD, 0x5E, 0x2C, 0x2B,
+        0x9F, 0x2E, 0xDC, 0xC1, 0xC4, 0x52, 0x96, 0x38,
+        0x49, 0xCB, 0x34, 0xEC, 0x51, 0x00, 0x8D, 0x1B,
+        0xF6, 0xDA, 0x50, 0xA0, 0xD1, 0x9D, 0x82, 0x34,
+        0x5B, 0x78, 0x8C, 0x05, 0x40, 0xE1, 0x7B, 0x25,
+        0xFF, 0xDC, 0xE8, 0xD4, 0x45, 0x3B, 0xBE, 0x75,
+        0x1E, 0xDA, 0x96, 0xA4, 0x4C, 0x75, 0xFD, 0xD9,
+        0x00, 0x81, 0x85, 0x7D, 0xC0, 0xF8, 0x26, 0x2A,
+        0x30, 0x7B, 0x34, 0xCB, 0xEC, 0xD1, 0x56, 0x58,
+        0x69, 0xA3, 0x14, 0xD6, 0x4C, 0x09, 0xDC, 0x9D,
+        0x4A, 0x80, 0x26, 0x52, 0x2F, 0xDF, 0xE4, 0xCB,
+        0x5B, 0x8B, 0x11, 0x05, 0xDA, 0xE0, 0xDB, 0x66,
+        0xC8, 0x5B, 0xB4, 0x32, 0x1D, 0xBE, 0x76, 0x84,
+        0xEB, 0x6B, 0x6F, 0x85, 0x87, 0xD8, 0x32, 0x0C,
+        0x6D, 0xB3, 0x8D, 0xED, 0xD6, 0x18, 0x96, 0xED,
+        0x51, 0xAB, 0x0C, 0x7F, 0x42, 0x8F, 0x19, 0xD2,
+        0x55, 0xC6, 0xB0, 0xFD, 0xF5, 0x89, 0x51, 0xE5,
+        0xCD, 0xB1, 0x96, 0x9C, 0xD9, 0xA7, 0x93, 0x4E,
+        0xFD, 0xB9, 0xC8, 0x2E, 0x1E, 0x8D, 0x2A, 0x59,
+        0xC9, 0xF7, 0x9D, 0xF1, 0xAA, 0x93, 0xE5, 0x07,
+        0x1E, 0x3F, 0xAC, 0x73, 0x19, 0xFF, 0x68, 0x87,
+        0x8C, 0xF2, 0x49, 0xDC, 0xBD, 0xCD, 0x10, 0x46,
+        0x16, 0xCC, 0xC1, 0xC1, 0xFB, 0xD7, 0x85, 0x56,
+        0x9F, 0x55, 0x87, 0x10, 0x44, 0x1B, 0x31, 0xCA,
+        0xE3, 0x16, 0x7A, 0x4C, 0xD7, 0xDD, 0xD1, 0x86,
+        0x26, 0xC5, 0x43, 0x62, 0x96, 0x20, 0x32, 0xE6,
+        0xB7, 0xA2, 0x76, 0x05, 0x61, 0x96, 0xFC, 0x22,
+        0x96, 0x7E, 0x90, 0x7C, 0x32, 0x0A, 0x7A, 0xF5,
+        0x8C, 0xE3, 0xF5, 0x01, 0xC4, 0xCD, 0x31, 0x8A,
+        0x70, 0x75, 0x04, 0xF1, 0xC2, 0x59, 0xE5, 0x07,
+        0xA0, 0xD4, 0x7D, 0x25, 0x8E, 0x2F, 0x38, 0xE2,
+        0x6A, 0x53, 0x41, 0x34, 0x7A, 0x06, 0xB5, 0x8B,
+        0xB0, 0xBF, 0x21, 0xDE, 0xE6, 0x5F, 0x55, 0x6A,
+        0xD4, 0x88, 0xA7, 0x36, 0xD4, 0xC6, 0x5C, 0x82,
+        0xC6, 0x73, 0xC0, 0x60, 0xD7, 0xA6, 0xA0, 0x77,
+        0x5C, 0xF8, 0xC3, 0x9A, 0xA1, 0x31, 0xFD, 0x64,
+        0xDB, 0xB1, 0x7B, 0x72, 0x70, 0x4B, 0x7D, 0x1D,
+        0x24, 0xBC, 0x5F, 0x84, 0x08, 0x3B, 0xF8, 0xA6,
+        0x47, 0xEB, 0xED, 0xCF, 0xDD, 0xA0, 0x91, 0x14,
+        0x26, 0x7D, 0x77, 0xCF, 0xBF, 0x39, 0x9B, 0xD9,
+        0x2F, 0x3B, 0x2A, 0xA7, 0x2B, 0xBC, 0xF7, 0xDE,
+        0x9D, 0x69, 0xBF, 0x90, 0xA4, 0xDE, 0x2C, 0xF8,
+        0x24, 0x92, 0x7D, 0xE2, 0xB8, 0xBD, 0xF4, 0x6B,
+        0x10, 0x9E, 0xD6, 0x08, 0x51, 0xC5, 0x9C, 0x44,
+        0x8E, 0xCB, 0x44, 0x3F, 0x00, 0x26, 0x3C, 0x9C,
+        0x25, 0xF4, 0x62, 0x74, 0xD1, 0x7C, 0x29, 0x4C,
+        0xEB, 0xF2, 0x53, 0x7D, 0x8F, 0xEA, 0xBD, 0x78,
+        0xEE, 0xBC, 0xBA, 0x72, 0x64, 0xA5, 0xB9, 0x45,
+        0x08, 0xE0, 0xBF, 0x62, 0xEF, 0xC2, 0x1E, 0x06,
+        0xE1, 0xE2, 0xFB, 0x14, 0x44, 0xC5, 0xAB, 0x6F,
+        0x84, 0x7F, 0x52, 0x2F, 0x8A, 0xBE, 0xED, 0x04,
+        0x6D, 0x6D, 0xDC, 0xFF, 0xBC, 0xB8, 0xC8, 0x1F,
+        0xD0, 0x5D, 0x4D, 0x7F, 0x2E, 0x1B, 0xC9, 0x9B,
+        0xEA, 0xF8, 0xC1, 0xAF, 0xE3, 0xE0, 0x5B, 0x36,
+        0x90, 0xFE, 0xE4, 0xAA, 0x37, 0x5A, 0x3D, 0xCB,
+        0x77, 0x57, 0x7C, 0xCC, 0x6E, 0x3E, 0xBE, 0x8A,
+        0x98, 0x7C, 0x6D, 0x7E, 0x89, 0x60, 0x73, 0xC0,
+        0xCC, 0x0C, 0x48, 0x25, 0x46, 0xB5, 0x39, 0xB4,
+        0xFD, 0xF0, 0x4E, 0xED, 0x8E, 0x87, 0xF8, 0x5B,
+        0x00, 0xBE, 0x43, 0xA6, 0x0B, 0x21, 0x7E, 0x96,
+        0x88, 0x3B, 0x91, 0xD7, 0x88, 0x1A, 0xA0, 0xDD,
+        0x3E, 0xBF, 0x5B, 0x0D, 0x08, 0xD0, 0x85, 0x4E,
+        0xD4, 0x27, 0x8F, 0xC9, 0x02, 0xE0, 0x60, 0xEA,
+        0x16, 0xFB, 0xC2, 0x54, 0xA5, 0x08, 0xC8, 0x6F,
+        0x7A, 0xE7, 0x54, 0x93, 0xB8, 0xDD, 0xA0, 0x86,
+        0xE9, 0xC1, 0xB2, 0x17, 0xF5, 0xC9, 0x11, 0x97,
+        0x83, 0x66, 0x88, 0xCD, 0x2D, 0x0B, 0xB8, 0xE5,
+        0x52, 0xD1, 0x13, 0x7A, 0xA7, 0xEB, 0xD5, 0xD5,
+        0x60, 0x53, 0x8E, 0x9B, 0xB6, 0xB4, 0x1D, 0x06,
+        0x90, 0xB0, 0x6C, 0x66, 0xD1, 0x57, 0x5B, 0x86,
+        0x1C, 0x8A, 0x7D, 0x3A, 0x88, 0x4C, 0xC9, 0x88,
+        0x1A, 0xC3, 0x00, 0x1F, 0x30, 0x0D, 0xF3, 0x47,
+        0x62, 0x79, 0x85, 0x89, 0xF9, 0xEE, 0x5C, 0x92,
+        0x43, 0x61, 0x53, 0xD8, 0xC7, 0x32, 0x55, 0x9B,
+        0x33, 0x3D, 0x69, 0x8F, 0x3E, 0xC5, 0x82, 0x0E,
+        0x8A, 0xA5, 0xF2, 0xE5, 0xA7, 0x69, 0xC2, 0xB4,
+        0x7A, 0xFA, 0x27, 0x5F, 0xE4, 0x74, 0xAF, 0x81,
+        0x37, 0xC7, 0x01, 0x9A, 0xF2, 0xE6, 0x0C, 0xA7,
+        0x5E, 0xDB, 0xE4, 0x8F, 0x81, 0xA6, 0x51, 0xCE,
+        0x6B, 0xAB, 0xD3, 0x37, 0x4C, 0x07, 0x72, 0xA8,
+        0xAC, 0x36, 0x77, 0xB1, 0x0F, 0x54, 0x77, 0x17,
+        0xC9, 0x67, 0x50, 0xDA, 0x44, 0x8B, 0xD9, 0xC7,
+        0x93, 0x8C, 0x66, 0xCD, 0x6F, 0xB7, 0x5D, 0x73,
+        0x2D, 0xAC, 0x83, 0x1A, 0xDC, 0xE9, 0x17, 0x6D,
+        0x94, 0x85, 0x6E, 0x1B, 0xF6, 0x08, 0x38, 0xD0,
+        0x9E, 0x63, 0x23, 0xA2, 0x7B, 0x16, 0x09, 0xF9,
+        0xC1, 0x21, 0xF4, 0x98, 0xD2, 0xBB, 0x68, 0x58,
+        0x18, 0xA0, 0x0D, 0xE7, 0xBA, 0x6B, 0x28, 0x47,
+        0xC5, 0x16, 0x14, 0x9F, 0x35, 0x6E, 0xCE, 0xF0,
+        0x4F, 0x34, 0xEA, 0x48, 0x35, 0x46, 0xFE, 0xEB,
+        0x12, 0xEA, 0x40, 0x77, 0x62, 0x04, 0x30, 0xC3,
+        0x9D, 0xBF, 0x47, 0xC0, 0x5E, 0xED, 0x5E, 0xD5,
+        0x87, 0xFF, 0xF5, 0x92, 0x21, 0x7C, 0xA9, 0x5A,
+        0x2C, 0x3D, 0x1E, 0x6F, 0x6F, 0xF9, 0xFF, 0x20,
+        0x9F, 0x8B, 0x30, 0xA9, 0x9D, 0x56, 0xA3, 0x97,
+        0x7A, 0x33, 0x17, 0x49, 0x0B, 0x2B, 0x00, 0x1F,
+        0x43, 0xCD, 0x8D, 0xDD, 0x1D, 0x8F, 0xC1, 0x6A,
+        0x3F, 0xA9, 0xB4, 0x31, 0x54, 0x62, 0x84, 0x5B,
+        0x99, 0x5D, 0x2A, 0xB7, 0x6E, 0xA5, 0x39, 0xC7,
+        0xF0, 0x4C, 0x31, 0x6C, 0x71, 0xD6, 0x00, 0xE1,
+        0xAC, 0x4F, 0xD5, 0xC8, 0xC6, 0x34, 0x3B, 0xC8,
+        0x05, 0x5F, 0x17, 0x00, 0xB4, 0x0E, 0xA2, 0xF1,
+        0xAB, 0xE9, 0x4B, 0xE0, 0x06, 0x01, 0x3A, 0xA2,
+        0x61, 0xF0, 0x72, 0x0A, 0xB7, 0x99, 0xD0, 0xFC,
+        0x6D, 0xB5, 0xE9, 0xA4, 0xC3, 0xC5, 0xA7, 0xF8,
+        0x2D, 0x70, 0xD2, 0x8E, 0x41, 0x0D, 0xD1, 0x64,
+        0xE3, 0xE4, 0x61, 0xA4, 0x6E, 0x81, 0xFB, 0xDC,
+        0xB8, 0x10, 0x84, 0x8B, 0xCE, 0xE0, 0x6F, 0x88,
+        0x33, 0x25, 0x64, 0x6E, 0x1E, 0x2A, 0x69, 0x3F,
+        0xA5, 0xDA, 0x7C, 0x25, 0xEB, 0x21, 0xC4, 0xEA,
+        0xB8, 0x7D, 0xC7, 0x87, 0xA2, 0x67, 0x7C, 0xEB,
+        0x6A, 0x26, 0xE1, 0x06, 0xFE, 0x78, 0xE1, 0x18,
+        0xFF, 0x54, 0x71, 0x3E, 0x00, 0x59, 0x7B, 0xFA,
+        0x52, 0x8C, 0x2A, 0xED, 0x06, 0x9A, 0x12, 0x6D,
+        0xE3, 0x74, 0x6F, 0x06, 0x65, 0xE1, 0x75, 0x80,
+        0x63, 0x0F, 0x70, 0x2F, 0xAB, 0xC0, 0xF1, 0xCD,
+        0x7F, 0x57, 0xAA, 0x71, 0xF6, 0x38, 0xD8, 0xAF,
+        0x37, 0xD3, 0xD9, 0xE0, 0xA7, 0xE9, 0x05, 0x5D,
+        0xA3, 0xDF, 0x86, 0x48, 0x3F, 0x25, 0xDE, 0xBA,
+        0x18, 0xCE, 0xF6, 0x99, 0xEB, 0x87, 0x70, 0xC7,
+        0x85, 0x84, 0x79, 0x8A, 0xD8, 0x02, 0x8B, 0xAD,
+        0xC5, 0x9D, 0x2A, 0xF9, 0xAE, 0xAE, 0x37, 0xEC,
+        0x93, 0x91, 0x16, 0x10, 0x5F, 0x9F, 0x64, 0xEF,
+        0x82, 0x78, 0xC6, 0x4D, 0xED, 0x3F, 0xD4, 0x33,
+        0xA7, 0xB8, 0x82, 0x09, 0x16, 0xBE, 0xDC, 0x6B,
+        0x7A, 0x75, 0x69, 0x8A, 0xDE, 0xD3, 0xFD, 0xE8,
+        0x86, 0x75, 0x42, 0x83, 0x03, 0x57, 0x30, 0x70,
+        0xA5, 0xA3, 0x85, 0x1F, 0x9F, 0x21, 0xEA, 0xC7,
+        0x80, 0xFA, 0x8A, 0xA4, 0x02, 0x3E, 0x39, 0x11,
+        0x48, 0x7D, 0x85, 0x2A, 0x53, 0x77, 0x43, 0x5A,
+        0x5F, 0xFF, 0x9C, 0x60, 0x4B, 0x5D, 0x95, 0xB0,
+        0x96, 0x8A, 0xE0, 0xEC, 0xF4, 0x43, 0x1B, 0x10,
+        0x3F, 0xA6, 0xBA, 0x71, 0xC4, 0xDC, 0x81, 0x73,
+        0xA2, 0xDE, 0x1F, 0x79, 0xDD, 0xB6, 0x0D, 0x2D,
+        0x0C, 0x8E, 0x56, 0x55, 0xD0, 0x94, 0x44, 0x29,
+        0x16, 0x92, 0x99, 0x2D, 0x99, 0xFC, 0x48, 0xF2,
+        0x16, 0x0E, 0xC0, 0xAC, 0xE4, 0xC4, 0x92, 0x07,
+        0xBB, 0xB7, 0x6D, 0x7F, 0x2A, 0x85, 0xE1, 0x81,
+        0x02, 0xB9, 0x5A, 0x51, 0x45, 0x88, 0xF5, 0x9F,
+        0x16, 0x2D, 0x33, 0xCE, 0xD6, 0x18, 0x07, 0x03,
+        0xED, 0xC3, 0x6C, 0x8B, 0x33, 0x94, 0x88, 0x81,
+        0x0D, 0x2E, 0xAE, 0x96, 0x25, 0xCE, 0xE3, 0x83,
+        0x27, 0x1C, 0x71, 0x72, 0xEE, 0xD6, 0xB5, 0x48,
+        0x69, 0x60, 0xE8, 0x99, 0x18, 0x74, 0xB0, 0x13,
+        0x53, 0x59, 0x3D, 0x70, 0x70, 0xBD, 0xEB, 0x7A,
+        0x9F, 0x92, 0x29, 0xAB, 0x77, 0x0E, 0xEB, 0x46,
+        0x37, 0x8D, 0x57, 0xD9, 0x56, 0xDF, 0x7A, 0x86,
+        0x40, 0x04, 0x02, 0x98, 0xF7, 0x00, 0xF4, 0x41,
+        0x5B, 0xDD, 0x3A, 0x96, 0x15, 0xA4, 0x65, 0xDB,
+        0x01, 0x28, 0x22, 0x12, 0xCF, 0x1A, 0xEC, 0x4B,
+        0x0B, 0x8C, 0xB3, 0xB1, 0x7E, 0x5E, 0xFA, 0x28,
+        0x6C, 0x6C, 0x04, 0x5B, 0x43, 0x9C, 0x74, 0x9F,
+        0xE1, 0xD4, 0x50, 0x75, 0xD8, 0xE7, 0xA0, 0x0F,
+        0xBE, 0x84, 0x48, 0xFC, 0xAC, 0xAA, 0x15, 0x3D,
+        0x69, 0x70, 0x9D, 0x9F, 0xF2, 0xB9, 0x7C, 0xDB,
+        0x26, 0xC0, 0xC3, 0x79, 0x28, 0x7C, 0xE6, 0x48,
+        0x61, 0xAD, 0xD7, 0x89, 0xD0, 0xC8, 0x93, 0x9A,
+        0x14, 0x21, 0xB0, 0x85, 0xD6, 0x23, 0x4C, 0xE1,
+        0xA7, 0x49, 0xDE, 0x3D, 0xCB, 0xE8, 0xE0, 0x61,
+        0x5C, 0xB3, 0xBC, 0xDC, 0x6A, 0x81, 0xA5, 0xC4,
+        0x9D, 0x92, 0x85, 0x74, 0x5F, 0x1C, 0xA8, 0xA0,
+        0x64, 0x1E, 0x32, 0x68, 0x83, 0x41, 0x93, 0x34,
+        0x82, 0x18, 0x3E, 0x24, 0x5C, 0x1F, 0x9C, 0xD2,
+        0x80, 0x28, 0xC3, 0x8A, 0x23, 0x18, 0x1A, 0x44,
+        0x5A, 0xA6, 0xEA, 0xCC, 0xE2, 0x06, 0x06, 0xE6,
+        0xF7, 0xF1, 0xDF, 0x70, 0x68, 0x83, 0xCD, 0xA5,
+        0x2F, 0x3F, 0x2B, 0x68, 0xDE, 0x26, 0xDD, 0x37,
+        0x71, 0xE9, 0x50, 0x03, 0x2C, 0xC7, 0x20, 0x0C,
+        0x20, 0x23, 0xC8, 0x24, 0x96, 0x50, 0x82, 0x82,
+        0xCD, 0x3B, 0xC4, 0x7F, 0xEC, 0xE5, 0xD9, 0x7C,
+        0xA1, 0xCE, 0x35, 0x74, 0x4D, 0x03, 0xD7, 0xA4,
+        0x28, 0xB7, 0xAF, 0x12, 0xB0, 0xCB, 0x8E, 0x65,
+        0x7C, 0x01, 0x30, 0xF8, 0xA3, 0xA2, 0x54, 0x97,
+        0x6E, 0xC8, 0xF7, 0xDC, 0xCF, 0x3A, 0xBF, 0x31,
+        0xF4, 0xB0, 0xB3, 0xF7, 0x12, 0x6F, 0xFC, 0x48,
+        0x77, 0xF3, 0xD1, 0xA0, 0x66, 0xD2, 0x6A, 0x23,
+        0x2F, 0xA9, 0x99, 0x21, 0x61, 0x22, 0x54, 0x11,
+        0xED, 0x7D, 0xDB, 0x93, 0xC3, 0x5C, 0x6A, 0x37,
+        0x7F, 0x30, 0xCF, 0x22, 0xAA, 0x39, 0x2D, 0x5C,
+        0x4F, 0xEE, 0x4F, 0x73, 0xC9, 0xEF, 0x6E, 0xD3,
+        0xA0, 0x27, 0x97, 0x14, 0x52, 0x3B, 0x19, 0x18,
+        0x65, 0x1E, 0x9B, 0x0F, 0xFA, 0x55, 0x0F, 0x16,
+        0x10, 0x53, 0xEE, 0x78, 0x01, 0x39, 0x7B, 0x4C,
+        0x18, 0x49, 0x98, 0x7C, 0x17, 0x9E, 0x76, 0x3E,
+        0xCC, 0x60, 0xA4, 0xE4, 0xC5, 0x36, 0xB7, 0xE2,
+        0x66, 0x3E, 0x4C, 0x72, 0x67, 0x14, 0xB0, 0x2E,
+        0xC3, 0x16, 0x9E, 0x84, 0x07, 0xBA, 0x59, 0x2B,
+        0x0E, 0xB8, 0x46, 0xF3, 0x69, 0x2D, 0xD4, 0x46,
+        0x51, 0xEE, 0x08, 0x47, 0x21, 0xCA, 0xC0, 0xFE,
+        0x1C, 0xCC, 0x30, 0x27, 0x07, 0xEF, 0xE2, 0x46,
+        0x64, 0xE0, 0x5B, 0xDC, 0x69, 0xC8, 0x39, 0x04,
+        0xAC, 0xB8, 0xCF, 0x97, 0x12, 0x1C, 0x7E, 0x5C,
+        0x6D, 0xB2, 0x7E, 0xA2, 0x8E, 0x77, 0xBC, 0xDA,
+        0x55, 0xD2, 0xBC, 0xC1, 0xC5, 0xFC, 0xC5, 0x52,
+        0xAB, 0x83, 0xBC, 0xE4, 0x23, 0x8C, 0xA1, 0x80,
+        0x62, 0xC2, 0xD2, 0x3A, 0x8B, 0x80, 0x0C, 0x82,
+        0x09, 0xC3, 0xA4, 0xCD, 0xDA, 0xF1, 0x16, 0x16,
+        0x57, 0x8A, 0x84, 0x55, 0x66, 0xFC, 0x28, 0x9A,
+        0x8E, 0x3C, 0x88, 0xF5, 0x54, 0xC4, 0x92, 0x60,
+        0x71, 0xDA, 0x89, 0x32, 0x6B, 0xEB, 0x25, 0x9A,
+        0x0E, 0x1F, 0x6D, 0x84, 0x4E, 0xBF, 0x7B, 0x28,
+        0x1F, 0x9F, 0xC3, 0x74, 0x3A, 0x65, 0x49, 0x9E,
+        0x73, 0x94, 0x63, 0x48, 0x18, 0xE1, 0x33, 0xFA,
+        0xC6, 0x64, 0xFA, 0x0C, 0x88, 0xF1, 0x01, 0xCE,
+        0xC3, 0xFE, 0xD8, 0x79, 0x29, 0x50, 0xBF, 0x6E,
+        0x49, 0x74, 0x84, 0x9E, 0x1E, 0xBD, 0x27, 0x69,
+        0x1B, 0xF5, 0x51, 0x9B, 0x70, 0x2E, 0x1A, 0xA4,
+        0xB3, 0xDB, 0xAD, 0xAB, 0x5D, 0xFA, 0x34, 0xFB,
+        0x0E, 0xD9, 0xD4, 0xA9, 0xDF, 0x4B, 0x6B, 0x63,
+        0xCA, 0x71, 0x65, 0xE2, 0xA9, 0x08, 0x27, 0x40,
+        0x8C, 0x48, 0x2D, 0x9D, 0xBC, 0x97, 0x24, 0x68,
+        0x58, 0x4F, 0x42, 0x37, 0x60, 0x04, 0xE7, 0x8B,
+        0xE0, 0x67, 0x00, 0x9E, 0x43, 0x30, 0x4B, 0xED,
+        0xC1, 0x07, 0xA4, 0xE2, 0xA8, 0x9C, 0xAF, 0x18,
+        0x5C, 0x9B, 0xB7, 0xE9, 0xFD, 0x2C, 0xB9, 0x2A,
+        0xEF, 0x36, 0x3B, 0xD7, 0x96, 0xF3, 0x60, 0x4E,
+        0xDC, 0x08, 0xA7, 0xC5, 0x45, 0xB8, 0x37, 0x02,
+        0xD3, 0xCF, 0x80, 0x88, 0x52, 0x10, 0x3E, 0x01,
+        0x3B, 0xFE, 0xA1, 0x61, 0xAF, 0x25, 0x0B, 0xCC,
+        0x72, 0x77, 0x1D, 0x0C, 0x48, 0x4D, 0xD5, 0x55,
+        0x41, 0x72, 0x3A, 0x21, 0x0D, 0x68, 0x3B, 0x99,
+        0x8C, 0xDB, 0xAF, 0x3D, 0x9A, 0x5E, 0x71, 0x78,
+        0x6F, 0x1C, 0xF4, 0x7B, 0x86, 0x22, 0x51, 0xB5,
+        0x16, 0x33, 0x60, 0x87, 0x9A, 0xC0, 0x20, 0x2D,
+        0x33, 0x49, 0x51, 0x54, 0x5C, 0x5F, 0x71, 0x76,
+        0x7C, 0x8F, 0x96, 0xA9, 0xD6, 0xE4, 0xF2, 0x1F,
+        0x28, 0x43, 0x4D, 0x7E, 0x96, 0xBB, 0xC5, 0xE3,
+        0xEF, 0xF3, 0xFD, 0x02, 0x0C, 0x17, 0x23, 0x3E,
+        0x7F, 0x99, 0xB0, 0xE3, 0xE8, 0xF5, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x06, 0x17, 0x23, 0x2E
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte sk_65[] = {
+        0xF2, 0x6B, 0xFE, 0x12, 0x68, 0x86, 0xF4, 0x82,
+        0x22, 0x94, 0x4D, 0x02, 0x18, 0xFA, 0xC1, 0x7C,
+        0xD8, 0xA9, 0xCC, 0x6D, 0x67, 0xA0, 0x23, 0xFD,
+        0xC0, 0x7A, 0xFF, 0xC2, 0xD0, 0x25, 0xF7, 0x70,
+        0x63, 0x85, 0x0D, 0x88, 0x0E, 0x98, 0xFE, 0xE5,
+        0x02, 0xE0, 0x17, 0x32, 0x70, 0x00, 0xCC, 0xAF,
+        0x61, 0x45, 0x73, 0xB3, 0x5A, 0xDE, 0xFE, 0xBC,
+        0xAC, 0xEE, 0xA4, 0xB2, 0xC4, 0xD0, 0x45, 0xE5,
+        0xBB, 0xFD, 0x3E, 0x5A, 0x72, 0xE3, 0x71, 0xAD,
+        0x83, 0xB9, 0x94, 0x98, 0x77, 0xD8, 0xE6, 0x56,
+        0xD4, 0x6B, 0x47, 0x75, 0x0F, 0x73, 0x0F, 0x96,
+        0xDB, 0x43, 0x0B, 0x18, 0x60, 0x88, 0x67, 0x5D,
+        0x9A, 0x9B, 0xD7, 0x8E, 0x47, 0xB8, 0x9D, 0x04,
+        0xA8, 0x51, 0x7E, 0xD2, 0x22, 0x06, 0x95, 0x33,
+        0x9F, 0x99, 0xA9, 0x7F, 0x35, 0x3C, 0xE4, 0x20,
+        0x47, 0x77, 0x20, 0x9F, 0x5F, 0x3C, 0x9E, 0x9A,
+        0x36, 0x14, 0x54, 0x01, 0x57, 0x48, 0x60, 0x50,
+        0x75, 0x28, 0x64, 0x61, 0x72, 0x60, 0x54, 0x20,
+        0x75, 0x48, 0x60, 0x32, 0x73, 0x85, 0x34, 0x24,
+        0x68, 0x63, 0x71, 0x73, 0x81, 0x26, 0x71, 0x68,
+        0x32, 0x61, 0x24, 0x71, 0x14, 0x18, 0x26, 0x15,
+        0x05, 0x77, 0x36, 0x27, 0x50, 0x35, 0x21, 0x82,
+        0x50, 0x15, 0x31, 0x47, 0x48, 0x24, 0x43, 0x76,
+        0x18, 0x85, 0x66, 0x18, 0x05, 0x64, 0x27, 0x01,
+        0x06, 0x06, 0x01, 0x45, 0x42, 0x60, 0x80, 0x68,
+        0x25, 0x08, 0x08, 0x36, 0x13, 0x05, 0x04, 0x32,
+        0x34, 0x87, 0x00, 0x70, 0x71, 0x70, 0x02, 0x51,
+        0x37, 0x15, 0x08, 0x28, 0x25, 0x72, 0x61, 0x67,
+        0x08, 0x52, 0x63, 0x44, 0x07, 0x88, 0x60, 0x42,
+        0x03, 0x17, 0x24, 0x64, 0x80, 0x08, 0x70, 0x23,
+        0x56, 0x41, 0x46, 0x17, 0x46, 0x01, 0x57, 0x74,
+        0x02, 0x76, 0x31, 0x64, 0x73, 0x83, 0x50, 0x62,
+        0x72, 0x61, 0x62, 0x75, 0x45, 0x73, 0x46, 0x33,
+        0x65, 0x14, 0x36, 0x46, 0x12, 0x26, 0x04, 0x34,
+        0x02, 0x81, 0x20, 0x34, 0x41, 0x88, 0x26, 0x77,
+        0x33, 0x40, 0x18, 0x58, 0x03, 0x41, 0x16, 0x58,
+        0x88, 0x04, 0x88, 0x32, 0x71, 0x05, 0x85, 0x83,
+        0x42, 0x55, 0x34, 0x20, 0x18, 0x46, 0x12, 0x54,
+        0x28, 0x03, 0x67, 0x10, 0x84, 0x31, 0x76, 0x00,
+        0x40, 0x85, 0x46, 0x71, 0x71, 0x56, 0x00, 0x50,
+        0x15, 0x33, 0x43, 0x13, 0x37, 0x57, 0x13, 0x86,
+        0x43, 0x77, 0x85, 0x57, 0x54, 0x81, 0x75, 0x60,
+        0x37, 0x31, 0x28, 0x52, 0x20, 0x78, 0x65, 0x53,
+        0x76, 0x10, 0x84, 0x87, 0x57, 0x13, 0x66, 0x03,
+        0x56, 0x81, 0x36, 0x66, 0x68, 0x41, 0x55, 0x64,
+        0x63, 0x70, 0x26, 0x21, 0x02, 0x30, 0x28, 0x35,
+        0x02, 0x45, 0x88, 0x80, 0x02, 0x06, 0x44, 0x58,
+        0x24, 0x13, 0x88, 0x83, 0x22, 0x34, 0x22, 0x50,
+        0x47, 0x11, 0x01, 0x86, 0x45, 0x60, 0x67, 0x36,
+        0x82, 0x22, 0x18, 0x74, 0x11, 0x60, 0x58, 0x60,
+        0x87, 0x26, 0x31, 0x85, 0x12, 0x70, 0x84, 0x83,
+        0x88, 0x68, 0x88, 0x51, 0x00, 0x55, 0x02, 0x57,
+        0x77, 0x42, 0x13, 0x23, 0x14, 0x04, 0x76, 0x80,
+        0x72, 0x25, 0x51, 0x56, 0x10, 0x63, 0x12, 0x21,
+        0x03, 0x86, 0x27, 0x30, 0x28, 0x12, 0x01, 0x37,
+        0x48, 0x32, 0x53, 0x86, 0x15, 0x46, 0x50, 0x05,
+        0x34, 0x87, 0x61, 0x04, 0x88, 0x18, 0x35, 0x85,
+        0x44, 0x46, 0x24, 0x67, 0x43, 0x83, 0x02, 0x26,
+        0x56, 0x41, 0x41, 0x77, 0x86, 0x56, 0x41, 0x75,
+        0x25, 0x61, 0x36, 0x05, 0x47, 0x65, 0x00, 0x14,
+        0x32, 0x38, 0x16, 0x81, 0x06, 0x30, 0x61, 0x25,
+        0x16, 0x30, 0x50, 0x44, 0x13, 0x08, 0x75, 0x00,
+        0x50, 0x20, 0x68, 0x21, 0x55, 0x74, 0x61, 0x18,
+        0x62, 0x05, 0x15, 0x51, 0x08, 0x24, 0x01, 0x13,
+        0x81, 0x33, 0x64, 0x83, 0x23, 0x00, 0x55, 0x73,
+        0x62, 0x40, 0x61, 0x75, 0x15, 0x78, 0x21, 0x14,
+        0x13, 0x64, 0x21, 0x47, 0x07, 0x76, 0x80, 0x76,
+        0x76, 0x17, 0x75, 0x50, 0x61, 0x14, 0x40, 0x82,
+        0x87, 0x83, 0x50, 0x87, 0x30, 0x86, 0x35, 0x30,
+        0x28, 0x20, 0x10, 0x01, 0x48, 0x18, 0x34, 0x65,
+        0x23, 0x10, 0x25, 0x42, 0x40, 0x22, 0x54, 0x34,
+        0x35, 0x33, 0x71, 0x70, 0x20, 0x61, 0x55, 0x74,
+        0x33, 0x01, 0x02, 0x60, 0x58, 0x24, 0x80, 0x12,
+        0x46, 0x41, 0x38, 0x10, 0x76, 0x67, 0x34, 0x63,
+        0x48, 0x85, 0x06, 0x48, 0x04, 0x23, 0x22, 0x66,
+        0x57, 0x71, 0x68, 0x18, 0x04, 0x32, 0x01, 0x31,
+        0x01, 0x55, 0x22, 0x27, 0x55, 0x72, 0x10, 0x00,
+        0x43, 0x88, 0x76, 0x62, 0x84, 0x77, 0x07, 0x77,
+        0x14, 0x07, 0x20, 0x53, 0x74, 0x17, 0x51, 0x17,
+        0x66, 0x84, 0x47, 0x83, 0x61, 0x03, 0x52, 0x10,
+        0x05, 0x40, 0x46, 0x55, 0x61, 0x47, 0x26, 0x70,
+        0x40, 0x22, 0x10, 0x34, 0x41, 0x01, 0x03, 0x48,
+        0x33, 0x05, 0x72, 0x32, 0x75, 0x82, 0x45, 0x85,
+        0x20, 0x70, 0x80, 0x82, 0x20, 0x23, 0x62, 0x81,
+        0x15, 0x47, 0x80, 0x23, 0x67, 0x23, 0x73, 0x34,
+        0x44, 0x33, 0x85, 0x10, 0x05, 0x50, 0x30, 0x03,
+        0x48, 0x13, 0x01, 0x36, 0x45, 0x11, 0x06, 0x33,
+        0x82, 0x22, 0x78, 0x75, 0x42, 0x02, 0x40, 0x45,
+        0x04, 0x47, 0x43, 0x05, 0x30, 0x44, 0x42, 0x02,
+        0x28, 0x26, 0x64, 0x24, 0x74, 0x75, 0x86, 0x11,
+        0x85, 0x43, 0x25, 0x46, 0x10, 0x62, 0x82, 0x71,
+        0x08, 0x27, 0x45, 0x13, 0x73, 0x18, 0x84, 0x73,
+        0x51, 0x51, 0x67, 0x14, 0x70, 0x11, 0x07, 0x08,
+        0x62, 0x16, 0x25, 0x27, 0x36, 0x68, 0x44, 0x01,
+        0x18, 0x63, 0x74, 0x50, 0x31, 0x13, 0x43, 0x65,
+        0x80, 0x11, 0x16, 0x52, 0x86, 0x42, 0x51, 0x81,
+        0x51, 0x17, 0x05, 0x68, 0x05, 0x73, 0x60, 0x37,
+        0x63, 0x85, 0x86, 0x11, 0x23, 0x23, 0x38, 0x13,
+        0x87, 0x48, 0x82, 0x74, 0x71, 0x81, 0x87, 0x65,
+        0x58, 0x26, 0x60, 0x34, 0x76, 0x16, 0x15, 0x24,
+        0x06, 0x78, 0x16, 0x40, 0x03, 0x45, 0x72, 0x31,
+        0x63, 0x73, 0x31, 0x85, 0x02, 0x66, 0x44, 0x36,
+        0x24, 0x82, 0x56, 0x38, 0x86, 0x10, 0x40, 0x54,
+        0x72, 0x70, 0x24, 0x22, 0x72, 0x78, 0x47, 0x07,
+        0x86, 0x30, 0x48, 0x72, 0x84, 0x57, 0x06, 0x34,
+        0x78, 0x37, 0x63, 0x25, 0x56, 0x64, 0x81, 0x30,
+        0x62, 0x77, 0x22, 0x84, 0x20, 0x10, 0x74, 0x25,
+        0x04, 0x21, 0x76, 0x47, 0x72, 0x35, 0x05, 0x06,
+        0x22, 0x50, 0x34, 0x11, 0x26, 0x67, 0x03, 0x05,
+        0x42, 0x04, 0x16, 0x01, 0x27, 0x17, 0x86, 0x67,
+        0x70, 0x51, 0x53, 0x13, 0x12, 0x62, 0x03, 0x25,
+        0x05, 0x38, 0x37, 0x44, 0x02, 0x66, 0x84, 0x74,
+        0x14, 0x40, 0x35, 0x20, 0x40, 0x30, 0x44, 0x64,
+        0x27, 0x50, 0x77, 0x47, 0x06, 0x15, 0x84, 0x48,
+        0x13, 0x14, 0x32, 0x48, 0x11, 0x74, 0x80, 0x68,
+        0x85, 0x81, 0x17, 0x67, 0x38, 0x22, 0x76, 0x16,
+        0x18, 0x44, 0x55, 0x47, 0x85, 0x36, 0x44, 0x11,
+        0x52, 0x01, 0x81, 0x50, 0x41, 0x00, 0x00, 0x25,
+        0x83, 0x41, 0x62, 0x22, 0x12, 0x54, 0x88, 0x77,
+        0x70, 0x48, 0x84, 0x25, 0x77, 0x75, 0x40, 0x16,
+        0x46, 0x24, 0x88, 0x81, 0x65, 0x70, 0x02, 0x66,
+        0x28, 0x64, 0x12, 0x40, 0x30, 0x60, 0x53, 0x06,
+        0x44, 0x02, 0x48, 0x78, 0x75, 0x68, 0x21, 0x23,
+        0x30, 0x05, 0x81, 0x17, 0x72, 0x66, 0x88, 0x71,
+        0x50, 0x25, 0x03, 0x51, 0x42, 0x27, 0x20, 0x81,
+        0x03, 0x52, 0x73, 0x53, 0x63, 0x57, 0x13, 0x60,
+        0x41, 0x20, 0x47, 0x12, 0x55, 0x57, 0x58, 0x16,
+        0x38, 0x63, 0x21, 0x34, 0x51, 0x76, 0x33, 0x26,
+        0x70, 0x41, 0x18, 0x11, 0x07, 0x37, 0x16, 0x12,
+        0x01, 0x14, 0x28, 0x56, 0x78, 0x10, 0x86, 0x24,
+        0x24, 0x32, 0x01, 0x13, 0x57, 0x53, 0x46, 0x46,
+        0x24, 0x05, 0x20, 0x16, 0x56, 0x83, 0x30, 0x30,
+        0x61, 0x20, 0x75, 0x07, 0x05, 0x74, 0x14, 0x17,
+        0x43, 0x72, 0x23, 0x04, 0x18, 0x61, 0x50, 0x13,
+        0x67, 0x31, 0x75, 0x36, 0x71, 0x02, 0x38, 0x74,
+        0x21, 0x80, 0x20, 0x48, 0x66, 0x23, 0x52, 0x54,
+        0x77, 0x27, 0x45, 0x73, 0x23, 0x88, 0x60, 0x50,
+        0x88, 0x82, 0x70, 0x23, 0x72, 0x08, 0x44, 0x66,
+        0x44, 0x36, 0x12, 0x57, 0x66, 0x14, 0x25, 0x12,
+        0x17, 0x34, 0x64, 0x82, 0x01, 0x54, 0x61, 0x57,
+        0x50, 0x31, 0x65, 0x64, 0x75, 0x44, 0x76, 0x48,
+        0x16, 0x44, 0x46, 0x55, 0x80, 0x64, 0x26, 0x53,
+        0x27, 0x22, 0x10, 0x87, 0x84, 0x03, 0x15, 0x35,
+        0x15, 0x20, 0x86, 0x14, 0x04, 0x03, 0x26, 0x43,
+        0x31, 0x43, 0x31, 0x45, 0x46, 0x34, 0x36, 0x87,
+        0x44, 0x41, 0x21, 0x77, 0x61, 0x20, 0x85, 0x06,
+        0x28, 0x51, 0x15, 0x62, 0x77, 0x20, 0x38, 0x58,
+        0x78, 0x27, 0x12, 0x22, 0x46, 0x71, 0x51, 0x38,
+        0x11, 0x15, 0x40, 0x03, 0x78, 0x36, 0x15, 0x57,
+        0x34, 0x28, 0x53, 0x21, 0x37, 0x35, 0x04, 0x76,
+        0x00, 0x56, 0x72, 0x48, 0x46, 0x01, 0x56, 0x67,
+        0x62, 0x36, 0x14, 0x51, 0x23, 0x54, 0x32, 0x35,
+        0x82, 0x83, 0x21, 0x60, 0x38, 0x62, 0x21, 0x03,
+        0x62, 0x76, 0x40, 0x34, 0x66, 0x88, 0x50, 0x73,
+        0x00, 0x53, 0x87, 0x31, 0x37, 0x50, 0x11, 0x32,
+        0x86, 0x52, 0x18, 0x64, 0x16, 0x63, 0x48, 0x71,
+        0x70, 0x47, 0x24, 0x85, 0x31, 0x86, 0x60, 0x86,
+        0x33, 0x52, 0x85, 0x82, 0x68, 0x17, 0x70, 0x88,
+        0x84, 0x56, 0x52, 0x77, 0x04, 0x48, 0x22, 0x22,
+        0x54, 0x57, 0x20, 0x31, 0x76, 0x47, 0x26, 0x25,
+        0x04, 0x35, 0x38, 0x44, 0x55, 0x21, 0x14, 0x02,
+        0x13, 0x64, 0x74, 0x87, 0x68, 0x68, 0x73, 0x05,
+        0x22, 0x45, 0x54, 0x45, 0x83, 0x46, 0x64, 0x54,
+        0x80, 0x07, 0x32, 0x87, 0x52, 0x43, 0x54, 0x54,
+        0x14, 0x73, 0x24, 0x87, 0x36, 0x41, 0x74, 0x84,
+        0x06, 0x35, 0x13, 0x40, 0x61, 0x54, 0x21, 0x31,
+        0x48, 0x63, 0x05, 0x74, 0x24, 0x84, 0x74, 0x76,
+        0x11, 0x10, 0x16, 0x63, 0x77, 0x12, 0x26, 0x61,
+        0x31, 0x28, 0x70, 0x34, 0x25, 0x01, 0x30, 0x76,
+        0x76, 0x06, 0x21, 0x58, 0x42, 0x87, 0x31, 0x72,
+        0x76, 0x03, 0x76, 0x26, 0x78, 0x05, 0x88, 0x25,
+        0x25, 0x86, 0x17, 0x02, 0x85, 0x88, 0x76, 0x20,
+        0x36, 0x57, 0x30, 0x81, 0x83, 0x61, 0x05, 0x80,
+        0x21, 0x45, 0x74, 0x01, 0x12, 0x74, 0x51, 0x28,
+        0x77, 0x26, 0x30, 0x14, 0x54, 0x84, 0x13, 0x78,
+        0x06, 0x00, 0x12, 0x64, 0x00, 0x37, 0x44, 0x68,
+        0x40, 0x57, 0x05, 0x27, 0x07, 0x41, 0x56, 0x22,
+        0x31, 0x40, 0x23, 0x26, 0x55, 0x42, 0x55, 0x16,
+        0x02, 0x65, 0x32, 0x16, 0x33, 0x44, 0x46, 0x48,
+        0x04, 0x52, 0x06, 0x53, 0x44, 0x40, 0x11, 0x28,
+        0x46, 0x67, 0x56, 0x81, 0x72, 0x75, 0x51, 0x38,
+        0x21, 0x86, 0x46, 0x03, 0x22, 0x87, 0x21, 0x70,
+        0x68, 0x50, 0x75, 0x13, 0x11, 0x44, 0x35, 0x12,
+        0x60, 0x02, 0x13, 0x47, 0x18, 0x38, 0x78, 0x86,
+        0x38, 0x58, 0x45, 0x57, 0x23, 0x03, 0x88, 0x66,
+        0x56, 0x82, 0x18, 0x31, 0x20, 0x08, 0x61, 0x47,
+        0x78, 0x08, 0x68, 0x37, 0x21, 0x04, 0x65, 0x47,
+        0x58, 0x70, 0x34, 0x58, 0x73, 0x24, 0x22, 0x30,
+        0x66, 0x05, 0x01, 0x28, 0x87, 0x85, 0x77, 0x74,
+        0x23, 0x86, 0x65, 0x84, 0x85, 0x57, 0x85, 0x63,
+        0x06, 0x55, 0x61, 0x75, 0x46, 0x22, 0x87, 0x00,
+        0x18, 0x53, 0x08, 0x03, 0x07, 0x50, 0x42, 0x70,
+        0xFC, 0xB8, 0x7B, 0x22, 0x3D, 0x24, 0xAE, 0x5D,
+        0xB1, 0x89, 0x04, 0x21, 0xC3, 0xFF, 0x1D, 0x59,
+        0xB8, 0x4B, 0x19, 0xE2, 0x4D, 0x14, 0x36, 0x99,
+        0x19, 0x1C, 0x7E, 0x9A, 0x46, 0x48, 0x42, 0x20,
+        0x6B, 0xBA, 0x24, 0x7E, 0x8C, 0x6B, 0x27, 0xBA,
+        0x26, 0xE6, 0x8A, 0xD5, 0xA7, 0x1D, 0x03, 0x61,
+        0xCD, 0x5C, 0x74, 0xCE, 0x50, 0xC2, 0xCE, 0xF1,
+        0x91, 0x31, 0xEF, 0x54, 0x66, 0x23, 0x7F, 0xFE,
+        0xF7, 0xFE, 0x6B, 0x5F, 0xD1, 0x98, 0x23, 0x8E,
+        0x1C, 0xA0, 0xB1, 0x01, 0x30, 0xC6, 0x29, 0xCC,
+        0x91, 0x91, 0xF5, 0x78, 0x6F, 0x5C, 0xD6, 0x28,
+        0xA4, 0x22, 0x56, 0xCB, 0x6F, 0xC7, 0xD7, 0x09,
+        0x56, 0x88, 0xAF, 0x1B, 0xC8, 0x43, 0x51, 0xA4,
+        0x7B, 0x4B, 0x38, 0x2E, 0xF6, 0x1F, 0xD6, 0x5C,
+        0x9E, 0xC2, 0x26, 0xF4, 0x2B, 0x0A, 0x19, 0x7C,
+        0x6A, 0xD8, 0xF0, 0xB0, 0x15, 0xD0, 0xB1, 0xC7,
+        0xE0, 0x14, 0x28, 0x95, 0x6A, 0x9B, 0xB2, 0xDE,
+        0x9A, 0x97, 0xE5, 0x75, 0x66, 0xF8, 0xF5, 0x66,
+        0x86, 0xA1, 0xF4, 0x68, 0x0C, 0xEC, 0xEA, 0x87,
+        0x3B, 0x69, 0x1C, 0xF8, 0xBD, 0x63, 0xAB, 0x73,
+        0x73, 0xBA, 0xE8, 0x09, 0x5B, 0xA7, 0x76, 0x3E,
+        0x50, 0xD6, 0x83, 0x9D, 0x00, 0x35, 0xBB, 0xFB,
+        0x91, 0xBA, 0x60, 0x72, 0x17, 0x98, 0xFB, 0x2C,
+        0x80, 0x2C, 0x60, 0x3A, 0x08, 0xA1, 0x24, 0x05,
+        0xE0, 0xB5, 0x20, 0xEA, 0x41, 0x43, 0x8F, 0xEA,
+        0xEF, 0xA5, 0x62, 0xDC, 0x78, 0x92, 0xF4, 0x58,
+        0x9F, 0x8D, 0x2B, 0x96, 0x5E, 0xE5, 0x49, 0x73,
+        0xA7, 0x2C, 0x8D, 0x33, 0x5C, 0x62, 0x61, 0x98,
+        0x80, 0x64, 0x13, 0x31, 0x03, 0x10, 0xE3, 0x2E,
+        0xFE, 0x6B, 0x39, 0xB5, 0xCF, 0xB1, 0xD1, 0x33,
+        0xAD, 0xE0, 0x1B, 0xCE, 0x94, 0x21, 0x6C, 0xF4,
+        0xCD, 0x8F, 0x86, 0x43, 0x03, 0x1D, 0xB8, 0xC2,
+        0x47, 0xB5, 0x73, 0x21, 0xCA, 0x1E, 0xFB, 0xB8,
+        0x53, 0x63, 0x7D, 0x0C, 0x57, 0x52, 0x14, 0xFC,
+        0x77, 0xA5, 0xA6, 0x84, 0xD5, 0x0A, 0xBF, 0xE4,
+        0xE9, 0x71, 0x99, 0x8E, 0x06, 0x6E, 0x50, 0x24,
+        0xDA, 0x02, 0x76, 0x8A, 0xED, 0xE1, 0x3E, 0x83,
+        0xF0, 0x51, 0x54, 0xA9, 0x99, 0x29, 0x48, 0x42,
+        0x7A, 0xA9, 0x8C, 0x87, 0x42, 0x51, 0xAF, 0x56,
+        0x94, 0x23, 0x53, 0x89, 0x44, 0xFA, 0xD8, 0x93,
+        0xFC, 0x65, 0x6E, 0x9C, 0xED, 0x80, 0x6A, 0x85,
+        0xD9, 0xC3, 0x36, 0x71, 0x02, 0x25, 0x29, 0x36,
+        0x8E, 0x7E, 0xC7, 0x0C, 0x9E, 0xE9, 0x74, 0x30,
+        0x1C, 0x08, 0xCB, 0xE6, 0xAC, 0x5E, 0x88, 0xE6,
+        0x37, 0x79, 0x5C, 0xB2, 0xA2, 0x15, 0xFF, 0xAA,
+        0x08, 0xED, 0xDE, 0x40, 0xAC, 0xFA, 0xEE, 0x2A,
+        0x40, 0xD5, 0x05, 0xCF, 0x58, 0xA6, 0x69, 0x66,
+        0x31, 0x5A, 0x68, 0x98, 0x24, 0x03, 0xD8, 0x1B,
+        0xFA, 0x89, 0xE3, 0x7C, 0x9E, 0x42, 0x1D, 0xA5,
+        0x88, 0xBA, 0x7E, 0x42, 0x2A, 0xC7, 0x44, 0x6A,
+        0x1E, 0x61, 0xC8, 0x22, 0x29, 0x9D, 0xFC, 0x34,
+        0xEC, 0xFA, 0xBE, 0x5C, 0xB6, 0x26, 0xB9, 0x6C,
+        0x8E, 0xA6, 0xC9, 0x3B, 0xDB, 0xD2, 0xD5, 0xBD,
+        0x70, 0xC5, 0xF8, 0x26, 0x7A, 0x84, 0xE0, 0x07,
+        0xA7, 0x11, 0x5E, 0x5B, 0xE5, 0xF1, 0x20, 0x32,
+        0xA3, 0x7C, 0xAB, 0x05, 0xD5, 0x41, 0xE3, 0xDE,
+        0xA5, 0x1A, 0x83, 0x2E, 0xDE, 0x8D, 0x34, 0x9A,
+        0xFD, 0xD5, 0xE6, 0xFC, 0xFC, 0x83, 0x46, 0xE3,
+        0xD4, 0x7C, 0xF1, 0x7F, 0xEA, 0x87, 0x5E, 0x38,
+        0x5D, 0xB9, 0x8A, 0xC2, 0xDB, 0xE8, 0xB4, 0xF8,
+        0x05, 0x37, 0x31, 0x0D, 0xD9, 0x4C, 0xD0, 0xB6,
+        0x25, 0xE9, 0x97, 0x85, 0xDB, 0x04, 0x9A, 0x01,
+        0xF5, 0x4B, 0xA1, 0xF4, 0x2A, 0xDF, 0xEC, 0xAE,
+        0x24, 0x11, 0xD3, 0x2B, 0x2F, 0x84, 0x6C, 0x88,
+        0xA3, 0x0C, 0x76, 0xEA, 0x0A, 0x38, 0xB2, 0x71,
+        0xB6, 0xAC, 0xA8, 0x23, 0x6E, 0x61, 0xEB, 0xB8,
+        0x4A, 0x9D, 0xC4, 0x9E, 0x5C, 0x5B, 0xEE, 0x7E,
+        0x7D, 0x8D, 0xA2, 0xC1, 0xA1, 0xA0, 0xA3, 0x14,
+        0x50, 0xE0, 0x8F, 0xAB, 0xBB, 0x1B, 0x1F, 0x05,
+        0xAA, 0xE3, 0x00, 0xD8, 0xCD, 0xE7, 0x35, 0xB4,
+        0x7B, 0xBD, 0xB0, 0x5C, 0xCC, 0x0C, 0x05, 0x33,
+        0x6B, 0xE4, 0x51, 0x73, 0x1B, 0x6B, 0x77, 0x7B,
+        0xE5, 0xCB, 0xAF, 0x98, 0x53, 0x5F, 0x7E, 0x08,
+        0xFF, 0xCD, 0x8A, 0x44, 0x9E, 0x1D, 0x43, 0x6A,
+        0x4F, 0x05, 0x99, 0x01, 0xF5, 0x6F, 0x01, 0x30,
+        0xBD, 0x15, 0xD7, 0x51, 0x16, 0x45, 0x40, 0x6B,
+        0xF3, 0x13, 0xCA, 0x1F, 0x22, 0x02, 0xA4, 0xA8,
+        0x6A, 0x1D, 0x04, 0x7F, 0xD5, 0x8A, 0x3E, 0x87,
+        0x7F, 0x1D, 0x5A, 0x79, 0x75, 0xD1, 0x6D, 0x67,
+        0xB3, 0x23, 0xC6, 0x28, 0x7B, 0x9C, 0xCE, 0xEE,
+        0x98, 0x9E, 0xE8, 0x44, 0xA9, 0x3E, 0x7E, 0xFD,
+        0x3B, 0xD9, 0xD8, 0x31, 0x6D, 0xA3, 0x77, 0xDF,
+        0x0B, 0xB9, 0xE2, 0x61, 0xA2, 0x71, 0xD5, 0x0C,
+        0xB7, 0x01, 0x67, 0xC3, 0x0D, 0x19, 0x2D, 0xAA,
+        0xDE, 0x96, 0x0E, 0xEA, 0x33, 0x5E, 0xEC, 0x52,
+        0xE5, 0x2D, 0x95, 0x39, 0xE1, 0xF9, 0x5D, 0x9E,
+        0xB6, 0x5E, 0x54, 0x8F, 0x16, 0x60, 0x99, 0xED,
+        0x88, 0x2C, 0x30, 0x72, 0x53, 0x6A, 0x6C, 0xAA,
+        0x05, 0x21, 0xA5, 0xAA, 0x7C, 0x64, 0x72, 0xA0,
+        0xC0, 0x4F, 0x80, 0xDA, 0x20, 0x5D, 0x52, 0x18,
+        0x77, 0x07, 0xDF, 0x5C, 0x2F, 0x2E, 0xA2, 0x5F,
+        0xEF, 0x00, 0xCA, 0x7B, 0xF0, 0xD3, 0xB7, 0xF8,
+        0x1E, 0x31, 0x9E, 0x61, 0xCA, 0x2C, 0xC5, 0xA5,
+        0x25, 0xA2, 0x7B, 0x56, 0xAA, 0xBA, 0xE4, 0xD5,
+        0x35, 0xE5, 0xEC, 0x24, 0x2D, 0x81, 0x1A, 0x24,
+        0xD7, 0x45, 0x76, 0xBF, 0x4B, 0x8A, 0x72, 0xFA,
+        0x5F, 0xAE, 0xC1, 0xA2, 0x83, 0xB6, 0x1D, 0x60,
+        0x28, 0x7E, 0x1E, 0x2E, 0xC8, 0xC6, 0xAB, 0x04,
+        0x56, 0x5F, 0xD5, 0xCD, 0x64, 0x26, 0x34, 0x94,
+        0xE8, 0x03, 0x41, 0x63, 0x35, 0x5B, 0x45, 0x84,
+        0xCE, 0xFA, 0x0B, 0x66, 0x40, 0x85, 0x1A, 0xE1,
+        0x23, 0xE9, 0x8F, 0xBD, 0xA9, 0x23, 0xFC, 0xA3,
+        0x8E, 0x38, 0xB3, 0x84, 0xE2, 0xB9, 0x54, 0x41,
+        0x4B, 0x36, 0x4F, 0xB8, 0xB0, 0x87, 0x56, 0x04,
+        0x8B, 0x75, 0xC7, 0x85, 0x31, 0xD4, 0xA5, 0x12,
+        0x99, 0xC4, 0x9D, 0xEA, 0x4B, 0x36, 0x8C, 0x19,
+        0x82, 0xFE, 0xAD, 0x4A, 0xB1, 0xAA, 0x52, 0x35,
+        0xA4, 0xA1, 0x7F, 0xB0, 0x64, 0x6F, 0x04, 0x04,
+        0x7B, 0xF0, 0x80, 0x48, 0xA1, 0x1C, 0xF8, 0x95,
+        0x8B, 0x68, 0x34, 0xB7, 0xFD, 0x00, 0x31, 0x30,
+        0x6A, 0x39, 0xC8, 0xAE, 0x68, 0xC3, 0x53, 0x65,
+        0x19, 0x7C, 0x1E, 0x57, 0x97, 0xFC, 0x47, 0x3E,
+        0xB1, 0x94, 0x54, 0x48, 0x6F, 0xEB, 0xAA, 0xEC,
+        0x5C, 0x2E, 0xE9, 0x2C, 0xCC, 0x3A, 0xF3, 0xC7,
+        0x43, 0x08, 0x7D, 0x2D, 0x56, 0x4B, 0x7D, 0xE9,
+        0xE5, 0x96, 0xF3, 0x12, 0x4B, 0xE9, 0x08, 0xF3,
+        0x04, 0x5A, 0x75, 0x1A, 0x7D, 0x7E, 0x37, 0xE6,
+        0xC8, 0xC1, 0xFE, 0xF3, 0x32, 0x63, 0x2D, 0x0B,
+        0xBE, 0x05, 0x13, 0x6A, 0x44, 0x58, 0x7F, 0x54,
+        0x5F, 0x5F, 0xF5, 0x2F, 0xB8, 0x0B, 0xF2, 0xBF,
+        0x0B, 0xF4, 0x30, 0x2F, 0xCF, 0xEC, 0xFE, 0x08,
+        0xEC, 0x51, 0xF2, 0x29, 0xD7, 0xAC, 0x28, 0xE1,
+        0x75, 0x42, 0x61, 0xBC, 0xE7, 0xB1, 0x53, 0x4F,
+        0x7D, 0x3B, 0xB0, 0x8D, 0x01, 0x15, 0x1E, 0xBE,
+        0xEC, 0xD9, 0x54, 0xC2, 0x4E, 0x70, 0x3E, 0xEA,
+        0x39, 0x14, 0x26, 0xB7, 0x01, 0x79, 0x5D, 0x06,
+        0x93, 0x85, 0x99, 0xAA, 0x7D, 0xDC, 0xF9, 0x2E,
+        0x44, 0x56, 0x9B, 0xFA, 0x9D, 0x91, 0x2A, 0x8E,
+        0x89, 0x48, 0x51, 0xE3, 0xD0, 0x53, 0xB3, 0xAD,
+        0x43, 0x29, 0xB7, 0x6A, 0x50, 0xC0, 0x78, 0x4D,
+        0x42, 0xF3, 0x7C, 0x5F, 0x90, 0x06, 0xAC, 0x2A,
+        0x9D, 0x5D, 0xE5, 0x18, 0x3F, 0xA3, 0xC6, 0x5E,
+        0xCD, 0xB6, 0xCF, 0x31, 0x67, 0xA4, 0x7A, 0x8F,
+        0x5C, 0x59, 0xBD, 0xD7, 0x9B, 0x7C, 0x24, 0x06,
+        0x97, 0xE1, 0x59, 0x72, 0x85, 0x02, 0x74, 0xFE,
+        0x41, 0xAD, 0x84, 0xD9, 0x0D, 0xCB, 0x34, 0x16,
+        0x11, 0xE7, 0x66, 0xD2, 0x12, 0xDC, 0x76, 0x3C,
+        0xF9, 0x4C, 0x8C, 0x41, 0x94, 0xCC, 0xA9, 0x1B,
+        0x21, 0x03, 0x28, 0xE4, 0xA3, 0x37, 0x4E, 0x29,
+        0xD2, 0x48, 0x11, 0x2B, 0xB6, 0x68, 0xA3, 0x92,
+        0xC2, 0x0D, 0x87, 0x91, 0x03, 0x76, 0xB5, 0x00,
+        0x1F, 0x3F, 0xFB, 0xBE, 0xC3, 0xE0, 0x08, 0xBF,
+        0x2F, 0x46, 0xF7, 0x40, 0x73, 0x83, 0xA8, 0x0D,
+        0xDA, 0x08, 0x2B, 0xDB, 0x8F, 0xE9, 0x25, 0xE4,
+        0xF1, 0x2B, 0x37, 0x92, 0x27, 0x0E, 0x5A, 0x46,
+        0xB8, 0xC5, 0x7B, 0x6E, 0x5A, 0x4B, 0x95, 0x58,
+        0x4E, 0xF3, 0x80, 0xED, 0x49, 0x93, 0xEC, 0x52,
+        0x9F, 0xF2, 0xAA, 0x39, 0xDD, 0x6D, 0xFE, 0x88,
+        0xFD, 0xEB, 0x6E, 0xDA, 0x0E, 0x8D, 0xA7, 0x95,
+        0x66, 0xB0, 0x7D, 0x37, 0xAE, 0xCC, 0x64, 0x37,
+        0x25, 0x95, 0x18, 0xF9, 0x7E, 0x6C, 0x86, 0x12,
+        0xB3, 0xC3, 0x57, 0x03, 0xBF, 0xF9, 0x92, 0x15,
+        0x3E, 0x66, 0x0E, 0x2E, 0x20, 0x77, 0xA0, 0x5F,
+        0x26, 0x5F, 0xB5, 0x12, 0x1D, 0xD7, 0x9F, 0x0A,
+        0x33, 0xBC, 0x38, 0xEC, 0x83, 0x08, 0xE2, 0xA9,
+        0x84, 0xCD, 0x3D, 0x8A, 0xC6, 0x09, 0x30, 0x6F,
+        0x77, 0x93, 0xD7, 0xDE, 0x08, 0xD8, 0x45, 0xA4,
+        0x21, 0x28, 0x26, 0x4E, 0x5C, 0x17, 0x77, 0x74,
+        0xE3, 0x5D, 0x58, 0x7C, 0x96, 0xB2, 0x47, 0x05,
+        0x42, 0x21, 0x78, 0x5D, 0xB3, 0x8D, 0xDC, 0x6F,
+        0xDB, 0xF7, 0xBF, 0x6F, 0x66, 0x4B, 0xD6, 0x30,
+        0x14, 0xC0, 0xBF, 0x94, 0x2A, 0x83, 0x91, 0x6C,
+        0xBF, 0x2C, 0x42, 0x85, 0x41, 0xED, 0xA2, 0xBB,
+        0xCB, 0xFC, 0xF9, 0x35, 0xDE, 0xFC, 0xB3, 0x63,
+        0xE1, 0x64, 0xAA, 0x51, 0x2D, 0xD5, 0xFA, 0x79,
+        0x53, 0x31, 0x40, 0x0B, 0x9B, 0xD0, 0x3C, 0xE3,
+        0xD7, 0x2D, 0x91, 0x05, 0x62, 0xC3, 0x81, 0xFE,
+        0x93, 0x1E, 0x8C, 0x37, 0x9E, 0x30, 0x23, 0x73,
+        0x3A, 0xB9, 0x18, 0x6E, 0x5D, 0xEF, 0x31, 0xE9,
+        0xF6, 0x25, 0x7F, 0xB8, 0x47, 0x74, 0xCE, 0x28,
+        0x23, 0xD4, 0x4F, 0xC1, 0x42, 0xCB, 0xEB, 0x59,
+        0x8A, 0x68, 0xFD, 0x39, 0x48, 0x37, 0x1A, 0x5D,
+        0x0C, 0x09, 0x64, 0xC6, 0xE1, 0x21, 0x5D, 0x89,
+        0xF6, 0x58, 0xE5, 0x50, 0x4A, 0xD0, 0x93, 0xBC,
+        0x86, 0x02, 0xBA, 0xD2, 0x36, 0x24, 0x9D, 0x7E,
+        0xAF, 0xB6, 0xA1, 0xA0, 0x7C, 0xA7, 0xC7, 0x4D,
+        0xAC, 0x30, 0x7A, 0x70, 0x0F, 0x2F, 0x81, 0x40,
+        0xC1, 0x08, 0x6B, 0x21, 0xF2, 0xE1, 0x51, 0x9C,
+        0x1D, 0x46, 0x94, 0x93, 0x2A, 0x1C, 0x18, 0xCB,
+        0xED, 0x0D, 0x0E, 0x29, 0xDE, 0xFC, 0x52, 0x52,
+        0x97, 0x93, 0x70, 0x85, 0xE2, 0x63, 0x0D, 0xC6,
+        0x2C, 0x0C, 0x05, 0x0C, 0x4F, 0xF2, 0x70, 0x87,
+        0x2B, 0xE7, 0xBB, 0x52, 0x2D, 0xD6, 0x99, 0x1B,
+        0x59, 0x6F, 0xC2, 0x92, 0x11, 0x72, 0x5D, 0x99,
+        0x60, 0xB1, 0x6A, 0x52, 0xEA, 0x91, 0x78, 0x19,
+        0x23, 0xC0, 0x3B, 0x71, 0x9D, 0x09, 0xD6, 0xE7,
+        0x10, 0x6D, 0xC5, 0x70, 0x55, 0xC1, 0x9E, 0xF8,
+        0x76, 0xE5, 0xEC, 0x23, 0x17, 0xE7, 0xE4, 0x23,
+        0xC9, 0x71, 0x45, 0x40, 0x72, 0x01, 0x9E, 0x28,
+        0xE6, 0x5C, 0x81, 0xED, 0x52, 0x7A, 0xF1, 0x89,
+        0xBD, 0xFC, 0xF5, 0x21, 0xC9, 0x23, 0x40, 0x75,
+        0x54, 0xAC, 0xBF, 0x69, 0x45, 0xD1, 0x85, 0x44,
+        0x3D, 0xAC, 0x1A, 0x1A, 0x08, 0x8A, 0x68, 0xB5,
+        0x17, 0xD5, 0xD9, 0x90, 0xE1, 0x10, 0x30, 0xDE,
+        0x4F, 0x75, 0x09, 0xE8, 0x7A, 0x77, 0xB3, 0x7C,
+        0xF2, 0x0A, 0x78, 0xE2, 0xCD, 0x48, 0x94, 0x17,
+        0x3C, 0x32, 0xA3, 0x27, 0x35, 0x51, 0x16, 0xB7,
+        0x18, 0x51, 0x44, 0x42, 0x65, 0x60, 0x6A, 0x0A,
+        0x9A, 0x6D, 0x94, 0x61, 0xCC, 0x5D, 0xD8, 0x3B,
+        0x52, 0x7E, 0x4D, 0xBD, 0x6A, 0xEE, 0x03, 0x3D,
+        0x66, 0x1C, 0x3D, 0xE8, 0xC1, 0x82, 0x97, 0xE5,
+        0xD1, 0x31, 0xDB, 0xC8, 0xF6, 0x96, 0xE9, 0x47,
+        0xC9, 0x5C, 0x71, 0x77, 0x2B, 0x62, 0x44, 0x74,
+        0x4D, 0x06, 0x1E, 0x14, 0x45, 0x3B, 0x9F, 0xB1,
+        0x17, 0x34, 0x80, 0x2D, 0xBA, 0x6F, 0x81, 0x79,
+        0xB8, 0x0D, 0xAC, 0xFE, 0xB6, 0xBA, 0xDF, 0xD1,
+        0x4E, 0x05, 0x76, 0x73, 0x6F, 0x80, 0x10, 0xC5,
+        0x32, 0x87, 0xA3, 0xD3, 0x93, 0x18, 0x79, 0xEF,
+        0x27, 0x3B, 0xBF, 0xCD, 0xB5, 0xDE, 0x5B, 0x88,
+        0xAF, 0x51, 0xFD, 0x8A, 0x8C, 0x8F, 0x0A, 0x58,
+        0x94, 0xE2, 0x25, 0xDF, 0xE8, 0x73, 0xFC, 0xC0,
+        0x3C, 0xB1, 0xC9, 0xB5, 0x78, 0x25, 0xF1, 0x11,
+        0x75, 0xC8, 0x7D, 0x08, 0x78, 0xB9, 0xE6, 0x15,
+        0x6B, 0x40, 0x1B, 0x2F, 0xBE, 0x30, 0x03, 0x6B,
+        0xFC, 0x7D, 0xB1, 0x00, 0x02, 0x71, 0xB7, 0xFF,
+        0x5D, 0x63, 0xA8, 0x09, 0x50, 0x75, 0xEF, 0xBD,
+        0x34, 0xEE, 0x73, 0xDE, 0x60, 0x14, 0x95, 0x2D,
+        0x15, 0xBC, 0x30, 0x23, 0x07, 0x02, 0xD8, 0x7C,
+        0x9A, 0x96, 0xD5, 0xE9, 0xF1, 0xF0, 0xF9, 0x26,
+        0x25, 0x96, 0xAA, 0x58, 0xB7, 0xE4, 0x1A, 0xD9,
+        0xA0, 0x9E, 0xAD, 0xB9, 0x44, 0xB6, 0x3F, 0xD9,
+        0x8B, 0x34, 0x7D, 0x11, 0xBD, 0x52, 0x97, 0xC3,
+        0xBE, 0x28, 0x23, 0x85, 0x9F, 0x2F, 0x35, 0xA4,
+        0xE5, 0x4E, 0x13, 0x68, 0x89, 0x09, 0xC3, 0x1A,
+        0x83, 0xE7, 0xDE, 0xCE, 0x4B, 0xDF, 0x31, 0x03,
+        0x9C, 0x72, 0xBA, 0x54, 0xA1, 0x20, 0x2D, 0x17,
+        0x2A, 0x6B, 0x8A, 0x2C, 0xE9, 0x6D, 0xED, 0xCA,
+        0x5B, 0x24, 0xF7, 0xB9, 0x42, 0xC1, 0x4E, 0x13,
+        0x3D, 0xAA, 0x8A, 0xB8, 0xCB, 0xD2, 0x4C, 0x1F,
+        0x0B, 0xBE, 0xB1, 0x27, 0x97, 0x67, 0x26, 0x72,
+        0xE2, 0x2C, 0xE6, 0xC2, 0x12, 0x37, 0xB2, 0x79,
+        0x7D, 0x8E, 0x54, 0xCC, 0x8F, 0xC7, 0x6C, 0x43,
+        0xB4, 0x75, 0x29, 0x66, 0xA3, 0xA4, 0x09, 0x44,
+        0xE7, 0x2D, 0x37, 0x3F, 0x0D, 0x3E, 0x84, 0xF9,
+        0xA3, 0x30, 0x1E, 0xAE, 0x9E, 0xDA, 0x35, 0x44,
+        0x4B, 0x1E, 0x49, 0xE6, 0x61, 0x18, 0x20, 0x6A,
+        0x56, 0xEB, 0x46, 0xD4, 0x8D, 0x20, 0x95, 0x4A,
+        0x77, 0x9A, 0x1E, 0x74, 0xE3, 0xE3, 0xB2, 0xBD,
+        0x40, 0x3D, 0x46, 0xB3, 0x35, 0x10, 0x11, 0xCB,
+        0x6F, 0x8A, 0x86, 0x72, 0xB2, 0xF3, 0xD9, 0x90,
+        0x31, 0x47, 0x55, 0x77, 0x6C, 0xE3, 0x23, 0x7F,
+        0x0A, 0x50, 0xE7, 0x71, 0x20, 0x53, 0x09, 0xC0,
+        0x5D, 0x9A, 0x78, 0xD3, 0x68, 0x88, 0xA8, 0x3B,
+        0xAD, 0x78, 0xE8, 0x6E, 0xDF, 0x36, 0xA8, 0x8D,
+        0xC7, 0x1C, 0x5F, 0x11, 0x56, 0x83, 0x90, 0xD0,
+        0xB5, 0x92, 0x02, 0xE2, 0x9E, 0xE1, 0x1E, 0xCB,
+        0x9F, 0x56, 0x89, 0x63, 0xE8, 0x17, 0x70, 0x83,
+        0x9F, 0xF2, 0x39, 0xAD, 0x03, 0x15, 0x6C, 0xC0,
+        0x71, 0xE8, 0xB7, 0x40, 0x15, 0x95, 0xEC, 0xEE,
+        0x62, 0x34, 0xAC, 0x34, 0xB7, 0x11, 0x70, 0x3D,
+        0x68, 0xC6, 0x7A, 0x28, 0x83, 0xBE, 0x9C, 0x18,
+        0xAB, 0x7F, 0x1A, 0x1B, 0x2E, 0x5C, 0x90, 0xA2,
+        0x32, 0x3C, 0xDF, 0x1E, 0xD4, 0x98, 0x50, 0xB8,
+        0x39, 0x38, 0x19, 0x2F, 0x62, 0x8C, 0x9E, 0xF6,
+        0x5B, 0x77, 0x93, 0x95, 0xEE, 0x37, 0x34, 0xC7,
+        0xA9, 0x01, 0xF7, 0x47, 0x38, 0x86, 0xD7, 0x12,
+        0xD2, 0x15, 0x41, 0x68, 0x16, 0xC3, 0x01, 0x6C,
+        0xC2, 0x83, 0x83, 0xD4, 0x78, 0x7B, 0x46, 0xF6,
+        0x89, 0xDC, 0xE1, 0x11, 0xDA, 0x4D, 0xB8, 0xAC,
+        0x10, 0xE8, 0x4F, 0x66, 0xA5, 0xC2, 0xBD, 0xA1,
+        0xB3, 0xFC, 0x97, 0x7F, 0x6A, 0x0F, 0x73, 0x2E,
+        0xDA, 0x4F, 0x69, 0xB9, 0x75, 0x51, 0xA4, 0xB8,
+        0xB2, 0x61, 0xD6, 0x88, 0x71, 0x94, 0xD3, 0xAF,
+        0xE7, 0xF4, 0xB8, 0x7F, 0xB3, 0xD4, 0x1A, 0xC6,
+        0xDC, 0xDB, 0x8F, 0xD3, 0x9B, 0xE5, 0x0F, 0x2F,
+        0x38, 0x2B, 0xAA, 0x4D, 0x19, 0xC7, 0x45, 0x0A,
+        0xB3, 0xA1, 0xAC, 0x4C, 0x63, 0xCF, 0x93, 0x0A,
+        0xAA, 0x51, 0x7A, 0x15, 0xD5, 0xC0, 0xD5, 0x49,
+        0xFE, 0x03, 0x22, 0x00, 0x71, 0xD3, 0x69, 0x22,
+        0x3E, 0x51, 0x29, 0x6E, 0xCB, 0xF8, 0x0D, 0xCD,
+        0x79, 0xFB, 0xDF, 0xB8, 0xDF, 0x62, 0x90, 0x4D,
+        0x5A, 0x36, 0x20, 0x0F, 0x29, 0xCC, 0x47, 0xE8,
+        0x0C, 0x86, 0x15, 0xEF, 0x1B, 0x78, 0xDB, 0xB2,
+        0x6A, 0x1A, 0xA7, 0xA6, 0x6E, 0x4D, 0x9A, 0x51,
+        0xC9, 0x72, 0xAC, 0x9C, 0x94, 0xEA, 0xB9, 0x95,
+        0x14, 0xB5, 0xAD, 0xAE, 0x62, 0x51, 0xE8, 0xAA,
+        0x30, 0xA5, 0xE5, 0x87, 0x42, 0x4E, 0x3B, 0x7B,
+        0xCC, 0x42, 0xEB, 0xE7, 0x33, 0x3D, 0x92, 0x10,
+        0x97, 0x26, 0x53, 0xF8, 0x11, 0x8B, 0x83, 0xAB,
+        0xE1, 0xBF, 0x7E, 0x9E, 0xE9, 0xCD, 0xAC, 0x28,
+        0x99, 0x7D, 0x14, 0x4C, 0x34, 0xDE, 0xA6, 0x5B,
+        0x59, 0x51, 0x2C, 0x73, 0x29, 0x27, 0xDB, 0xA8,
+        0x20, 0x7D, 0x56, 0x91, 0x98, 0x47, 0x21, 0xB7,
+        0x27, 0x9A, 0xFC, 0xDD, 0xE0, 0x6A, 0x6B, 0xD2,
+        0x68, 0x0E, 0xBB, 0x9B, 0x2E, 0x3C, 0xFE, 0xE9,
+        0xA6, 0x6D, 0x73, 0xD0, 0xC0, 0xDE, 0xD6, 0x53,
+        0x70, 0x8B, 0x09, 0x0B, 0x82, 0x30, 0x65, 0xF9,
+        0x70, 0x78, 0x49, 0xE3, 0xB3, 0x7D, 0x41, 0x25,
+        0xCA, 0x69, 0x3E, 0x74, 0x2E, 0x02, 0x3F, 0x05,
+        0x8A, 0xDC, 0x95, 0x07, 0x9B, 0xB0, 0x0C, 0x56,
+        0xBE, 0x0D, 0x2F, 0x07, 0x81, 0x82, 0xEF, 0xAB,
+        0x30, 0x72, 0xB0, 0xFD, 0x09, 0x76, 0x7B, 0x8A,
+        0x13, 0xC2, 0x80, 0x5A, 0x75, 0x91, 0xB5, 0xB2,
+        0xE1, 0x24, 0x75, 0xB5, 0xC8, 0x24, 0xDB, 0xEB,
+        0x15, 0x79, 0x30, 0xAB, 0x38, 0x9F, 0x91, 0x5F,
+        0xCC, 0xEC, 0x8F, 0x48, 0x64, 0x7E, 0xE4, 0xB6,
+        0x6A, 0xB6, 0xB5, 0x36, 0xC2, 0x2D, 0xE3, 0xE5,
+        0xEE, 0x4A, 0xBB, 0x42, 0xF8, 0xE0, 0x00, 0x9A,
+        0xF0, 0x45, 0x54, 0xF1, 0x28, 0xAC, 0xA3, 0xCC,
+        0xE4, 0x03, 0xBB, 0x01, 0xFD, 0xB7, 0xB5, 0xE2,
+        0xA7, 0x2B, 0x82, 0x91, 0x1C, 0x1F, 0xD0, 0x65,
+        0x23, 0xFF, 0x90, 0x19, 0x21, 0x41, 0xC6, 0x89,
+        0xEC, 0xCB, 0x0B, 0xE6, 0x1B, 0x4C, 0x6D, 0x77,
+        0x06, 0x29, 0x59, 0x02, 0x18, 0xA4, 0x01, 0x1A,
+        0x68, 0xB8, 0x6F, 0xF5, 0x0D, 0x23, 0x03, 0x9C,
+        0x9B, 0xCD, 0x43, 0x61, 0xF6, 0x98, 0x0A, 0x60,
+        0xEF, 0x88, 0xD1, 0x44, 0x0D, 0x30, 0x4C, 0x5B,
+        0x4B, 0x52, 0xD6, 0xED, 0xC2, 0x91, 0x12, 0xDC,
+        0x3A, 0x8A, 0xF2, 0x85, 0x89, 0xE8, 0xF6, 0x29,
+        0x48, 0xED, 0xB6, 0xBE, 0x76, 0x64, 0x6D, 0x59,
+        0x66, 0x06, 0xB9, 0xE7, 0x05, 0xFE, 0xE3, 0xF1,
+        0x44, 0xA0, 0x7B, 0xC9, 0xED, 0x1D, 0x40, 0x0C
+    };
+    static const byte msg_65[] = {
+        0x88, 0x5A, 0x0B, 0xDD, 0x8D, 0xE7, 0x4B, 0xC7,
+        0x11, 0x69, 0x0A, 0xA6, 0x14, 0xDD, 0xA5, 0x32,
+        0xF4, 0xD8, 0xC7, 0xEA, 0x2C, 0x27, 0x85, 0x5A,
+        0x57, 0x8E, 0x63, 0x61, 0xCA, 0xAE, 0x2C, 0x0B,
+        0xF7, 0xE7, 0x73, 0xB4, 0x90, 0x0A, 0x32, 0x93,
+        0x12, 0x1A, 0x6E, 0x0D, 0xD6, 0x10, 0x10, 0x7A,
+        0x7A, 0x65, 0xBD, 0x6E, 0x11, 0xF6, 0x19, 0xFC,
+        0x0E, 0x9C, 0xE7, 0xBF, 0x7B, 0x5D, 0xE1, 0x80,
+        0x76, 0xE1, 0xB7, 0x25, 0x57, 0x20, 0x97, 0xB2,
+        0x47, 0xD8, 0xE0, 0x46, 0x24, 0x94, 0xF6, 0x3F,
+        0x4E, 0xDF, 0xBE, 0xAC, 0x2F, 0xA2, 0xEC, 0xAE,
+        0x0C, 0xCA, 0xD4, 0x28, 0xBD, 0x79, 0x6C, 0xF2,
+        0x60, 0x92, 0xA1, 0xCD, 0x50, 0x5F, 0x59, 0x39,
+        0x11, 0xED, 0x10, 0xFD, 0xA4, 0x26, 0xC7, 0xE3,
+        0xC5, 0xA4, 0x39, 0xE8, 0x50, 0x42, 0x13, 0x18,
+        0xAE, 0x07, 0x85, 0xB0, 0x5A, 0xA9, 0x9F, 0x58,
+        0xD6, 0x85, 0x6D, 0xEB, 0x78, 0xBB, 0xE4, 0x88,
+        0xC7, 0x0E, 0xEE, 0x42, 0xBB, 0x9A, 0xB5, 0x92,
+        0x7B, 0x2E, 0xD2, 0x5C, 0xD1, 0x43, 0x77, 0xCD,
+        0x7E, 0x1A, 0x88, 0x34, 0xE8, 0x21, 0x48, 0x00,
+        0x2F, 0xCB, 0x98, 0x5A, 0xB9, 0x43, 0x12, 0x97,
+        0x01, 0x0B, 0x2B, 0xC7, 0x0F, 0x91, 0x32, 0x37,
+        0x3C, 0x6D, 0xD2, 0xA2, 0xA9, 0xCF, 0x24, 0x6F,
+        0xE0, 0x26, 0x2E, 0x8B, 0x53, 0xE6, 0x93, 0xF3,
+        0xD6, 0xFE, 0xD3, 0xED, 0xD1, 0xF2, 0x00, 0x4E,
+        0xD1, 0x7C, 0x2C, 0xF5, 0xB2, 0x57, 0xF4, 0xAD,
+        0xA5, 0xDC, 0x1A, 0x7C, 0x15, 0x1F, 0xFE, 0x03,
+        0xB9, 0x6A, 0x4D, 0xB9, 0x91, 0xE4, 0x13, 0x2D,
+        0x01, 0xDE, 0x1F, 0x03, 0x3E, 0xD8, 0x13, 0x57,
+        0xEA, 0xE7, 0xC1, 0xA8, 0xD2, 0xDD, 0xD9, 0x2D,
+        0xDF, 0xC0, 0x6F, 0x67, 0x13, 0x94, 0xD2, 0xF6,
+        0x02, 0x12, 0xC6, 0xE4, 0x49, 0xEA, 0x35, 0x93,
+        0x24, 0xFE, 0xD3, 0x8C, 0x84, 0xD3, 0x6D, 0x15,
+        0x43, 0x2E, 0x11, 0xE7, 0x15, 0x00, 0x15, 0x80,
+        0x4F, 0x97, 0xA3, 0xC6, 0x77, 0x38, 0x2C, 0xD4,
+        0x6A, 0xA4, 0xD7, 0xAC, 0xEE, 0x56, 0x86, 0xFB,
+        0xCE, 0xD7, 0xA9, 0xE8, 0x5D, 0x29, 0xC4, 0x83,
+        0x86, 0xE6, 0x9F, 0x40, 0x69, 0x3D, 0x9A, 0xDA,
+        0xBE, 0xB4, 0x3B, 0xD0, 0xE5, 0x03, 0x6A, 0xCD,
+        0xE6, 0x31, 0xB5, 0x49, 0x57, 0xF4, 0xFC, 0xE2,
+        0x6F, 0x7A, 0x24, 0xB0, 0xDA, 0xD4, 0x34, 0x8A,
+        0x67, 0x89, 0xCA, 0xE1, 0x06, 0x13, 0x06, 0x20,
+        0xED, 0x2F, 0xA0, 0xEA, 0x38, 0xF5, 0x75, 0xF2,
+        0x87, 0x83, 0xBC, 0x92, 0xB3, 0x2B, 0x0C, 0x51,
+        0xC8, 0xA6, 0x54, 0x6F, 0x5D, 0x88, 0x09, 0x5F,
+        0x9F, 0x73, 0xC6, 0x5B, 0xF6, 0xF2, 0x51, 0xA2,
+        0xC4, 0x69, 0x74, 0x64, 0x45, 0xC5, 0x88, 0xC3,
+        0xEA, 0x81, 0x39, 0xE4, 0x33, 0xD4, 0xFE, 0x2D,
+        0xE4, 0xC0, 0xD3, 0x58, 0xB6, 0xCA, 0x8A, 0x62,
+        0x94, 0xE6, 0xAF, 0xC1, 0xB9, 0x60, 0x74, 0xC0,
+        0x68, 0xEF, 0x67, 0xB1, 0x58, 0xF1, 0x12, 0x9C,
+        0xFE, 0x0A, 0x3A, 0xE7, 0xEB, 0x9D, 0x45, 0x4F,
+        0x35, 0x7F, 0xBB, 0x6A, 0xB3, 0xB9, 0x92, 0x2B,
+        0x1B, 0xCD, 0x55, 0x58, 0x61, 0x87, 0xCD, 0x24,
+        0x69, 0x24, 0x82, 0x78, 0x23, 0x34, 0xAC, 0x9F,
+        0x2B, 0x86, 0x12, 0x48, 0xF6, 0xA5, 0x30, 0xE9,
+        0x3E, 0x11, 0x48, 0x87, 0x84, 0xDD, 0xE5, 0xEA,
+        0x67, 0x8A, 0xE5, 0x05, 0x90, 0x3E, 0x23, 0x10,
+        0x53, 0x30, 0x8C, 0x1B, 0x87, 0x84, 0x60, 0x7E,
+        0x06, 0x3F, 0x48, 0x98, 0xA4, 0xFA, 0xB6, 0x01,
+        0xD3, 0xE6, 0x96, 0x85, 0x97, 0x21, 0x55, 0xF6,
+        0x3F, 0x09, 0xFD, 0x84, 0xB2, 0xB3, 0xDF, 0x74,
+        0x1F, 0xB6, 0x42, 0xAC, 0xA6, 0x03, 0xD0, 0xD5,
+        0x96, 0xE0, 0xA8, 0xDA, 0xD4, 0x24, 0xF4, 0x64,
+        0x0F, 0x98, 0xB9, 0x6F, 0xB2, 0x42, 0xC6, 0x95,
+        0xDC, 0x33, 0x1F, 0x57, 0x59, 0xF7, 0x5E, 0xAF,
+        0x19, 0x1C, 0xBD, 0x98, 0x5E, 0xC5, 0x99, 0x8D,
+        0x56, 0x48, 0xC8, 0x5E, 0xB6, 0x31, 0x29, 0x5F,
+        0x61, 0x56, 0x7C, 0x11, 0x63, 0xF9, 0x90, 0xDC,
+        0x4F, 0xA1, 0x71, 0x40, 0x91, 0x26, 0x1E, 0x5F,
+        0x3E, 0x5F, 0x0B, 0xFE, 0x84, 0x55, 0xBB, 0x8B,
+        0xAA, 0x1D, 0x69, 0x42, 0x1F, 0x15, 0x37, 0x4E,
+        0x73, 0xB0, 0x7E, 0x78, 0x57, 0x9D, 0x0E, 0x25,
+        0x1A, 0x41, 0xEE, 0x1A, 0x50, 0x43, 0xAA, 0xBF,
+        0x8B, 0xE7, 0x73, 0xEE, 0x7F, 0x9D, 0x0F, 0xDF,
+        0xCF, 0xD3, 0xAE, 0x71, 0x1F, 0xAB, 0x1D, 0x3D,
+        0xBC, 0xC2, 0x84, 0x3B, 0xE5, 0xA9, 0x46, 0xB2,
+        0x4D, 0x8B, 0x9B, 0x94, 0x35, 0x8B, 0x5F, 0x59,
+        0x8E, 0x88, 0xED, 0x3D, 0x53, 0xF3, 0x10, 0xF8,
+        0xEC, 0x63, 0x22, 0x9D, 0x4F, 0x5B, 0xB1, 0xB6,
+        0xD5, 0x24, 0xA5, 0xAF, 0x9C, 0x39, 0x47, 0x79,
+        0x25, 0xC7, 0xE2, 0x90, 0x95, 0xFC, 0x43, 0xF1,
+        0x71, 0xFE, 0xCD, 0xD0, 0x61, 0xF3, 0x62, 0x62,
+        0x71, 0x21, 0x75, 0x2C, 0x23, 0x6B, 0x79, 0x2F,
+        0x1B, 0x31, 0x90, 0x79, 0x7C, 0xD0, 0x57, 0x5C,
+        0x58, 0x4F, 0x30, 0xB5, 0x56, 0x81, 0x19, 0x61,
+        0x90, 0x45, 0x09, 0xC9, 0x8B, 0xCD, 0xE8, 0x65,
+        0x9D, 0x22, 0x80, 0xF4, 0x95, 0xA0, 0xC9, 0x55,
+        0x7D, 0x38, 0x11, 0xAF, 0x5E, 0xD4, 0x37, 0x7B,
+        0xC7, 0x59, 0x9E, 0x49, 0x59, 0xFF, 0x85, 0xF2,
+        0x15, 0x0A, 0xCD, 0xEC, 0xC1, 0xF7, 0x67, 0x2D,
+        0xE1, 0xEE, 0x4D, 0xB4, 0x4C, 0x1F, 0xB5, 0xF7,
+        0x99, 0x8A, 0xB5, 0xDB, 0x74, 0x2F, 0x6C, 0x5D,
+        0x32, 0xCB, 0xC0, 0xF2, 0xFB, 0xC9, 0x54, 0xEA,
+        0xD6, 0xCC, 0x13, 0x4B, 0x97, 0x62, 0xDF, 0x33,
+        0x13, 0x86, 0xDE, 0xCA, 0x31, 0x69, 0x47, 0x88,
+        0x4B, 0x9A, 0x13, 0xAD, 0xEA, 0x5C, 0xBE, 0x29,
+        0x56, 0x64, 0x4F, 0xA1, 0x2A, 0x7B, 0xB3, 0xBF,
+        0xB9, 0x7E, 0x1D, 0x93, 0xA7, 0x01, 0x91, 0xAC,
+        0x38, 0xA0, 0x37, 0x32, 0x58, 0xC2, 0xC2, 0x81,
+        0x6D, 0xEA, 0x6E, 0xAF, 0x88, 0x0D, 0x69, 0xF4,
+        0x5F, 0xBA, 0x4C, 0x29, 0x0F, 0x18, 0xD3, 0x4B,
+        0xB8, 0x36, 0x8C, 0xF4, 0xEB, 0xB4, 0x72, 0xBA,
+        0x49, 0x9C, 0xBB, 0x54, 0x50, 0x1E, 0xE3, 0xA2,
+        0x8E, 0x5F, 0xB9, 0xFD, 0xC6, 0x6C, 0xF6, 0x45,
+        0x72, 0x09, 0x47, 0x19, 0xBB, 0xDB, 0x48, 0xF3,
+        0xF4, 0x88, 0x51, 0x3B, 0x65, 0x50, 0xE1, 0x27,
+        0xE8, 0x34, 0x1C, 0x7E, 0x53, 0xDC, 0xFD, 0xA7,
+        0xD4, 0x08, 0x05, 0x58, 0x0B, 0xC7, 0xD3, 0x0A,
+        0x72, 0xF2, 0x44, 0xCC, 0xDB, 0x5A, 0xEF, 0x66,
+        0x1B, 0x0F, 0x30, 0x4E, 0xC5, 0xB7, 0xAB, 0x93,
+        0xB8, 0xC5, 0xC4, 0x9A, 0x77, 0x68, 0x38, 0xB7,
+        0xD5, 0x23, 0x74, 0xAA, 0x41, 0x63, 0x02, 0x24,
+        0xD6, 0x16, 0xF3, 0x10, 0xE4, 0x99, 0xEC, 0xAD,
+        0xCE, 0x93, 0xE7, 0x8B, 0x94, 0xD3, 0xCA, 0x48,
+        0xB3, 0x47, 0xBC, 0x0E, 0xEC, 0xAA, 0x20, 0x66,
+        0x02, 0x29, 0x65, 0xC8, 0x07, 0xBE, 0xF9, 0x02,
+        0x9B, 0xC5, 0x22, 0x8F, 0x00, 0x5E, 0xDB, 0x74,
+        0xD4, 0xB1, 0x44, 0x98, 0xCE, 0x3A, 0xE1, 0x3B,
+        0xEB, 0x7C, 0x69, 0x3B, 0x66, 0x9E, 0xE9, 0xF9,
+        0xA6, 0xF4, 0x6F, 0xC0, 0x0E, 0xC0, 0x5E, 0x13,
+        0x2B, 0xB6, 0xC6, 0x76, 0x0F, 0xB5, 0xC5, 0x1C,
+        0x83, 0x23, 0xAC, 0xD6, 0xA3, 0xC7, 0x5A, 0x72,
+        0xE9, 0x73, 0x89, 0x66, 0xD1, 0x25, 0xB9, 0x61,
+        0x3B, 0x31, 0x45, 0xC6, 0x7B, 0x5E, 0x98, 0x81,
+        0x87, 0xE8, 0x5F, 0x29, 0xAD, 0xCB, 0xAF, 0x74,
+        0xE3, 0x3A, 0x61, 0x1F, 0xFF, 0x25, 0x2A, 0xEB,
+        0xBA, 0xEB, 0x1E, 0xA6, 0x41, 0xE6, 0xFC, 0x8B,
+        0xDF, 0x73, 0x41, 0xBE, 0x2A, 0xA8, 0x57, 0xE4,
+        0x43, 0xAC, 0xFB, 0xCE, 0xB2, 0x15, 0x5D, 0x08,
+        0x1A, 0xCB, 0x4C, 0xCD, 0xB0, 0x98, 0xD5, 0x7C,
+        0xEF, 0x6F, 0x6F, 0xD3, 0x42, 0xDB, 0x2D, 0x83,
+        0xB6, 0x12, 0x3E, 0x0A, 0xD3, 0xC9, 0x3F, 0x30,
+        0x08, 0x11, 0xB8, 0xD5, 0xA1, 0x1A, 0x5A, 0x29,
+        0xBE, 0x60, 0x81, 0x6F, 0x69, 0xB2, 0x9D, 0x1D,
+        0x7E, 0x15, 0x88, 0x69, 0xD8, 0x60, 0xF6, 0xFB,
+        0x82, 0x9D, 0xE8, 0x0D, 0x3E, 0x1B, 0x69, 0x9C,
+        0x3A, 0xB6, 0x80, 0x4E, 0xB6, 0x54, 0x91, 0x78,
+        0xD9, 0x47, 0x33, 0x38, 0xD6, 0xAF, 0x20, 0x9E,
+        0x1F, 0x7D, 0x26, 0x3C, 0x66, 0x7A, 0xE6, 0x89,
+        0x5F, 0x6E, 0x29, 0x33, 0x92, 0x34, 0x71, 0xF1,
+        0x99, 0x58, 0x1F, 0x8A, 0x51, 0xBD, 0x9A, 0xA4,
+        0x52, 0xEE, 0xE4, 0xBF, 0xE9, 0x56, 0x69, 0xAC,
+        0xD0, 0x7B, 0x41, 0xB0, 0x0C, 0x03, 0xF5, 0x5A,
+        0x40, 0xD1, 0x0B, 0x50, 0xF8, 0xE4, 0x67, 0xBD,
+        0x07, 0x1C, 0x8F, 0x40, 0x5C, 0xF1, 0x19, 0x61,
+        0x2D, 0x32, 0x40, 0x5B, 0xD5, 0x27, 0x5A, 0x6B,
+        0xBF, 0x22, 0x17, 0xF9, 0xF1, 0x79, 0x0D, 0x29,
+        0x99, 0x7B, 0x7B, 0x6B, 0x1E, 0xC8, 0xD7, 0x92,
+        0x4A, 0xB9, 0xE6, 0x44, 0xC1, 0x29, 0xCE, 0xE8,
+        0x74, 0x33, 0x29, 0x1A, 0x2C, 0x8E, 0xD6, 0xBC,
+        0x3C, 0x2A, 0x19, 0xD0, 0x76, 0xB1, 0x77, 0xEE,
+        0x60, 0x50, 0x69, 0x2A, 0xDA, 0x8E, 0x95, 0x57,
+        0x4D, 0x6C, 0xE9, 0xAB, 0xE4, 0x97, 0x95, 0xD8,
+        0xF2, 0x8E, 0xAB, 0x69, 0x67, 0x6E, 0x79, 0x03,
+        0xA6, 0x56, 0xFA, 0xB3, 0x20, 0x25, 0xFE, 0x34,
+        0x65, 0xCB, 0xDB, 0x57, 0x01, 0xC1, 0x77, 0x20,
+        0x9D, 0x91, 0x89, 0xA5, 0x91, 0x7C, 0x13, 0x37,
+        0xDE, 0x39, 0xF5, 0x75, 0xE5, 0xDD, 0xB9, 0x3C,
+        0xA7, 0x6B, 0xEB, 0x52, 0xAF, 0x32, 0xE8, 0xD7,
+        0x12, 0x7B, 0x28, 0xF7, 0xCE, 0x73, 0x12, 0xE8,
+        0x03, 0x90, 0x47, 0x21, 0xAB, 0x21, 0x6E, 0x92,
+        0xA8, 0xA9, 0xE6, 0x09, 0xFC, 0x10, 0xAF, 0x8D,
+        0xC2, 0xAA, 0xCA, 0x14, 0xA9, 0x7B, 0xB0, 0xE4,
+        0xB2, 0x34, 0xC7, 0x00, 0x0E, 0xBB, 0xE0, 0xC4,
+        0x42, 0xF1, 0x85, 0x94, 0x6B, 0x7C, 0xE7, 0x72,
+        0x80, 0x95, 0xCD, 0x60, 0x16, 0x9B, 0x0B, 0xD9,
+        0x7B, 0x36, 0xB3, 0xAE, 0x38, 0x55, 0xD9, 0x89,
+        0x25, 0xB2, 0x9D, 0x92, 0x94, 0xEF, 0x27, 0x75,
+        0x09, 0xFC, 0xA4, 0x07, 0xEA, 0x2B, 0xC4, 0x76,
+        0x59, 0x02, 0x6A, 0x82, 0x04, 0xD6, 0x96, 0x4F,
+        0xC6, 0x5B, 0xEF, 0x35, 0x31, 0xE9, 0xC1, 0xE6,
+        0xF9, 0x70, 0xBF, 0x2F, 0xF2, 0x40, 0x75, 0xEA,
+        0x17, 0xD1, 0x36, 0xAD, 0xEA, 0xD2, 0x35, 0x6B,
+        0x6C, 0xE4, 0x98, 0xF9, 0x3C, 0xD2, 0xF9, 0xE5,
+        0xE1, 0x90, 0xD2, 0x09, 0xD9, 0x3E, 0x47, 0x3F,
+        0xAA, 0x8E, 0xD9, 0x20, 0x96, 0x31, 0x5B, 0xF1,
+        0xFC, 0xA6, 0x55, 0xFE, 0xBC, 0x78, 0xE0, 0x99,
+        0x65, 0xC9, 0x74, 0x78, 0x29, 0x6B, 0x75, 0xD3,
+        0x90, 0x56, 0x60, 0x4D, 0x32, 0x71, 0x91, 0x6D,
+        0xCF, 0xF2, 0x25, 0xCB, 0x6B, 0x9A, 0x34, 0xE1,
+        0x5D, 0xC1, 0x64, 0xB2, 0xA6, 0x8A, 0x3B, 0x42,
+        0xDE, 0x05, 0x7A, 0x6B, 0xAC, 0x17, 0x32, 0xCF,
+        0x59, 0x45, 0xBB, 0xCA, 0x12, 0xB8, 0xB3, 0x61,
+        0x59, 0xFB, 0x89, 0xF7, 0xBB, 0xBE, 0x9F, 0xE0,
+        0x34, 0x21, 0x8F, 0x5B, 0x3B, 0xCF, 0x18, 0x4C,
+        0x20, 0x73, 0x06, 0xE6, 0xD2, 0xEA, 0x69, 0x59,
+        0xEA, 0xE0, 0x89, 0x0A, 0x7B, 0x68, 0x02, 0xEC,
+        0x1D, 0xA0, 0x82, 0xBE, 0xD6, 0x5B, 0xB6, 0xE4,
+        0xEB, 0x4D, 0x56, 0x15, 0x70, 0x1C, 0xB0, 0xE3,
+        0x50, 0x36, 0x33, 0x14, 0xA4, 0xD1, 0x01, 0xDB,
+        0xBA, 0x60, 0x53, 0x71, 0xA3, 0x8B, 0x2D, 0x8A,
+        0x37, 0xFF, 0x78, 0xEB, 0xB3, 0x69, 0x82, 0x53,
+        0x88, 0xAA, 0xB7, 0xD3, 0xC6, 0x23, 0xB9, 0x3E,
+        0x51, 0x2D, 0x96, 0xA9, 0xF3, 0x39, 0xEC, 0x96,
+        0x8B, 0x35, 0x27, 0x59, 0xAF, 0x3E, 0x8F, 0xA3,
+        0x21, 0x1C, 0x39, 0x29, 0x5B, 0x01, 0x10, 0xE6,
+        0xDF, 0x26, 0x4E, 0x90, 0x67, 0x8C, 0x11, 0xE2,
+        0xB9, 0x03, 0xAF, 0x32, 0x2E, 0x4F, 0xA7, 0x70,
+        0x28, 0xD3, 0xEC, 0xC4, 0x4F, 0x62, 0x79, 0xD6,
+        0x3B, 0x1E, 0x60, 0xD8, 0x06, 0x72, 0x41, 0x01,
+        0x5F, 0xC4, 0xF8, 0x9B, 0xAA, 0x15, 0x6A, 0x78,
+        0xFA, 0x77, 0xBB, 0x29, 0x14, 0xCA, 0xC2, 0x81,
+        0xF4, 0x40, 0x9C, 0x9C, 0x03, 0x70, 0xAB, 0xD7,
+        0xC1, 0xF8, 0xA5, 0xD1, 0x04, 0x0B, 0x59, 0x75,
+        0x2C, 0xC4, 0xFD, 0xF0, 0xD1, 0x9C, 0xB0, 0xC5,
+        0x6F, 0xEF, 0x34, 0xFA, 0x3A, 0x3B, 0xCE, 0xE1,
+        0xF0, 0x64, 0xE3, 0x60, 0xE8, 0x6D, 0xC5, 0x5D,
+        0xB5, 0xC9, 0x37, 0x5B, 0xDA, 0xDA, 0x67, 0x2E,
+        0x72, 0xF6, 0x64, 0xE3, 0xAC, 0xB2, 0xE6, 0xD8,
+        0xA0, 0x84, 0x09, 0xC8, 0xCD, 0x60, 0xA1, 0xF9,
+        0x53, 0x80, 0xAB, 0x6C, 0x3A, 0xCB, 0x6B, 0x91,
+        0xA8, 0xA9, 0xA3, 0xB7, 0x75, 0x50, 0x49, 0x79,
+        0xB8, 0x02, 0x5A, 0xDB, 0x34, 0x22, 0x61, 0x9B,
+        0xD1, 0x1E, 0x2B, 0x54, 0xFE, 0x6D, 0x07, 0x58,
+        0x81, 0xAC, 0xAC, 0x24, 0x53, 0x20, 0x31, 0xCC,
+        0xD2, 0x99, 0x06, 0x0E, 0x4E, 0xB7, 0xF7, 0xCB,
+        0xD8, 0x08, 0x36, 0xD4, 0xB8, 0x23, 0xA5, 0xFF,
+        0xA4, 0xFE, 0x8C, 0x6B, 0x98, 0x3D, 0x2A, 0xAE,
+        0xB8, 0xF1, 0x6F, 0x6C, 0x1C, 0x22, 0x81, 0xEF,
+        0xD7, 0x13, 0xFF, 0xDA, 0x22, 0x06, 0x9A, 0x5D,
+        0x8A, 0xC4, 0x91, 0x29, 0x1C, 0xBF, 0x49, 0xF1,
+        0x18, 0xC9, 0x46, 0xD5, 0x0F, 0x08, 0xE0, 0xD1,
+        0x73, 0x28, 0x14, 0xE8, 0x15, 0x81, 0x90, 0x6A,
+        0x31, 0x53, 0x94, 0x01, 0x14, 0xBE, 0xC8, 0xEB,
+        0xD4, 0x9C, 0x73, 0x79, 0x0F, 0x9E, 0xD7, 0xCC,
+        0xD9, 0x85, 0xED, 0xAD, 0x8D, 0xB3, 0x42, 0x6B,
+        0x15, 0x13, 0x98, 0xEB, 0xF1, 0x6E, 0xFA, 0xFE,
+        0x3D, 0xA0, 0xC7, 0xF3, 0x8B, 0x22, 0x76, 0x05,
+        0x76, 0xD4, 0x88, 0x52, 0x73, 0xF5, 0xE4, 0x0B,
+        0x14, 0x05, 0x57, 0x10, 0x7F, 0xCE, 0x0B, 0xF8,
+        0x46, 0x1F, 0x24, 0x8B, 0xC4, 0x3F, 0xBF, 0x5C,
+        0xEE, 0xE7, 0x6E, 0xF3, 0xA9, 0xEB, 0xD2, 0x30,
+        0x95, 0x6C, 0x7B, 0x98, 0xAC, 0x89, 0x8A, 0x39,
+        0x9E, 0x5C, 0x2A, 0xB0, 0xCB, 0xE9, 0xE5, 0xAB,
+        0x94, 0x71, 0xDF, 0x5E, 0x53, 0x0C, 0x72, 0xF2,
+        0x6C, 0x34, 0xDB, 0xFE, 0x2F, 0x83, 0x68, 0x3E,
+        0xB6, 0x22, 0xF9, 0x64, 0x7A, 0xA0, 0x6A, 0x26,
+        0x7D, 0x78, 0x97, 0x36, 0x31, 0x2C, 0x90, 0xC9,
+        0xE5, 0x9D, 0x77, 0x12, 0x2A, 0x88, 0x53, 0x8F,
+        0xD0, 0xF5, 0x39, 0x16, 0xAF, 0x08, 0xB2, 0x36,
+        0x93, 0x5C, 0xDC, 0x5B, 0xB3, 0xCB, 0x49, 0x0C,
+        0x83, 0x09, 0xE6, 0xA7, 0x9B, 0x43, 0xE7, 0xA5,
+        0x4A, 0x8A, 0x07, 0xE1, 0xBA, 0xFB, 0x9B, 0x93,
+        0x7E, 0xAC, 0x2F, 0xC3, 0xAC, 0xED, 0x30, 0x64,
+        0x1F, 0x33, 0x79, 0x19, 0xD2, 0xDB, 0x54, 0xEC,
+        0x7F, 0x32, 0x0E, 0xC5, 0x1C, 0xD1, 0x3C, 0x00,
+        0xB9, 0xE6, 0x03, 0xDF, 0x6D, 0xD2, 0x69, 0x0C,
+        0x75, 0xAF, 0x37, 0x07, 0xB7, 0xC9, 0x3E, 0x91,
+        0xCF, 0x02, 0x78, 0xD7, 0x43, 0xA1, 0x8B, 0x4E,
+        0x69, 0x74, 0xB4, 0x24, 0x08, 0x10, 0x42, 0xB5,
+        0xB4, 0xE7, 0x8C, 0xEB, 0x7F, 0xFF, 0x67, 0x98,
+        0x0B, 0xBC, 0xBA, 0x5E, 0x29, 0xBE, 0x61, 0x33,
+        0x56, 0x16, 0xD6, 0x5E, 0x86, 0xF0, 0xE7, 0x46,
+        0xD1, 0x83, 0xDF, 0xD4, 0x6B, 0x75, 0xC9, 0x30,
+        0x0D, 0x60, 0xC5, 0x19, 0xFD, 0x95, 0xA8, 0xA6,
+        0x61, 0xFF, 0xC8, 0x2A, 0xE7, 0x5D, 0xD1, 0x49,
+        0x49, 0x1F, 0x99, 0xD1, 0x41, 0x4F, 0x15, 0x79,
+        0x00, 0x8A, 0x80, 0x27, 0xA6, 0xC9, 0x98, 0xD3,
+        0xE7, 0xA2, 0xBB, 0xFA, 0x07, 0xAB, 0x53, 0xEF,
+        0xE8, 0x17, 0xAE, 0x9C, 0x6A, 0xE8, 0xD0, 0x52,
+        0xAA, 0x85, 0x9D, 0x03, 0x48, 0xB0, 0xD2, 0xC8,
+        0x5B, 0xCC, 0xC4, 0x50, 0x84, 0x90, 0xBE, 0x0F,
+        0x9B, 0x32, 0x13, 0xB8, 0xAF, 0x7C, 0xCE, 0xE7,
+        0x22, 0xE2, 0x82, 0x13, 0x18, 0x71, 0x46, 0xC5,
+        0xDA, 0x05, 0xB7, 0x65, 0xD8, 0x33, 0x06, 0xFA,
+        0x5A, 0x6B, 0x76, 0xD6, 0x92, 0x76, 0xD1, 0x6A,
+        0x2B, 0xC6, 0x0D, 0xB1, 0xAD, 0xAB, 0x57, 0x62,
+        0xEA, 0x76, 0x37, 0x4E, 0xAB, 0x2D, 0x34, 0xD2,
+        0xA3, 0x57, 0xC7, 0x56, 0xFB, 0xEA, 0xD6, 0xA9,
+        0xE3, 0xC1, 0x63, 0x07, 0xDE, 0xB9, 0x5E, 0x5A,
+        0x30, 0x2E, 0x41, 0x4D, 0x43, 0xE9, 0x1C, 0xA1,
+        0x5B, 0xB2, 0x4F, 0xAF, 0xDC, 0xE9, 0xBB, 0xBE,
+        0x73, 0x55, 0x90, 0xF0, 0xD0, 0x02, 0x98, 0x6D,
+        0x13, 0x50, 0x9A, 0xCA, 0x4C, 0xB3, 0x15, 0x3A,
+        0x26, 0x14, 0x38, 0x67, 0xEB, 0xA7, 0x27, 0x33,
+        0x48, 0x97, 0x58, 0x94, 0x57, 0xEA, 0xF9, 0x7E,
+        0x8B, 0xB0, 0xBB, 0xF3, 0xF4, 0x84, 0x6E, 0x69,
+        0x95, 0x2C, 0xF4, 0x6B, 0x1C, 0x65, 0x39, 0xB4,
+        0x46, 0xA7, 0x99, 0xD6, 0x68, 0x47, 0x6E, 0x2E,
+        0x49, 0x84, 0x75, 0x3E, 0x6C, 0x2E, 0x9A, 0x08,
+        0xBC, 0xB7, 0x2F, 0x86, 0x68, 0x5C, 0xE1, 0xBF,
+        0xEA, 0xA1, 0xAF, 0x59, 0xD6, 0x71, 0xB7, 0xBD,
+        0xD6, 0xC5, 0xC2, 0xF2, 0xF3, 0xB5, 0x36, 0xBB,
+        0x36, 0x23, 0x4F, 0xD6, 0x44, 0x59, 0x0A, 0x44,
+        0x86, 0xCA, 0xDC, 0xD4, 0x22, 0x0F, 0x79, 0x09,
+        0x99, 0x8C, 0x8C, 0x9E, 0x03, 0xA4, 0x51, 0x99,
+        0x5A, 0xB9, 0x97, 0x76, 0x73, 0x20, 0xD3, 0x98,
+        0x8C, 0x52, 0x96, 0xE1, 0x65, 0x7B, 0x4C, 0x77,
+        0x40, 0xB2, 0xFE, 0x27, 0x0A, 0x11, 0x76, 0x6E,
+        0x3B, 0x35, 0x12, 0xC6, 0x4E, 0xC2, 0x0E, 0xCC,
+        0x04, 0xB5, 0x51, 0x91, 0xD0, 0x4A, 0xF7, 0x84,
+        0xF2, 0xE7, 0xE5, 0x99, 0x7E, 0xB5, 0x3E, 0xAC,
+        0x53, 0xDB, 0x61, 0x11, 0x71, 0x56, 0x4E, 0xAB,
+        0x4A, 0x68, 0xC1, 0x6A, 0xA5, 0xC5, 0x7F, 0x72,
+        0xEB, 0x14, 0x97, 0xA4, 0x27, 0xA0, 0x53, 0xA1,
+        0xC4, 0x70, 0x7D, 0x58, 0xBD, 0xC1, 0xD7, 0xFD,
+        0x9F, 0xB8, 0x8C, 0xCE, 0x34, 0xF9, 0xE1, 0x9C,
+        0x59, 0x79, 0x31, 0x24, 0xEC, 0xBB, 0xF5, 0x6F,
+        0x3F, 0xA3, 0x5A, 0x55, 0xB3, 0xDE, 0x64, 0xDF,
+        0xA9, 0x95, 0x0B, 0x53, 0xF2, 0xA7, 0x25, 0x7B,
+        0x8C, 0xAD, 0x25, 0x9A, 0x35, 0xBF, 0x15, 0x46,
+        0x69, 0x4A, 0x83, 0x8C, 0x80, 0xFC, 0x37, 0xD0,
+        0xC3, 0x6F, 0x00, 0xE2, 0x3C, 0x63, 0xAB, 0xC5,
+        0x53, 0xC1, 0x8D, 0x4A, 0x40, 0x4B, 0xE6, 0xDC,
+        0x05, 0xB1, 0x20, 0x23, 0x8B, 0xB8, 0xDF, 0x40,
+        0x86, 0x97, 0xB9, 0x5E, 0xA4, 0xB7, 0xA1, 0x37,
+        0xE0, 0x4B, 0x9E, 0xD9, 0x84, 0x2B, 0x2D, 0xAD,
+        0xD1, 0xB1, 0x52, 0x15, 0x00, 0x9B, 0xDD, 0x23,
+        0xA9, 0x27, 0x44, 0x21, 0x33, 0x17, 0x1C, 0x61,
+        0x49, 0x84, 0x0D, 0x6A, 0x11, 0x7C, 0x77, 0xA5,
+        0xD6, 0x8E, 0xE6, 0x1D, 0x6E, 0x90, 0x04, 0x4A,
+        0xD3, 0x54, 0x3A, 0xA7, 0x1A, 0x28, 0xC5, 0x94,
+        0x01, 0xCA, 0xDB, 0x1B, 0x5D, 0x78, 0xC5, 0xC6,
+        0x69, 0x0D, 0x69, 0x88, 0x75, 0x00, 0x02, 0x0B,
+        0x59, 0x6C, 0x3E, 0xC5, 0x30, 0xDF, 0xEE, 0x85,
+        0x43, 0xA2, 0x9A, 0xF9, 0xDD, 0x85, 0x6E, 0xB3,
+        0x0D, 0x83, 0x6A, 0x13, 0x88, 0xD0, 0x12, 0x15,
+        0x53, 0x16, 0xFC, 0x5C, 0x15, 0x47, 0xEC, 0x6D,
+        0x4D, 0x18, 0x2D, 0x88, 0xDB, 0xD2, 0x17, 0x6C,
+        0xDE, 0x64, 0xEC, 0x70, 0x8D, 0x19, 0xDC, 0x66,
+        0x69, 0x7F, 0xCF, 0x61, 0x6E, 0x4F, 0x23, 0x86,
+        0xF5, 0x1A, 0x98, 0x47, 0x4B, 0xCC, 0xE9, 0x2F,
+        0x12, 0x28, 0x12, 0xB9, 0xEB, 0xD8, 0x32, 0xDC,
+        0xE4, 0xD8, 0x63, 0xAC, 0x56, 0x08, 0x2F, 0xEC,
+        0x5E, 0x47, 0x29, 0xFF, 0x76, 0xFE, 0x95, 0x60,
+        0xD2, 0x19, 0x61, 0x0E, 0xAF, 0xFC, 0x44, 0x42,
+        0x11, 0x42, 0x79, 0xBC, 0x06, 0x3A, 0xAD, 0x93,
+        0x7E, 0x46, 0x60, 0x03, 0xB0, 0xF5, 0x9F, 0x57,
+        0x28, 0x48, 0x44, 0x8F, 0x0E, 0xFA, 0x72, 0x8C,
+        0xE4, 0x18, 0xF4, 0x99, 0x6B, 0xB1, 0x23, 0x45,
+        0xDC, 0x13, 0xA2, 0xF6, 0x5F, 0x57, 0x35, 0xA2,
+        0xD7, 0x38, 0xF9, 0xE9, 0x8A, 0x7A, 0x79, 0xC6,
+        0xB2, 0xCD, 0xBF, 0xD3, 0x41, 0x21, 0x56, 0xB3,
+        0x39, 0xD9, 0x14, 0x3B, 0xDD, 0x85, 0xCB, 0x78,
+        0x2F, 0xEB, 0x7E, 0x29, 0xBC, 0x52, 0x24, 0xE7,
+        0x1B, 0x85, 0xB1, 0x65, 0xAE, 0xAB, 0x65, 0xF9,
+        0x54, 0xD2, 0x1F, 0x37, 0x29, 0x52, 0x30, 0x5B,
+        0x3D, 0x5F, 0x48, 0x84, 0x3F, 0x51, 0x27, 0x88,
+        0x9D, 0xA7, 0x94, 0xF0, 0x73, 0xCD, 0x98, 0xD2,
+        0x05, 0xE8, 0x25, 0x71, 0x7C, 0x93, 0x13, 0x82,
+        0x5D, 0x53, 0x8D, 0x05, 0x0E, 0x69, 0x20, 0xC4,
+        0xDB, 0xF2, 0xF6, 0x55, 0x24, 0x29, 0xD0, 0x41,
+        0xF6, 0x2D, 0xF8, 0xC1, 0x2E, 0xC2, 0x4D, 0xE1,
+        0xD7, 0x2D, 0xA0, 0x49, 0x16, 0x0B, 0x4D, 0x34,
+        0xB5, 0x6D, 0xAE, 0x10, 0x93, 0x1E, 0xB6, 0x95,
+        0x69, 0xC2, 0xB3, 0xC0, 0xAF, 0x6F, 0xFF, 0xA5,
+        0x32, 0x3C, 0x7D, 0xC9, 0xC7, 0xC8, 0xEF, 0x0C,
+        0x64, 0x20, 0x23, 0xC4, 0xFE, 0x89, 0x87, 0x8E,
+        0xB3, 0xA6, 0xC5, 0x24, 0xCF, 0x03, 0x7E, 0x74,
+        0xF7, 0xBF, 0x89, 0x1E, 0xCF, 0xB1, 0x02, 0xFA,
+        0xF2, 0x9F, 0xD3, 0x9D, 0x99, 0x00, 0xDA, 0x7A,
+        0x92, 0x7D, 0x13, 0x11, 0x92, 0xAD, 0x55, 0xF2,
+        0xE1, 0x82, 0x72, 0xB1, 0x6A, 0xF1, 0x45, 0x05,
+        0xDA, 0x17, 0xC9, 0xA1, 0x42, 0x82, 0x89, 0x77,
+        0x31, 0xB6, 0x72, 0x54, 0x7C, 0x68, 0x10, 0x25,
+        0x57, 0x30, 0x16, 0x15, 0x08, 0x58, 0x8B, 0xC1,
+        0x61, 0xCB, 0xA0, 0x58, 0x29, 0x33, 0xB1, 0x64,
+        0xF4, 0x4F, 0x06, 0xAA, 0x25, 0x31, 0xAA, 0xA8,
+        0x92, 0x1C, 0x69, 0x1E, 0x6E, 0xB6, 0xBE, 0x81,
+        0xDA, 0x9B, 0xE5, 0x1C, 0x56, 0x39, 0x55, 0xE0,
+        0xC1, 0xEF, 0xD3, 0xED, 0x2A, 0x1C, 0x94, 0x9B,
+        0xD4, 0xE0, 0x0B, 0x3A, 0xE9, 0xEB, 0xC1, 0x3C,
+        0x4C, 0x6C, 0x4E, 0x5E, 0x39, 0x4C, 0xB0, 0x34,
+        0xB9, 0xCB, 0x75, 0xBE, 0xCE, 0x86, 0x44, 0xFF,
+        0x89, 0xEF, 0x95, 0xE7, 0x6E, 0xF7, 0x15, 0xE1,
+        0x7A, 0xA2, 0x6B, 0x1F, 0xEB, 0x77, 0x4C, 0x50,
+        0x59, 0xB3, 0xA3, 0x9A, 0x38, 0xDF, 0xD0, 0x57,
+        0xD6, 0x41, 0xE4, 0x3F, 0xFE, 0x0F, 0x3E, 0x40,
+        0xFF, 0xF6, 0xB2, 0x36, 0x3C, 0x1B, 0xF0, 0xEF,
+        0x07, 0x87, 0x3D, 0x09, 0xA4, 0x87, 0x76, 0x9D,
+        0x0A, 0x73, 0xCD, 0x0C, 0xC6, 0x44, 0xF5, 0x3C,
+        0x25, 0xD2, 0x02, 0x5E, 0xE7, 0x1C, 0x69, 0xB7,
+        0xAC, 0x0F, 0xA6, 0x61, 0x15, 0x57, 0xC4, 0x27,
+        0xC0, 0x69, 0xDF, 0x2E, 0x1B, 0xF6, 0x29, 0xD9,
+        0xA0, 0xCB, 0x5C, 0x67, 0xC7, 0xEA, 0x4F, 0xA6,
+        0x58, 0xC7, 0x8D, 0x00, 0x42, 0xB0, 0x59, 0xE6,
+        0xB6, 0x58, 0xFF, 0xCE, 0x60, 0x16, 0x69, 0x67,
+        0xDB, 0x94, 0xF7, 0x16, 0xEB, 0x4D, 0x04, 0xB3,
+        0xD2, 0x45, 0x0F, 0x40, 0x03, 0x1F, 0x10, 0xAC,
+        0xDD, 0x07, 0x77, 0x7F, 0xBE, 0x9F, 0xBB, 0xB7,
+        0x7F, 0xCB, 0x7C, 0x1F, 0xA9, 0xFC, 0x1E, 0xAF,
+        0x0C, 0x5F, 0x86, 0xD7, 0x96, 0x2D, 0xAE, 0xD0,
+        0x47, 0x4B, 0xA0, 0xFE, 0x68, 0xD9, 0xB2, 0x32,
+        0x77, 0xA9, 0xCA, 0x7F, 0xC6, 0x76, 0xC6, 0x61,
+        0x6B, 0x8E, 0x43, 0x9A, 0x1D, 0x4B, 0xFF, 0x72,
+        0x43, 0x78, 0x19, 0xB5, 0x51, 0x87, 0x56, 0xA7,
+        0x87, 0x3E, 0xF5, 0x84, 0x01, 0x26, 0x46, 0xC3,
+        0x65, 0x9A, 0x6B, 0xA8, 0x6E, 0x62, 0x27, 0x26,
+        0x14, 0xD8, 0x5E, 0xEC, 0xD5, 0x35, 0x0E, 0x3C,
+        0xD0, 0xA1, 0x25, 0xAE, 0x9C, 0x17, 0xCC, 0xE2,
+        0x52, 0x39, 0xE1, 0xEE, 0x9C, 0xDB, 0x39, 0xCA,
+        0x7B, 0x18, 0xCF, 0x2C, 0x88, 0xCF, 0x14, 0x68,
+        0x26, 0xB6, 0xCC, 0x1E, 0x6A, 0xA8, 0xE1, 0x69,
+        0x2C, 0x91, 0x5F, 0x3B, 0xF1, 0xC1, 0xDB, 0x34,
+        0xC6, 0xF3, 0x78, 0x83, 0xCB, 0x4E, 0xDC, 0xE0,
+        0xF7, 0xC9, 0x95, 0xB6, 0x9E, 0x3A, 0xCE, 0x30,
+        0xDC, 0x16, 0x6F, 0x78, 0x4C, 0x93, 0xD6, 0xCB,
+        0xBC, 0xAC, 0x3C, 0x79, 0xBC, 0x31, 0x93, 0x10,
+        0xCE, 0x6E, 0x66, 0x57, 0x00, 0xF1, 0x7F, 0x96,
+        0x2F, 0x18, 0xB2, 0x40, 0x73, 0x9D, 0x15, 0x69,
+        0x0B, 0x1B, 0x6C, 0x85, 0xD1, 0xAA, 0xA3, 0x2D,
+        0x4A, 0x79, 0x74, 0x4A, 0xE5, 0x0C, 0xF9, 0xA9,
+        0x0A, 0x09, 0x54, 0xB4, 0xA4, 0xD9, 0x4C, 0x49,
+        0x9B, 0x41, 0x23, 0xEF, 0xC0, 0x20, 0x44, 0x31,
+        0xF7, 0x22, 0x85, 0xB5, 0xDA, 0x9E, 0x19, 0x22,
+        0x23, 0x0A, 0x30, 0x4D, 0x3A, 0x1B, 0xD8, 0x52,
+        0x08, 0x72, 0x61, 0xB7, 0xCF, 0x0D, 0x8B, 0x90,
+        0xD1, 0x46, 0x23, 0xEB, 0xCD, 0xC6, 0x38, 0x7B,
+        0xC6, 0xAF, 0x65, 0xBE, 0x5F, 0x01, 0x1B, 0x6B,
+        0xC1, 0x23, 0xC1, 0x30, 0x6A, 0x1E, 0x8F, 0xBF,
+        0x2D, 0xF0, 0xB6, 0xF8, 0x9B, 0x0A, 0xE0, 0x5D,
+        0xE0, 0xE4, 0xB7, 0xF5, 0x0A, 0xDA, 0x46, 0xE5,
+        0x3A, 0x9B, 0x6B, 0xCA, 0xDA, 0x06, 0x43, 0xBE,
+        0x6B, 0xFD, 0xC2, 0xB0, 0x6A, 0x6C, 0x75, 0x88,
+        0x3C, 0x2D, 0xC6, 0x13, 0xAC, 0x72, 0x16, 0x31,
+        0x7A, 0x40, 0xC4, 0xA2, 0xC0, 0x86, 0x69, 0x83,
+        0xD3, 0x2C, 0x9C, 0xE0, 0xA6, 0xCC, 0xED, 0xF4,
+        0x03, 0x62, 0x6B, 0xB2, 0x3B, 0x5B, 0x9D, 0xA5,
+        0x86, 0x77, 0x7C, 0x73, 0x5E, 0x19, 0x11, 0xD7,
+        0x7B, 0x11, 0x96, 0xC8, 0xFA, 0x47, 0x21, 0xD6,
+        0xB0, 0xFE, 0x0B, 0x08, 0x11, 0xFC, 0x00, 0xB9,
+        0xA1, 0x24, 0x2C, 0xBD, 0x4A, 0x92, 0x43, 0x10,
+        0x08, 0xBE, 0xE9, 0xE1, 0x5D, 0x19, 0x82, 0xDE,
+        0x34, 0xAE, 0xDC, 0xA6, 0x85, 0x8F, 0x19, 0x30,
+        0x20, 0xB6, 0x44, 0x7F, 0x6B, 0xA6, 0x63, 0x70,
+        0x59, 0xDA, 0x8D, 0xE0, 0xF8, 0x46, 0x86, 0x57,
+        0xB8, 0x1C, 0x57, 0x13, 0x78, 0x41, 0x8C, 0xF5,
+        0x7D, 0x77, 0xAE, 0x75, 0x6C, 0x59, 0x93, 0x2E,
+        0x05, 0x25, 0x03, 0xD1, 0xEA, 0xFB, 0x2D, 0x60,
+        0xD2, 0x61, 0x23, 0xEA, 0x0E, 0xFF, 0x55, 0xE3,
+        0x24, 0x49, 0x00, 0x19, 0xBD, 0x1E, 0x56, 0x24,
+        0x87, 0x2F, 0x7B, 0x98, 0x07, 0x36, 0xD2, 0x7C,
+        0xC5, 0x9B, 0xE0, 0x4E, 0x29, 0xAB, 0xA1, 0xB8,
+        0x35, 0x15, 0x31, 0xCE, 0x65, 0x14, 0x24, 0xF8,
+        0x10, 0xB5, 0xAB, 0x3E, 0xD5, 0x58, 0xCA, 0xE5,
+        0x73, 0x2D, 0x7C, 0x8B, 0xB4, 0x62, 0x75, 0x03,
+        0x30, 0x89, 0xFE, 0x32, 0xF8, 0x65, 0x99, 0xD0,
+        0x88, 0xD5, 0x72, 0x88, 0x03, 0xC9, 0x51, 0x03,
+        0xBA, 0x2F, 0xFB, 0x7C, 0x39, 0x02, 0x05, 0xC4,
+        0xCE, 0xD8, 0xB3, 0xC2, 0x7B, 0x29, 0x8E, 0xA7,
+        0x9D, 0x35, 0x97, 0xB7, 0x17, 0xDE, 0x28, 0x0B,
+        0x32, 0xE5, 0x41, 0xDA, 0x1D, 0x98, 0xBD, 0x27,
+        0xEF, 0xF7, 0xB4, 0x43, 0x09, 0x13, 0x39, 0xC7,
+        0x40, 0x16, 0x11, 0x20, 0x71, 0xCB, 0xB6, 0xC9,
+        0xB0, 0x8F, 0x20, 0xC1, 0xF0, 0x40, 0xFB, 0x6E,
+        0x73, 0x04, 0x8F, 0x73, 0xCA, 0x45, 0xDB, 0xE0,
+        0xF9, 0x25, 0x8D, 0x32, 0xF2, 0x3E, 0x36, 0xBE,
+        0xF7, 0x88, 0xF8, 0x13, 0x4D, 0x9B, 0x10, 0xC2,
+        0x58, 0x0B, 0x20, 0xF8, 0x78, 0xB6, 0x4C, 0x7D,
+        0x2A, 0xA6, 0x81, 0x40, 0xD1, 0x30, 0x50, 0x38,
+        0x2A, 0x5F, 0xBC, 0x81, 0x8E, 0x0F, 0xD4, 0xD0,
+        0x87, 0x99, 0x78, 0x3D, 0xBE, 0x25, 0x15, 0xF4,
+        0x45, 0x61, 0xA3, 0x1A, 0x7D, 0x05, 0x3F, 0xB5,
+        0xA6, 0x1C, 0x41, 0xC6, 0x0E, 0xBE, 0x57, 0x6F,
+        0xC5, 0xB6, 0x38, 0x63, 0x90, 0x55, 0x23, 0xFC,
+        0x26, 0x9E, 0xFD, 0xB8, 0x6C, 0xF2, 0x99, 0x6B,
+        0x6D, 0x90, 0xFE, 0x28, 0xA0, 0x16, 0xEE, 0x63,
+        0xC2, 0x4C, 0xD6, 0xB2, 0x0C, 0xFA, 0x6E, 0x85,
+        0x51, 0xE4, 0x2F, 0x57, 0x91, 0x82, 0x84, 0x43,
+        0x8A, 0x44, 0x31, 0x6C, 0x68, 0x02, 0x01, 0x7C,
+        0xCE, 0x4D, 0xC0, 0x7C, 0x43, 0xA9, 0x54, 0xF5,
+        0x0E, 0xCA, 0xE6, 0x15, 0x98, 0xAE, 0x41, 0x57,
+        0x0A, 0x66, 0xBA, 0x6D, 0x6E, 0x68, 0xB9, 0x2E,
+        0x0D, 0x42, 0xD2, 0xF5, 0x0B, 0xFC, 0x2D, 0xA8,
+        0x61, 0x6E, 0x60, 0x4E, 0x51, 0x78, 0xEB, 0x0C,
+        0x52, 0x9E, 0xC0, 0x4A, 0xB0, 0x92, 0x85, 0x5C,
+        0x3A, 0x3D, 0x69, 0x95, 0xAB, 0x62, 0xEB, 0x2F,
+        0x9B, 0x12, 0xF5, 0x2E, 0xB5, 0xA6, 0x93, 0xCE,
+        0x14, 0x97, 0xA7, 0x1E, 0x0A, 0x7B, 0x94, 0x74,
+        0xFB, 0x65, 0xD0, 0x5A, 0x97, 0x55, 0x40, 0x02,
+        0x71, 0x87, 0x9C, 0x9F, 0xCB, 0x41, 0x3F, 0x08,
+        0x8D, 0x6A, 0xCA, 0xE6, 0xEC, 0xE6, 0x71, 0x22,
+        0xF8, 0x58, 0x9F, 0xF1, 0x94, 0xF6, 0xE4, 0xD6,
+        0xDC, 0x35, 0xD7, 0xEB, 0x6B, 0x78, 0x99, 0x66,
+        0xF9, 0xE2, 0x15, 0x27, 0xC9, 0x8C, 0x27, 0xB4,
+        0x89, 0x3C, 0x15, 0xEE, 0x52, 0x71, 0xA9, 0xD2,
+        0x50, 0x3C, 0xD2, 0x31, 0xBB, 0x3A, 0xE5, 0x87,
+        0xAF, 0x65, 0x2B, 0xF2, 0xF5, 0xC9, 0x44, 0xA2,
+        0x59, 0x1C, 0x57, 0x96, 0xB9, 0xC2, 0x5E, 0xCB,
+        0x8A, 0x5B, 0x2B, 0x7A, 0x7E, 0x93, 0x3C, 0x08,
+        0x27, 0xCD, 0xB4, 0xB0, 0x1B, 0xF3, 0x82, 0x50,
+        0x78, 0xCF, 0xEA, 0x28, 0x57, 0xB1, 0x0F, 0xB4,
+        0xB6, 0x93, 0x82, 0x8E, 0x7A, 0xD1, 0x9F, 0x04,
+        0xEC, 0xEE, 0x24, 0x3D, 0x8A, 0x5E, 0x56, 0x99,
+        0x8D, 0x83, 0xA4, 0x05, 0x7D, 0xFB, 0x36, 0xDB,
+        0xAB, 0xD1, 0x67, 0x59, 0xC7, 0x4A, 0xB9, 0xAF,
+        0x99, 0xB6, 0xD8, 0xD4, 0x2C, 0xCA, 0x8C, 0xCC,
+        0xD2, 0x32, 0xAB, 0x51, 0xCE, 0x2D, 0x22, 0xE0,
+        0x29, 0xB1, 0x73, 0x10, 0x60, 0xA8, 0x6B, 0x8F,
+        0x68, 0xAF, 0x58, 0x06, 0x9D, 0x72, 0x36, 0x98,
+        0x3F, 0xF3, 0x6B, 0xAD, 0x3E, 0x7F, 0x4A, 0x00,
+        0x94, 0x04, 0xAE, 0xE9, 0x8A, 0x9E, 0x8A, 0x03,
+        0xD8, 0x04, 0xCC, 0xFE, 0xE3, 0xF8, 0xA2, 0x04,
+        0x64, 0x17, 0x54, 0x77, 0xCA, 0x20, 0xD0, 0x80,
+        0x1B, 0x36, 0xEF, 0x59, 0x31, 0xFA, 0xE4, 0xF5,
+        0xAF, 0x56, 0x09, 0x02, 0xAD, 0xCF, 0xA6, 0xBC,
+        0x26, 0x23, 0x27, 0x6D, 0xF3, 0x52, 0xCE, 0x2F,
+        0x4C, 0x9C, 0xA8, 0x23, 0x75, 0xFA, 0x56, 0x9E,
+        0x07, 0x5B, 0xB9, 0x30, 0x5A, 0xB1, 0x27, 0xFF,
+        0x72, 0xBF, 0x50, 0xB1, 0x27, 0xEF, 0xA1, 0x0C,
+        0x3A, 0xC9, 0x72, 0x21, 0xBE, 0xD8, 0xDC, 0xD5,
+        0x66, 0x4A, 0x0A, 0x58, 0xFA, 0x57, 0xB4, 0x00,
+        0x07, 0x31, 0xF2, 0x4E, 0xDC, 0xE0, 0x86, 0x99,
+        0x45, 0xE5, 0x45, 0xCF, 0x27, 0x35, 0x79, 0x57,
+        0xF5, 0xA2, 0x7A, 0x29, 0xFA, 0x5E, 0xCF, 0xF9,
+        0xA9, 0x96, 0x11, 0xE1, 0x4A, 0x6C, 0xE5, 0xB8,
+        0x8E, 0x78, 0xE6, 0xA1, 0x46, 0x97, 0xAE, 0xB4,
+        0xF3, 0x6D, 0x7F, 0x8E, 0xD1, 0x86, 0x6B, 0x78,
+        0x2B, 0x55, 0xC5, 0xDF, 0x0F, 0x43, 0x78, 0xED,
+        0xD2, 0x38, 0xE5, 0x8B, 0x94, 0x7A, 0x06, 0xC5,
+        0x73, 0x17, 0x55, 0x93, 0xAD, 0xA5, 0xAC, 0xBA,
+        0x81, 0x8A, 0x6D, 0x73, 0x4B, 0xA1, 0x32, 0x8F,
+        0x21, 0xA6, 0x5B, 0x51, 0x31, 0x58, 0xD0, 0xE4,
+        0x0B, 0x93, 0x46, 0xF2, 0x51, 0x30, 0x3E, 0x60,
+        0xE1, 0xCB, 0x30, 0x04, 0x15, 0x8D, 0x1E, 0x87,
+        0xA6, 0xF6, 0x38, 0xE0, 0x27, 0x84, 0x81, 0x18,
+        0x2B, 0x37, 0xBB, 0xD3, 0xDB, 0xE7, 0x91, 0xA3,
+        0x1B, 0x6B, 0x20, 0xCB, 0x2C, 0x52, 0xB1, 0xB9,
+        0x6A, 0x94, 0xF8, 0xCD, 0xBA, 0x5D, 0xC7, 0xDD,
+        0x79, 0x36, 0x38, 0xC2, 0xFC, 0xEC, 0x4F, 0x2B,
+        0x5F, 0x73, 0x44, 0x03, 0xE9, 0xA9, 0xF5, 0xD9,
+        0x99, 0xEA, 0x61, 0xDC, 0x6A, 0x98, 0xBE, 0xDE,
+        0xB9, 0x34, 0xCC, 0x76, 0xB0, 0xE1, 0x8C, 0x70,
+        0x3A, 0xA5, 0x7C, 0xD1, 0xC0, 0x2A, 0x8E, 0x7D,
+        0x47, 0x8A, 0x63, 0xEA, 0x30, 0x6B, 0xEE, 0x36,
+        0x0B, 0xA8, 0xAE, 0x46, 0xCD, 0x01, 0x83, 0xF6,
+        0x07, 0xF9, 0xED, 0x8B, 0x69, 0x97, 0xB6, 0xC3,
+        0x5D, 0x75, 0x6E, 0xD8, 0xDF, 0x01, 0x82, 0x48,
+        0x31, 0x2F, 0xDE, 0xED, 0x8E, 0xC5, 0xD8, 0xA6,
+        0xC0, 0x36, 0x0E, 0x66, 0xA4, 0xE9, 0xE5, 0xA9,
+        0x7D, 0x5C, 0xD2, 0x43, 0x72, 0xC0, 0xAD, 0x26,
+        0x78, 0xF2, 0xB0, 0x08, 0x12, 0xAE, 0x6C, 0x1A,
+        0x0F, 0x53, 0x30, 0xB3, 0xAB, 0x01, 0x53, 0xDA,
+        0x3C, 0x5F, 0x4C, 0x17, 0xBD, 0x2F, 0xB6, 0x0E,
+        0x7E, 0x80, 0x87, 0x4C, 0x1B, 0x92, 0x9B, 0x62,
+        0xE3, 0x89, 0xEE, 0xE2, 0xA0, 0x14, 0x06, 0x0D,
+        0x4D, 0xCC, 0x96, 0x5A, 0xF8, 0x64, 0x2A, 0x05,
+        0xA9, 0xEE, 0xD5, 0x0D, 0x23, 0x90, 0xB0, 0x67,
+        0xD5, 0x51, 0x1D, 0x18, 0xBC, 0xBA, 0xE6, 0xA5,
+        0xAD, 0x29, 0x18, 0xD5, 0x06, 0xFC, 0xC9, 0x12,
+        0x6D, 0x70, 0xA8, 0x6E, 0x96, 0x8B, 0x5F, 0x9C,
+        0x99, 0x43, 0x07, 0x02, 0x37, 0x48, 0x8C, 0xFB,
+        0x5F, 0xF5, 0xDE, 0x69, 0x26, 0x73, 0x7D, 0xF6,
+        0x3A, 0x2C, 0xE5, 0x58, 0x01, 0xC3, 0x48, 0xB0,
+        0xF0, 0x0D, 0x56, 0xAF, 0x8C, 0x0F, 0x5C, 0xB3,
+        0xBA, 0x44, 0x8C, 0x39, 0xB0, 0x20, 0xD2, 0x93,
+        0x81, 0x19, 0x99, 0x4E, 0xAC, 0xB9, 0x1F, 0xC3,
+        0x1F, 0x34, 0x7D, 0xF3, 0x3E, 0x1A, 0xE1, 0x26,
+        0x7C, 0xB7, 0x22, 0x0A, 0xDC, 0x0D, 0x14, 0xF8,
+        0x43, 0x8A, 0x23, 0x46, 0x37, 0x9C, 0x2A, 0xB8,
+        0x1F, 0x24, 0x72, 0xE2, 0xEA, 0xC4, 0x67, 0x13,
+        0x17, 0x33, 0xBD, 0xA0, 0x07, 0xA0, 0x3E, 0xDE,
+        0x8B, 0xC4, 0xD6, 0xDB, 0xD9, 0xF1, 0xB8, 0xF4,
+        0xFB, 0x83, 0x13, 0x14, 0xCD, 0x36, 0xF6, 0xDC,
+        0xD5, 0x85, 0x93, 0x7C, 0xF9, 0x6C, 0xEA, 0x52,
+        0x92, 0xFB, 0xFC, 0x95, 0x02, 0x10, 0x7B, 0x57,
+        0x9F, 0xF0, 0x7C, 0x2E, 0x79, 0x00, 0x3D, 0xB2,
+        0xA1, 0x6C, 0x4E, 0xD4, 0x17, 0xFA, 0x0F, 0x13,
+        0xC8, 0xBF, 0xB1, 0x82, 0xF7, 0xDD, 0xCF, 0x08,
+        0xF2, 0x50, 0xDB, 0x16, 0xA4, 0x5A, 0x60, 0x4A,
+        0x57, 0x2B, 0x0E, 0xDC, 0x4A, 0xBF, 0x9C, 0x86,
+        0x08, 0x8A, 0x5A, 0xC8, 0x74, 0xDD, 0xA2, 0x6E,
+        0x12, 0xA0, 0xEF, 0x63, 0x5A, 0xD2, 0x82, 0xAD,
+        0xCD, 0xC7, 0xED, 0x16, 0x86, 0x45, 0x3D, 0xFB,
+        0x35, 0xC3, 0xB1, 0xBA, 0x68, 0x21, 0xB4, 0xB7,
+        0x22, 0x0B, 0x55, 0x79, 0x8B, 0x9C, 0xCF, 0xE0,
+        0x66, 0x61, 0x5C, 0xE2, 0x55, 0x96, 0x0D, 0x09,
+        0xE6, 0x77, 0xFE, 0xFE, 0x76, 0xBE, 0x91, 0x5E,
+        0x04, 0xE5, 0x65, 0x44, 0xBD, 0x09, 0xD0, 0x6F,
+        0x83, 0x44, 0xF9, 0x68, 0xDC, 0x68, 0x25, 0xCB,
+        0xC6, 0x64, 0xD5, 0x18, 0xA4, 0x41, 0xE1, 0x9B,
+        0x07, 0x6F, 0xC3, 0x38, 0x91, 0x37, 0xFC, 0x1B,
+        0x73, 0x32, 0xE2, 0xB0, 0x68, 0x95, 0x44, 0x3B,
+        0x7A, 0x00, 0x23, 0x36, 0x31, 0x15, 0x79, 0xA9,
+        0xB0, 0x8F, 0x36, 0x73, 0xDA, 0x05, 0x90, 0xE6,
+        0x96, 0xCE, 0xD9, 0x01, 0x44, 0x4A, 0x70, 0xA6,
+        0x7B, 0x2A, 0x7D, 0x55, 0x12, 0xD6, 0x5B, 0xFC,
+        0xD7, 0xAF, 0x1E, 0x34, 0x27, 0x77, 0x69, 0xE1,
+        0x71, 0x08, 0x83, 0x01, 0xDE, 0x78, 0x46, 0xF0,
+        0x88, 0xF4, 0x87, 0xC4, 0x92, 0x1B, 0xEB, 0x98,
+        0x35, 0x4B, 0xAE, 0x9A, 0xF6, 0xEA, 0xB2, 0x34,
+        0x91, 0x14, 0xEB, 0x21, 0xF6, 0x18, 0xDB, 0x1D,
+        0x92, 0x6C, 0x1D, 0x2F, 0xE3, 0xA5, 0xF2, 0x29,
+        0xC5, 0x73, 0x40, 0xC4, 0x0A, 0xEC, 0x11, 0xC2,
+        0xD0, 0x14, 0x4D, 0x03, 0x94, 0xFC, 0x4D, 0x8E,
+        0x38, 0x66, 0xA7, 0xD0, 0xA1, 0x0B, 0x64, 0xC8,
+        0xB9, 0x92, 0xB0, 0xA4, 0xDD, 0xBC, 0xAD, 0x82,
+        0x4E, 0x43, 0x97, 0x43, 0x78, 0xEA, 0x9A, 0x38,
+        0xE5, 0x8C, 0x2C, 0x5A, 0xE1, 0x94, 0xAF, 0x43,
+        0x10, 0xFB, 0xEC, 0x90, 0x28, 0x41, 0x6C, 0x5C,
+        0xB7, 0xB8, 0xAF, 0xA5, 0x24, 0xF7, 0x4F, 0xFD,
+        0x6F, 0x2E, 0x98, 0x44, 0x3F, 0x5E, 0x89, 0x24,
+        0xF6, 0xCF, 0x11, 0x0E, 0x67, 0x1B, 0x81, 0x68,
+        0x37, 0xD5, 0x9B, 0x2D, 0xB9, 0x1C, 0xB1, 0xE6,
+        0x87, 0xD6, 0xA2, 0x02, 0x0F, 0x91, 0x08, 0xF6,
+        0x9B, 0x94, 0x76, 0x62, 0xFD, 0xE7, 0x18, 0xAC,
+        0x28, 0xA6, 0xAC, 0xDA, 0x27, 0xF4, 0x33, 0x59,
+        0xBB, 0xBE, 0x36, 0x2C, 0xEE, 0xEA, 0x91, 0xE6,
+        0x91, 0x95, 0x2C, 0x58, 0x0A, 0xB2, 0xCA, 0xA3,
+        0xAA, 0x39, 0x03, 0x9A, 0x75, 0x3C, 0x27, 0x6E,
+        0x02, 0x89, 0x17, 0x4B, 0x02, 0x42, 0x7C, 0xB4,
+        0x2E, 0xAD, 0xB4, 0xD9, 0x35, 0xB2, 0x30, 0x9E,
+        0x2F, 0xEC, 0x9F, 0x25, 0x56, 0x1A, 0x35, 0x40,
+        0xF1, 0xAF, 0x1D, 0xA4, 0xA8, 0x62, 0x07, 0x70,
+        0x98, 0x6C, 0xDE, 0x1E, 0x89, 0xC1, 0xD3, 0x30,
+        0xBB, 0x82, 0x72, 0x40, 0xF2, 0xBC, 0x53, 0xC7,
+        0xDE, 0xAB, 0xFC, 0x7D, 0xAD, 0xBF, 0xDA, 0xE0,
+        0xA7, 0xA1, 0x0C, 0xD6, 0x73, 0x37, 0x36, 0xA1,
+        0xEE, 0xA6, 0x96, 0x88, 0x79, 0x0E, 0x4A, 0x2C,
+        0x69, 0x4C, 0xE5, 0x30, 0xFB, 0xDD, 0xE1, 0xFE,
+        0x86, 0x90, 0xDC, 0xDF, 0x03, 0xF5, 0x17, 0x2F,
+        0xF4, 0x58, 0x2D, 0xD3, 0xED, 0x3D, 0x7D, 0xA0,
+        0xB3, 0x6E, 0x1E, 0xD3, 0xBB, 0xD9, 0x57, 0xBA,
+        0x8B, 0x00, 0x72, 0xC4, 0xEE, 0xCF, 0x39, 0xD5,
+        0x74, 0xFA, 0x13, 0xF0, 0xD7, 0xE9, 0x10, 0x0C,
+        0x7A, 0x52, 0x62, 0xD0, 0xC9, 0xD5, 0x2D, 0xDC,
+        0x11, 0xD4, 0xFF, 0x34, 0xB2, 0x55, 0xF9, 0x99,
+        0x81, 0xB4, 0xC9, 0x14, 0x02, 0x91, 0x81, 0x56,
+        0x29, 0xF6, 0xA9, 0x1A, 0x19, 0x8E, 0x74, 0xB3,
+        0xA3, 0xD1, 0x28, 0xB5, 0x72, 0xD8, 0x6F, 0x54,
+        0x15, 0x74, 0x55, 0x70, 0x26, 0x62, 0xCB, 0x1D,
+        0x15, 0x2C, 0x7F, 0x4C, 0x9C, 0xB4, 0xDE, 0xA2,
+        0x07, 0xD5, 0xA9, 0x38, 0x29, 0x42, 0x51, 0x67,
+        0x44, 0x26, 0x97, 0x7E, 0x73, 0x0E, 0xC6, 0x01,
+        0x00, 0x65, 0xC8, 0xE0, 0x34, 0x88, 0x2B, 0xD3,
+        0x2F, 0xD3, 0x5C, 0x6A, 0xF6, 0xB8, 0xD9, 0x3A,
+        0x50, 0x9C, 0xC3, 0x39, 0xD9, 0x6F, 0xB9, 0xDD,
+        0x55, 0x8A, 0xF9, 0x52, 0x35, 0xFB, 0xF1, 0x71,
+        0x97, 0x76, 0x04, 0x75, 0xEE, 0x2E, 0x3F, 0xCA,
+        0x0E, 0x83, 0xA8, 0xE3, 0x1F, 0xA7, 0xF1, 0x3D,
+        0x78, 0xCC, 0x79, 0x64, 0x80, 0x5E, 0x77, 0x05,
+        0xDB, 0xB7, 0x0F, 0x73, 0x53, 0x3A, 0x56, 0xD8,
+        0xB7, 0x7C, 0x12, 0xE8, 0xF6, 0x51, 0x07, 0xC9,
+        0x01, 0x43, 0x97, 0x51, 0x75, 0x95, 0x94, 0x65,
+        0xFD, 0x4D, 0x8C, 0x8C, 0xD3, 0xA8, 0xEE, 0xA9,
+        0x5E, 0xFB, 0xC7, 0xF6, 0xF8, 0x40, 0x0E, 0xA5,
+        0xD5, 0x1E, 0x79, 0xB4, 0x0C, 0xEF, 0x8B, 0x04,
+        0x59, 0x4D, 0x0C, 0x6F, 0x08, 0xD5, 0x00, 0xA2,
+        0xAD, 0x08, 0xB4, 0x62, 0xE0, 0x2C, 0xF6, 0x30,
+        0x31, 0x1E, 0xD7, 0x81, 0x56, 0x61, 0x17, 0x0D,
+        0xB3, 0x9F, 0x27, 0x75, 0x38, 0x42, 0x6E, 0xB2,
+        0xB0, 0x6C, 0xB8, 0xC9, 0xD8, 0x20, 0xC8, 0x36,
+        0x7D, 0x1D, 0x57, 0x10, 0x4E, 0xC1, 0x45, 0xFC,
+        0x93, 0xB1, 0xF7, 0x7B, 0xA1, 0x3B, 0x71, 0x12,
+        0x16, 0xE5, 0x8F, 0xD0, 0x0C, 0x7D, 0xC0, 0x05,
+        0x18, 0x02, 0x24, 0x25, 0x28, 0x8A, 0xE1, 0x29,
+        0x9A, 0x79, 0xBD, 0xC7, 0x73, 0x2D, 0xF3, 0x42,
+        0x70, 0x33, 0xF3, 0xF8, 0x48, 0x87, 0xB4, 0xD4,
+        0x91, 0xE1, 0x53, 0xBA, 0x4A, 0x63, 0xAF, 0x3A,
+        0xE5, 0xCB, 0x3D, 0x41, 0x04, 0xB5, 0x30, 0x87,
+        0xAA, 0x40, 0x03, 0x56, 0x10, 0x02, 0xF3, 0x6A,
+        0x9F, 0xDA, 0x33, 0xBC, 0xB8, 0xA5, 0xD0, 0x56,
+        0x43, 0x29, 0xDA, 0x58, 0x12, 0x8B, 0x6A, 0x9D,
+        0xCF, 0xCD, 0xCA, 0x66, 0x98, 0x92, 0x1D, 0xA4,
+        0xEF, 0xAC, 0x9E, 0x19, 0xDE, 0xF7, 0xFE, 0x6C,
+        0x3A, 0x66, 0x46, 0xB4, 0x00, 0x7F, 0x08, 0xAF,
+        0x31, 0xD6, 0xD3, 0x22, 0x59, 0x1F, 0x34, 0x48,
+        0x5A, 0xE1, 0x4E, 0x0F, 0x6F, 0x2D, 0xD0, 0xE5,
+        0x8E, 0x34, 0x3B, 0xC0, 0x55, 0x02, 0x2D, 0x17,
+        0x4B, 0x34, 0x78, 0x46, 0xD4, 0xC4, 0x7F, 0x1D,
+        0xDC, 0x39, 0x94, 0x69, 0x78, 0xAB, 0xD8, 0x2B,
+        0x6D, 0xF3, 0x1C, 0x0B, 0x0F, 0x4A, 0xA0, 0xB2,
+        0xAC, 0x1A, 0x79, 0x7F, 0x9D, 0xE5, 0xE8, 0xC6,
+        0x40, 0x4B, 0xCE, 0x32, 0x4B, 0xA1, 0x3C, 0x77,
+        0xED, 0x5D, 0x59, 0x0F, 0xE0, 0x7D, 0x00, 0x07,
+        0xB4, 0xD8, 0xA6, 0x3E, 0xC9, 0x6D, 0x62, 0x19,
+        0x66, 0xC3, 0xE7, 0x10, 0x3B, 0x6C, 0x7A, 0x36,
+        0x49, 0x75, 0xE6, 0x78, 0xB3, 0x8D, 0x04, 0x13,
+        0x31, 0xE6, 0x79, 0x72, 0x64, 0x07, 0x76, 0x94,
+        0x2B, 0xB4, 0xEC, 0x18, 0x1C, 0x32, 0x3C, 0x26,
+        0xC4, 0x81, 0xBF, 0x4F, 0xB5, 0x6E, 0x5D, 0x67,
+        0xCF, 0xBE, 0x17, 0x57, 0x11, 0x2B, 0xBC, 0xA0,
+        0xF0, 0xC2, 0x70, 0x06, 0x94, 0x26, 0x9B, 0x26,
+        0x12, 0x9C, 0x7F, 0x99, 0xD4, 0x4A, 0xF5, 0x60,
+        0xCD, 0xF7, 0xA4, 0x70, 0x2E, 0xF5, 0xD6, 0xA2,
+        0xEC, 0x0E, 0x99, 0x00, 0x2E, 0x89, 0x30, 0xAA,
+        0x4E, 0xC0, 0x62, 0x11, 0x93, 0x0A, 0x1E, 0x68,
+        0xF2, 0xED, 0x44, 0x8B, 0x10, 0x4A, 0x75, 0x68,
+        0xBF, 0x46, 0xE1, 0x41, 0xD6, 0x0B, 0x61, 0x53,
+        0xD4, 0x03, 0x10, 0xB3, 0x8F, 0x8E, 0x14, 0x57,
+        0x27, 0x8F, 0xE3, 0x49, 0xB2, 0xB4, 0xA7, 0xAE,
+        0x39, 0x7A, 0x7B, 0x8F, 0x48, 0xAA, 0xA5, 0xFD,
+        0xC1, 0x28, 0x8E, 0x43, 0xE0, 0x58, 0x39, 0x32,
+        0x0A, 0x14, 0xC6, 0x3A, 0xB8, 0x58, 0xE2, 0x6E,
+        0x7D, 0x8C, 0x35, 0xB6, 0x47, 0x37, 0x90, 0x4D,
+        0x89, 0xC1, 0x9A, 0x10, 0x3D, 0x6B, 0x68, 0x9A,
+        0x3D, 0xC9, 0x0C, 0x72, 0xFC, 0x92, 0xE3, 0x5D,
+        0x45, 0x2B, 0x81, 0x43, 0x02, 0x30, 0x70, 0xD4,
+        0x8B, 0xB9, 0xFB, 0xB0, 0x45, 0xE3, 0xC6, 0xCE,
+        0x9A, 0x8B, 0xD5, 0xC4, 0xB6, 0x7F, 0x5D, 0x8B,
+        0x58, 0xC9, 0x6A, 0x28, 0x2D, 0x6E, 0x27, 0x78,
+        0x3D, 0x7B, 0x99, 0x0E, 0x05, 0x2B, 0xD9, 0x5E,
+        0x86, 0x50, 0x8F, 0x9B, 0xF7, 0xC0, 0x64, 0xA8,
+        0xF2, 0x39, 0xE0, 0x24, 0x0A, 0x20, 0xD8, 0xDF,
+        0x3A, 0x87, 0x6E, 0xDC, 0x8F, 0xF6, 0x24, 0x1B,
+        0x54, 0xF2, 0x70, 0xA9, 0x8C, 0xB8, 0x07, 0x7A,
+        0xAF, 0xE0, 0xE5, 0x8E, 0x5E, 0x98, 0x13, 0xC6,
+        0xA5, 0xF9, 0x1F, 0x52, 0x89, 0x7B, 0x6A, 0xAD,
+        0x24, 0x26, 0xC6, 0x0D, 0xA5, 0x88, 0x3E, 0x6B,
+        0xDF, 0xEE, 0x33, 0x0A, 0x86, 0x09, 0xA2, 0x11,
+        0x8B, 0x69, 0x9F, 0x75, 0xCE, 0xFD, 0x05, 0x01,
+        0x95, 0x14, 0x64, 0xCD, 0x62, 0x04, 0x09, 0x87,
+        0xFC, 0xF6, 0xB2, 0x2E, 0xCA, 0x92, 0xE4, 0x4F,
+        0x55, 0xB3, 0x8C, 0x64, 0x99, 0xA8, 0xDA, 0x0A,
+        0xC7, 0x82, 0x56, 0x93, 0x03, 0x67, 0xA4, 0xD7,
+        0x54, 0x91, 0xA0, 0x89, 0xD8, 0x94, 0x1F, 0x6C,
+        0x53, 0xCC, 0xB2, 0x60, 0x13, 0x6A, 0x93, 0xE1,
+        0xFC, 0xA3, 0xDD, 0x72, 0xD5, 0x5A, 0x92, 0x35,
+        0x9E, 0x3D, 0x62, 0x82, 0x70, 0x5D, 0x54, 0xAF,
+        0x57, 0xC6, 0x98, 0x5E, 0x74, 0xE0, 0xF2, 0x33,
+        0x26, 0x61, 0xBF, 0x2B, 0xDD, 0x78, 0x47, 0x29,
+        0x04, 0xC7, 0xF0, 0x58, 0x17, 0xFC, 0x9D, 0xED,
+        0xEF, 0x15, 0x6A, 0xCA, 0xC7, 0x46, 0xCE, 0x12,
+        0xF8, 0x90, 0xD8, 0x5A, 0x93, 0x98, 0xA9, 0xED,
+        0xFB, 0xF4, 0x6E, 0x73, 0x48, 0x81, 0x4A, 0x08,
+        0x07, 0x29, 0xC8, 0x3E, 0x70, 0x4C, 0x40, 0x30,
+        0x20, 0x2C, 0xF6, 0x1E, 0xCD, 0xEE, 0x27, 0x95,
+        0xD5, 0x07, 0xAC, 0x28, 0x81, 0x4F, 0x53, 0xCD,
+        0x06, 0x60, 0xA5, 0x57, 0x2C, 0xBE, 0x1A, 0xE5,
+        0x33, 0x38, 0xB8, 0xEF, 0xDC, 0xA3, 0x1A, 0xA5,
+        0xB9, 0x5A, 0xA9, 0xE7, 0x65, 0xAF, 0x4D, 0xA0,
+        0x4C, 0x9B, 0x31, 0x62, 0x67, 0x7E, 0x41, 0xC0,
+        0x18, 0xA5, 0xE1, 0x8A, 0xF2, 0xF9, 0x8A, 0xCA,
+        0x14, 0x5C, 0xCD, 0x1B, 0x8F, 0x74, 0x31, 0x07,
+        0x6A, 0x14, 0xA7, 0xC2, 0x0F, 0x6C, 0x72, 0xE8,
+        0xEB, 0x97, 0x51, 0xB7, 0x89, 0x2E, 0x41, 0x01,
+        0x54, 0x47, 0x63, 0x0E, 0xAA, 0x84, 0xB9, 0x60,
+        0x1C, 0xB9, 0x54, 0xD8, 0x97, 0x39, 0x38, 0x9D,
+        0x52, 0xBB, 0x91, 0xA9, 0x7F, 0x96, 0x08, 0x7C,
+        0xB3, 0x8B, 0x0E, 0xAB, 0x59, 0xA7, 0x84, 0x68,
+        0x34, 0x65, 0x55, 0xC7, 0x12, 0x84, 0xC2, 0xFB,
+        0xBD, 0x27, 0x58, 0x18, 0xE9, 0x26, 0x73, 0xFA,
+        0x42, 0xAB, 0x5E, 0x0D, 0x97, 0x76, 0x67, 0xA9,
+        0x0F, 0x75, 0x92, 0x6C, 0x80, 0x76, 0x87, 0x75,
+        0xD2, 0x3D, 0xFE, 0x0B, 0x33, 0x7B, 0x48, 0xB0,
+        0xC8, 0x28, 0x1F, 0xE6, 0x3F, 0x18, 0xF2, 0x45,
+        0xF8, 0x8F, 0x21, 0xE1, 0x1C, 0x56, 0xA5, 0x33,
+        0x71, 0x88, 0x42, 0x5A, 0x34, 0x8B, 0x24, 0xDD,
+        0x0E, 0x98, 0x30, 0xDB, 0x6B, 0x6C, 0x89, 0x64,
+        0x8C, 0x7A, 0x63, 0x3C, 0xA9, 0xD8, 0x32, 0x51,
+        0xD0, 0xC6, 0xF7, 0xA4, 0x53, 0x95, 0x0D, 0x02,
+        0x19, 0x6A, 0x77, 0xBC, 0xDF, 0xD5, 0x2B, 0x2C,
+        0x65, 0xC9, 0xBF, 0x72, 0x69, 0xC3, 0x0C, 0xEF,
+        0x34, 0x75, 0x76, 0x29, 0x59, 0xBE, 0x9D, 0xE9,
+        0x44, 0x21, 0x2F, 0x5F, 0xB7, 0x89, 0xA6, 0xCD,
+        0x0A, 0x9A, 0x9E, 0x77, 0x5B, 0xBD, 0xDA, 0x03,
+        0xA4, 0xBC, 0xFB, 0x47, 0xC1, 0x77, 0x73, 0x00,
+        0x26, 0xAE, 0x2E, 0xFA, 0x62, 0x18, 0x9D, 0xB8,
+        0xE2, 0xD3, 0x7A, 0xB9, 0xD8, 0xCF, 0xE9, 0x61,
+        0x11, 0x80, 0xE9, 0xDC, 0xC3, 0x32, 0x9E, 0x63,
+        0x6F, 0xD9, 0x42, 0xF6, 0x76, 0x7F, 0xBC, 0xBF,
+        0xDB, 0x08, 0x2F, 0xA0, 0xEB, 0xB8, 0x4D, 0xF3,
+        0x76, 0x62, 0xAA, 0xFA, 0x20, 0x4A, 0xDD, 0xE6,
+        0xB3, 0x72, 0xC7, 0x7D, 0x36, 0x4F, 0x08, 0x56,
+        0x4F, 0x19, 0xB2, 0xB0, 0x0C, 0x13, 0x1A, 0x8C,
+        0xCE, 0x9A, 0x04, 0xB5, 0xB6, 0x9C, 0xD3, 0xD8,
+        0xFE, 0x1F, 0x2C, 0xCC, 0x89, 0xEE, 0x7D, 0x22,
+        0x8A, 0x4E, 0x0A, 0x91, 0x0C, 0x8B, 0x5A, 0xE0,
+        0xBD, 0xE5, 0x3D, 0xBE, 0x90, 0x4B, 0x13, 0xA3,
+        0x2F, 0x33, 0xE9, 0x9D, 0x6C, 0x67, 0x35, 0xBD,
+        0x03, 0xD4, 0x09, 0x90, 0x2F, 0xC6, 0x3C, 0x8D,
+        0xD8, 0x43, 0xFC, 0x1F, 0xB7, 0x49, 0xC0, 0xB7,
+        0x38, 0x70, 0x1D, 0xEB, 0x5A, 0xD7, 0xAC, 0x07,
+        0xAF, 0x5B, 0x93, 0xC5, 0x7B, 0x55, 0x65, 0x86,
+        0x6E, 0xC1, 0xDB, 0xCD, 0x42, 0x92, 0x50, 0xDB,
+        0xD1, 0x97, 0x95, 0x3D, 0x53, 0xC3, 0xFE, 0xC2,
+        0xF9, 0x65, 0xF3, 0xD2, 0xEE, 0xA4, 0x7E, 0xDE,
+        0xA1, 0x4B, 0x23, 0x7F, 0xA1, 0x0D, 0x25, 0x6E,
+        0x80, 0x4F, 0xE3, 0xB5, 0x0C, 0xBA, 0x1C, 0x2B,
+        0x42, 0x0B, 0x8F, 0xD9, 0xB6, 0x4E, 0x52, 0xD2,
+        0xDB, 0x35, 0xD2, 0xA1, 0xC4, 0xE6, 0xD6, 0x51,
+        0x76, 0xE7, 0x87, 0x5E, 0xBE, 0x93, 0xE6, 0x61,
+        0x71, 0x4C, 0x8B, 0xA6, 0x96, 0xDA, 0xF7, 0xCB,
+        0x06, 0xB7, 0xB8, 0xC4, 0xF6, 0xF5, 0xC6, 0x29,
+        0xAA, 0xE1, 0x13, 0x87, 0x6F, 0x96, 0xBA, 0x0C,
+        0xF6, 0x79, 0x8F, 0x03, 0x86, 0x22, 0xE3, 0xFB,
+        0xCF, 0x86, 0xCF, 0x7C, 0x77, 0xFD, 0xB4, 0xEE,
+        0xBD, 0x42, 0x38, 0x7F, 0xF2, 0xCC, 0xCB, 0x06,
+        0xEA, 0x0D, 0x81, 0xA1, 0x8E, 0xB5, 0xE7, 0x40,
+        0xC8, 0x03, 0xA3, 0x4B, 0xC8, 0xB4, 0x0E, 0x3E,
+        0x36, 0xAB, 0x90, 0xC1, 0xFC, 0xB0, 0x37, 0x2B,
+        0x83, 0xA1, 0x3D, 0x56, 0xD6, 0x83, 0x0F, 0x99,
+        0xC4, 0x58, 0xB8, 0x94, 0x61, 0x19, 0xA6, 0x60,
+        0x47, 0xCB, 0x2D, 0xAF, 0x29, 0x38, 0x90, 0xFA,
+        0x99, 0x0F, 0x02, 0x02, 0x65, 0x90, 0x5F, 0xA2,
+        0xA2, 0xE3, 0xBB, 0x34, 0x15, 0x2F, 0x0B, 0xF5,
+        0xB2, 0xCC, 0x83, 0x59, 0xAF, 0xA7, 0x4D, 0x38,
+        0xAD, 0xF6, 0x52, 0x5C, 0x53, 0xD9, 0x0E, 0x3F,
+        0xD6, 0x53, 0x86, 0xE2, 0x79, 0xC2, 0x65, 0x48,
+        0xB2, 0x67, 0x3B, 0xAF, 0x52, 0x53, 0x57, 0x9A,
+        0x27, 0x80, 0x88, 0x37, 0x77, 0x67, 0x4E, 0x1F,
+        0xF1, 0x7B, 0xC5, 0xCB, 0xD8, 0x11, 0x0A, 0xDD,
+        0x92, 0x0E, 0x88, 0x6C, 0xCA, 0x33, 0x76, 0x3B,
+        0x04, 0xFA, 0xC0, 0xFD, 0xC6, 0x3F, 0xB4, 0x72,
+        0xC2, 0x2B, 0x6D, 0x5E, 0xB6, 0xA1, 0x4E, 0x5F,
+        0xC0, 0x50, 0x16, 0xEF, 0xFE, 0x6A, 0x42, 0x72,
+        0x65, 0x02, 0xEE, 0x07, 0xC6, 0x19, 0xC6, 0x95,
+        0xDE, 0x3F, 0xD9, 0xC5, 0xC6, 0x0E, 0x70, 0x07,
+        0x6A, 0xC3, 0x36, 0x1B, 0x84, 0x6F, 0xDF, 0x80,
+        0x16, 0x4E, 0x86, 0x90, 0xC8, 0x55, 0x7B, 0xDD,
+        0xC0, 0x86, 0x0C, 0x37, 0x47, 0x1F, 0x35, 0xF8,
+        0x47, 0xF2, 0xCD, 0x96, 0x21, 0x64, 0xAD, 0x46,
+        0xE1, 0xDF, 0x44, 0x79, 0x48, 0x02, 0xF9, 0x71,
+        0x39, 0x35, 0x26, 0xFC, 0x12, 0x0D, 0x88, 0xAC,
+        0xD6, 0xFA, 0x29, 0x74, 0x55, 0x51, 0xE7, 0xAF,
+        0x3D, 0x7E, 0x1E, 0x7E, 0xE0, 0x18, 0xB6, 0x3C,
+        0x4B, 0x99, 0x9D, 0x51, 0x02, 0x51, 0xD8, 0xE9,
+        0xFA, 0x61, 0x88, 0x2E, 0xCF, 0x73, 0x77, 0x65,
+        0x71, 0xAE, 0xAE, 0xD7, 0xA1, 0xF9, 0xE0, 0x7F,
+        0x30, 0x46, 0xCB, 0x20, 0xEC, 0xF4, 0xD2, 0xC1,
+        0x63, 0xF5, 0x6F, 0x8A, 0x72, 0xF9, 0x5B, 0x85,
+        0xD2, 0xCA, 0x6D, 0x35, 0xD1, 0x17, 0xF6, 0x08,
+        0x9E, 0x0A, 0x73, 0xB3, 0xDA, 0x1A, 0x32, 0xBA,
+        0x23, 0x10, 0x4A, 0x5D, 0xD7, 0xAA, 0xB4, 0x68,
+        0x97, 0x59, 0x45, 0xC5, 0x7C, 0x16, 0x6F, 0xE4,
+        0x62, 0x89, 0xF1, 0xD3, 0xB4, 0x03, 0x90, 0x7B,
+        0xA4, 0xA2, 0xCA, 0xA0, 0x5D, 0x69, 0x1B, 0xA9,
+        0xBB, 0xEB, 0xA0, 0xE2, 0xDE, 0xBE, 0x0E, 0xC4,
+        0x9E, 0x21, 0x38, 0x61, 0x92, 0x9B, 0xAB, 0x69,
+        0xAA, 0xD0, 0x1D, 0xF6, 0xC3, 0xEE, 0xA6, 0xC3,
+        0xF3, 0x29, 0x1B, 0xE5, 0x6E, 0x52, 0x89, 0xD0,
+        0xBA, 0xD8, 0x60, 0x27, 0x80, 0x1A, 0xB5, 0x7F,
+        0x7F, 0xB5, 0xC2, 0x5A, 0xC6, 0x83, 0xA4, 0xC0,
+        0x88, 0x39, 0xF3, 0xE7, 0x39, 0xD6, 0x81, 0x1C,
+        0x13, 0x20, 0xFD, 0x93, 0x3D, 0x8E, 0x79, 0x60,
+        0x7C, 0xFF, 0xE4, 0x37, 0x5B, 0x33, 0xA3, 0x9D,
+        0xB7, 0x57, 0xCD, 0x45, 0x0A, 0xB9, 0xE4, 0xF1,
+        0xBC, 0x59, 0x74, 0xE8, 0xB3, 0x06, 0xD0, 0x9F,
+        0x0F, 0xBC, 0x5B, 0x23, 0xB8, 0x6C, 0xD6, 0x4D,
+        0xFA, 0xCC, 0x14, 0xAB, 0x74, 0x61, 0x1A, 0xFC,
+        0x22, 0xA6, 0xED, 0x09, 0x76, 0x91, 0xD8, 0x6E,
+        0x44, 0xB6, 0x00, 0x14, 0xDC, 0x74, 0x2D, 0x90,
+        0xAA, 0x59, 0x98, 0x76, 0x30, 0xC5, 0x44, 0xA4,
+        0x61, 0x43, 0xD6, 0xE2, 0x28, 0x28, 0xA7, 0xBD,
+        0x6E, 0x50, 0x5C, 0xE1, 0x96, 0x7A, 0xF8, 0xA8,
+        0x32, 0x8C, 0xE9, 0xFD, 0x11, 0x37, 0x91, 0xD1,
+        0xAF, 0x3C, 0xD3, 0x1C, 0x1E, 0x88, 0x4D, 0x7E,
+        0x87, 0x84, 0x84, 0x6F, 0x39, 0x0B, 0xFB, 0x2D,
+        0xB3, 0x12, 0x4C, 0x6D, 0x45, 0xDD, 0xCD, 0x7D,
+        0x75, 0xB7, 0xFE, 0x7E, 0x44, 0xCC, 0x29, 0xE5,
+        0xB3, 0x10, 0xEE, 0x23, 0x55, 0x5B, 0xCF, 0xBA,
+        0xBD, 0xA1, 0xBE, 0x64, 0xF8, 0x6E, 0x60, 0x31,
+        0x0A, 0x2D, 0xC9, 0x3B, 0x1D, 0x44, 0xE1, 0x9D,
+        0x60, 0x28, 0x77, 0xEE
+    };
+    static const byte rnd_65[] = {
+        0x4E, 0x7A, 0x01, 0x7C, 0x15, 0x03, 0x9D, 0xC2,
+        0x00, 0x51, 0xD2, 0x96, 0x0E, 0x5E, 0x15, 0x59,
+        0xCC, 0x27, 0xED, 0x46, 0x87, 0x7C, 0xB9, 0x81,
+        0x16, 0x19, 0x9A, 0x0F, 0x41, 0x05, 0xFE, 0x32
+    };
+    static const byte sig_65[] = {
+        0xB8, 0x65, 0xB0, 0x0B, 0x21, 0x18, 0xDB, 0xB0,
+        0x0B, 0x70, 0x1C, 0x66, 0x45, 0x65, 0x5E, 0x8A,
+        0xCF, 0xA8, 0x4E, 0xA7, 0x92, 0xB4, 0x48, 0x64,
+        0x2E, 0x18, 0x32, 0xC3, 0x70, 0x7C, 0x87, 0xCF,
+        0x09, 0xFB, 0xE7, 0x72, 0xF1, 0xD4, 0x38, 0x5B,
+        0xFB, 0xE5, 0xE6, 0xCF, 0xBB, 0xE2, 0x6C, 0x10,
+        0xED, 0x6E, 0xB8, 0x65, 0xC8, 0x87, 0xF8, 0x69,
+        0x39, 0x43, 0x9A, 0x9B, 0xF7, 0x68, 0xBF, 0x03,
+        0x9D, 0x73, 0xE3, 0xEA, 0x83, 0xBD, 0xF1, 0x85,
+        0x03, 0xB5, 0xD1, 0xB3, 0x91, 0x79, 0xA8, 0x27,
+        0xB0, 0xD7, 0x80, 0x5F, 0x98, 0x42, 0x8B, 0xD8,
+        0x7C, 0xEA, 0x6B, 0x06, 0x96, 0x0C, 0x78, 0xB4,
+        0xB5, 0x86, 0xFB, 0x0D, 0x5E, 0xDA, 0x9F, 0xAA,
+        0xC0, 0x25, 0x6E, 0x38, 0x82, 0x35, 0x62, 0xA3,
+        0x07, 0x96, 0x61, 0x17, 0x00, 0x5A, 0xA4, 0x2F,
+        0x1B, 0x65, 0x54, 0xA0, 0x48, 0x75, 0xF8, 0x5C,
+        0x2E, 0x3F, 0xAF, 0xA6, 0x52, 0x47, 0x1D, 0x4E,
+        0x98, 0x06, 0x54, 0x82, 0xFC, 0x7D, 0xF4, 0x9B,
+        0x2C, 0x40, 0xD0, 0xE7, 0xB9, 0x82, 0x38, 0xDF,
+        0xBE, 0x85, 0x3D, 0x16, 0xBF, 0x99, 0x92, 0xBB,
+        0x08, 0xC1, 0x92, 0x59, 0xF9, 0xB5, 0x75, 0xEA,
+        0x7A, 0x4A, 0x80, 0x09, 0x3A, 0x64, 0xA9, 0x26,
+        0x71, 0x85, 0x7A, 0x50, 0x89, 0x20, 0xD6, 0x0F,
+        0xF6, 0xFB, 0xF3, 0x83, 0x41, 0xC5, 0x59, 0x01,
+        0x05, 0x63, 0x3A, 0x42, 0x6D, 0x60, 0x2D, 0xAC,
+        0x06, 0x4D, 0xD7, 0xA7, 0xF1, 0x1A, 0x60, 0x21,
+        0x5C, 0x35, 0xB7, 0xB9, 0xC0, 0x0E, 0x9D, 0x84,
+        0x63, 0x98, 0x8C, 0xF4, 0x72, 0xCD, 0x6A, 0xCF,
+        0xB7, 0xF7, 0x22, 0xB8, 0xC4, 0xC6, 0x27, 0x02,
+        0x60, 0x7A, 0x67, 0x48, 0x80, 0xAC, 0xB3, 0xD6,
+        0xC6, 0x25, 0x3E, 0x71, 0x17, 0x5A, 0x05, 0xB3,
+        0x92, 0xCA, 0xB4, 0xBB, 0x14, 0xCE, 0x86, 0xA5,
+        0x98, 0xAB, 0xC7, 0x88, 0xD0, 0xFF, 0x4D, 0x82,
+        0x77, 0x5E, 0x4E, 0xA0, 0xFC, 0x36, 0x36, 0x3C,
+        0xD0, 0xE9, 0x7B, 0x78, 0xA6, 0xAE, 0x4D, 0xA8,
+        0xE9, 0x8C, 0xA6, 0x12, 0x77, 0x2D, 0x56, 0xB5,
+        0x82, 0xF8, 0x2C, 0x07, 0x09, 0xBE, 0xAE, 0x46,
+        0x67, 0x3B, 0xDD, 0x80, 0x42, 0x86, 0x5C, 0xFA,
+        0x95, 0xBF, 0x53, 0x38, 0xCF, 0xEA, 0x60, 0x6A,
+        0x6E, 0xF3, 0x16, 0x38, 0x46, 0xAE, 0x83, 0xB2,
+        0x5E, 0x5F, 0x5B, 0xD3, 0x1C, 0x83, 0xF1, 0x36,
+        0x72, 0x9A, 0x8E, 0xA6, 0x27, 0x4F, 0x99, 0x4F,
+        0xA9, 0x04, 0x5F, 0xA8, 0xA9, 0x0F, 0xF8, 0x54,
+        0xB8, 0x71, 0xCF, 0x82, 0xE2, 0xB7, 0x01, 0xE8,
+        0xF4, 0xAC, 0x04, 0xFE, 0x9E, 0x28, 0x49, 0x1B,
+        0x9A, 0x25, 0xFF, 0x26, 0x3E, 0x2C, 0xF7, 0x54,
+        0x99, 0xE0, 0x09, 0xFD, 0x02, 0x29, 0xFB, 0xF7,
+        0xE5, 0xE4, 0x60, 0x44, 0x34, 0x4B, 0x07, 0xD7,
+        0x22, 0x14, 0xA9, 0xAC, 0xB4, 0xFF, 0x61, 0x02,
+        0xAB, 0xC1, 0x26, 0x2B, 0xC2, 0xE1, 0xCD, 0x24,
+        0x91, 0x60, 0x7A, 0xE7, 0xAA, 0xEC, 0xF4, 0xC3,
+        0x51, 0x75, 0xCF, 0xA4, 0x38, 0x3A, 0xA8, 0x6A,
+        0xF1, 0xE6, 0x2E, 0xD0, 0x63, 0x87, 0xCC, 0x59,
+        0x48, 0x36, 0x46, 0x7F, 0x41, 0xDF, 0xCA, 0x8F,
+        0xA0, 0xCA, 0x71, 0x28, 0x0B, 0xFB, 0x1C, 0x25,
+        0x60, 0xC8, 0x99, 0x55, 0x36, 0xF8, 0x42, 0x74,
+        0x70, 0x45, 0x59, 0x14, 0x53, 0x74, 0x5F, 0x26,
+        0x03, 0x82, 0xE3, 0xDA, 0x50, 0x79, 0x3F, 0xD7,
+        0xCA, 0x76, 0x27, 0x18, 0x5D, 0xBD, 0xCE, 0xDD,
+        0xF6, 0x9B, 0x2D, 0x3E, 0x15, 0x1C, 0x7F, 0x97,
+        0x28, 0x8A, 0x38, 0x2A, 0x92, 0xB0, 0x50, 0xF7,
+        0x91, 0xF9, 0x58, 0x7D, 0x77, 0xC6, 0x4D, 0x8B,
+        0x5D, 0x40, 0xAA, 0x19, 0x9D, 0x49, 0x66, 0xBE,
+        0x2D, 0x52, 0x4F, 0x96, 0x10, 0xF2, 0xFA, 0x02,
+        0xED, 0x23, 0x17, 0x63, 0x69, 0xDB, 0x93, 0x93,
+        0x50, 0xDA, 0x60, 0x1E, 0xA6, 0x67, 0x70, 0x95,
+        0x2E, 0x0F, 0x23, 0xED, 0xA6, 0x8A, 0x73, 0x75,
+        0x6E, 0xFF, 0x61, 0x0E, 0x8D, 0x6A, 0x9F, 0x49,
+        0x34, 0x56, 0x58, 0x54, 0x42, 0x82, 0x45, 0x3B,
+        0x5E, 0x73, 0xA3, 0x22, 0xA0, 0x32, 0x67, 0xC9,
+        0x69, 0xB5, 0x07, 0x34, 0xF2, 0xEC, 0xD4, 0xEC,
+        0x90, 0x55, 0x76, 0x0D, 0x92, 0x86, 0x10, 0xE9,
+        0x4E, 0x0B, 0x16, 0x28, 0xD6, 0xAF, 0x1B, 0x27,
+        0xAB, 0x13, 0x82, 0x9F, 0x7F, 0x8E, 0xF5, 0x0D,
+        0x9E, 0x29, 0x96, 0xFC, 0x64, 0xB0, 0x6A, 0xC8,
+        0x94, 0x61, 0x14, 0x76, 0x6D, 0xAD, 0x8D, 0xFF,
+        0xE6, 0x34, 0xF4, 0x7E, 0x9D, 0x85, 0x69, 0x96,
+        0x6C, 0x6F, 0x69, 0x68, 0x21, 0x8C, 0x5B, 0x86,
+        0x33, 0x61, 0x1B, 0xF4, 0x2B, 0x4F, 0xC0, 0xE7,
+        0x8D, 0x0C, 0x02, 0x9E, 0xAB, 0x85, 0xF2, 0x2F,
+        0x16, 0x17, 0x19, 0x80, 0xCC, 0x65, 0xF2, 0x84,
+        0x45, 0xA1, 0x1A, 0x08, 0x3A, 0xA0, 0x29, 0x77,
+        0xC2, 0xE8, 0x88, 0x6E, 0xD2, 0x70, 0x67, 0x2E,
+        0x51, 0x2A, 0xE8, 0x9C, 0x6A, 0x26, 0xFC, 0xAD,
+        0x1E, 0xC7, 0x2B, 0x9E, 0xCF, 0xA5, 0xA5, 0xEF,
+        0xC7, 0x0F, 0xF0, 0xBA, 0xB2, 0x8F, 0x11, 0x4F,
+        0x4D, 0xA8, 0x17, 0x0F, 0xE8, 0xB6, 0x3C, 0x2E,
+        0x11, 0xBE, 0x7A, 0x35, 0x46, 0x6E, 0x97, 0x9A,
+        0x12, 0x7E, 0xC0, 0xD2, 0x03, 0x23, 0xD5, 0x02,
+        0x73, 0x0A, 0xBC, 0xE6, 0x40, 0xA2, 0x44, 0x1C,
+        0xDD, 0xAB, 0xA3, 0x26, 0xD6, 0x78, 0x3D, 0x01,
+        0x92, 0xDB, 0xA9, 0xE9, 0x3F, 0xE5, 0x07, 0xC6,
+        0xA7, 0x37, 0x67, 0xBE, 0x56, 0xE2, 0x77, 0x65,
+        0x76, 0xEF, 0xEF, 0xF1, 0xCA, 0x17, 0x9D, 0x83,
+        0x34, 0x3E, 0x38, 0xC6, 0xA9, 0xC2, 0xFE, 0x72,
+        0x5D, 0xDE, 0x80, 0x7D, 0x21, 0x72, 0x5E, 0x73,
+        0x08, 0x72, 0xE2, 0xAB, 0x3D, 0x90, 0x11, 0x61,
+        0xF4, 0x55, 0xBC, 0xAD, 0x23, 0xA8, 0x43, 0x3A,
+        0x41, 0x31, 0x51, 0xFD, 0x22, 0x17, 0x14, 0x31,
+        0x0E, 0x4D, 0x0B, 0x6A, 0x1E, 0x1B, 0x2C, 0xAC,
+        0xA4, 0x99, 0xEE, 0xE8, 0x05, 0xA1, 0x64, 0xF2,
+        0x91, 0xD5, 0x07, 0x5E, 0x6B, 0x65, 0xA7, 0x9C,
+        0x2B, 0xCA, 0xD9, 0x17, 0xB1, 0x22, 0xFE, 0x1A,
+        0xC4, 0xFB, 0xB4, 0x10, 0x21, 0x1B, 0xA0, 0xA1,
+        0x99, 0x7A, 0x31, 0x30, 0x7C, 0x01, 0xF0, 0xFE,
+        0xD3, 0xB3, 0x14, 0x3D, 0x28, 0x34, 0x0F, 0xAC,
+        0xF0, 0x93, 0x37, 0xC4, 0xEF, 0x04, 0x74, 0x80,
+        0xA2, 0x90, 0xAE, 0x02, 0xB2, 0xF7, 0xD8, 0x7B,
+        0x8C, 0x29, 0xA0, 0xAE, 0xAE, 0x2E, 0x92, 0xC9,
+        0xC5, 0x44, 0x7D, 0x66, 0xC5, 0x5C, 0x1D, 0x1E,
+        0x25, 0x88, 0x5D, 0x10, 0x37, 0xFB, 0x5F, 0xCC,
+        0x80, 0x15, 0x4F, 0x1D, 0x23, 0xB4, 0xF2, 0x7B,
+        0x5B, 0xAC, 0x89, 0xBE, 0x1C, 0x36, 0x3C, 0xFF,
+        0x8E, 0xA7, 0x58, 0x73, 0xAC, 0x3F, 0x63, 0x33,
+        0xE8, 0x6C, 0x53, 0xEC, 0xA5, 0x5D, 0xBE, 0xD5,
+        0xE1, 0xF1, 0x12, 0x6B, 0x12, 0x78, 0xC7, 0x29,
+        0xC9, 0xA8, 0x4C, 0x4A, 0x1B, 0x7F, 0x15, 0x11,
+        0x93, 0x01, 0xC8, 0x0B, 0xE2, 0x2F, 0xE9, 0xBE,
+        0xBA, 0x17, 0x59, 0x45, 0xB2, 0x61, 0x2B, 0x66,
+        0xDD, 0xCE, 0xDF, 0x9A, 0x2A, 0x4D, 0x5F, 0x24,
+        0xF9, 0x02, 0xBB, 0xA6, 0x8D, 0xA7, 0x5D, 0x95,
+        0x97, 0x2E, 0x28, 0xD6, 0xCB, 0x70, 0x17, 0xCA,
+        0x51, 0xED, 0x58, 0x73, 0xAB, 0x03, 0xDD, 0x2E,
+        0x92, 0x6C, 0x15, 0x64, 0x2C, 0x9D, 0x6E, 0x64,
+        0x27, 0xFC, 0xE8, 0x0F, 0xC3, 0x8B, 0x34, 0xFE,
+        0xB3, 0xC1, 0x55, 0x13, 0xA6, 0x87, 0xC3, 0x5B,
+        0x94, 0xEB, 0x83, 0xE4, 0xAB, 0x3E, 0x18, 0x76,
+        0x67, 0x92, 0x70, 0xF5, 0xA9, 0x8F, 0x18, 0xA6,
+        0x5F, 0x57, 0x41, 0x76, 0x55, 0xFD, 0xA9, 0x99,
+        0x4E, 0x8F, 0xCC, 0x61, 0x6C, 0x6C, 0x60, 0x06,
+        0x10, 0x40, 0x26, 0xD6, 0xCD, 0x7A, 0xA0, 0x56,
+        0x3D, 0x51, 0x07, 0x25, 0x76, 0x00, 0x05, 0xF5,
+        0xFD, 0x39, 0xE7, 0x59, 0x24, 0x90, 0x29, 0xF0,
+        0x3D, 0x9F, 0x00, 0x67, 0x10, 0x3F, 0xA0, 0x45,
+        0x21, 0x14, 0xDF, 0x24, 0x40, 0xE8, 0xC6, 0xDB,
+        0x65, 0xE2, 0x39, 0x56, 0xEB, 0x1B, 0xEE, 0xB2,
+        0xC3, 0x4E, 0x5B, 0x20, 0xAC, 0x31, 0x6A, 0x03,
+        0xA9, 0x54, 0x36, 0x66, 0x62, 0x68, 0xC3, 0xD8,
+        0x22, 0x8F, 0x62, 0xEB, 0x56, 0x67, 0xB3, 0xB6,
+        0xBB, 0x85, 0x7D, 0xD0, 0x73, 0x7B, 0x69, 0x05,
+        0x1E, 0x9F, 0x26, 0xEE, 0x02, 0x36, 0x71, 0xCE,
+        0xAD, 0xFA, 0xCA, 0xF9, 0x49, 0x7F, 0x1A, 0xDE,
+        0x58, 0x7A, 0x69, 0x3E, 0xEF, 0xFB, 0xFC, 0xD5,
+        0x50, 0xEC, 0x20, 0x8C, 0x23, 0x56, 0x91, 0xE8,
+        0xE3, 0x66, 0xD9, 0x65, 0xB6, 0x2B, 0xEC, 0x16,
+        0xA6, 0x61, 0xCD, 0x5D, 0xE2, 0x87, 0x93, 0x22,
+        0x0D, 0x66, 0xF2, 0x64, 0x55, 0x05, 0xB8, 0x52,
+        0x41, 0x2F, 0xAE, 0x7B, 0x9D, 0x98, 0x29, 0xBF,
+        0x61, 0x5F, 0x7C, 0xBD, 0x59, 0xA7, 0xBC, 0x1D,
+        0x03, 0x4E, 0x6A, 0x25, 0x52, 0x9C, 0xFB, 0x48,
+        0x6A, 0xF2, 0x01, 0xDE, 0xB7, 0xEA, 0x95, 0xBA,
+        0x70, 0x8A, 0x31, 0x59, 0x17, 0x16, 0x74, 0x34,
+        0x53, 0x09, 0xDB, 0x81, 0x50, 0xE6, 0x7E, 0xBB,
+        0x30, 0xA7, 0xFF, 0x80, 0xCA, 0xC9, 0xAB, 0x13,
+        0x92, 0x50, 0x0A, 0x83, 0xE6, 0x3B, 0xBF, 0x7C,
+        0x42, 0xEB, 0x94, 0x53, 0xC2, 0xC9, 0xAC, 0xDA,
+        0x02, 0xBE, 0x53, 0x82, 0x34, 0xAA, 0xA7, 0xDB,
+        0x5A, 0x7F, 0x58, 0x8F, 0xC9, 0x1B, 0x90, 0xEE,
+        0x24, 0x77, 0xF2, 0xB6, 0x1C, 0xD1, 0x06, 0x2A,
+        0x7E, 0xF1, 0xE6, 0xE4, 0xDC, 0x54, 0xB3, 0x6D,
+        0x0E, 0x19, 0x93, 0x3E, 0x98, 0x1C, 0xB7, 0x63,
+        0xA9, 0xE1, 0x07, 0xE0, 0x1D, 0xA9, 0x42, 0x0F,
+        0x82, 0xCA, 0x79, 0x35, 0x92, 0xA4, 0x7C, 0x4B,
+        0x97, 0x7F, 0xF2, 0xC8, 0x84, 0x98, 0xDA, 0x95,
+        0xC4, 0x3D, 0x23, 0x2F, 0x42, 0xAF, 0x99, 0x48,
+        0x0B, 0xF0, 0xA4, 0xF8, 0xB7, 0xC4, 0x94, 0x9D,
+        0x1A, 0xE1, 0xD4, 0xFA, 0x8E, 0x1D, 0x1A, 0x8C,
+        0xD0, 0xF9, 0xED, 0x00, 0xDA, 0x59, 0x5E, 0xFD,
+        0x2B, 0x76, 0x6F, 0x0B, 0x79, 0xD4, 0x49, 0x0D,
+        0xB9, 0x28, 0xEC, 0x44, 0xB5, 0x03, 0x0A, 0x74,
+        0xCA, 0x42, 0x81, 0x1A, 0x5B, 0x5A, 0xE5, 0x22,
+        0xC7, 0x76, 0x4D, 0xDF, 0xD9, 0xFD, 0x92, 0xF0,
+        0x06, 0xE9, 0x4B, 0x35, 0xA7, 0xEF, 0x01, 0x42,
+        0xDA, 0x71, 0x78, 0xC2, 0xF5, 0x30, 0x74, 0xD0,
+        0x74, 0x51, 0xB1, 0x55, 0x65, 0xA9, 0xE0, 0xC5,
+        0x7E, 0xA1, 0xB9, 0x4C, 0x88, 0xEA, 0xE7, 0x41,
+        0xB1, 0xF5, 0x01, 0xC4, 0xD3, 0x70, 0x72, 0x7D,
+        0xAD, 0x27, 0x65, 0xF7, 0x95, 0xAD, 0x41, 0x46,
+        0x35, 0x80, 0x0E, 0xC1, 0x94, 0x9D, 0x03, 0x71,
+        0x39, 0xDE, 0x26, 0xAF, 0xCF, 0x93, 0x3D, 0x9A,
+        0x09, 0xC1, 0x27, 0xFC, 0x6B, 0x36, 0xE5, 0x18,
+        0xC6, 0xDE, 0x94, 0x92, 0xBA, 0x70, 0x82, 0x7B,
+        0x68, 0x1C, 0x2D, 0x18, 0xA4, 0x01, 0x23, 0xB6,
+        0xC5, 0xF6, 0x17, 0x37, 0xCB, 0x9D, 0xC6, 0xAA,
+        0x9C, 0xE1, 0x7D, 0x16, 0x8E, 0xBB, 0xDD, 0xD6,
+        0x3C, 0x07, 0x60, 0x19, 0x3C, 0x97, 0x49, 0x33,
+        0xDB, 0x47, 0x4A, 0xA8, 0x9A, 0xF3, 0x0E, 0x16,
+        0x29, 0x38, 0xF6, 0xDB, 0x78, 0x65, 0xDE, 0x23,
+        0x1F, 0x86, 0x16, 0x9C, 0x9E, 0x2A, 0x30, 0x2F,
+        0xC4, 0x1F, 0x1B, 0xE5, 0xF3, 0x6C, 0x55, 0x83,
+        0xFC, 0xD9, 0x1E, 0x21, 0xCB, 0x8A, 0x67, 0x57,
+        0xD3, 0x0A, 0x4B, 0xAC, 0xDB, 0x67, 0xE7, 0xA6,
+        0x1B, 0x0C, 0x8E, 0x21, 0x7E, 0x0C, 0xCB, 0xF5,
+        0x0E, 0xA6, 0x42, 0xCD, 0xE3, 0xFC, 0x74, 0xC7,
+        0xF9, 0xFF, 0xBD, 0xA9, 0xA1, 0xE6, 0x84, 0xBB,
+        0xC9, 0xA8, 0xF7, 0xCD, 0x3F, 0x1B, 0xD0, 0xDB,
+        0x63, 0xDD, 0xDF, 0x4E, 0xA4, 0x79, 0xC2, 0x35,
+        0x65, 0x2C, 0x5D, 0xCB, 0xCA, 0x7B, 0xDD, 0x4E,
+        0x2F, 0x33, 0xE8, 0x71, 0x72, 0xC1, 0x8B, 0x5F,
+        0xF3, 0x90, 0x99, 0x40, 0x8D, 0x27, 0x2F, 0xD0,
+        0xFB, 0x0D, 0x6A, 0x23, 0xB1, 0x43, 0x00, 0xDF,
+        0xC6, 0x4C, 0x02, 0x74, 0x3E, 0x52, 0x36, 0x08,
+        0xE9, 0x73, 0x61, 0x3D, 0xCA, 0xAC, 0x9D, 0x1D,
+        0x14, 0xB3, 0xA6, 0x24, 0x0E, 0xC2, 0xF2, 0x29,
+        0x39, 0x91, 0xF6, 0x90, 0x6A, 0xE3, 0x6C, 0x04,
+        0x69, 0xF3, 0x09, 0x11, 0x34, 0x8E, 0xC1, 0x2D,
+        0xDB, 0xA6, 0xC3, 0xCA, 0x19, 0xBC, 0x69, 0x5F,
+        0xCD, 0x16, 0xE5, 0xAE, 0xF2, 0xAD, 0x7C, 0x73,
+        0x25, 0x15, 0x70, 0xB5, 0xD0, 0x49, 0xA6, 0xC3,
+        0xA5, 0x2F, 0xA3, 0xFC, 0x9E, 0xD5, 0x4E, 0x54,
+        0x97, 0x3A, 0xE7, 0x89, 0xB0, 0xBF, 0xD6, 0xF8,
+        0xCC, 0x26, 0x44, 0xA9, 0xF8, 0x5A, 0xCE, 0x06,
+        0x78, 0xD8, 0x9E, 0xFC, 0x12, 0xB6, 0x11, 0xC3,
+        0xDF, 0xAE, 0x3F, 0x94, 0x50, 0x34, 0xB8, 0x99,
+        0xBE, 0x99, 0xA7, 0x32, 0x88, 0x9F, 0x17, 0xD2,
+        0x08, 0xDC, 0xD7, 0xEE, 0x95, 0x9D, 0x1A, 0xC7,
+        0x61, 0xDB, 0xA4, 0x86, 0x4C, 0x14, 0xB0, 0xA3,
+        0x5E, 0x4C, 0x7B, 0xBD, 0xA0, 0x96, 0xFB, 0x8A,
+        0xB3, 0x22, 0x69, 0x26, 0xC8, 0x9E, 0x7C, 0xDA,
+        0x92, 0x9E, 0xF1, 0x30, 0xC6, 0x92, 0xC9, 0x26,
+        0x59, 0xE6, 0xF4, 0x65, 0x2B, 0xF2, 0x15, 0x63,
+        0x61, 0xC7, 0x7D, 0xBE, 0xEF, 0x5A, 0x06, 0x23,
+        0xA0, 0x67, 0x04, 0x99, 0x0E, 0x19, 0x8A, 0x13,
+        0x67, 0x30, 0x54, 0x32, 0x4B, 0xBB, 0xAA, 0x64,
+        0x36, 0x92, 0xF2, 0x43, 0xD6, 0x7C, 0x1B, 0x4F,
+        0x95, 0xB9, 0x28, 0xAC, 0xF1, 0x68, 0x6F, 0x60,
+        0xC1, 0x44, 0x87, 0xD6, 0xDD, 0x7F, 0x88, 0x01,
+        0xEF, 0x20, 0x93, 0x9E, 0x03, 0xA1, 0xCA, 0x7D,
+        0x74, 0x32, 0xDC, 0xF5, 0x95, 0xF1, 0xE9, 0xED,
+        0xF2, 0xB2, 0x93, 0x57, 0xA1, 0xD4, 0xC7, 0xDA,
+        0x33, 0x51, 0x2C, 0x45, 0x1A, 0x7C, 0x66, 0x04,
+        0x38, 0x2D, 0x90, 0xC3, 0x30, 0x79, 0xD9, 0x57,
+        0x38, 0xE4, 0x71, 0x89, 0xD8, 0x54, 0x9E, 0x43,
+        0xD2, 0x94, 0xE7, 0x3D, 0x1C, 0xA7, 0x48, 0x7B,
+        0x50, 0xD0, 0xED, 0x7C, 0xC6, 0xF9, 0x6B, 0xEE,
+        0xA7, 0x6C, 0xCE, 0xB9, 0x6D, 0x37, 0x92, 0x00,
+        0x4E, 0xB3, 0xE5, 0x49, 0x16, 0x35, 0xA6, 0x7F,
+        0x6F, 0xFA, 0x1F, 0x1D, 0xF6, 0xA1, 0xF2, 0xFD,
+        0xEE, 0x77, 0x84, 0x17, 0x80, 0xAE, 0x08, 0x09,
+        0xD2, 0x92, 0xED, 0x7B, 0x00, 0xF4, 0x2D, 0x80,
+        0x91, 0x19, 0x09, 0xB5, 0x1C, 0x9A, 0x3A, 0xE5,
+        0x4B, 0x7A, 0x6D, 0x7D, 0x29, 0xD2, 0x00, 0x05,
+        0x22, 0xD4, 0xF8, 0x76, 0xE2, 0x5C, 0x0D, 0x6A,
+        0x15, 0x77, 0x22, 0x18, 0x85, 0xFD, 0x30, 0x74,
+        0xF3, 0x3B, 0xDC, 0xD9, 0x6C, 0xDE, 0x80, 0x40,
+        0x4A, 0x37, 0xE1, 0x60, 0x9F, 0x26, 0xCF, 0xBE,
+        0x24, 0xA1, 0xFB, 0xF9, 0x76, 0x2A, 0x1A, 0x23,
+        0x32, 0xE7, 0xA2, 0xD8, 0x2D, 0xF9, 0xD2, 0x0F,
+        0x08, 0x3A, 0xDB, 0x35, 0x35, 0x33, 0x59, 0x0B,
+        0xB1, 0xF9, 0x54, 0x33, 0x49, 0x36, 0x9E, 0x21,
+        0xEC, 0xF5, 0x94, 0xE2, 0x78, 0x07, 0xA5, 0x63,
+        0x50, 0xD6, 0x23, 0x84, 0xDE, 0xAD, 0xA7, 0x89,
+        0xBE, 0x92, 0xF0, 0x12, 0xC1, 0xF8, 0xA7, 0x2D,
+        0x8B, 0xE0, 0x79, 0xF8, 0xD7, 0xBD, 0x04, 0x0B,
+        0xC5, 0xF2, 0x23, 0x36, 0x11, 0x6D, 0x6F, 0x37,
+        0xDB, 0xFB, 0xD2, 0xC7, 0x44, 0xC3, 0xAE, 0x78,
+        0xEC, 0xB4, 0xE0, 0x5A, 0x55, 0xB3, 0xFC, 0xC3,
+        0x1B, 0x8C, 0xA6, 0xDB, 0xE8, 0x95, 0x72, 0x44,
+        0x90, 0x8F, 0x4E, 0xD1, 0xD3, 0x46, 0x6C, 0x9E,
+        0x00, 0xC6, 0xCC, 0xAE, 0xFC, 0x95, 0x4D, 0x85,
+        0x7C, 0x65, 0x5F, 0x74, 0x71, 0xE3, 0x80, 0x88,
+        0xCF, 0x1E, 0xB8, 0xBE, 0xED, 0x8D, 0xC4, 0xFB,
+        0x3E, 0x36, 0xF3, 0xB8, 0x42, 0x1F, 0x37, 0x31,
+        0x8D, 0xA2, 0x35, 0x36, 0x9E, 0x92, 0x3D, 0xD8,
+        0xEA, 0xA7, 0xA2, 0x29, 0x0E, 0x14, 0xBF, 0x59,
+        0x1E, 0x1D, 0x98, 0x27, 0x30, 0x3B, 0xF3, 0x57,
+        0x69, 0x75, 0xCC, 0x3A, 0xB3, 0x49, 0x99, 0x70,
+        0x19, 0x50, 0xAB, 0xF6, 0x7F, 0xF6, 0x55, 0x1A,
+        0xCA, 0x2D, 0xA0, 0x73, 0x50, 0xE0, 0x9C, 0xEE,
+        0x07, 0xEC, 0x37, 0x26, 0x6B, 0xAA, 0xA5, 0x34,
+        0xFD, 0x7B, 0x1A, 0x92, 0x4E, 0xE7, 0x36, 0x1A,
+        0xEB, 0x35, 0xCC, 0x5A, 0x5C, 0x06, 0x7F, 0x77,
+        0xCE, 0x52, 0x33, 0x57, 0x73, 0x9D, 0xEC, 0x2D,
+        0x28, 0x0C, 0xC9, 0xBF, 0x06, 0x9E, 0xA7, 0x7C,
+        0x36, 0xF9, 0x0B, 0xC6, 0x7F, 0x0F, 0x66, 0x24,
+        0x65, 0x2D, 0x30, 0x2B, 0xD7, 0x7F, 0x07, 0xD3,
+        0x57, 0xC8, 0x4B, 0xC3, 0x0C, 0xA3, 0x5B, 0xAA,
+        0xAF, 0xEA, 0xF3, 0xA3, 0x9E, 0x9E, 0xD4, 0x63,
+        0xCD, 0x82, 0x8B, 0xBC, 0x5D, 0xEF, 0xE6, 0x2A,
+        0x4D, 0x5B, 0x95, 0x13, 0x17, 0x98, 0xD3, 0x67,
+        0x66, 0x04, 0x9E, 0x71, 0x71, 0xE6, 0xBD, 0x44,
+        0x15, 0x6B, 0x29, 0x76, 0xE4, 0x62, 0x01, 0x99,
+        0xEB, 0xF4, 0x2E, 0x14, 0x29, 0x0D, 0xBF, 0x8A,
+        0x02, 0x30, 0x4A, 0xE7, 0x0D, 0x25, 0x42, 0x9E,
+        0xD7, 0x0C, 0xAD, 0x30, 0xC6, 0xA3, 0x49, 0xF9,
+        0x90, 0x0C, 0x46, 0x5B, 0x77, 0x67, 0x5F, 0x0B,
+        0xE9, 0xA9, 0xFE, 0xFA, 0xC8, 0x5F, 0x19, 0xF7,
+        0x35, 0x09, 0xF7, 0xB5, 0x6D, 0x51, 0x32, 0x17,
+        0xBE, 0xE6, 0xC3, 0xBE, 0x4A, 0x9A, 0x33, 0xDA,
+        0xC6, 0x90, 0xB7, 0xA7, 0x6F, 0x97, 0x9E, 0xD5,
+        0x80, 0xE5, 0x02, 0x9E, 0x58, 0xD6, 0x45, 0x34,
+        0x4D, 0x61, 0x71, 0x19, 0x07, 0x69, 0x1F, 0xAF,
+        0xFF, 0x9F, 0xDE, 0x97, 0x13, 0xA1, 0xDF, 0x47,
+        0x0E, 0x8B, 0xD6, 0xD0, 0x75, 0x40, 0x08, 0x59,
+        0x7D, 0xFB, 0x74, 0x74, 0xF2, 0x48, 0xF4, 0x23,
+        0x1B, 0x5E, 0x18, 0x4E, 0x2D, 0x2D, 0xC5, 0x40,
+        0xD0, 0x90, 0x4F, 0x95, 0x69, 0xC4, 0xDA, 0xFB,
+        0x39, 0x4B, 0x12, 0x7D, 0x22, 0x1E, 0x9A, 0x68,
+        0x5B, 0x68, 0x2E, 0x47, 0x23, 0xB9, 0x6A, 0xBF,
+        0xF7, 0xE2, 0x56, 0x79, 0xDD, 0x7A, 0x72, 0xF9,
+        0x5F, 0x20, 0x6B, 0x29, 0x56, 0xEE, 0x04, 0x11,
+        0x4C, 0x16, 0x34, 0x04, 0x14, 0x54, 0xB5, 0x21,
+        0xAA, 0x6A, 0x46, 0x40, 0xE4, 0xF1, 0x78, 0x7C,
+        0x50, 0xF3, 0x4D, 0xBC, 0x57, 0x34, 0x7C, 0x6A,
+        0xBD, 0x9B, 0xEF, 0x03, 0x80, 0x7D, 0xAB, 0x20,
+        0x0F, 0x77, 0x87, 0x6F, 0x93, 0xFB, 0x24, 0x20,
+        0x82, 0xC7, 0x7E, 0xFB, 0x43, 0x2D, 0xC6, 0xD4,
+        0xE9, 0x27, 0x8C, 0x66, 0xA8, 0x5A, 0x58, 0xC8,
+        0xD8, 0x9A, 0xA8, 0x50, 0x5F, 0x3A, 0x3D, 0x0B,
+        0xC3, 0x4F, 0xCE, 0x94, 0xE0, 0x0D, 0x16, 0xCB,
+        0x20, 0xE0, 0xF5, 0x1A, 0x13, 0x6E, 0x28, 0xA6,
+        0x42, 0xB2, 0xB1, 0x30, 0x1D, 0x56, 0x28, 0xCD,
+        0xF3, 0x4E, 0xA7, 0x3E, 0x74, 0x04, 0x7D, 0xA5,
+        0x86, 0xD9, 0x1A, 0xDF, 0x07, 0xBC, 0x2C, 0x59,
+        0xB1, 0x91, 0x6D, 0x9B, 0xA2, 0xD0, 0x72, 0xE7,
+        0xA5, 0x56, 0x4A, 0x27, 0x56, 0x1F, 0x65, 0xCD,
+        0x90, 0x7B, 0xB7, 0x5A, 0x51, 0x25, 0x75, 0x1B,
+        0xD9, 0xD4, 0xC7, 0x19, 0x8A, 0xB0, 0x3D, 0x38,
+        0x22, 0x61, 0xCF, 0xD9, 0x66, 0xED, 0xF5, 0xB8,
+        0xF5, 0x86, 0xFF, 0x98, 0x1A, 0xB7, 0xFB, 0x67,
+        0xED, 0x25, 0x52, 0xD9, 0x2F, 0x84, 0xDC, 0x96,
+        0x89, 0x2C, 0x52, 0xCF, 0x5F, 0xA0, 0xEA, 0xD0,
+        0xB3, 0x38, 0x98, 0xFC, 0xD7, 0x50, 0x84, 0xCF,
+        0xA5, 0xE9, 0x53, 0x8B, 0x44, 0x38, 0xB5, 0x7D,
+        0xD8, 0xAD, 0x0A, 0xE5, 0x35, 0x78, 0x29, 0xBF,
+        0x9F, 0x6B, 0x2C, 0xBB, 0x97, 0x9D, 0xD3, 0x64,
+        0x23, 0x2B, 0xA8, 0xA4, 0x71, 0xE3, 0xF1, 0x2F,
+        0x61, 0xC9, 0x68, 0xD2, 0x06, 0xD0, 0x4E, 0x87,
+        0x03, 0x99, 0xCC, 0xB1, 0x83, 0xB6, 0x94, 0x61,
+        0x3C, 0xE9, 0xE0, 0x7D, 0x13, 0xAF, 0xCF, 0xE4,
+        0xA6, 0x42, 0x7F, 0x62, 0x8F, 0xFC, 0x10, 0xF1,
+        0x08, 0x4D, 0x1D, 0xFC, 0x0F, 0x37, 0x11, 0xBE,
+        0xD7, 0xF1, 0x80, 0x46, 0xAF, 0xFA, 0x13, 0x65,
+        0x99, 0xAE, 0xF9, 0xD0, 0x13, 0xA7, 0xC7, 0x3A,
+        0xD2, 0xC1, 0x9B, 0x5A, 0xB8, 0xC3, 0x08, 0x13,
+        0x49, 0x40, 0x33, 0x0D, 0x1F, 0x93, 0x5D, 0x10,
+        0x49, 0x3E, 0x4F, 0x90, 0x34, 0xC5, 0xEA, 0xF7,
+        0x24, 0xFF, 0xF3, 0xC5, 0x95, 0xF7, 0x1F, 0x13,
+        0x9A, 0xE0, 0x0C, 0xCD, 0x61, 0x93, 0x39, 0xE6,
+        0xAF, 0xD5, 0x3E, 0xA9, 0xD8, 0xC4, 0x8F, 0x64,
+        0x05, 0x09, 0x45, 0x2A, 0xEB, 0x12, 0xC5, 0x51,
+        0x58, 0x1C, 0x55, 0x20, 0xE9, 0x29, 0x74, 0xC7,
+        0x10, 0x01, 0xF3, 0xA4, 0x56, 0xB4, 0x14, 0xFE,
+        0x9C, 0x10, 0x2F, 0xF8, 0xBF, 0xB5, 0x9C, 0x6E,
+        0xBB, 0xE6, 0x52, 0xE7, 0xAC, 0xA7, 0xCE, 0x41,
+        0x6E, 0x00, 0x66, 0x0A, 0x2F, 0x46, 0x71, 0xB8,
+        0x8F, 0x45, 0x89, 0x26, 0x68, 0xCD, 0x49, 0xDF,
+        0xCB, 0xCD, 0xD6, 0x66, 0xC6, 0xA7, 0x8E, 0xB3,
+        0xE4, 0x72, 0xEF, 0xBA, 0xA6, 0x6D, 0x7A, 0xB7,
+        0xE9, 0xD9, 0xB2, 0x60, 0xB5, 0x82, 0x77, 0x20,
+        0x2A, 0xFA, 0xE3, 0xCB, 0xF5, 0x30, 0x50, 0x30,
+        0xC6, 0x19, 0x67, 0xA8, 0xB8, 0xFA, 0xFE, 0xB6,
+        0xDA, 0xB6, 0xB6, 0xBF, 0x07, 0x90, 0x40, 0xD8,
+        0x5B, 0x15, 0x48, 0x39, 0xCD, 0x99, 0x0F, 0x3A,
+        0x28, 0xD2, 0x2E, 0xBA, 0xAC, 0x6D, 0xA3, 0xF8,
+        0x53, 0x88, 0xF0, 0x86, 0x87, 0x70, 0xF5, 0x07,
+        0xD2, 0x99, 0xC4, 0xCA, 0xDD, 0xD8, 0x8C, 0xEB,
+        0x00, 0x96, 0xB4, 0x62, 0xA3, 0x7B, 0x79, 0x31,
+        0xB2, 0x85, 0xB0, 0x61, 0x39, 0xF2, 0xBC, 0x1D,
+        0x31, 0xC3, 0x0C, 0x7F, 0x70, 0x9A, 0x63, 0x74,
+        0xC6, 0xCB, 0xD3, 0x93, 0x0D, 0x43, 0x7F, 0x80,
+        0x85, 0x87, 0x72, 0x98, 0xE1, 0x6E, 0x9A, 0x59,
+        0x2E, 0x6C, 0xA8, 0x9E, 0xC2, 0xC0, 0x72, 0xFE,
+        0x26, 0xE8, 0xAF, 0x89, 0x61, 0xCA, 0x0D, 0x15,
+        0xCC, 0xB0, 0xBA, 0x10, 0xB8, 0x9D, 0x77, 0x2C,
+        0x6C, 0x28, 0xCC, 0x70, 0x5B, 0x1F, 0x5D, 0x68,
+        0xD4, 0xC8, 0x1F, 0x0F, 0x67, 0xF5, 0x3E, 0x5C,
+        0x70, 0x50, 0x4B, 0x32, 0x12, 0xE6, 0x1A, 0xCE,
+        0xB8, 0x32, 0x5F, 0x1D, 0xC5, 0xFB, 0x07, 0x77,
+        0xAD, 0x85, 0x45, 0x95, 0x04, 0x0D, 0x94, 0x7A,
+        0x1F, 0xDD, 0x05, 0x74, 0x14, 0xA5, 0x9A, 0x66,
+        0xF4, 0x93, 0xBE, 0xF2, 0xA9, 0x5B, 0xCD, 0xAB,
+        0xC7, 0x82, 0xF7, 0xE7, 0x4A, 0x1C, 0x90, 0x6B,
+        0x9A, 0xBD, 0x93, 0xDD, 0x41, 0x56, 0xDA, 0xA5,
+        0x0F, 0x5D, 0x57, 0x2C, 0xBA, 0x07, 0x07, 0x4B,
+        0x91, 0x33, 0xE6, 0x1B, 0x0E, 0x25, 0x9E, 0x36,
+        0xBF, 0xCA, 0x21, 0xCE, 0xC6, 0x82, 0x33, 0x4D,
+        0x42, 0x4F, 0x2E, 0x71, 0xC2, 0xE7, 0x6F, 0x16,
+        0xF6, 0xB7, 0x30, 0x1C, 0xA1, 0xA8, 0xE3, 0xE7,
+        0xB1, 0x71, 0xDD, 0x9F, 0x90, 0x1F, 0x01, 0x1D,
+        0x0A, 0xBD, 0x2C, 0x4A, 0x22, 0x84, 0x5C, 0xBF,
+        0x61, 0x07, 0x24, 0xC4, 0x0D, 0x23, 0xDB, 0xC6,
+        0x28, 0xB1, 0x27, 0xCB, 0x7E, 0x06, 0xF8, 0x3C,
+        0x42, 0xF9, 0x51, 0x2F, 0x21, 0xC5, 0x80, 0x98,
+        0x08, 0x2F, 0x56, 0x58, 0xD7, 0xE0, 0xDA, 0xC4,
+        0x24, 0x0C, 0xE8, 0xFA, 0x94, 0x23, 0x57, 0xA6,
+        0xD8, 0xE2, 0xC5, 0xCC, 0x16, 0x70, 0x55, 0x57,
+        0xC4, 0x52, 0x2D, 0x94, 0xCE, 0x5B, 0x22, 0x8E,
+        0x6C, 0x3D, 0x8E, 0x74, 0x9D, 0xFD, 0x47, 0xC7,
+        0x42, 0x11, 0x41, 0x9F, 0x6A, 0x0A, 0xF6, 0x16,
+        0x97, 0xB1, 0x24, 0xC4, 0x6C, 0x98, 0xF8, 0x62,
+        0x51, 0xE9, 0x67, 0x6D, 0x39, 0x2B, 0x76, 0x19,
+        0x5F, 0x41, 0xF4, 0x82, 0x51, 0x87, 0xFF, 0xAA,
+        0x87, 0xE3, 0x46, 0x87, 0xC0, 0xC9, 0xBB, 0xB5,
+        0xAC, 0xA0, 0xD1, 0x56, 0x54, 0xC2, 0x2C, 0x59,
+        0x9E, 0x78, 0xF9, 0xA6, 0xBA, 0xCB, 0xE2, 0x45,
+        0x8A, 0xC1, 0xE5, 0xDF, 0xC3, 0x81, 0x91, 0xDB,
+        0xDB, 0x9E, 0xE2, 0x9C, 0xB9, 0x44, 0x5F, 0x5D,
+        0x6D, 0x83, 0x8D, 0x2D, 0x3E, 0x72, 0x2F, 0x98,
+        0xFC, 0xFA, 0x5F, 0xC0, 0xF0, 0x03, 0x4A, 0x42,
+        0x19, 0x67, 0x48, 0x24, 0x70, 0x35, 0xAE, 0x37,
+        0x34, 0x27, 0xAB, 0xD6, 0x92, 0xB8, 0xB4, 0x52,
+        0xC9, 0xD1, 0xF0, 0x5C, 0xAC, 0xFA, 0xB9, 0x2D,
+        0xCE, 0xF2, 0x24, 0xE3, 0x53, 0xF4, 0x2D, 0x65,
+        0x8D, 0xBF, 0x27, 0x3F, 0xAF, 0x62, 0xE0, 0x27,
+        0xBE, 0x12, 0xCB, 0x40, 0xA4, 0x99, 0xAF, 0x47,
+        0x19, 0x5F, 0x68, 0x69, 0x7F, 0x8C, 0xD2, 0x1E,
+        0x4A, 0xA1, 0xA4, 0x3D, 0x5A, 0x62, 0x6F, 0x78,
+        0x87, 0x8E, 0xA0, 0xC0, 0xF3, 0x2C, 0x60, 0xC3,
+        0xCE, 0xDD, 0xED, 0x7C, 0xAF, 0xE0, 0x0B, 0x72,
+        0x9D, 0xBA, 0xC6, 0xEE, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        0x0B, 0x15, 0x1B, 0x1E, 0x24
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte sk_87[] = {
+        0xF1, 0x79, 0x16, 0xD9, 0x5C, 0x51, 0x2F, 0xEC,
+        0x0C, 0xEF, 0xA6, 0xA1, 0x5C, 0x9F, 0xB3, 0xBF,
+        0x84, 0xFF, 0x8D, 0x7F, 0xA3, 0x55, 0x22, 0xEB,
+        0x1C, 0x91, 0x5C, 0x4D, 0x25, 0x4E, 0x89, 0x35,
+        0x24, 0x8E, 0x3C, 0x08, 0x58, 0x2B, 0x74, 0x5E,
+        0xB2, 0xFD, 0x13, 0x15, 0x2B, 0x5D, 0xAE, 0xEA,
+        0xB0, 0x72, 0x80, 0x42, 0xB0, 0x08, 0x85, 0xBB,
+        0x92, 0xF8, 0x44, 0xA8, 0x6B, 0x42, 0x62, 0x03,
+        0x5C, 0x9F, 0x44, 0x8A, 0x2B, 0x78, 0xEF, 0x5D,
+        0xB3, 0x47, 0xE0, 0x25, 0x04, 0x15, 0xE1, 0x01,
+        0x5F, 0xBB, 0x34, 0x31, 0x91, 0x24, 0x07, 0xC8,
+        0x5A, 0x2F, 0x36, 0x2A, 0x85, 0xA9, 0xAE, 0x42,
+        0x77, 0x23, 0xBF, 0x62, 0x69, 0x7B, 0x77, 0x99,
+        0x1B, 0x3E, 0x93, 0xA3, 0x81, 0x13, 0x3F, 0x95,
+        0x0D, 0x40, 0xE7, 0xC1, 0xAC, 0xBC, 0x17, 0xE4,
+        0xF1, 0xD1, 0x0C, 0xD1, 0x27, 0x4C, 0x8D, 0x3C,
+        0x84, 0x02, 0x02, 0x0A, 0xC5, 0x10, 0x1C, 0xC3,
+        0x4D, 0xD0, 0x94, 0x70, 0x24, 0xC0, 0x89, 0x94,
+        0x08, 0x4D, 0xC2, 0x30, 0x20, 0x63, 0xC0, 0x24,
+        0xE1, 0x80, 0x40, 0xD0, 0x26, 0x68, 0x10, 0x97,
+        0x01, 0x83, 0xC2, 0x91, 0x5A, 0x90, 0x2D, 0x44,
+        0x94, 0x6D, 0x10, 0x09, 0x50, 0x11, 0xA7, 0x0D,
+        0xE4, 0x04, 0x89, 0x9B, 0x80, 0x8D, 0x40, 0xB8,
+        0x45, 0x4B, 0x86, 0x0D, 0xC8, 0xB6, 0x05, 0xC0,
+        0xC0, 0x71, 0x02, 0x09, 0x06, 0xA2, 0x00, 0x2D,
+        0x0B, 0x24, 0x86, 0xA0, 0x90, 0x11, 0x20, 0x16,
+        0x82, 0x1B, 0x24, 0x42, 0xCB, 0xB6, 0x70, 0x43,
+        0x36, 0x05, 0xDA, 0x16, 0x25, 0x9A, 0x34, 0x6C,
+        0xCB, 0xB4, 0x08, 0xC4, 0x16, 0x90, 0x24, 0x29,
+        0x6C, 0x42, 0x90, 0x04, 0x24, 0x06, 0x46, 0x84,
+        0x12, 0x6D, 0xC2, 0x26, 0x00, 0x88, 0x40, 0x02,
+        0x51, 0xC8, 0x40, 0x9C, 0x16, 0x24, 0x82, 0x18,
+        0x26, 0x21, 0x06, 0x0C, 0x12, 0xC2, 0x71, 0x50,
+        0x98, 0x91, 0x4A, 0x40, 0x28, 0x48, 0x48, 0x21,
+        0x5A, 0x18, 0x49, 0x1B, 0xB7, 0x01, 0x5A, 0xC6,
+        0x48, 0xA1, 0x90, 0x2C, 0x14, 0x18, 0x2D, 0xD2,
+        0x20, 0x62, 0xDC, 0xB6, 0x49, 0x00, 0x09, 0x6D,
+        0x40, 0xA8, 0x4D, 0x24, 0xC8, 0x24, 0x4C, 0x06,
+        0x08, 0x80, 0x40, 0x4E, 0xD3, 0x18, 0x88, 0x12,
+        0x09, 0x91, 0x8B, 0x12, 0x31, 0xC9, 0x16, 0x04,
+        0x64, 0x10, 0x72, 0xDA, 0x84, 0x91, 0x92, 0xC6,
+        0x65, 0x22, 0x10, 0x48, 0x18, 0xC9, 0x00, 0x14,
+        0x44, 0x62, 0x24, 0xC1, 0x60, 0x40, 0xC6, 0x10,
+        0x4A, 0x48, 0x28, 0x9B, 0x44, 0x66, 0x91, 0x10,
+        0x52, 0xD3, 0x26, 0x52, 0xD8, 0xA6, 0x0C, 0x0A,
+        0xA8, 0x44, 0xD8, 0x26, 0x0C, 0x64, 0x86, 0x45,
+        0x44, 0x20, 0x00, 0xD2, 0x48, 0x85, 0xDC, 0x46,
+        0x32, 0xC8, 0x22, 0x45, 0x5B, 0x00, 0x8D, 0x20,
+        0xA5, 0x45, 0x01, 0xC1, 0x91, 0xA2, 0x12, 0x84,
+        0x20, 0x47, 0x0E, 0x98, 0xA8, 0x25, 0xD9, 0xA0,
+        0x4D, 0xA4, 0x06, 0x2D, 0x5B, 0xB0, 0x08, 0x21,
+        0xB0, 0x80, 0x4C, 0x10, 0x2C, 0xC4, 0x98, 0x71,
+        0x99, 0x24, 0x24, 0xA4, 0x36, 0x71, 0x4B, 0xB6,
+        0x49, 0xE1, 0x92, 0x00, 0x09, 0x92, 0x4C, 0x89,
+        0x12, 0x49, 0x1A, 0x39, 0x2A, 0xE0, 0x22, 0x69,
+        0x61, 0xB2, 0x50, 0x40, 0x26, 0x8E, 0xC9, 0xA2,
+        0x08, 0x0A, 0x90, 0x24, 0x13, 0x35, 0x06, 0x21,
+        0x24, 0x62, 0x60, 0xB0, 0x01, 0xE3, 0xC6, 0x29,
+        0x5B, 0x28, 0x89, 0x20, 0x90, 0x70, 0xC4, 0xA4,
+        0x31, 0x08, 0x42, 0x11, 0x10, 0xC0, 0x71, 0x98,
+        0x98, 0x20, 0xC4, 0xA8, 0x29, 0x1A, 0x15, 0x32,
+        0xC4, 0x86, 0x6C, 0x18, 0x14, 0x6A, 0x02, 0x46,
+        0x46, 0xDC, 0xC2, 0x4C, 0x81, 0x02, 0x6D, 0x49,
+        0x16, 0x48, 0x10, 0x94, 0x6C, 0x0A, 0x85, 0x90,
+        0x9C, 0x34, 0x84, 0x54, 0x24, 0x25, 0x49, 0xA8,
+        0x21, 0x04, 0xA6, 0x2C, 0x61, 0x00, 0x01, 0x61,
+        0x46, 0x92, 0xE0, 0xA6, 0x44, 0xE2, 0x00, 0x90,
+        0xC8, 0x06, 0x06, 0x90, 0xB8, 0x2D, 0x0B, 0x85,
+        0x85, 0x20, 0x23, 0x0D, 0x83, 0x94, 0x04, 0x54,
+        0x26, 0x50, 0x41, 0x92, 0x29, 0x09, 0x16, 0x20,
+        0x54, 0xC6, 0x2D, 0x81, 0xC8, 0x8C, 0x09, 0x44,
+        0x44, 0xE2, 0x06, 0x30, 0x13, 0x92, 0x49, 0x0B,
+        0x17, 0x48, 0x93, 0x28, 0x86, 0xD8, 0xA4, 0x50,
+        0xD1, 0x32, 0x91, 0x08, 0xB8, 0x05, 0xA4, 0x02,
+        0x62, 0x01, 0x15, 0x82, 0xE3, 0x18, 0x42, 0x83,
+        0xC6, 0x44, 0x43, 0x02, 0x81, 0x53, 0x88, 0x04,
+        0x04, 0x98, 0x31, 0x19, 0x18, 0x46, 0xDB, 0x02,
+        0x89, 0x10, 0x23, 0x81, 0x03, 0x90, 0x71, 0x83,
+        0x26, 0x89, 0x1A, 0x01, 0x05, 0xCA, 0xB0, 0x01,
+        0x4C, 0x84, 0x09, 0x10, 0x11, 0x84, 0x13, 0xB1,
+        0x20, 0x61, 0xB8, 0x41, 0x1B, 0x02, 0x8C, 0x09,
+        0x98, 0x61, 0x83, 0x18, 0x61, 0x08, 0xC1, 0x6D,
+        0x44, 0x86, 0x09, 0xCB, 0x88, 0x8D, 0x93, 0xB4,
+        0x41, 0x58, 0x90, 0x81, 0x04, 0x31, 0x08, 0xD1,
+        0xC4, 0x04, 0x19, 0xB4, 0x4C, 0x1C, 0x88, 0x20,
+        0xCA, 0x30, 0x72, 0x1C, 0xB5, 0x85, 0x13, 0x27,
+        0x32, 0x84, 0xB4, 0x44, 0x04, 0x42, 0x20, 0x61,
+        0x18, 0x52, 0x50, 0x96, 0x44, 0x03, 0x38, 0x86,
+        0xE3, 0x48, 0x31, 0x02, 0x82, 0x68, 0x98, 0x06,
+        0x90, 0x23, 0x28, 0x04, 0x10, 0x18, 0x0D, 0x10,
+        0x28, 0x45, 0x4C, 0x84, 0x6C, 0x09, 0x36, 0x71,
+        0x82, 0x26, 0x64, 0x18, 0xC6, 0x21, 0x90, 0x18,
+        0x22, 0x0A, 0x37, 0x08, 0xC4, 0x94, 0x28, 0xE2,
+        0x30, 0x2C, 0x92, 0xB4, 0x24, 0x63, 0x46, 0x70,
+        0x52, 0x96, 0x0C, 0x8B, 0xA4, 0x05, 0xD3, 0x02,
+        0x85, 0x09, 0x32, 0x92, 0x49, 0x12, 0x21, 0x18,
+        0x43, 0x28, 0x01, 0x32, 0x45, 0x0B, 0xA5, 0x50,
+        0x14, 0x16, 0x65, 0x91, 0x80, 0x65, 0x0A, 0x44,
+        0x66, 0x13, 0xB6, 0x4C, 0x01, 0x38, 0x71, 0x11,
+        0x49, 0x28, 0x22, 0x43, 0x02, 0x0B, 0x34, 0x04,
+        0x01, 0x16, 0x91, 0x80, 0x14, 0x0E, 0x12, 0x93,
+        0x01, 0x00, 0x11, 0x80, 0xDC, 0x28, 0x51, 0x11,
+        0x87, 0x85, 0xC1, 0x34, 0x28, 0x02, 0xA2, 0x11,
+        0x02, 0x38, 0x44, 0x52, 0x14, 0x64, 0xC2, 0xA0,
+        0x01, 0x1B, 0x42, 0x8C, 0xC2, 0xB2, 0x71, 0xCB,
+        0x16, 0x00, 0xCC, 0x10, 0x21, 0x04, 0x12, 0x52,
+        0x84, 0x24, 0x2A, 0xD3, 0x48, 0x12, 0x08, 0x44,
+        0x08, 0x81, 0x88, 0x44, 0x01, 0x23, 0x50, 0xC0,
+        0xA2, 0x09, 0x81, 0x94, 0x50, 0x02, 0x89, 0x61,
+        0x01, 0x31, 0x88, 0x1B, 0xA2, 0x61, 0x90, 0x94,
+        0x84, 0x91, 0x24, 0x09, 0x03, 0x18, 0x22, 0xA3,
+        0x46, 0x60, 0x10, 0x16, 0x4D, 0x48, 0x84, 0x89,
+        0x11, 0x00, 0x2E, 0xCC, 0xC0, 0x40, 0x8C, 0xC0,
+        0x51, 0xE4, 0x42, 0x62, 0xDA, 0x24, 0x11, 0x13,
+        0x19, 0x46, 0x93, 0x34, 0x4C, 0x42, 0x42, 0x24,
+        0xC4, 0x48, 0x90, 0x00, 0x35, 0x80, 0x1B, 0x98,
+        0x51, 0x0B, 0x41, 0x60, 0x0C, 0x25, 0x46, 0x9A,
+        0xA8, 0x89, 0x12, 0x86, 0x4C, 0xE3, 0x16, 0x09,
+        0x14, 0x27, 0x24, 0x51, 0x26, 0x4D, 0x1B, 0x02,
+        0x10, 0x00, 0x17, 0x28, 0xD4, 0xA8, 0x45, 0x48,
+        0x88, 0x48, 0x01, 0xC7, 0x0D, 0x93, 0xC8, 0x40,
+        0x5B, 0x02, 0x49, 0x51, 0x02, 0x4A, 0x01, 0x42,
+        0x10, 0xE1, 0x08, 0x90, 0x03, 0x85, 0x48, 0x11,
+        0xA8, 0x68, 0x8B, 0x90, 0x08, 0x5A, 0x02, 0x0C,
+        0x5A, 0x18, 0x50, 0x11, 0x87, 0x51, 0x9C, 0x38,
+        0x92, 0xD0, 0x44, 0x82, 0x10, 0x33, 0x21, 0x88,
+        0x44, 0x2D, 0x24, 0x28, 0x0D, 0x22, 0xA3, 0x30,
+        0x49, 0x88, 0x25, 0xA1, 0xB2, 0x01, 0x5C, 0x40,
+        0x20, 0x1C, 0x03, 0x72, 0xCC, 0x96, 0x8C, 0x51,
+        0xA6, 0x88, 0xE3, 0x92, 0x08, 0x13, 0xB0, 0x08,
+        0x5C, 0x38, 0x44, 0x03, 0x47, 0x8E, 0x93, 0x12,
+        0x4A, 0x88, 0x20, 0x48, 0xE0, 0x42, 0x20, 0x81,
+        0x90, 0x09, 0x4B, 0x06, 0x6D, 0xD2, 0x90, 0x10,
+        0x01, 0x82, 0x49, 0x19, 0x28, 0x91, 0xDA, 0x20,
+        0x2A, 0x20, 0x85, 0x40, 0x0A, 0x16, 0x8A, 0x1C,
+        0x83, 0x60, 0xCA, 0x48, 0x4A, 0xA2, 0xC8, 0x50,
+        0xE4, 0x02, 0x31, 0x88, 0x86, 0x88, 0x53, 0x00,
+        0x89, 0x60, 0x08, 0x8A, 0xA2, 0x02, 0x0A, 0x0A,
+        0x34, 0x45, 0x03, 0x04, 0x42, 0x1B, 0x40, 0x09,
+        0x89, 0xA0, 0x69, 0x42, 0x18, 0x49, 0x4A, 0xA8,
+        0x8C, 0x99, 0x90, 0x30, 0xCA, 0x38, 0x91, 0x09,
+        0x31, 0x72, 0x8B, 0x44, 0x29, 0x52, 0xA2, 0x8D,
+        0x08, 0x14, 0x6E, 0xA1, 0x84, 0x50, 0x1C, 0x31,
+        0x46, 0x19, 0xB7, 0x01, 0xCC, 0x06, 0x29, 0x11,
+        0x09, 0x20, 0x4B, 0x40, 0x66, 0x40, 0xC4, 0x49,
+        0x00, 0x13, 0x24, 0xD0, 0xA2, 0x84, 0xCA, 0x16,
+        0x29, 0xD0, 0xC0, 0x84, 0xC8, 0x88, 0x44, 0xE1,
+        0x20, 0x29, 0x1A, 0x97, 0x05, 0x90, 0x42, 0x90,
+        0x04, 0x40, 0x71, 0x9C, 0x32, 0x4E, 0x64, 0x26,
+        0x22, 0x93, 0x36, 0x66, 0xD3, 0x06, 0x49, 0xA3,
+        0x26, 0x51, 0x4C, 0xA6, 0x89, 0x84, 0x36, 0x84,
+        0x93, 0x46, 0x6D, 0x14, 0x07, 0x8D, 0x18, 0x29,
+        0x42, 0x52, 0x34, 0x72, 0x44, 0x10, 0x90, 0x12,
+        0x37, 0x81, 0xD4, 0x10, 0x64, 0x04, 0xA5, 0x08,
+        0x84, 0x24, 0x09, 0x1C, 0x08, 0x8D, 0x02, 0x99,
+        0x6C, 0x1B, 0x30, 0x50, 0x09, 0x89, 0x81, 0x19,
+        0x30, 0x48, 0x5B, 0x14, 0x4D, 0xD9, 0x20, 0x20,
+        0x0C, 0x01, 0x2A, 0x00, 0x90, 0x4D, 0xA1, 0x02,
+        0x64, 0x1C, 0x03, 0x01, 0xC2, 0x26, 0x8C, 0x14,
+        0x08, 0x45, 0xE3, 0x12, 0x48, 0x09, 0x20, 0x09,
+        0x41, 0x40, 0x61, 0x90, 0x44, 0x21, 0x49, 0x06,
+        0x91, 0x4B, 0xC0, 0x84, 0x22, 0x95, 0x51, 0x23,
+        0x38, 0x0E, 0x5C, 0x28, 0x70, 0xC2, 0x40, 0x2C,
+        0x94, 0x18, 0x62, 0x9A, 0x30, 0x4A, 0xE2, 0x86,
+        0x4C, 0x5C, 0x10, 0x8D, 0xC2, 0x12, 0x21, 0x9C,
+        0xC4, 0x4D, 0xD9, 0x96, 0x88, 0x0C, 0x29, 0x45,
+        0x1B, 0x45, 0x6A, 0x1A, 0x00, 0x60, 0x91, 0x30,
+        0x0C, 0x12, 0x00, 0x69, 0xA2, 0xA0, 0x04, 0x81,
+        0x00, 0x65, 0x5C, 0x38, 0x8A, 0x18, 0x05, 0x89,
+        0x48, 0x32, 0x24, 0x81, 0xC6, 0x4D, 0x60, 0x90,
+        0x31, 0x83, 0x22, 0x12, 0xE1, 0xC2, 0x6C, 0x89,
+        0x00, 0x90, 0x14, 0xB4, 0x40, 0xD3, 0xB8, 0x45,
+        0x89, 0x24, 0x70, 0x09, 0x26, 0x6C, 0xD9, 0x32,
+        0x8A, 0x83, 0x44, 0x0E, 0x21, 0x44, 0x61, 0x99,
+        0xA4, 0x20, 0x44, 0x16, 0x2E, 0x1A, 0xC2, 0x08,
+        0x09, 0x98, 0x6C, 0x8C, 0x18, 0x8C, 0x0C, 0x30,
+        0x62, 0x8B, 0x46, 0x45, 0x80, 0x10, 0x21, 0x20,
+        0x33, 0x32, 0x5A, 0x38, 0x4C, 0x98, 0x06, 0x45,
+        0x1A, 0x33, 0x09, 0x82, 0x34, 0x44, 0x02, 0x20,
+        0x09, 0x59, 0x00, 0x41, 0x08, 0x13, 0x08, 0xDC,
+        0x18, 0x68, 0x12, 0x47, 0x86, 0x43, 0xB8, 0x21,
+        0x62, 0x02, 0x8D, 0x5C, 0x10, 0x0D, 0x60, 0x96,
+        0x65, 0xA2, 0x22, 0x4C, 0x83, 0x18, 0x09, 0x41,
+        0x08, 0x41, 0x63, 0xC2, 0x80, 0x13, 0x81, 0x65,
+        0x22, 0x03, 0x92, 0x04, 0xA9, 0x4D, 0x1C, 0xB0,
+        0x44, 0x80, 0xC6, 0x24, 0x00, 0x01, 0x44, 0x22,
+        0x11, 0x80, 0x21, 0x95, 0x64, 0x09, 0x99, 0x8C,
+        0xD3, 0x14, 0x4A, 0xD1, 0x98, 0x2D, 0x19, 0x31,
+        0x4C, 0x0A, 0x92, 0x40, 0x13, 0x98, 0x48, 0x14,
+        0x89, 0x20, 0x23, 0xB3, 0x0D, 0x14, 0x98, 0x6D,
+        0x12, 0x98, 0x05, 0x9B, 0x14, 0x06, 0x5B, 0x26,
+        0x91, 0x0A, 0x38, 0x09, 0x08, 0x98, 0x2C, 0x19,
+        0xA0, 0x45, 0x44, 0x26, 0x00, 0x0A, 0x05, 0x21,
+        0xDB, 0xA0, 0x69, 0x51, 0x42, 0x92, 0x0B, 0x43,
+        0x00, 0xD1, 0x42, 0x0D, 0x81, 0x30, 0x28, 0x13,
+        0xC2, 0x20, 0x03, 0x27, 0x60, 0x10, 0x83, 0x91,
+        0x0A, 0x53, 0x7E, 0xA1, 0x4F, 0x11, 0x54, 0x5E,
+        0x25, 0x4F, 0xCF, 0x28, 0x03, 0x95, 0x2A, 0x58,
+        0x0A, 0x4B, 0x6C, 0x9B, 0x29, 0x10, 0x3D, 0x97,
+        0x43, 0x6C, 0x00, 0x3E, 0x2E, 0xCE, 0xAE, 0x20,
+        0x28, 0x01, 0x7F, 0xF1, 0xD5, 0x18, 0xB0, 0xB5,
+        0xD5, 0xE6, 0x24, 0x26, 0x64, 0xED, 0x33, 0x7C,
+        0xCA, 0x45, 0x26, 0xED, 0x5D, 0xB5, 0xEA, 0xD8,
+        0xBB, 0x31, 0x16, 0x94, 0x1C, 0xD0, 0xC8, 0xF0,
+        0xA7, 0xED, 0x5A, 0x1A, 0x5A, 0x00, 0xB9, 0x8C,
+        0x33, 0x6A, 0x9B, 0xC8, 0xEB, 0x6B, 0x3A, 0x30,
+        0x83, 0x16, 0xF1, 0x17, 0xEA, 0xA8, 0x0D, 0x4B,
+        0x77, 0x56, 0xDD, 0x4A, 0x91, 0xDA, 0xA5, 0x8E,
+        0x80, 0xD7, 0xB5, 0x77, 0x55, 0x83, 0x97, 0xAF,
+        0x90, 0x5B, 0x67, 0xC5, 0x9F, 0x14, 0xE1, 0x2C,
+        0x15, 0x8D, 0x29, 0x2C, 0xA6, 0xB6, 0x41, 0xED,
+        0x0C, 0x75, 0xE3, 0x9A, 0x91, 0x4F, 0xFA, 0x1A,
+        0x9F, 0x24, 0xCA, 0x28, 0xF2, 0x00, 0xC7, 0x48,
+        0xDE, 0x70, 0x9D, 0x15, 0xD7, 0x22, 0xE7, 0xED,
+        0x2C, 0x91, 0x8D, 0xEF, 0x08, 0xCF, 0xAF, 0x9B,
+        0x7E, 0x24, 0xDE, 0xF2, 0xD5, 0x1A, 0x4D, 0x42,
+        0x0E, 0x7E, 0x89, 0x06, 0xFA, 0xCD, 0x9A, 0x5A,
+        0x98, 0xB0, 0xD1, 0xD5, 0x34, 0x5C, 0x8B, 0x9A,
+        0xC0, 0xBB, 0xF4, 0xB1, 0x5E, 0xF0, 0xB4, 0x6A,
+        0x8E, 0x3B, 0x6B, 0xAE, 0x0C, 0x6E, 0x9F, 0x09,
+        0x2E, 0xB3, 0xEF, 0x1D, 0x49, 0x62, 0x0B, 0x65,
+        0xE7, 0xDE, 0xDB, 0xEF, 0x68, 0x7E, 0xBD, 0x0E,
+        0xA0, 0x95, 0x97, 0x2A, 0x56, 0xA0, 0xEA, 0xFB,
+        0x2D, 0x75, 0xF4, 0x32, 0x1B, 0x80, 0xAC, 0xBC,
+        0xA3, 0x2B, 0x1B, 0x11, 0xAA, 0x57, 0x6F, 0xE4,
+        0xE0, 0xCC, 0xCC, 0x20, 0x52, 0x12, 0x65, 0x42,
+        0x96, 0xF0, 0x60, 0x8F, 0xF3, 0x83, 0x69, 0xAF,
+        0x19, 0x80, 0x75, 0x68, 0xDB, 0xE1, 0x71, 0xDB,
+        0x79, 0xEB, 0x8C, 0x1C, 0xB7, 0x6A, 0x8E, 0xB9,
+        0x5B, 0x28, 0x8C, 0x9D, 0xCC, 0x62, 0x0B, 0xEF,
+        0xCE, 0x96, 0x06, 0x0F, 0x45, 0xA6, 0xA2, 0xDA,
+        0xC2, 0x2F, 0x55, 0xE4, 0x7D, 0xC7, 0xBA, 0xB4,
+        0xA7, 0x93, 0xD9, 0x65, 0x8F, 0xE2, 0x7C, 0x66,
+        0x2C, 0xA6, 0x37, 0x00, 0x81, 0x30, 0xF1, 0x00,
+        0xD9, 0x65, 0xB4, 0x78, 0x17, 0x7A, 0xC6, 0xDC,
+        0x35, 0x93, 0x1A, 0x5E, 0xCC, 0x5F, 0x93, 0x31,
+        0x22, 0x40, 0x2C, 0x17, 0x0E, 0xB8, 0xE0, 0xA4,
+        0x1C, 0xB6, 0x3F, 0xE5, 0x60, 0x2F, 0x7B, 0x18,
+        0xE1, 0xDB, 0xB6, 0xDB, 0x30, 0xA7, 0x61, 0x55,
+        0xC6, 0xCF, 0x03, 0x0F, 0x73, 0x8D, 0xC0, 0x91,
+        0x6D, 0xB1, 0x80, 0xF8, 0x3F, 0x02, 0x90, 0x93,
+        0x11, 0xCB, 0x6B, 0x3B, 0x9E, 0x55, 0x3F, 0xAC,
+        0xA0, 0x52, 0x23, 0xB3, 0x3C, 0x69, 0x60, 0x2D,
+        0x0F, 0x05, 0xA0, 0x8B, 0xEB, 0x84, 0x80, 0x96,
+        0x51, 0x99, 0x9A, 0x55, 0x26, 0xE7, 0x76, 0xF3,
+        0xDE, 0x39, 0x30, 0x4A, 0x5F, 0xEF, 0x00, 0x95,
+        0x0A, 0x9A, 0x81, 0x0D, 0x12, 0xE0, 0x1D, 0x15,
+        0xD8, 0x86, 0xDB, 0x26, 0x75, 0xF6, 0x54, 0xCA,
+        0x17, 0xFA, 0xAE, 0xEB, 0xD1, 0xF5, 0x61, 0xF9,
+        0xD1, 0xA9, 0x5E, 0x0B, 0xAD, 0xF7, 0xC3, 0x31,
+        0x5A, 0xFA, 0xBA, 0x8D, 0x4B, 0xEC, 0x1F, 0x05,
+        0x42, 0xA8, 0xF1, 0x0A, 0xC6, 0x66, 0xFD, 0x8D,
+        0x0C, 0x5A, 0xF1, 0xD6, 0x86, 0x7A, 0x9D, 0x82,
+        0x6B, 0xFB, 0x6B, 0x03, 0x0B, 0x58, 0xEC, 0xEF,
+        0x67, 0x78, 0xD2, 0xC5, 0x2B, 0xF6, 0x2C, 0xB3,
+        0x4B, 0x81, 0xFF, 0x93, 0x6D, 0xA3, 0x3E, 0xDA,
+        0xB3, 0x1D, 0xB3, 0x9A, 0xB7, 0x63, 0x66, 0xD0,
+        0x94, 0x36, 0x2F, 0x04, 0x6D, 0x50, 0x78, 0xB4,
+        0x22, 0x35, 0x04, 0xA1, 0x2B, 0xA0, 0xC7, 0xB8,
+        0xE8, 0x83, 0x72, 0x77, 0x18, 0x50, 0x9B, 0xD4,
+        0x7A, 0x69, 0x6E, 0xE9, 0x88, 0x0C, 0xAF, 0xF6,
+        0x63, 0x61, 0x2B, 0x95, 0x86, 0x30, 0x3D, 0x6D,
+        0xE0, 0xD2, 0x1F, 0x9A, 0x21, 0x96, 0x22, 0x78,
+        0xEB, 0xCE, 0x60, 0xA6, 0xD4, 0x68, 0x44, 0x09,
+        0x5C, 0x5F, 0x89, 0x2D, 0xAC, 0xA4, 0x8D, 0x78,
+        0x28, 0x22, 0x45, 0x38, 0x34, 0xB4, 0xE4, 0x2C,
+        0xD3, 0xA1, 0xFE, 0x39, 0x87, 0x35, 0x6E, 0xAB,
+        0x11, 0xEF, 0xB8, 0xEE, 0xCD, 0x8E, 0x9C, 0xC8,
+        0xF3, 0x9A, 0x0F, 0xF1, 0xFF, 0xB8, 0x06, 0x9A,
+        0x44, 0x1F, 0x85, 0x1E, 0xB4, 0x38, 0xE9, 0xC0,
+        0xB5, 0x7E, 0x88, 0x18, 0xA3, 0x22, 0x65, 0x1E,
+        0x60, 0xF4, 0xB6, 0x78, 0x90, 0xE5, 0xED, 0x7A,
+        0x0F, 0xBF, 0x75, 0x36, 0xC3, 0xFD, 0x50, 0xD0,
+        0xB0, 0x65, 0x8D, 0x7C, 0xCF, 0x27, 0x5E, 0x8A,
+        0x9E, 0x9F, 0xBB, 0x99, 0xBE, 0x2E, 0x5F, 0x5E,
+        0x16, 0x7B, 0xE2, 0x90, 0xB7, 0xE9, 0x67, 0x32,
+        0xF8, 0x9E, 0x40, 0xD7, 0x85, 0xAF, 0x25, 0xC1,
+        0xBA, 0x61, 0xA7, 0x78, 0x6D, 0x3E, 0xF2, 0xD0,
+        0xC1, 0x14, 0xD1, 0x04, 0x8E, 0x76, 0x46, 0xDF,
+        0xA3, 0x03, 0x2B, 0xFB, 0x7A, 0x51, 0xA6, 0x36,
+        0x05, 0xDC, 0xE3, 0xE1, 0xD8, 0x98, 0x95, 0x00,
+        0xD6, 0xE5, 0x8E, 0x96, 0x05, 0x19, 0x93, 0x1D,
+        0xAC, 0x9F, 0x14, 0xDD, 0xA4, 0x28, 0xF5, 0xA2,
+        0xC9, 0xC7, 0x4D, 0x91, 0x6D, 0x90, 0x77, 0x07,
+        0xB5, 0x3E, 0xB5, 0x2C, 0x44, 0xAD, 0x71, 0xD7,
+        0x27, 0x82, 0x6E, 0xB2, 0xCA, 0x68, 0x07, 0x0A,
+        0x6F, 0x0E, 0x47, 0xFA, 0x16, 0xE5, 0x2E, 0x96,
+        0x29, 0xB7, 0xAA, 0x82, 0x41, 0xDA, 0xAB, 0xB1,
+        0x94, 0x97, 0xA5, 0x82, 0x4E, 0x58, 0xD7, 0x26,
+        0x75, 0xC3, 0xA6, 0x7E, 0x10, 0xA1, 0x19, 0xB2,
+        0x74, 0xB8, 0x4D, 0x9B, 0xEE, 0x28, 0x71, 0x72,
+        0x8E, 0xD2, 0xF9, 0x4F, 0x85, 0x59, 0xB9, 0x7F,
+        0x97, 0x9A, 0xE8, 0x82, 0xEA, 0x54, 0x99, 0x28,
+        0xD6, 0xB1, 0xA9, 0xA4, 0xE4, 0xA2, 0x29, 0xF6,
+        0xEB, 0x3F, 0xB1, 0xA4, 0x34, 0xA0, 0xFA, 0xED,
+        0xAD, 0x62, 0xB7, 0x03, 0x30, 0xCF, 0xCB, 0x24,
+        0xCB, 0x34, 0x98, 0x80, 0x2A, 0x67, 0x9F, 0x8F,
+        0x54, 0xBF, 0x83, 0xEF, 0x34, 0x47, 0x22, 0x96,
+        0x91, 0x98, 0x31, 0xCA, 0xAD, 0x59, 0xEB, 0xE8,
+        0x30, 0x82, 0xEA, 0xB6, 0x7D, 0x4A, 0xBD, 0x90,
+        0x22, 0x9A, 0x5E, 0x93, 0xA0, 0xB5, 0x80, 0x97,
+        0x7F, 0x08, 0x13, 0xCC, 0xB1, 0x5E, 0xCD, 0x74,
+        0xFF, 0x71, 0x5F, 0xE8, 0xDB, 0x5B, 0x05, 0xCE,
+        0xF3, 0x7D, 0x34, 0x93, 0xBE, 0xDA, 0x27, 0x05,
+        0x84, 0x94, 0x4C, 0x02, 0x09, 0x86, 0x34, 0x51,
+        0x4D, 0xAA, 0xCE, 0x70, 0x47, 0xE4, 0x74, 0x32,
+        0xF9, 0x2A, 0xDC, 0xA4, 0x91, 0xA3, 0xE0, 0x96,
+        0x1A, 0x5D, 0x9F, 0x01, 0x44, 0x85, 0x2E, 0x46,
+        0x32, 0x63, 0x35, 0xE2, 0x15, 0x24, 0x3D, 0xAA,
+        0xE8, 0x37, 0x92, 0x7F, 0xBF, 0xDC, 0xE6, 0x91,
+        0xF4, 0x98, 0x59, 0x26, 0x6E, 0x90, 0x08, 0x16,
+        0x8C, 0x6A, 0x5E, 0x2F, 0x60, 0x9C, 0x80, 0xC6,
+        0x8E, 0x08, 0x20, 0xE7, 0x27, 0x19, 0xE9, 0xB5,
+        0x87, 0x3F, 0xA1, 0x99, 0xE1, 0x97, 0xF9, 0xC4,
+        0x94, 0xAA, 0x8A, 0x3A, 0x65, 0x26, 0x9E, 0x95,
+        0xB7, 0x61, 0xB6, 0x7B, 0xEC, 0x61, 0x13, 0xC1,
+        0x44, 0xA5, 0x69, 0x89, 0xC5, 0x75, 0x0D, 0x45,
+        0x05, 0x42, 0xCC, 0xF8, 0x1B, 0x24, 0x62, 0x09,
+        0x2F, 0x70, 0x71, 0x5D, 0x49, 0x14, 0xEB, 0x2C,
+        0xAA, 0x31, 0x74, 0xBC, 0x9E, 0xEB, 0x20, 0xAA,
+        0xB6, 0xC6, 0x40, 0xF8, 0xB5, 0xD9, 0xC6, 0xA0,
+        0xDC, 0xC6, 0xF0, 0xAE, 0xC9, 0x7B, 0x3A, 0xF6,
+        0x47, 0xEB, 0xF8, 0x00, 0x34, 0xA4, 0x3B, 0xF3,
+        0x19, 0xBF, 0x40, 0xAD, 0xF7, 0x9A, 0xFE, 0xAB,
+        0x58, 0x90, 0xD2, 0x02, 0x3B, 0xAE, 0x02, 0xC9,
+        0xFD, 0x02, 0xC5, 0xBB, 0x65, 0x87, 0x9C, 0x1B,
+        0x5E, 0xA4, 0x06, 0x02, 0x9A, 0xE7, 0x78, 0x45,
+        0xCB, 0x99, 0x4D, 0xB8, 0xC3, 0x52, 0x11, 0xCA,
+        0x1D, 0xC8, 0x81, 0xF7, 0xF2, 0x0A, 0x47, 0x06,
+        0x50, 0x5F, 0x29, 0xD9, 0xCD, 0x19, 0x89, 0xAD,
+        0x42, 0xB0, 0x7E, 0xF5, 0x2D, 0x96, 0x54, 0xE2,
+        0x8E, 0x3D, 0xCB, 0x83, 0x00, 0x08, 0xA1, 0xBE,
+        0x31, 0x99, 0x38, 0x7E, 0x06, 0x6B, 0x28, 0xB3,
+        0x15, 0xCA, 0x19, 0x02, 0xF4, 0xBB, 0x0E, 0xE6,
+        0x3F, 0xDC, 0x4C, 0x93, 0xE1, 0xAB, 0x88, 0x6F,
+        0xD7, 0x42, 0x52, 0x61, 0xC3, 0x7A, 0xC5, 0x87,
+        0x62, 0xD0, 0x3D, 0xB6, 0x07, 0x06, 0x88, 0x7E,
+        0x72, 0xCF, 0x74, 0x5A, 0x44, 0x6D, 0xF6, 0xC6,
+        0x66, 0x2F, 0x53, 0xDD, 0x61, 0x24, 0x71, 0xA4,
+        0x34, 0xAC, 0x56, 0xC4, 0xBE, 0xDB, 0x3C, 0x9F,
+        0x36, 0x47, 0xE6, 0x03, 0x2B, 0x3C, 0xC0, 0x99,
+        0x0A, 0x3A, 0x2E, 0x87, 0x05, 0x2B, 0x36, 0xD4,
+        0xA1, 0x62, 0x42, 0x4E, 0x2D, 0x39, 0x9E, 0x1B,
+        0xC2, 0x37, 0x92, 0x8D, 0x0B, 0xD7, 0x71, 0x58,
+        0x07, 0x9C, 0xCB, 0x20, 0x8B, 0x71, 0x95, 0x07,
+        0x96, 0x55, 0xBD, 0xB7, 0x6C, 0xBA, 0xFF, 0x44,
+        0x7C, 0x34, 0xC5, 0x82, 0x9F, 0xAC, 0x19, 0x9B,
+        0xB0, 0x27, 0xA0, 0x80, 0x06, 0x50, 0x8D, 0x56,
+        0xC8, 0x1D, 0x18, 0x70, 0x90, 0xE7, 0x10, 0x24,
+        0xDB, 0x7F, 0xBF, 0x3A, 0x7D, 0x64, 0xD8, 0xFA,
+        0x48, 0x74, 0xA8, 0xF4, 0x70, 0x37, 0x7B, 0x15,
+        0x38, 0x00, 0x96, 0x82, 0x2F, 0xFE, 0x46, 0x55,
+        0x71, 0xB5, 0x0C, 0x54, 0x05, 0x58, 0xBA, 0x50,
+        0xE9, 0x0E, 0xB8, 0x14, 0x52, 0xF4, 0x12, 0x75,
+        0xC2, 0x51, 0x5B, 0xAE, 0x05, 0x92, 0xD5, 0x3F,
+        0x6A, 0x6A, 0x34, 0xD2, 0xA3, 0x4D, 0x8E, 0xAC,
+        0x6E, 0x7A, 0x03, 0xFB, 0xDB, 0x52, 0x49, 0x4F,
+        0x4B, 0x98, 0x1B, 0x56, 0xC0, 0x96, 0x26, 0x08,
+        0x48, 0x50, 0xC7, 0xCF, 0x96, 0x2F, 0x93, 0x10,
+        0x72, 0x25, 0x15, 0xA6, 0x2A, 0xC0, 0x85, 0xA6,
+        0x18, 0x9A, 0xDD, 0xEA, 0x38, 0x12, 0x91, 0x13,
+        0x57, 0x31, 0xB2, 0xEE, 0x83, 0xA4, 0xF1, 0xEB,
+        0xFA, 0x09, 0xAF, 0x80, 0xA9, 0x12, 0x68, 0xA8,
+        0x76, 0x23, 0xCB, 0x55, 0x7C, 0x9F, 0x66, 0xDE,
+        0xB4, 0x54, 0xFB, 0x2F, 0x4F, 0xC2, 0x64, 0x8F,
+        0x44, 0x41, 0x5A, 0x7B, 0xEF, 0x29, 0x96, 0x2D,
+        0x5F, 0x7C, 0x16, 0xE7, 0x85, 0x79, 0xF5, 0x26,
+        0xDD, 0x20, 0xE9, 0x20, 0x9B, 0x6C, 0xA6, 0xDF,
+        0xD1, 0x30, 0xF9, 0x2E, 0xF7, 0x24, 0x64, 0x5B,
+        0x5B, 0x84, 0xD8, 0x72, 0x4F, 0x3C, 0xF6, 0xF3,
+        0xA3, 0xB2, 0xA9, 0xCF, 0x61, 0x24, 0x7A, 0x54,
+        0xBA, 0x92, 0x8F, 0x53, 0xEA, 0xCB, 0xA7, 0xE6,
+        0xD6, 0xB8, 0x12, 0xC4, 0xCE, 0x21, 0xA1, 0x8B,
+        0xA8, 0xD1, 0x14, 0x50, 0xE7, 0x04, 0x89, 0xBA,
+        0x57, 0x2E, 0x5E, 0xB9, 0xA7, 0x72, 0x2D, 0x9D,
+        0xC6, 0xAA, 0xE4, 0xF9, 0x57, 0x93, 0x60, 0x09,
+        0xE2, 0x6E, 0xB3, 0xE7, 0x4D, 0x9F, 0x99, 0x33,
+        0xF3, 0xDB, 0x4D, 0xA0, 0xA1, 0xF5, 0x44, 0x93,
+        0x99, 0xB5, 0xE1, 0x01, 0x03, 0x11, 0xF8, 0x7D,
+        0x92, 0xC1, 0x87, 0xAD, 0x2E, 0xFA, 0xBB, 0x0A,
+        0x2C, 0x86, 0xB7, 0xD7, 0xF9, 0xA0, 0x72, 0xAB,
+        0xC0, 0xC6, 0x60, 0x6D, 0xBC, 0xD9, 0x20, 0x17,
+        0x7A, 0x22, 0x57, 0x20, 0xA7, 0x05, 0x76, 0xB8,
+        0xE8, 0x2D, 0x7D, 0x53, 0xC1, 0xDF, 0xA4, 0x8E,
+        0xA7, 0x31, 0x81, 0xAF, 0x0A, 0xF0, 0x86, 0xB6,
+        0xAA, 0xF8, 0x0A, 0xB2, 0x49, 0x81, 0xF2, 0x75,
+        0xD6, 0x6D, 0x4F, 0xBD, 0xE2, 0xC5, 0x1A, 0xE8,
+        0xE8, 0xD4, 0x58, 0x33, 0x72, 0x9F, 0x45, 0x03,
+        0x01, 0x30, 0xBC, 0x85, 0xB2, 0xBD, 0x9A, 0x14,
+        0xC8, 0x13, 0xA3, 0x7F, 0x1F, 0xA1, 0x47, 0xF8,
+        0x15, 0x48, 0x8D, 0x7A, 0x17, 0xC0, 0xC0, 0x39,
+        0xEA, 0xF8, 0x66, 0xCE, 0xA7, 0x5F, 0x5B, 0x2E,
+        0xBE, 0x05, 0xEF, 0x31, 0x09, 0x47, 0x2B, 0xA5,
+        0xF7, 0xCF, 0xCE, 0x4C, 0x35, 0x8B, 0x60, 0x80,
+        0x40, 0x0C, 0x5C, 0xC0, 0x85, 0x15, 0x14, 0x92,
+        0xD1, 0x3A, 0x5B, 0x00, 0x96, 0xA0, 0x63, 0x1F,
+        0xAA, 0x30, 0xCB, 0x48, 0xF2, 0xDA, 0x87, 0x3B,
+        0x85, 0x7D, 0xFD, 0xB3, 0x86, 0xD9, 0x33, 0x98,
+        0x18, 0x07, 0x34, 0x92, 0x55, 0x9A, 0x0E, 0xC2,
+        0xDA, 0xF3, 0x73, 0x8E, 0x15, 0x88, 0xB0, 0x98,
+        0x75, 0x1F, 0xF0, 0xFA, 0x1C, 0x87, 0x1B, 0x22,
+        0x23, 0x7E, 0x5C, 0xD1, 0x5B, 0x0E, 0x17, 0x28,
+        0xEA, 0x26, 0x71, 0x66, 0xC3, 0x8A, 0x71, 0x97,
+        0xB6, 0xCC, 0x7D, 0xAD, 0x39, 0x11, 0x6B, 0xE6,
+        0x1D, 0xF4, 0x33, 0x3C, 0xD7, 0xC2, 0xA4, 0x13,
+        0xDB, 0x30, 0x63, 0xD7, 0xF0, 0x22, 0x8C, 0x61,
+        0xFA, 0xDA, 0xC3, 0xF8, 0xC3, 0x31, 0xF4, 0x45,
+        0x09, 0xB4, 0xD6, 0x08, 0x53, 0x1F, 0x99, 0x5D,
+        0x15, 0xFA, 0xB1, 0x19, 0xD8, 0x47, 0xE6, 0xD8,
+        0x54, 0x95, 0x75, 0xB7, 0xD8, 0x50, 0xB2, 0x60,
+        0x0E, 0x4D, 0x13, 0x64, 0x6C, 0xF9, 0x6B, 0x6B,
+        0x9D, 0xA6, 0xC6, 0x2F, 0x2A, 0x80, 0xAE, 0x02,
+        0x58, 0xA8, 0xCD, 0x6E, 0xF4, 0xC5, 0x5E, 0xEA,
+        0x7E, 0x78, 0xD2, 0x0A, 0x46, 0x4A, 0x19, 0x4C,
+        0xEC, 0xBB, 0x01, 0xE7, 0x3F, 0x32, 0x76, 0xD6,
+        0x6E, 0x12, 0xAD, 0x37, 0x74, 0x51, 0xBB, 0xB9,
+        0x4E, 0x5C, 0x94, 0x88, 0x32, 0x59, 0x5F, 0x6B,
+        0x6E, 0x38, 0x2A, 0xD1, 0x42, 0xD9, 0xF1, 0xB8,
+        0x68, 0x97, 0x95, 0xE9, 0xEB, 0xC3, 0x2A, 0x5A,
+        0x10, 0x1E, 0x69, 0x6C, 0xA3, 0x4A, 0xBA, 0x00,
+        0x5B, 0x4C, 0xED, 0xA2, 0x7D, 0x12, 0x00, 0xFE,
+        0x48, 0xFD, 0x82, 0xC1, 0x72, 0x17, 0xE5, 0x08,
+        0xA8, 0x48, 0x4F, 0x03, 0x88, 0x34, 0x5C, 0x9D,
+        0xED, 0xE2, 0xA1, 0x39, 0x28, 0xFA, 0xC3, 0x29,
+        0x21, 0x84, 0x2F, 0x6E, 0x6A, 0xA5, 0xCF, 0xBF,
+        0x57, 0xFA, 0xA2, 0x8F, 0x43, 0xE0, 0x5E, 0x9A,
+        0x45, 0x23, 0x12, 0x50, 0x29, 0x11, 0xEF, 0x9C,
+        0x33, 0xC8, 0x11, 0xEB, 0xE7, 0xCA, 0xD7, 0x30,
+        0x62, 0x3D, 0xB7, 0x04, 0x8E, 0xC2, 0x18, 0xC7,
+        0xEA, 0x9D, 0xFC, 0x6E, 0x19, 0x65, 0xA9, 0x85,
+        0x7E, 0x92, 0x94, 0xC4, 0xE4, 0x7F, 0x4D, 0x96,
+        0x23, 0xCB, 0x74, 0xB6, 0x5F, 0x7B, 0xB5, 0x86,
+        0x22, 0x83, 0x8D, 0xC4, 0x4E, 0x16, 0xD9, 0x15,
+        0xD9, 0x59, 0x65, 0x55, 0xCA, 0x3D, 0x26, 0x1C,
+        0x9C, 0x2A, 0xFC, 0xCB, 0xAF, 0x5A, 0xC0, 0x3D,
+        0xE0, 0x91, 0xF0, 0xDB, 0xEA, 0xE1, 0xB4, 0xA7,
+        0xE3, 0xDE, 0xC4, 0x39, 0x09, 0x89, 0x67, 0x65,
+        0x77, 0xA0, 0x53, 0x68, 0x4F, 0x57, 0x86, 0x8D,
+        0x91, 0xFE, 0x6A, 0x5B, 0x7D, 0x3D, 0x7C, 0x79,
+        0x50, 0x78, 0x9E, 0x89, 0xD8, 0x38, 0x83, 0xBC,
+        0x3D, 0xAE, 0x55, 0xCA, 0x30, 0x78, 0xB0, 0x8D,
+        0x99, 0x18, 0x31, 0xBA, 0x91, 0x50, 0x2A, 0x5A,
+        0x33, 0x54, 0xB8, 0x8E, 0x15, 0x9B, 0x0A, 0xFF,
+        0xD2, 0x5B, 0x0D, 0xBB, 0x72, 0xBC, 0xD6, 0xF4,
+        0x04, 0x65, 0xDD, 0xFC, 0x00, 0xFF, 0x8B, 0x63,
+        0x39, 0xC0, 0x67, 0x09, 0x5D, 0x6C, 0x7C, 0xB0,
+        0x6F, 0x3B, 0xE7, 0x59, 0xC5, 0x27, 0x40, 0x39,
+        0x5D, 0xD1, 0x08, 0x29, 0x6F, 0x2B, 0xBC, 0x2E,
+        0x7A, 0x5D, 0xDD, 0xE3, 0xD1, 0xC3, 0x5D, 0x18,
+        0xBF, 0xBE, 0x39, 0x68, 0xEC, 0x59, 0xAB, 0xF8,
+        0x5C, 0x1B, 0xD2, 0x92, 0x8A, 0xB2, 0xAA, 0x67,
+        0x8A, 0x78, 0x91, 0x74, 0x6E, 0x88, 0xF4, 0x39,
+        0xF8, 0xB4, 0x38, 0x40, 0x31, 0xC3, 0xED, 0xB7,
+        0x31, 0x97, 0xE5, 0x2A, 0x4E, 0x77, 0x3D, 0x2D,
+        0x8B, 0x7B, 0xAD, 0xDC, 0x5D, 0xD0, 0xA7, 0xE4,
+        0x4C, 0x80, 0x8D, 0x73, 0xB8, 0x18, 0x1D, 0x19,
+        0x1C, 0x3C, 0x89, 0xFE, 0x15, 0xEA, 0x90, 0xD7,
+        0x56, 0x7E, 0x89, 0x16, 0xA3, 0x37, 0x83, 0x03,
+        0x05, 0x04, 0x1B, 0x1E, 0x94, 0xB3, 0xB4, 0x06,
+        0xDA, 0x4C, 0x36, 0xBE, 0xF0, 0x5D, 0x91, 0x00,
+        0xAB, 0x99, 0x2A, 0x4D, 0x56, 0x25, 0x33, 0x73,
+        0x0E, 0x0D, 0x8C, 0x05, 0x2B, 0x3A, 0x62, 0xD3,
+        0xF6, 0x9A, 0x83, 0xA0, 0xC9, 0xB2, 0x12, 0x4F,
+        0x12, 0xAE, 0x7D, 0xAC, 0xC9, 0x78, 0xC4, 0xA0,
+        0xAD, 0xCC, 0x2E, 0xBA, 0x2D, 0x80, 0xF4, 0x94,
+        0xAA, 0x16, 0xEC, 0x1E, 0x8E, 0x71, 0xC7, 0x9B,
+        0x02, 0xF3, 0x26, 0x1B, 0x6F, 0x98, 0x68, 0xB8,
+        0xD5, 0x7E, 0x9D, 0x16, 0xF4, 0x2B, 0x7C, 0xC6,
+        0x64, 0x06, 0x54, 0x9A, 0x27, 0x6D, 0x37, 0x14,
+        0x37, 0xDE, 0x88, 0xB7, 0xF3, 0x9E, 0x74, 0x08,
+        0x7C, 0xBB, 0xC5, 0x61, 0x16, 0x80, 0x31, 0x2D,
+        0xE8, 0xF0, 0xC3, 0x68, 0x14, 0xE1, 0x74, 0xF9,
+        0x1E, 0xB6, 0x00, 0xCC, 0x96, 0xE3, 0xCF, 0x51,
+        0xBB, 0x20, 0x25, 0x88, 0x77, 0xA2, 0xAA, 0xEB,
+        0x82, 0x7F, 0x7F, 0x5A, 0xDA, 0x80, 0x78, 0x6B,
+        0x50, 0x84, 0xC8, 0x02, 0xE6, 0x06, 0xDE, 0xF3,
+        0x88, 0xA3, 0x9C, 0xE4, 0xF0, 0xD5, 0xBC, 0x19,
+        0x39, 0x4C, 0xE8, 0x41, 0xE2, 0xD2, 0xAA, 0x74,
+        0x25, 0x23, 0x05, 0x80, 0xFA, 0x66, 0x75, 0xC5,
+        0x17, 0x41, 0xD1, 0x75, 0x87, 0x9B, 0x4D, 0x03,
+        0xC3, 0x90, 0xF6, 0x52, 0xA5, 0x03, 0xA7, 0x51,
+        0x6A, 0x1F, 0x07, 0x5E, 0x30, 0x82, 0xD5, 0x2C,
+        0x60, 0xB8, 0x64, 0x2A, 0x82, 0x40, 0xEE, 0x94,
+        0x4D, 0x5F, 0xB4, 0x27, 0x37, 0x6B, 0x40, 0xB0,
+        0xB2, 0x82, 0xE1, 0x9A, 0xB9, 0x08, 0xCC, 0xF2,
+        0x0C, 0xA9, 0x26, 0x11, 0x64, 0x90, 0xAF, 0xED,
+        0x57, 0xEA, 0xD0, 0xDC, 0x0C, 0x8E, 0x29, 0x6C,
+        0x79, 0xA4, 0x8D, 0x08, 0x8E, 0x83, 0x7A, 0xF0,
+        0x67, 0xDC, 0x02, 0x9E, 0xC6, 0x31, 0xF9, 0x93,
+        0x3E, 0xE4, 0xD2, 0x07, 0x46, 0xE6, 0x4E, 0x5F,
+        0x21, 0x67, 0x55, 0xA1, 0x38, 0x97, 0x4D, 0x30,
+        0x82, 0x93, 0x73, 0x6D, 0xC1, 0x86, 0x04, 0x27,
+        0x6C, 0xC4, 0x18, 0xBA, 0x69, 0xF8, 0x72, 0xB5,
+        0x8E, 0x7F, 0x6E, 0x3A, 0x8B, 0x84, 0x6E, 0xBA,
+        0xAE, 0xB3, 0x83, 0xE7, 0xF8, 0x90, 0xF5, 0x4E,
+        0x77, 0xF5, 0xD7, 0xF5, 0xD4, 0xA5, 0x8D, 0xB7,
+        0x83, 0xEC, 0xA0, 0x49, 0xF1, 0x86, 0x17, 0x12,
+        0x82, 0xBA, 0xC2, 0x60, 0x7D, 0x51, 0xB2, 0x98,
+        0xB1, 0x49, 0x38, 0xEF, 0xB1, 0x92, 0x8F, 0xC8,
+        0xD0, 0x78, 0x06, 0xE8, 0xC3, 0xE7, 0x3B, 0x46,
+        0x46, 0xBC, 0xF1, 0x68, 0x90, 0xCC, 0x13, 0x80,
+        0xE7, 0xB6, 0x33, 0x50, 0x2B, 0x3E, 0xAD, 0xA4,
+        0x47, 0x75, 0x02, 0xE2, 0x46, 0x7C, 0xFD, 0xB9,
+        0xAC, 0xBD, 0x1C, 0x72, 0xBC, 0x6A, 0xEB, 0x4F,
+        0x41, 0xE1, 0xC2, 0x3C, 0x63, 0x68, 0x39, 0xE3,
+        0x57, 0x13, 0x5F, 0x76, 0xBC, 0x39, 0xC4, 0xF9,
+        0xAC, 0x1C, 0xE8, 0xF1, 0xBE, 0xEF, 0xEB, 0xFF,
+        0x87, 0x59, 0xE8, 0xF7, 0x19, 0x65, 0xD4, 0x85,
+        0x4B, 0xEA, 0xAD, 0x0A, 0xFE, 0xDC, 0xA9, 0xD4,
+        0xD6, 0xBD, 0x1E, 0x63, 0xD3, 0x48, 0xA4, 0x2C,
+        0xEE, 0xFF, 0xC1, 0x70, 0xD0, 0xEE, 0x9F, 0x13,
+        0x6F, 0x5B, 0xE9, 0x90, 0x14, 0x66, 0x92, 0x61,
+        0x22, 0xF9, 0x48, 0xBD, 0xDE, 0x2A, 0x91, 0x07,
+        0xD2, 0xA9, 0x8B, 0xA2, 0xDE, 0xA6, 0xD6, 0xF2,
+        0xDA, 0x17, 0x72, 0x47, 0x02, 0xEC, 0x51, 0x8C,
+        0x03, 0x75, 0x3D, 0x51, 0xEA, 0x83, 0x1E, 0x95,
+        0xCB, 0x87, 0x08, 0xD5, 0xDE, 0xC8, 0x22, 0xDB,
+        0x73, 0x7E, 0x44, 0x14, 0x3C, 0x86, 0xF4, 0x71,
+        0x77, 0xD8, 0x5C, 0xD0, 0x98, 0xC2, 0x1B, 0x9B,
+        0xC8, 0x00, 0xDF, 0xA9, 0xDC, 0x26, 0xFD, 0xC2,
+        0x61, 0xE9, 0x21, 0xDE, 0x00, 0x2D, 0x81, 0xC1,
+        0x59, 0xF8, 0xEB, 0x1F, 0xEE, 0x67, 0x67, 0x9D,
+        0x62, 0x1E, 0xCE, 0x6B, 0x36, 0xD0, 0x1C, 0x77,
+        0x5A, 0x16, 0x45, 0xD5, 0x22, 0x92, 0xB4, 0xB2,
+        0xB8, 0x22, 0x73, 0x18, 0x77, 0x2A, 0x80, 0x91,
+        0xE9, 0xEC, 0x01, 0x70, 0x13, 0xB1, 0x95, 0xEB,
+        0xF4, 0xEF, 0x20, 0x1F, 0x4E, 0x88, 0x1C, 0x49,
+        0x36, 0x33, 0xC0, 0x7F, 0x27, 0xC9, 0x79, 0x0D,
+        0xD8, 0xAE, 0xCC, 0x94, 0x49, 0xCF, 0x63, 0xBC,
+        0xB1, 0x19, 0x46, 0x16, 0x9A, 0xCF, 0xF3, 0x95,
+        0x42, 0x26, 0x6B, 0x0C, 0x66, 0x85, 0xBB, 0xB0,
+        0x80, 0xB5, 0x9F, 0x11, 0x7E, 0xEB, 0x2A, 0x73,
+        0x38, 0x2B, 0x3D, 0x18, 0x7C, 0x06, 0x80, 0xC5,
+        0xAE, 0x70, 0x90, 0x70, 0xDF, 0x03, 0xA0, 0x08,
+        0xA7, 0xAD, 0x13, 0x22, 0x6F, 0x3C, 0x37, 0x15,
+        0x39, 0x20, 0x52, 0xF2, 0x44, 0x1B, 0x4A, 0x17,
+        0x8D, 0x7C, 0xF7, 0x05, 0x18, 0x33, 0x9C, 0xFF,
+        0xBB, 0x54, 0xA6, 0xD9, 0xB9, 0xCD, 0xE3, 0xB0,
+        0xB5, 0x7D, 0xBC, 0x79, 0xF4, 0xE4, 0x7A, 0xD6,
+        0x27, 0x4C, 0xE2, 0x18, 0x0C, 0x92, 0xAC, 0x64,
+        0x10, 0xE5, 0x0D, 0x05, 0xF6, 0x66, 0x5A, 0x57,
+        0xD4, 0xD4, 0x47, 0x6C, 0x2C, 0x0E, 0x6E, 0xE0,
+        0x75, 0x7A, 0x3A, 0xFE, 0xA2, 0xB1, 0xBF, 0x86,
+        0xA5, 0x51, 0xEF, 0x98, 0xAA, 0x1D, 0xFC, 0xBA,
+        0x96, 0x31, 0x59, 0x59, 0x45, 0x2B, 0x2B, 0x3A,
+        0x2F, 0xCB, 0xBB, 0x95, 0x5C, 0xB3, 0xFA, 0x1E,
+        0xEB, 0xBB, 0x83, 0xBD, 0x17, 0x87, 0x67, 0xC0,
+        0x2E, 0xFB, 0xBE, 0xFF, 0x6C, 0x7E, 0xEF, 0x94,
+        0xB5, 0x5D, 0xF8, 0x83, 0x1D, 0xDF, 0xB7, 0xB2,
+        0x02, 0xCE, 0x7D, 0xE0, 0x55, 0xEA, 0xF9, 0x92,
+        0x8A, 0xDA, 0xF6, 0xED, 0x0E, 0x31, 0x59, 0xCA,
+        0x56, 0xC4, 0x83, 0xFA, 0x3B, 0xA3, 0xD2, 0x47,
+        0x8C, 0xA3, 0x94, 0x82, 0x4C, 0xEE, 0x6A, 0xBD,
+        0x59, 0x67, 0x09, 0x53, 0xEE, 0x80, 0xD3, 0x83,
+        0xAA, 0xA6, 0x08, 0xE1, 0x58, 0x51, 0x13, 0x5C,
+        0x1C, 0xDE, 0xEE, 0xB5, 0xF6, 0xA8, 0x89, 0x7C,
+        0x3C, 0x9E, 0x06, 0x6A, 0xB4, 0x73, 0x4F, 0xDD,
+        0xFA, 0xBC, 0x3B, 0xC3, 0xBA, 0x12, 0x06, 0xBA,
+        0x54, 0x34, 0xDC, 0xDE, 0xDB, 0x9D, 0x8B, 0x3A,
+        0x81, 0xA2, 0xE6, 0x38, 0x14, 0x6D, 0x83, 0xF1,
+        0x4F, 0x06, 0xE5, 0x60, 0x99, 0xC0, 0xC8, 0xA0,
+        0xFC, 0xCD, 0xB9, 0xEC, 0xF0, 0xF3, 0xD8, 0x8D,
+        0xE3, 0x79, 0x2F, 0x2D, 0x0B, 0x65, 0x1B, 0x61,
+        0x9C, 0x57, 0x1B, 0x69, 0xF4, 0xBF, 0x8E, 0x7C,
+        0xD1, 0x91, 0x0F, 0x26, 0x6A, 0x4D, 0xAD, 0xF8,
+        0xC2, 0xAB, 0xB4, 0xAC, 0x05, 0xBD, 0x1F, 0xBA,
+        0x05, 0x8C, 0x03, 0x94, 0xC0, 0x16, 0xDE, 0xE6,
+        0x0C, 0x66, 0x40, 0x1A, 0x17, 0xD1, 0x34, 0x59,
+        0x54, 0x79, 0x33, 0x38, 0x9A, 0x35, 0x65, 0x69,
+        0xAD, 0xA5, 0x32, 0xC9, 0xF4, 0x87, 0x69, 0x88,
+        0x55, 0xA4, 0xD7, 0xBC, 0xCD, 0x0E, 0xF6, 0x95,
+        0x31, 0x09, 0x4D, 0xA4, 0x08, 0x6F, 0x52, 0xBF,
+        0x98, 0xCD, 0xC9, 0xA4, 0xB0, 0xBC, 0x88, 0x8D,
+        0xC3, 0x89, 0x1A, 0x76, 0x09, 0x6C, 0x7C, 0x48,
+        0x34, 0x90, 0xE9, 0x52, 0x32, 0x6A, 0xE4, 0x02,
+        0xD8, 0xDF, 0xD2, 0xF3, 0xDC, 0xCF, 0x1A, 0xA5,
+        0xD7, 0xBD, 0x69, 0x8E, 0x2A, 0xA8, 0x8D, 0x29,
+        0x48, 0x13, 0xA8, 0x8F, 0xD3, 0x18, 0x66, 0xBC,
+        0xA1, 0x1B, 0x3B, 0x91, 0xC0, 0x09, 0xEE, 0xB6,
+        0x67, 0x60, 0x1C, 0xEE, 0xAF, 0xAF, 0xE9, 0x7C,
+        0x56, 0xFA, 0x33, 0xF9, 0x38, 0x1F, 0x3E, 0x43,
+        0x29, 0x90, 0x1A, 0xC3, 0xB7, 0xEA, 0x70, 0x32,
+        0xC0, 0x19, 0xE5, 0xC8, 0xA8, 0xEF, 0xD7, 0x04,
+        0x4C, 0x97, 0x36, 0x44, 0xAF, 0x2B, 0xE4, 0x20,
+        0xA0, 0x33, 0xC6, 0xC2, 0xC7, 0xCE, 0x0C, 0xEA,
+        0x39, 0x34, 0xDC, 0x18, 0xB4, 0x2A, 0xDF, 0xD7,
+        0xA8, 0x46, 0xF4, 0x2D, 0xD4, 0x06, 0x86, 0x6A,
+        0x39, 0x09, 0x29, 0x02, 0x6A, 0xDE, 0x5C, 0x79,
+        0x1B, 0x5F, 0x61, 0xF9, 0x42, 0xB1, 0x55, 0x07,
+        0x7D, 0x82, 0xF2, 0xAF, 0xCC, 0xFF, 0xF8, 0x5B,
+        0x04, 0x06, 0x64, 0x7A, 0x96, 0x27, 0xE3, 0x69,
+        0x5D, 0x4B, 0xEA, 0x3D, 0x58, 0xA6, 0x3E, 0x17,
+        0x18, 0xD1, 0x84, 0xE4, 0x6B, 0x5F, 0x4B, 0xC8,
+        0x41, 0x03, 0x34, 0xA4, 0x09, 0x5D, 0x0F, 0xAF,
+        0x30, 0x6F, 0xB9, 0xDC, 0x10, 0x94, 0x25, 0xC3,
+        0x16, 0x52, 0xD0, 0x6F, 0xF0, 0x51, 0xA1, 0x62,
+        0xEE, 0x2B, 0x7B, 0x1C, 0x54, 0xD6, 0xC7, 0xDE,
+        0xD6, 0xE3, 0x95, 0xAA, 0xD1, 0xA8, 0x6D, 0x03,
+        0xB1, 0xB6, 0xC8, 0x00, 0x76, 0x7E, 0xC1, 0x44,
+        0x12, 0xEE, 0xCE, 0x13, 0x46, 0x20, 0xA6, 0x1D,
+        0x36, 0x9A, 0xF4, 0x9E, 0x21, 0xB0, 0xD1, 0x4B,
+        0xC4, 0x23, 0x06, 0x49, 0xCD, 0xD3, 0xE9, 0xFD,
+        0x84, 0x7A, 0xE5, 0x0B, 0xE9, 0x62, 0xEF, 0xC8,
+        0xCB, 0x0F, 0x33, 0x9F, 0x9E, 0x6D, 0x32, 0x47,
+        0x53, 0x3B, 0xDE, 0xD8, 0x71, 0x1D, 0x46, 0x1D,
+        0x4A, 0xF2, 0xAE, 0x3F, 0xDD, 0x1D, 0x7D, 0x2A,
+        0x28, 0x9C, 0x78, 0xCB, 0x19, 0xF3, 0xCD, 0xC2,
+        0x14, 0x2B, 0xF5, 0x2B, 0x23, 0xE6, 0xA2, 0x7B,
+        0x39, 0xD6, 0x99, 0x54, 0x3C, 0x3D, 0x63, 0x9B,
+        0x9C, 0x72, 0xCA, 0x80, 0xB3, 0x7E, 0xA2, 0x77,
+        0x5B, 0x5E, 0x26, 0x81, 0xF0, 0xDD, 0x01, 0xDF,
+        0xF0, 0xC0, 0x55, 0x13, 0x36, 0x90, 0x62, 0xFE
+    };
+    static const byte msg_87[] = {
+        0x9E, 0xFF, 0x34, 0x15, 0x06, 0xD1, 0x8B, 0xCB,
+        0x27, 0xA7, 0xFC, 0x4E, 0xAA, 0xBF, 0x5A, 0x7C,
+        0x4A, 0x59, 0x37, 0x77, 0x19, 0x6F, 0x66, 0x4B,
+        0xCE, 0x31, 0x6C, 0x95, 0x5B, 0x83, 0x5A, 0xD4,
+        0xC9, 0xF5, 0xDE, 0x9A, 0x2B, 0xF8, 0x96, 0x15,
+        0xDA, 0xCB, 0x9C, 0x1E, 0x61, 0x8C, 0x78, 0xE7,
+        0x11, 0x44, 0xCD, 0x4B, 0x70, 0x46, 0xF4, 0x7D,
+        0x9A, 0x60, 0x0E, 0x9C, 0xE6, 0x65, 0x96, 0xC4,
+        0xC5, 0x5E, 0xDA, 0x23, 0xA6, 0x6C, 0xC1, 0x18,
+        0xA4, 0xA7, 0xBD, 0x0D, 0xED, 0x00, 0xAB, 0xDD,
+        0xCE, 0x53, 0xFB, 0xF2, 0x48, 0x20, 0x33, 0xA4,
+        0x18, 0x85, 0x06, 0xEC, 0x11, 0x3B, 0xBD, 0x98,
+        0xD9, 0x89, 0x1F, 0x0D, 0x69, 0x46, 0x3A, 0x0D,
+        0x36, 0x15, 0x6B, 0xA3, 0xEA, 0x0D, 0x02, 0xA1,
+        0x4C, 0x1F, 0xD7, 0xA3, 0xFE, 0x70, 0x4E, 0xE5,
+        0x6B, 0x44, 0x6A, 0xE1, 0x79, 0xF7, 0x2E, 0x10,
+        0x4A, 0xA8, 0x1A, 0xF0, 0xA2, 0xF8, 0xFC, 0xA6,
+        0xF6, 0xF9, 0x62, 0x96, 0x05, 0x9E, 0xE8, 0x82,
+        0x66, 0x80, 0xE4, 0x3F, 0x4B, 0x07, 0x40, 0xF4,
+        0x7A, 0xC1, 0x05, 0x66, 0xED, 0x31, 0x07, 0x99,
+        0xAC, 0x71, 0x41, 0xD3, 0x8F, 0x69, 0x21, 0x31,
+        0x5F, 0x23, 0xAB, 0x3E, 0x64, 0xC8, 0xA7, 0x70,
+        0xAA, 0x57, 0x12, 0x80, 0x90, 0xDB, 0x82, 0x8C,
+        0x7B, 0xAA, 0x59, 0xC3, 0x29, 0x5C, 0xCA, 0xA2,
+        0x38, 0xC7, 0x5F, 0xAC, 0x0F, 0x93, 0xDA, 0x79,
+        0x00, 0x74, 0x1B, 0xCD, 0x94, 0xBB, 0x9F, 0xD3,
+        0x85, 0x2E, 0xC2, 0xB7, 0xD3, 0x3F, 0x60, 0x0B,
+        0x1D, 0x51, 0x66, 0x6A, 0xE2, 0x22, 0xA5, 0x7A,
+        0xF1, 0x40, 0xFA, 0x04, 0x9C, 0x2C, 0x9F, 0x6D,
+        0x0F, 0xE6, 0xC0, 0xF1, 0xE7, 0xA0, 0xDD, 0xE1,
+        0x14, 0x3B, 0xE5, 0xCE, 0xD7, 0xBB, 0xE2, 0x32,
+        0xCB, 0xFB, 0xD8, 0xAE, 0x00, 0xEA, 0x5F, 0xC1,
+        0x65, 0x02, 0x6D, 0x72, 0x9D, 0xB3, 0x0F, 0x6A,
+        0xFD, 0x99, 0x73, 0xB6, 0x72, 0x2C, 0x07, 0xF6,
+        0x00, 0x66, 0x54, 0x41, 0xE3, 0x0B, 0x7C, 0x5F,
+        0xB2, 0x97, 0xB8, 0xAB, 0x96, 0x9C, 0x06, 0x83,
+        0x9D, 0x33, 0x1D, 0xEE, 0x96, 0xDE, 0x48, 0x68,
+        0x7D, 0xC9, 0xDA, 0x53, 0x1A, 0x95, 0xCA, 0x83,
+        0xA7, 0x6F, 0x4B, 0x07, 0x6D, 0xFC, 0xF4, 0x83,
+        0xF0, 0x04, 0x50, 0xE5, 0x1C, 0x8D, 0x34, 0xD8,
+        0xED, 0x8E, 0x4B, 0x3D, 0xAF, 0xAE, 0x66, 0x4B,
+        0x6D, 0xC1, 0x3E, 0xD8, 0x8E, 0x6D, 0x63, 0x02,
+        0x7D, 0xD4, 0x38, 0xCB, 0x74, 0xF4, 0x12, 0xE8,
+        0x70, 0xCC, 0x9D, 0xFD, 0x29, 0xB5, 0x2A, 0xBC,
+        0xA1, 0x69, 0xC1, 0x7E, 0x97, 0x47, 0x58, 0xE0,
+        0x3A, 0xC0, 0xFB, 0x7F, 0xE5, 0x64, 0x50, 0x8E,
+        0x01, 0x7A, 0x9B, 0x47, 0x49, 0xD6, 0x41, 0xAF,
+        0x0D, 0xE3, 0x84, 0x08, 0x8F, 0xA0, 0x0C, 0x69,
+        0x40, 0x23, 0x3D, 0xDE, 0xFB, 0x65, 0x7C, 0x18,
+        0x1C, 0x82, 0xA1, 0xB6, 0xA3, 0x1F, 0xCC, 0xF4,
+        0xD5, 0x2C, 0x9D, 0x35, 0x1E, 0x6B, 0xDF, 0xDF,
+        0x48, 0xBC, 0xE4, 0x14, 0x60, 0x74, 0x62, 0xDB,
+        0x76, 0x9F, 0x9E, 0xB1, 0x59, 0x25, 0xBA, 0x9F,
+        0xAF, 0xBA, 0xB2, 0x29, 0xB5, 0x89, 0x6B, 0xF1,
+        0xF8, 0xE4, 0x7D, 0xF1, 0x7C, 0x82, 0x08, 0xDF,
+        0xD5, 0x96, 0x04, 0xB6, 0x05, 0x2C, 0xD2, 0xCE,
+        0xAB, 0x56, 0x40, 0x0F, 0x11, 0xC4, 0xD9, 0x52,
+        0x1E, 0x1A, 0xB8, 0x27, 0x4A, 0xB5, 0x76, 0x4C,
+        0x73, 0xE9, 0x41, 0x32, 0x42, 0x0E, 0x32, 0xB6,
+        0xAE, 0xB0, 0x76, 0x33, 0x78, 0xD9, 0xBA, 0x68,
+        0xE1, 0xFC, 0xDE, 0x2B, 0xD6, 0xDE, 0xDA, 0x39,
+        0x17, 0xC0, 0x00, 0xAF, 0x39, 0xB7, 0x8F, 0x4C,
+        0xCA, 0x7C, 0x8F, 0xBF, 0x94, 0xB4, 0xCB, 0x8A,
+        0x81, 0x16, 0xEE, 0xEC, 0xFE, 0xF0, 0x13, 0x1E,
+        0xC9, 0xF2, 0xDE, 0xDA, 0x01, 0x40, 0xC9, 0x02,
+        0xA8, 0xD6, 0xE6, 0x0E, 0x98, 0xB3, 0xCD, 0x9D,
+        0x9C, 0x75, 0x24, 0x8B, 0xF8, 0x84, 0x5A, 0xC0,
+        0xD7, 0xE0, 0x6B, 0xA0, 0xE1, 0x83, 0x10, 0xFE,
+        0xCE, 0x98, 0x62, 0x07, 0x54, 0x2C, 0xC1, 0xEE,
+        0x08, 0x88, 0x43, 0xEF, 0x74, 0xA2, 0x6A, 0xEC,
+        0xB6, 0xD0, 0x6F, 0x0F, 0xEF, 0xE1, 0xB7, 0x2C,
+        0xF9, 0x33, 0x06, 0xC3, 0x2E, 0xD2, 0x8A, 0xEC,
+        0xC5, 0x5B, 0xB1, 0x03, 0xA0, 0x84, 0x6D, 0x0C,
+        0x84, 0x13, 0x6D, 0xB0, 0xB0, 0x54, 0xF3, 0xDE,
+        0xA3, 0x9A, 0x72, 0x6C, 0x6F, 0xD6, 0x59, 0x7F,
+        0x9B, 0x03, 0x8C, 0xC2, 0x38, 0x46, 0x01, 0x76,
+        0x38, 0xF4, 0x43, 0x68, 0x81, 0x0D, 0x86, 0x29,
+        0x3D, 0xDF, 0xE5, 0x48, 0x61, 0x53, 0x2F, 0x85,
+        0xF5, 0x3F, 0x09, 0x30, 0x48, 0xC3, 0xE0, 0x09,
+        0xC4, 0x32, 0x11, 0x27, 0xAD, 0xAA, 0xEC, 0x6A,
+        0x5C, 0xCE, 0x03, 0xE0, 0xD9, 0xE9, 0x1D, 0xAC,
+        0xCA, 0xBB, 0x2F, 0x50, 0xE0, 0x1E, 0xB2, 0xAC,
+        0x2B, 0x39, 0x6D, 0x24, 0xB0, 0x5D, 0x45, 0x3B,
+        0xD5, 0x1D, 0x52, 0x9F, 0xBA, 0x51, 0xE4, 0x6D,
+        0x30, 0xC5, 0x66, 0x13, 0x00, 0x5A, 0xBF, 0x62,
+        0x63, 0xB9, 0x8D, 0x8D, 0xFE, 0xB5, 0x26, 0x16,
+        0xD1, 0xCB, 0x78, 0x92, 0x18, 0x1C, 0x2F, 0xC2,
+        0xE2, 0x04, 0x3B, 0x99, 0x4C, 0x81, 0x66, 0x58,
+        0x48, 0x2E, 0x06, 0x06, 0x34, 0x83, 0x78, 0xA3,
+        0xCC, 0x85, 0x40, 0xE0, 0x20, 0x27, 0x3F, 0x10,
+        0xB6, 0x9E, 0x20, 0x21, 0xA9, 0x2D, 0x9C, 0x36,
+        0xCC, 0x9B, 0x97, 0x79, 0xFE, 0x8C, 0xE7, 0xA4,
+        0x99, 0xAE, 0xB5, 0x3E, 0xC6, 0xDD, 0xB4, 0xF2,
+        0xEC, 0x22, 0xBF, 0xB4, 0x52, 0xFC, 0x5E, 0x79,
+        0x7D, 0x3A, 0x25, 0x33, 0x26, 0x00, 0x06, 0xFE,
+        0x6D, 0xCC, 0xE4, 0xE9, 0x76, 0x65, 0xC6, 0x8C,
+        0x39, 0x93, 0xDC, 0x7E, 0xA0, 0xBD, 0x4B, 0xDC,
+        0xD2, 0x47, 0x21, 0xB0, 0x2B, 0x09, 0x02, 0xB1,
+        0x84, 0x0D, 0xDE, 0xC5, 0x18, 0x20, 0x38, 0x76,
+        0x2D, 0x55, 0xFC, 0x11, 0xB9, 0x87, 0x3A, 0x0D,
+        0xD2, 0xEB, 0xBD, 0x55, 0xAD, 0xE3, 0x86, 0x5C,
+        0xFF, 0x3D, 0x54, 0x5F, 0x76, 0x33, 0x53, 0x69,
+        0xDD, 0x9E, 0x70, 0xB0, 0x73, 0x99, 0x77, 0xF6,
+        0xE9, 0x8A, 0x61, 0x27, 0x19, 0x4A, 0x19, 0x26,
+        0xA6, 0x97, 0xE4, 0x7F, 0x73, 0xE0, 0x4F, 0xF5,
+        0xBD, 0x52, 0x5E, 0x8F, 0x17, 0x22, 0x00, 0x8F,
+        0x7C, 0x15, 0x5C, 0xD3, 0xAD, 0xE0, 0xA5, 0xB6,
+        0x6A, 0x31, 0x36, 0xFD, 0xD8, 0x44, 0xAE, 0x5E,
+        0xCD, 0x6C, 0x82, 0x77, 0xC3, 0xD0, 0x7F, 0x39,
+        0x72, 0x1E, 0x91, 0x19, 0x50, 0xE1, 0x28, 0x20,
+        0x88, 0x3A, 0x6B, 0xC8, 0xA9, 0xE7, 0x93, 0x28,
+        0x0F, 0xA7, 0x4F, 0xF2, 0x1A, 0xC2, 0x13, 0x4E,
+        0x6B, 0xAE, 0x71, 0x3F, 0x43, 0x89, 0xC9, 0xE7,
+        0xDD, 0x05, 0xBB, 0x41, 0x09, 0xB5, 0x5E, 0xB9,
+        0x23, 0x51, 0xC0, 0xEB, 0x92, 0x1A, 0x0C, 0x3F,
+        0xAC, 0xC5, 0x00, 0x8C, 0xB8, 0x5C, 0x3F, 0x2D,
+        0x5F, 0x9A, 0xCE, 0xAE, 0x9B, 0x4B, 0x71, 0x48,
+        0x25, 0xFD, 0xE2, 0xB6, 0x26, 0x3F, 0xEE, 0x10,
+        0x33, 0x07, 0x4F, 0x59, 0xF0, 0x73, 0xE9, 0x39,
+        0x5C, 0x0D, 0x8B, 0xB5, 0xD1, 0xEF, 0xE5, 0xBF,
+        0xBB, 0xE1, 0x80, 0xF7, 0xC5, 0x91, 0xC1, 0x72,
+        0xAA, 0xB0, 0x5E, 0x7C, 0x53, 0x69, 0x4C, 0x37,
+        0x7A, 0xD2, 0x7B, 0x9D, 0x1C, 0xFA, 0x0F, 0xE0,
+        0x92, 0x93, 0x40, 0x5D, 0xBE, 0x1C, 0xF8, 0x84,
+        0x7A, 0x35, 0x1F, 0x72, 0x77, 0x68, 0xE2, 0xAF,
+        0xA5, 0x6B, 0x54, 0xFF, 0x53, 0x7C, 0xCD, 0x9D,
+        0x6A, 0x49, 0xD1, 0xCA, 0x74, 0x5F, 0xF5, 0xDB,
+        0x54, 0xF8, 0x60, 0xA7, 0x41, 0x66, 0xDE, 0xFF,
+        0xB0, 0xB2, 0xF9, 0x21, 0x06, 0xB7, 0x81, 0x4C,
+        0x9C, 0xEF, 0xFD, 0x11, 0xD5, 0x63, 0xD8, 0xF3,
+        0x3A, 0x81, 0xC4, 0x9D, 0x1B, 0xA8, 0x37, 0x73,
+        0x57, 0x26, 0x29, 0xF8, 0xB4, 0x7F, 0x9F, 0xA2,
+        0x7D, 0x2A, 0x63, 0x2C, 0x70, 0x08, 0x1E, 0x2E,
+        0xE7, 0xED, 0x73, 0xAB, 0xD2, 0x4C, 0x02, 0x7E,
+        0xF1, 0x15, 0x26, 0xE1, 0x09, 0x5C, 0x29, 0x13,
+        0xDF, 0x69, 0x29, 0x25, 0xE5, 0x68, 0x39, 0x10,
+        0x9B, 0xD0, 0x5E, 0xD8, 0xE2, 0xC9, 0x08, 0x61,
+        0x63, 0xCD, 0xF9, 0x45, 0xBC, 0x16, 0xDC, 0x80,
+        0x4C, 0x0F, 0x61, 0xEE, 0x8F, 0x3B, 0x72, 0xDB,
+        0x02, 0x45, 0xF6, 0x78, 0x69, 0x81, 0xFC, 0xE0,
+        0x32, 0x2F, 0xC2, 0xAF, 0xCD, 0x4E, 0x8E, 0x52,
+        0x03, 0xB5, 0x1C, 0x7C, 0x37, 0x2C, 0x58, 0xD5,
+        0xE2, 0x92, 0xA7, 0xE2, 0x49, 0x6C, 0x3F, 0x5D,
+        0x7F, 0x2B, 0x26, 0x70, 0x1C, 0x0C, 0x16, 0x7F,
+        0x49, 0x30, 0x71, 0x14, 0xEB, 0xBE, 0x13, 0xF4,
+        0xF1, 0xAA, 0x5A, 0xCF, 0x98, 0xF2, 0x07, 0x29,
+        0xB5, 0x12, 0x84, 0x80, 0x01, 0x46, 0x11, 0xA4,
+        0x44, 0xAE, 0x6D, 0xE0, 0x43, 0x7F, 0xFD, 0x5D,
+        0x84, 0xB5, 0x6E, 0x3E, 0x55, 0x0D, 0xE8, 0x66,
+        0x13, 0xA9, 0x28, 0x5A, 0x10, 0x84, 0x0B, 0xED,
+        0x0B, 0x69, 0xF0, 0x19, 0x69, 0x9B, 0x34, 0xB8,
+        0x6F, 0xC6, 0x22, 0xD3, 0x25, 0x26, 0x9D, 0x1A,
+        0x04, 0x6B, 0x53, 0xA4, 0xDF, 0x12, 0x93, 0xA5,
+        0x2C, 0xEE, 0x1C, 0x35, 0xFE, 0x81, 0x6B, 0x67,
+        0x81, 0x92, 0x07, 0xE0, 0x9A, 0x02, 0xC9, 0xD8,
+        0x59, 0x4D, 0x51, 0xE8, 0xB3, 0x14, 0x55, 0x2F,
+        0xDE, 0x26, 0xDB, 0x7C, 0xEB, 0x8D, 0x80, 0x12,
+        0x4A, 0x8A, 0x1C, 0x33, 0x74, 0x8E, 0x05, 0xC1,
+        0xAF, 0xD6, 0xE8, 0x7B, 0x56, 0x7C, 0x41, 0xE0,
+        0xE7, 0x3F, 0x32, 0x5F, 0x25, 0xDD, 0x2F, 0x48,
+        0x21, 0x90, 0xC4, 0x04, 0x42, 0x1A, 0x3D, 0x6A,
+        0x0E, 0x5D, 0x5C, 0xDB, 0xE2, 0xB0, 0x18, 0x8B,
+        0xAC, 0x77, 0xC6, 0xE3, 0x5D, 0x77, 0xC0, 0xA3,
+        0x2B, 0x1D, 0x96, 0x29, 0xF8, 0x8E, 0x70, 0xA7,
+        0x65, 0xFE, 0xE3, 0x8C, 0x1A, 0xB2, 0x39, 0x75,
+        0xB9, 0x45, 0xF2, 0x16, 0x1F, 0x6C, 0xFE, 0x7E,
+        0x68, 0x2A, 0xED, 0x96, 0x84, 0x95, 0x47, 0x05,
+        0x1D, 0xDE, 0xB7, 0x7B, 0x90, 0xF6, 0xAF, 0x00,
+        0x74, 0x7C, 0x47, 0xE0, 0x2E, 0x80, 0xB6, 0x9A,
+        0x0D, 0x4B, 0x78, 0xA4, 0x7D, 0xDD, 0x81, 0xE2,
+        0x99, 0x27, 0x1F, 0xA7, 0x8F, 0xE4, 0x23, 0xAD,
+        0xDF, 0x12, 0x0D, 0xD0, 0x4D, 0x46, 0xC1, 0x32,
+        0xE9, 0x70, 0xF4, 0xA0, 0x4E, 0x97, 0xA5, 0x88,
+        0xD2, 0x7C, 0x7B, 0xA8, 0x43, 0x26, 0x18, 0x2A,
+        0xAE, 0x04, 0xC2, 0x51, 0x28, 0x99, 0x71, 0x69,
+        0x1D, 0x96, 0x78, 0xD4, 0x09, 0x88, 0x16, 0x88,
+        0xF3, 0xBC, 0xCB, 0x95, 0x08, 0x30, 0xE6, 0x5B,
+        0x78, 0x48, 0x41, 0x00, 0x4E, 0x40, 0x44, 0x58,
+        0xE6, 0x16, 0x59, 0x63, 0xCF, 0xB4, 0xEE, 0xB5,
+        0x05, 0xFD, 0xD1, 0x35, 0xF3, 0x1E, 0xD0, 0x14,
+        0x7C, 0xC9, 0xE9, 0x87, 0x7F, 0xFF, 0x41, 0x07,
+        0x68, 0x91, 0x06, 0x17, 0x4E, 0x76, 0x66, 0xEE,
+        0xCB, 0x6C, 0xF2, 0xDA, 0x9C, 0x93, 0x51, 0xDC,
+        0x43, 0x4A, 0x94, 0x49, 0x38, 0x4E, 0xED, 0x7F,
+        0x5F, 0x90, 0x77, 0xB4, 0x2F, 0x0F, 0xC5, 0xD9,
+        0xF0, 0xF5, 0xF7, 0x21, 0x91, 0x32, 0xFF, 0x9A,
+        0x47, 0x09, 0x83, 0xE1, 0x9D, 0x30, 0xA4, 0xF3,
+        0x7D, 0x18, 0x97, 0x44, 0xD8, 0x32, 0xFD, 0x5F,
+        0xB3, 0x97, 0x49, 0x4E, 0x11, 0xAD, 0xF7, 0x4F,
+        0x4E, 0x90, 0x0A, 0x41, 0x87, 0xCF, 0xF5, 0xDA,
+        0x8F, 0x6D, 0x7B, 0x35, 0xAE, 0xA0, 0x16, 0xA8,
+        0xDE, 0x88, 0x62, 0x26, 0x5F, 0x13, 0x69, 0xFB,
+        0x36, 0x7E, 0xF1, 0x86, 0x0C, 0x8E, 0x07, 0xC3,
+        0x3F, 0x32, 0x82, 0xB4, 0xD9, 0x83, 0x7C, 0xDF,
+        0x3E, 0xF6, 0x58, 0x42, 0x2D, 0x34, 0xDE, 0xA4,
+        0x1E, 0x56, 0xDD, 0x18, 0x70, 0x36, 0x81, 0xD0,
+        0x44, 0xE3, 0xC4, 0x03, 0xAF, 0x33, 0xD1, 0xE7,
+        0xAF, 0xA9, 0x6A, 0x8C, 0x44, 0x35, 0xFE, 0xBB,
+        0xA0, 0xD2, 0x5D, 0xE0, 0xE4, 0xAE, 0xDF, 0xFB,
+        0x82, 0xA0, 0xBA, 0xDE, 0x76, 0xB6, 0x6C, 0xA9,
+        0xBE, 0xC7, 0xE9, 0xD7, 0x3F, 0x1C, 0xB2, 0x9C,
+        0xD7, 0x3C, 0xF0, 0x0C, 0x2F, 0x60, 0x44, 0xD8,
+        0x34, 0x53, 0xCE, 0xDD, 0xE0, 0x3F, 0x97, 0x2E,
+        0xBB, 0x03, 0x20, 0x62, 0xD0, 0xA8, 0x23, 0x9F,
+        0xB6, 0x99, 0xEC, 0x89, 0x0D, 0x32, 0x0F, 0x6F,
+        0xAF, 0x3D, 0x20, 0x7B, 0xDC, 0x9A, 0xFE, 0xA2,
+        0x02, 0x8B, 0x86, 0x99, 0x56, 0x23, 0x43, 0xAA,
+        0x50, 0xF7, 0x0A, 0x4E, 0x8C, 0x62, 0xDA, 0xF8,
+        0xB8, 0xCC, 0xA7, 0x2D, 0x02, 0x47, 0x63, 0xBA,
+        0xEC, 0x25, 0x00, 0x23, 0xEA, 0xE8, 0x25, 0xC6,
+        0x51, 0xAC, 0xC4, 0xAA, 0xA0, 0xDB, 0x6C, 0x5E,
+        0xC7, 0xEF, 0xD0, 0x71, 0xED, 0xFB, 0x95, 0xAF,
+        0x61, 0x0B, 0x64, 0x01, 0x61, 0x4F, 0x4F, 0xC6,
+        0x36, 0x27, 0x75, 0xC3, 0x81, 0x0A, 0x9A, 0x21,
+        0x69, 0xF8, 0x4A, 0x21, 0x12, 0x3B, 0x03, 0x1C,
+        0xCE, 0x08, 0x7D, 0x52, 0x0E, 0x99, 0xE2, 0x62,
+        0xE8, 0x81, 0x2E, 0x84, 0x09, 0x8E, 0xBE, 0x9B,
+        0xCE, 0xD6, 0xE6, 0xA4, 0xF7, 0x3B, 0x67, 0x45,
+        0x41, 0xDE, 0x0B, 0xCF, 0x5E, 0x7E, 0x31, 0x8F,
+        0x90, 0x6D, 0x90, 0x1F, 0xEB, 0x1D, 0x9D, 0x1C,
+        0xCB, 0x6C, 0xFF, 0xE8, 0x50, 0xDB, 0xFF, 0x75,
+        0xC8, 0xA8, 0x9F, 0x43, 0xCB, 0x94, 0x89, 0x5F,
+        0x28, 0x69, 0x6F, 0xAB, 0xB6, 0xAD, 0xCE, 0xE7,
+        0x69, 0x7E, 0x60, 0x09, 0x03, 0x87, 0x43, 0x6E,
+        0x19, 0xB1, 0x38, 0x81, 0x9B, 0x90, 0xAE, 0xB1,
+        0x8A, 0xC2, 0x7D, 0x2C, 0x65, 0x9B, 0x0D, 0xF1,
+        0x77, 0x94, 0xA7, 0x2F, 0x8B, 0xB7, 0xCE, 0x03,
+        0xEE, 0x9A, 0x78, 0xFE, 0x8C, 0x8A, 0x37, 0x45,
+        0xD5, 0x05, 0xDE, 0xD8, 0x85, 0x00, 0xF4, 0xCF,
+        0x98, 0xFB, 0x62, 0x85, 0xB0, 0xBD, 0x82, 0xE2,
+        0x7D, 0xED, 0x93, 0x3B, 0xCC, 0x18, 0x73, 0xF8,
+        0x8A, 0xBD, 0x82, 0x8F, 0x60, 0x47, 0xAC, 0xEC,
+        0x47, 0x2D, 0xEA, 0xE8, 0x7D, 0x8A, 0xDE, 0x0A,
+        0xD0, 0x73, 0x48, 0xFF, 0xAF, 0x59, 0xC1, 0x70,
+        0x29, 0xD8, 0x45, 0x38, 0x77, 0x7F, 0x73, 0xBF,
+        0xED, 0x5C, 0x63, 0x63, 0x0B, 0xC4, 0x43, 0xE0,
+        0xFA, 0x12, 0xDE, 0x72, 0x2D, 0xAB, 0xBB, 0xC2,
+        0x25, 0x0A, 0xBA, 0x3F, 0xD8, 0x61, 0x54, 0xEE,
+        0x20, 0x8D, 0x53, 0xA3, 0x27, 0xA7, 0xFF, 0x26,
+        0xA0, 0x17, 0x93, 0x39, 0x4D, 0x04, 0x15, 0x8B,
+        0xB3, 0x20, 0x60, 0x04, 0x47, 0xE2, 0xFD, 0x7D,
+        0x7C, 0x6D, 0xE0, 0x76, 0xA5, 0x13, 0xD6, 0x81,
+        0x95, 0xB0, 0x67, 0x20, 0x4F, 0xF6, 0x00, 0x5B,
+        0x16, 0x25, 0x54, 0x2B, 0x28, 0x37, 0x2F, 0x06,
+        0x80, 0x60, 0x53, 0xAE, 0xE2, 0xEA, 0x9F, 0x88,
+        0xAE, 0xA2, 0x9A, 0x27, 0x02, 0x15, 0x4B, 0xF4,
+        0x43, 0xBC, 0x70, 0x7D, 0x0A, 0x96, 0xEB, 0x06,
+        0xCE, 0x43, 0xEF, 0xE6, 0x6A, 0xAC, 0x1F, 0x16,
+        0x95, 0xE2, 0x8C, 0xF1, 0x07, 0x19, 0x3D, 0x06,
+        0x2E, 0x71, 0xB6, 0x3A, 0xFD, 0xCF, 0x9E, 0x05,
+        0x0B, 0xBE, 0xD7, 0x48, 0x4E, 0xC5, 0xE8, 0x0C,
+        0x51, 0x5A, 0xC8, 0x20, 0xF0, 0xCD, 0xF9, 0x65,
+        0xDD, 0x97, 0xF7, 0xA1, 0x1B, 0x57, 0xB2, 0x1A,
+        0x04, 0xBF, 0x42, 0xF2, 0xA3, 0x3D, 0x61, 0x97,
+        0x64, 0xDF, 0xB3, 0x63, 0x11, 0xFD, 0xAD, 0x8C,
+        0x83, 0xA7, 0x48, 0xBA, 0x34, 0x42, 0xC5, 0x70,
+        0x64, 0x5A, 0x78, 0x5E, 0x67, 0x03, 0xE5, 0xBF,
+        0x22, 0xE8, 0x46, 0xFC, 0x51, 0x6C, 0xB4, 0x99,
+        0x15, 0xFD, 0x63, 0xB6, 0x3E, 0x5D, 0xBF, 0x56,
+        0xF5, 0x5E, 0xA4, 0x01, 0x16, 0xD5, 0x03, 0x4B,
+        0xBB, 0x94, 0x5F, 0x58, 0xD6, 0x76, 0x95, 0xC7,
+        0x96, 0xF1, 0xC1, 0xD0, 0x53, 0xA3, 0xEB, 0x28,
+        0xA9, 0x5E, 0x8F, 0x38, 0x8E, 0x80, 0x04, 0xC3,
+        0xB2, 0x4F, 0xD5, 0xFC, 0xCA, 0x7B, 0xB1, 0xE3,
+        0xB9, 0x9A, 0x9F, 0x3C, 0x94, 0x5E, 0xF8, 0xA5,
+        0x35, 0xF1, 0x37, 0x43, 0x20, 0x71, 0xA5, 0xCA,
+        0x5B, 0x6F, 0x7D, 0xC7, 0xB8, 0xBC, 0xE5, 0x5A,
+        0xD0, 0xF3, 0xB6, 0xCF, 0x1B, 0xCB, 0xB9, 0xCD,
+        0x35, 0xE2, 0x41, 0xF8, 0x6E, 0x46, 0x97, 0x27,
+        0x26, 0x48, 0xF4, 0x73, 0xDB, 0xD5, 0xB7, 0x68,
+        0x1E, 0xF0, 0xC7, 0x84, 0x49, 0xE6, 0xC5, 0xFA,
+        0x93, 0x0D, 0x83, 0x2C, 0x85, 0x1E, 0xED, 0x2A,
+        0x65, 0x12, 0x19, 0xD7, 0xD9, 0xC3, 0xBB, 0x23,
+        0xF3, 0xC6, 0xAD, 0x7E, 0xB7, 0x78, 0x68, 0x54,
+        0x1F, 0x3C, 0xEE, 0x09, 0xF5, 0x1E, 0xE0, 0x4E,
+        0xBA, 0x1B, 0xBC, 0x29, 0x69, 0x8A, 0xED, 0xD3,
+        0xC7, 0xAC, 0xEC, 0x44, 0x29, 0xD7, 0xA4, 0x0C,
+        0xFA, 0xBD, 0xA2, 0x29, 0x34, 0x80, 0x16, 0x4F,
+        0x37, 0xEC, 0xB6, 0x73, 0xF2, 0xB5, 0xD7, 0x51,
+        0x57, 0x43, 0xAF, 0x7E, 0xD0, 0xB6, 0xE0, 0x96,
+        0xF0, 0xE2, 0xFE, 0xCE, 0xC8, 0x9F, 0x40, 0xD6,
+        0xAF, 0xE0, 0xBF, 0xCD, 0x70, 0x37, 0x91, 0x69,
+        0x99, 0x8C, 0xDF, 0x4A, 0x20, 0xDE, 0xB6, 0xC6,
+        0x7A, 0xB4, 0xE3, 0x6A, 0xAD, 0x53, 0xED, 0xB9,
+        0x8A, 0x13, 0x61, 0xC5, 0xE9, 0xB0, 0xDC, 0x16,
+        0x36, 0xD7, 0x51, 0xA8, 0x7B, 0x52, 0x05, 0x3B,
+        0xAD, 0x5C, 0xD2, 0xBD, 0x6F, 0x6B, 0xA9, 0x51,
+        0xA7, 0xE8, 0x7E, 0xA4, 0xB6, 0x77, 0xAE, 0x00,
+        0x89, 0x3A, 0x1F, 0x76, 0x72, 0x3F, 0xC5, 0x6C,
+        0x49, 0x4F, 0xB5, 0xCA, 0x2F, 0x5D, 0xAE, 0xF8,
+        0x58, 0x9A, 0xE2, 0x5B, 0x54, 0x76, 0xF4, 0xAA,
+        0x89, 0xD4, 0x04, 0xAF, 0x1C, 0x26, 0x65, 0xEC,
+        0xA1, 0x81, 0x06, 0x2A, 0x4B, 0x5E, 0xD5, 0x90,
+        0xB8, 0x26, 0x33, 0x64, 0x15, 0x33, 0x25, 0xAC,
+        0x97, 0x9A, 0xCA, 0x1B, 0x64, 0x50, 0x82, 0x8F,
+        0x65, 0x6A, 0xD4, 0x47, 0xCF, 0x7E, 0x93, 0x7D,
+        0xB3, 0xCB, 0xFE, 0x55, 0x0A, 0x46, 0x93, 0x22,
+        0xB5, 0x46, 0xAB, 0xD6, 0x05, 0x59, 0x14, 0x5E,
+        0x1B, 0xD4, 0x2D, 0xAF, 0xA3, 0x18, 0xB7, 0xA0,
+        0xD7, 0x11, 0x70, 0xDE, 0x81, 0x8B, 0xD6, 0x64,
+        0xFD, 0x38, 0xBD, 0x29, 0x92, 0x41, 0x80, 0xC4,
+        0x4A, 0x6D, 0x34, 0x1B, 0xF0, 0x59, 0xA0, 0xD6,
+        0x48, 0x55, 0xD2, 0xA5, 0xE2, 0x91, 0xB6, 0x71,
+        0xF4, 0x90, 0x97, 0x8B, 0x0A, 0xDD, 0x90, 0xEA,
+        0x61, 0x9B, 0x30, 0xA6, 0x2F, 0x5D, 0xB4, 0xEE,
+        0x7A, 0x10, 0x40, 0x59, 0x89, 0xAC, 0x30, 0x6E,
+        0x9C, 0x7B, 0xBC, 0x11, 0x75, 0x38, 0x00, 0x2E,
+        0xDF, 0xED, 0x87, 0x47, 0x30, 0xFB, 0xD4, 0x8A,
+        0xC6, 0xBE, 0xC7, 0x20, 0xC8, 0x3D, 0x51, 0x05,
+        0x67, 0x48, 0xDE, 0xE2, 0xBF, 0x95, 0x5E, 0x7B,
+        0xD7, 0xC7, 0x86, 0xDF, 0x68, 0x57, 0xA9, 0x29,
+        0xBC, 0xF8, 0xE3, 0x81, 0x62, 0x1B, 0x37, 0x58,
+        0xF2, 0xFF, 0xEE, 0xE8, 0x28, 0x08, 0x36, 0x23,
+        0x5B, 0x24, 0x68, 0x1E, 0x62, 0xBD, 0x27, 0xC2,
+        0x6F, 0xE9, 0x63, 0x67, 0x53, 0xC7, 0x8A, 0xB5,
+        0xA7, 0xEF, 0x29, 0xFE, 0x60, 0xAC, 0x29, 0xCF,
+        0x67, 0x40, 0x9F, 0xE6, 0x57, 0xCE, 0x65, 0x3A,
+        0x2F, 0xDA, 0xA7, 0xF2, 0x0C, 0x50, 0x19, 0xE6,
+        0xF7, 0x43, 0x2E, 0x8C, 0xEB, 0x9E, 0x99, 0x92,
+        0xE6, 0x46, 0xB7, 0x8D, 0x43, 0x65, 0xFD, 0x02,
+        0x17, 0x74, 0x6F, 0x7B, 0xA3, 0x1E, 0x06, 0x9D,
+        0x75, 0x4E, 0x05, 0xED, 0x5A, 0x71, 0xFC, 0x5E,
+        0x7D, 0x6D, 0x64, 0x5E, 0xAF, 0x41, 0x44, 0xD6,
+        0xBC, 0x43, 0x05, 0x5E, 0x6C, 0xDB, 0x89, 0x34,
+        0xC7, 0x02, 0x64, 0x08, 0xAE, 0x96, 0x53, 0x5B,
+        0xA2, 0xDE, 0xCD, 0x2F, 0x74, 0x56, 0xD6, 0xEC,
+        0xA4, 0x23, 0x68, 0xCD, 0x9A, 0xC5, 0x05, 0x7B,
+        0x7D, 0x1E, 0x12, 0xF7, 0x7A, 0xA8, 0x7C, 0x43,
+        0x7E, 0x7A, 0x43, 0x31, 0x5D, 0xA0, 0x81, 0xE5,
+        0x3A, 0xFE, 0x23, 0xB5, 0xBC, 0xC2, 0xF4, 0xCE,
+        0x3A, 0x80, 0x06, 0xE8, 0x1E, 0x08, 0xAF, 0x0A,
+        0x33, 0xC1, 0xA9, 0x30, 0x7C, 0x8D, 0x5A, 0xC5,
+        0x93, 0x89, 0xF2, 0x69, 0x24, 0x11, 0x6C, 0xAB,
+        0x0B, 0x87, 0xD5, 0x49, 0xD0, 0x38, 0x3C, 0x27,
+        0x4E, 0x8E, 0x85, 0xD4, 0x6E, 0x0F, 0xCD, 0x70,
+        0xE3, 0x68, 0x42, 0xCA, 0x4C, 0x8D, 0x6D, 0x0F,
+        0x48, 0xF3, 0xED, 0xF9, 0xE9, 0x43, 0x5D, 0xBF,
+        0x55, 0x75, 0xF8, 0xEB, 0x78, 0x93, 0x72, 0x75,
+        0x8B, 0xF5, 0xBD, 0xE9, 0x9D, 0xA2, 0xB9, 0x81,
+        0x83, 0xDB, 0xAC, 0x82, 0xD1, 0xC1, 0x20, 0x03,
+        0x72, 0x4D, 0xDC, 0x42, 0xAE, 0xC8, 0x1C, 0x0C,
+        0x78, 0x22, 0x77, 0x27, 0x91, 0x50, 0x4C, 0x90,
+        0xEA, 0x13, 0x8B, 0x6C, 0x91, 0xDF, 0x5D, 0x25,
+        0x36, 0x9C, 0xC2, 0x06, 0x4F, 0xD5, 0xE2, 0xCC,
+        0x9D, 0x89, 0x3B, 0xC4, 0x23, 0x5D, 0x88, 0x17,
+        0x62, 0x4E, 0xC9, 0xFA, 0xC8, 0xEF, 0x1D, 0x45,
+        0xE1, 0xFB, 0x58, 0xB3, 0x8E, 0xBD, 0x8D, 0xAE,
+        0x12, 0xFF, 0xA0, 0x37, 0xE0, 0x7F, 0x5B, 0x41,
+        0x1D, 0x40, 0x17, 0xAF, 0x95, 0x2D, 0x8C, 0x42,
+        0xC6, 0x1A, 0x2A, 0x1E, 0x8E, 0x70, 0x25, 0xD6,
+        0xD3, 0xA2, 0x85, 0xAA, 0x17, 0xFF, 0x0D, 0xB4,
+        0x39, 0xD0, 0xF2, 0xAF, 0xA0, 0x4F, 0x31, 0x8D,
+        0x6D, 0x57, 0x6A, 0xED, 0xC6, 0xF1, 0xE7, 0x67,
+        0xA6, 0x6F, 0xB3, 0x9B, 0x72, 0xC6, 0x7F, 0x05,
+        0xAF, 0x40, 0x87, 0x12, 0x0D, 0xC8, 0x98, 0x88,
+        0x2D, 0xDE, 0xA1, 0x7C, 0x95, 0x32, 0xB2, 0x7A,
+        0xB5, 0x9D, 0xE4, 0x0D, 0x75, 0xD4, 0x17, 0x5B,
+        0xB4, 0x92, 0x73, 0xAF, 0x87, 0x3A, 0x92, 0xDA,
+        0x4D, 0x87, 0xE2, 0x53, 0xCA, 0xE7, 0x2A, 0x52,
+        0x64, 0xE0, 0xC1, 0xDE, 0x4C, 0x9C, 0xF9, 0x1A,
+        0x1F, 0x3A, 0xD6, 0x05, 0xA0, 0xCC, 0x8D, 0x91,
+        0x93, 0x51, 0xF9, 0x37, 0x1A, 0xFC, 0x68, 0xEF,
+        0xBC, 0xED, 0x19, 0x8E, 0x4C, 0xD1, 0xB5, 0x8C,
+        0xA2, 0x85, 0xDA, 0x02, 0x65, 0xAB, 0xAC, 0xAE,
+        0xCA, 0x8E, 0xAC, 0xF0, 0x2A, 0x4F, 0xC7, 0x67,
+        0x16, 0x2E, 0x24, 0x7F, 0x73, 0xCD, 0xD7, 0x3E,
+        0xE3, 0x27, 0x8A, 0xF9, 0x4A, 0xC4, 0xA8, 0xCB,
+        0x2B, 0x01, 0x55, 0x68, 0x34, 0xA3, 0xC0, 0xB8,
+        0xD0, 0x6D, 0x05, 0xF2, 0x3B, 0x4C, 0x17, 0x47,
+        0xE7, 0x64, 0x53, 0xF4, 0x9D, 0xE0, 0x8D, 0xF8,
+        0xEE, 0x0E, 0xA6, 0x25, 0x64, 0x7D, 0x1B, 0xD0,
+        0x80, 0xE7, 0x3C, 0x41, 0x97, 0xAE, 0xCB, 0x6A,
+        0x23, 0xC2, 0x5F, 0x00, 0xC6, 0xC5, 0x4C, 0x8A,
+        0x4C, 0xEF, 0x76, 0x65, 0x95, 0x28, 0xB3, 0x67,
+        0x42, 0xEC, 0x17, 0xFF, 0x0E, 0xE3, 0x7B, 0x30,
+        0x6D, 0xCC, 0xB8, 0x87, 0xD6, 0x63, 0x36, 0x5D,
+        0xC9, 0xE8, 0x1D, 0x51, 0x47, 0xCF, 0xE5, 0x05,
+        0x0D, 0xB4, 0x09, 0xDF, 0xAD, 0x88, 0x9C, 0x38,
+        0x6F, 0x12, 0xA5, 0xCD, 0x0C, 0x95, 0x53, 0x41,
+        0x13, 0xA6, 0xD0, 0xAB, 0xCB, 0x5A, 0x3F, 0x56,
+        0xCE, 0x23, 0xEE, 0x32, 0x61, 0x22, 0x79, 0xE8,
+        0xBA, 0x23, 0x94, 0x61, 0x25, 0x8E, 0xD6, 0x3E,
+        0x78, 0x83, 0xE1, 0x15, 0xBA, 0x05, 0x81, 0xB8,
+        0x1A, 0x7F, 0x73, 0xC1, 0xB7, 0x9F, 0x29, 0xA1,
+        0x16, 0x2E, 0x6E, 0x84, 0xC7, 0x15, 0xBC, 0x50,
+        0x28, 0x5F, 0xD3, 0x8D, 0x4D, 0x6D, 0xC0, 0x87,
+        0x68, 0x88, 0x4B, 0xF4, 0xFB, 0x55, 0x85, 0x3D,
+        0xA7, 0xB5, 0x47, 0x1E, 0x73, 0xA1, 0x47, 0x8D,
+        0xB1, 0xE1, 0xCF, 0xE6, 0x15, 0x3E, 0xC6, 0xC3,
+        0x78, 0xDD, 0x6A, 0x3F, 0x42, 0x29, 0x6E, 0x61,
+        0x9D, 0xE7, 0x63, 0xFF, 0x2D, 0xDB, 0x83, 0xE5,
+        0x15, 0x84, 0xC2, 0x8D, 0xD8, 0x34, 0x2E, 0x92,
+        0x9E, 0x15, 0xB7, 0xBB, 0xCF, 0x5D, 0x6E, 0xCB,
+        0x87, 0x79, 0xCF, 0x7F, 0x3A, 0x9A, 0xC1, 0x6A,
+        0x43, 0x1F, 0x52, 0xA2, 0x34, 0xE6, 0xA3, 0x69,
+        0x9D, 0x9E, 0x44, 0x84, 0x0A, 0x4D, 0x3D, 0x48,
+        0x5D, 0xA5, 0xD9, 0x03, 0x94, 0xB1, 0x81, 0xEF,
+        0x89, 0x98, 0xE6, 0xD1, 0x44, 0x21, 0x83, 0x59,
+        0x09, 0xCD, 0xDB, 0x16, 0x7C, 0x8C, 0x38, 0x78,
+        0x19, 0x4B, 0x6D, 0x51, 0x4D, 0xF8, 0x63, 0x6D,
+        0x4A, 0x14, 0xA1, 0xBE, 0xF3, 0xCA, 0x38, 0x1E,
+        0x36, 0xCF, 0x2E, 0x6D, 0x5F, 0xBC, 0xB4, 0x0A,
+        0xF0, 0x91, 0x7D, 0x6D, 0xBB, 0x87, 0x5C, 0xFF,
+        0x64, 0xCD, 0xCE, 0xCC, 0xCF, 0xB8, 0xBF, 0xB8,
+        0x05, 0x45, 0x8D, 0xF8, 0x2C, 0x74, 0xEB, 0x86,
+        0x3A, 0x96, 0x9E, 0xD9, 0x8B, 0x9C, 0x46, 0xE7,
+        0x17, 0x3C, 0x09, 0x0D, 0xB0, 0x68, 0xB2, 0xD8,
+        0x0C, 0xCE, 0x32, 0xDE, 0x51, 0x72, 0xB5, 0xD4,
+        0xA8, 0xB9, 0x09, 0xA5, 0xA4, 0xCC, 0x47, 0xFA,
+        0x9F, 0x2E, 0xD6, 0x6E, 0x60, 0x69, 0xCD, 0x96,
+        0xAB, 0x1F, 0x3E, 0x84, 0x8C, 0x68, 0x72, 0x0F,
+        0xEA, 0x32, 0xC5, 0x73, 0x6E, 0x8A, 0xB5, 0x10,
+        0x05, 0xFE, 0x42, 0x58, 0x33, 0xF2, 0x07, 0x56,
+        0xC1, 0x96, 0x76, 0x23, 0x77, 0x9D, 0x0A, 0xD2,
+        0x42, 0xA1, 0x69, 0x06, 0x83, 0xBA, 0xD2, 0xEB,
+        0x12, 0x3D, 0x97, 0xAB, 0x23, 0x08, 0x90, 0x15,
+        0x51, 0x4D, 0x0C, 0x6A, 0x3B, 0x0F, 0x37, 0x15,
+        0x25, 0xC2, 0x3E, 0x5F, 0x53, 0x84, 0x4C, 0x81,
+        0xDD, 0xE8, 0x7C, 0xFE, 0x9F, 0x06, 0x5E, 0x11,
+        0x68, 0x7D, 0x68, 0x6B, 0x07, 0x2C, 0x19, 0x00,
+        0xF5, 0xC9, 0xA7, 0xC3, 0x1F, 0xE8, 0xBA, 0xBE,
+        0x9F, 0x09, 0x0C, 0xE2, 0xCB, 0x3B, 0x68, 0x7B,
+        0xA8, 0x9E, 0xD8, 0x3C, 0x08, 0x85, 0xDF, 0xF9,
+        0x11, 0x2B, 0x52, 0xF6, 0xCE, 0xD7, 0x1E, 0x32,
+        0xA4, 0x0A, 0x9A, 0xBC, 0xFF, 0xF4, 0x20, 0xB6,
+        0x24, 0x85, 0x84, 0x7F, 0xFF, 0x70, 0x3C, 0xBB,
+        0x74, 0x36, 0x42, 0x25, 0x5F, 0xBD, 0x0A, 0x90,
+        0x86, 0xA7, 0xB8, 0x3F, 0x9E, 0xDF, 0x43, 0x24,
+        0x88, 0x0C, 0x52, 0x08, 0xF7, 0xDC, 0xB1, 0xEA,
+        0xC3, 0x38, 0xF9, 0x13, 0x16, 0x65, 0xA0, 0xCA,
+        0x6B, 0xF0, 0xD6, 0x12, 0xFB, 0xA6, 0x3F, 0xF7,
+        0x13, 0x91, 0x99, 0xB1, 0xDE, 0xE4, 0xEE, 0x1E,
+        0x98, 0x9B, 0xE4, 0xA0, 0x3A, 0xA8, 0xAC, 0x4A,
+        0x48, 0x3E, 0xCB, 0x9E, 0xB4, 0x1D, 0x22, 0x1F,
+        0x59, 0x97, 0x24, 0x8C, 0xFE, 0xDC, 0xBF, 0x6C,
+        0xAD, 0x8D, 0xB0, 0xA3, 0x27, 0xFA, 0x28, 0x8F,
+        0xD6, 0xAE, 0x31, 0x39, 0x84, 0xFA, 0x61, 0x8F,
+        0x7D, 0xD4, 0xEE, 0xBB, 0x13, 0xED, 0x85, 0xC4,
+        0x35, 0xC0, 0xAB, 0x07, 0x73, 0xC5, 0xCD, 0xCA,
+        0xD4, 0x69, 0x9B, 0x9C, 0x38, 0x2A, 0x1F, 0x37,
+        0xF9, 0xDF, 0x8C, 0x3A, 0xE1, 0x57, 0xDF, 0x05,
+        0x9F, 0x97, 0x51, 0xCC, 0xA6, 0x93, 0xD5, 0x49,
+        0x2A, 0xE9, 0xCD, 0x46, 0x31, 0x22, 0x6E, 0x62,
+        0xE8, 0x13, 0x90, 0x64, 0xFF, 0x00, 0x27, 0xCF,
+        0xA1, 0x95, 0x4E, 0xE9, 0x36, 0xAF, 0xAD, 0x02,
+        0x06, 0xDD, 0x2A, 0xE2, 0x28, 0xB6, 0xDD, 0x65,
+        0xCD, 0x9A, 0x9D, 0x5F, 0xF9, 0xC0, 0xCC, 0x48,
+        0xC8, 0xC2, 0xE9, 0x8F, 0x5A, 0xE6, 0xE2, 0xC9,
+        0x79, 0x7A, 0x83, 0x84, 0xF8, 0xA3, 0xE3, 0xC7,
+        0x48, 0xC7, 0x06, 0xFE, 0x6A, 0x36, 0x25, 0xD2,
+        0xA2, 0xEB, 0x4A, 0xE2, 0xCA, 0xA0, 0x49, 0x24,
+        0x1A, 0x47, 0x8C, 0x1A, 0x77, 0xF5, 0xC9, 0x0D,
+        0xDC, 0x94, 0x18, 0x4D, 0x89, 0x80, 0x50, 0x18,
+        0x7D, 0x67, 0x00, 0x43, 0xE4, 0xE7, 0x8F, 0x54,
+        0xDC, 0x60, 0x84, 0x24, 0xF3, 0xBF, 0x5E, 0x92,
+        0xC7, 0x0C, 0x05, 0x49, 0xBB, 0x61, 0x2F, 0x48,
+        0x0A, 0xEB, 0xE5, 0xFA, 0x8B, 0x01, 0x33, 0x27,
+        0x10, 0x3E, 0xA1, 0x28, 0x33, 0x11, 0x30, 0x1F,
+        0x91, 0x47, 0x7B, 0xA6, 0x3E, 0xD4, 0xF9, 0xC2,
+        0x8F, 0xA3, 0x4E, 0xBC, 0xA7, 0x61, 0x56, 0x1F,
+        0x90, 0x33, 0x54, 0x15, 0x06, 0x21, 0x9C, 0x57,
+        0x07, 0xC2, 0xF8, 0xED, 0x81, 0xED, 0x36, 0x15,
+        0xC8, 0xAC, 0xAB, 0x12, 0x80, 0xBF, 0x7C, 0x5E,
+        0x00, 0xEC, 0x1B, 0x27, 0x58, 0x3A, 0xE9, 0x09,
+        0x2B, 0x23, 0x16, 0x69, 0x26, 0xF9, 0xCC, 0x3C,
+        0x5A, 0xFB, 0x66, 0xBA, 0x32, 0xF9, 0xAF, 0xAB,
+        0xCB, 0xA7, 0xF7, 0x91, 0x6A, 0x82, 0x42, 0xA7,
+        0x9D, 0x7B, 0x0E, 0xD3, 0x5D, 0xF6, 0x52, 0x6D,
+        0x7D, 0x2B, 0xE6, 0x30, 0x99, 0x01, 0xBD, 0xC0,
+        0x3D, 0x15, 0x95, 0xC2, 0x67, 0x19, 0xD9, 0x0F,
+        0xC0, 0x79, 0x1E, 0xAB, 0xA7, 0x67, 0x35, 0x12,
+        0x53, 0xB0, 0x6A, 0xE4, 0xB9, 0x0A, 0x52, 0xEF,
+        0xBD, 0xCD, 0xD4, 0x0C, 0x09, 0x6F, 0x24, 0xE9,
+        0x52, 0x9F, 0xF8, 0x9F, 0x95, 0x95, 0x57, 0x07,
+        0x5F, 0xC8, 0xDD, 0xAF, 0xE6, 0x10, 0x3A, 0x51,
+        0x38, 0xF0, 0x9F, 0xBD, 0xEB, 0x0F, 0x5F, 0x36,
+        0xB5, 0x2A, 0x57, 0xBE, 0x21, 0x39, 0xD8, 0x9D,
+        0x29, 0x04, 0xBC, 0xE2, 0xB8, 0x6D, 0x03, 0xF2,
+        0x6D, 0x56, 0xF4, 0x18, 0x40, 0x07, 0x1A, 0x15,
+        0x8B, 0xF5, 0x46, 0xE1, 0x0C, 0x4D, 0xED, 0x0E,
+        0x81, 0xB0, 0x0D, 0x98, 0x88, 0xC5, 0x5D, 0x53,
+        0xE1, 0x1D, 0xB7, 0x00, 0x26, 0xC6, 0x46, 0x7E,
+        0xD2, 0xAB, 0x0B, 0xD9, 0x1E, 0xE0, 0xE7, 0xC3,
+        0xC3, 0xE0, 0x83, 0x7F, 0x8C, 0xB9, 0xBA, 0xE0,
+        0x04, 0xE2, 0xA8, 0xFF, 0xEC, 0xD5, 0x9E, 0x79,
+        0x2F, 0x13, 0xF9, 0x27, 0xCA, 0xDD, 0xF5, 0x0F,
+        0x74, 0xD2, 0x9B, 0xC6, 0x2E, 0xF2, 0xF0, 0x2A,
+        0xB0, 0xF9, 0x6E, 0x27, 0x3E, 0x8D, 0x66, 0xDB,
+        0x44, 0x82, 0xDD, 0x1B, 0xD5, 0xBB, 0x51, 0x6E,
+        0x72, 0x3A, 0xCB, 0x0F, 0x0B, 0x97, 0xBC, 0x32,
+        0x07, 0xC1, 0x0C, 0xF3, 0x94, 0xFF, 0x62, 0xE2,
+        0xFD, 0x7D, 0xBB, 0x3D, 0x43, 0x11, 0xB3, 0xFA,
+        0x22, 0x05, 0xBF, 0x87, 0x0F, 0xFD, 0xD1, 0x81,
+        0xC6, 0x30, 0xC6, 0x91, 0xD4, 0xEE, 0xA8, 0x6B,
+        0x37, 0xB2, 0x38, 0xF1, 0x87, 0x89, 0xE0, 0x04,
+        0x09, 0xED, 0x18, 0xA6, 0x3C, 0x18, 0x9E, 0x38,
+        0xCB, 0x9F, 0xFE, 0xB3, 0x03, 0xF4, 0xE4, 0x3F,
+        0xB3, 0x94, 0x7C, 0x74, 0x03, 0x6C, 0xCF, 0x16,
+        0x24, 0xF8, 0x56, 0xE2, 0x4A, 0x7E, 0x9A, 0x21,
+        0xB8, 0xC2, 0x7C, 0xF4, 0x3D, 0x85, 0x15, 0x43,
+        0xA5, 0xCA, 0xFD, 0xA3, 0x05, 0xCC, 0x63, 0x8D,
+        0x94, 0x82, 0x70
+    };
+    static const byte rnd_87[] = {
+        0x16, 0xB8, 0x2B, 0x9B, 0x0A, 0x90, 0x5B, 0xB3,
+        0xD8, 0x7B, 0x4A, 0x1E, 0x40, 0xAE, 0xAD, 0x3C,
+        0xDE, 0x63, 0xB2, 0x2C, 0xB7, 0x16, 0xBD, 0x46,
+        0x7A, 0x7B, 0xE8, 0x4A, 0xF1, 0x9B, 0x7C, 0xFE
+    };
+    static const byte sig_87[] = {
+        0xE5, 0x5D, 0x62, 0x56, 0x92, 0x73, 0x72, 0x13,
+        0xDD, 0x3D, 0x7F, 0x51, 0x42, 0xF3, 0xAA, 0x33,
+        0x87, 0x12, 0x2F, 0x20, 0xC9, 0x50, 0x93, 0x0A,
+        0x7E, 0x7C, 0xCC, 0x0C, 0x6D, 0x21, 0xB9, 0x5D,
+        0x62, 0x47, 0xD5, 0xFB, 0x3A, 0xCC, 0xBC, 0xB8,
+        0xA1, 0x5A, 0xDF, 0x97, 0x58, 0xBA, 0x7E, 0x40,
+        0x9A, 0x76, 0xD0, 0x1C, 0xBF, 0x0F, 0x14, 0xC3,
+        0x23, 0x3B, 0x21, 0xB0, 0x5D, 0x11, 0x3B, 0x1F,
+        0x70, 0xCB, 0x21, 0x78, 0x51, 0x68, 0xE2, 0x3A,
+        0x29, 0x4A, 0x0D, 0xD0, 0x32, 0x50, 0xDC, 0xBB,
+        0xD1, 0xCF, 0x80, 0x19, 0x7A, 0xC7, 0xFC, 0x37,
+        0x2D, 0x5A, 0x5A, 0xDF, 0x3E, 0x7E, 0x89, 0x2D,
+        0xC6, 0x0E, 0x75, 0x9A, 0xBB, 0xDF, 0x69, 0x82,
+        0x28, 0xB6, 0xD0, 0xF3, 0xF4, 0xCB, 0x4F, 0xD5,
+        0xDC, 0x5D, 0xFE, 0x8D, 0x01, 0xB4, 0x93, 0x9F,
+        0x89, 0x53, 0x18, 0x74, 0x29, 0x20, 0x36, 0xBF,
+        0x34, 0xCA, 0x71, 0x2B, 0x01, 0x14, 0xFB, 0x66,
+        0x94, 0x28, 0x81, 0xF1, 0xF1, 0x7E, 0x80, 0xB6,
+        0x4E, 0x0E, 0x9E, 0x9E, 0x60, 0xD7, 0x6A, 0xFB,
+        0x59, 0xC7, 0x96, 0x9F, 0xB4, 0x9C, 0x98, 0x72,
+        0x06, 0xC1, 0x6C, 0xAA, 0x8E, 0xC7, 0x48, 0xE6,
+        0xC3, 0xAD, 0x8B, 0x4E, 0xF7, 0x81, 0x92, 0x74,
+        0xC0, 0x5A, 0x2B, 0x54, 0x8D, 0x47, 0x15, 0xAC,
+        0xED, 0x45, 0x69, 0xD0, 0x7C, 0x28, 0x80, 0x18,
+        0xA3, 0x9F, 0xB7, 0x14, 0xC6, 0x51, 0xF9, 0x02,
+        0x70, 0x98, 0xD9, 0xC1, 0x09, 0xC0, 0xD7, 0xCE,
+        0x8B, 0x81, 0x7B, 0x30, 0x99, 0x4C, 0x85, 0x1C,
+        0xFA, 0xAE, 0xBF, 0x05, 0x95, 0xBB, 0x6E, 0x01,
+        0xE4, 0xFC, 0xE7, 0x11, 0x16, 0x90, 0x28, 0xC3,
+        0xC4, 0x36, 0x9F, 0x11, 0xCD, 0xEB, 0xEB, 0x71,
+        0x15, 0x08, 0x1D, 0x43, 0x2B, 0x12, 0xA6, 0x4E,
+        0xB6, 0xF9, 0x35, 0xE4, 0x37, 0x0D, 0xF7, 0x49,
+        0xDF, 0x73, 0x4D, 0xE3, 0x57, 0x33, 0x96, 0x7B,
+        0x72, 0x45, 0x2F, 0x92, 0x70, 0xBB, 0x6F, 0xCD,
+        0x90, 0x82, 0x67, 0xBB, 0x31, 0x9D, 0x9E, 0x38,
+        0x75, 0xCD, 0x5B, 0x55, 0x10, 0x6B, 0xFC, 0x00,
+        0x15, 0xC8, 0xCB, 0xFC, 0xE1, 0x18, 0x41, 0xE8,
+        0x6E, 0x92, 0xEC, 0x1A, 0x26, 0x88, 0x6C, 0xF6,
+        0x2A, 0x5C, 0x05, 0x94, 0xD7, 0xB8, 0xD0, 0x78,
+        0x52, 0x68, 0x8D, 0xC5, 0xBD, 0xD6, 0x29, 0xF8,
+        0x21, 0xDF, 0xB3, 0x28, 0x43, 0x74, 0xC7, 0x0E,
+        0x99, 0xD3, 0x0C, 0xDE, 0xE9, 0x06, 0x44, 0xCD,
+        0x77, 0x13, 0x34, 0x82, 0xBA, 0x36, 0x20, 0x71,
+        0x02, 0xB1, 0x6E, 0xBA, 0xCF, 0x9F, 0x15, 0x36,
+        0xC8, 0xF1, 0x4E, 0x36, 0x30, 0x34, 0x2D, 0x23,
+        0x6C, 0x77, 0xEC, 0xCA, 0xBA, 0x7C, 0x17, 0x4F,
+        0x3F, 0x22, 0x4A, 0x34, 0xA1, 0x5C, 0xB3, 0x8F,
+        0xD8, 0x48, 0xD5, 0x8A, 0x2C, 0x8B, 0x1B, 0xFB,
+        0x87, 0xDA, 0xBC, 0xB6, 0xD9, 0x59, 0xD6, 0x9B,
+        0xF0, 0x6E, 0x8D, 0xB1, 0x52, 0xE1, 0x8A, 0x36,
+        0x31, 0xA7, 0x83, 0xCE, 0xDF, 0x36, 0xEB, 0xBE,
+        0xEA, 0xC3, 0xC6, 0xA6, 0x52, 0x2D, 0x89, 0x0B,
+        0xF9, 0x5B, 0x1D, 0x14, 0xA9, 0xBF, 0x37, 0x31,
+        0xE0, 0x1C, 0xF5, 0x29, 0x95, 0xF0, 0xC0, 0x08,
+        0xE8, 0x97, 0xEE, 0x53, 0x27, 0x85, 0x81, 0x7D,
+        0x47, 0xE5, 0xAC, 0xC5, 0x1B, 0x48, 0xA5, 0x36,
+        0x1E, 0x8A, 0xD7, 0xF5, 0xC9, 0x93, 0x74, 0xCE,
+        0x06, 0xEA, 0xC3, 0x26, 0x45, 0xFF, 0xED, 0x39,
+        0xC1, 0x0B, 0x7A, 0x59, 0x3C, 0x0F, 0xEE, 0x89,
+        0xEF, 0xA4, 0xEC, 0xD0, 0x72, 0x34, 0x95, 0xC9,
+        0xC4, 0x78, 0x47, 0xB6, 0xB7, 0xCE, 0xA4, 0xD9,
+        0xA1, 0xB6, 0x37, 0xC1, 0xF1, 0xFB, 0x4E, 0x4C,
+        0x38, 0xB0, 0x4A, 0xE5, 0x13, 0x63, 0xDC, 0x44,
+        0xC4, 0x7E, 0x86, 0x9C, 0xAD, 0x69, 0x29, 0xFD,
+        0xA1, 0xFE, 0xAD, 0x3B, 0x59, 0x24, 0x2F, 0x70,
+        0xAE, 0x5F, 0x2C, 0x00, 0xFE, 0x01, 0x09, 0xA3,
+        0x10, 0x87, 0xF0, 0xAD, 0xFA, 0x9B, 0x83, 0x8F,
+        0x48, 0x96, 0x8B, 0x9A, 0x35, 0xE7, 0x4D, 0xAA,
+        0xEC, 0xA4, 0xCD, 0x26, 0x7C, 0x3E, 0xAC, 0x93,
+        0x26, 0x9D, 0x6B, 0x83, 0x34, 0xC4, 0x71, 0xE1,
+        0xC8, 0x93, 0x88, 0x09, 0xAF, 0x00, 0xB5, 0x7F,
+        0xD9, 0x5A, 0x8E, 0x36, 0xC1, 0x2E, 0x7E, 0xF1,
+        0x0C, 0xC5, 0x2A, 0xB3, 0xE4, 0x48, 0xDF, 0xFB,
+        0xFF, 0x99, 0xC9, 0x66, 0xD2, 0x28, 0x46, 0x7C,
+        0x43, 0x39, 0x96, 0x69, 0x95, 0x42, 0xAC, 0xE0,
+        0xC2, 0x0C, 0x65, 0x99, 0xC8, 0xB0, 0xAE, 0x76,
+        0xE8, 0x18, 0x3E, 0xA9, 0x1D, 0x44, 0x81, 0x14,
+        0x65, 0xF7, 0xDF, 0xD1, 0xD1, 0x7B, 0x7C, 0x28,
+        0xE0, 0x77, 0x9D, 0x79, 0x9C, 0xE4, 0x1A, 0xF1,
+        0xD0, 0xFF, 0x8E, 0xEA, 0x58, 0x84, 0xB3, 0x47,
+        0xBC, 0xA1, 0x47, 0x48, 0xB7, 0xC3, 0xD5, 0xD1,
+        0xF3, 0xDD, 0xA6, 0x3B, 0x15, 0x4C, 0xB3, 0xB5,
+        0xFD, 0x52, 0x9D, 0x7E, 0xF0, 0xC7, 0x40, 0x2C,
+        0x34, 0xBC, 0xCF, 0x1C, 0x67, 0x30, 0xC0, 0x4D,
+        0xA1, 0xC7, 0x5E, 0xAD, 0xAF, 0xCD, 0xFA, 0x21,
+        0xE4, 0xB5, 0x33, 0x8B, 0x37, 0x2D, 0xCF, 0x4D,
+        0x07, 0x48, 0x61, 0xB0, 0xB6, 0x8B, 0x27, 0x05,
+        0xA0, 0x8C, 0x71, 0x95, 0x84, 0x02, 0xB2, 0x1E,
+        0x59, 0xBC, 0xB6, 0xE2, 0x2C, 0x3C, 0x20, 0x4C,
+        0xDE, 0x1E, 0x35, 0x24, 0xC1, 0x5B, 0x3C, 0xB4,
+        0x2A, 0x8C, 0xA7, 0x2D, 0xE3, 0xDC, 0x45, 0x26,
+        0x6E, 0x29, 0x52, 0x5D, 0x24, 0x8A, 0xC2, 0x16,
+        0x73, 0xDB, 0x80, 0xF2, 0x91, 0xEC, 0x05, 0x3E,
+        0x2E, 0x9E, 0x39, 0x12, 0x5E, 0x11, 0x80, 0x24,
+        0xF5, 0xFC, 0x86, 0x4C, 0xD9, 0xF9, 0x70, 0x59,
+        0xC8, 0xC8, 0x57, 0x5D, 0x0F, 0x68, 0x75, 0x3C,
+        0x7A, 0x3D, 0x1B, 0xF7, 0xD0, 0xDF, 0xE2, 0xF9,
+        0xBD, 0x44, 0xFD, 0x21, 0x75, 0x86, 0x77, 0x25,
+        0xAF, 0xD3, 0x28, 0x55, 0x2A, 0x60, 0x7D, 0x79,
+        0x9C, 0x72, 0x2F, 0x6E, 0xAB, 0x2F, 0x26, 0x44,
+        0x0C, 0xFF, 0x52, 0xBD, 0xA1, 0xA9, 0x07, 0xBD,
+        0x9D, 0x2A, 0x64, 0x2E, 0x0B, 0xA1, 0xB8, 0x78,
+        0xD3, 0xC4, 0x84, 0x9A, 0xE1, 0xDB, 0xB4, 0x4A,
+        0x4C, 0x45, 0x7A, 0x8E, 0xD5, 0xA3, 0x6B, 0x09,
+        0x8D, 0x72, 0x8E, 0x6D, 0x17, 0x34, 0xFF, 0xD6,
+        0xED, 0x24, 0x19, 0x7D, 0xC6, 0x2D, 0x5B, 0x82,
+        0x68, 0xAE, 0x25, 0x33, 0xBB, 0xCB, 0x7D, 0xFD,
+        0x00, 0x15, 0x83, 0xEA, 0xBB, 0xE7, 0x40, 0x3D,
+        0x80, 0xD5, 0x9E, 0x6C, 0xE0, 0x3C, 0x7E, 0x3E,
+        0x12, 0xC7, 0x36, 0x7E, 0x41, 0x84, 0xE8, 0xB4,
+        0x16, 0xCA, 0x4A, 0xB7, 0xEB, 0x16, 0xEC, 0xAB,
+        0x5A, 0x69, 0x24, 0x7F, 0x5E, 0x81, 0x86, 0x7D,
+        0x30, 0x61, 0x4E, 0x0F, 0x75, 0x39, 0xEE, 0xF2,
+        0xF4, 0xDC, 0x5E, 0x23, 0x40, 0xE8, 0x3C, 0xC0,
+        0x10, 0xAD, 0x5E, 0xE6, 0x06, 0x8E, 0x5F, 0x55,
+        0xC5, 0x69, 0x65, 0x5F, 0xA3, 0x6E, 0x73, 0x86,
+        0x82, 0x32, 0x5F, 0x36, 0xA7, 0x6B, 0x2C, 0x26,
+        0xCD, 0x64, 0xC8, 0x57, 0x1F, 0x06, 0x7A, 0xAB,
+        0x8B, 0xA7, 0xDB, 0x53, 0x48, 0x1A, 0x06, 0x8D,
+        0x36, 0xF1, 0x77, 0x74, 0xE6, 0xF5, 0x18, 0x62,
+        0x8E, 0x8A, 0xBF, 0xB7, 0x7F, 0x72, 0x44, 0xAC,
+        0xC8, 0x9A, 0x0E, 0x60, 0x4B, 0xAB, 0xB2, 0x9E,
+        0x95, 0xDF, 0x95, 0x28, 0x98, 0x78, 0xBB, 0xA9,
+        0x5D, 0x8E, 0xEE, 0xB4, 0x84, 0xF5, 0x81, 0x7E,
+        0xA1, 0x53, 0x3E, 0xBB, 0x43, 0xF6, 0xD4, 0xB7,
+        0x60, 0xFD, 0xF4, 0xF8, 0x68, 0xB6, 0x1D, 0x9A,
+        0xF7, 0xDA, 0x77, 0xFA, 0xBB, 0x74, 0x44, 0xDE,
+        0x7C, 0x32, 0x2D, 0x5C, 0x24, 0xD8, 0x4D, 0xBF,
+        0xE0, 0x5C, 0x70, 0x12, 0x3C, 0x43, 0xCC, 0x5F,
+        0x00, 0xD5, 0x1F, 0xEA, 0x5D, 0xC9, 0x3A, 0x5C,
+        0x32, 0xED, 0xE0, 0xF1, 0x59, 0xA0, 0xB7, 0x71,
+        0xDC, 0x65, 0xD2, 0x88, 0x20, 0x20, 0xD8, 0x59,
+        0x53, 0x2D, 0x30, 0x2D, 0xFC, 0xA9, 0xEA, 0x45,
+        0xB0, 0xF3, 0x1E, 0x66, 0x9F, 0xF6, 0xF1, 0x5E,
+        0x9B, 0x67, 0x1D, 0xBF, 0x5E, 0x19, 0xB3, 0x2A,
+        0xE8, 0xCE, 0xE5, 0x90, 0xFE, 0x82, 0x5C, 0x19,
+        0x7B, 0x84, 0x3E, 0x45, 0xFF, 0x5D, 0xC2, 0x2E,
+        0x49, 0x6A, 0xB1, 0x2D, 0x50, 0x2D, 0x21, 0xF7,
+        0x2A, 0xA2, 0x39, 0x47, 0x8D, 0xB5, 0x17, 0x64,
+        0x3E, 0x96, 0x13, 0x90, 0x53, 0xEA, 0x57, 0x4C,
+        0xDB, 0x3D, 0x43, 0xC3, 0xE7, 0xD6, 0x5C, 0x54,
+        0x89, 0xDF, 0x6E, 0xF9, 0xE4, 0xC6, 0x64, 0xF0,
+        0x88, 0x1C, 0xD0, 0xF6, 0x9D, 0x9E, 0xD7, 0xCD,
+        0x2C, 0xFB, 0xCC, 0x54, 0x0E, 0x96, 0xD7, 0x4E,
+        0x05, 0xD2, 0xB3, 0x88, 0x85, 0xD8, 0x60, 0xA4,
+        0xF2, 0xE4, 0xD7, 0xFF, 0xAF, 0x12, 0x2E, 0xBA,
+        0xC4, 0x5A, 0x3A, 0x3E, 0xC5, 0xD7, 0xF3, 0x60,
+        0x4F, 0x27, 0xEF, 0xE0, 0x35, 0xAC, 0x4A, 0x8B,
+        0x14, 0x7D, 0xC4, 0xEF, 0x61, 0x9A, 0x69, 0x2E,
+        0x49, 0x80, 0x04, 0x0C, 0x18, 0xB9, 0x42, 0xC6,
+        0x8C, 0x8A, 0x99, 0x43, 0xA6, 0x5A, 0xCD, 0x72,
+        0x20, 0xAD, 0xFD, 0x9C, 0xC4, 0xAA, 0xDF, 0x6C,
+        0x6C, 0x03, 0xEF, 0x48, 0x3E, 0xFB, 0x4A, 0xBC,
+        0xAA, 0x44, 0xEE, 0xC4, 0x25, 0x8F, 0xF9, 0x8A,
+        0xC2, 0x24, 0x73, 0x15, 0xFA, 0x0E, 0xCB, 0x00,
+        0xEE, 0x9B, 0x39, 0x3F, 0x60, 0x1F, 0x00, 0x95,
+        0xCA, 0xFE, 0xC2, 0x2C, 0x35, 0x5F, 0xD9, 0xD1,
+        0x29, 0xB5, 0x4D, 0xC1, 0x66, 0x51, 0x8F, 0x17,
+        0x3B, 0xF4, 0xF1, 0x49, 0x42, 0x36, 0x0C, 0x5B,
+        0x58, 0xF2, 0x9B, 0x59, 0x01, 0xFB, 0x15, 0x7F,
+        0x21, 0x90, 0x1F, 0x56, 0x69, 0x8B, 0xE2, 0xA5,
+        0x44, 0xCB, 0x84, 0x98, 0x4B, 0x75, 0xA8, 0xCB,
+        0x83, 0x0D, 0xE8, 0x1C, 0x91, 0x7F, 0xE4, 0x57,
+        0x81, 0x16, 0x34, 0x2F, 0xCE, 0x01, 0xAA, 0x62,
+        0x54, 0x44, 0xB7, 0xD6, 0xC7, 0xF1, 0x68, 0x9A,
+        0x00, 0x3B, 0x71, 0x16, 0xF9, 0x96, 0x6A, 0x90,
+        0x6C, 0x2C, 0x4E, 0x58, 0xBC, 0xDD, 0xE9, 0x3B,
+        0x60, 0xB7, 0xA0, 0x97, 0xEE, 0xD6, 0x34, 0xDD,
+        0x49, 0x4A, 0xD9, 0x85, 0xD1, 0xB7, 0x95, 0x14,
+        0xEC, 0x6A, 0x40, 0xE8, 0x31, 0x80, 0xF1, 0xD8,
+        0x5F, 0x75, 0xF6, 0x92, 0x3A, 0x4F, 0xCD, 0x0A,
+        0x6E, 0xBF, 0xA1, 0x27, 0x48, 0x79, 0x27, 0x04,
+        0x76, 0x2C, 0xAB, 0x25, 0x06, 0xEB, 0x43, 0xDD,
+        0x1B, 0x4B, 0x24, 0xFC, 0x93, 0x51, 0x1C, 0x45,
+        0xF6, 0xAE, 0x77, 0xCF, 0xC9, 0xE6, 0x20, 0xE4,
+        0xA5, 0x2B, 0x3D, 0x7D, 0xF0, 0xEB, 0x51, 0x7C,
+        0xCA, 0xFE, 0x58, 0xBA, 0xC4, 0x07, 0x95, 0x75,
+        0x62, 0x0C, 0x50, 0x68, 0x88, 0x1A, 0x8A, 0x0D,
+        0x1B, 0x5C, 0x53, 0x1A, 0x9C, 0xA8, 0x4E, 0xFE,
+        0x63, 0x9B, 0xDB, 0x05, 0x70, 0x01, 0x75, 0xA1,
+        0x3A, 0x08, 0xFA, 0x51, 0xD5, 0xF6, 0x81, 0xDE,
+        0x69, 0xE5, 0x40, 0xB3, 0xF8, 0x7C, 0x46, 0x97,
+        0xA6, 0x4E, 0xA8, 0x51, 0x47, 0x9C, 0xB9, 0x25,
+        0xCD, 0x4E, 0xED, 0xFC, 0xEE, 0x03, 0x6A, 0xCD,
+        0x93, 0x65, 0xB3, 0x68, 0x09, 0x6F, 0xE8, 0x00,
+        0x6A, 0x3F, 0xBF, 0xE8, 0x6F, 0x09, 0xE9, 0xF2,
+        0x6F, 0x44, 0x2E, 0xB1, 0x81, 0x76, 0x04, 0xDD,
+        0x6E, 0xF4, 0x93, 0x61, 0xE5, 0x78, 0xD4, 0xDA,
+        0xBF, 0x05, 0xA1, 0xF4, 0x9D, 0xFD, 0x57, 0x06,
+        0x9C, 0x13, 0x45, 0x97, 0xF2, 0x48, 0xE6, 0x1A,
+        0xB5, 0xAD, 0x09, 0x11, 0x04, 0xBB, 0xA0, 0xA8,
+        0xA3, 0xA3, 0x33, 0xCD, 0x42, 0x2C, 0x66, 0xC2,
+        0x94, 0x80, 0x15, 0x9D, 0x56, 0x74, 0x02, 0xEE,
+        0xA7, 0xE4, 0x90, 0xDD, 0xFB, 0x0B, 0x3B, 0xF0,
+        0x7A, 0x02, 0x44, 0xE8, 0x11, 0xC4, 0x3A, 0xFE,
+        0x73, 0x2A, 0x4C, 0x92, 0x3C, 0x23, 0x37, 0x8B,
+        0x4F, 0x28, 0x8E, 0x1C, 0x4E, 0x7D, 0x0D, 0x6B,
+        0xFD, 0x20, 0xB5, 0x93, 0xB3, 0x75, 0x30, 0x28,
+        0xC7, 0x7E, 0x67, 0xC4, 0xDE, 0xDA, 0x27, 0xA9,
+        0xE3, 0xF2, 0xF5, 0x25, 0x98, 0x5F, 0x6B, 0xBE,
+        0x11, 0x80, 0x23, 0x49, 0x30, 0xC8, 0x8A, 0x63,
+        0xF9, 0xC4, 0x14, 0x77, 0x2A, 0xE2, 0x21, 0x42,
+        0x28, 0x1C, 0xEB, 0x9F, 0x7B, 0x70, 0xA8, 0x2B,
+        0xFB, 0x25, 0x36, 0xA6, 0xAC, 0xFE, 0x8E, 0xFF,
+        0xB6, 0x86, 0x09, 0x15, 0x7E, 0xD9, 0x26, 0x8F,
+        0xDB, 0xF2, 0x2D, 0xC2, 0xFA, 0xAE, 0xDA, 0x50,
+        0xF6, 0x24, 0x53, 0xDB, 0xBF, 0x92, 0x9D, 0x7E,
+        0x48, 0xCC, 0x75, 0xAC, 0xD0, 0xD3, 0x45, 0x09,
+        0x2F, 0x01, 0x60, 0xBB, 0xAE, 0xCB, 0xE6, 0xB3,
+        0x30, 0xDA, 0xD9, 0xB6, 0x12, 0xCD, 0xF5, 0x11,
+        0xCF, 0x2B, 0x2A, 0xC6, 0x61, 0x9A, 0x05, 0x59,
+        0x08, 0x58, 0x64, 0xEC, 0xDB, 0x77, 0xCF, 0x64,
+        0xE2, 0x4B, 0x6E, 0xF4, 0x07, 0x68, 0x5E, 0xE9,
+        0x31, 0xB1, 0x38, 0x67, 0xF9, 0x29, 0x2E, 0x7A,
+        0xD2, 0x03, 0xA6, 0x29, 0x3F, 0x22, 0x58, 0x66,
+        0x6A, 0x07, 0xD8, 0xFD, 0xC5, 0x03, 0xEE, 0x66,
+        0xD4, 0x66, 0x70, 0x6D, 0xA4, 0xC4, 0xA1, 0xEE,
+        0xCD, 0x4D, 0xFA, 0x3C, 0x34, 0x36, 0xC2, 0xC5,
+        0x1E, 0x86, 0xB8, 0x7B, 0x7C, 0xBC, 0x67, 0x16,
+        0xF3, 0x6E, 0xF2, 0xB7, 0xEA, 0x96, 0x1B, 0x0D,
+        0xA2, 0xC8, 0x42, 0xBF, 0x30, 0x09, 0x2A, 0x6D,
+        0x9D, 0x35, 0xB3, 0x92, 0xBA, 0x3E, 0xE2, 0xE9,
+        0xE2, 0xAA, 0x90, 0x70, 0xCE, 0x0F, 0x07, 0xFA,
+        0x7C, 0x3B, 0xF7, 0x66, 0x7F, 0x5C, 0xFE, 0xD9,
+        0x72, 0x1C, 0x4E, 0xFE, 0x7E, 0x86, 0x8E, 0x7F,
+        0x62, 0x8D, 0x41, 0x46, 0x7B, 0x43, 0x17, 0xB9,
+        0x44, 0xED, 0x39, 0x1B, 0x3E, 0xF9, 0x2D, 0xC7,
+        0x5C, 0x9D, 0xAC, 0x05, 0x00, 0xC6, 0x85, 0x4E,
+        0xB8, 0xBC, 0x29, 0xDF, 0x6D, 0x6A, 0xCC, 0xEB,
+        0xD6, 0x44, 0x86, 0xAA, 0xC9, 0x55, 0x49, 0xA1,
+        0x3F, 0x59, 0x5E, 0xAF, 0xD5, 0xC9, 0x96, 0x19,
+        0x84, 0xC0, 0x4D, 0x1B, 0xE5, 0x2C, 0x42, 0x8D,
+        0x2C, 0xC8, 0x83, 0x00, 0x26, 0xBF, 0x46, 0x9F,
+        0x20, 0x97, 0xEC, 0x2C, 0xA9, 0x2C, 0xF0, 0xA7,
+        0x11, 0xED, 0xE2, 0xA2, 0x57, 0x83, 0x40, 0x92,
+        0xF3, 0x58, 0xB7, 0x4E, 0xD6, 0x3A, 0x9D, 0xF0,
+        0xDD, 0xD4, 0x5F, 0x82, 0x58, 0xD3, 0x72, 0x05,
+        0x69, 0xFF, 0x1E, 0xBC, 0x74, 0x90, 0x87, 0xB5,
+        0x7A, 0xEE, 0xF8, 0xCE, 0x3F, 0x59, 0xE1, 0xC0,
+        0x46, 0x24, 0xF8, 0x9D, 0x93, 0x51, 0x4A, 0x44,
+        0xFB, 0xEA, 0x58, 0xA6, 0xAC, 0x9A, 0x7C, 0xA3,
+        0x11, 0xA3, 0x47, 0x44, 0x24, 0x11, 0xF5, 0x56,
+        0x1A, 0x3B, 0xCF, 0xEC, 0xD9, 0x2B, 0x6C, 0xBA,
+        0xA6, 0xA2, 0x67, 0xB9, 0xE0, 0xCB, 0x3F, 0x8D,
+        0xA8, 0xC4, 0x8A, 0x45, 0xAB, 0xE2, 0x10, 0x19,
+        0x10, 0xC9, 0xDB, 0x01, 0x64, 0xC0, 0x0B, 0x6F,
+        0x3B, 0xA1, 0xE9, 0xEB, 0x74, 0x9A, 0x63, 0x93,
+        0xE5, 0x74, 0x3F, 0xD3, 0x7B, 0xEA, 0x8C, 0xD6,
+        0x7D, 0x66, 0xDD, 0x90, 0x6C, 0x69, 0x67, 0x05,
+        0xAD, 0x70, 0xF1, 0xFA, 0x52, 0xBB, 0xD5, 0x3D,
+        0x0E, 0x7E, 0x87, 0xE0, 0x98, 0xAF, 0xA6, 0xE6,
+        0x0E, 0x25, 0x91, 0x70, 0xCA, 0x36, 0xE4, 0xF8,
+        0xF7, 0x95, 0x1C, 0x48, 0xF6, 0x62, 0x9A, 0x4D,
+        0xE4, 0xE7, 0x3A, 0x92, 0xC6, 0x2E, 0xAB, 0x8A,
+        0x75, 0x7C, 0x45, 0xDA, 0x54, 0xB1, 0x6D, 0x2E,
+        0xCC, 0x13, 0x46, 0x67, 0x8F, 0xFF, 0xDA, 0x18,
+        0xE1, 0x4C, 0xE4, 0x6A, 0xB6, 0xAC, 0x65, 0x32,
+        0x0C, 0x63, 0xD5, 0x43, 0xB5, 0x8B, 0xB1, 0x52,
+        0xEE, 0x0C, 0xBB, 0x62, 0x34, 0x30, 0xDB, 0xF7,
+        0x08, 0xC6, 0xE8, 0x5B, 0x07, 0x66, 0x6D, 0x4B,
+        0x39, 0xC6, 0x94, 0x2B, 0x22, 0x9E, 0x3E, 0x45,
+        0x62, 0x3D, 0x05, 0x03, 0x2B, 0x16, 0x71, 0xBB,
+        0x85, 0x1B, 0x6E, 0x84, 0xD3, 0x48, 0x4D, 0x63,
+        0x26, 0x60, 0x97, 0x45, 0xB8, 0xEA, 0x43, 0x96,
+        0x00, 0xFE, 0x0B, 0x85, 0xBD, 0x22, 0x40, 0xA4,
+        0xA7, 0x2F, 0xC1, 0xEB, 0xFD, 0xB5, 0x22, 0xD5,
+        0x1F, 0xB3, 0xEA, 0x7C, 0x6D, 0x20, 0xFB, 0x98,
+        0xA5, 0xF2, 0x84, 0x70, 0xF7, 0xB9, 0x2A, 0x12,
+        0x63, 0x0C, 0x2D, 0x97, 0x6C, 0xC2, 0x76, 0xAC,
+        0x32, 0xE2, 0xB1, 0x3A, 0xB3, 0xAB, 0x9E, 0xBB,
+        0x61, 0xB4, 0x6A, 0x5F, 0x2D, 0x4D, 0xCE, 0x0D,
+        0xFB, 0x97, 0x80, 0x89, 0x4A, 0x81, 0xFB, 0xB2,
+        0x72, 0x37, 0x66, 0xB9, 0x08, 0xBF, 0xCD, 0x9F,
+        0x63, 0xB2, 0xBA, 0x54, 0xF1, 0x9E, 0xEC, 0x11,
+        0x67, 0x26, 0xC7, 0x98, 0xDD, 0xA3, 0xC5, 0x50,
+        0x86, 0x17, 0xD5, 0xCF, 0x51, 0x97, 0x22, 0x65,
+        0x2B, 0x71, 0xF7, 0x34, 0x84, 0x55, 0xC9, 0xD1,
+        0xFE, 0x75, 0x42, 0x0A, 0x5A, 0x31, 0x59, 0xE8,
+        0x8A, 0x0D, 0xE5, 0x77, 0x1C, 0xF5, 0xFD, 0x27,
+        0x05, 0x05, 0xF7, 0x28, 0xDA, 0x54, 0xAB, 0xBD,
+        0xDC, 0x50, 0xB8, 0xDB, 0x2E, 0xB4, 0x28, 0x41,
+        0x30, 0x04, 0x40, 0xD5, 0xF0, 0x12, 0xD7, 0x16,
+        0x3D, 0x8F, 0x41, 0xE7, 0x70, 0x76, 0x82, 0xB9,
+        0xC4, 0xB2, 0x1F, 0x57, 0x10, 0xB6, 0xC4, 0x84,
+        0x0D, 0xB1, 0xB8, 0x21, 0xB2, 0x77, 0x09, 0xF6,
+        0xD5, 0x9C, 0xE4, 0xA2, 0xFA, 0x83, 0x13, 0x56,
+        0x94, 0x3F, 0x37, 0x6D, 0x0D, 0x7C, 0x7E, 0xA0,
+        0xE5, 0xC8, 0xD9, 0x42, 0x0F, 0x35, 0xB1, 0xDC,
+        0xB9, 0x49, 0xD5, 0xED, 0xA8, 0x90, 0x09, 0x14,
+        0xAE, 0x63, 0xB5, 0xEA, 0x62, 0x0D, 0x9E, 0x6D,
+        0x93, 0xBD, 0x3A, 0xEA, 0x24, 0xB5, 0xAC, 0xC9,
+        0xD1, 0x7B, 0xBC, 0xC6, 0xC4, 0xBA, 0x68, 0xB1,
+        0x65, 0xFE, 0xAB, 0x30, 0xD4, 0x92, 0xD9, 0xC1,
+        0x94, 0x84, 0xE1, 0x20, 0x4E, 0x28, 0x7C, 0x3A,
+        0x3E, 0x8B, 0x44, 0x79, 0xC7, 0xB5, 0xA5, 0x95,
+        0xC2, 0xC9, 0xA8, 0x3F, 0x92, 0x67, 0x06, 0x9A,
+        0x12, 0xD3, 0xAE, 0x78, 0x87, 0x0E, 0x31, 0x54,
+        0x26, 0xDF, 0x97, 0xEB, 0x6C, 0xF3, 0xC9, 0x53,
+        0x39, 0xED, 0x50, 0x5A, 0xF9, 0x6A, 0x03, 0x27,
+        0x8E, 0xC6, 0x79, 0x5B, 0xD4, 0xD3, 0x57, 0x97,
+        0xFD, 0xF5, 0xCB, 0x14, 0xDB, 0xBE, 0x39, 0xB9,
+        0x64, 0x8A, 0x75, 0xAA, 0xE3, 0x4A, 0x19, 0x59,
+        0x69, 0x7D, 0xF8, 0x7D, 0x8C, 0xB8, 0x2F, 0x32,
+        0x57, 0xBF, 0x84, 0x9E, 0x45, 0x4E, 0xC4, 0xA0,
+        0x65, 0xA4, 0x0B, 0x73, 0x36, 0xC5, 0xD1, 0x07,
+        0xF8, 0x1C, 0x91, 0x07, 0xB8, 0x0B, 0x4B, 0xE5,
+        0x4F, 0xE6, 0xA1, 0xDF, 0x29, 0x03, 0xE7, 0x68,
+        0xA4, 0x32, 0x8E, 0x21, 0x8F, 0x15, 0x51, 0x57,
+        0x65, 0x16, 0xF0, 0x55, 0x71, 0x8C, 0x28, 0xD8,
+        0x82, 0xDC, 0x8A, 0xC1, 0xE7, 0x5C, 0xF2, 0xD5,
+        0xB8, 0x18, 0x16, 0x9F, 0x63, 0x89, 0x21, 0xF1,
+        0xA6, 0xED, 0x21, 0xDA, 0xC8, 0x0A, 0x10, 0x21,
+        0x18, 0x98, 0xD0, 0xF2, 0x9E, 0xDE, 0x5A, 0xA1,
+        0x51, 0xC9, 0x18, 0x3B, 0x68, 0x79, 0x75, 0xE7,
+        0xF4, 0xF9, 0xBF, 0x5F, 0xBE, 0x61, 0x35, 0xA9,
+        0x02, 0x56, 0x2D, 0x99, 0xD8, 0x95, 0xFA, 0x78,
+        0x8A, 0x67, 0x24, 0x1D, 0xDF, 0x13, 0x14, 0xD0,
+        0xB4, 0xB6, 0x21, 0x11, 0xB7, 0xA4, 0x06, 0x8D,
+        0x1D, 0xF6, 0xD5, 0x50, 0x2A, 0x0A, 0x42, 0x3C,
+        0x7C, 0xF1, 0x1F, 0x15, 0x1C, 0x81, 0x69, 0xDA,
+        0xCC, 0xAC, 0x8F, 0xB9, 0x08, 0x4E, 0xF8, 0x4E,
+        0x3E, 0x77, 0x26, 0x4A, 0x1F, 0x72, 0x89, 0xCA,
+        0x91, 0x77, 0x99, 0xBF, 0x28, 0xD2, 0x31, 0x65,
+        0x30, 0x37, 0x84, 0x66, 0x8A, 0x1C, 0xC6, 0x59,
+        0x7D, 0x48, 0x9B, 0x4D, 0xDC, 0x87, 0x4F, 0xD2,
+        0x04, 0xA0, 0x8B, 0x8B, 0x37, 0x3B, 0x1A, 0xDB,
+        0xCF, 0x63, 0x39, 0x07, 0xF3, 0x37, 0xCF, 0x0E,
+        0x2F, 0xEB, 0xE6, 0x2A, 0xA1, 0x4C, 0xE0, 0x75,
+        0x3F, 0xAB, 0xF7, 0xDE, 0x48, 0x83, 0x79, 0x89,
+        0x30, 0xA7, 0x1B, 0xE8, 0x73, 0x8E, 0x9D, 0x1D,
+        0xF6, 0x5C, 0x91, 0x4F, 0x44, 0x7C, 0x04, 0xA7,
+        0x07, 0xC8, 0xCC, 0x4A, 0x5C, 0x81, 0xAD, 0x48,
+        0x7C, 0xE5, 0x19, 0x5A, 0xC4, 0x29, 0x80, 0x14,
+        0xFA, 0xC2, 0x26, 0x1C, 0x50, 0x28, 0xB9, 0xF6,
+        0x7F, 0x8D, 0x51, 0x9A, 0xDA, 0xBB, 0x8E, 0x90,
+        0xBA, 0x3B, 0xD9, 0x4D, 0x61, 0xBE, 0xFD, 0x33,
+        0xC0, 0xCA, 0x7B, 0x09, 0xFF, 0x36, 0x84, 0x70,
+        0x11, 0xB4, 0xBE, 0x81, 0xFE, 0x71, 0xEE, 0x81,
+        0xD7, 0x61, 0xBB, 0x83, 0xA6, 0xA0, 0xDC, 0x20,
+        0x04, 0x02, 0x4C, 0x1B, 0x4D, 0xED, 0x8A, 0xC1,
+        0x38, 0x70, 0xC3, 0x69, 0xC9, 0x50, 0xC2, 0x17,
+        0x64, 0xAD, 0x9D, 0x44, 0x63, 0x44, 0xE5, 0x32,
+        0x7B, 0x90, 0xE3, 0xEF, 0x45, 0x28, 0xA6, 0x23,
+        0x92, 0xCB, 0xA1, 0xFC, 0xA8, 0xB4, 0x39, 0xF1,
+        0xB1, 0x00, 0x1F, 0x06, 0xD4, 0x91, 0x5D, 0xDB,
+        0xAC, 0x7D, 0x87, 0xD4, 0xEE, 0xCD, 0x4A, 0x06,
+        0x3E, 0xB4, 0x84, 0x65, 0xAA, 0x47, 0x05, 0x41,
+        0x7C, 0x95, 0x47, 0x3A, 0x49, 0x80, 0xC5, 0xAC,
+        0x32, 0x41, 0x6A, 0x3A, 0x2B, 0xB9, 0xD9, 0x21,
+        0x80, 0xC7, 0xC1, 0xD0, 0xC9, 0x95, 0x4B, 0xC3,
+        0xEA, 0x0D, 0x3F, 0x0E, 0xE4, 0x5A, 0xD8, 0xBD,
+        0x11, 0xD0, 0x76, 0x6D, 0x3C, 0xA7, 0x64, 0xD8,
+        0xCA, 0x4C, 0x8F, 0x58, 0x2C, 0xDD, 0x95, 0x1F,
+        0xBB, 0x76, 0x8D, 0x10, 0xFD, 0xAD, 0x45, 0xCE,
+        0x71, 0x6E, 0x27, 0x92, 0xC4, 0xA6, 0x17, 0x46,
+        0x95, 0xDB, 0xD8, 0xEA, 0x9A, 0x5F, 0x0E, 0xE0,
+        0x0A, 0xA2, 0xF5, 0x79, 0xC3, 0x74, 0xA7, 0x70,
+        0x99, 0x3B, 0x23, 0xD7, 0x3E, 0xA4, 0x96, 0xB5,
+        0x54, 0x77, 0x71, 0x8D, 0x78, 0x2E, 0xCC, 0x0A,
+        0x4E, 0xF8, 0xA9, 0x96, 0xEE, 0xB4, 0x4B, 0x5B,
+        0xDC, 0x52, 0x6D, 0xE1, 0x61, 0x36, 0xE1, 0x32,
+        0xD6, 0xA2, 0x7B, 0x2E, 0xCC, 0x78, 0x92, 0xA1,
+        0x81, 0x59, 0xB8, 0xC7, 0x04, 0x11, 0x3D, 0xF0,
+        0xF9, 0xF9, 0x3E, 0x47, 0x3C, 0xEA, 0xD5, 0x30,
+        0x2D, 0xAE, 0xC0, 0x47, 0xC8, 0x61, 0xCC, 0x9C,
+        0x2E, 0xC0, 0x40, 0x16, 0x11, 0x73, 0x13, 0xF3,
+        0x19, 0xAE, 0x72, 0x44, 0x72, 0xC5, 0x59, 0x51,
+        0x2E, 0x9F, 0xE3, 0x07, 0xB0, 0xCA, 0x6B, 0xB0,
+        0x15, 0x20, 0xB4, 0x25, 0x00, 0xED, 0xFD, 0xAC,
+        0xD6, 0x34, 0x8B, 0xCA, 0xE8, 0xC6, 0x3B, 0xFD,
+        0x02, 0x22, 0xE6, 0x91, 0x2B, 0x4B, 0x61, 0xDF,
+        0x63, 0x5C, 0x2B, 0x5F, 0x82, 0x07, 0x23, 0x59,
+        0x82, 0x5E, 0x0E, 0x21, 0xF7, 0x9C, 0x37, 0x1C,
+        0x7E, 0x6F, 0xD4, 0xFA, 0x91, 0x40, 0x8B, 0x98,
+        0x68, 0xBD, 0x60, 0x2F, 0x0A, 0xC8, 0xC8, 0x99,
+        0xA1, 0xC6, 0x10, 0xF1, 0x27, 0x53, 0xD3, 0xFB,
+        0x23, 0x02, 0xE7, 0x8E, 0x95, 0xB1, 0xF0, 0x21,
+        0xCB, 0x90, 0xEE, 0x8D, 0xE0, 0x27, 0x57, 0xDE,
+        0x40, 0xA3, 0xE7, 0x8F, 0x61, 0xC1, 0x8F, 0xC5,
+        0x0C, 0x0F, 0xBA, 0x05, 0xA0, 0x58, 0x8E, 0x86,
+        0x8A, 0xF5, 0x72, 0xE1, 0x34, 0xB4, 0xF6, 0x8E,
+        0x6E, 0xA4, 0x21, 0x75, 0x43, 0x73, 0xE7, 0x32,
+        0x72, 0x80, 0x9B, 0xE7, 0x1D, 0x78, 0x8F, 0x0D,
+        0x06, 0x47, 0x9E, 0x4D, 0xB4, 0xAC, 0x3E, 0x0D,
+        0xB8, 0x11, 0x23, 0xFF, 0xAD, 0xB9, 0x23, 0xE0,
+        0xA4, 0x37, 0xA6, 0x3D, 0xC2, 0x15, 0xF4, 0x64,
+        0x03, 0x1F, 0x0A, 0x68, 0xED, 0x37, 0x37, 0xE8,
+        0x3E, 0x5B, 0x49, 0x78, 0xFC, 0xFC, 0x12, 0x06,
+        0xE8, 0xC7, 0xCD, 0x3A, 0xAF, 0xD4, 0x54, 0xA7,
+        0x04, 0x7B, 0xFC, 0x66, 0xA6, 0xA8, 0x1C, 0x38,
+        0x0C, 0x26, 0x08, 0xE6, 0xEE, 0x47, 0x25, 0x80,
+        0x59, 0xA5, 0x39, 0x81, 0x20, 0xEE, 0x5F, 0x49,
+        0x9A, 0x01, 0x37, 0xE9, 0x96, 0x18, 0xD0, 0x05,
+        0x2D, 0xE3, 0x73, 0xD5, 0x08, 0x3B, 0x18, 0x46,
+        0xFE, 0x9E, 0x67, 0x5B, 0x9E, 0xF8, 0x53, 0x05,
+        0x2F, 0x96, 0x18, 0x9C, 0x09, 0x0D, 0xA6, 0x05,
+        0xB3, 0x9E, 0x2F, 0x0B, 0x5A, 0xF3, 0x93, 0xFF,
+        0x29, 0xF3, 0x4F, 0x62, 0xD5, 0x9A, 0xCE, 0x74,
+        0x64, 0xD0, 0xBC, 0xB3, 0x08, 0xF1, 0xD3, 0x22,
+        0xA5, 0xBE, 0x64, 0x0A, 0xEB, 0xA5, 0xF5, 0x1B,
+        0x7E, 0x0A, 0x44, 0x3B, 0x1D, 0xA9, 0x48, 0x9A,
+        0x2F, 0xED, 0x05, 0x0F, 0x44, 0xB3, 0x6D, 0xAD,
+        0x39, 0x2C, 0xBA, 0x8E, 0x2B, 0xDE, 0x17, 0x38,
+        0xD1, 0x69, 0xEA, 0xAE, 0x4E, 0x97, 0xCD, 0x61,
+        0xBA, 0x75, 0x39, 0xF2, 0x81, 0xBB, 0xA9, 0x0F,
+        0x6F, 0x82, 0xD4, 0xCB, 0xE4, 0x93, 0x82, 0x11,
+        0x72, 0x9A, 0xE9, 0x87, 0xEC, 0xCC, 0x6D, 0xA1,
+        0x7D, 0x47, 0x60, 0x20, 0xB6, 0xEE, 0xC6, 0xAA,
+        0xC0, 0x3C, 0x95, 0x08, 0xA0, 0x8B, 0xFA, 0x04,
+        0xF6, 0x6F, 0x65, 0x48, 0xCA, 0xA7, 0xA3, 0xA8,
+        0xBB, 0x3B, 0x80, 0x91, 0xB6, 0x6D, 0x2F, 0x9D,
+        0x97, 0xBB, 0x52, 0xE6, 0xC4, 0x24, 0x99, 0x97,
+        0x63, 0xAD, 0xD2, 0xFD, 0xB3, 0x94, 0x6D, 0xC1,
+        0xFB, 0xFA, 0x89, 0x45, 0x78, 0x80, 0x3C, 0xAA,
+        0x3F, 0xC0, 0x7E, 0x8D, 0x37, 0x00, 0xA7, 0x70,
+        0xD6, 0x57, 0x2A, 0xD3, 0x17, 0xB1, 0x9E, 0xDF,
+        0x96, 0x98, 0x40, 0xB8, 0x1C, 0xCC, 0xC6, 0xCD,
+        0xCD, 0xB0, 0xF3, 0x23, 0x53, 0xB6, 0x45, 0x78,
+        0xA6, 0xA0, 0x88, 0x61, 0x06, 0x04, 0x8E, 0x1B,
+        0xCD, 0x12, 0x29, 0x50, 0x0F, 0xD2, 0x8C, 0x89,
+        0x51, 0xD1, 0x74, 0x0B, 0xE3, 0xA7, 0x75, 0x8A,
+        0x60, 0x95, 0xEF, 0x6A, 0x98, 0xC7, 0x35, 0xA5,
+        0xC0, 0xFB, 0x4C, 0x88, 0xA1, 0xDA, 0xCE, 0x79,
+        0x3D, 0x4E, 0x4F, 0x91, 0x75, 0x88, 0xE0, 0x5F,
+        0x17, 0xF5, 0xEF, 0xF8, 0x49, 0xFE, 0xB1, 0xDB,
+        0x0D, 0xE8, 0xB2, 0xF7, 0xD4, 0x90, 0xBD, 0xB0,
+        0x6B, 0x3A, 0x1B, 0xB5, 0xC6, 0xFB, 0x93, 0xEF,
+        0xF3, 0xDD, 0x60, 0xEA, 0x67, 0x11, 0xFE, 0x6A,
+        0xCC, 0x2C, 0x64, 0x2A, 0x85, 0x2E, 0x24, 0x39,
+        0x34, 0x6B, 0xBC, 0xF8, 0x89, 0xB3, 0x49, 0x82,
+        0x9C, 0xC0, 0x04, 0x29, 0x6D, 0x25, 0xCB, 0x19,
+        0xE1, 0x53, 0xC6, 0x10, 0x7D, 0x62, 0x07, 0xD2,
+        0x83, 0x8B, 0x89, 0x04, 0x70, 0x06, 0x60, 0x4F,
+        0xB6, 0x10, 0x2B, 0xA0, 0x92, 0xF4, 0x1A, 0x7A,
+        0xD6, 0x4F, 0xDC, 0x6C, 0x6C, 0x27, 0xE5, 0xEC,
+        0x68, 0x1B, 0x95, 0x7C, 0x1C, 0x95, 0x2C, 0xB7,
+        0x0A, 0x8D, 0xC7, 0x57, 0x92, 0x00, 0x4D, 0xC0,
+        0x5F, 0xD4, 0xF4, 0x88, 0x3F, 0x8D, 0x43, 0x12,
+        0x05, 0xE2, 0x14, 0x0E, 0xDD, 0x2C, 0xEC, 0xD5,
+        0x2F, 0x1A, 0xE6, 0x97, 0xDC, 0xFE, 0x96, 0x80,
+        0x67, 0x3B, 0xD4, 0x63, 0x73, 0xFA, 0xC8, 0x4F,
+        0x4C, 0x4F, 0x2D, 0x68, 0x76, 0x44, 0x8E, 0xC2,
+        0x19, 0x99, 0x44, 0xEA, 0xF2, 0x33, 0x23, 0x83,
+        0xC8, 0xB1, 0x7C, 0x27, 0x43, 0x9B, 0x67, 0xF9,
+        0xDE, 0xE1, 0xAE, 0x03, 0xA5, 0xA5, 0x2B, 0x96,
+        0xB2, 0xEC, 0x4A, 0x43, 0xA7, 0x6D, 0xF4, 0xDB,
+        0x32, 0x5B, 0x54, 0xD6, 0x63, 0xEA, 0x65, 0xC2,
+        0xA8, 0x4B, 0x80, 0xCC, 0x65, 0x2D, 0xCE, 0x6F,
+        0x61, 0x2F, 0x58, 0xD1, 0xE5, 0x64, 0x8A, 0x42,
+        0x8D, 0xBA, 0xFA, 0x35, 0x5C, 0x9E, 0xD5, 0x80,
+        0x2D, 0x5C, 0xC3, 0x47, 0xFB, 0x0D, 0x43, 0x20,
+        0x7A, 0xA4, 0x37, 0xB2, 0x2F, 0x0B, 0x43, 0xB9,
+        0x94, 0xD3, 0xD9, 0xC2, 0xD7, 0x02, 0x5D, 0x6A,
+        0x12, 0x99, 0xE7, 0x32, 0x6C, 0xF0, 0x0C, 0x73,
+        0x51, 0x33, 0x84, 0xA9, 0x0C, 0x66, 0xC9, 0x19,
+        0x88, 0x9A, 0xF1, 0xB6, 0xF8, 0x41, 0xB1, 0xDC,
+        0x60, 0xA4, 0x80, 0x73, 0x0B, 0x21, 0xF9, 0xB8,
+        0x01, 0x7E, 0x66, 0x0D, 0xB4, 0x2B, 0x53, 0x8D,
+        0x7D, 0x0B, 0xE1, 0xA3, 0x0C, 0x27, 0xF6, 0x2F,
+        0x27, 0x34, 0x53, 0x75, 0x54, 0xF7, 0x5E, 0x05,
+        0x1C, 0x5A, 0x94, 0x08, 0x14, 0xDE, 0xAA, 0x98,
+        0xD9, 0xA5, 0xA0, 0xBE, 0x80, 0xC1, 0xEB, 0x3C,
+        0xCF, 0x78, 0x88, 0xA4, 0xA2, 0x03, 0xF8, 0x79,
+        0x1F, 0x84, 0x84, 0xA7, 0x0E, 0x95, 0x1A, 0x85,
+        0xEF, 0x4C, 0xBE, 0xA2, 0x99, 0xAB, 0x10, 0xDD,
+        0x85, 0x3F, 0x10, 0x6A, 0x9C, 0xD5, 0xDD, 0x7A,
+        0xFB, 0xF5, 0xD9, 0xD9, 0xAA, 0xDF, 0x03, 0x78,
+        0xAF, 0x1D, 0xEC, 0x18, 0xEB, 0x00, 0xB6, 0x64,
+        0xB5, 0x75, 0xA5, 0x00, 0xDC, 0x36, 0x45, 0xBD,
+        0x0C, 0x66, 0xCE, 0xA9, 0xBB, 0xD1, 0xF7, 0xE4,
+        0x6A, 0xDA, 0x0E, 0x81, 0x0F, 0x6A, 0x71, 0x60,
+        0x5C, 0x41, 0xD2, 0x12, 0x45, 0x14, 0xEF, 0x6F,
+        0xEC, 0x22, 0x73, 0x4C, 0xA7, 0x94, 0xDD, 0x1A,
+        0x42, 0x22, 0x58, 0x14, 0x0C, 0x4E, 0x6D, 0x77,
+        0x7F, 0xF5, 0xC9, 0x69, 0x81, 0xA3, 0xB8, 0x6D,
+        0x1C, 0x39, 0x47, 0xA5, 0xC4, 0x61, 0x1C, 0x91,
+        0x2F, 0x67, 0xC3, 0x5E, 0x87, 0x1A, 0x85, 0x81,
+        0x7D, 0x76, 0xF2, 0xE0, 0xB9, 0xD0, 0x43, 0x33,
+        0xF1, 0xC1, 0xBA, 0x48, 0x6F, 0x48, 0xD5, 0xAE,
+        0xB6, 0xDC, 0xAA, 0xCA, 0xEB, 0x0B, 0x6B, 0xFE,
+        0xF4, 0xF1, 0x6E, 0x5D, 0xE4, 0x90, 0x53, 0xCF,
+        0x9E, 0x13, 0x80, 0xCE, 0xE5, 0xDD, 0xA4, 0x01,
+        0xBC, 0x16, 0x50, 0xD0, 0x78, 0x96, 0x3F, 0x2B,
+        0x7A, 0x71, 0x8E, 0x86, 0xFD, 0x14, 0x21, 0xDF,
+        0x4D, 0xD7, 0xDD, 0x42, 0x59, 0xB3, 0xED, 0x81,
+        0xE3, 0xAF, 0x71, 0x57, 0xE7, 0x04, 0xD2, 0x26,
+        0xA8, 0x83, 0xFC, 0x03, 0x90, 0x8C, 0x88, 0xC4,
+        0xBF, 0x74, 0x54, 0x59, 0xD8, 0x66, 0x9F, 0xE2,
+        0x7A, 0xCE, 0x5B, 0x9C, 0xC4, 0x37, 0xFA, 0xDB,
+        0x40, 0x9A, 0xDD, 0x73, 0x9C, 0x06, 0x5A, 0x21,
+        0x43, 0xFB, 0xFA, 0x1B, 0x41, 0x31, 0x9F, 0xF4,
+        0x24, 0x09, 0x05, 0xFE, 0x56, 0x17, 0x52, 0x9C,
+        0xC7, 0xE2, 0xCA, 0xC9, 0x1F, 0xBE, 0xE2, 0xEB,
+        0x92, 0xEE, 0xD4, 0x76, 0x44, 0x9A, 0xFA, 0xFB,
+        0x07, 0x62, 0x98, 0xEC, 0xA0, 0xCF, 0xBF, 0xFA,
+        0x5E, 0x1B, 0x8B, 0xCD, 0x33, 0xFB, 0x1A, 0x97,
+        0xFE, 0x50, 0x65, 0x22, 0x08, 0x9E, 0xC3, 0x87,
+        0x88, 0xCA, 0xDD, 0x11, 0x5E, 0xA7, 0xCF, 0xF3,
+        0x07, 0x0A, 0x34, 0x0E, 0x30, 0x1B, 0xC5, 0xCE,
+        0xF7, 0xA6, 0xA4, 0x31, 0xB5, 0x40, 0xB8, 0x81,
+        0xAC, 0xAA, 0x07, 0xE0, 0x7D, 0x5E, 0x6A, 0x25,
+        0x85, 0x8D, 0x1D, 0x82, 0x45, 0x82, 0x76, 0xB2,
+        0x65, 0x69, 0x3E, 0x88, 0xFE, 0x21, 0xFE, 0x6A,
+        0x6B, 0x97, 0xD6, 0x70, 0x70, 0x00, 0x83, 0x18,
+        0x39, 0xA6, 0x91, 0x3F, 0xB1, 0xB7, 0xED, 0x11,
+        0xD3, 0xF9, 0x74, 0x31, 0xEC, 0x21, 0xA2, 0xEE,
+        0x69, 0x04, 0xC0, 0xEA, 0x4A, 0x17, 0x1A, 0xF8,
+        0xDA, 0xF1, 0x52, 0xB2, 0x78, 0x69, 0x4F, 0xDF,
+        0xE6, 0xB9, 0xF3, 0xE7, 0x48, 0x8B, 0x09, 0x5F,
+        0x4A, 0x7A, 0x05, 0x8E, 0xA8, 0xF6, 0x69, 0x3D,
+        0x91, 0x7A, 0x6F, 0x6C, 0xAD, 0x03, 0x16, 0xEA,
+        0xE0, 0x04, 0xFE, 0x54, 0x71, 0x50, 0x6D, 0x31,
+        0xE4, 0x37, 0x76, 0xD6, 0x1B, 0xA9, 0xEE, 0x56,
+        0x7A, 0x39, 0x34, 0x24, 0x00, 0x58, 0xE3, 0x2F,
+        0xD4, 0x97, 0x57, 0x6F, 0xD8, 0x0E, 0x8B, 0xD3,
+        0x88, 0x7F, 0xE8, 0x74, 0x72, 0xF7, 0xBA, 0x26,
+        0x25, 0xE4, 0xD5, 0x86, 0xCD, 0xA8, 0x1E, 0x8D,
+        0x49, 0xCF, 0x04, 0x92, 0x5B, 0x50, 0xD0, 0x73,
+        0x3C, 0xC9, 0x17, 0xC3, 0x0E, 0x67, 0x02, 0xC5,
+        0xDE, 0x48, 0x88, 0x0D, 0x2C, 0x0D, 0x68, 0x04,
+        0xD5, 0x51, 0xDF, 0x4F, 0x23, 0x89, 0x7A, 0x29,
+        0x41, 0xB2, 0x7A, 0xCA, 0x86, 0xA5, 0xCC, 0xC4,
+        0xF5, 0xD3, 0xE1, 0xEF, 0xB8, 0xCD, 0x84, 0xB5,
+        0x6D, 0xB6, 0x51, 0x1B, 0x81, 0x26, 0x97, 0xAC,
+        0x00, 0xFC, 0x76, 0x8D, 0x99, 0xD9, 0x35, 0x8E,
+        0x4D, 0x3E, 0xC0, 0xC1, 0x0E, 0x8D, 0x9B, 0xE5,
+        0x79, 0xF3, 0xC7, 0xA0, 0xA4, 0xA6, 0xA2, 0xE9,
+        0x8B, 0xCD, 0x36, 0x79, 0x76, 0xF1, 0x6A, 0xEE,
+        0xCF, 0x91, 0x8D, 0x91, 0xB1, 0xAF, 0xF2, 0xF5,
+        0x43, 0xF6, 0xB2, 0x3A, 0x39, 0x9F, 0xBF, 0xDE,
+        0x16, 0x03, 0x52, 0x18, 0x62, 0x93, 0xB5, 0x09,
+        0xC4, 0xEE, 0x27, 0x9C, 0x56, 0x6F, 0x0C, 0x1C,
+        0x12, 0x42, 0xF0, 0x34, 0xBD, 0x44, 0x52, 0x4C,
+        0x32, 0x7E, 0x64, 0xDF, 0x78, 0x16, 0xD9, 0x9E,
+        0xD7, 0x8A, 0x11, 0x33, 0x65, 0x42, 0xEC, 0x36,
+        0x07, 0xEE, 0x3F, 0x19, 0x97, 0x9B, 0x92, 0x9D,
+        0x3A, 0xE4, 0x98, 0x83, 0xDB, 0x0C, 0x85, 0x39,
+        0xFA, 0x8D, 0x73, 0xF5, 0xBF, 0xE0, 0x75, 0x40,
+        0x50, 0x9B, 0xF2, 0xE6, 0xB6, 0xA5, 0x33, 0xD0,
+        0xC4, 0xD6, 0xAB, 0xFF, 0x16, 0xDE, 0x30, 0x9C,
+        0x68, 0x90, 0xE0, 0x5E, 0xD3, 0xD5, 0xA9, 0xB0,
+        0xD9, 0x6B, 0x0A, 0x43, 0x45, 0x9A, 0x3D, 0xE8,
+        0xB6, 0x66, 0xE4, 0x57, 0x05, 0x8E, 0x5B, 0x72,
+        0xFE, 0x50, 0x44, 0x8C, 0xE4, 0x68, 0x43, 0x51,
+        0x0D, 0x9A, 0xD3, 0x36, 0xA9, 0xC7, 0xF6, 0xCF,
+        0x6D, 0x2C, 0x95, 0x46, 0x98, 0x6D, 0x9E, 0x78,
+        0x90, 0x87, 0x19, 0x64, 0xD5, 0xDE, 0x1D, 0x9B,
+        0x37, 0x4E, 0x52, 0xF5, 0x14, 0xAA, 0xEE, 0x31,
+        0x83, 0x55, 0x7C, 0x38, 0x0F, 0xB3, 0xF6, 0xF2,
+        0x1C, 0x60, 0x71, 0x68, 0x1F, 0x06, 0xBD, 0x99,
+        0xFD, 0x42, 0x12, 0x54, 0x3E, 0xBA, 0x4B, 0x60,
+        0xFB, 0xFB, 0x51, 0x4D, 0x02, 0xCE, 0xE5, 0x9E,
+        0x59, 0xB2, 0xE6, 0x98, 0x67, 0xBB, 0xAB, 0xC8,
+        0x08, 0xE4, 0x08, 0x0D, 0xF5, 0x3B, 0x47, 0x78,
+        0x39, 0x24, 0x56, 0x80, 0xF0, 0x6A, 0x1D, 0x33,
+        0x05, 0x5F, 0xF2, 0xA2, 0x38, 0xAD, 0xDF, 0x5C,
+        0xC5, 0xEA, 0x9C, 0xC7, 0x0A, 0x1B, 0x5B, 0x43,
+        0xE9, 0x59, 0x3D, 0x68, 0x00, 0x23, 0x32, 0x5D,
+        0x25, 0xFD, 0xA7, 0xCA, 0xDA, 0xA1, 0xFD, 0x22,
+        0x4E, 0x34, 0x96, 0xE7, 0x0D, 0xFF, 0x89, 0x3B,
+        0xA6, 0x56, 0x0D, 0x11, 0x13, 0xA6, 0x9D, 0x3B,
+        0xBC, 0x12, 0x97, 0x9A, 0x2B, 0xAA, 0xE9, 0xE2,
+        0xCF, 0xD2, 0xD3, 0xEF, 0x95, 0xFC, 0x40, 0x80,
+        0x94, 0x48, 0x80, 0x5A, 0x3F, 0x4A, 0xD2, 0xB5,
+        0x7D, 0x61, 0xA2, 0x26, 0x7B, 0xDC, 0x32, 0xCB,
+        0x84, 0x2E, 0x9B, 0x29, 0x63, 0x45, 0x74, 0x0D,
+        0x85, 0x54, 0xB2, 0x16, 0x77, 0x9B, 0x47, 0x51,
+        0x63, 0x33, 0xE9, 0x1A, 0x52, 0x9D, 0xEB, 0x26,
+        0x06, 0x7F, 0x97, 0xA0, 0xA1, 0xAA, 0x07, 0x0F,
+        0x1E, 0x23, 0xAB, 0xCC, 0xD5, 0x0F, 0x3E, 0x88,
+        0xAA, 0xC3, 0xED, 0x06, 0x25, 0x3A, 0x4A, 0x62,
+        0x85, 0x9F, 0xA7, 0xD3, 0xF5, 0x1C, 0x9A, 0xCC,
+        0x52, 0x87, 0x9F, 0xB8, 0xC7, 0xDD, 0xF1, 0x50,
+        0x66, 0x70, 0xAC, 0xC6, 0x2C, 0x2E, 0x8C, 0xC9,
+        0xD9, 0xF6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x06, 0x0D, 0x13, 0x1D, 0x20,
+        0x27, 0x2C, 0x32
+    };
+#endif
+    byte sig[DILITHIUM_MAX_SIG_SIZE];
+    word32 sigLen;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+
+    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_import_private(sk_44, (word32)sizeof(sk_44), key),
+        0);
+    sigLen = PARAMS_ML_DSA_44_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_44, (word32)sizeof(msg_44),
+        sig, &sigLen, key, rnd_44), 0);
+    ExpectIntEQ(sigLen, PARAMS_ML_DSA_44_SIG_SIZE);
+    ExpectIntEQ(XMEMCMP(sig, sig_44, sizeof(sig_44)), 0);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_import_private(sk_65, (word32)sizeof(sk_65), key),
+        0);
+    sigLen = PARAMS_ML_DSA_65_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_65, (word32)sizeof(msg_65),
+        sig, &sigLen, key, rnd_65), 0);
+    ExpectIntEQ(sigLen, PARAMS_ML_DSA_65_SIG_SIZE);
+    ExpectIntEQ(XMEMCMP(sig, sig_65, sizeof(sig_65)), 0);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_import_private(sk_87, (word32)sizeof(sk_87), key),
+        0);
+    sigLen = PARAMS_ML_DSA_87_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_87, (word32)sizeof(msg_87),
+        sig, &sigLen, key, rnd_87), 0);
+    ExpectIntEQ(sigLen, PARAMS_ML_DSA_87_SIG_SIZE);
+    ExpectIntEQ(XMEMCMP(sig, sig_87, sizeof(sig_87)), 0);
+#endif
+
+    wc_dilithium_free(key);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wc_dilithium_verify_kats(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
     dilithium_key* key;
     int res;
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte pk_44[] = {
+        0x09, 0xB4, 0x88, 0x7D, 0x97, 0xBC, 0xF6, 0x37,
+        0x9C, 0xC5, 0x9B, 0x61, 0x62, 0xC1, 0xE8, 0xBF,
+        0x05, 0x60, 0xBF, 0x44, 0xD6, 0x18, 0x09, 0x17,
+        0x0E, 0x6E, 0x28, 0xF7, 0x06, 0x69, 0xA3, 0xE9,
+        0x49, 0x64, 0x38, 0xE8, 0x91, 0x57, 0x35, 0xAD,
+        0xAE, 0xB4, 0x45, 0xCF, 0xDB, 0x7D, 0x89, 0xB3,
+        0x8C, 0x04, 0x8F, 0x4C, 0x3E, 0x00, 0x58, 0x15,
+        0x14, 0xC5, 0xFD, 0x19, 0x8B, 0x2D, 0x17, 0x39,
+        0xE8, 0x83, 0xB8, 0x78, 0xD5, 0x6B, 0xB4, 0x12,
+        0x64, 0xBE, 0x41, 0xD3, 0xD5, 0x15, 0x65, 0xE2,
+        0xE9, 0xCA, 0xE3, 0x31, 0x84, 0xA8, 0x99, 0xF6,
+        0x2D, 0xD5, 0x7D, 0x07, 0x40, 0x0E, 0x98, 0xE5,
+        0x86, 0x87, 0xA9, 0xB2, 0x2F, 0xA3, 0x17, 0xEE,
+        0xD1, 0x34, 0xCA, 0x72, 0x14, 0xBF, 0xF0, 0x21,
+        0xDD, 0x21, 0x62, 0xB1, 0x83, 0x09, 0x1D, 0x15,
+        0xF2, 0x63, 0xB7, 0x29, 0x82, 0x14, 0x42, 0x3C,
+        0x6B, 0xB6, 0x96, 0xD7, 0x5C, 0x20, 0xD9, 0xEA,
+        0xCD, 0x0A, 0x03, 0xE4, 0x26, 0x2C, 0x4B, 0x08,
+        0xBE, 0x39, 0xFA, 0x21, 0x54, 0xBD, 0x6E, 0x50,
+        0x25, 0xFF, 0x79, 0x1E, 0x88, 0x5F, 0x22, 0x26,
+        0xE3, 0xCF, 0x48, 0xF7, 0xB5, 0xEB, 0x04, 0xFB,
+        0xE9, 0xEC, 0xF7, 0x5B, 0x19, 0xE1, 0xD1, 0x5C,
+        0x30, 0x5E, 0x92, 0x26, 0x0A, 0xB0, 0xD6, 0xAE,
+        0x7D, 0xBA, 0x7B, 0xBE, 0x73, 0xB6, 0xBC, 0x18,
+        0x1C, 0xF9, 0x33, 0x84, 0x0C, 0xC1, 0x0A, 0x00,
+        0x05, 0x02, 0x28, 0xFA, 0x46, 0xA2, 0x63, 0x6D,
+        0xD9, 0xA9, 0x09, 0x47, 0xE9, 0xF1, 0x3A, 0x93,
+        0xEF, 0x4C, 0x62, 0xBE, 0x37, 0x4D, 0x76, 0xD1,
+        0xFD, 0xBB, 0xC5, 0xD8, 0xB5, 0x5E, 0x72, 0x9F,
+        0xA5, 0x86, 0x65, 0xAA, 0x07, 0xB9, 0x0C, 0x8C,
+        0xDD, 0xD6, 0x1C, 0x56, 0x6B, 0x0D, 0x7E, 0xD6,
+        0x57, 0x70, 0x49, 0x2E, 0xA0, 0x71, 0x3E, 0x1E,
+        0xD4, 0x6A, 0xC7, 0xAD, 0x15, 0x03, 0xC5, 0x6D,
+        0x90, 0x52, 0xD2, 0xC9, 0x4D, 0x49, 0xE4, 0x41,
+        0x6A, 0xC9, 0x2B, 0x70, 0x39, 0x6F, 0x76, 0xF6,
+        0xFB, 0x48, 0x10, 0x45, 0x68, 0x17, 0x25, 0xA6,
+        0x8C, 0xB3, 0x56, 0x37, 0x7F, 0xB2, 0x31, 0xAB,
+        0x8F, 0x3E, 0xB9, 0xA4, 0x98, 0x2F, 0xFF, 0x18,
+        0x36, 0x47, 0x3B, 0xCB, 0xDA, 0xB6, 0x87, 0x2D,
+        0x22, 0x94, 0x67, 0xEF, 0xB9, 0x36, 0x62, 0x61,
+        0xFE, 0xB1, 0x48, 0xBA, 0x9B, 0x7D, 0xB9, 0xC4,
+        0xFE, 0x0B, 0xB8, 0x86, 0x12, 0xAB, 0xB8, 0xFD,
+        0x61, 0x09, 0x6F, 0x18, 0x19, 0x60, 0x4D, 0x55,
+        0xDF, 0x60, 0x20, 0x46, 0x4D, 0x3F, 0x09, 0x2C,
+        0xFC, 0xA5, 0x98, 0x12, 0x08, 0x22, 0x18, 0x56,
+        0x68, 0x99, 0xA5, 0x6A, 0x3C, 0x63, 0x3C, 0xC8,
+        0x1F, 0x88, 0xAD, 0xB2, 0xE1, 0x41, 0x4E, 0xF3,
+        0x85, 0x0D, 0x10, 0xBF, 0x5A, 0x77, 0xAC, 0xE7,
+        0x24, 0xD6, 0xC1, 0xF3, 0x88, 0x92, 0x87, 0x44,
+        0xB3, 0xE5, 0x42, 0xAE, 0x49, 0x1C, 0xD5, 0x6A,
+        0x64, 0x21, 0x3F, 0x1D, 0x3C, 0xC9, 0x0B, 0x29,
+        0x10, 0x5F, 0x43, 0xD2, 0x37, 0xC8, 0x3D, 0x5F,
+        0xB8, 0x29, 0x32, 0x5C, 0x83, 0xE6, 0x54, 0x57,
+        0x77, 0x76, 0x39, 0x2F, 0x85, 0x36, 0xAA, 0x9D,
+        0xAE, 0x87, 0x24, 0x07, 0xAB, 0xAA, 0xA9, 0xAC,
+        0xC2, 0x2A, 0x68, 0x12, 0xCE, 0xA7, 0x4C, 0x0B,
+        0xA6, 0x7E, 0xAF, 0x4A, 0x41, 0x01, 0x52, 0x97,
+        0x5E, 0x9A, 0x83, 0xEE, 0x44, 0x69, 0x29, 0x53,
+        0x17, 0xBE, 0xD1, 0x05, 0x51, 0xBA, 0x32, 0xE6,
+        0x5A, 0xFC, 0x8C, 0x8E, 0x68, 0xDD, 0x55, 0x42,
+        0x0C, 0x50, 0x2D, 0x93, 0x7D, 0xAD, 0xD2, 0xEF,
+        0xA2, 0xCB, 0xFD, 0x1F, 0x73, 0x9F, 0xC0, 0xAB,
+        0x2B, 0x26, 0x54, 0xFA, 0xE0, 0x8C, 0x0C, 0x7F,
+        0x8E, 0xDD, 0x43, 0xCF, 0x9F, 0xF0, 0xB0, 0x1D,
+        0x98, 0x4D, 0x49, 0x18, 0x52, 0xA3, 0x72, 0xE9,
+        0xFE, 0xFD, 0xCC, 0x1B, 0xC1, 0x6C, 0xDB, 0x52,
+        0x39, 0xAE, 0x10, 0x01, 0x15, 0x5F, 0x89, 0x56,
+        0x30, 0x51, 0xCE, 0x47, 0x99, 0x6C, 0x5A, 0xEE,
+        0xB2, 0x19, 0x0E, 0xA1, 0x8F, 0x7F, 0x73, 0x40,
+        0x42, 0xDE, 0x68, 0xE9, 0x88, 0x36, 0x7D, 0x89,
+        0x35, 0x5D, 0x9D, 0x83, 0x77, 0xBA, 0xF9, 0x64,
+        0x79, 0x78, 0xEB, 0x2E, 0x49, 0x2A, 0xD0, 0x21,
+        0xC5, 0x69, 0xAE, 0x8B, 0xA6, 0x9B, 0x15, 0xF1,
+        0xFC, 0xF7, 0x03, 0x9A, 0x7E, 0x64, 0xAF, 0x10,
+        0xAB, 0xF3, 0xEA, 0x45, 0xB7, 0x22, 0x2F, 0x96,
+        0x59, 0xE3, 0x33, 0x73, 0x37, 0x2E, 0x1D, 0xB1,
+        0x86, 0xD2, 0xC2, 0xA0, 0xD7, 0x54, 0x51, 0xC4,
+        0x78, 0xAE, 0xF3, 0x3E, 0x59, 0x49, 0xF2, 0x40,
+        0x04, 0x0C, 0x2A, 0xFC, 0x44, 0xB1, 0xD3, 0xA0,
+        0x2A, 0x6D, 0x2F, 0x87, 0x90, 0x2A, 0x28, 0x0E,
+        0x27, 0xA2, 0x0D, 0x4E, 0x57, 0xF8, 0x89, 0x66,
+        0x27, 0x00, 0xDB, 0x8A, 0x9D, 0x24, 0x99, 0x57,
+        0xA7, 0xDB, 0x43, 0x7C, 0xD4, 0x80, 0xDD, 0xC0,
+        0x58, 0x84, 0xFB, 0x23, 0xF8, 0x68, 0x26, 0x8E,
+        0xAC, 0xE3, 0x4E, 0xED, 0x27, 0x4A, 0x92, 0x7D,
+        0x9D, 0x84, 0xF1, 0xEA, 0x57, 0xEA, 0xB1, 0xA8,
+        0x13, 0xB5, 0xE6, 0xAA, 0xBE, 0x9E, 0xD2, 0x61,
+        0x0B, 0xC6, 0xF7, 0x2E, 0x32, 0x0C, 0xDE, 0xC4,
+        0xF9, 0x95, 0x23, 0xF9, 0x3F, 0xA4, 0x48, 0xDC,
+        0x1F, 0xBB, 0xDD, 0x25, 0x9B, 0x10, 0x2F, 0x5D,
+        0xC9, 0x95, 0x5A, 0xFA, 0x0C, 0x41, 0x60, 0x4D,
+        0x83, 0xDD, 0x1C, 0x2D, 0x22, 0x95, 0xEF, 0x44,
+        0x61, 0x45, 0x6B, 0xAE, 0x86, 0x90, 0x5C, 0x4C,
+        0x30, 0xD8, 0xA9, 0xFA, 0x48, 0xC9, 0x0F, 0x37,
+        0xA1, 0x9C, 0x41, 0xA2, 0xD5, 0x98, 0x8F, 0x13,
+        0xD5, 0x13, 0x44, 0xEC, 0x30, 0xA4, 0xA4, 0x62,
+        0x19, 0xFE, 0x84, 0x11, 0x37, 0xD5, 0xAA, 0x1F,
+        0x51, 0xE6, 0xC4, 0x44, 0x16, 0x8A, 0xF3, 0x98,
+        0x90, 0xB6, 0xFA, 0x40, 0x0D, 0x67, 0xF4, 0x80,
+        0x6F, 0x5B, 0xBD, 0x44, 0x47, 0x03, 0x07, 0x4A,
+        0x7A, 0x11, 0x39, 0xC7, 0x17, 0x46, 0xD7, 0xC4,
+        0xCE, 0xB3, 0xC9, 0x11, 0xF5, 0x25, 0x7E, 0x3E,
+        0x53, 0xEB, 0xFA, 0x5A, 0xA8, 0xF2, 0x27, 0x80,
+        0x9D, 0x44, 0xEE, 0x7D, 0xE1, 0x3C, 0x02, 0x79,
+        0x24, 0xDD, 0x60, 0x15, 0x3B, 0x30, 0xAA, 0x76,
+        0xDD, 0x96, 0xA7, 0xC5, 0xAC, 0xC5, 0x9B, 0x62,
+        0x79, 0x19, 0x50, 0x7B, 0xF1, 0x42, 0x57, 0xAE,
+        0x7A, 0x26, 0x24, 0x3C, 0x16, 0x83, 0xB2, 0x8D,
+        0x1B, 0x14, 0xB5, 0x01, 0xAD, 0x05, 0x9B, 0x4D,
+        0x52, 0x2A, 0x57, 0x99, 0x1E, 0x55, 0x39, 0xCE,
+        0xF1, 0x8C, 0xEB, 0x5C, 0x26, 0xD6, 0x60, 0xB8,
+        0x82, 0x24, 0x54, 0xC9, 0xC4, 0x2A, 0x95, 0xE6,
+        0xF7, 0x2B, 0x84, 0xF7, 0x8A, 0xB9, 0x9F, 0x51,
+        0xEC, 0x49, 0x78, 0x9F, 0x9D, 0xB4, 0xC1, 0x28,
+        0xB0, 0x31, 0x8F, 0xFF, 0xC8, 0x2D, 0x95, 0xCA,
+        0xD2, 0x77, 0xF1, 0x1E, 0x14, 0xF1, 0xEF, 0x87,
+        0x14, 0x14, 0x88, 0x11, 0x22, 0xA9, 0xB1, 0x1B,
+        0xDF, 0xAE, 0x4A, 0x7A, 0xBC, 0x8E, 0x75, 0x75,
+        0x5A, 0xB1, 0x37, 0x41, 0xDF, 0xAC, 0xD6, 0x64,
+        0x29, 0x3D, 0x1A, 0x32, 0x6B, 0xF5, 0xED, 0x5A,
+        0xBB, 0xB1, 0x53, 0xEB, 0xE6, 0x99, 0x6D, 0xD6,
+        0x22, 0xF0, 0xA8, 0xCB, 0x47, 0x39, 0x69, 0xA5,
+        0x03, 0x66, 0xBD, 0x0B, 0x01, 0xC5, 0xC7, 0x3A,
+        0x89, 0x2B, 0x8E, 0x26, 0xCE, 0x08, 0xF7, 0x5F,
+        0xF8, 0x01, 0xB6, 0xDE, 0xF0, 0x41, 0xE1, 0x71,
+        0x3B, 0xE6, 0xDF, 0x0E, 0xFB, 0x51, 0x58, 0x7B,
+        0xE5, 0xFB, 0xEA, 0x72, 0x7E, 0x00, 0xD7, 0x17,
+        0x64, 0x7D, 0xD5, 0x39, 0x07, 0x9D, 0xE1, 0x8A,
+        0xE7, 0xBE, 0xD1, 0x2B, 0x91, 0xAF, 0x8D, 0xBB,
+        0x1B, 0x8B, 0x32, 0xD2, 0x86, 0x0B, 0xAF, 0x40,
+        0xAF, 0x8A, 0x0B, 0xBF, 0xE0, 0x28, 0x87, 0xEB,
+        0x5D, 0xBE, 0x7A, 0xB1, 0xAF, 0xC4, 0x1D, 0xA7,
+        0x9B, 0x01, 0x6A, 0xA1, 0x6E, 0xDA, 0x28, 0x13,
+        0x21, 0xCA, 0xA5, 0xDA, 0x64, 0x4F, 0xD8, 0x65,
+        0x8A, 0x7B, 0x70, 0x21, 0x81, 0x00, 0x14, 0x31,
+        0x56, 0x0D, 0xD6, 0x3C, 0xB2, 0x1E, 0x5F, 0xF7,
+        0x5C, 0x3F, 0x72, 0x50, 0x45, 0x6B, 0xE0, 0x8C,
+        0x0D, 0x5E, 0x34, 0xC3, 0xBD, 0xE2, 0xF6, 0x06,
+        0xA2, 0xBF, 0x34, 0x17, 0x76, 0x8D, 0x24, 0xB2,
+        0x37, 0x39, 0xEA, 0x86, 0xCB, 0xEF, 0xDD, 0xA3,
+        0x43, 0x88, 0xBC, 0x1F, 0x91, 0x8F, 0x95, 0x1E,
+        0x15, 0xE4, 0x3B, 0x13, 0x85, 0xA7, 0xBC, 0xC5,
+        0x59, 0xF9, 0x49, 0x2C, 0x72, 0x13, 0xA1, 0x42,
+        0x27, 0xE0, 0x93, 0xE9, 0x29, 0xF3, 0x2D, 0x1E,
+        0xFB, 0xE7, 0xF1, 0xEE, 0x57, 0xC4, 0x9C, 0x90,
+        0x55, 0x62, 0x3E, 0xA4, 0x2E, 0xC6, 0xC7, 0x9D,
+        0x7F, 0xCE, 0x71, 0xFA, 0x74, 0x76, 0x07, 0x56,
+        0x6D, 0xDA, 0x69, 0xF6, 0x9D, 0xAF, 0x68, 0x11,
+        0x59, 0x19, 0xC6, 0x32, 0x2E, 0xBB, 0x42, 0xC8,
+        0xC0, 0x89, 0x33, 0x8C, 0x9E, 0x0C, 0x53, 0x56,
+        0x5B, 0xCB, 0xE7, 0x2F, 0xBE, 0x47, 0x26, 0x68,
+        0x7B, 0x07, 0x87, 0x07, 0x18, 0x06, 0xC5, 0xA6,
+        0xC1, 0x49, 0xC8, 0x2B, 0x66, 0x8A, 0xA6, 0x4A,
+        0x7B, 0xA0, 0xCC, 0xC1, 0xCC, 0x49, 0xA1, 0xEE,
+        0xE9, 0x45, 0x3D, 0x04, 0x33, 0x6E, 0x5D, 0xC8,
+        0x11, 0xE0, 0x38, 0x92, 0xF7, 0xF4, 0x66, 0x88,
+        0xEC, 0xEF, 0xD0, 0x4F, 0x18, 0x76, 0xF7, 0x11,
+        0x17, 0x12, 0xB5, 0x95, 0xED, 0x62, 0xDA, 0x00,
+        0x67, 0x8F, 0x9E, 0x37, 0x86, 0xB5, 0xC1, 0xA5,
+        0x09, 0x5B, 0xE8, 0x71, 0x0D, 0xCF, 0xA4, 0x16,
+        0x52, 0x56, 0x50, 0x9E, 0x00, 0x14, 0x3A, 0x6F,
+        0x11, 0x72, 0xFA, 0xBE, 0x8B, 0xF2, 0x1E, 0x5F,
+        0xCE, 0x7C, 0x79, 0xC1, 0xA4, 0x4B, 0x4B, 0x15,
+        0x25, 0xA0, 0x76, 0xFF, 0xB8, 0xDD, 0x90, 0x66
+    };
+    static const byte msg_44[] = {
+        0x3A, 0xFD, 0x7F, 0xF8, 0xCA, 0xD3, 0xAC, 0xBD,
+        0xF9, 0x77, 0x31, 0x26, 0x1C, 0x7A, 0x1C, 0x96,
+        0x9D, 0x50, 0x16, 0xF1, 0x7D, 0x3E, 0x7F, 0x83,
+        0xD2, 0x44, 0x1A, 0xF9, 0x01, 0x4B, 0x63, 0x47,
+        0x7B, 0x14, 0xA6, 0x41, 0x31, 0x50, 0xFA, 0xD7,
+        0xC8, 0x44, 0x39, 0xBC, 0x88, 0x66, 0x2C, 0x5E,
+        0x93, 0x1F, 0x06, 0xB9, 0x51, 0x41, 0x90, 0xE1,
+        0x3F, 0xB0, 0x49, 0xC4, 0xAB, 0x74, 0x01, 0x32,
+        0x33, 0xB9, 0x8D, 0x48, 0xD9, 0xAF, 0xB6, 0xA3,
+        0x0A, 0x67, 0x33, 0x0E, 0x1F, 0xBE, 0x33, 0x1B,
+        0x09, 0xC5, 0x6D, 0x03, 0x7E, 0x97, 0x01, 0x08,
+        0x5D, 0x80, 0xF1, 0xE7, 0xF4, 0x04, 0x3E, 0xFB,
+        0x53, 0x58, 0x7A, 0xBB, 0x82, 0x36, 0x24, 0x01,
+        0x23, 0x84, 0x51, 0x52, 0x49, 0xEE, 0x61, 0x30,
+        0x97, 0x3D, 0xC9, 0xEA, 0x6F, 0x55, 0x8B, 0xAE,
+        0x75, 0x10, 0x7E, 0xFD, 0xB1, 0xD9, 0x28, 0x5B
+    };
+    static const byte sig_44[] = {
+        0x4A, 0x2B, 0x16, 0xCD, 0xB5, 0x52, 0xF9, 0x29,
+        0x7F, 0x8E, 0x39, 0x1A, 0xD8, 0xF5, 0xAD, 0xC8,
+        0xCC, 0x5D, 0x2C, 0x56, 0xC4, 0x6B, 0x80, 0x0F,
+        0x9B, 0x3E, 0xE4, 0xBB, 0xD2, 0xF2, 0xE8, 0xA8,
+        0x9D, 0x59, 0x9D, 0x7B, 0x5C, 0xC2, 0xD8, 0x8C,
+        0x80, 0xF2, 0x71, 0x85, 0x9B, 0xBC, 0x83, 0x04,
+        0x3E, 0xC4, 0xE5, 0x48, 0x12, 0xF5, 0x93, 0x6B,
+        0x44, 0x6C, 0x95, 0x13, 0xC8, 0x55, 0x28, 0x9C,
+        0x94, 0xB1, 0x15, 0x51, 0xA0, 0xC7, 0x65, 0x3E,
+        0x7B, 0xA7, 0x4F, 0xFB, 0x6F, 0x72, 0xD4, 0x65,
+        0x2C, 0x91, 0xD3, 0x8D, 0xD1, 0xF9, 0x0D, 0xFE,
+        0x44, 0x39, 0xBC, 0x21, 0xCA, 0x53, 0xE0, 0xCC,
+        0x7A, 0x7A, 0xA5, 0xB8, 0x75, 0xA5, 0xB9, 0xBA,
+        0x42, 0x36, 0x6E, 0xB8, 0xEC, 0xBA, 0x24, 0x36,
+        0xDA, 0xF0, 0x8A, 0x91, 0x97, 0x8D, 0xD0, 0x93,
+        0xF2, 0x0F, 0x1E, 0xFB, 0x6B, 0x0B, 0xCB, 0x90,
+        0xDA, 0x99, 0xCC, 0xA0, 0x5E, 0x8F, 0x6F, 0x82,
+        0xB8, 0x6D, 0x3C, 0x6E, 0xE2, 0x4B, 0xA5, 0xD5,
+        0x0A, 0xEA, 0x10, 0xB2, 0x30, 0x7F, 0x57, 0xF8,
+        0x9E, 0xD7, 0x8D, 0xB4, 0xA7, 0x4F, 0xBB, 0xF6,
+        0xEB, 0x33, 0x2A, 0xFB, 0x08, 0xD0, 0x74, 0xAC,
+        0xF0, 0xDE, 0x5C, 0xD7, 0xFE, 0xC1, 0x2F, 0x76,
+        0xF3, 0xAB, 0x61, 0x9C, 0x81, 0x5B, 0x9E, 0xDD,
+        0x28, 0x7E, 0xAD, 0x67, 0xF0, 0x4F, 0x14, 0x79,
+        0x7F, 0x8D, 0xCF, 0x2C, 0xDE, 0x9A, 0x87, 0x53,
+        0xB5, 0xAD, 0x0A, 0xFA, 0x12, 0x87, 0x41, 0x97,
+        0xD1, 0x74, 0x40, 0x92, 0x87, 0x25, 0x21, 0xE8,
+        0x68, 0xAF, 0x9E, 0x64, 0x45, 0x23, 0x73, 0xFE,
+        0xB6, 0xFE, 0x25, 0xD5, 0x27, 0x3D, 0x63, 0xC0,
+        0xEB, 0xD6, 0xD3, 0xB1, 0x02, 0x8C, 0x1C, 0xD0,
+        0x6A, 0xF3, 0x2C, 0xEC, 0xA2, 0x62, 0x13, 0x10,
+        0x83, 0x7C, 0x72, 0x78, 0x8C, 0x8A, 0xDA, 0xB5,
+        0xA0, 0xF0, 0x38, 0x17, 0x12, 0x8E, 0xB7, 0xB7,
+        0x66, 0xFA, 0x81, 0x2C, 0x69, 0x6C, 0xF8, 0x86,
+        0xF0, 0x0A, 0x10, 0x44, 0xCD, 0xD0, 0x6B, 0xB2,
+        0x8C, 0xB2, 0xE5, 0x78, 0x0C, 0x8D, 0x8C, 0xC7,
+        0xE6, 0x0A, 0xB6, 0x99, 0xDD, 0x78, 0x66, 0x8B,
+        0xE4, 0xFF, 0x9F, 0x46, 0x90, 0xC6, 0xFC, 0x98,
+        0xAA, 0xC9, 0xC0, 0x2B, 0x66, 0xB9, 0xB9, 0x82,
+        0x6A, 0x30, 0x61, 0xFD, 0x32, 0x22, 0xDA, 0x84,
+        0x82, 0x66, 0x79, 0x60, 0xA3, 0x16, 0x52, 0xEE,
+        0x88, 0xEB, 0x32, 0xB0, 0x46, 0x9A, 0xB7, 0x1C,
+        0xAA, 0x25, 0x19, 0xF2, 0x3D, 0x1A, 0x24, 0x42,
+        0xD5, 0xB1, 0x31, 0x62, 0x62, 0x13, 0x1D, 0xCE,
+        0xC5, 0xF2, 0x87, 0xE3, 0x2F, 0xD3, 0x43, 0xFE,
+        0xB4, 0x42, 0x9E, 0x54, 0x25, 0x8D, 0x69, 0x0D,
+        0x9D, 0x20, 0xA1, 0x0A, 0xBD, 0x75, 0xA5, 0x36,
+        0xDF, 0xF8, 0xCF, 0x1D, 0x6D, 0xDF, 0x19, 0x29,
+        0x1E, 0x27, 0x49, 0xA7, 0xD1, 0x6E, 0xB9, 0x0A,
+        0xB5, 0x09, 0x3B, 0xAD, 0x38, 0xE1, 0x16, 0xA8,
+        0x6B, 0x73, 0x0E, 0x65, 0x57, 0x4C, 0x06, 0x8C,
+        0x38, 0xBA, 0x94, 0x57, 0xC9, 0xD6, 0xD9, 0x13,
+        0xEA, 0xFF, 0x57, 0xFE, 0x23, 0xBF, 0x3D, 0xD2,
+        0x4D, 0x8C, 0xA5, 0x11, 0xEF, 0xA3, 0x76, 0xA5,
+        0xDF, 0x08, 0x46, 0x70, 0x25, 0xFF, 0x51, 0xBE,
+        0xAD, 0x3E, 0xDE, 0x0A, 0x84, 0xED, 0xC5, 0x32,
+        0x16, 0x20, 0x99, 0x80, 0x61, 0xE8, 0xA1, 0xA7,
+        0x3D, 0x67, 0xB7, 0x02, 0x1B, 0x81, 0x0C, 0x78,
+        0x67, 0xFF, 0x39, 0x18, 0x7B, 0x59, 0xD4, 0x03,
+        0xBF, 0x7C, 0x75, 0x06, 0x30, 0x0C, 0x73, 0x45,
+        0xB1, 0xFE, 0x07, 0xC1, 0x12, 0x78, 0xB0, 0xAB,
+        0xA6, 0x1D, 0xBB, 0x4F, 0x2B, 0x8C, 0x43, 0xE7,
+        0x4F, 0xEF, 0xA5, 0x5E, 0xD5, 0x2C, 0x10, 0xA8,
+        0xC4, 0x90, 0x88, 0x2B, 0xBF, 0xE3, 0xE3, 0xB3,
+        0xCE, 0x57, 0x9E, 0x81, 0x16, 0xA9, 0xB6, 0x68,
+        0x6C, 0x1A, 0x10, 0x0A, 0xA1, 0xF6, 0x59, 0x1F,
+        0x19, 0x1F, 0x77, 0x2B, 0x5A, 0x5A, 0x50, 0xDD,
+        0x6C, 0xC1, 0x55, 0xCB, 0x5A, 0x1B, 0xE5, 0xBA,
+        0x12, 0x2E, 0x91, 0xF0, 0x44, 0x42, 0x01, 0x56,
+        0xCD, 0x63, 0x08, 0x0F, 0x0A, 0x45, 0xD6, 0x62,
+        0xE7, 0x6D, 0xD5, 0x7B, 0xD0, 0xF6, 0x89, 0xD0,
+        0xB2, 0x99, 0x04, 0x2B, 0xFF, 0x48, 0x5E, 0x8A,
+        0x38, 0x2D, 0x86, 0x5C, 0x26, 0xCD, 0x46, 0xB4,
+        0xA5, 0x47, 0x28, 0xBD, 0x48, 0x45, 0x83, 0x62,
+        0xD7, 0x9A, 0xC3, 0xEB, 0x75, 0x6F, 0xC6, 0xC5,
+        0x18, 0xC9, 0xE2, 0xF0, 0xE7, 0xD5, 0xA3, 0x03,
+        0xAF, 0x11, 0x59, 0xEE, 0x6D, 0xBE, 0x7D, 0xD5,
+        0x6B, 0xA0, 0x71, 0x28, 0x57, 0xA6, 0x88, 0x36,
+        0xC3, 0xC7, 0x8C, 0x6C, 0x9F, 0x74, 0x88, 0x57,
+        0x28, 0x13, 0xC0, 0xF6, 0xA8, 0x14, 0x70, 0x9D,
+        0x2B, 0xC1, 0x42, 0xFE, 0xF0, 0x25, 0x27, 0xCA,
+        0xE7, 0x71, 0x23, 0x58, 0x37, 0x1C, 0x54, 0x26,
+        0x52, 0x2C, 0xCC, 0x64, 0x30, 0x0C, 0x2C, 0xD9,
+        0xFB, 0xE2, 0x0C, 0x65, 0x62, 0xE3, 0x48, 0x35,
+        0x20, 0x5F, 0xCD, 0xD5, 0xA8, 0x98, 0x2C, 0x92,
+        0x0B, 0xB4, 0x77, 0xFB, 0x88, 0x17, 0x02, 0x82,
+        0x7B, 0x49, 0x11, 0x87, 0x13, 0x94, 0xC0, 0x6B,
+        0x5F, 0xEC, 0xD0, 0xC7, 0x40, 0xAF, 0x7B, 0x27,
+        0x63, 0x7B, 0xAC, 0x1A, 0x0C, 0xBC, 0xA5, 0x37,
+        0xE4, 0x43, 0x3E, 0xA8, 0x47, 0x45, 0x4C, 0x69,
+        0x38, 0x97, 0xA3, 0x2E, 0x4D, 0x18, 0x44, 0x19,
+        0x54, 0x26, 0xA0, 0xC6, 0xAE, 0xD6, 0x74, 0x72,
+        0xBD, 0x2C, 0x4E, 0xEE, 0x17, 0x9F, 0x3F, 0x60,
+        0x84, 0xA3, 0x6A, 0x76, 0x89, 0xF4, 0xCB, 0x1F,
+        0x8E, 0x5D, 0xB2, 0xDD, 0xE5, 0x4A, 0xCC, 0x06,
+        0x66, 0xBA, 0x98, 0x41, 0x54, 0x31, 0xA4, 0xB2,
+        0x02, 0xF4, 0x02, 0xFB, 0x1F, 0x1B, 0xCC, 0xDC,
+        0x23, 0xBF, 0xF1, 0x31, 0x48, 0xC7, 0xB8, 0xF6,
+        0x1F, 0xBF, 0x62, 0x43, 0xB2, 0x96, 0xA7, 0x8E,
+        0xB6, 0x98, 0x18, 0x9D, 0xA9, 0x5B, 0xDA, 0x85,
+        0xDB, 0xC1, 0x1D, 0x15, 0xFF, 0xDC, 0x6B, 0xF4,
+        0x6C, 0x53, 0xF6, 0xE4, 0x72, 0xA8, 0x71, 0x40,
+        0x1E, 0x9A, 0x9A, 0xB7, 0xF9, 0xFB, 0x46, 0x7E,
+        0xB4, 0xEC, 0xB1, 0xF0, 0xDA, 0x7E, 0x63, 0xEE,
+        0x86, 0x19, 0xCB, 0xC4, 0x86, 0xEB, 0xB0, 0xF2,
+        0x12, 0x0A, 0x78, 0x11, 0xBF, 0xB0, 0x55, 0x7D,
+        0x13, 0x93, 0x05, 0x74, 0x29, 0x7C, 0x94, 0x64,
+        0xFC, 0x59, 0x5B, 0x27, 0x56, 0x9A, 0xDF, 0x5F,
+        0x4A, 0x8D, 0xF6, 0x69, 0xC9, 0xEE, 0xA0, 0xA2,
+        0x50, 0xF4, 0xD2, 0x2C, 0x2E, 0x8C, 0x64, 0x1B,
+        0xA3, 0x90, 0x2B, 0xA8, 0x08, 0x00, 0x48, 0x99,
+        0x65, 0xF1, 0x1A, 0xF1, 0xE1, 0xA8, 0x57, 0x17,
+        0xC6, 0x24, 0xE7, 0x42, 0xF1, 0x61, 0x55, 0x08,
+        0x19, 0xD1, 0xF0, 0x37, 0x2C, 0x5C, 0xAE, 0x8B,
+        0xC6, 0x2B, 0x54, 0x9E, 0xFE, 0x87, 0x44, 0x61,
+        0x08, 0x0D, 0x06, 0x34, 0x6E, 0x1F, 0xA6, 0xF0,
+        0x15, 0x14, 0xFB, 0xEC, 0xCB, 0x06, 0xE3, 0x4E,
+        0xE2, 0x71, 0xA0, 0xF0, 0x03, 0x17, 0x90, 0xBD,
+        0xAB, 0xE0, 0xF0, 0x2B, 0xBA, 0x4A, 0xEA, 0x4B,
+        0x73, 0x97, 0xFE, 0x33, 0x33, 0xEB, 0x81, 0x21,
+        0x82, 0x07, 0x57, 0x28, 0x1F, 0x96, 0xA5, 0x83,
+        0x1F, 0x9E, 0x49, 0x03, 0x66, 0x54, 0x9D, 0x16,
+        0x76, 0x3F, 0xF1, 0x9F, 0xF7, 0x73, 0x58, 0x0E,
+        0xD5, 0xE3, 0xE1, 0xE2, 0xAA, 0x3E, 0x38, 0xF8,
+        0x84, 0x74, 0xDE, 0x6D, 0x9B, 0xA6, 0x99, 0x4F,
+        0x8E, 0x62, 0x91, 0x60, 0x48, 0x8C, 0xB4, 0xCD,
+        0x5B, 0x87, 0x8C, 0xDA, 0x37, 0xAA, 0xEC, 0x9B,
+        0x56, 0x36, 0x9A, 0x7E, 0x73, 0xF7, 0x3B, 0x42,
+        0x86, 0x39, 0xA0, 0x5C, 0x13, 0x78, 0x44, 0x8A,
+        0xDB, 0x7F, 0x07, 0x4D, 0xC8, 0x15, 0x4D, 0x92,
+        0xE1, 0x3C, 0x63, 0x56, 0xB5, 0xF4, 0x66, 0xD6,
+        0x64, 0x77, 0x15, 0x9B, 0x2A, 0x94, 0x37, 0x99,
+        0xAD, 0x61, 0x9A, 0x02, 0x9F, 0x30, 0x10, 0xD0,
+        0x37, 0x67, 0x2D, 0xBB, 0x68, 0x20, 0xE5, 0x13,
+        0x23, 0xAD, 0xA9, 0x88, 0x81, 0xC6, 0xDE, 0x85,
+        0x9D, 0xF8, 0x75, 0xAB, 0xAF, 0x11, 0xDA, 0x5D,
+        0xDC, 0xA5, 0xA7, 0x77, 0x62, 0x2B, 0xDA, 0xE8,
+        0xFA, 0xCE, 0x2E, 0x0C, 0xED, 0x3B, 0x6A, 0x77,
+        0xB8, 0x8A, 0x87, 0x29, 0xFB, 0x7C, 0x50, 0x93,
+        0x3D, 0xA6, 0xC5, 0x2E, 0x3F, 0x4D, 0x94, 0x8F,
+        0x9D, 0xC1, 0x53, 0xB5, 0xB1, 0x29, 0x9C, 0xD8,
+        0x62, 0x1D, 0xDF, 0xBA, 0x48, 0xAF, 0x44, 0xE4,
+        0xB6, 0xF6, 0x10, 0x6E, 0xE7, 0x77, 0x95, 0x01,
+        0xDD, 0x5F, 0xB3, 0xC5, 0x78, 0xEA, 0x4D, 0x32,
+        0xC5, 0xC2, 0xF0, 0x36, 0xA7, 0x35, 0x27, 0x03,
+        0xAD, 0xD1, 0x35, 0xAB, 0x84, 0x46, 0x01, 0x62,
+        0x41, 0x7E, 0x50, 0xBF, 0x91, 0xE6, 0x07, 0x97,
+        0xD5, 0x9B, 0x9E, 0x18, 0xD3, 0x24, 0xDA, 0x97,
+        0x1F, 0x4F, 0xF4, 0x28, 0xAE, 0xAF, 0x23, 0xAC,
+        0x0B, 0xA4, 0xE2, 0xE2, 0xFC, 0x7A, 0xBA, 0xA6,
+        0xC8, 0x98, 0x4F, 0xE9, 0xE2, 0xD8, 0x5B, 0x8A,
+        0xDA, 0x40, 0x86, 0xB3, 0xC1, 0x3A, 0xBD, 0x43,
+        0xCF, 0xD1, 0xC7, 0x11, 0xD8, 0x32, 0x6B, 0x18,
+        0xAD, 0xC3, 0x4C, 0xC1, 0x4C, 0xF8, 0x95, 0x7E,
+        0xC3, 0x95, 0x94, 0x98, 0xFC, 0x2A, 0x7B, 0xE0,
+        0x6B, 0xD1, 0x84, 0x0D, 0xE1, 0x70, 0x36, 0x65,
+        0x66, 0xE5, 0x07, 0x41, 0x95, 0x77, 0x63, 0xC2,
+        0xDD, 0x27, 0xAC, 0xF8, 0xC3, 0xF1, 0x02, 0x6F,
+        0xAE, 0xE1, 0xD2, 0x56, 0x2F, 0xA1, 0x05, 0x2E,
+        0x69, 0xAF, 0xDD, 0x42, 0xF4, 0x46, 0xF0, 0x59,
+        0x88, 0x66, 0xD5, 0xD3, 0x06, 0xBF, 0x1B, 0x77,
+        0x50, 0x42, 0xB0, 0x35, 0x92, 0x73, 0x72, 0x82,
+        0x7F, 0x43, 0x86, 0x31, 0x65, 0x34, 0xFA, 0x1B,
+        0x7E, 0xE6, 0x33, 0xBA, 0x95, 0x8C, 0xED, 0x8F,
+        0x0D, 0x24, 0x1D, 0x46, 0x88, 0xE3, 0xC7, 0x91,
+        0x8E, 0x2A, 0x75, 0x62, 0x63, 0x77, 0xC3, 0x42,
+        0xA5, 0x90, 0x69, 0x2B, 0xBF, 0xB8, 0x27, 0xBF,
+        0x90, 0x51, 0x41, 0x82, 0xD4, 0x09, 0x0D, 0xF8,
+        0xD7, 0x32, 0x35, 0x19, 0xA1, 0xAB, 0x6C, 0xD0,
+        0x22, 0x73, 0x67, 0x41, 0x0D, 0xD1, 0x4D, 0x37,
+        0x86, 0xA2, 0x6D, 0xDF, 0x91, 0x72, 0x4F, 0xC8,
+        0x2D, 0x06, 0xA2, 0x5D, 0x5F, 0x56, 0x68, 0x39,
+        0x53, 0xE8, 0xE0, 0xF2, 0x0E, 0x3C, 0x17, 0x71,
+        0xDA, 0xF4, 0x2E, 0x52, 0x02, 0x4C, 0x11, 0x6E,
+        0xD8, 0xA4, 0xC0, 0xA6, 0x11, 0x68, 0x0F, 0x5F,
+        0xE0, 0x0E, 0xD9, 0xB1, 0x48, 0xD1, 0x5F, 0x12,
+        0xAA, 0x95, 0xB9, 0xBD, 0x5A, 0x9F, 0xD8, 0x10,
+        0x16, 0x42, 0xB3, 0x69, 0x11, 0xF3, 0x10, 0xB0,
+        0xDE, 0x18, 0x17, 0x1D, 0x62, 0x37, 0xD9, 0xBE,
+        0x17, 0x25, 0xDC, 0x29, 0x9A, 0x1A, 0x3A, 0xAA,
+        0xE9, 0x85, 0x40, 0xCE, 0xED, 0x26, 0x95, 0x3D,
+        0x10, 0xCE, 0x85, 0x47, 0xF1, 0xC3, 0xE4, 0x6A,
+        0x86, 0x2B, 0xED, 0x42, 0x8D, 0x1E, 0x10, 0x60,
+        0x1B, 0xF3, 0x28, 0xC7, 0x27, 0xFD, 0x95, 0x34,
+        0x3E, 0x2D, 0xB4, 0xD9, 0xAC, 0xD5, 0xD1, 0xCB,
+        0x47, 0x15, 0xF6, 0x00, 0x40, 0x96, 0xED, 0xA0,
+        0x93, 0xD1, 0xB0, 0xA3, 0x3B, 0x1E, 0x56, 0xF1,
+        0x6D, 0x73, 0xAD, 0xB8, 0x73, 0x2C, 0xB4, 0xA3,
+        0x11, 0x60, 0xA4, 0x49, 0x1F, 0xAA, 0x0C, 0x86,
+        0xE6, 0x80, 0xE3, 0xD7, 0xC0, 0x2C, 0xCE, 0xA8,
+        0xFE, 0x92, 0xF1, 0xE0, 0x01, 0x01, 0x6D, 0x22,
+        0x02, 0x21, 0xDD, 0x10, 0xED, 0x62, 0x60, 0x17,
+        0x96, 0x6C, 0x34, 0x50, 0xAD, 0x12, 0x13, 0x65,
+        0x91, 0x8C, 0x93, 0x09, 0x1F, 0x14, 0x71, 0x2B,
+        0xA4, 0x77, 0xCF, 0x2E, 0x26, 0x32, 0x96, 0xC7,
+        0x78, 0xA2, 0xBA, 0xEE, 0xF5, 0x84, 0x94, 0x55,
+        0xFA, 0x35, 0xCB, 0x61, 0x72, 0x51, 0xE0, 0x2A,
+        0x22, 0xDA, 0xF5, 0xC3, 0x3E, 0x5A, 0xAA, 0x9F,
+        0x00, 0xE8, 0xAC, 0xDC, 0x50, 0xEC, 0xF4, 0x7C,
+        0x52, 0x15, 0x03, 0xC5, 0x2F, 0x27, 0xD6, 0xB5,
+        0x7C, 0x8F, 0x2B, 0x3D, 0x8F, 0x12, 0x22, 0x41,
+        0x3E, 0x7F, 0xA4, 0xEC, 0x59, 0x29, 0x63, 0x38,
+        0x09, 0x8C, 0x9A, 0xB5, 0xA1, 0xD8, 0xA5, 0x78,
+        0x84, 0xBD, 0x86, 0x00, 0x41, 0x40, 0x6D, 0x96,
+        0x55, 0xD1, 0x73, 0x82, 0x94, 0x9A, 0x03, 0xD5,
+        0x0F, 0x11, 0x08, 0xD0, 0x5B, 0xDB, 0x31, 0xCA,
+        0x08, 0xE6, 0x6F, 0x2D, 0x8D, 0xE4, 0x80, 0xC6,
+        0x79, 0x35, 0x18, 0xD4, 0x9A, 0x60, 0xD4, 0x76,
+        0x2A, 0x9E, 0xDD, 0xC0, 0x24, 0x9B, 0x42, 0x2E,
+        0x84, 0x02, 0x0E, 0xD5, 0x39, 0xA1, 0x4E, 0x24,
+        0x78, 0xF6, 0x8B, 0xAB, 0x1F, 0x2B, 0x00, 0xE2,
+        0x2A, 0x5C, 0xBB, 0x62, 0x97, 0x9A, 0xC7, 0x44,
+        0xE0, 0x8B, 0x57, 0xD5, 0xB5, 0x78, 0xC4, 0x01,
+        0xA8, 0xD2, 0x6D, 0x9A, 0xDD, 0x15, 0x05, 0x23,
+        0x60, 0x82, 0x86, 0x36, 0x72, 0xD9, 0x11, 0xCF,
+        0x3A, 0x09, 0x66, 0xD3, 0x03, 0xF8, 0x91, 0x70,
+        0x93, 0xBF, 0x97, 0xAF, 0x90, 0xA7, 0xE1, 0xF9,
+        0xD5, 0x9B, 0x09, 0x20, 0x6B, 0x9C, 0xAC, 0x35,
+        0x11, 0x0F, 0xA3, 0x8D, 0x58, 0x90, 0xED, 0x21,
+        0x16, 0x83, 0x5C, 0xE3, 0x73, 0x84, 0xF5, 0x63,
+        0x0F, 0x1C, 0x42, 0x8E, 0x21, 0x36, 0x05, 0x87,
+        0x2E, 0xCF, 0x91, 0x1B, 0x01, 0x4B, 0x91, 0xC2,
+        0xC6, 0x00, 0xE8, 0xA4, 0x07, 0x29, 0xD0, 0x7B,
+        0xF9, 0x18, 0x79, 0x07, 0x42, 0xC9, 0x27, 0x9F,
+        0x31, 0x14, 0xF6, 0x8C, 0xDF, 0x65, 0x94, 0xCD,
+        0xA3, 0xCA, 0x66, 0x94, 0x22, 0x3A, 0x82, 0xF6,
+        0x6C, 0x2B, 0x4B, 0xDF, 0x3E, 0x51, 0xC6, 0xFF,
+        0xDC, 0x55, 0xE0, 0xFF, 0x51, 0xEF, 0xD6, 0xC9,
+        0x34, 0x36, 0x2B, 0xE7, 0xD6, 0xFA, 0xBC, 0x11,
+        0xB8, 0xB0, 0xDA, 0xDD, 0xD5, 0x21, 0x08, 0xFA,
+        0x5F, 0xB5, 0xCA, 0x75, 0x8A, 0x64, 0x37, 0x7D,
+        0x38, 0x6D, 0x45, 0xCE, 0x70, 0x60, 0x5B, 0x46,
+        0x0E, 0x81, 0x57, 0x03, 0x7B, 0x5B, 0x1B, 0x2E,
+        0x0A, 0xED, 0xD1, 0x2A, 0x63, 0x31, 0x15, 0xD6,
+        0xC4, 0x3B, 0xC6, 0xC7, 0xC8, 0x36, 0xFF, 0xF3,
+        0x3E, 0x7D, 0x03, 0x3F, 0x2E, 0x58, 0x00, 0x52,
+        0x71, 0x64, 0xC0, 0xC4, 0x78, 0x1C, 0x37, 0xDF,
+        0x50, 0xB6, 0x6B, 0xBA, 0x5C, 0x81, 0x94, 0x73,
+        0xA1, 0xC5, 0x30, 0x20, 0x83, 0xA1, 0x6F, 0x01,
+        0x43, 0x72, 0x79, 0xD2, 0xF2, 0xDF, 0x14, 0xC8,
+        0x78, 0x26, 0x9A, 0x2F, 0x3F, 0xA4, 0x0C, 0x1C,
+        0x76, 0x1E, 0xD6, 0x15, 0x01, 0xAC, 0x9E, 0xF1,
+        0x41, 0x02, 0x90, 0x38, 0xC8, 0x19, 0x95, 0x40,
+        0x89, 0xB7, 0x38, 0x09, 0x87, 0x08, 0x17, 0x43,
+        0x93, 0xFE, 0xAE, 0xA7, 0xB0, 0x2A, 0xE5, 0xCE,
+        0xF6, 0x7B, 0x3C, 0x8C, 0xE6, 0xA9, 0x70, 0x67,
+        0x5C, 0xA1, 0xB8, 0xC8, 0x56, 0xDC, 0xF5, 0x97,
+        0x25, 0x08, 0xC7, 0xC6, 0xB2, 0x5E, 0xE4, 0xD1,
+        0x2D, 0x82, 0x12, 0xB9, 0x89, 0x40, 0xB4, 0x88,
+        0xEC, 0x40, 0x2A, 0xC7, 0xAE, 0x3C, 0x70, 0xDF,
+        0x93, 0x8D, 0x12, 0x88, 0xCD, 0xA7, 0xA3, 0x19,
+        0xE0, 0x85, 0xBC, 0x73, 0xA4, 0x69, 0xB2, 0xD2,
+        0xA3, 0x30, 0x3B, 0x11, 0xA6, 0x83, 0x10, 0x0A,
+        0xF6, 0xDB, 0x86, 0x93, 0x7B, 0xA1, 0x18, 0x29,
+        0x03, 0x61, 0x6E, 0x3F, 0x03, 0x47, 0xBD, 0x68,
+        0x59, 0x1B, 0x47, 0xBA, 0x65, 0x15, 0x6B, 0x93,
+        0xF2, 0x60, 0xDE, 0x59, 0xB3, 0xAE, 0xB2, 0x89,
+        0xE2, 0xA7, 0x3A, 0x3B, 0xFF, 0x38, 0xC2, 0xF3,
+        0xAD, 0xED, 0xA2, 0x9C, 0x7E, 0x90, 0x28, 0x3A,
+        0xC7, 0xB8, 0x6D, 0x03, 0x6B, 0x47, 0xD5, 0xBA,
+        0x1A, 0x03, 0xEC, 0x78, 0x3D, 0x25, 0x0B, 0xAC,
+        0xAE, 0x58, 0x47, 0xE4, 0x1F, 0x82, 0x9C, 0xB3,
+        0x3D, 0xE0, 0x8D, 0xF8, 0xF7, 0xD6, 0x9C, 0x9A,
+        0xA4, 0xED, 0xE8, 0xD7, 0xAB, 0x96, 0x84, 0x07,
+        0xEE, 0xD3, 0x1A, 0x05, 0x6B, 0xA0, 0xEF, 0x88,
+        0x16, 0xE1, 0x27, 0xAA, 0x90, 0x06, 0x5A, 0x67,
+        0x9E, 0x1C, 0xA9, 0x55, 0x0D, 0xEE, 0xF2, 0x5A,
+        0xC5, 0xB7, 0xA3, 0x4F, 0x70, 0xDC, 0xF2, 0xB1,
+        0x16, 0xCF, 0x35, 0x1F, 0x3B, 0xAD, 0xA9, 0x9F,
+        0x83, 0x6C, 0x73, 0x0D, 0xCC, 0x1A, 0xE0, 0x3F,
+        0x49, 0x6C, 0xF3, 0xF0, 0x38, 0x7A, 0x0C, 0x2C,
+        0x70, 0x2E, 0x2C, 0x13, 0xBD, 0xD9, 0xCF, 0x45,
+        0xA1, 0xCD, 0x53, 0xAB, 0x58, 0x73, 0x11, 0x88,
+        0xB1, 0x8E, 0xA8, 0xBE, 0x48, 0xD5, 0x10, 0xC5,
+        0x81, 0x2E, 0x90, 0xBC, 0xEC, 0xBC, 0x6E, 0x19,
+        0x8E, 0x70, 0x8B, 0x1C, 0x08, 0xC8, 0xF8, 0x64,
+        0xB1, 0x24, 0xBB, 0x4C, 0xC0, 0xBD, 0xBB, 0xDF,
+        0x2C, 0x2F, 0x4E, 0x38, 0x8F, 0xC1, 0x96, 0x60,
+        0xD6, 0x9C, 0xC2, 0xC0, 0xEB, 0xF9, 0x10, 0x08,
+        0xC8, 0x24, 0x3D, 0xB4, 0x2D, 0xDA, 0xF5, 0x7C,
+        0x02, 0x42, 0x51, 0xC4, 0x23, 0x1D, 0xF5, 0x37,
+        0x90, 0xCE, 0x57, 0x56, 0x13, 0xEE, 0x8E, 0x1C,
+        0x7A, 0x33, 0xC1, 0x56, 0x1F, 0x35, 0x04, 0xDE,
+        0xAA, 0xED, 0x1E, 0x84, 0x08, 0x50, 0x06, 0x23,
+        0xEC, 0xA5, 0xAE, 0x5A, 0x28, 0x45, 0x41, 0x17,
+        0x49, 0x93, 0x0D, 0x8E, 0x42, 0x07, 0x8C, 0x03,
+        0x23, 0x49, 0x95, 0x7F, 0xC3, 0x9A, 0x1D, 0xA0,
+        0xEA, 0xF9, 0xE8, 0x7C, 0x31, 0xFF, 0xBF, 0x6A,
+        0xC0, 0xC1, 0x81, 0x1E, 0xB2, 0x8A, 0x41, 0xB1,
+        0xD8, 0x6B, 0xD7, 0xD4, 0x9A, 0xD1, 0xC4, 0x68,
+        0xA4, 0x95, 0x94, 0x95, 0x65, 0x25, 0xA2, 0x0A,
+        0x31, 0x70, 0x0F, 0x12, 0x2F, 0x4C, 0x4B, 0xB2,
+        0x25, 0x2A, 0x2F, 0x3D, 0x5C, 0x5D, 0x68, 0x73,
+        0x83, 0x8C, 0x90, 0x95, 0x97, 0xBB, 0xCA, 0xD8,
+        0xE1, 0x33, 0x3D, 0x5D, 0x61, 0x7C, 0x87, 0xC8,
+        0xEE, 0x0F, 0x1B, 0x22, 0x38, 0x3B, 0x42, 0x4B,
+        0x4C, 0x5C, 0x62, 0x72, 0x98, 0xA3, 0xBE, 0xCC,
+        0x1B, 0x32, 0x47, 0x5C, 0x9D, 0xB6, 0xB9, 0xBD,
+        0xC6, 0xD6, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x11, 0x19, 0x28, 0x34
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte pk_65[] = {
+        0x6C, 0x9E, 0x7A, 0x1E, 0xE3, 0x66, 0x25, 0x76,
+        0x0E, 0x5D, 0x2F, 0x33, 0xDF, 0x29, 0x29, 0xDA,
+        0x56, 0x20, 0x32, 0x34, 0x06, 0x91, 0x60, 0xE5,
+        0xF2, 0xBF, 0x03, 0x9C, 0x11, 0x06, 0x22, 0x73,
+        0x07, 0x3C, 0x23, 0x75, 0x66, 0xCE, 0x05, 0x5D,
+        0x87, 0x1F, 0x38, 0xAC, 0xD1, 0xA9, 0x85, 0x9A,
+        0x82, 0x44, 0x67, 0xF1, 0x9B, 0xE6, 0x8E, 0x4F,
+        0x00, 0x64, 0x5D, 0x22, 0x5C, 0x42, 0xC8, 0x5A,
+        0x55, 0x7D, 0x2C, 0x5E, 0xCB, 0x44, 0x2B, 0x0F,
+        0x02, 0x8A, 0x65, 0x28, 0x89, 0x8E, 0xE2, 0xB6,
+        0x73, 0xD8, 0x63, 0xF3, 0x2E, 0xB9, 0xEC, 0x81,
+        0x64, 0x12, 0x75, 0x41, 0xF3, 0x25, 0x19, 0xBB,
+        0x88, 0xE0, 0x34, 0xA0, 0x3F, 0x46, 0xF7, 0xD1,
+        0x93, 0xCD, 0x3D, 0xFB, 0xAD, 0xF6, 0x35, 0x57,
+        0x92, 0x6C, 0x5C, 0x8F, 0x5B, 0x76, 0x6A, 0x7F,
+        0xC5, 0xEC, 0x8B, 0x3F, 0x94, 0x8B, 0xF7, 0xA8,
+        0x21, 0xB5, 0x4C, 0x94, 0x41, 0xAB, 0x0B, 0xD8,
+        0x33, 0xFD, 0x63, 0x54, 0xCE, 0xC7, 0x06, 0xFA,
+        0xA5, 0x00, 0xAB, 0xB5, 0x28, 0x9B, 0x90, 0xB1,
+        0xBF, 0x91, 0x76, 0x77, 0xA2, 0x9D, 0x11, 0x5F,
+        0x00, 0x94, 0xBD, 0xB4, 0x8D, 0xC7, 0x2E, 0x26,
+        0x1D, 0xBA, 0x12, 0x0B, 0xA6, 0xFF, 0x5E, 0x52,
+        0xA0, 0x1B, 0x17, 0x89, 0x81, 0xDD, 0x82, 0x96,
+        0x44, 0x46, 0x56, 0xD9, 0x44, 0x2D, 0xF9, 0xCB,
+        0xB6, 0xBF, 0xDA, 0xE5, 0x6A, 0x23, 0x0F, 0x6F,
+        0x29, 0xF9, 0x4C, 0xDC, 0xC2, 0x65, 0x57, 0x6A,
+        0xA8, 0x75, 0x2A, 0xCE, 0xD0, 0x7E, 0x99, 0x89,
+        0x5C, 0xAE, 0xF0, 0x16, 0x8B, 0xF8, 0x3D, 0x23,
+        0xFD, 0xAD, 0xFB, 0xB9, 0x28, 0xCB, 0xCD, 0xAB,
+        0xA2, 0x5F, 0xE2, 0xCD, 0x26, 0xAD, 0xDF, 0xB0,
+        0xDA, 0xCD, 0x74, 0x94, 0x0F, 0x35, 0x14, 0x26,
+        0x94, 0x2F, 0x17, 0x6F, 0xFB, 0xC5, 0xF3, 0x45,
+        0x6D, 0xB7, 0xC9, 0x12, 0xAA, 0x16, 0xB8, 0x6D,
+        0x07, 0x45, 0xF8, 0x7C, 0x9F, 0x45, 0x37, 0x0A,
+        0x84, 0x56, 0xA1, 0xAD, 0xB5, 0x1D, 0xB4, 0x05,
+        0x2B, 0x5C, 0x9E, 0xAF, 0x60, 0xAD, 0x7B, 0x80,
+        0xA4, 0x2E, 0xA4, 0xBF, 0x92, 0xC8, 0x41, 0x27,
+        0x3A, 0xD7, 0x61, 0xDE, 0xDB, 0x0D, 0x34, 0xBF,
+        0x57, 0x96, 0x00, 0xB1, 0x49, 0xFC, 0xCD, 0x42,
+        0xAB, 0x15, 0x49, 0xBA, 0x0A, 0xBE, 0xDA, 0x57,
+        0xEF, 0x71, 0xD1, 0xFC, 0xA5, 0x70, 0x2A, 0xAD,
+        0x08, 0x32, 0x99, 0xBB, 0x98, 0x30, 0x01, 0x89,
+        0xC2, 0x5F, 0x3B, 0x27, 0x0A, 0x87, 0x65, 0x8D,
+        0x0B, 0x2E, 0xA5, 0x65, 0x24, 0x14, 0x7F, 0x73,
+        0x9E, 0xB6, 0xC6, 0x76, 0xD7, 0xBE, 0x73, 0xDD,
+        0x3B, 0x95, 0xB1, 0x0C, 0x55, 0xAB, 0x46, 0xFD,
+        0x01, 0x54, 0x9C, 0x51, 0x68, 0xBF, 0x7D, 0xA1,
+        0x3A, 0x49, 0x97, 0x85, 0xF3, 0x5A, 0x1E, 0x3B,
+        0x56, 0xF4, 0xC5, 0x67, 0xF5, 0x4E, 0xA9, 0xAA,
+        0x28, 0x17, 0xA3, 0x36, 0x38, 0x36, 0x43, 0xFA,
+        0x2E, 0xA3, 0x1F, 0xB1, 0xB7, 0x3E, 0x10, 0x24,
+        0x8D, 0xFC, 0xA0, 0x5C, 0x04, 0x13, 0x12, 0x66,
+        0x49, 0x8E, 0x1C, 0x94, 0x91, 0x13, 0x5A, 0x50,
+        0xE6, 0x3D, 0x02, 0xFA, 0xDF, 0x41, 0x65, 0xFC,
+        0x9E, 0x15, 0xE3, 0xE1, 0xB3, 0x2F, 0xAB, 0x83,
+        0x37, 0x68, 0x4C, 0x49, 0x19, 0x3E, 0x1B, 0xC4,
+        0xED, 0xEA, 0xE3, 0x73, 0xA2, 0x67, 0xA7, 0x14,
+        0xAC, 0x1F, 0x90, 0x9C, 0xC6, 0x57, 0xCD, 0x80,
+        0x66, 0x64, 0x63, 0x27, 0xE0, 0xEE, 0xA0, 0x41,
+        0xAC, 0x9F, 0x2A, 0xEF, 0xFC, 0x80, 0x69, 0x1B,
+        0xF6, 0x0D, 0x3C, 0x94, 0xC6, 0x42, 0x55, 0x7E,
+        0x42, 0x99, 0xD3, 0x95, 0x92, 0x22, 0x16, 0xC6,
+        0x5E, 0x75, 0xB7, 0xE1, 0xA5, 0x02, 0x89, 0x60,
+        0x38, 0x4B, 0xF8, 0x16, 0xC9, 0xF7, 0x05, 0x48,
+        0x29, 0xE7, 0x98, 0x5B, 0x58, 0x41, 0xA7, 0x33,
+        0xF3, 0x3F, 0xCE, 0x24, 0x55, 0xEF, 0xC8, 0x9B,
+        0xAE, 0x84, 0xB4, 0x79, 0x90, 0xE8, 0xD0, 0xAF,
+        0xC6, 0x19, 0x3E, 0x4A, 0xF9, 0xBC, 0x68, 0x0A,
+        0xE2, 0x4F, 0xE5, 0x91, 0xE8, 0x8B, 0xA6, 0xA2,
+        0xAE, 0x12, 0xDA, 0x38, 0x58, 0xD2, 0x1F, 0x49,
+        0x2D, 0x24, 0xAB, 0xC4, 0xFE, 0x4F, 0xD5, 0x2D,
+        0x5A, 0xBF, 0x24, 0xBD, 0x25, 0x46, 0x87, 0xB9,
+        0x18, 0x79, 0x2F, 0x0A, 0x00, 0x3A, 0x52, 0x22,
+        0xDF, 0x45, 0x03, 0x86, 0x85, 0xC7, 0x25, 0xCE,
+        0x75, 0x79, 0xE0, 0x2C, 0xB1, 0x68, 0xBB, 0xC6,
+        0x66, 0xAB, 0xF6, 0x69, 0x85, 0x6E, 0x10, 0x53,
+        0x7C, 0x92, 0x91, 0x69, 0x2C, 0x0C, 0xB0, 0xCF,
+        0xA9, 0x06, 0x27, 0x0A, 0xC2, 0xC7, 0xB7, 0xDC,
+        0x31, 0xD4, 0xF9, 0x28, 0x3C, 0xB2, 0xDB, 0x8A,
+        0x46, 0x2A, 0xEC, 0x0B, 0x98, 0x07, 0xBB, 0xF4,
+        0xAB, 0x45, 0x76, 0xFE, 0xC6, 0x22, 0x6B, 0x41,
+        0x79, 0x32, 0x2B, 0x67, 0xAE, 0xA5, 0x3B, 0xDD,
+        0xF9, 0xC9, 0xBE, 0x5E, 0x0D, 0xBC, 0x43, 0xF7,
+        0x87, 0x43, 0x06, 0x8A, 0xB5, 0xBE, 0x49, 0xF0,
+        0xE6, 0x2F, 0x8E, 0x2E, 0xB1, 0xB6, 0xC6, 0x73,
+        0x6C, 0x05, 0xC9, 0x41, 0x3D, 0x06, 0x5C, 0xE0,
+        0xCC, 0xB7, 0x90, 0x54, 0x80, 0x41, 0xD7, 0xE8,
+        0x32, 0x88, 0x1A, 0x83, 0x9B, 0x57, 0x29, 0xAF,
+        0x94, 0xAB, 0x79, 0xFD, 0x8A, 0x16, 0xDF, 0xFF,
+        0x78, 0xCA, 0xAA, 0x14, 0x1D, 0x97, 0xCC, 0x06,
+        0x50, 0xF8, 0x62, 0x62, 0xF2, 0x61, 0x59, 0xBE,
+        0x8B, 0x36, 0x1A, 0x4A, 0x04, 0x1E, 0x9A, 0x0B,
+        0x65, 0x11, 0xBB, 0xE3, 0x35, 0x5A, 0x4B, 0xF5,
+        0x7A, 0xC0, 0x98, 0x48, 0x84, 0x7E, 0xE0, 0x24,
+        0x3C, 0x3B, 0xA7, 0x74, 0x77, 0x6F, 0x7E, 0x9A,
+        0x22, 0x72, 0x75, 0xD7, 0x4E, 0x6E, 0x31, 0x01,
+        0xD3, 0x82, 0x81, 0x87, 0x63, 0xED, 0x1E, 0x13,
+        0x53, 0xAB, 0x9E, 0xEC, 0xCD, 0x92, 0x0C, 0xD2,
+        0x89, 0x22, 0xD5, 0x59, 0xA4, 0x04, 0x8F, 0x40,
+        0xF0, 0x62, 0x16, 0x4C, 0xB6, 0x61, 0xC4, 0xF4,
+        0xAF, 0xA8, 0x1A, 0x3D, 0x55, 0x93, 0x3C, 0x47,
+        0x91, 0xED, 0xDA, 0xA3, 0x93, 0x9E, 0x5A, 0xC3,
+        0x42, 0xB0, 0xAD, 0x1F, 0x43, 0x8A, 0x53, 0x2C,
+        0x6C, 0xE7, 0x86, 0x68, 0x1A, 0x87, 0x0D, 0x94,
+        0xEC, 0x88, 0xA3, 0x34, 0xCC, 0xEF, 0xC6, 0xAC,
+        0xE7, 0xD9, 0x88, 0xA1, 0xA8, 0x2B, 0xC0, 0xAC,
+        0xCE, 0x78, 0x5F, 0x12, 0x3B, 0xE2, 0x3A, 0x7C,
+        0x92, 0xAF, 0x10, 0x8E, 0x5E, 0xD4, 0xF0, 0x86,
+        0x9E, 0x22, 0xDA, 0xE2, 0x73, 0x55, 0x6D, 0x1D,
+        0xE3, 0x86, 0x62, 0x3A, 0x6C, 0x3F, 0x11, 0x5B,
+        0xBD, 0x11, 0x92, 0x71, 0xD3, 0xFB, 0xA7, 0x96,
+        0xF6, 0x18, 0xB5, 0x39, 0x59, 0xFB, 0x98, 0x01,
+        0x2E, 0x7D, 0x5B, 0x9A, 0xC6, 0x88, 0x94, 0x0B,
+        0x87, 0xE2, 0xC9, 0xC0, 0x65, 0x52, 0x4A, 0x00,
+        0xD3, 0xA4, 0xF4, 0xDB, 0xF5, 0x2F, 0x4B, 0x1A,
+        0x63, 0xEF, 0x5C, 0x46, 0x19, 0x3B, 0xAD, 0xF7,
+        0xAD, 0x7F, 0x98, 0x8D, 0x44, 0x64, 0x34, 0x5B,
+        0x2C, 0x3E, 0x54, 0x96, 0x84, 0xF2, 0xF9, 0x05,
+        0xF6, 0xF8, 0x9D, 0xD6, 0x41, 0x47, 0x3E, 0xC0,
+        0x51, 0x08, 0xA5, 0x2D, 0x8D, 0xBB, 0x91, 0x76,
+        0x8C, 0x54, 0x1D, 0xE5, 0x20, 0xB1, 0x76, 0x66,
+        0x97, 0x0A, 0xAE, 0xB5, 0x06, 0xE7, 0x5D, 0x8E,
+        0xE9, 0xF4, 0xB4, 0x45, 0x5B, 0x71, 0xE0, 0x08,
+        0x8A, 0xB2, 0x56, 0x55, 0x21, 0x3B, 0x75, 0x85,
+        0x9D, 0x25, 0xF5, 0x59, 0xD3, 0xC3, 0x24, 0xD2,
+        0x83, 0xD3, 0x97, 0xAB, 0xE6, 0xF0, 0xAA, 0xA3,
+        0x86, 0x81, 0x57, 0x68, 0xD0, 0x33, 0x57, 0xD7,
+        0x75, 0x96, 0x49, 0x02, 0x41, 0x31, 0x53, 0xE3,
+        0x56, 0x0C, 0xCE, 0xF1, 0xFD, 0x44, 0xB6, 0x5F,
+        0xF1, 0xB2, 0x87, 0xA9, 0x2A, 0x96, 0x93, 0xF0,
+        0x34, 0xB7, 0xEE, 0x66, 0x89, 0x34, 0x70, 0x2D,
+        0x75, 0x01, 0xCA, 0xF6, 0xDA, 0x4E, 0xE9, 0x8A,
+        0xF4, 0xE8, 0xE6, 0x4B, 0x03, 0x40, 0xE0, 0xBB,
+        0x8B, 0xDC, 0x53, 0x3B, 0x0E, 0xFE, 0xE1, 0x91,
+        0x5A, 0x4B, 0x68, 0xB9, 0x3C, 0x5E, 0x95, 0x32,
+        0x1E, 0xED, 0xC2, 0x34, 0xAE, 0xFE, 0x71, 0xAE,
+        0x2E, 0x5D, 0xAC, 0xEC, 0x2F, 0x52, 0xF8, 0x37,
+        0x23, 0xA2, 0x39, 0x2A, 0x7F, 0x8E, 0x13, 0xBC,
+        0x03, 0x01, 0xCD, 0x10, 0x4D, 0x85, 0x2E, 0x62,
+        0xA7, 0xF8, 0x28, 0xAD, 0x32, 0x9B, 0x3D, 0x95,
+        0x96, 0xC5, 0x8E, 0x13, 0xFC, 0xC0, 0xED, 0x96,
+        0xC1, 0xC4, 0x8D, 0x82, 0xA2, 0xC0, 0xF4, 0xD9,
+        0xD2, 0x4D, 0xD8, 0x42, 0x1F, 0xDC, 0xCE, 0xFD,
+        0x49, 0x7A, 0x9B, 0x05, 0xFF, 0xC5, 0x09, 0x04,
+        0x77, 0x04, 0x01, 0x37, 0x3F, 0xEE, 0x7D, 0xC7,
+        0x37, 0x73, 0x41, 0x8A, 0xEB, 0x4A, 0x1F, 0x59,
+        0x9A, 0x4B, 0xB3, 0x8E, 0xDE, 0x8D, 0x10, 0xA3,
+        0xCC, 0x83, 0xA1, 0xC7, 0x2D, 0xE9, 0x21, 0x96,
+        0x9E, 0x3C, 0xE3, 0xE8, 0xEF, 0x2F, 0x7D, 0xA8,
+        0x9D, 0x34, 0x4C, 0x80, 0xD6, 0x1C, 0xF9, 0xC5,
+        0xA4, 0x23, 0xB1, 0xA4, 0xF3, 0x56, 0x7D, 0x96,
+        0xDB, 0x2D, 0xA3, 0xDB, 0x9B, 0x5B, 0x5F, 0xA6,
+        0x81, 0x56, 0xBE, 0x74, 0x52, 0xC8, 0xA0, 0x18,
+        0x1B, 0xB9, 0xF0, 0xDC, 0x75, 0xCD, 0x97, 0x50,
+        0x88, 0x3D, 0x0D, 0xDA, 0xE5, 0x3F, 0xC1, 0x56,
+        0xD6, 0x7A, 0x74, 0x20, 0x08, 0x69, 0x04, 0x6B,
+        0x41, 0xDF, 0x4B, 0xC4, 0x39, 0x69, 0x93, 0xC0,
+        0x8A, 0xA4, 0x89, 0x7A, 0x0B, 0xDD, 0xEF, 0xB5,
+        0x5F, 0x69, 0xCC, 0x1C, 0x4D, 0x7B, 0x5F, 0xB1,
+        0x50, 0x40, 0x84, 0x27, 0xB4, 0x16, 0xF7, 0x31,
+        0x83, 0xF2, 0xB3, 0xCC, 0x16, 0xE3, 0xB7, 0xDA,
+        0x63, 0xCE, 0xE1, 0x14, 0x3A, 0xDA, 0x1A, 0x05,
+        0x66, 0x26, 0xA0, 0x77, 0xB6, 0xD2, 0x1C, 0x3D,
+        0xD9, 0x74, 0xED, 0x90, 0x7C, 0x5A, 0x09, 0x40,
+        0x19, 0x22, 0x57, 0x37, 0xEF, 0xB9, 0x33, 0x19,
+        0xAD, 0x3B, 0x40, 0xA4, 0xF4, 0x34, 0xAE, 0x49,
+        0xD2, 0x83, 0x91, 0xC1, 0x7A, 0x99, 0x9C, 0x74,
+        0x4A, 0x68, 0xC5, 0x5A, 0x91, 0xB8, 0x62, 0x72,
+        0x95, 0x83, 0xD3, 0xDA, 0x46, 0xEE, 0x70, 0xC5,
+        0xCC, 0x46, 0x16, 0x94, 0x16, 0x7D, 0x32, 0xD2,
+        0x1D, 0xE7, 0x53, 0x27, 0x73, 0x2C, 0x63, 0xBB,
+        0xFB, 0xD7, 0xB3, 0x0D, 0xBF, 0x20, 0x57, 0xA0,
+        0xD6, 0x81, 0x51, 0x9F, 0x6E, 0x4A, 0xF6, 0x08,
+        0xD4, 0xBC, 0xD0, 0xB4, 0x75, 0x07, 0x26, 0x77,
+        0x0E, 0x15, 0x6A, 0xED, 0xE8, 0x54, 0x17, 0xBD,
+        0x75, 0x9D, 0x5F, 0xFE, 0x40, 0x1C, 0xB2, 0x99,
+        0x6F, 0x34, 0x43, 0x4D, 0xB4, 0x28, 0xD9, 0xA4,
+        0x17, 0x03, 0x72, 0x01, 0xFC, 0xD2, 0x60, 0xFA,
+        0xA9, 0x80, 0x84, 0x50, 0x2E, 0xED, 0x5C, 0x27,
+        0xA8, 0x91, 0x6E, 0x44, 0xF5, 0x92, 0x98, 0x19,
+        0xD2, 0x1A, 0x69, 0xCE, 0x16, 0xBC, 0xDC, 0x3C,
+        0xC8, 0x14, 0x1E, 0x28, 0x5E, 0xF8, 0x97, 0xB1,
+        0x40, 0x2C, 0x15, 0xC9, 0x52, 0x59, 0x01, 0x19,
+        0x05, 0x1E, 0x36, 0x9A, 0x1B, 0x7B, 0xE4, 0x43,
+        0xFE, 0xAE, 0x6E, 0x32, 0xBC, 0x8F, 0x3D, 0x64,
+        0x7F, 0xC5, 0x31, 0x5A, 0x52, 0x00, 0xCD, 0x52,
+        0x38, 0xDC, 0x66, 0x77, 0x46, 0x6E, 0xA8, 0x6E,
+        0xF8, 0xD1, 0x8E, 0x5A, 0x79, 0xF2, 0x62, 0x48,
+        0x3E, 0x89, 0x6B, 0x82, 0x77, 0xC7, 0x41, 0xF5,
+        0x16, 0xFC, 0x04, 0x0C, 0x10, 0x90, 0xF2, 0x49,
+        0x5B, 0xF1, 0x65, 0x0B, 0x02, 0xAF, 0x30, 0x45,
+        0x67, 0x33, 0xA0, 0x71, 0xAF, 0x47, 0xD7, 0xA1,
+        0x5B, 0xD8, 0xE3, 0x2A, 0x49, 0x80, 0x64, 0x55,
+        0xD3, 0xBE, 0xA7, 0x4A, 0xEF, 0x5D, 0x00, 0x90,
+        0x6A, 0xD2, 0xF0, 0xC0, 0x45, 0x35, 0x4E, 0xFD,
+        0xE7, 0xC9, 0xA2, 0x76, 0xE7, 0x3D, 0x9E, 0xDD,
+        0x11, 0xD1, 0xCA, 0x5C, 0x29, 0x7B, 0x9A, 0x68,
+        0x51, 0xE7, 0xF6, 0x7E, 0x21, 0xEB, 0x06, 0x1B,
+        0xB5, 0x5D, 0x9E, 0x67, 0x3C, 0x4A, 0x75, 0xFE,
+        0xB8, 0x4D, 0x52, 0x62, 0x9E, 0xEC, 0xC5, 0x3C,
+        0x24, 0xBE, 0xA9, 0x51, 0x53, 0x05, 0x1A, 0xC2,
+        0x06, 0xC8, 0x7D, 0xF5, 0x54, 0x10, 0xCA, 0x1F,
+        0xE6, 0xCF, 0xC3, 0xF4, 0x03, 0xA6, 0xD9, 0xD4,
+        0x3E, 0xA8, 0x4C, 0x60, 0xC9, 0x45, 0xE6, 0x42,
+        0xB2, 0x83, 0x63, 0x38, 0xB5, 0xAF, 0x9F, 0x69,
+        0xE5, 0x27, 0x08, 0xB2, 0xE2, 0x25, 0x93, 0x3D,
+        0xB3, 0x20, 0xBB, 0x3F, 0x79, 0x0D, 0x39, 0x7F,
+        0x22, 0xD7, 0xB6, 0xF8, 0xA4, 0x33, 0xCD, 0xAC,
+        0xE9, 0x81, 0x0A, 0xA0, 0xE2, 0x7C, 0x69, 0x95,
+        0x55, 0x53, 0x0C, 0x56, 0x2D, 0xBF, 0x75, 0x17,
+        0xA4, 0x16, 0x26, 0x28, 0xBF, 0x10, 0xD1, 0xB6,
+        0xDB, 0xAC, 0xEF, 0x5C, 0x9E, 0xD5, 0x1E, 0x55,
+        0xD9, 0xA8, 0x9D, 0x60, 0xE0, 0xFC, 0x37, 0x8C,
+        0x47, 0xA2, 0x1D, 0x5E, 0x0F, 0x2D, 0xC3, 0xBC,
+        0xEF, 0x5E, 0x05, 0xC6, 0xE0, 0x26, 0x15, 0x30,
+        0xFB, 0x02, 0x7E, 0x50, 0x32, 0x55, 0x8C, 0xA2,
+        0xB4, 0x70, 0x05, 0xBD, 0xDE, 0x99, 0x90, 0x99,
+        0x30, 0x39, 0x1E, 0xAD, 0x7F, 0x3F, 0x0A, 0x96,
+        0xB3, 0xDE, 0xDA, 0x54, 0xA1, 0x11, 0x45, 0xF5,
+        0x30, 0xE5, 0x1D, 0xEF, 0x89, 0x2E, 0x5A, 0xB0,
+        0x20, 0x4D, 0x61, 0x4E, 0x6E, 0x38, 0xAF, 0xE7,
+        0x9C, 0xA9, 0x2C, 0x28, 0x15, 0x8D, 0x57, 0x01,
+        0x20, 0x35, 0x3B, 0x7A, 0x4D, 0xE0, 0x88, 0x98,
+        0x46, 0xD8, 0x35, 0x29, 0x49, 0x39, 0x55, 0x7E,
+        0xD0, 0xAE, 0xDA, 0x27, 0x0D, 0x4D, 0x73, 0xED,
+        0x84, 0xD3, 0xD4, 0x9F, 0x9F, 0x03, 0x2D, 0x43,
+        0x45, 0x7B, 0xF5, 0x9B, 0xB7, 0xD6, 0x63, 0x59,
+        0xDC, 0x53, 0xF9, 0xB4, 0x69, 0x63, 0xB2, 0x17,
+        0x84, 0xB0, 0x6C, 0xBC, 0xF0, 0x4B, 0xEC, 0x1E,
+        0x33, 0xA3, 0x33, 0x71, 0x53, 0x27, 0x16, 0xC9,
+        0xED, 0xB3, 0xFB, 0xED, 0xB8, 0x19, 0x99, 0xB4,
+        0x37, 0x2D, 0x09, 0x45, 0xC1, 0x0A, 0xE8, 0x26,
+        0xC6, 0x0F, 0xFE, 0x93, 0x17, 0x0B, 0x6D, 0x29,
+        0x4B, 0x38, 0x91, 0xB0, 0xD2, 0xA7, 0xB3, 0x5B,
+        0x28, 0xA8, 0x97, 0x18, 0x45, 0xDC, 0x2F, 0xEC,
+        0xE2, 0x37, 0xB8, 0x0F, 0x20, 0xB3, 0x79, 0xCC,
+        0x4D, 0x13, 0x6D, 0xAB, 0x3F, 0xBB, 0x37, 0x92,
+        0xC6, 0x3E, 0xC6, 0x1F, 0x5C, 0x75, 0x5B, 0xC9,
+        0xDB, 0x35, 0x08, 0x6F, 0xBF, 0x46, 0xD2, 0xB7,
+        0x97, 0x0D, 0xCA, 0x2A, 0x85, 0x23, 0xFD, 0xB4,
+        0xC7, 0xA0, 0xB8, 0xE4, 0x2F, 0x8A, 0xF9, 0xAC,
+        0xAD, 0x2A, 0x0E, 0xFC, 0x11, 0x36, 0x02, 0xA4,
+        0xEA, 0x62, 0xE4, 0xEB, 0xB7, 0xD2, 0x69, 0xC3,
+        0xA4, 0x0B, 0xA2, 0xC4, 0x4E, 0xDD, 0x29, 0x56
+    };
+    static const byte msg_65[] = {
+       0xC4, 0xF5, 0x9F, 0xA2, 0xDE, 0x30, 0xC8, 0x42,
+        0x0A, 0x7E, 0x7F, 0x09, 0x6B, 0xAF, 0x6A, 0xD6,
+        0x9B, 0x1C, 0x15, 0xA5, 0xC6, 0xE6, 0x1C, 0x9D,
+        0x82, 0xAF, 0xCF, 0xDB, 0x6E, 0xB8, 0xF2, 0x75,
+        0xBF, 0x57, 0x87, 0x18, 0x6A, 0xAE, 0x78, 0x1F,
+        0x48, 0x7F, 0x9F, 0x88, 0x75, 0x8C, 0x9C, 0x61,
+        0xF3, 0x5D, 0x50, 0x83, 0xEE, 0x70, 0x42, 0x4B,
+        0x0D, 0x0A, 0x51, 0x57, 0x50, 0x10, 0xC2, 0xA9,
+        0x07, 0xF4, 0x96, 0x08, 0x11, 0x5D, 0x33, 0xEB,
+        0xA0, 0x03, 0x15, 0x09, 0x32, 0x2A, 0xA7, 0xD3,
+        0x06, 0x1F, 0xEC, 0x31, 0x62, 0xF9, 0x6A, 0x56,
+        0x5F, 0x98, 0x76, 0x9E, 0x9A, 0x19, 0x23, 0x5D,
+        0x89, 0xD1, 0xB2, 0x1D, 0x60, 0xA3, 0x81, 0xDF,
+        0x8E, 0xB3, 0x7D, 0x58, 0xC6, 0xA2, 0xE4, 0x83,
+        0xA8, 0xEB, 0x70, 0x73, 0x6E, 0x4B, 0x7B, 0xB9,
+        0x11, 0xF7, 0xAB, 0x92, 0x3D, 0xC2, 0x9F, 0x1E
+    };
+    static const byte sig_65[] = {
+        0xE8, 0x95, 0xDB, 0x64, 0xC5, 0x7B, 0xC3, 0xC2,
+        0xA9, 0x7F, 0x0E, 0xC9, 0x33, 0x41, 0x0E, 0x98,
+        0xF6, 0x21, 0x61, 0x03, 0xE3, 0x42, 0x3C, 0xAF,
+        0x06, 0xA6, 0x71, 0x96, 0x4C, 0x51, 0x4A, 0x69,
+        0x4E, 0xB6, 0xF6, 0x5C, 0xBD, 0x11, 0x37, 0xCC,
+        0xCF, 0x88, 0x81, 0xFA, 0x40, 0x3C, 0x5F, 0xA0,
+        0xE0, 0xB2, 0xF3, 0x6B, 0x9F, 0x40, 0x09, 0xC3,
+        0x78, 0x21, 0x0D, 0x29, 0xE5, 0x4A, 0x7A, 0x5A,
+        0x9B, 0x79, 0x31, 0x97, 0xCD, 0x6D, 0x2F, 0x38,
+        0xD7, 0xE1, 0xF3, 0xAC, 0xA6, 0x9D, 0x48, 0x88,
+        0x13, 0x89, 0x38, 0x1C, 0x89, 0xFA, 0x67, 0x6D,
+        0xE4, 0x26, 0xD6, 0x34, 0xF9, 0xA1, 0x57, 0x05,
+        0x5F, 0x17, 0x28, 0x3E, 0xCE, 0x82, 0x48, 0xCA,
+        0xF1, 0x4D, 0xCF, 0x11, 0xE2, 0xD5, 0x63, 0x55,
+        0xB0, 0x47, 0xDF, 0x63, 0x2A, 0x18, 0x48, 0x2E,
+        0x79, 0xCB, 0x2D, 0x5A, 0x74, 0x39, 0x66, 0xBA,
+        0xA8, 0xA7, 0x61, 0x21, 0xBB, 0x69, 0xC2, 0xE6,
+        0x81, 0x55, 0xAC, 0xCB, 0x0A, 0x31, 0xDA, 0x6E,
+        0xDC, 0x73, 0xCB, 0x09, 0xA9, 0xE6, 0x60, 0xFE,
+        0xB2, 0x0F, 0x66, 0xC7, 0xBD, 0x96, 0x7A, 0xDE,
+        0x32, 0x14, 0x9C, 0x55, 0x52, 0xEA, 0xEB, 0x2E,
+        0xA1, 0x75, 0xB5, 0x62, 0x33, 0xF3, 0xB3, 0x70,
+        0xED, 0xD8, 0x67, 0x92, 0x69, 0xCE, 0x0D, 0x2B,
+        0x43, 0xF6, 0xB2, 0xF6, 0x5F, 0xE9, 0x57, 0xE7,
+        0xAB, 0x37, 0xB9, 0x82, 0x04, 0x37, 0x54, 0xEA,
+        0xC8, 0xA3, 0x0B, 0x36, 0xC1, 0x00, 0x04, 0xEF,
+        0x13, 0xC6, 0x92, 0xE2, 0x19, 0xAA, 0x7A, 0xF0,
+        0xA4, 0xC5, 0x28, 0x69, 0x10, 0xC7, 0x10, 0x0D,
+        0xA4, 0x1E, 0x17, 0xBB, 0xEF, 0x2D, 0xA2, 0xAB,
+        0x03, 0xAD, 0xF3, 0x07, 0x4B, 0xA1, 0xDA, 0x15,
+        0xBC, 0xC8, 0x48, 0x05, 0xB8, 0x9B, 0x9D, 0xA8,
+        0x8E, 0x9B, 0x40, 0x0A, 0xFB, 0x7E, 0x3B, 0xC8,
+        0x33, 0x8D, 0x35, 0x4D, 0xA9, 0x53, 0xAC, 0x0B,
+        0xAD, 0x82, 0x27, 0x56, 0xCA, 0x92, 0xE5, 0xDD,
+        0x95, 0x07, 0xF4, 0x2B, 0xFE, 0xFC, 0xCB, 0x32,
+        0xB4, 0xB9, 0x1A, 0x2B, 0xE5, 0xEF, 0x34, 0xC2,
+        0xCF, 0x11, 0x77, 0xEA, 0xAF, 0xB2, 0x50, 0xAC,
+        0x9A, 0xDE, 0xC4, 0xBE, 0x71, 0x80, 0x75, 0x89,
+        0xF1, 0x00, 0x32, 0x27, 0xF9, 0xB7, 0x6B, 0x74,
+        0xE0, 0x7B, 0xA6, 0x7A, 0xC6, 0x08, 0x19, 0xB2,
+        0xAF, 0x76, 0x6A, 0x47, 0xFF, 0xFC, 0x7B, 0x76,
+        0xD3, 0xA7, 0xC0, 0x77, 0xF5, 0xEC, 0x69, 0xAE,
+        0xEA, 0x3E, 0x96, 0x38, 0x59, 0xB8, 0x2C, 0x2A,
+        0xDE, 0x58, 0xBE, 0xC2, 0x15, 0x2E, 0xC8, 0x20,
+        0x51, 0x10, 0x97, 0x5D, 0x37, 0xC6, 0x50, 0x5E,
+        0x0D, 0xC7, 0x76, 0xFD, 0xE0, 0x71, 0x09, 0x7E,
+        0x93, 0x01, 0x3D, 0x10, 0x04, 0xF4, 0xE1, 0xA2,
+        0xFD, 0x79, 0xB8, 0x77, 0xED, 0x50, 0x25, 0xF5,
+        0x27, 0xF3, 0xBF, 0xF1, 0x37, 0xF0, 0x41, 0xBB,
+        0x9B, 0xD0, 0x01, 0xE9, 0x49, 0xF0, 0x8B, 0x4C,
+        0xF8, 0x8D, 0xFD, 0x32, 0xFC, 0x7C, 0xDB, 0xCE,
+        0xCC, 0xFD, 0xB0, 0xFA, 0x2D, 0xE7, 0x82, 0x3E,
+        0x11, 0x0B, 0xCF, 0xF5, 0x8A, 0x41, 0x2C, 0xEA,
+        0x27, 0x95, 0x75, 0x3E, 0x9C, 0x89, 0x67, 0x8C,
+        0x3A, 0xE2, 0x42, 0x68, 0xF7, 0x48, 0x9F, 0x72,
+        0x97, 0x4B, 0x69, 0x55, 0xED, 0xD0, 0x4E, 0x19,
+        0x0D, 0x99, 0xBB, 0x0D, 0x7A, 0x25, 0x2F, 0xAD,
+        0x5B, 0xBA, 0x60, 0x6C, 0x1A, 0x1F, 0x3A, 0xCA,
+        0x73, 0x3B, 0xFA, 0xE3, 0x30, 0x9E, 0xA0, 0xA6,
+        0xEB, 0x7D, 0x07, 0xE3, 0x6D, 0x8C, 0xA3, 0x36,
+        0xD2, 0x64, 0x4F, 0xCE, 0x1A, 0x41, 0x89, 0x5D,
+        0x01, 0x4D, 0x1A, 0x60, 0xCB, 0x10, 0x6F, 0x3F,
+        0x80, 0x75, 0xF9, 0x37, 0x84, 0x61, 0x73, 0x8D,
+        0x63, 0xD1, 0x15, 0xD0, 0x0B, 0x02, 0x4C, 0x67,
+        0x78, 0x01, 0x05, 0x0A, 0x1B, 0x0B, 0x50, 0xDE,
+        0x05, 0x7F, 0x85, 0xDB, 0x6A, 0xEB, 0x2C, 0x9D,
+        0x6B, 0xB7, 0x40, 0x2A, 0x66, 0xE3, 0xAB, 0x4D,
+        0xB0, 0x5C, 0x58, 0xBB, 0xDA, 0x12, 0xF6, 0x95,
+        0x95, 0x8B, 0x8A, 0xC7, 0xB4, 0xE4, 0x5E, 0xC6,
+        0xC9, 0x52, 0xF6, 0x79, 0xC1, 0xEE, 0xBD, 0xF8,
+        0x60, 0xE3, 0x48, 0x98, 0x27, 0x79, 0xAA, 0x69,
+        0x88, 0xEF, 0xC2, 0xAD, 0x1D, 0xC1, 0xEA, 0xE2,
+        0x2A, 0x27, 0xA5, 0xB2, 0xC6, 0x1C, 0x97, 0xB3,
+        0xB2, 0x49, 0x3C, 0xB6, 0xC1, 0x3C, 0x5F, 0x6E,
+        0x20, 0xA6, 0x7B, 0x88, 0xD3, 0xC3, 0xAC, 0xCF,
+        0xAF, 0x0A, 0x42, 0x57, 0x42, 0xDF, 0x24, 0x06,
+        0x34, 0xD1, 0xEE, 0x59, 0x38, 0x28, 0xFE, 0x62,
+        0x97, 0x44, 0x6C, 0x07, 0x6F, 0x97, 0x90, 0x55,
+        0x98, 0x8A, 0xB8, 0x34, 0xB2, 0xBD, 0x82, 0xE1,
+        0x4D, 0xC0, 0x86, 0x40, 0x0E, 0x1C, 0x95, 0x6C,
+        0xC0, 0xC3, 0x0C, 0xE7, 0xBF, 0xD9, 0x62, 0x22,
+        0x3D, 0x23, 0xFE, 0x94, 0x94, 0x96, 0x4A, 0x81,
+        0x1B, 0x93, 0xE8, 0xD7, 0xB8, 0xF3, 0x4C, 0x89,
+        0xAA, 0xD4, 0x5D, 0xD4, 0x11, 0x3F, 0x2A, 0xE7,
+        0xBD, 0x94, 0xB5, 0x3F, 0xC8, 0x6E, 0x8B, 0x2A,
+        0xE8, 0x2E, 0x51, 0xEC, 0x6F, 0x3E, 0xA4, 0xC3,
+        0x0D, 0x60, 0xB8, 0x60, 0x72, 0x74, 0x86, 0x12,
+        0xD1, 0x60, 0x70, 0x56, 0xB5, 0xFF, 0x6A, 0x45,
+        0x00, 0xEE, 0xE7, 0x8A, 0x5A, 0x63, 0x9C, 0x7B,
+        0x74, 0x16, 0x97, 0x77, 0x62, 0x68, 0x64, 0xDD,
+        0x9E, 0xAE, 0xF0, 0xE3, 0xAD, 0x84, 0x93, 0xD8,
+        0x31, 0xF7, 0x1D, 0xEA, 0x95, 0xBB, 0xFC, 0xF8,
+        0x14, 0x23, 0xA2, 0x66, 0xDE, 0x56, 0xF3, 0xA8,
+        0xFE, 0x8E, 0x6C, 0x3C, 0x0D, 0x61, 0x2F, 0xB6,
+        0x2B, 0xD6, 0x42, 0x18, 0x8C, 0xA7, 0x1C, 0xB8,
+        0x98, 0x34, 0xF3, 0x0B, 0xCC, 0x28, 0xBD, 0x17,
+        0x88, 0x45, 0xF1, 0xF6, 0xF4, 0x6C, 0x03, 0xD3,
+        0x06, 0xF7, 0xED, 0x4E, 0x68, 0x75, 0x94, 0x27,
+        0xAE, 0xC2, 0x70, 0x11, 0x98, 0xC3, 0xC0, 0x5D,
+        0x38, 0x5D, 0xFA, 0xFD, 0x52, 0x8C, 0xCE, 0x84,
+        0x25, 0xBC, 0x55, 0x14, 0x69, 0xA0, 0xED, 0x68,
+        0x1B, 0xEE, 0x4D, 0x12, 0xA8, 0x43, 0xE3, 0x33,
+        0xB5, 0xA8, 0xE0, 0x51, 0x7F, 0xC6, 0x19, 0x06,
+        0xF9, 0xC4, 0xE7, 0x80, 0x9B, 0xAE, 0xD4, 0xD3,
+        0xD1, 0x6E, 0xB2, 0x2F, 0x1F, 0xA9, 0xAB, 0x40,
+        0x2D, 0x98, 0x8E, 0xD5, 0x9F, 0x9F, 0xED, 0x04,
+        0x55, 0xE9, 0x26, 0x0F, 0xD6, 0x27, 0xA2, 0x4A,
+        0x17, 0xFE, 0x7C, 0xB6, 0x3E, 0x53, 0x0B, 0x48,
+        0xF5, 0xFB, 0x66, 0x87, 0xA2, 0xE8, 0xC4, 0x9D,
+        0xA7, 0x9F, 0xBD, 0x69, 0xA3, 0x40, 0x00, 0x56,
+        0x66, 0x5D, 0xD1, 0x1D, 0x19, 0xA2, 0xBC, 0x4D,
+        0xB1, 0xD3, 0x74, 0xAB, 0x6A, 0x6E, 0x42, 0x47,
+        0x2A, 0x27, 0xAC, 0x6B, 0x98, 0xF6, 0x76, 0xE8,
+        0xED, 0xAA, 0xDD, 0x51, 0x4F, 0x6D, 0x44, 0xDE,
+        0xEC, 0xDA, 0xB5, 0xA6, 0xDF, 0xA0, 0xF8, 0x4F,
+        0x13, 0x9A, 0x80, 0x3A, 0x25, 0x24, 0xBF, 0x33,
+        0x5D, 0xC5, 0x2E, 0xA5, 0x8F, 0xA5, 0x0D, 0x98,
+        0xFB, 0x5C, 0xD5, 0x5D, 0x5D, 0x50, 0xA6, 0x63,
+        0xCF, 0x64, 0x7E, 0xEE, 0x56, 0xFE, 0x8E, 0x66,
+        0x4B, 0x3B, 0xCA, 0xF9, 0xE3, 0x33, 0x97, 0x8A,
+        0x79, 0x46, 0x97, 0x3F, 0xD1, 0x13, 0xE4, 0xFD,
+        0x39, 0x24, 0xE6, 0xC0, 0x9E, 0x60, 0x38, 0x64,
+        0x44, 0x21, 0x4D, 0xFA, 0x7A, 0x4D, 0x67, 0x1F,
+        0xC2, 0x38, 0x90, 0x63, 0x7E, 0xB8, 0x59, 0x13,
+        0x4D, 0x79, 0xE2, 0x65, 0xC5, 0x9C, 0xA3, 0xEC,
+        0xCD, 0xDF, 0xA0, 0x18, 0x22, 0x3C, 0x9B, 0xAE,
+        0x1C, 0xCA, 0x10, 0x39, 0x62, 0x07, 0x8B, 0xC5,
+        0xF0, 0xDD, 0x02, 0x24, 0x6F, 0xA2, 0x83, 0x24,
+        0xF7, 0xCB, 0x2F, 0xCF, 0xAD, 0x07, 0xC2, 0x5B,
+        0x4B, 0xC2, 0xD8, 0x88, 0x06, 0x9B, 0x0C, 0xF5,
+        0xF2, 0x3C, 0x76, 0x1C, 0x0E, 0x47, 0x10, 0x98,
+        0x81, 0xCD, 0x31, 0x45, 0x6A, 0x64, 0xB9, 0x40,
+        0xB4, 0xBB, 0x9B, 0x4C, 0x2C, 0x3B, 0x8E, 0x6B,
+        0xA8, 0x34, 0xAA, 0xAE, 0x69, 0xFD, 0xFC, 0x47,
+        0xD4, 0x4B, 0x3C, 0x96, 0x88, 0x7A, 0xBE, 0xD3,
+        0x60, 0x15, 0xE7, 0xB6, 0x4E, 0x85, 0x42, 0x92,
+        0x8F, 0x27, 0x7C, 0xBD, 0x2D, 0x3C, 0x51, 0x2C,
+        0x24, 0xDE, 0xEF, 0xE5, 0x90, 0xE8, 0x1C, 0x68,
+        0x4E, 0x06, 0x3E, 0x7A, 0xAD, 0xCF, 0x11, 0x7B,
+        0x48, 0x94, 0x3D, 0xB7, 0x71, 0xFC, 0x22, 0x07,
+        0xF5, 0x7A, 0x74, 0x53, 0x57, 0x55, 0x5D, 0x41,
+        0x9C, 0x9C, 0xDC, 0xA3, 0x5C, 0xC1, 0xA7, 0x10,
+        0x0A, 0x69, 0x13, 0xA3, 0xB6, 0xAA, 0xCF, 0x79,
+        0x6F, 0xE3, 0xF9, 0x4D, 0xD2, 0xF8, 0x18, 0x98,
+        0x27, 0x16, 0xCE, 0x03, 0x16, 0x54, 0x2A, 0x1B,
+        0x95, 0x7E, 0x12, 0xDA, 0x43, 0xE2, 0x31, 0x54,
+        0x2C, 0xC1, 0x4F, 0xCC, 0x66, 0xD7, 0x28, 0xA6,
+        0x83, 0x26, 0xB2, 0xBC, 0x31, 0x12, 0x48, 0x33,
+        0x0F, 0x3E, 0x98, 0xF8, 0x1E, 0xA3, 0x8C, 0xA9,
+        0x24, 0xA8, 0xE4, 0xDA, 0x97, 0xCF, 0x67, 0x38,
+        0x42, 0xC7, 0x59, 0xF9, 0x35, 0xBE, 0x88, 0x16,
+        0x3C, 0xE9, 0x7F, 0xE4, 0xD9, 0x45, 0x71, 0x76,
+        0xF5, 0xB8, 0x90, 0x8A, 0xF9, 0x48, 0xF7, 0x4D,
+        0x5D, 0x1D, 0xDB, 0xC5, 0x21, 0x82, 0x5D, 0x93,
+        0x1C, 0x63, 0xCA, 0x8A, 0x8E, 0x12, 0x24, 0x26,
+        0x26, 0x30, 0x5A, 0xB6, 0xA2, 0xE0, 0x62, 0x45,
+        0x64, 0xEE, 0x04, 0x19, 0x83, 0xC1, 0x8C, 0x29,
+        0x52, 0xEC, 0x3D, 0x9D, 0x15, 0x9B, 0xDE, 0x39,
+        0x85, 0xCF, 0x77, 0x89, 0x7E, 0xE2, 0xDC, 0x88,
+        0x81, 0x12, 0x72, 0x1D, 0x48, 0x54, 0xE9, 0x14,
+        0xA5, 0x39, 0x7E, 0x08, 0xB5, 0x4F, 0x4A, 0x54,
+        0x32, 0x3F, 0xF8, 0x20, 0x82, 0x1B, 0xE0, 0x26,
+        0xEA, 0x09, 0x1E, 0xCA, 0x6B, 0x7D, 0x80, 0xD9,
+        0x1E, 0x3D, 0xCA, 0x2E, 0xF7, 0x84, 0x8B, 0x86,
+        0xFC, 0xA6, 0xBB, 0x40, 0xCE, 0x48, 0x27, 0x1E,
+        0x10, 0x08, 0x36, 0x8E, 0x3E, 0xBB, 0x5E, 0x39,
+        0x5E, 0x1C, 0xCD, 0x0D, 0x17, 0x8F, 0x1A, 0x62,
+        0x57, 0xD2, 0x6B, 0x6B, 0xA4, 0xB7, 0xCE, 0x53,
+        0x2C, 0xAA, 0x1E, 0x76, 0xCE, 0x28, 0xFA, 0x4C,
+        0xF9, 0xE0, 0x29, 0xE2, 0x48, 0x2B, 0x94, 0xD3,
+        0xAC, 0xF9, 0x7A, 0x32, 0x6D, 0x23, 0x5D, 0x1B,
+        0xDC, 0x89, 0xF7, 0x00, 0x02, 0x19, 0x84, 0x51,
+        0xD9, 0xF1, 0xF1, 0x2C, 0xCD, 0x5B, 0xCA, 0xEC,
+        0xDD, 0xE9, 0xE1, 0x4A, 0xC8, 0x07, 0x42, 0xEB,
+        0x31, 0xE6, 0x46, 0x4C, 0x83, 0x21, 0x0A, 0x39,
+        0xF3, 0x50, 0x98, 0xBE, 0x03, 0x78, 0xD0, 0x74,
+        0xCE, 0x1C, 0xCD, 0x1E, 0xBC, 0x1C, 0x77, 0x70,
+        0xF7, 0x78, 0xD6, 0x05, 0xF2, 0xBE, 0x59, 0xDB,
+        0x7E, 0xA0, 0x7D, 0x80, 0xCC, 0xDF, 0x55, 0xF1,
+        0x6E, 0x98, 0x5B, 0x14, 0x2F, 0xB7, 0xBD, 0xA0,
+        0x7A, 0xA7, 0xDC, 0xA5, 0xB2, 0x01, 0xE1, 0x95,
+        0x0C, 0xF9, 0xA7, 0x28, 0xF2, 0x1E, 0x9A, 0x9D,
+        0x8A, 0xC4, 0xD1, 0x32, 0x7E, 0x3B, 0xC0, 0xFF,
+        0x33, 0x9A, 0x25, 0x05, 0x22, 0xF6, 0x31, 0xDF,
+        0x2E, 0x75, 0x95, 0x51, 0x54, 0x89, 0x3E, 0x4A,
+        0x1A, 0xAF, 0x98, 0x66, 0xFE, 0xE1, 0x63, 0x7E,
+        0xE1, 0xAA, 0x51, 0x06, 0xD2, 0x44, 0xE9, 0x9E,
+        0x6F, 0x31, 0xFC, 0x56, 0x01, 0xBB, 0x7B, 0x79,
+        0xBA, 0xD8, 0x28, 0x60, 0xB1, 0xD6, 0x05, 0x9D,
+        0x9B, 0x13, 0x2E, 0x02, 0x64, 0x18, 0x02, 0x0D,
+        0xB0, 0x6E, 0xB8, 0x39, 0x1F, 0xA1, 0x5B, 0x7A,
+        0x0F, 0x29, 0xE3, 0x6D, 0x96, 0x6A, 0xBD, 0x3D,
+        0x2A, 0x2F, 0xF3, 0xF2, 0xAA, 0xC3, 0x4C, 0x8B,
+        0x45, 0xC7, 0xD2, 0x35, 0x5E, 0xDB, 0xB8, 0x0B,
+        0x22, 0x4B, 0xC1, 0x06, 0xEB, 0xC6, 0x75, 0x0E,
+        0x55, 0x07, 0x0F, 0x85, 0xA7, 0xCB, 0x60, 0x03,
+        0x39, 0x4E, 0x51, 0x61, 0xAE, 0x26, 0xF5, 0xAB,
+        0xF8, 0x3F, 0x0D, 0xCC, 0xCF, 0x69, 0xB8, 0x61,
+        0x39, 0xAF, 0x86, 0x94, 0xFE, 0x1D, 0xC0, 0x07,
+        0x81, 0xEA, 0xE0, 0x9C, 0xDB, 0x42, 0x18, 0x14,
+        0x87, 0x80, 0x43, 0xDC, 0x9B, 0x05, 0x30, 0xE5,
+        0x54, 0x5A, 0x16, 0x5E, 0x39, 0xA9, 0xB7, 0xDE,
+        0x88, 0xB4, 0xAD, 0x2A, 0xEB, 0x90, 0xD3, 0xC3,
+        0x29, 0x41, 0x2E, 0xD2, 0xFE, 0x1D, 0x97, 0xB7,
+        0x32, 0xC8, 0x43, 0x9D, 0xF4, 0xF8, 0x3D, 0x22,
+        0x88, 0x35, 0xB5, 0x38, 0xDC, 0x27, 0x8F, 0xF0,
+        0xA2, 0xDC, 0x42, 0xF4, 0x1B, 0x00, 0xCE, 0x3A,
+        0xCA, 0x06, 0xB0, 0x5C, 0x48, 0x39, 0xB8, 0x96,
+        0x93, 0x15, 0x15, 0xD7, 0x8E, 0xA3, 0x67, 0x3A,
+        0x37, 0x82, 0x79, 0xF4, 0xE8, 0x9C, 0xE0, 0x8E,
+        0x34, 0x53, 0xFF, 0x2F, 0xB4, 0x53, 0xBE, 0x03,
+        0x1C, 0x63, 0x18, 0x62, 0x8A, 0x73, 0x1D, 0x02,
+        0x9F, 0xC7, 0xBE, 0xA2, 0xBA, 0x5E, 0xAC, 0x49,
+        0x16, 0x27, 0x8B, 0x93, 0x8A, 0x6A, 0x6A, 0xCE,
+        0xF5, 0xBF, 0xE2, 0x15, 0x8F, 0x2A, 0xF4, 0x3D,
+        0x8E, 0x56, 0xA0, 0x64, 0x9D, 0xF2, 0x8A, 0x25,
+        0x0D, 0x2F, 0x25, 0x36, 0xAB, 0xDE, 0x1E, 0x00,
+        0x8E, 0xB6, 0x31, 0xF4, 0xBD, 0x0E, 0xB5, 0x55,
+        0x73, 0xA4, 0x05, 0x39, 0xA6, 0x00, 0x41, 0x81,
+        0xA9, 0xD2, 0xBF, 0x7A, 0x1E, 0x53, 0x50, 0x4F,
+        0x11, 0xE0, 0x14, 0x84, 0x07, 0x33, 0x84, 0x41,
+        0x31, 0xAC, 0x66, 0x89, 0x46, 0xE5, 0xB8, 0x27,
+        0x28, 0x9A, 0xB6, 0xB2, 0x13, 0x66, 0xC5, 0xD0,
+        0xE2, 0x64, 0x92, 0x19, 0xB9, 0x2C, 0x47, 0x60,
+        0xDF, 0xB7, 0x05, 0xF7, 0xF6, 0x1A, 0x96, 0x56,
+        0x4C, 0x9E, 0x84, 0x0D, 0x14, 0xB0, 0xBB, 0x0D,
+        0xA8, 0x2D, 0xA5, 0x0F, 0x8B, 0x8E, 0x75, 0x2B,
+        0xBF, 0xEA, 0x3B, 0x0A, 0x33, 0x7B, 0xE1, 0x24,
+        0xF7, 0x2D, 0x8F, 0x82, 0x49, 0x19, 0x5B, 0xC1,
+        0x9C, 0x3E, 0x0B, 0x62, 0xEA, 0xE4, 0x96, 0xD3,
+        0x8C, 0xF7, 0x50, 0x0B, 0x4F, 0x10, 0x66, 0x5F,
+        0xC2, 0xD2, 0x8B, 0x9E, 0xA9, 0x35, 0xF7, 0xE3,
+        0x16, 0x47, 0x2F, 0x4F, 0xF4, 0x01, 0x26, 0x75,
+        0x41, 0xBD, 0xB6, 0x23, 0x01, 0x55, 0x4B, 0x20,
+        0x09, 0x92, 0x8C, 0x64, 0x45, 0xBB, 0xD0, 0xEF,
+        0x21, 0xD0, 0x99, 0x72, 0xF3, 0x50, 0x81, 0xAB,
+        0xA9, 0x09, 0x1A, 0x6C, 0x23, 0xFE, 0xD2, 0x9F,
+        0x5C, 0xF9, 0xE0, 0x77, 0x9F, 0x7E, 0xFB, 0xAD,
+        0x88, 0xE6, 0x2A, 0x45, 0x44, 0x42, 0xB3, 0x00,
+        0x79, 0xBE, 0x0A, 0xC9, 0xC6, 0x48, 0x26, 0xB9,
+        0x8C, 0x1E, 0x10, 0x01, 0xCB, 0x0F, 0xB0, 0xF0,
+        0xA9, 0x5F, 0x79, 0x65, 0xFE, 0x93, 0x12, 0xBF,
+        0xDA, 0xEC, 0x33, 0xF9, 0x50, 0x65, 0xC8, 0xE5,
+        0x9D, 0x39, 0x50, 0xF8, 0x0A, 0xDC, 0x7F, 0xB3,
+        0x34, 0xF2, 0x02, 0xD3, 0xE5, 0xF8, 0xDA, 0x48,
+        0x1C, 0x9B, 0x54, 0xA7, 0x59, 0x83, 0x93, 0x0F,
+        0xD1, 0xE5, 0xAC, 0xD1, 0x62, 0x84, 0xF0, 0x71,
+        0x93, 0xFB, 0xCB, 0x50, 0xD0, 0xDC, 0x00, 0xEF,
+        0xF8, 0x20, 0x31, 0x44, 0xC1, 0x1E, 0xC6, 0x14,
+        0x20, 0xFC, 0x32, 0xD7, 0x98, 0x2C, 0xE8, 0x96,
+        0x40, 0x6B, 0xE7, 0x69, 0xA7, 0x5D, 0xD8, 0xD3,
+        0xCA, 0xC7, 0x53, 0xAB, 0xE5, 0xA2, 0x78, 0x65,
+        0x5B, 0xF5, 0x4B, 0xE3, 0x3A, 0x1B, 0x83, 0x74,
+        0xEB, 0xEE, 0xFF, 0x21, 0x2C, 0x39, 0xCE, 0x51,
+        0x46, 0x68, 0xF1, 0xC4, 0x56, 0xEA, 0xA2, 0x53,
+        0x28, 0x28, 0xC8, 0x42, 0x93, 0xF1, 0xA5, 0xBC,
+        0x9E, 0xB5, 0xDE, 0xDF, 0x55, 0x8A, 0x9B, 0x4C,
+        0x12, 0x39, 0xF7, 0x72, 0x72, 0xC6, 0x7E, 0x1A,
+        0xB2, 0x8E, 0x1E, 0xFE, 0xC5, 0x89, 0x3E, 0x09,
+        0xC1, 0x06, 0x62, 0xB5, 0x3C, 0x8B, 0x82, 0x55,
+        0xB1, 0xC8, 0xDC, 0x8F, 0x8E, 0x51, 0x20, 0xA2,
+        0x5C, 0x75, 0xEE, 0xFE, 0x79, 0xC4, 0x3F, 0x7A,
+        0x8B, 0x37, 0xDF, 0x9D, 0x1E, 0x4F, 0x32, 0x48,
+        0x69, 0x33, 0xDA, 0x1C, 0xB0, 0x66, 0x4C, 0x5D,
+        0xB3, 0x9E, 0x21, 0xBC, 0x22, 0x7B, 0x0C, 0xDF,
+        0xE7, 0xA5, 0x50, 0x7F, 0x07, 0xF2, 0x18, 0xA7,
+        0xA4, 0x7D, 0xEB, 0xCD, 0x9D, 0xAD, 0x72, 0x47,
+        0xB4, 0xD0, 0x45, 0xA1, 0x3A, 0xD4, 0xF7, 0x5E,
+        0xAD, 0x2D, 0x45, 0xC3, 0x39, 0xD0, 0xDF, 0x04,
+        0x57, 0x7F, 0x2E, 0x0F, 0xDC, 0x78, 0x03, 0x92,
+        0x55, 0x30, 0x33, 0xC7, 0x38, 0x85, 0x2B, 0x1B,
+        0xE4, 0xE6, 0x3E, 0xA3, 0x89, 0x7D, 0x6C, 0x9C,
+        0x4B, 0x11, 0xAD, 0x6B, 0x58, 0xD3, 0xE2, 0xD3,
+        0x42, 0xD3, 0x28, 0x40, 0xF6, 0x49, 0xDD, 0x83,
+        0xE7, 0x59, 0x86, 0x6B, 0x73, 0x81, 0xA8, 0x4C,
+        0x8A, 0xDD, 0xDF, 0x41, 0x3F, 0xAE, 0x18, 0xE6,
+        0x43, 0x1B, 0x1E, 0xEA, 0x73, 0xA5, 0x6C, 0xD8,
+        0x89, 0xB7, 0x6B, 0xC9, 0x78, 0x6B, 0xED, 0xED,
+        0xCA, 0x25, 0x41, 0xE4, 0xC9, 0xB2, 0x4E, 0x28,
+        0xF5, 0x8A, 0xD3, 0x74, 0xC1, 0xD9, 0x3D, 0xF2,
+        0xD3, 0xF2, 0xC3, 0x7E, 0xC5, 0x94, 0xA0, 0x49,
+        0x8C, 0x57, 0x45, 0x79, 0xA7, 0x33, 0x2F, 0x72,
+        0xC0, 0xF9, 0x75, 0x08, 0x77, 0xFA, 0xD5, 0xB9,
+        0x0B, 0x96, 0x8D, 0x88, 0xF1, 0x16, 0x82, 0xC4,
+        0x07, 0x1E, 0x4E, 0xA3, 0x8B, 0x81, 0x6A, 0xEA,
+        0xD6, 0xBE, 0x54, 0xD2, 0xF3, 0x71, 0x32, 0x4F,
+        0x24, 0x75, 0xB8, 0x62, 0xC7, 0x54, 0x24, 0xEC,
+        0xF9, 0x85, 0x8A, 0xA4, 0xE2, 0x00, 0xCF, 0xBA,
+        0x41, 0x2D, 0x7E, 0x3E, 0x6C, 0x30, 0x8D, 0x8D,
+        0xE1, 0x1D, 0xD1, 0x85, 0x33, 0x1A, 0xF9, 0xD4,
+        0x1A, 0xFE, 0x88, 0x79, 0x96, 0x5D, 0x67, 0x46,
+        0xEF, 0x21, 0xFD, 0x98, 0xD3, 0xED, 0x38, 0x06,
+        0xFB, 0x5C, 0x46, 0x19, 0xC9, 0x8E, 0x34, 0x7D,
+        0x76, 0xB8, 0xB8, 0x98, 0x49, 0x39, 0x55, 0x61,
+        0xEE, 0x28, 0x6D, 0xFD, 0xFC, 0x6A, 0x04, 0xE1,
+        0xD4, 0x7E, 0x9F, 0x5B, 0x5B, 0x49, 0x25, 0x77,
+        0x84, 0xC3, 0x93, 0x64, 0xDF, 0xA8, 0x8A, 0xD6,
+        0x30, 0xDF, 0xA5, 0x9C, 0xCA, 0x32, 0x37, 0xF4,
+        0xA2, 0xB1, 0x41, 0xA8, 0x13, 0xD2, 0x2C, 0x6F,
+        0xFE, 0x73, 0xC2, 0xD9, 0x9A, 0xDC, 0x82, 0x4D,
+        0x93, 0xE0, 0x6A, 0x54, 0xB6, 0xDE, 0x62, 0xC3,
+        0x12, 0x5D, 0x94, 0xB4, 0x9E, 0x95, 0x0D, 0xEC,
+        0x36, 0x1F, 0x96, 0x1F, 0x56, 0xD3, 0x67, 0x1C,
+        0x99, 0x25, 0x37, 0x7F, 0x6E, 0x67, 0x06, 0x65,
+        0x32, 0x2B, 0x84, 0x89, 0xE8, 0x33, 0xD3, 0x83,
+        0x0E, 0xCC, 0xDD, 0x0F, 0x53, 0xF4, 0xA4, 0xF9,
+        0xD6, 0x8F, 0x14, 0x45, 0xF3, 0xAE, 0xD5, 0xC9,
+        0xD7, 0x66, 0x40, 0x9B, 0x59, 0xBA, 0xE7, 0xA7,
+        0x29, 0x12, 0xE9, 0x8B, 0x3B, 0xB5, 0x73, 0x42,
+        0xD2, 0x9B, 0x6A, 0xCF, 0xD1, 0x43, 0x36, 0xB7,
+        0xB8, 0xB6, 0xB7, 0x54, 0x9A, 0xF8, 0xCC, 0x88,
+        0x45, 0xE1, 0x0C, 0x28, 0x11, 0x28, 0x72, 0x81,
+        0x98, 0x5D, 0x5D, 0x47, 0x68, 0x5F, 0xC5, 0x89,
+        0xF2, 0x67, 0x8E, 0xD8, 0x93, 0xF5, 0x7B, 0x85,
+        0xAC, 0xED, 0x75, 0x63, 0x2E, 0x50, 0xDE, 0x5E,
+        0x07, 0x4E, 0x6C, 0xED, 0xCF, 0x1A, 0xD4, 0x99,
+        0xBC, 0xE6, 0x7A, 0x7F, 0x49, 0x85, 0x64, 0xDE,
+        0xEC, 0x67, 0x7C, 0x70, 0x83, 0x88, 0xDE, 0x8F,
+        0xD7, 0xB0, 0x99, 0xCF, 0xC1, 0x16, 0x09, 0x6C,
+        0x45, 0xFE, 0x28, 0x89, 0x0B, 0x5E, 0xAF, 0x06,
+        0x16, 0x99, 0x39, 0xFD, 0xA3, 0x5E, 0x12, 0x15,
+        0xF2, 0x38, 0xE8, 0xCD, 0xED, 0xFE, 0x67, 0x00,
+        0x65, 0xF5, 0xDE, 0x32, 0x72, 0xA2, 0x32, 0xFD,
+        0x53, 0xC2, 0x50, 0xF5, 0xD7, 0x79, 0xB3, 0x16,
+        0x94, 0xFB, 0xA9, 0x1B, 0x55, 0x48, 0x03, 0x67,
+        0x6E, 0x4D, 0xEA, 0x28, 0x84, 0x63, 0xFE, 0x10,
+        0x63, 0x00, 0x9E, 0x9C, 0xB7, 0x6C, 0x31, 0x7D,
+        0xB4, 0x00, 0xAC, 0xF4, 0xD2, 0xD2, 0xB6, 0xD1,
+        0x6E, 0xDE, 0xBA, 0x41, 0x08, 0x91, 0x3F, 0x60,
+        0xAE, 0xB2, 0x52, 0xCD, 0xE4, 0x13, 0x69, 0x0C,
+        0xEE, 0xFD, 0xCF, 0xA6, 0x38, 0x96, 0x3D, 0xBD,
+        0x04, 0xF4, 0xCF, 0x21, 0xAD, 0x74, 0xDD, 0xE6,
+        0x5F, 0x0F, 0x1E, 0x7C, 0xE7, 0x0A, 0xF1, 0x01,
+        0xA6, 0xDE, 0x9A, 0x59, 0xDB, 0x21, 0xD3, 0x80,
+        0x27, 0xDB, 0xBF, 0x76, 0x16, 0x78, 0x27, 0x95,
+        0x0B, 0x69, 0x41, 0x82, 0x66, 0xAF, 0xA4, 0x44,
+        0xC7, 0x28, 0xDE, 0x36, 0x24, 0xA1, 0xC8, 0x1E,
+        0x5B, 0x16, 0x41, 0xDB, 0xE8, 0x79, 0xCD, 0x82,
+        0x2F, 0xB2, 0x30, 0x3C, 0xC3, 0xA9, 0xFC, 0xEE,
+        0xFE, 0x3D, 0xDF, 0x7D, 0xBD, 0x0B, 0x70, 0x57,
+        0x24, 0x8A, 0x28, 0xD6, 0x06, 0x2D, 0x76, 0xEB,
+        0x13, 0xB9, 0x2C, 0x9C, 0x9D, 0x00, 0x3B, 0x69,
+        0xE1, 0x84, 0x2A, 0x54, 0xC0, 0x9C, 0xF6, 0xB4,
+        0x84, 0x52, 0x08, 0x15, 0xE2, 0xBB, 0x23, 0x72,
+        0x88, 0xC6, 0x4F, 0xC6, 0x96, 0xFD, 0x3B, 0xC4,
+        0x5D, 0xB3, 0x0C, 0xB8, 0x64, 0x65, 0xDF, 0x11,
+        0x88, 0xBF, 0x47, 0x95, 0x6E, 0x5B, 0x91, 0x6A,
+        0x80, 0x09, 0x71, 0x5C, 0xC9, 0xA9, 0xA6, 0xDC,
+        0xE4, 0x4C, 0x54, 0xF9, 0x28, 0x81, 0x6B, 0x41,
+        0xD0, 0x18, 0xC5, 0xFE, 0x65, 0x2F, 0xFE, 0x4E,
+        0x33, 0xF3, 0x52, 0xD3, 0x83, 0xA9, 0xC1, 0x36,
+        0x5F, 0x02, 0xAB, 0xFD, 0x64, 0x7B, 0xD6, 0xB4,
+        0x2A, 0xD1, 0x63, 0x73, 0x0F, 0x8B, 0xFD, 0xA1,
+        0xE2, 0xBE, 0x5F, 0x61, 0x4D, 0x79, 0x59, 0x78,
+        0x25, 0xBA, 0x09, 0xF4, 0x57, 0xD3, 0xCB, 0xE7,
+        0x56, 0x1E, 0x7E, 0x89, 0xEA, 0xF0, 0x59, 0xE9,
+        0x77, 0xD1, 0xEE, 0x88, 0x84, 0x8B, 0x78, 0x1F,
+        0x21, 0xF7, 0x23, 0x89, 0x0F, 0xF1, 0xF9, 0x87,
+        0x39, 0x28, 0x41, 0x2C, 0x8F, 0x11, 0xEE, 0xDD,
+        0x2C, 0x0C, 0x39, 0xC9, 0x51, 0x27, 0x90, 0x98,
+        0x6A, 0x19, 0xE1, 0x7B, 0x2B, 0x70, 0xA4, 0xD7,
+        0xCF, 0x49, 0xD9, 0xD1, 0x8C, 0xAA, 0x0C, 0x20,
+        0x23, 0x13, 0x4C, 0xAC, 0xD1, 0x69, 0x20, 0x0D,
+        0x88, 0x17, 0xFA, 0x32, 0x1F, 0x04, 0xAC, 0xC9,
+        0x10, 0x61, 0x3D, 0xFF, 0x25, 0x0E, 0xB3, 0x25,
+        0xDB, 0xEF, 0x29, 0xEB, 0x56, 0x11, 0xB2, 0xAD,
+        0x2A, 0x23, 0xED, 0xD5, 0x38, 0x04, 0x9B, 0x3F,
+        0x43, 0xEF, 0xEB, 0x4D, 0x60, 0x98, 0x37, 0x92,
+        0xB4, 0xBF, 0x05, 0x56, 0x79, 0x44, 0xAA, 0xDB,
+        0x7A, 0xC4, 0xD3, 0xA5, 0xD8, 0x0A, 0x1B, 0x9D,
+        0x84, 0x48, 0xB4, 0xC0, 0xC1, 0x15, 0xC3, 0xB5,
+        0xAD, 0x38, 0x85, 0x35, 0x3F, 0x47, 0xD5, 0xFC,
+        0xB9, 0xB7, 0xD6, 0x44, 0x6F, 0x1A, 0x72, 0x10,
+        0xBB, 0xC6, 0x67, 0xFC, 0x41, 0x14, 0x15, 0xF2,
+        0x3C, 0xD4, 0x0A, 0x2A, 0x3D, 0x64, 0x06, 0x1D,
+        0x71, 0xC6, 0x71, 0x91, 0x57, 0x1A, 0x97, 0xD0,
+        0x10, 0x88, 0xA2, 0x4B, 0x67, 0x11, 0x56, 0x7F,
+        0xC8, 0x91, 0x06, 0x73, 0x2D, 0x88, 0x92, 0xFF,
+        0x98, 0x5B, 0x8E, 0x6C, 0xF7, 0x01, 0x63, 0x82,
+        0x9C, 0xC0, 0x85, 0xBE, 0x4E, 0x40, 0x83, 0x15,
+        0x36, 0x1B, 0xB1, 0xB2, 0x00, 0x3D, 0x64, 0x13,
+        0x22, 0x0B, 0x13, 0x45, 0x06, 0xD3, 0xC3, 0x04,
+        0xC0, 0xBB, 0xBA, 0x9C, 0x9C, 0x45, 0xD3, 0x65,
+        0x1E, 0x05, 0x71, 0xB6, 0xB1, 0x15, 0x17, 0x72,
+        0x13, 0xD8, 0x59, 0x5E, 0x14, 0x3D, 0xB9, 0x0B,
+        0xD7, 0x2F, 0x7E, 0xB9, 0x74, 0xD8, 0xD0, 0xA0,
+        0x31, 0x74, 0x09, 0xD6, 0x4D, 0x58, 0x37, 0xEA,
+        0xEC, 0x9B, 0x8D, 0x44, 0xDD, 0x7E, 0xCF, 0xF6,
+        0xCD, 0xA9, 0xF7, 0x29, 0x38, 0x2A, 0x43, 0xB3,
+        0x79, 0xCB, 0xDD, 0x43, 0xFF, 0xB1, 0x8A, 0xEA,
+        0x35, 0xC1, 0xA9, 0x96, 0xCE, 0xF1, 0x48, 0x8D,
+        0x3B, 0x7A, 0x81, 0xEE, 0x7C, 0xFC, 0x0B, 0x96,
+        0x23, 0x41, 0x8A, 0xB3, 0x91, 0x9A, 0x6E, 0xDD,
+        0xB9, 0x9F, 0x22, 0x2F, 0x0D, 0xDD, 0xB2, 0xF3,
+        0x2A, 0x20, 0xC8, 0xF8, 0x4F, 0xBF, 0x4C, 0x49,
+        0xB4, 0xCB, 0x3E, 0xB5, 0x0D, 0x9C, 0x4C, 0xD2,
+        0x5A, 0x6F, 0x71, 0x75, 0x46, 0x70, 0x66, 0xD2,
+        0x5E, 0x64, 0x37, 0xB6, 0x7F, 0x2D, 0xBC, 0x70,
+        0xC2, 0xE6, 0xEB, 0x0B, 0xDE, 0x23, 0x86, 0xD0,
+        0x30, 0x14, 0xA7, 0x89, 0xFB, 0x6D, 0xC0, 0x8E,
+        0xE3, 0x3C, 0x0C, 0x67, 0x95, 0x1D, 0xA9, 0xD7,
+        0x4B, 0x9C, 0x94, 0x84, 0x5D, 0x2A, 0x99, 0x03,
+        0x7E, 0x09, 0x5F, 0xEF, 0x79, 0x19, 0x92, 0x0F,
+        0xE5, 0x26, 0xEB, 0x5D, 0xD0, 0xBA, 0x1F, 0x97,
+        0xDF, 0xBD, 0x2D, 0xDC, 0x31, 0x60, 0x9C, 0x1B,
+        0x7B, 0x45, 0xEC, 0x3A, 0xDB, 0x58, 0x6F, 0xE3,
+        0x03, 0x0A, 0x0C, 0x7A, 0x9D, 0xD0, 0x34, 0xA3,
+        0xC2, 0xE6, 0xF9, 0x84, 0x90, 0x93, 0xCE, 0xE1,
+        0x0A, 0x18, 0x19, 0x53, 0x54, 0x7F, 0x8B, 0xE3,
+        0x28, 0x72, 0x0A, 0x4A, 0x5A, 0x82, 0x90, 0xB5,
+        0xEE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06,
+        0x0B, 0x10, 0x18, 0x1A, 0x21
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte pk_87[] = {
+        0x59, 0xB2, 0x37, 0x1F, 0xE7, 0xBA, 0xCC, 0x20,
+        0x7F, 0xE1, 0xFE, 0xE8, 0x8A, 0x8B, 0x38, 0x05,
+        0xA7, 0x05, 0x28, 0x65, 0x69, 0x17, 0x89, 0xBB,
+        0x90, 0x54, 0x2F, 0xA4, 0x7F, 0x7E, 0xF2, 0xB7,
+        0x5F, 0xCA, 0x13, 0xDB, 0xA5, 0x88, 0x8B, 0xEC,
+        0x32, 0x05, 0x14, 0xDC, 0xB0, 0x5F, 0xD2, 0x6E,
+        0xB5, 0x54, 0x1F, 0x6E, 0x57, 0x2E, 0xCE, 0xA6,
+        0xC4, 0xF1, 0xD3, 0x8A, 0xA7, 0x02, 0x59, 0x09,
+        0x4A, 0xA9, 0x45, 0xF1, 0x9F, 0xED, 0x0D, 0x98,
+        0x0E, 0x65, 0xDB, 0xF6, 0x5D, 0xB8, 0x0F, 0x56,
+        0x4F, 0xE2, 0x9D, 0x83, 0x6C, 0x54, 0x79, 0x28,
+        0x8B, 0x55, 0xCF, 0x07, 0xF4, 0xE0, 0x01, 0x59,
+        0xB6, 0x95, 0x5D, 0xAB, 0xDE, 0xCC, 0x8C, 0x4D,
+        0x66, 0xAE, 0x68, 0x87, 0x28, 0xBA, 0x6D, 0x5C,
+        0x04, 0x42, 0xF3, 0xC1, 0x23, 0x2C, 0x78, 0x2C,
+        0x46, 0x5B, 0x9B, 0x7C, 0x50, 0x14, 0xB1, 0x46,
+        0x40, 0x65, 0xCC, 0xD8, 0xA5, 0x6D, 0x6B, 0x1C,
+        0x16, 0x51, 0x08, 0x69, 0xE0, 0x14, 0xE6, 0x93,
+        0x39, 0x98, 0xEF, 0x72, 0x55, 0x20, 0xB4, 0x00,
+        0x91, 0x3D, 0x93, 0xB0, 0xEC, 0x75, 0xE2, 0xFB,
+        0x72, 0x5D, 0xC1, 0xAE, 0xC0, 0xC0, 0xCC, 0x73,
+        0x43, 0xB9, 0xE5, 0x44, 0xBA, 0xA4, 0xD6, 0x79,
+        0x86, 0x0E, 0x34, 0x7B, 0x2E, 0x94, 0x7D, 0x8D,
+        0x24, 0x36, 0xF0, 0x92, 0x98, 0xA7, 0xBB, 0x83,
+        0x36, 0xB9, 0xDE, 0x9C, 0xFD, 0x5C, 0xDB, 0xCD,
+        0x91, 0xC7, 0x24, 0x92, 0x68, 0xCA, 0x03, 0xEF,
+        0xAC, 0x27, 0x3A, 0xF5, 0x29, 0x68, 0xD5, 0x01,
+        0x40, 0x6C, 0xD9, 0xC9, 0x61, 0x59, 0xD7, 0xC1,
+        0x5A, 0xA2, 0x90, 0x03, 0x30, 0xC1, 0x18, 0x9C,
+        0xFC, 0x2C, 0xD8, 0xB9, 0x12, 0xC4, 0x80, 0xE4,
+        0x58, 0x29, 0x7E, 0xF1, 0x4D, 0xB6, 0x94, 0xA3,
+        0xF1, 0xE7, 0x2C, 0x1D, 0xFA, 0x3A, 0x3D, 0x2A,
+        0x8A, 0x69, 0xE0, 0x11, 0x60, 0x2B, 0x93, 0x02,
+        0x0B, 0xAC, 0xD1, 0xC2, 0xF3, 0xAD, 0x06, 0xC9,
+        0x5A, 0x7F, 0x36, 0xEB, 0xF5, 0x26, 0x1F, 0x6E,
+        0xC1, 0x06, 0x81, 0x6B, 0xB3, 0x30, 0x3C, 0xC0,
+        0x0B, 0xF4, 0xE8, 0x68, 0x8D, 0x2E, 0x85, 0x48,
+        0xF1, 0x04, 0x90, 0xD9, 0xEB, 0x23, 0xC5, 0x67,
+        0x93, 0xB3, 0x4B, 0x84, 0x06, 0xCB, 0xE4, 0x43,
+        0xD8, 0x35, 0x6B, 0xCD, 0x0F, 0x4F, 0x61, 0xD0,
+        0xD0, 0x17, 0xD5, 0x48, 0x31, 0xB9, 0xBA, 0x32,
+        0x9F, 0x89, 0x48, 0xF2, 0x5C, 0x31, 0x22, 0xF9,
+        0xDE, 0xDE, 0x8C, 0xEC, 0xBA, 0x51, 0x56, 0x9E,
+        0xDF, 0xFF, 0x89, 0x5F, 0xA0, 0x20, 0x86, 0x2C,
+        0x5D, 0xF7, 0x9F, 0x86, 0x40, 0x78, 0x48, 0x6B,
+        0x5F, 0xB2, 0x28, 0xFD, 0x78, 0x9C, 0x35, 0xFD,
+        0xE1, 0xC5, 0x4B, 0xFF, 0xBF, 0x4A, 0x02, 0x5A,
+        0x7F, 0xE7, 0xD8, 0xC3, 0x49, 0x0A, 0x5D, 0x4E,
+        0x62, 0xD0, 0x4F, 0x79, 0xF4, 0x18, 0x3C, 0xA6,
+        0x83, 0x79, 0xF4, 0x64, 0x8B, 0xD5, 0xB2, 0x41,
+        0x6D, 0xBE, 0x5B, 0x84, 0x5C, 0x9F, 0x4B, 0x7A,
+        0x7E, 0x23, 0x39, 0xC0, 0x50, 0x6D, 0x58, 0x53,
+        0x9E, 0xAE, 0xA9, 0x45, 0x1C, 0x9B, 0x2F, 0xE2,
+        0xA1, 0x8C, 0x84, 0x9D, 0xCA, 0x7E, 0xED, 0x9D,
+        0xAC, 0xC0, 0x58, 0xD0, 0x05, 0xFB, 0x73, 0x75,
+        0xC4, 0xEF, 0x45, 0xB0, 0x01, 0x54, 0x3F, 0xC6,
+        0x8E, 0x47, 0xDD, 0xB6, 0xD1, 0x4F, 0xF9, 0x37,
+        0xD1, 0xAA, 0x0D, 0x4D, 0x74, 0x89, 0xDF, 0xFA,
+        0x62, 0x10, 0x67, 0x9C, 0xCC, 0xEC, 0xF9, 0xB8,
+        0x55, 0x1D, 0xCF, 0x68, 0x2D, 0x2A, 0xF1, 0xE5,
+        0xBD, 0x86, 0x9F, 0x3E, 0x8D, 0x40, 0x0D, 0x5C,
+        0x86, 0x1A, 0xE5, 0x1F, 0xE7, 0xEB, 0xBB, 0x54,
+        0x57, 0xF2, 0xEA, 0xAF, 0xD0, 0x93, 0xA9, 0x59,
+        0x8E, 0xC7, 0x21, 0xC6, 0x93, 0x27, 0xC5, 0x19,
+        0x30, 0xF4, 0xB9, 0xFF, 0xB2, 0xAA, 0x7F, 0x1A,
+        0x28, 0x43, 0x6B, 0x6D, 0x80, 0x8D, 0x75, 0x39,
+        0x2B, 0xC4, 0x3C, 0x1B, 0x5B, 0x85, 0x9C, 0x66,
+        0xC5, 0x4F, 0xA5, 0x15, 0xC7, 0xA6, 0x15, 0xA6,
+        0x9E, 0x60, 0x92, 0x14, 0x34, 0xAA, 0x9C, 0xF9,
+        0xF9, 0xE0, 0x3C, 0x3C, 0xA3, 0x5B, 0x5E, 0xBC,
+        0x6A, 0x40, 0x9E, 0x82, 0x2F, 0xE7, 0x6E, 0x09,
+        0x24, 0xC6, 0xC0, 0x62, 0xF1, 0x72, 0x4C, 0x38,
+        0x2F, 0xF3, 0xC8, 0xAC, 0xB5, 0xC1, 0x66, 0x6C,
+        0x2E, 0xC2, 0x6B, 0x76, 0x28, 0xE3, 0xD7, 0xC1,
+        0x3D, 0xA8, 0xD7, 0x58, 0x89, 0x0E, 0x6C, 0xC0,
+        0x17, 0xB7, 0x89, 0x25, 0x82, 0xE9, 0x5E, 0xDD,
+        0x04, 0xBA, 0x93, 0x45, 0xDF, 0x70, 0xFA, 0xD5,
+        0x6E, 0xA6, 0x8B, 0xF8, 0x87, 0x5B, 0x93, 0x2C,
+        0x28, 0xB3, 0x28, 0x07, 0xC8, 0x63, 0x71, 0xE1,
+        0x7D, 0xCC, 0x04, 0x72, 0x5C, 0xB5, 0x97, 0xB5,
+        0x24, 0x46, 0x79, 0x63, 0xE1, 0xD4, 0xA6, 0x1B,
+        0x5F, 0xBF, 0x9E, 0xC5, 0x04, 0xD5, 0xDD, 0xB6,
+        0x17, 0x93, 0xDD, 0x4E, 0x34, 0xAE, 0x08, 0x2A,
+        0x59, 0x90, 0xEF, 0xCE, 0x80, 0x1E, 0x93, 0x8C,
+        0xCA, 0xE7, 0x38, 0xE0, 0x2E, 0x90, 0x59, 0x9D,
+        0x97, 0x1C, 0x2D, 0x7C, 0x64, 0xE5, 0xB6, 0xF8,
+        0x63, 0x9F, 0x75, 0x8E, 0xD6, 0x21, 0xC1, 0xF2,
+        0x10, 0x73, 0xC0, 0x3E, 0xDB, 0x78, 0x2C, 0x7A,
+        0x0F, 0x5D, 0x7C, 0x66, 0xF5, 0xCE, 0x16, 0x1D,
+        0xED, 0x55, 0xB3, 0xE9, 0x2D, 0xC2, 0x71, 0x83,
+        0xAB, 0x08, 0x3D, 0xBC, 0x1F, 0x39, 0x30, 0xAE,
+        0x56, 0xED, 0xB8, 0xC5, 0x3E, 0x9A, 0x7E, 0x02,
+        0x0F, 0xFF, 0x0C, 0x40, 0x42, 0xF5, 0x18, 0xB2,
+        0x6F, 0x39, 0x0C, 0x96, 0xC8, 0x18, 0x3B, 0x79,
+        0xB5, 0x3C, 0x7C, 0x7B, 0xC5, 0x15, 0x18, 0x7B,
+        0x3D, 0xE8, 0xCA, 0xB0, 0x87, 0x69, 0xC5, 0xDD,
+        0x6F, 0xF5, 0x49, 0x21, 0x12, 0xE8, 0xB0, 0xF2,
+        0x8D, 0x09, 0xF4, 0x06, 0x7A, 0xDB, 0x04, 0x19,
+        0x4F, 0x60, 0x25, 0x0E, 0x75, 0xAD, 0xE3, 0x31,
+        0xA5, 0xC2, 0x55, 0x93, 0xBC, 0xD9, 0x2A, 0x6D,
+        0x13, 0x50, 0x43, 0x95, 0x85, 0x86, 0x0B, 0xB6,
+        0xFE, 0xED, 0xBD, 0x2F, 0x83, 0x9F, 0x31, 0x7A,
+        0x01, 0x35, 0x88, 0x76, 0xC8, 0x8E, 0x89, 0x8A,
+        0xC0, 0xC8, 0x53, 0x78, 0xF5, 0x72, 0xF2, 0x3C,
+        0xDE, 0x93, 0x1D, 0x47, 0xDE, 0x71, 0xD3, 0x35,
+        0x3D, 0xAB, 0x1F, 0x81, 0x0A, 0x61, 0xB1, 0x8D,
+        0x24, 0xCD, 0x83, 0xDD, 0xAB, 0x8D, 0x53, 0xBA,
+        0x9C, 0x7B, 0x82, 0x74, 0xB0, 0xFE, 0x82, 0xAF,
+        0xF3, 0x0C, 0x57, 0x07, 0x2F, 0x64, 0x37, 0x87,
+        0xCA, 0x1D, 0xF0, 0x3B, 0x99, 0xEB, 0x57, 0xDB,
+        0xDA, 0x8C, 0x8E, 0xE8, 0xEB, 0x20, 0x1F, 0x28,
+        0x47, 0xCB, 0xC9, 0xD3, 0x4F, 0xD8, 0x0C, 0xE6,
+        0xBC, 0x5E, 0x1E, 0x32, 0x8E, 0xB6, 0xEF, 0xC8,
+        0x3C, 0x4B, 0xD9, 0xD5, 0x2F, 0x32, 0x4E, 0x30,
+        0xEE, 0x4B, 0x5E, 0x86, 0x35, 0x1E, 0x5C, 0x8C,
+        0x4C, 0x54, 0x56, 0x83, 0x6D, 0x5A, 0x45, 0x22,
+        0x03, 0xB3, 0xC3, 0x72, 0xC7, 0x87, 0xAE, 0x33,
+        0x32, 0xC8, 0xA5, 0xE9, 0xDC, 0x21, 0x97, 0xD9,
+        0xC3, 0x41, 0xB9, 0x75, 0x6B, 0xB1, 0xE6, 0x3C,
+        0x75, 0xBB, 0xD5, 0xCF, 0x3E, 0x5C, 0xD4, 0xBF,
+        0x47, 0xBD, 0x1F, 0xEB, 0xC3, 0xE3, 0x71, 0x09,
+        0x12, 0xD6, 0x30, 0x32, 0xF6, 0xB9, 0x7D, 0xC1,
+        0x9C, 0x4D, 0xE1, 0x96, 0xAC, 0xD9, 0x15, 0x77,
+        0x15, 0xE2, 0xC1, 0x4E, 0x05, 0x4A, 0x93, 0x17,
+        0xBF, 0x96, 0xA6, 0x84, 0xBB, 0x96, 0xCE, 0xFB,
+        0x7D, 0x8F, 0xDC, 0xA8, 0xAA, 0x47, 0x7A, 0x2A,
+        0xF6, 0xF7, 0x26, 0xD2, 0xCA, 0xC1, 0xA6, 0x03,
+        0xCF, 0x13, 0x60, 0xEC, 0x11, 0xCA, 0x89, 0x7E,
+        0x5B, 0xC7, 0x35, 0xAB, 0x69, 0xB8, 0x64, 0x7F,
+        0x30, 0xCE, 0xD4, 0x94, 0x7B, 0xA9, 0xF6, 0x35,
+        0xD9, 0xCB, 0x2D, 0x82, 0xA6, 0x62, 0xFF, 0x17,
+        0xA0, 0xE1, 0x2D, 0x4D, 0x06, 0xD6, 0x41, 0xEE,
+        0x76, 0xEB, 0x8B, 0x45, 0xC7, 0x1E, 0xDE, 0x38,
+        0xC9, 0x05, 0xC5, 0x2B, 0xE7, 0x6C, 0x61, 0x09,
+        0xF2, 0x61, 0x2F, 0xEE, 0x6C, 0x31, 0x94, 0x46,
+        0x5C, 0x19, 0xBA, 0x5D, 0x3E, 0xBC, 0xF1, 0xF0,
+        0xB5, 0xE5, 0x34, 0xE0, 0xF0, 0xF1, 0xD3, 0x1C,
+        0xB1, 0xE7, 0xA3, 0x6C, 0x43, 0x03, 0xF2, 0x83,
+        0xDB, 0xA8, 0x59, 0x1C, 0xC6, 0x09, 0x31, 0x1A,
+        0x80, 0x9E, 0x44, 0x4E, 0x33, 0xA8, 0x93, 0x88,
+        0x0C, 0xDB, 0xAE, 0x29, 0x11, 0x91, 0x46, 0xA3,
+        0x68, 0xE4, 0xD2, 0xED, 0xD9, 0x1F, 0xE4, 0x71,
+        0x64, 0x7F, 0xFE, 0x82, 0x1A, 0xA6, 0xD3, 0x1C,
+        0x9F, 0xA4, 0x96, 0x95, 0xEB, 0x99, 0x41, 0xB0,
+        0x8F, 0x7B, 0xE3, 0xF0, 0x6C, 0xDD, 0xF2, 0x73,
+        0x9B, 0x8C, 0xAD, 0x2A, 0xB0, 0xDA, 0x4F, 0x5A,
+        0x3C, 0x0A, 0x26, 0xDF, 0x6A, 0x17, 0xB1, 0x37,
+        0xCA, 0xAB, 0x3B, 0x91, 0x9A, 0xB6, 0x36, 0xD6,
+        0xC8, 0x9B, 0xED, 0xA3, 0x05, 0x88, 0x98, 0x62,
+        0x87, 0x21, 0xF2, 0x77, 0x03, 0x15, 0xFE, 0xEE,
+        0x88, 0x15, 0x95, 0xE2, 0x4C, 0xF4, 0x8B, 0x44,
+        0x16, 0x60, 0xD0, 0xB2, 0xE9, 0xD5, 0xB9, 0x09,
+        0x28, 0xC3, 0x81, 0xF2, 0xB0, 0xFA, 0x26, 0x34,
+        0x2E, 0x4C, 0x9B, 0x88, 0xC0, 0x88, 0x7A, 0x46,
+        0x87, 0x12, 0x4C, 0x01, 0x2D, 0x96, 0x9E, 0x1A,
+        0xFD, 0x85, 0x32, 0x75, 0x4B, 0xA1, 0x21, 0x25,
+        0xE9, 0x43, 0x3D, 0xCF, 0x6D, 0x7B, 0xC1, 0xA3,
+        0x6A, 0x83, 0xE6, 0xA1, 0x0B, 0xA1, 0xCB, 0x76,
+        0x52, 0xA8, 0x13, 0x50, 0x89, 0x9C, 0x2D, 0xFC,
+        0x6E, 0x4F, 0xED, 0x38, 0xD0, 0x09, 0xE6, 0xD0,
+        0xF1, 0xD4, 0x4C, 0xCC, 0xB9, 0x5E, 0x55, 0x1B,
+        0x3A, 0xD5, 0x4B, 0x3A, 0xC8, 0x1E, 0x8B, 0xA4,
+        0x66, 0x5E, 0xA4, 0x28, 0xB3, 0xC8, 0x61, 0xE8,
+        0x67, 0x78, 0x90, 0xCF, 0x5F, 0x62, 0x5C, 0x19,
+        0xA7, 0xC5, 0x94, 0x3A, 0x94, 0x01, 0xCB, 0x78,
+        0xE7, 0x02, 0x6B, 0xAE, 0x92, 0xB6, 0x0A, 0x8B,
+        0x68, 0x07, 0xC1, 0x77, 0x45, 0x41, 0x5C, 0xD8,
+        0xE0, 0x30, 0xC6, 0x4C, 0x56, 0xE8, 0x22, 0x13,
+        0x9A, 0x35, 0xDA, 0x42, 0x3F, 0x26, 0x43, 0x36,
+        0xE0, 0xAF, 0xDF, 0x16, 0x74, 0x30, 0xDD, 0x36,
+        0xE0, 0x06, 0x4B, 0x2F, 0x6E, 0x8D, 0x8B, 0xB6,
+        0xBE, 0x99, 0xC5, 0xA9, 0xFB, 0x55, 0x1C, 0xC6,
+        0x3E, 0x50, 0x8D, 0xB6, 0x36, 0x66, 0x7D, 0xDA,
+        0x53, 0xF6, 0x11, 0xF0, 0x2F, 0xCD, 0x1F, 0x99,
+        0x41, 0x0F, 0x1A, 0x7A, 0x82, 0x88, 0x2F, 0x96,
+        0x23, 0xAD, 0xDC, 0x50, 0xEB, 0x01, 0xE1, 0xF3,
+        0x99, 0x78, 0xBF, 0x68, 0x50, 0x6C, 0x71, 0xDB,
+        0xBE, 0xE4, 0x2E, 0x4A, 0x80, 0x06, 0x9B, 0x0E,
+        0x4C, 0x7F, 0xC4, 0xCC, 0x14, 0x71, 0xF4, 0xF1,
+        0x02, 0x8D, 0xB2, 0x5C, 0x46, 0x87, 0xB6, 0x0D,
+        0xF4, 0x25, 0x5D, 0xEC, 0x91, 0x48, 0x19, 0x7A,
+        0x74, 0x79, 0x6E, 0xC7, 0x60, 0xA6, 0x6A, 0xFC,
+        0x78, 0x84, 0x03, 0x86, 0x51, 0x92, 0x09, 0x73,
+        0xA6, 0x9C, 0x20, 0x35, 0x16, 0x22, 0x26, 0x32,
+        0xEC, 0x58, 0x75, 0xEA, 0x6D, 0x83, 0x80, 0x96,
+        0xE7, 0xFE, 0x9B, 0x5B, 0x4F, 0xB6, 0x9C, 0x5E,
+        0x94, 0x07, 0xE7, 0x0D, 0x27, 0xFA, 0x34, 0xB0,
+        0xCD, 0xBD, 0x6E, 0x11, 0x9D, 0x87, 0xCE, 0x38,
+        0x58, 0x1D, 0xF1, 0xD3, 0xE0, 0xDF, 0x3A, 0xE0,
+        0x29, 0x04, 0x2A, 0x3B, 0x20, 0xE9, 0x23, 0xEB,
+        0xCE, 0x19, 0xA4, 0x95, 0x87, 0x55, 0xEE, 0x2F,
+        0x98, 0xFD, 0x23, 0x4C, 0x44, 0x13, 0xE2, 0xDB,
+        0xC9, 0x35, 0x59, 0xA4, 0x28, 0xDC, 0x37, 0xF2,
+        0xD1, 0x23, 0x5B, 0xD4, 0x41, 0x9B, 0x09, 0x9E,
+        0x0F, 0x0D, 0xE5, 0x42, 0xC4, 0x69, 0x35, 0x99,
+        0x1B, 0xE0, 0x69, 0x2A, 0x6D, 0x80, 0xB8, 0xFD,
+        0x98, 0x86, 0xE0, 0xFA, 0x17, 0x69, 0xB4, 0x9E,
+        0x8A, 0xE6, 0x30, 0x7C, 0xB0, 0xBC, 0x1B, 0x49,
+        0x73, 0x2D, 0x26, 0xE2, 0x5C, 0xA1, 0xCD, 0x9D,
+        0x40, 0x7E, 0x0D, 0x88, 0x64, 0x04, 0x09, 0x41,
+        0x61, 0x1F, 0x93, 0x33, 0xB6, 0x36, 0x7E, 0x83,
+        0x00, 0xFD, 0x64, 0x6A, 0xC5, 0xA7, 0x1A, 0xD9,
+        0x13, 0xEE, 0xFD, 0x80, 0x8D, 0x5C, 0xAF, 0xBF,
+        0x15, 0x21, 0xA3, 0x06, 0x2E, 0xC1, 0x84, 0xE5,
+        0x21, 0x65, 0x50, 0x1E, 0x00, 0x55, 0x56, 0xDE,
+        0x4D, 0xEE, 0x46, 0xF9, 0xE5, 0x3D, 0x7D, 0xEF,
+        0x99, 0x09, 0xF3, 0xD5, 0xD9, 0x8C, 0xA8, 0x0D,
+        0x87, 0x70, 0x7F, 0x7B, 0xC0, 0xFF, 0x8D, 0x87,
+        0x9D, 0x65, 0xD4, 0xD7, 0x83, 0xD1, 0x96, 0xF2,
+        0x46, 0x06, 0x93, 0x81, 0x1C, 0xDF, 0x33, 0x35,
+        0x8E, 0x08, 0x2D, 0x81, 0xF4, 0xDB, 0x8F, 0x6C,
+        0x20, 0x48, 0x61, 0x83, 0xA3, 0x6D, 0x4F, 0xBC,
+        0xC8, 0xA1, 0xC6, 0xDA, 0x21, 0xAA, 0x4D, 0xD1,
+        0x36, 0xE1, 0x9F, 0xEF, 0x2E, 0xA9, 0x93, 0x97,
+        0x2B, 0xB9, 0x98, 0x9A, 0xC1, 0xC3, 0x8A, 0x79,
+        0xF3, 0x18, 0x52, 0x17, 0x80, 0x04, 0x12, 0x3C,
+        0x46, 0x27, 0x7D, 0x38, 0xA8, 0x8F, 0xC1, 0x58,
+        0x9F, 0x25, 0x73, 0x32, 0x28, 0x4C, 0xD8, 0xA8,
+        0x73, 0xC2, 0x5A, 0x1A, 0x6D, 0x40, 0x26, 0x5B,
+        0x28, 0x5D, 0xF0, 0x93, 0x70, 0xE8, 0x8F, 0x72,
+        0xFF, 0x70, 0xE4, 0x34, 0xE8, 0xF6, 0x60, 0x84,
+        0xCC, 0xFE, 0xBD, 0xBB, 0xC4, 0xB9, 0x9E, 0xDF,
+        0xBC, 0x75, 0x0C, 0xC5, 0xDE, 0xA6, 0x36, 0x17,
+        0xF6, 0x47, 0xF5, 0xF0, 0x21, 0xD5, 0x7D, 0x64,
+        0xD5, 0xEF, 0xF0, 0x48, 0x63, 0x4D, 0xB2, 0x20,
+        0x9D, 0x7C, 0x8B, 0x82, 0xFB, 0x63, 0xB8, 0x82,
+        0x3E, 0x4C, 0xA0, 0x57, 0x16, 0x8B, 0xAE, 0x88,
+        0xD9, 0x71, 0x52, 0x91, 0x24, 0x0B, 0x37, 0x58,
+        0xD7, 0x68, 0x45, 0x01, 0xF8, 0x61, 0x86, 0x7B,
+        0x7A, 0x24, 0x1C, 0x06, 0x3B, 0x05, 0xD5, 0xE8,
+        0xCA, 0x6B, 0x4C, 0x79, 0xCB, 0x24, 0x35, 0xD7,
+        0xF9, 0x94, 0xCB, 0x76, 0x91, 0x5B, 0x4A, 0x54,
+        0x87, 0x08, 0xB1, 0x1B, 0x29, 0x44, 0x96, 0x85,
+        0x94, 0x1D, 0x43, 0xE6, 0x0A, 0x89, 0x76, 0xF9,
+        0xA9, 0x60, 0x72, 0xF9, 0x10, 0x41, 0xF4, 0xC3,
+        0xDF, 0x7C, 0x73, 0x96, 0x90, 0x12, 0xAE, 0x1B,
+        0x30, 0xE4, 0xB9, 0xC4, 0xE1, 0x33, 0x55, 0x8D,
+        0xAB, 0xC4, 0x6C, 0x10, 0x3C, 0x0C, 0xB1, 0xDF,
+        0xB9, 0x9B, 0x58, 0x53, 0x74, 0xA5, 0x4F, 0x9B,
+        0xA5, 0x6B, 0x72, 0x48, 0xB8, 0xC3, 0xF6, 0x6F,
+        0x1D, 0x55, 0x76, 0x0D, 0x6A, 0xBB, 0x43, 0x03,
+        0x75, 0x77, 0x4D, 0xFB, 0xA2, 0x05, 0x9C, 0x5D,
+        0xDD, 0xB6, 0x59, 0xFD, 0x2E, 0x1D, 0xA9, 0xC3,
+        0xF0, 0xB8, 0x08, 0x68, 0xC9, 0x2B, 0xCA, 0xC1,
+        0x04, 0x03, 0xDC, 0xD1, 0x40, 0xD6, 0xA3, 0xD3,
+        0xF3, 0x5F, 0x8E, 0xF1, 0xA2, 0xDD, 0x98, 0xDE,
+        0x1A, 0x43, 0x34, 0x23, 0x85, 0x99, 0xED, 0xAD,
+        0x92, 0x0D, 0xC0, 0xAA, 0x69, 0x8E, 0x9F, 0xE6,
+        0x10, 0x6A, 0x07, 0x80, 0xC9, 0xC2, 0x45, 0xF2,
+        0xC6, 0x5A, 0x0C, 0x3E, 0x5C, 0xD5, 0x36, 0x61,
+        0x10, 0xB1, 0x76, 0x0F, 0xCD, 0x41, 0x4D, 0x45,
+        0x0D, 0xB9, 0xD7, 0x6A, 0x22, 0xA9, 0xEA, 0xEA,
+        0x0C, 0x9F, 0xB7, 0x2E, 0xD5, 0x43, 0xCE, 0x9F,
+        0xA3, 0x31, 0x4B, 0xAB, 0x17, 0x68, 0x7E, 0x9D,
+        0xE5, 0xAD, 0xAD, 0x75, 0x61, 0xF1, 0xA5, 0xBE,
+        0xC1, 0x63, 0x39, 0x26, 0x9A, 0x87, 0xE0, 0x9A,
+        0xCB, 0x29, 0xE4, 0xC4, 0x39, 0x60, 0x5E, 0x95,
+        0x72, 0xAA, 0x9B, 0x7D, 0x0E, 0x83, 0x71, 0xA3,
+        0x0E, 0x41, 0xA0, 0xA7, 0xBD, 0xC0, 0x2D, 0xA3,
+        0xA6, 0x12, 0x1B, 0xF2, 0x61, 0xEA, 0xA0, 0x16,
+        0xA2, 0x07, 0x4E, 0x44, 0x32, 0xCF, 0x63, 0xAF,
+        0x96, 0xBE, 0x81, 0xCE, 0xB6, 0xE0, 0xC2, 0x67,
+        0x6A, 0x85, 0x45, 0xC6, 0x6D, 0x2F, 0x30, 0xC9,
+        0x8B, 0x54, 0x24, 0xF0, 0xFE, 0xF0, 0x4B, 0x3C,
+        0x6C, 0x70, 0x64, 0xE2, 0xD2, 0xE1, 0x1C, 0xBE,
+        0x60, 0xF8, 0x57, 0x23, 0xFF, 0xC0, 0xB7, 0x70,
+        0xD6, 0x86, 0x6F, 0xFA, 0x58, 0x9E, 0x3F, 0x9B,
+        0x2A, 0xBF, 0x75, 0x10, 0x40, 0x19, 0xAA, 0x69,
+        0xCB, 0x58, 0x89, 0x5B, 0x47, 0x4A, 0x0A, 0xDE,
+        0x2B, 0x60, 0xA4, 0xAB, 0x07, 0x7C, 0x3A, 0x6D,
+        0xF6, 0x15, 0x33, 0x4E, 0xBB, 0xE7, 0x32, 0xE9,
+        0x52, 0x20, 0x21, 0x39, 0x94, 0xD3, 0xBD, 0xC4,
+        0x43, 0xC8, 0xEF, 0x94, 0xAD, 0x51, 0x5F, 0x45,
+        0x41, 0x83, 0x55, 0x18, 0x33, 0x14, 0x48, 0x58,
+        0x57, 0xAC, 0x12, 0xBA, 0x1D, 0x62, 0xCF, 0x4F,
+        0xD4, 0xF4, 0xDE, 0x2A, 0x7F, 0xFF, 0x1E, 0xCF,
+        0x0D, 0x29, 0x0C, 0x4C, 0xDF, 0xFA, 0x88, 0xD8,
+        0xF4, 0x8C, 0x5B, 0x83, 0x7D, 0x3A, 0x94, 0xCD,
+        0x17, 0xB3, 0xD1, 0x69, 0x96, 0x6E, 0xB0, 0x38,
+        0xFE, 0x5A, 0x6E, 0x85, 0xDF, 0xC6, 0x0A, 0x00,
+        0x23, 0x3F, 0x10, 0x73, 0x19, 0x73, 0xDC, 0x47,
+        0x5D, 0x53, 0xBC, 0x7B, 0x9E, 0x60, 0x32, 0x0B,
+        0xA7, 0x90, 0x5D, 0x88, 0x51, 0x9F, 0xA3, 0x25,
+        0xDF, 0x5A, 0xB0, 0x2B, 0x40, 0xF2, 0xAB, 0xBD,
+        0xB3, 0x7D, 0x22, 0x61, 0xCB, 0x81, 0x48, 0x27,
+        0x7B, 0x87, 0xAE, 0x32, 0x97, 0x97, 0x6C, 0x80,
+        0xC3, 0x51, 0x34, 0xE5, 0xF7, 0x86, 0x90, 0x45,
+        0x64, 0xC1, 0x46, 0x99, 0x47, 0xF6, 0x20, 0xFE,
+        0x09, 0xFD, 0xF3, 0x86, 0x2C, 0x40, 0x57, 0xA3,
+        0xBC, 0xEF, 0x70, 0x75, 0x0C, 0xB7, 0x27, 0xF0,
+        0x31, 0x28, 0x3A, 0x18, 0x26, 0xF1, 0x38, 0x1B,
+        0x33, 0x48, 0xE3, 0xEA, 0x46, 0x88, 0x60, 0x9E,
+        0xCB, 0x19, 0x3A, 0xFA, 0xAE, 0xE1, 0xCD, 0x97,
+        0xE4, 0xDD, 0xAA, 0x02, 0xC0, 0xC3, 0x0E, 0x49,
+        0xF1, 0x37, 0xD0, 0x82, 0x85, 0x94, 0x15, 0x28,
+        0x10, 0x17, 0x59, 0xA7, 0x42, 0x2A, 0xA4, 0x99,
+        0xC9, 0x00, 0xA3, 0x79, 0xDD, 0x73, 0xB3, 0x07,
+        0x28, 0x4C, 0xCD, 0xDA, 0xF1, 0xFA, 0x1B, 0x0C,
+        0x4B, 0x28, 0x0E, 0x3F, 0x9F, 0x1D, 0xB6, 0xD3,
+        0x8E, 0xCF, 0x8A, 0x84, 0x1F, 0x9D, 0x4E, 0x40,
+        0xEC, 0xA8, 0x62, 0x47, 0xD6, 0xCD, 0x9B, 0x31,
+        0xEA, 0xCD, 0x6A, 0x46, 0xF0, 0xE3, 0x33, 0xB9,
+        0xE8, 0x3D, 0x69, 0x0D, 0x7E, 0x13, 0x46, 0x76,
+        0x19, 0xB4, 0x6A, 0xF9, 0xAF, 0xCF, 0xDC, 0x4A,
+        0xA9, 0xA0, 0x49, 0xB1, 0x80, 0x26, 0x0D, 0x70,
+        0xD9, 0xEE, 0xDB, 0x8A, 0x53, 0x30, 0x51, 0xAB,
+        0x83, 0x51, 0x7A, 0xAD, 0xC2, 0xCD, 0x90, 0x0B,
+        0x3E, 0xA5, 0x12, 0x60, 0xF4, 0x64, 0xAF, 0xC5,
+        0xD2, 0xDC, 0x41, 0x10, 0x29, 0x77, 0x9B, 0x21,
+        0xCE, 0x2C, 0xBD, 0x16, 0x02, 0x18, 0xDF, 0x41,
+        0xF6, 0x61, 0xDA, 0x1A, 0xD9, 0x5A, 0xD4, 0x0B,
+        0x8C, 0x35, 0x3C, 0x7F, 0x10, 0xFC, 0x23, 0xF8,
+        0x30, 0xD1, 0x17, 0xBC, 0xAE, 0xF8, 0xCE, 0xCE,
+        0xBC, 0xBF, 0xA4, 0x9D, 0x79, 0xD8, 0xD9, 0x39,
+        0x1E, 0x8D, 0x08, 0x28, 0x1F, 0x00, 0x0A, 0x55,
+        0xE9, 0x2D, 0xB3, 0x31, 0xBD, 0xEC, 0xD7, 0x31,
+        0x83, 0xE0, 0x58, 0xFF, 0x3F, 0xE5, 0x83, 0x9A,
+        0xF5, 0x0D, 0x8C, 0x55, 0xF2, 0x2F, 0x6A, 0xFF,
+        0x5A, 0x33, 0xDA, 0x77, 0x4B, 0xA1, 0xB3, 0xE6,
+        0x43, 0xF5, 0x87, 0x7C, 0xF5, 0x49, 0xC4, 0xF9,
+        0x08, 0xEA, 0x64, 0xA3, 0x7D, 0xF3, 0xBF, 0xA4,
+        0xCD, 0x5F, 0x70, 0xF8, 0xCD, 0x15, 0x44, 0x76,
+        0xD3, 0x4B, 0xC8, 0x53, 0xC9, 0xE8, 0xF7, 0x97,
+        0x9E, 0x5F, 0x4E, 0xBB, 0x88, 0x8A, 0xF7, 0x61
+    };
+    static const byte msg_87[] = {
+        0x4A, 0xC4, 0x67, 0x5C, 0x96, 0xD9, 0x11, 0x7D,
+        0x1E, 0xDE, 0xB8, 0x0D, 0x7C, 0xD2, 0x84, 0xA3,
+        0xE1, 0xE1, 0xFE, 0x03, 0x8E, 0x30, 0x12, 0x05,
+        0xB4, 0xC4, 0x08, 0xEB, 0x96, 0x52, 0x35, 0xAD,
+        0x1C, 0x85, 0xF8, 0xBE, 0x3F, 0x77, 0xCA, 0x48,
+        0x6F, 0xD2, 0x07, 0xF7, 0xC7, 0x5F, 0x41, 0x21,
+        0xCD, 0x3C, 0xA2, 0xB2, 0x3D, 0x6B, 0xCE, 0x43,
+        0x82, 0xA6, 0xD3, 0x61, 0x21, 0x81, 0x50, 0x25,
+        0xD5, 0x80, 0x6C, 0xBE, 0xF4, 0x52, 0xE0, 0x83,
+        0x93, 0x3C, 0x6E, 0x5C, 0x73, 0x94, 0xAC, 0x88,
+        0x26, 0x2A, 0x6D, 0xE7, 0x77, 0x0B, 0x2D, 0x88,
+        0x43, 0xEC, 0x10, 0x1F, 0xFB, 0x5E, 0x84, 0xDE,
+        0x2F, 0x7A, 0x8B, 0x74, 0xE7, 0x67, 0x4B, 0x3B,
+        0x23, 0x19, 0xBD, 0x6B, 0xF4, 0x11, 0x2F, 0x92,
+        0xC5, 0xCF, 0xC0, 0xA5, 0x5F, 0x7F, 0xA0, 0x61,
+        0xF4, 0x53, 0x25, 0x40, 0x8D, 0x03, 0x9D, 0x51
+    };
+    static const byte sig_87[] = {
+        0x4B, 0x3F, 0x52, 0xF0, 0x81, 0xB3, 0xD9, 0x14,
+        0xBC, 0x7C, 0x6C, 0x07, 0x3B, 0x18, 0x2B, 0x26,
+        0x8A, 0xDF, 0x51, 0x89, 0xE2, 0x98, 0xA8, 0x69,
+        0xBF, 0xB9, 0x91, 0xB1, 0x99, 0x99, 0x3C, 0x10,
+        0x42, 0xDE, 0xF5, 0xB5, 0x92, 0x70, 0xB6, 0xCD,
+        0x3F, 0xF8, 0xF9, 0x07, 0xA1, 0xCB, 0x0D, 0x3B,
+        0x6F, 0xED, 0xCA, 0x14, 0x38, 0x38, 0xF8, 0xF8,
+        0x1E, 0x0C, 0x37, 0x0F, 0xFE, 0xEE, 0x6B, 0x25,
+        0xCD, 0x07, 0x03, 0x56, 0x41, 0xA0, 0x51, 0x94,
+        0x4E, 0xAB, 0x51, 0x6C, 0xFB, 0xB8, 0x01, 0x53,
+        0x6B, 0x4F, 0x26, 0x2B, 0x16, 0x19, 0x8E, 0x7D,
+        0xDB, 0x1D, 0x61, 0xC3, 0x5A, 0x64, 0xD9, 0x0D,
+        0x39, 0x48, 0xCE, 0xAA, 0xC8, 0xEE, 0x58, 0x0D,
+        0xCE, 0xF5, 0x40, 0xED, 0x99, 0xD9, 0x12, 0xBB,
+        0xA2, 0xBC, 0x4F, 0x51, 0x45, 0xBB, 0x94, 0x9C,
+        0x73, 0xCC, 0xBD, 0x58, 0x26, 0x13, 0xB1, 0x0E,
+        0xAA, 0xE8, 0x63, 0xAC, 0xA3, 0x46, 0x83, 0xEB,
+        0x92, 0x2B, 0x3D, 0xAD, 0xFC, 0x74, 0xF7, 0x6F,
+        0x47, 0xE4, 0x97, 0x86, 0x02, 0x59, 0x24, 0x02,
+        0xD9, 0x15, 0x43, 0x94, 0xEB, 0x09, 0xFB, 0xC2,
+        0xEB, 0xCC, 0xC5, 0x94, 0x73, 0x2F, 0x2D, 0x8B,
+        0xC3, 0x83, 0x50, 0xE5, 0x53, 0x5A, 0x44, 0x12,
+        0xA7, 0x7A, 0xDD, 0x79, 0x16, 0x60, 0x45, 0x76,
+        0xFD, 0x6A, 0x36, 0x31, 0xE5, 0x15, 0xBA, 0xF2,
+        0x6A, 0x6F, 0x9C, 0xA4, 0x06, 0x1E, 0xBB, 0xDD,
+        0x3B, 0xEC, 0x71, 0x79, 0xAD, 0x58, 0x55, 0x2A,
+        0x5B, 0x50, 0x8F, 0x31, 0x34, 0x8A, 0x56, 0xAD,
+        0x1A, 0xDA, 0x7A, 0x05, 0x35, 0x2C, 0x72, 0xC0,
+        0x04, 0xB9, 0x4C, 0x47, 0xE7, 0x04, 0x9A, 0x10,
+        0xB3, 0xA5, 0x9B, 0xF2, 0x38, 0xA8, 0xDF, 0xC6,
+        0xC7, 0x01, 0x9A, 0x17, 0xF0, 0x5D, 0x5B, 0xFC,
+        0xB9, 0xD9, 0x3D, 0x9D, 0x1C, 0xCB, 0xCB, 0x47,
+        0xF8, 0xC4, 0x38, 0x09, 0x8F, 0xDB, 0xDF, 0xE2,
+        0x3F, 0x9F, 0x78, 0xBC, 0x28, 0x06, 0x99, 0x08,
+        0xC6, 0xB9, 0x89, 0x8B, 0x43, 0x4C, 0xBF, 0x37,
+        0x78, 0x7E, 0x1A, 0xF6, 0xA6, 0xB8, 0x27, 0xE8,
+        0x30, 0xE9, 0xF7, 0x62, 0x9C, 0xD8, 0xF5, 0x10,
+        0x70, 0xC4, 0xC8, 0xA8, 0xDE, 0xB2, 0x60, 0xD0,
+        0x7C, 0x3E, 0x41, 0xD8, 0x49, 0x04, 0x84, 0x87,
+        0x74, 0x91, 0xB3, 0x9A, 0xA6, 0xD9, 0xE1, 0x0D,
+        0x91, 0x74, 0x8B, 0x64, 0xE3, 0x31, 0x60, 0x62,
+        0x9D, 0x8A, 0xE4, 0x3E, 0xFD, 0x5F, 0x85, 0x78,
+        0x1E, 0x69, 0xF7, 0x6B, 0x68, 0x95, 0xC1, 0x41,
+        0xEB, 0xCD, 0xDF, 0xEE, 0xB4, 0x85, 0xA0, 0x0B,
+        0xDB, 0xA4, 0xF7, 0xC9, 0x91, 0xF5, 0x3F, 0x2F,
+        0x84, 0x93, 0x39, 0x26, 0xAF, 0x39, 0xE6, 0x96,
+        0x4A, 0xBF, 0x2D, 0xFE, 0xBB, 0xC1, 0x9A, 0x7E,
+        0x31, 0xC5, 0x07, 0x97, 0xB8, 0xDA, 0x29, 0x31,
+        0xE1, 0x0F, 0x3D, 0xAC, 0x49, 0x3F, 0x19, 0x8D,
+        0xFD, 0x78, 0x5D, 0x21, 0xAD, 0xB2, 0xC0, 0x62,
+        0xB0, 0x97, 0xE8, 0x89, 0xA2, 0x07, 0x37, 0xF1,
+        0x86, 0x00, 0x8F, 0x29, 0x28, 0xF6, 0xB8, 0x4D,
+        0x6E, 0x09, 0xE9, 0x75, 0xA8, 0xF2, 0xAA, 0xAD,
+        0xC7, 0x85, 0x23, 0x42, 0x34, 0xFD, 0xA0, 0x37,
+        0x03, 0xA7, 0xC2, 0x1F, 0x81, 0x2D, 0x65, 0x0B,
+        0xD2, 0x51, 0x0B, 0x30, 0xF0, 0x55, 0x00, 0x81,
+        0x04, 0x7A, 0x15, 0x5C, 0x84, 0x85, 0x86, 0xA9,
+        0x6F, 0x10, 0x0D, 0x77, 0x4F, 0x3E, 0x39, 0xE0,
+        0x29, 0xB0, 0x77, 0x7C, 0xD3, 0x3E, 0x68, 0x31,
+        0x8A, 0x11, 0xC1, 0x98, 0x02, 0x93, 0xFA, 0xD3,
+        0xE7, 0x87, 0xD2, 0x0D, 0xFE, 0x7E, 0xEE, 0x70,
+        0x53, 0xC0, 0x5E, 0xEB, 0x6A, 0x15, 0x9B, 0xAA,
+        0xD4, 0x02, 0x0B, 0x9E, 0xC3, 0xF5, 0x37, 0xDA,
+        0x4D, 0xAD, 0xAF, 0xB3, 0xB1, 0xBB, 0x1D, 0xBE,
+        0xB2, 0xD5, 0xB8, 0xF9, 0xD0, 0x5A, 0x01, 0x97,
+        0x98, 0xEA, 0xE0, 0xED, 0x09, 0x9D, 0xB0, 0x66,
+        0xD7, 0x3E, 0xE8, 0xE9, 0xA5, 0x6D, 0xE3, 0x68,
+        0xE8, 0x78, 0xA7, 0xFF, 0x39, 0x14, 0x0D, 0x80,
+        0x21, 0xD5, 0x00, 0x85, 0xE6, 0x25, 0x29, 0x41,
+        0xAB, 0x31, 0x53, 0x09, 0xCB, 0x53, 0xAA, 0xA4,
+        0x9E, 0x86, 0x34, 0x7F, 0xBA, 0xD5, 0x4A, 0x1F,
+        0x87, 0x3E, 0x0C, 0xB4, 0xB8, 0x6A, 0x8D, 0x5B,
+        0x1B, 0x2A, 0x95, 0xD4, 0x85, 0xF3, 0x7A, 0x9F,
+        0xB6, 0x10, 0x5D, 0xF8, 0x44, 0x0F, 0xDB, 0x85,
+        0x78, 0xF2, 0x62, 0x4C, 0x07, 0x93, 0x29, 0x56,
+        0x9A, 0x75, 0xF3, 0x6F, 0x2C, 0x55, 0xD8, 0xD0,
+        0x30, 0xFB, 0xFE, 0xAA, 0x88, 0x89, 0xAD, 0x74,
+        0x6C, 0x32, 0x3B, 0x1A, 0xC4, 0xEC, 0x8C, 0x40,
+        0x3E, 0x77, 0x5A, 0x6F, 0xBE, 0x59, 0x6E, 0x7E,
+        0x6A, 0x5A, 0x28, 0x63, 0x57, 0x66, 0x25, 0x14,
+        0x99, 0x40, 0x97, 0x6F, 0x7C, 0xC9, 0x36, 0x17,
+        0xB4, 0x3F, 0xB1, 0x34, 0x89, 0x07, 0x4E, 0xCA,
+        0xC5, 0xBE, 0xB1, 0xA4, 0xDF, 0xE5, 0x8B, 0x9A,
+        0xD2, 0xE0, 0xC6, 0xA1, 0x5B, 0x76, 0xA7, 0xC2,
+        0xD2, 0x08, 0x72, 0x5A, 0x31, 0x23, 0xCA, 0x4E,
+        0x6F, 0x2C, 0x58, 0x47, 0xEE, 0x5F, 0xA8, 0x38,
+        0x49, 0x19, 0xEF, 0x89, 0x01, 0x1D, 0x21, 0x9B,
+        0x25, 0x7B, 0x3E, 0x4D, 0xC4, 0xF2, 0x09, 0x51,
+        0x60, 0x84, 0x4C, 0xAE, 0xEA, 0xFC, 0xF8, 0x57,
+        0x26, 0x0F, 0x1C, 0x63, 0xD3, 0xB0, 0x5A, 0x67,
+        0xD3, 0xD0, 0xF2, 0xB0, 0xEC, 0x9D, 0xCC, 0x27,
+        0x23, 0xF1, 0x37, 0x55, 0x75, 0x0B, 0xAE, 0x62,
+        0xFC, 0xC3, 0x61, 0xCF, 0xB5, 0x84, 0xF7, 0x74,
+        0xC0, 0x9A, 0xDF, 0x9A, 0x04, 0x31, 0xB2, 0x3E,
+        0x48, 0x8C, 0x35, 0x9C, 0x0A, 0xEF, 0x5B, 0x1C,
+        0x97, 0x87, 0xBD, 0x8F, 0x52, 0xB0, 0x83, 0xBC,
+        0x9D, 0xBC, 0xC9, 0xB3, 0x03, 0x9F, 0x77, 0x7C,
+        0x7E, 0x8E, 0xAB, 0xC8, 0x00, 0x78, 0x05, 0x0C,
+        0xE6, 0xD4, 0x9C, 0x3B, 0xB7, 0x01, 0x68, 0xFA,
+        0x21, 0x77, 0x29, 0x8F, 0xB0, 0xA8, 0xF7, 0x2C,
+        0x1C, 0xD2, 0x8D, 0x66, 0x2A, 0x07, 0xDA, 0xE6,
+        0xC7, 0xAC, 0xB7, 0xFB, 0x8E, 0x7F, 0xDD, 0x01,
+        0xDF, 0xB2, 0x7C, 0x62, 0xEE, 0x68, 0x3F, 0x4E,
+        0x5F, 0x88, 0xC7, 0xC1, 0xDD, 0xDD, 0x5E, 0xEC,
+        0xC1, 0xC3, 0xAF, 0x85, 0x3F, 0x1F, 0xF6, 0xB1,
+        0xD9, 0xDE, 0x67, 0x2F, 0x1B, 0xF6, 0x47, 0x3A,
+        0xF0, 0x02, 0x1D, 0x8A, 0x3D, 0x4D, 0xD0, 0x4A,
+        0x2F, 0xCA, 0x23, 0x25, 0xC7, 0x21, 0xCF, 0x1C,
+        0x82, 0x16, 0x76, 0xD0, 0xA0, 0xD5, 0x74, 0x18,
+        0x66, 0x25, 0xDE, 0x83, 0x1C, 0x84, 0x11, 0xF6,
+        0x41, 0x79, 0xF9, 0x16, 0x7F, 0x78, 0xBC, 0xB2,
+        0x2F, 0xB4, 0x1C, 0x2C, 0xDB, 0x63, 0xC4, 0xDB,
+        0x5E, 0x13, 0x87, 0x66, 0xD3, 0x80, 0x35, 0x89,
+        0x59, 0x8F, 0x11, 0x4F, 0x41, 0xBA, 0x42, 0xCD,
+        0xB1, 0x34, 0x10, 0x20, 0x44, 0x9B, 0xA9, 0x96,
+        0x56, 0x11, 0x39, 0x90, 0xB4, 0xE0, 0x22, 0xD8,
+        0xDA, 0x20, 0xD7, 0x44, 0x49, 0x1C, 0x6E, 0xEA,
+        0xB6, 0x7B, 0x91, 0x8E, 0x80, 0xFF, 0xF3, 0x43,
+        0xCC, 0x5B, 0x4C, 0x8E, 0x58, 0xC3, 0x48, 0x4B,
+        0x01, 0x25, 0xA6, 0x0C, 0x36, 0xAE, 0xF7, 0x63,
+        0x89, 0x4D, 0x35, 0x14, 0x8B, 0x57, 0x8F, 0x41,
+        0x7C, 0x3A, 0x98, 0xA1, 0x43, 0xED, 0xFE, 0x9F,
+        0x8C, 0x95, 0xBC, 0xC3, 0x46, 0xC6, 0xF5, 0xEA,
+        0xF9, 0x7A, 0xAD, 0x11, 0xDA, 0xE0, 0x1C, 0x47,
+        0x7C, 0x22, 0x7A, 0x88, 0xD1, 0x0E, 0xCF, 0xDC,
+        0xF4, 0x50, 0xB3, 0x7F, 0x88, 0x19, 0x68, 0x02,
+        0x78, 0x49, 0xD9, 0xB4, 0x3E, 0x2B, 0xFF, 0x90,
+        0xC6, 0xA3, 0x4A, 0xE4, 0x1B, 0x8B, 0xBD, 0x74,
+        0x30, 0x83, 0xD3, 0xC5, 0x87, 0x86, 0xB0, 0x36,
+        0x67, 0x1C, 0xD6, 0xEE, 0xD9, 0x4D, 0xAE, 0x51,
+        0xF7, 0x61, 0x32, 0x47, 0xEF, 0x86, 0x07, 0xAC,
+        0xF7, 0x4A, 0x3C, 0xCE, 0x93, 0x2F, 0x1C, 0x38,
+        0x69, 0xBD, 0xB3, 0x5C, 0xA1, 0x7F, 0xC6, 0xBA,
+        0x9F, 0x9C, 0x95, 0x6F, 0xF1, 0xD4, 0xD8, 0x80,
+        0x94, 0x32, 0x5C, 0xAB, 0xCE, 0x41, 0x23, 0x3F,
+        0xB1, 0xD8, 0x08, 0xEF, 0x41, 0x01, 0x03, 0x96,
+        0xDE, 0xB0, 0xEC, 0xF5, 0x07, 0x34, 0xD8, 0x18,
+        0xDD, 0xAB, 0x70, 0x01, 0x5A, 0x0A, 0xBD, 0xD1,
+        0x92, 0x6D, 0xFA, 0x49, 0x1F, 0x71, 0x1A, 0xA8,
+        0x5D, 0xA2, 0xA8, 0xEC, 0x60, 0xE3, 0x25, 0x5C,
+        0xCF, 0x97, 0x5C, 0x23, 0xCC, 0x4E, 0x8D, 0xAF,
+        0xDD, 0xED, 0x9F, 0xEC, 0x60, 0xA6, 0x46, 0x7C,
+        0x45, 0xB0, 0x3C, 0xA4, 0x76, 0x49, 0x9A, 0xA3,
+        0x31, 0xB0, 0xE3, 0x99, 0x95, 0x76, 0xCE, 0xC3,
+        0x19, 0x1A, 0x9A, 0x62, 0xBC, 0x1B, 0xEA, 0xC1,
+        0xEA, 0xF2, 0x0E, 0x18, 0xCF, 0xC3, 0x21, 0x61,
+        0x27, 0xDE, 0x4A, 0xAE, 0x2E, 0x75, 0x20, 0x1F,
+        0x9E, 0x42, 0x7E, 0x39, 0xBF, 0x92, 0x11, 0x50,
+        0xEA, 0xB9, 0x49, 0x55, 0x9C, 0x02, 0x2D, 0x87,
+        0x6F, 0xA2, 0x42, 0xC2, 0xA8, 0x45, 0xBC, 0xA7,
+        0x23, 0x5F, 0x72, 0x1B, 0x00, 0x56, 0x78, 0x8A,
+        0x44, 0xEC, 0xC3, 0xEB, 0x98, 0xF0, 0xF5, 0x02,
+        0xB8, 0x9F, 0x8E, 0x74, 0x10, 0xEA, 0x56, 0x79,
+        0xAE, 0x7C, 0x04, 0x34, 0xF1, 0x3A, 0xD8, 0x16,
+        0x42, 0x1D, 0x2F, 0xEE, 0x30, 0xCB, 0xCB, 0x2D,
+        0xAA, 0x6B, 0x85, 0x1C, 0xD1, 0xB6, 0xE9, 0x96,
+        0xDA, 0x7A, 0x75, 0x7E, 0x4C, 0x4D, 0x85, 0x72,
+        0xC8, 0xB6, 0x00, 0xDE, 0x85, 0xDD, 0xB6, 0x53,
+        0x20, 0xD1, 0xCB, 0x71, 0xD9, 0x37, 0x83, 0x49,
+        0xC0, 0xC4, 0x01, 0xAD, 0x4F, 0x9E, 0x91, 0x27,
+        0x21, 0x39, 0x22, 0x8A, 0x8D, 0xA2, 0xF4, 0xFD,
+        0x2F, 0x48, 0x89, 0x1A, 0x4D, 0xCB, 0x06, 0x6D,
+        0x50, 0x1D, 0x44, 0x74, 0x83, 0xB6, 0x11, 0xBB,
+        0x3C, 0x80, 0x55, 0x0A, 0x90, 0xEA, 0x0B, 0x73,
+        0x2D, 0x63, 0x9D, 0x8B, 0x39, 0x26, 0xB6, 0xE7,
+        0xC3, 0x54, 0x53, 0xED, 0x3C, 0xC1, 0x10, 0xBA,
+        0xF5, 0x56, 0xCF, 0x46, 0xD8, 0xFC, 0x21, 0x77,
+        0xE7, 0x6F, 0xB2, 0x66, 0x3B, 0x8B, 0xDD, 0x17,
+        0x1E, 0x94, 0xC0, 0xAC, 0xAF, 0x25, 0xB9, 0x15,
+        0x3B, 0x22, 0xBC, 0xA7, 0x49, 0x91, 0x67, 0x56,
+        0xFB, 0x3E, 0xD3, 0x01, 0x8E, 0x09, 0x44, 0xB6,
+        0xC3, 0xB9, 0xB6, 0xBF, 0xA1, 0x5B, 0x9B, 0xE8,
+        0x03, 0xAC, 0x79, 0x33, 0x3C, 0xD2, 0xC3, 0xA2,
+        0x7A, 0x26, 0xBC, 0x17, 0xCD, 0xA2, 0x57, 0x79,
+        0x8A, 0xE1, 0x6B, 0x28, 0xB4, 0x63, 0xB6, 0xDF,
+        0x3F, 0xA8, 0x7C, 0x2D, 0x74, 0x2D, 0x0F, 0x68,
+        0x85, 0xBE, 0xE0, 0xBE, 0xC6, 0xE2, 0x0D, 0x01,
+        0xE5, 0xDA, 0xDC, 0x86, 0x82, 0x3E, 0x92, 0xD6,
+        0x0F, 0xEC, 0x79, 0xB0, 0xD2, 0x40, 0x24, 0x87,
+        0x53, 0xE4, 0x20, 0x48, 0x38, 0x4C, 0x80, 0x42,
+        0x89, 0x60, 0x48, 0x21, 0xA5, 0x7F, 0x4F, 0x9F,
+        0x50, 0xAE, 0x0C, 0x38, 0x52, 0x7F, 0xE5, 0xA3,
+        0x49, 0x38, 0xDD, 0xBC, 0xDC, 0xD9, 0xA1, 0xD0,
+        0x20, 0x83, 0x9B, 0xEB, 0xB6, 0x2F, 0x9F, 0x41,
+        0xFB, 0xA0, 0x80, 0x52, 0xAB, 0xB8, 0x2F, 0xAD,
+        0xA8, 0x84, 0xCB, 0xE5, 0x63, 0x79, 0x11, 0x03,
+        0xAA, 0x58, 0x55, 0x46, 0xEB, 0xFE, 0xB1, 0x12,
+        0x72, 0xCC, 0x2E, 0x87, 0xA3, 0xB7, 0x5B, 0x3C,
+        0x6B, 0xB1, 0x85, 0x3A, 0xE7, 0xF9, 0xCF, 0x55,
+        0x85, 0xB2, 0x65, 0x3C, 0xF5, 0xEE, 0xA2, 0x44,
+        0xD2, 0x04, 0xEB, 0x26, 0x9C, 0x56, 0xA2, 0x09,
+        0x85, 0x16, 0x06, 0x59, 0xCB, 0x07, 0x25, 0xEE,
+        0x13, 0xCE, 0x35, 0xD5, 0x5E, 0xB0, 0x95, 0xA5,
+        0x34, 0x14, 0xF2, 0x32, 0xDF, 0x81, 0x08, 0xB1,
+        0x80, 0x24, 0xEB, 0x0D, 0xBF, 0x34, 0x5E, 0xB5,
+        0xCD, 0xAD, 0x0B, 0xCE, 0x72, 0x63, 0x50, 0x9A,
+        0x34, 0x1D, 0x54, 0xA7, 0xD5, 0x34, 0xE5, 0x53,
+        0xEA, 0xEF, 0xFE, 0x4E, 0x24, 0x2E, 0xA2, 0x3B,
+        0xCF, 0xE5, 0x9A, 0x58, 0xA6, 0x04, 0x25, 0x88,
+        0x2C, 0xB7, 0xE3, 0xB0, 0xC9, 0xE4, 0xAF, 0xE8,
+        0x69, 0x8E, 0x3D, 0xF5, 0x6A, 0xFD, 0x6D, 0x61,
+        0x1E, 0x91, 0x68, 0x74, 0x7D, 0x87, 0x35, 0xCF,
+        0x92, 0x46, 0xD9, 0x4F, 0x21, 0x26, 0xBE, 0x72,
+        0x7F, 0xB4, 0x2B, 0x22, 0x41, 0xA8, 0x3B, 0x34,
+        0xF0, 0xB9, 0xEB, 0x47, 0x93, 0x8D, 0x72, 0x65,
+        0x02, 0xC5, 0x4E, 0x45, 0x72, 0x76, 0x63, 0x31,
+        0x62, 0x8F, 0xA5, 0xCD, 0xA8, 0x93, 0xC3, 0x53,
+        0x76, 0xAB, 0x45, 0x38, 0xFF, 0x87, 0x17, 0xC2,
+        0x79, 0x5B, 0x0F, 0x51, 0xF0, 0x8E, 0x11, 0x37,
+        0x61, 0x2B, 0x89, 0xB0, 0xC1, 0xE2, 0xCD, 0x1F,
+        0x09, 0x9E, 0x88, 0x55, 0x69, 0x23, 0xAE, 0x57,
+        0xA1, 0xDA, 0xD2, 0xAF, 0xB1, 0x23, 0x0B, 0x50,
+        0x94, 0xA1, 0xB2, 0x1B, 0xAD, 0x7D, 0xBB, 0xC3,
+        0x33, 0xA9, 0x7F, 0x17, 0x93, 0x04, 0x71, 0x8F,
+        0x32, 0x89, 0xB6, 0xDE, 0x31, 0x31, 0x5B, 0x74,
+        0xC1, 0xA7, 0x3A, 0xC7, 0x75, 0x6F, 0xAA, 0x4D,
+        0x7E, 0xB5, 0x68, 0xBB, 0xC6, 0xF7, 0xE7, 0x88,
+        0xCD, 0x08, 0x9B, 0x39, 0x55, 0x64, 0xD2, 0x17,
+        0x6B, 0x00, 0x56, 0xDF, 0xFE, 0x95, 0x2C, 0x77,
+        0x48, 0xB0, 0x48, 0x30, 0x67, 0x20, 0xF6, 0x02,
+        0xB6, 0x7E, 0x8F, 0x6A, 0xDC, 0xC9, 0x1F, 0x8E,
+        0x3A, 0xA4, 0xB8, 0xC4, 0xD7, 0xFA, 0xC2, 0x33,
+        0xAA, 0xF9, 0x36, 0x53, 0xAD, 0x22, 0x09, 0xE2,
+        0xFF, 0x92, 0xDA, 0x30, 0xC2, 0xD5, 0x3F, 0xDE,
+        0xF6, 0xF4, 0xC9, 0x0E, 0xAA, 0x0D, 0xE6, 0x0D,
+        0x59, 0x4A, 0xDA, 0x39, 0x15, 0xDB, 0x24, 0x27,
+        0x9D, 0x86, 0x74, 0x76, 0xEA, 0xD7, 0x57, 0xB4,
+        0xC0, 0x26, 0x4A, 0x1D, 0xB8, 0xA1, 0xF5, 0x7A,
+        0x1B, 0x5D, 0x71, 0x73, 0xBB, 0x1A, 0x96, 0x0C,
+        0xE0, 0x2F, 0xDE, 0xFE, 0xF1, 0x60, 0xD5, 0x12,
+        0x66, 0x7D, 0x65, 0x52, 0x68, 0xFC, 0xC3, 0xA1,
+        0x53, 0xA4, 0x31, 0x47, 0x82, 0xA0, 0xEB, 0xFF,
+        0x84, 0xF6, 0x5F, 0x14, 0xA0, 0xE3, 0xE1, 0x2A,
+        0x13, 0x25, 0x0C, 0x07, 0xD0, 0x8C, 0x22, 0x5B,
+        0x11, 0xA6, 0x83, 0x1B, 0xC2, 0x5C, 0x40, 0x46,
+        0x7B, 0x76, 0x80, 0x04, 0xDD, 0xE0, 0xE8, 0x74,
+        0xA5, 0x11, 0x44, 0xC1, 0x89, 0x20, 0xBD, 0xF2,
+        0x86, 0x09, 0x0B, 0x59, 0xF5, 0x15, 0x64, 0xEA,
+        0x40, 0x70, 0xFB, 0xBF, 0x61, 0xE3, 0x69, 0x64,
+        0x35, 0xF2, 0x8F, 0x63, 0x33, 0x2B, 0x64, 0x49,
+        0x6D, 0xF3, 0xEC, 0x8B, 0x65, 0xD5, 0x4E, 0x1C,
+        0xF4, 0x78, 0x9D, 0xDA, 0xB1, 0x22, 0xDA, 0x6B,
+        0x26, 0x4D, 0x31, 0x2A, 0x71, 0x1C, 0x12, 0x9E,
+        0x3B, 0x07, 0xF4, 0xC6, 0xDA, 0x25, 0xA5, 0x61,
+        0x73, 0xAF, 0x58, 0xB9, 0x0A, 0x71, 0xB7, 0xAC,
+        0xFA, 0x31, 0x61, 0xA8, 0x1F, 0x59, 0xD1, 0x79,
+        0x14, 0xC9, 0x9B, 0xBA, 0xC4, 0xF9, 0xA3, 0x14,
+        0x97, 0x7A, 0x89, 0xCE, 0xF7, 0x69, 0x69, 0x43,
+        0x60, 0x9B, 0xB4, 0x82, 0x79, 0x64, 0xFB, 0x29,
+        0x76, 0x40, 0x3B, 0xD4, 0x99, 0x6F, 0x1E, 0x84,
+        0x2B, 0xF5, 0xAA, 0xAE, 0x1E, 0xCC, 0xA1, 0x12,
+        0x55, 0xB9, 0xE6, 0x00, 0x1C, 0x20, 0xF7, 0x2F,
+        0x1F, 0xD5, 0xE3, 0x2C, 0xDA, 0x32, 0xD8, 0xA7,
+        0xAC, 0x5F, 0x62, 0xB0, 0x9A, 0x0E, 0x61, 0x58,
+        0x47, 0xCA, 0x74, 0x6F, 0x48, 0x95, 0x15, 0xCF,
+        0x8F, 0x18, 0x31, 0x62, 0x85, 0x9F, 0x53, 0xB9,
+        0x7E, 0x9E, 0x5C, 0xA8, 0x00, 0xEE, 0x62, 0x4F,
+        0x72, 0x98, 0x43, 0xA0, 0x00, 0x91, 0x64, 0xA4,
+        0xA9, 0xFF, 0x76, 0xEB, 0x34, 0xE4, 0x70, 0x41,
+        0x84, 0x84, 0x8A, 0x13, 0x9A, 0xD9, 0x7D, 0x90,
+        0x9F, 0x7A, 0x7E, 0xD1, 0x14, 0xF0, 0x87, 0xA4,
+        0xB2, 0xE1, 0xB4, 0xA3, 0x03, 0x23, 0x91, 0x16,
+        0x0B, 0x6F, 0x3A, 0x36, 0x49, 0xFF, 0x15, 0xAE,
+        0xA2, 0xB7, 0x10, 0x7A, 0xF8, 0xA3, 0xB5, 0xFC,
+        0xAD, 0x61, 0xD4, 0x3D, 0x60, 0x2E, 0x62, 0x86,
+        0xA9, 0x00, 0x87, 0x0C, 0xC8, 0xCE, 0x24, 0xE3,
+        0x9E, 0x78, 0xF0, 0x39, 0x7A, 0x0D, 0x7E, 0x27,
+        0xE8, 0xE2, 0xD4, 0x77, 0x6A, 0x44, 0xCB, 0xA2,
+        0x18, 0xEB, 0xCD, 0x88, 0xB3, 0xC2, 0x8C, 0x18,
+        0x2A, 0x7C, 0x9F, 0x4D, 0xBB, 0x2D, 0xBB, 0x5E,
+        0x98, 0x15, 0x63, 0xD6, 0x6C, 0xEE, 0xB7, 0x7E,
+        0x7F, 0x90, 0x34, 0xBD, 0x42, 0x9D, 0x27, 0x63,
+        0x7C, 0xF7, 0x97, 0xDE, 0x82, 0xE0, 0x1F, 0xEB,
+        0xBC, 0xE2, 0x17, 0x1E, 0xFD, 0x01, 0x6E, 0x40,
+        0x2A, 0x42, 0xD7, 0x8E, 0xA1, 0xAC, 0xE2, 0xCB,
+        0x37, 0x0E, 0x75, 0xC9, 0x0A, 0xDF, 0xA1, 0xA7,
+        0x93, 0xB2, 0x16, 0x9C, 0xC2, 0x65, 0x22, 0xDB,
+        0x2F, 0x54, 0x6A, 0xC1, 0xDE, 0x34, 0xC9, 0x08,
+        0x71, 0x20, 0xC4, 0x2A, 0x9F, 0x10, 0xC0, 0x0D,
+        0x49, 0x3C, 0x25, 0x73, 0x01, 0x66, 0xF9, 0xD2,
+        0x19, 0xFB, 0xDA, 0xD2, 0x22, 0xC8, 0xB2, 0x81,
+        0x15, 0x54, 0x33, 0x13, 0x21, 0x08, 0x48, 0xFB,
+        0x2F, 0x04, 0xBF, 0xDC, 0xE1, 0x5D, 0x32, 0x0C,
+        0x36, 0x34, 0xA8, 0xE4, 0xD6, 0x37, 0x55, 0x51,
+        0x59, 0x00, 0xC7, 0x5B, 0xFD, 0x09, 0x0A, 0xD7,
+        0x8D, 0xD5, 0x88, 0x65, 0x9F, 0xBF, 0x97, 0xC9,
+        0x6E, 0x0D, 0x0A, 0xCC, 0x8E, 0x81, 0x5E, 0x60,
+        0x8F, 0x9E, 0x86, 0x1D, 0x79, 0xAF, 0x30, 0x51,
+        0xB9, 0x42, 0xB5, 0x25, 0x70, 0xB6, 0x29, 0x2B,
+        0xF4, 0x8C, 0x2B, 0xFA, 0xA9, 0x07, 0x7D, 0xC7,
+        0x6F, 0xE9, 0x02, 0x68, 0x32, 0x17, 0xB8, 0xBF,
+        0x80, 0x9E, 0xD7, 0xA0, 0x05, 0x0A, 0xDD, 0xBB,
+        0x65, 0xFD, 0xDF, 0xBD, 0x24, 0x01, 0x9C, 0x91,
+        0x81, 0xB5, 0xAC, 0x81, 0x56, 0x61, 0x13, 0xD6,
+        0x69, 0x4E, 0xA6, 0x29, 0x1D, 0x7F, 0x4A, 0x7F,
+        0x56, 0xA4, 0x1E, 0xB9, 0x1F, 0x76, 0x36, 0x8D,
+        0xF8, 0x2B, 0x16, 0x4B, 0x48, 0x59, 0x25, 0x9D,
+        0x71, 0x89, 0x24, 0x0F, 0x1D, 0x88, 0x03, 0xF8,
+        0x10, 0x72, 0x96, 0xD3, 0x78, 0xBA, 0xB4, 0xD2,
+        0x4F, 0xE6, 0xD1, 0x0E, 0xF7, 0x88, 0x36, 0x7B,
+        0xCE, 0x16, 0xC5, 0xAB, 0x77, 0xFB, 0xC1, 0x68,
+        0xB8, 0x57, 0xF7, 0xBA, 0x5C, 0xDC, 0xBE, 0x50,
+        0x67, 0xC8, 0x64, 0xF8, 0x79, 0x80, 0x9F, 0xE5,
+        0x21, 0x7D, 0xEF, 0x02, 0x94, 0xBF, 0xAF, 0xDF,
+        0x80, 0x9A, 0xBC, 0xE9, 0x53, 0x2D, 0xD9, 0xDA,
+        0xB3, 0x44, 0x8F, 0x4D, 0xA6, 0x8E, 0xCA, 0x51,
+        0x60, 0x94, 0x76, 0x27, 0x8E, 0xB8, 0xC4, 0xF6,
+        0x9E, 0xA2, 0x96, 0x73, 0xF6, 0x94, 0x18, 0x04,
+        0x1D, 0x26, 0x85, 0x7E, 0xBC, 0x24, 0xA4, 0x87,
+        0xBB, 0x4B, 0x0B, 0xA6, 0x3A, 0xF8, 0x48, 0x54,
+        0x5E, 0xE9, 0xBE, 0x89, 0xF1, 0x39, 0xD5, 0x02,
+        0x09, 0x9B, 0x9D, 0x35, 0xDB, 0x38, 0x07, 0xB9,
+        0x25, 0xCB, 0xA5, 0x76, 0xE2, 0x71, 0x70, 0xEA,
+        0xEC, 0x48, 0xCC, 0x2C, 0xC1, 0x5B, 0x04, 0x36,
+        0x77, 0x82, 0x5D, 0x0E, 0xE8, 0x1E, 0xB2, 0xCE,
+        0xE3, 0xA8, 0xED, 0x14, 0xA7, 0x98, 0xB8, 0x79,
+        0x53, 0x02, 0x20, 0xE5, 0x0C, 0xE8, 0xC0, 0x03,
+        0xA3, 0x05, 0x38, 0x2A, 0x24, 0xD2, 0x3C, 0x27,
+        0x7B, 0x99, 0xD1, 0xF4, 0xC5, 0x4F, 0x9A, 0x8D,
+        0x33, 0xFA, 0x3D, 0x1E, 0x33, 0x7E, 0x18, 0xD7,
+        0xCB, 0xBA, 0x5E, 0x5A, 0x47, 0xF2, 0xD5, 0xE0,
+        0x96, 0xCF, 0x45, 0x51, 0xB2, 0x3B, 0x1B, 0x86,
+        0x43, 0x6E, 0x81, 0xB4, 0xA0, 0x9D, 0x1E, 0x3D,
+        0x38, 0x49, 0x2E, 0xC8, 0xB2, 0xA0, 0x09, 0x67,
+        0x01, 0x6A, 0xB7, 0x6B, 0x9A, 0x9B, 0x18, 0x64,
+        0x67, 0x14, 0x21, 0xDA, 0x56, 0xF5, 0x7D, 0x00,
+        0x8D, 0x5C, 0xE1, 0xB8, 0x92, 0xA7, 0xE9, 0xC1,
+        0xF6, 0x9F, 0x6C, 0x72, 0x2C, 0xF1, 0x09, 0xDB,
+        0x50, 0x0E, 0x53, 0xF6, 0xBC, 0x07, 0x83, 0x7A,
+        0xD1, 0xCD, 0x4C, 0xF4, 0xA6, 0x4D, 0xA7, 0x63,
+        0xB4, 0xA9, 0xC4, 0x92, 0x9B, 0x0D, 0xCD, 0xDF,
+        0x7C, 0x7E, 0x11, 0x86, 0xBE, 0x3F, 0xF0, 0xC3,
+        0x21, 0x15, 0x84, 0x37, 0x82, 0x0C, 0x81, 0xE7,
+        0x4F, 0xF3, 0x16, 0xAE, 0x32, 0x54, 0xE9, 0x72,
+        0xFC, 0x19, 0x7A, 0x7F, 0x0E, 0x62, 0x02, 0x42,
+        0xAC, 0x05, 0xA4, 0xE4, 0x3E, 0x98, 0x7C, 0x2A,
+        0x83, 0x55, 0xB0, 0x35, 0x77, 0x45, 0xCA, 0x79,
+        0xE6, 0xAE, 0x48, 0xAB, 0x29, 0xED, 0x4F, 0xA6,
+        0x3D, 0x3A, 0x1F, 0x19, 0xB9, 0x99, 0xDE, 0x25,
+        0x1F, 0xDE, 0x06, 0x40, 0xDD, 0x87, 0x87, 0x6D,
+        0x55, 0x76, 0x28, 0x78, 0xAD, 0x1D, 0xB1, 0x2D,
+        0x65, 0xBA, 0xFD, 0x14, 0xB6, 0xA9, 0xA7, 0x08,
+        0x1B, 0xF2, 0x3F, 0x9F, 0x06, 0xD9, 0x0C, 0xE2,
+        0x73, 0xC5, 0xA2, 0x6E, 0x01, 0x2C, 0xA9, 0x4D,
+        0xD4, 0x81, 0xD3, 0x2E, 0x10, 0x93, 0x8C, 0x16,
+        0x51, 0x63, 0xE8, 0x9B, 0xE8, 0xA9, 0x3A, 0x63,
+        0x03, 0x4D, 0x34, 0x5B, 0x74, 0xE2, 0xA9, 0x4E,
+        0xF6, 0x43, 0xD0, 0x6A, 0xF9, 0xE1, 0xF5, 0xC9,
+        0xF1, 0x04, 0x93, 0x0D, 0xA0, 0x0E, 0x61, 0xE0,
+        0x61, 0xEE, 0x8C, 0x3B, 0xB1, 0x7C, 0x11, 0xE0,
+        0x5D, 0x45, 0xC1, 0x68, 0x2E, 0x4D, 0x59, 0x3C,
+        0x91, 0x98, 0x23, 0x8D, 0x2B, 0xA2, 0x89, 0x77,
+        0x9E, 0x7D, 0x0F, 0x22, 0x7B, 0xCB, 0x0B, 0x09,
+        0x97, 0x2B, 0x19, 0x77, 0x0F, 0xF0, 0x11, 0xBF,
+        0x6C, 0x60, 0xD9, 0xD1, 0x93, 0xCF, 0xAB, 0x32,
+        0x74, 0x7A, 0x00, 0x95, 0xE1, 0xA4, 0xAD, 0x32,
+        0x51, 0x4C, 0x78, 0x2E, 0xF3, 0xDE, 0x7A, 0x26,
+        0xEA, 0x77, 0x1F, 0x55, 0x30, 0xD9, 0xDE, 0x97,
+        0x36, 0xD0, 0xF6, 0xAE, 0x1A, 0xFB, 0x78, 0xEC,
+        0x7C, 0xE4, 0x88, 0x4A, 0x1B, 0xB4, 0x36, 0xCF,
+        0xCE, 0x45, 0x9C, 0xD9, 0x93, 0x58, 0x26, 0x09,
+        0x06, 0xAA, 0xC9, 0x97, 0x16, 0xA5, 0x36, 0xCC,
+        0x76, 0x87, 0xA0, 0x37, 0x5F, 0xDA, 0x11, 0x00,
+        0x76, 0x18, 0xE5, 0x53, 0x53, 0x4E, 0x54, 0xD5,
+        0xB2, 0x14, 0xF7, 0xAA, 0x6F, 0xC7, 0xDB, 0xE3,
+        0x7C, 0x2B, 0xD2, 0xB6, 0x48, 0x50, 0xAE, 0x46,
+        0x9A, 0x98, 0x58, 0x98, 0x7F, 0x3F, 0xA4, 0xB1,
+        0xFD, 0x26, 0xD9, 0x54, 0xBF, 0xEC, 0x36, 0x5D,
+        0xBE, 0x06, 0xDD, 0xCD, 0x61, 0x5E, 0x1F, 0xED,
+        0x58, 0xA8, 0x86, 0x76, 0x40, 0x2D, 0x1D, 0x6B,
+        0x58, 0x14, 0x85, 0x49, 0x8B, 0x5A, 0xDF, 0xFF,
+        0xC4, 0x2D, 0x47, 0xD6, 0x1D, 0xF9, 0x93, 0x84,
+        0xE2, 0x2C, 0x51, 0x57, 0xF0, 0x17, 0x8A, 0x6F,
+        0xDA, 0xF8, 0xF4, 0xA9, 0x49, 0x1D, 0xAF, 0x29,
+        0x8B, 0x2C, 0x3E, 0xC8, 0x80, 0x85, 0x02, 0x2C,
+        0x0A, 0x7C, 0xF2, 0x45, 0xED, 0x0F, 0xB5, 0xA3,
+        0x8C, 0xD1, 0x6F, 0x30, 0xD3, 0x7D, 0xA5, 0xC4,
+        0x95, 0x9A, 0x55, 0x50, 0x1D, 0xAD, 0x50, 0xF1,
+        0xB4, 0x8B, 0xBB, 0xDD, 0x86, 0xAB, 0x8B, 0xB5,
+        0x22, 0xA9, 0x36, 0xDD, 0xF0, 0x00, 0x3B, 0x81,
+        0xBE, 0x16, 0x23, 0x1A, 0x04, 0xE7, 0xA5, 0x89,
+        0xC5, 0x6F, 0xFF, 0xB5, 0x1B, 0x07, 0x92, 0x7B,
+        0x4A, 0xFA, 0x1D, 0xB7, 0xD4, 0x8B, 0xC6, 0xFB,
+        0xC3, 0xF3, 0x67, 0x56, 0x37, 0x18, 0x4B, 0x7A,
+        0xDB, 0x9B, 0xAD, 0xF4, 0xDE, 0x7C, 0x08, 0x5B,
+        0xCA, 0x1D, 0x42, 0x8D, 0xC9, 0xFC, 0x82, 0x77,
+        0xCB, 0xD8, 0x58, 0x84, 0xA5, 0x92, 0x1B, 0x52,
+        0xBB, 0x05, 0xB7, 0x10, 0x61, 0x55, 0x08, 0x26,
+        0x1B, 0xB4, 0x54, 0x6B, 0xD6, 0xE1, 0xFC, 0x73,
+        0x0D, 0x16, 0xB0, 0x49, 0xEA, 0x12, 0x79, 0x8C,
+        0xE2, 0xE6, 0xDF, 0x43, 0xF5, 0xB8, 0xF3, 0xEF,
+        0x9A, 0xC8, 0xFB, 0xAE, 0x31, 0xB0, 0x11, 0xE1,
+        0x0C, 0x4F, 0xC6, 0x2F, 0xFD, 0x7F, 0x39, 0xD1,
+        0x6E, 0xC3, 0x2C, 0xA8, 0x21, 0x0E, 0xD1, 0x6E,
+        0x04, 0x1D, 0xA4, 0x3D, 0x92, 0x74, 0x22, 0x95,
+        0x14, 0x05, 0x4A, 0x0F, 0x82, 0xD4, 0x62, 0xFE,
+        0x08, 0x0C, 0x6F, 0xFD, 0x7B, 0xBD, 0xBF, 0xBF,
+        0x0B, 0xFF, 0xC6, 0xD5, 0xEC, 0xC4, 0x32, 0xA3,
+        0x25, 0x6C, 0x0B, 0xE0, 0xDD, 0xFD, 0x5D, 0x90,
+        0x80, 0xC6, 0x76, 0xC7, 0x95, 0x5D, 0x66, 0xE4,
+        0x4D, 0x1C, 0xE5, 0x1F, 0xCC, 0x23, 0x82, 0xF8,
+        0x68, 0xD7, 0x32, 0xE8, 0x58, 0x51, 0x72, 0x1B,
+        0x48, 0xA0, 0x1D, 0x08, 0xC6, 0x39, 0x62, 0x6E,
+        0xE0, 0x50, 0x9C, 0xB5, 0x81, 0xEF, 0xF5, 0x62,
+        0x8F, 0xA6, 0xCC, 0xD1, 0x08, 0x9A, 0xC0, 0xE1,
+        0x2D, 0xEB, 0xE0, 0x85, 0x17, 0x82, 0xE6, 0x4C,
+        0x50, 0x49, 0xCB, 0xD6, 0x50, 0x10, 0x13, 0x96,
+        0x5C, 0xC0, 0xCA, 0x25, 0xAC, 0xAB, 0x17, 0x6E,
+        0xF7, 0xCA, 0xB9, 0x29, 0x40, 0x98, 0x5D, 0xDB,
+        0x49, 0x02, 0x1D, 0xF6, 0xC6, 0x0D, 0x6C, 0x4A,
+        0x48, 0x91, 0x16, 0x31, 0x1E, 0x86, 0xBA, 0x19,
+        0xED, 0xF0, 0x0D, 0x74, 0x79, 0x73, 0x58, 0x20,
+        0x7C, 0xDE, 0x50, 0x50, 0x6D, 0x00, 0x7F, 0xE0,
+        0x3C, 0x88, 0x04, 0xC6, 0x64, 0x51, 0xF0, 0x2A,
+        0x01, 0x82, 0xD3, 0x87, 0xB7, 0x59, 0x89, 0x40,
+        0x96, 0xF6, 0x52, 0x32, 0x95, 0x2D, 0x18, 0x3D,
+        0xBA, 0xAA, 0xBB, 0x6B, 0xC0, 0xE1, 0x91, 0xDC,
+        0x2C, 0x3F, 0x75, 0xFC, 0x72, 0xBD, 0x61, 0xBA,
+        0xB2, 0xEF, 0x19, 0xB6, 0x53, 0x2B, 0x23, 0x1C,
+        0x4A, 0xFB, 0x1A, 0x9C, 0x2C, 0xB2, 0xF3, 0xD6,
+        0xC4, 0x51, 0xE8, 0x44, 0x0D, 0x6A, 0x92, 0x3C,
+        0xF7, 0x2A, 0x63, 0xE2, 0xED, 0x85, 0x54, 0x77,
+        0x38, 0x87, 0x91, 0x0C, 0xA5, 0xC6, 0x71, 0xAD,
+        0x4F, 0xD5, 0x92, 0x3C, 0xB9, 0x5E, 0xC7, 0x3F,
+        0xFD, 0xFB, 0xDA, 0x4B, 0x66, 0x55, 0xF5, 0x5D,
+        0xBF, 0xD1, 0x31, 0x7D, 0x02, 0x44, 0x22, 0x30,
+        0x1E, 0xD6, 0x6A, 0x6E, 0x4C, 0x67, 0x20, 0x85,
+        0xCE, 0xD1, 0xF4, 0xC7, 0xB0, 0x50, 0x30, 0xA1,
+        0x00, 0xC4, 0x78, 0x8F, 0xEF, 0x4C, 0xD3, 0xE4,
+        0x94, 0xA8, 0x53, 0xBD, 0xE6, 0x3E, 0x9D, 0x44,
+        0x9A, 0xE3, 0xBB, 0x6B, 0xA1, 0x08, 0x32, 0x38,
+        0xDA, 0x3F, 0x40, 0x90, 0x51, 0x5D, 0x14, 0x3C,
+        0x67, 0xDB, 0xE5, 0x3D, 0x8D, 0x50, 0x7A, 0x52,
+        0x29, 0xFF, 0xEB, 0x20, 0x72, 0xD0, 0xBD, 0x09,
+        0x2F, 0xC9, 0xAE, 0x52, 0xDE, 0xAA, 0xAC, 0xD1,
+        0xF0, 0xF1, 0x4B, 0x5A, 0xC8, 0x47, 0x52, 0xBF,
+        0xD0, 0x02, 0x5E, 0x5F, 0x55, 0xB8, 0x69, 0x35,
+        0x0F, 0x4B, 0x27, 0x19, 0xC5, 0xC0, 0x5A, 0xC1,
+        0x66, 0x9B, 0xB0, 0xFD, 0x3C, 0x61, 0x4A, 0xCE,
+        0x02, 0xA2, 0x70, 0x61, 0x3F, 0xD3, 0x30, 0x97,
+        0x06, 0xDD, 0xCD, 0x5B, 0x1A, 0x6A, 0xD2, 0x6F,
+        0x35, 0x9A, 0xDA, 0x80, 0xB3, 0x0E, 0x50, 0xA7,
+        0xE5, 0x0B, 0xBD, 0x3A, 0xA4, 0x5D, 0x06, 0x54,
+        0xDD, 0x7D, 0x05, 0x8B, 0x0B, 0xBF, 0x4D, 0x0D,
+        0x92, 0x13, 0x51, 0x42, 0x21, 0x4E, 0xE7, 0x05,
+        0x11, 0xF3, 0x67, 0x6A, 0xE6, 0x43, 0xB5, 0xF2,
+        0x45, 0x06, 0x3B, 0x94, 0x19, 0xCF, 0x6B, 0x49,
+        0xFD, 0x64, 0x7F, 0x27, 0xD7, 0xC4, 0x1C, 0x86,
+        0x6E, 0x6C, 0xAD, 0x9D, 0x5E, 0x2E, 0x3E, 0x33,
+        0x1B, 0xF6, 0xB9, 0xF7, 0x2A, 0xCA, 0x32, 0x9B,
+        0xB6, 0x42, 0x59, 0xC3, 0xE7, 0x97, 0x83, 0xA2,
+        0x66, 0x74, 0xB7, 0xD3, 0x8E, 0xBD, 0xE8, 0x31,
+        0x84, 0x11, 0xF4, 0x76, 0x4E, 0xBD, 0xC4, 0xC7,
+        0xE4, 0x1A, 0xCF, 0xF8, 0x5B, 0xBB, 0x30, 0x31,
+        0x8D, 0x59, 0xC4, 0x2C, 0x92, 0x03, 0xAB, 0xD6,
+        0x63, 0x6B, 0xA3, 0xF7, 0x72, 0xB6, 0x72, 0x51,
+        0x21, 0xC0, 0x52, 0xDE, 0x99, 0x91, 0x0D, 0x55,
+        0x15, 0x8C, 0x6F, 0x3E, 0xF8, 0xBB, 0x7F, 0xED,
+        0xE2, 0xF8, 0x1E, 0x58, 0xA7, 0xAE, 0xB2, 0x5E,
+        0x2E, 0x46, 0xFD, 0x72, 0x32, 0x30, 0x2F, 0xAF,
+        0xA8, 0xFC, 0x37, 0xFC, 0x8B, 0x55, 0xD5, 0x94,
+        0xB7, 0x6E, 0xC4, 0xA5, 0x3E, 0xB1, 0x1E, 0xB3,
+        0xFD, 0x63, 0x44, 0x28, 0xAA, 0xA5, 0xD8, 0x6F,
+        0x83, 0x9D, 0x08, 0x9A, 0xBE, 0x2F, 0xEF, 0xE2,
+        0xAE, 0x52, 0x62, 0xFE, 0xFC, 0x73, 0x48, 0xD8,
+        0x36, 0x69, 0x2E, 0xDB, 0x21, 0x5D, 0x6F, 0x8F,
+        0x54, 0x8B, 0x88, 0x52, 0x90, 0xC2, 0x40, 0x3C,
+        0x51, 0xC3, 0xE2, 0x69, 0xD4, 0x93, 0xFB, 0xD3,
+        0x39, 0xB5, 0xDF, 0xB0, 0xA3, 0x8E, 0xED, 0xA7,
+        0x75, 0x4D, 0xAF, 0xFA, 0x16, 0xE5, 0xBC, 0xA5,
+        0xA9, 0xBB, 0xDE, 0x04, 0xB0, 0x14, 0xB7, 0xAE,
+        0xA8, 0x98, 0x8F, 0x37, 0x49, 0xD5, 0x2D, 0x2F,
+        0xC1, 0xC9, 0xF7, 0xC7, 0xB2, 0xC2, 0xD6, 0x92,
+        0xE7, 0x89, 0x6E, 0x4C, 0x34, 0xF5, 0x7C, 0x55,
+        0x8C, 0xFE, 0x83, 0x17, 0xA8, 0x37, 0x44, 0x09,
+        0xD5, 0x66, 0x87, 0x9A, 0x08, 0x62, 0x8F, 0x64,
+        0x4F, 0xB4, 0x5B, 0x81, 0x84, 0x55, 0xBC, 0xA6,
+        0x04, 0x2B, 0x4E, 0x61, 0x87, 0xC1, 0xDD, 0x17,
+        0x7E, 0x9E, 0x51, 0x46, 0x31, 0x99, 0x04, 0xB1,
+        0x50, 0x5F, 0x3E, 0xE0, 0x0C, 0xD7, 0xFE, 0xAF,
+        0x0E, 0x83, 0xC3, 0x02, 0x49, 0x56, 0xF7, 0x76,
+        0x59, 0xAC, 0xC5, 0x6D, 0x8D, 0x91, 0x7A, 0x37,
+        0xE8, 0xFF, 0x7E, 0xB8, 0x87, 0x13, 0xCC, 0xA3,
+        0x34, 0xEA, 0x04, 0xB8, 0xE2, 0x58, 0xC9, 0x34,
+        0x5D, 0xA9, 0xDE, 0x26, 0xA0, 0xA3, 0x66, 0x51,
+        0x94, 0x51, 0xE1, 0x01, 0x2D, 0xE6, 0xAA, 0xBF,
+        0x46, 0x97, 0xC9, 0xDE, 0x82, 0x1D, 0x70, 0x02,
+        0x1C, 0x32, 0x50, 0xA1, 0x06, 0xCF, 0x4C, 0x23,
+        0xA1, 0xB1, 0x78, 0x5F, 0x54, 0x9D, 0x3C, 0x8C,
+        0xD7, 0x1B, 0x05, 0xFE, 0xA7, 0x53, 0xE0, 0x04,
+        0x6A, 0x3A, 0xE0, 0xA9, 0xB1, 0xF4, 0x02, 0x77,
+        0xCF, 0x45, 0x3A, 0x2B, 0xA1, 0x4C, 0xBA, 0x92,
+        0x3C, 0xC6, 0x26, 0x97, 0x06, 0xDF, 0xFF, 0xD5,
+        0x17, 0xC1, 0xE5, 0x93, 0x00, 0x79, 0x91, 0x2E,
+        0x05, 0xA5, 0x57, 0x18, 0x97, 0xA0, 0x68, 0x65,
+        0x51, 0x6C, 0x86, 0x69, 0x9F, 0x70, 0x7E, 0x00,
+        0xCB, 0x38, 0xCE, 0x19, 0x34, 0x90, 0xAE, 0xE3,
+        0x0B, 0xA4, 0x7D, 0xDD, 0xF3, 0xA5, 0xB4, 0xFB,
+        0xCE, 0xBA, 0x73, 0xDC, 0x13, 0xD0, 0xA1, 0x60,
+        0xEA, 0x64, 0x2D, 0x30, 0xD6, 0x3A, 0x02, 0x96,
+        0x4E, 0xDF, 0xDB, 0x2F, 0x29, 0xDC, 0xD3, 0x2C,
+        0xA9, 0x97, 0x4F, 0x89, 0xC3, 0x2D, 0x1F, 0xA9,
+        0xA8, 0x3C, 0x94, 0xA2, 0x77, 0x0F, 0xCF, 0xCF,
+        0x86, 0xE6, 0x46, 0x46, 0x88, 0x2B, 0xD5, 0x50,
+        0xDD, 0xD6, 0x5B, 0x4E, 0x2D, 0x28, 0x7A, 0xF6,
+        0xC1, 0x96, 0xF4, 0x2D, 0xBD, 0x39, 0xB0, 0x20,
+        0xD7, 0xCD, 0xFB, 0xB6, 0xE6, 0xE7, 0x5F, 0xFA,
+        0xAB, 0x26, 0x09, 0x9E, 0xC1, 0xD2, 0x5E, 0x32,
+        0x34, 0xF7, 0x0D, 0xD9, 0x72, 0x28, 0x6A, 0xEA,
+        0x0C, 0x34, 0x36, 0x59, 0x5F, 0xE4, 0x9F, 0xCA,
+        0x89, 0x8B, 0xFA, 0x42, 0x16, 0x04, 0xC8, 0x2D,
+        0x3E, 0x94, 0x85, 0x6D, 0x18, 0x69, 0x05, 0x07,
+        0x6D, 0x18, 0x6C, 0x68, 0x41, 0x74, 0xBF, 0x42,
+        0x90, 0xDF, 0x31, 0x76, 0x9E, 0xDC, 0x97, 0xA1,
+        0xDF, 0x2D, 0xFE, 0xD0, 0x3C, 0xF4, 0x5C, 0xE6,
+        0x78, 0xC8, 0xA1, 0x42, 0x9E, 0xB9, 0x78, 0xD0,
+        0x2A, 0x79, 0xD4, 0xF8, 0xCF, 0x01, 0x68, 0xDA,
+        0xAB, 0x48, 0x2C, 0x6C, 0x61, 0x2F, 0x04, 0xB1,
+        0xC9, 0x36, 0x37, 0xFE, 0x77, 0xB3, 0x02, 0xCE,
+        0xFA, 0x78, 0x8C, 0x11, 0x35, 0x6C, 0x52, 0xC5,
+        0x4F, 0x37, 0xA9, 0xDC, 0xFD, 0xA5, 0x59, 0x27,
+        0xA8, 0xEF, 0x0A, 0x0C, 0xEA, 0x7C, 0xC4, 0xAD,
+        0xCE, 0xE4, 0x59, 0xEB, 0x64, 0xDF, 0x08, 0xED,
+        0x0F, 0xC2, 0x9F, 0xDC, 0x3C, 0x7B, 0x76, 0x2B,
+        0x39, 0x93, 0x32, 0x06, 0x33, 0x40, 0xD4, 0x73,
+        0x96, 0x62, 0x19, 0xBF, 0xC8, 0x7B, 0x4A, 0x3C,
+        0x91, 0xC8, 0x0F, 0x0E, 0x4B, 0xA8, 0x6A, 0xA1,
+        0x87, 0x9C, 0x76, 0x62, 0x5C, 0x86, 0x80, 0xA2,
+        0x27, 0xAB, 0x22, 0x78, 0x06, 0x59, 0xD4, 0xB5,
+        0xD3, 0x0E, 0x0E, 0x9A, 0x0D, 0xCE, 0x09, 0x4D,
+        0xAF, 0x53, 0x76, 0x79, 0x27, 0x3A, 0x9B, 0x27,
+        0x7E, 0xD2, 0xA2, 0xE2, 0x50, 0xEE, 0xA0, 0x93,
+        0x82, 0x04, 0xC9, 0xE9, 0x63, 0xD3, 0x38, 0x52,
+        0x2A, 0x3D, 0x1A, 0x44, 0x40, 0xE2, 0xA1, 0x23,
+        0x97, 0xA5, 0xB9, 0x7D, 0x35, 0x65, 0x73, 0x07,
+        0xBE, 0xC9, 0x4C, 0xC0, 0xC7, 0x2C, 0x5C, 0x6B,
+        0x09, 0xDA, 0xF2, 0xBA, 0xF0, 0x02, 0x0B, 0x7D,
+        0x8C, 0xA5, 0x60, 0xBF, 0x65, 0x96, 0x92, 0x9A,
+        0xC8, 0xD4, 0xE5, 0x46, 0x0F, 0x78, 0x37, 0xB4,
+        0x1B, 0x4A, 0xE6, 0xFF, 0x12, 0x33, 0x9D, 0xB8,
+        0xEB, 0xD7, 0x02, 0x8A, 0xAC, 0xFE, 0x0B, 0x42,
+        0xE0, 0x2C, 0xDE, 0x90, 0x67, 0x83, 0xAB, 0xFF,
+        0x69, 0x4E, 0x7C, 0xBE, 0x08, 0x97, 0xED, 0x6E,
+        0xD4, 0x38, 0xAC, 0xDB, 0x00, 0xA4, 0x70, 0x9C,
+        0xFE, 0xF7, 0x15, 0x0E, 0xBE, 0xB0, 0x8C, 0x8F,
+        0xF6, 0xC1, 0x54, 0x38, 0x15, 0xF4, 0xB8, 0x95,
+        0x1C, 0x3C, 0xAC, 0xE4, 0x99, 0x58, 0x64, 0x58,
+        0xA7, 0x3C, 0x85, 0x72, 0x38, 0x9A, 0xFC, 0x97,
+        0x03, 0xA7, 0xFE, 0xAF, 0x67, 0x34, 0x45, 0xFB,
+        0x4B, 0x0C, 0xCA, 0xA5, 0x11, 0xD4, 0xA2, 0xCF,
+        0x46, 0x3F, 0x57, 0xE3, 0xA6, 0xD7, 0x2D, 0xA0,
+        0x4B, 0x25, 0x66, 0x99, 0xA3, 0x02, 0x12, 0xE7,
+        0xC5, 0x76, 0x8E, 0xFC, 0x15, 0x1B, 0x71, 0x74,
+        0x41, 0x56, 0x57, 0x5A, 0x2E, 0x94, 0x43, 0x31,
+        0x92, 0x32, 0xD1, 0x59, 0xC6, 0xCC, 0x00, 0x6F,
+        0xDB, 0x57, 0xC5, 0x81, 0x73, 0xAD, 0x8D, 0x2C,
+        0x86, 0x6C, 0x88, 0x87, 0x43, 0x7C, 0x22, 0x38,
+        0x88, 0xE2, 0x1E, 0xF6, 0x7E, 0x1A, 0x33, 0x2C,
+        0x1F, 0xDF, 0xCC, 0x15, 0xEF, 0x17, 0x47, 0x6F,
+        0xE0, 0xFB, 0x57, 0xD4, 0x22, 0x98, 0x94, 0x72,
+        0x5E, 0x14, 0x74, 0xC1, 0xBA, 0x12, 0x16, 0x56,
+        0x28, 0x17, 0xF1, 0x6C, 0x53, 0xEC, 0xE0, 0x1C,
+        0x7F, 0x9E, 0x36, 0x64, 0xEE, 0xDB, 0xBA, 0x94,
+        0x95, 0x29, 0x87, 0x43, 0x1A, 0xA2, 0xA5, 0x7D,
+        0x33, 0x0E, 0xB1, 0x1B, 0x28, 0xE6, 0xBF, 0x77,
+        0x0E, 0x34, 0x9E, 0xCE, 0x35, 0x0C, 0x83, 0xE9,
+        0x0D, 0xA6, 0xFE, 0x0D, 0x0A, 0x4A, 0xB9, 0x71,
+        0x5D, 0xB2, 0x8B, 0xDD, 0x39, 0x7F, 0xAF, 0xA1,
+        0x42, 0x83, 0x02, 0x15, 0x1E, 0x1F, 0x22, 0x2B,
+        0x44, 0x69, 0x87, 0x9E, 0xB5, 0xD0, 0xF0, 0x18,
+        0x60, 0x6A, 0x75, 0x94, 0xBF, 0xC8, 0x2C, 0x39,
+        0x4E, 0x91, 0xB9, 0x26, 0x44, 0x95, 0xC9, 0x06,
+        0x3D, 0x50, 0x52, 0x62, 0x79, 0x9B, 0x9F, 0xCB,
+        0xE6, 0x31, 0x6B, 0xBC, 0xC8, 0xD8, 0x09, 0x30,
+        0x53, 0x63, 0x6A, 0x74, 0xD4, 0xFA, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x02, 0x0F, 0x16, 0x1B, 0x1F,
+        0x29, 0x2E, 0x36
+    };
+#endif
+#else
 #ifndef WOLFSSL_NO_ML_DSA_44
     static const byte pk_44[] = {
         0x35, 0x07, 0x31, 0x3A, 0xE3, 0x7A, 0xF6, 0x96,
@@ -36669,8 +47550,8 @@ static int test_wc_dilithium_verify_kats(void)
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x03, 0x06, 0x0B, 0x11, 0x17,
         0x1F, 0x27, 0x2E
-
     };
+#endif
 #endif
 
     key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -36734,7 +47615,7 @@ static int test_wc_SetSubjectBuffer(void)
 
     ExpectIntEQ(wc_InitCert(&cert), 0);
     ExpectIntEQ(wc_SetSubjectBuffer(&cert, der, (int)derSz), 0);
-    ExpectIntEQ(wc_SetSubjectBuffer(NULL, der, (int)derSz), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SetSubjectBuffer(NULL, der, (int)derSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -36750,7 +47631,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void)
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
     WC_RNG      rng;
     Cert        cert;
-#if !defined(NO_RSA) && defined(HAVE_RSA)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     RsaKey      rsaKey;
     int         bits = 2048;
 #endif
@@ -36773,7 +47654,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void)
 
     ExpectIntEQ(wc_InitCert(&cert), 0);
 
-#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     /* RSA */
     XMEMSET(&rsaKey, 0, sizeof(RsaKey));
     ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0);
@@ -36832,7 +47713,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex(void)
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
     WC_RNG      rng;
     Cert        cert;
-#if !defined(NO_RSA) && defined(HAVE_RSA)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     RsaKey      rsaKey;
     int         bits = 2048;
 #endif
@@ -36855,7 +47736,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex(void)
 
     ExpectIntEQ(wc_InitCert(&cert), 0);
 
-#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     /* RSA */
     XMEMSET(&rsaKey, 0, sizeof(RsaKey));
     ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0);
@@ -36931,7 +47812,7 @@ static int test_wc_PKCS7_Init(void)
 
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
     /* Pass in bad args. */
-    ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_PKCS7_Free(pkcs7);
 #endif
@@ -37088,9 +47969,9 @@ static int test_wc_PKCS7_InitWithCert(void)
 
         /* Pass in bad args. No need free for null checks, free at end.*/
         ExpectIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #ifdef HAVE_ECC
         ExpectIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
@@ -37210,10 +48091,10 @@ static int test_wc_PKCS7_EncodeData(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
-                                                            BAD_FUNC_ARG);
+                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
-                                                            BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E);
+                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), WC_NO_ERR_TRACE(BUFFER_E));
 
     wc_PKCS7_Free(pkcs7);
 #endif
@@ -37474,7 +48355,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
         ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
         ExpectIntEQ(wc_PKCS7_SetStreamMode(NULL, 1, NULL, NULL, NULL),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 1);
 
         ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, output,
@@ -37538,7 +48419,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         for (z = 0; z < outputSz && ret != 0; z++) {
             ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
             if (ret < 0){
-                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
             }
         }
         ExpectIntEQ(ret, 0);
@@ -37550,15 +48431,15 @@ static int test_wc_PKCS7_EncodeSignedData(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
-                                badOutSz), BAD_FUNC_ARG);
+                                badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->hashOID = 0; /* bad hashOID */
     }
     ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
     !defined(NO_RSA) && !defined(NO_SHA256)
@@ -37789,7 +48670,7 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
         for (z = 0; z < outputSz && ret != 0; z++) {
             ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
             if (ret < 0){
-                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
             }
         }
         ExpectIntEQ(ret, 0);
@@ -37807,55 +48688,55 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        outputHead, NULL, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG);
+        outputHead, &outputHeadSz, NULL, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG);
+        outputHead, &outputHeadSz, outputFoot, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->hashOID = 0; /* bad hashOID */
     }
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        outputHead, &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_PKCS7_STREAM
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 #else
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), BUFFER_E);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BUFFER_E));
 #endif
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
-        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_PKCS7_STREAM
     /* can pass in 0 buffer length with streaming API */
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
+        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 #else
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG);
+        outputHead, outputHeadSz, NULL, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_PKCS7_STREAM
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E);
+        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 #else
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, outputFoot, 0), BUFFER_E);
+        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(BUFFER_E));
 #endif
 
     wc_PKCS7_Free(pkcs7);
@@ -38284,7 +49165,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -38357,16 +49238,16 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz),
-                                          BAD_FUNC_ARG);
+                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz),
-                                          BAD_FUNC_ARG);
+                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #ifndef NO_PKCS7_STREAM
         /* can pass in 0 buffer length with streaming API */
         ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
-                                    badOutSz), WC_PKCS7_WANT_READ_E);
+                                    badOutSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
     #else
         ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
-                                    badOutSz), BAD_FUNC_ARG);
+                                    badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #endif
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
@@ -38385,7 +49266,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
         pkcs7->contentSz = sizeof(badContent);
     }
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
-                SIG_VERIFY_E);
+                WC_NO_ERR_TRACE(SIG_VERIFY_E));
 
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
@@ -38401,14 +49282,14 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     ret = -1;
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret == WC_PKCS7_WANT_READ_E){
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
             continue;
         }
         else if (ret < 0) {
             break;
         }
     }
-    ExpectIntEQ(ret, SIG_VERIFY_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
     ExpectIntNE(pkcs7->contentSz, 0);
     ExpectNotNull(pkcs7->contentDynamic);
     wc_PKCS7_Free(pkcs7);
@@ -38440,7 +49321,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -38484,7 +49365,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -38529,7 +49410,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
                     chunkSz;
                 rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
                 if (rc < 0 ) {
-                    if (rc == WC_PKCS7_WANT_READ_E) {
+                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
                         i += sz;
                         continue;
                     }
@@ -38539,7 +49420,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
                     break;
                 }
             }
-            ExpectIntEQ(rc, PKCS7_SIGNEEDS_CHECK);
+            ExpectIntEQ(rc, WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
             wc_PKCS7_Free(pkcs7);
             pkcs7 = NULL;
         }
@@ -38554,7 +49435,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
                     chunkSz;
                 rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
                 if (rc < 0 ) {
-                    if (rc == WC_PKCS7_WANT_READ_E) {
+                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
                         i += sz;
                         continue;
                     }
@@ -38564,7 +49445,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
                     break;
                 }
             }
-            ExpectIntEQ(rc, ASN_PARSE_E);
+            ExpectIntEQ(rc, WC_NO_ERR_TRACE(ASN_PARSE_E));
             wc_PKCS7_Free(pkcs7);
             pkcs7 = NULL;
         }
@@ -38626,7 +49507,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -38649,7 +49530,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
         pkcs7->contentSz = sizeof(badContent);
     }
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
-        SIG_VERIFY_E);
+        WC_NO_ERR_TRACE(SIG_VERIFY_E));
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
@@ -38665,14 +49546,14 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     ret = -1;
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret == WC_PKCS7_WANT_READ_E){
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
             continue;
         }
         else if (ret < 0) {
             break;
         }
     }
-    ExpectIntEQ(ret, SIG_VERIFY_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
     ExpectIntNE(pkcs7->contentSz, 0);
     ExpectNotNull(pkcs7->contentDynamic);
     wc_PKCS7_Free(pkcs7);
@@ -38704,7 +49585,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -38751,7 +49632,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -39118,23 +49999,23 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
         #ifndef NO_DES3
             case DES3b:
             case DESb:
-                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
                 break;
         #endif
         #ifdef HAVE_AESCCM
         #ifdef WOLFSSL_AES_128
             case AES128CCMb:
-                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
                 break;
         #endif
         #ifdef WOLFSSL_AES_192
             case AES192CCMb:
-                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
                 break;
         #endif
         #ifdef WOLFSSL_AES_256
             case AES256CCMb:
-                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
                 break;
         #endif
         #endif
@@ -39203,24 +50084,24 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
-                    (word32)sizeof(output)), BAD_FUNC_ARG);
+                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
-                    (word32)sizeof(output)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG);
+                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Decode.  */
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
+        (word32)sizeof(output), NULL, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
+        (word32)sizeof(output), decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
-        (word32)sizeof(decoded)), BAD_FUNC_ARG);
+        (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
 #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
     /* only a failure for KARI test cases */
@@ -39231,11 +50112,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     #if defined(WOLFSSL_ASN_TEMPLATE)
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     #else
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
     #endif
     if (pkcs7 != NULL) {
         pkcs7->singleCertSz = tempWrd32;
@@ -39249,11 +50130,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
      * is returned from kari parse which gets set to bad func arg */
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #else
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
     #endif
   #endif /* !NO_RSA */
     if (pkcs7 != NULL) {
@@ -39267,7 +50148,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->privateKeySz = tempWrd32;
 
@@ -39276,7 +50157,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     }
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->privateKey = tmpBytePtr;
     }
@@ -39486,60 +50367,60 @@ static int test_wc_PKCS7_EncodeEncryptedData(void)
     }
 
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
-        sizeof(encrypted)),BAD_FUNC_ARG);
+        sizeof(encrypted)),WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Testing the struct. */
     if (pkcs7 != NULL) {
         tmpBytePtr = pkcs7->content;
         pkcs7->content = NULL;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->content = tmpBytePtr;
         tmpWrd32 = pkcs7->contentSz;
         pkcs7->contentSz = 0;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->contentSz = tmpWrd32;
         tmpInt = pkcs7->encryptOID;
         pkcs7->encryptOID = 0;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptOID = tmpInt;
         tmpBytePtr = pkcs7->encryptionKey;
         pkcs7->encryptionKey = NULL;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptionKey = tmpBytePtr;
         tmpWrd32 = pkcs7->encryptionKeySz;
         pkcs7->encryptionKeySz = 0;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptionKeySz = tmpWrd32;
     }
 
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, (word32)encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, (word32)encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        NULL, sizeof(decoded)), BAD_FUNC_ARG);
+        NULL, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        decoded, 0), BAD_FUNC_ARG);
+        decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Test struct fields */
 
     if (pkcs7 != NULL) {
@@ -39547,13 +50428,13 @@ static int test_wc_PKCS7_EncodeEncryptedData(void)
         pkcs7->encryptionKey = NULL;
     }
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptionKey = tmpBytePtr;
         pkcs7->encryptionKeySz = 0;
     }
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_PKCS7_Free(pkcs7);
 #endif
@@ -39600,7 +50481,7 @@ static int test_wc_PKCS7_Degenerate(void)
     for (z = 0; z < derSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -39617,7 +50498,7 @@ static int test_wc_PKCS7_Degenerate(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz),
-        PKCS7_NO_SIGNER_E);
+        WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
 
     #ifndef NO_PKCS7_STREAM
     wc_PKCS7_Free(pkcs7);
@@ -39631,13 +50512,13 @@ static int test_wc_PKCS7_Degenerate(void)
     ret = -1;
     for (z = 0; z < derSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
-        if (ret == WC_PKCS7_WANT_READ_E){
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
             continue;
         }
         else
             break;
     }
-    ExpectIntEQ(ret, PKCS7_NO_SIGNER_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
     #endif /* !NO_PKCS7_STREAM */
 
     wc_PKCS7_Free(pkcs7);
@@ -39886,7 +50767,7 @@ static int test_wc_PKCS7_BER(void)
     for (z = 0; z < derSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -39925,14 +50806,14 @@ static int test_wc_PKCS7_BER(void)
 #ifndef NO_RSA
 #ifdef WOLFSSL_SP_MATH
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
-        sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E);
+        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
 #else
     ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
         sizeof(berContent), decoded, sizeof(decoded)), 0);
 #endif
 #else
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
-        sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
+        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
     wc_PKCS7_Free(pkcs7);
 #endif /* !NO_DES3 */
@@ -40043,7 +50924,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
     /* Set no certs in bundle for this test. */
     if (pkcs7 != NULL) {
         ExpectIntEQ(wc_PKCS7_SetNoCerts(pkcs7, 1), 0);
-        ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_PKCS7_GetNoCerts(pkcs7), 1);
     }
     ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
@@ -40054,7 +50935,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz),
-            PKCS7_SIGNEEDS_CHECK);
+            WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
 
     /* try verifying the signature manually */
     {
@@ -40093,7 +50974,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
     for (z = 0; z < sigSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -40158,7 +51039,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
     for (z = 0; z < sigSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -40198,7 +51079,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
     for (z = 0; z < decodedSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, decoded + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -40208,6 +51089,36 @@ static int test_wc_PKCS7_signed_enveloped(void)
     pkcs7 = NULL;
 #endif /* !NO_PKCS7_STREAM */
 #endif
+
+    {
+        /* arbitrary custom SKID */
+        const byte customSKID[] = {
+            0x40, 0x25, 0x77, 0x56
+        };
+
+        ExpectIntEQ(wc_InitRng(&rng), 0);
+        sigSz = FOURK_BUF * 2;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (pkcs7 != NULL) {
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+            pkcs7->content    = cert;
+            pkcs7->contentSz  = (word32)certSz;
+            pkcs7->contentOID = DATA;
+            pkcs7->privateKey   = key;
+            pkcs7->privateKeySz = (word32)keySz;
+            pkcs7->encryptOID   = RSAk;
+            pkcs7->hashOID      = SHA256h;
+            pkcs7->rng          = &rng;
+            ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
+            ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID,
+                        sizeof(customSKID)), 0);
+            ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig,
+                (word32)sigSz)), 0);
+        }
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        wc_FreeRng(&rng);
+    }
 #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
     return EXPECT_RESULT();
 }
@@ -40223,7 +51134,7 @@ static int test_wc_PKCS7_NoDefaultSignedAttribs(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
 
-    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
 
     wc_PKCS7_Free(pkcs7);
@@ -40243,7 +51154,7 @@ static int test_wc_PKCS7_SetOriEncryptCtx(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
 
-    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
 
     wc_PKCS7_Free(pkcs7);
@@ -40263,7 +51174,7 @@ static int test_wc_PKCS7_SetOriDecryptCtx(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
 
-    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
 
     wc_PKCS7_Free(pkcs7);
@@ -40371,7 +51282,7 @@ static int test_wc_i2d_PKCS12(void)
 
     ExpectNotNull(pkcs12 = wc_PKCS12_new());
     ExpectIntEQ(wc_d2i_PKCS12(der, (word32)derSz, pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntEQ(outSz, derSz);
 
     outSz = derSz - 1;
@@ -40391,14 +51302,14 @@ static int test_wc_i2d_PKCS12(void)
     /* Run the same test but use wc_d2i_PKCS12_fp. */
     ExpectNotNull(pkcs12 = wc_PKCS12_new());
     ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntEQ(outSz, derSz);
     wc_PKCS12_free(pkcs12);
     pkcs12 = NULL;
 
     /* wc_d2i_PKCS12_fp can also allocate the PKCS12 object for the caller. */
     ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntEQ(outSz, derSz);
     wc_PKCS12_free(pkcs12);
     pkcs12 = NULL;
@@ -40435,11 +51346,11 @@ static int test_wc_SignatureGetSize_ecc(void)
     /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
     sig_type = (enum wc_SignatureType) 100;
     /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     sig_type = WC_SIGNATURE_TYPE_ECC;
     ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0);
     key_len = (word32)0;
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_ecc_free(&ecc), 0);
 #endif /* !NO_SIG_WRAPPER && HAVE_ECC && !NO_ECC256 */
@@ -40502,11 +51413,11 @@ static int test_wc_SignatureGetSize_rsa(void)
     /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
     sig_type = (enum wc_SignatureType)100;
     /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     sig_type = WC_SIGNATURE_TYPE_RSA;
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     key_len = (word32)0;
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRsaKey(&rsa_key), 0);
     XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -40556,7 +51467,7 @@ static int test_wc_HashInit(void)
         wc_HashFree(&hash, enumArray[i]);
 
         /* check for null ptr */
-        ExpectIntEQ(wc_HashInit(NULL, enumArray[i]), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_HashInit(NULL, enumArray[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     }  /* end of for loop */
 
@@ -40615,17 +51526,17 @@ static int test_wc_HashSetFlags(void)
         ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
         ExpectIntEQ(wc_HashSetFlags(&hash, enumArray[i], flags), 0);
         ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-        ExpectIntEQ(wc_HashSetFlags(NULL, enumArray[i], flags), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_HashSetFlags(NULL, enumArray[i], flags), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         wc_HashFree(&hash, enumArray[i]);
 
     }
     /* For loop to test not supported cases */
     notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
     for (j = 0; j < notSupportedLen; j++) {
-        ExpectIntEQ(wc_HashInit(&hash, notSupported[j]), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_HashInit(&hash, notSupported[j]), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_HashSetFlags(&hash, notSupported[j], flags),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_HashFree(&hash, notSupported[j]), BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFree(&hash, notSupported[j]), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     }
 #endif
     return EXPECT_RESULT();
@@ -40681,16 +51592,16 @@ static int test_wc_HashGetFlags(void)
         ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
         ExpectIntEQ(wc_HashGetFlags(&hash, enumArray[i], &flags), 0);
         ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-        ExpectIntEQ(wc_HashGetFlags(NULL, enumArray[i], &flags), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_HashGetFlags(NULL, enumArray[i], &flags), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         wc_HashFree(&hash, enumArray[i]);
     }
     /* For loop to test not supported cases */
     notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
     for (j = 0; j < notSupportedLen; j++) {
-        ExpectIntEQ(wc_HashInit(&hash, notSupported[j]), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_HashInit(&hash, notSupported[j]), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_HashGetFlags(&hash, notSupported[j], &flags),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_HashFree(&hash, notSupported[j]), BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFree(&hash, notSupported[j]), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     }
 #endif
     return EXPECT_RESULT();
@@ -40709,6 +51620,8 @@ static int test_wolfSSL_ASN1_BIT_STRING(void)
     EXPECT_DECLS;
 #if !defined(NO_CERTS) && defined(OPENSSL_ALL)
     ASN1_BIT_STRING* str = NULL;
+    ASN1_BIT_STRING* str2 = NULL;
+    unsigned char* der = NULL;
 
     ExpectNotNull(str = ASN1_BIT_STRING_new());
     /* Empty data testing. */
@@ -40744,8 +51657,19 @@ static int test_wolfSSL_ASN1_BIT_STRING(void)
     ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 0), 1);
     ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 0);
 
+    ExpectIntEQ(i2d_ASN1_BIT_STRING(str, NULL), 14);
+    ExpectIntEQ(i2d_ASN1_BIT_STRING(str, &der), 14);
+#ifdef WOLFSSL_ASN_TEMPLATE
+    {
+        const unsigned char* tmp = der;
+        ExpectNotNull(d2i_ASN1_BIT_STRING(&str2, &tmp, 14));
+    }
+#endif
+
     ASN1_BIT_STRING_free(str);
+    ASN1_BIT_STRING_free(str2);
     ASN1_BIT_STRING_free(NULL);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
 #endif
     return EXPECT_RESULT();
 }
@@ -41134,7 +52058,7 @@ static int test_wolfSSL_d2i_ASN1_INTEGER(void)
     /* Set a to valid value. */
     ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS);
     /* NULL output buffer. */
-    ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 0);
+    ExpectIntEQ(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 3);
     wolfSSL_ASN1_INTEGER_free(a);
     a = NULL;
 
@@ -41532,7 +52456,7 @@ static int test_wolfSSL_ASN1_get_object(void)
     const unsigned char objDerNotObj[] = { 0x02, 0x01, 0x00 };
     const unsigned char objDerNoData[] = { 0x06, 0x00 };
     const unsigned char* p;
-    unsigned char objDer[8];
+    unsigned char objDer[10];
     unsigned char* der;
     unsigned char* derPtr;
     int len = sizeof_cliecc_cert_der_256;
@@ -41646,13 +52570,13 @@ static int test_wolfSSL_ASN1_get_object(void)
     ExpectIntEQ(i2d_ASN1_OBJECT(NULL, NULL), 0);
     ExpectIntEQ(i2d_ASN1_OBJECT(&s, NULL), 0);
 
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 8);
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 10);
     der = NULL;
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 8);
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 10);
     derPtr = objDer;
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 8);
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 10);
     ExpectPtrNE(derPtr, objDer);
-    ExpectIntEQ(XMEMCMP(der, objDer, 8), 0);
+    ExpectIntEQ(XMEMCMP(der, objDer, 10), 0);
     XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
 
     ASN1_OBJECT_free(a);
@@ -41668,8 +52592,6 @@ static int test_wolfSSL_i2a_ASN1_OBJECT(void)
     ASN1_OBJECT* a = NULL;
     BIO *bio = NULL;
     const unsigned char notObjDer[] = { 0x04, 0x01, 0xff };
-    const unsigned char badLenDer[] = { 0x06, 0x04, 0x01 };
-    const unsigned char goodDer[] = { 0x06, 0x01, 0x01 };
     const unsigned char* p;
 
     ExpectNotNull(obj = OBJ_nid2obj(NID_sha256));
@@ -41685,22 +52607,10 @@ static int test_wolfSSL_i2a_ASN1_OBJECT(void)
     ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
     ASN1_OBJECT_free(a);
     a = NULL;
-    /* DER encoding - not OBJECT_ID */
+    /* DER encoding */
     p = notObjDer;
     ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
-    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
-    ASN1_OBJECT_free(a);
-    a = NULL;
-    /* Bad length encoding. */
-    p = badLenDer;
-    ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
-    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
-    ASN1_OBJECT_free(a);
-    a = NULL;
-    /* Good encoding - but unknown. */
-    p = goodDer;
-    ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
-    ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
+    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 5);
     ASN1_OBJECT_free(a);
 
     BIO_free(bio);
@@ -41747,9 +52657,9 @@ static int test_wolfSSL_sk_ASN1_OBJECT(void)
     sk = NULL;
 
     ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), -1);
     ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, NULL), 0);
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), 0);
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), -1);
     ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1);
     wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
     sk = NULL;
@@ -41845,7 +52755,7 @@ static int test_wolfSSL_ASN1_STRING_to_UTF8(void)
 
     ExpectNotNull(file = fopen("./certs/server-cert.pem", "rb"));
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
-    if (file != NULL)
+    if (file != XBADFILE)
         fclose(file);
 
     /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */
@@ -41929,9 +52839,9 @@ static int test_wolfSSL_ASN1_STRING_canon(void)
     ExpectNotNull(canon = ASN1_STRING_new());
 
     /* Invalid parameter testing. */
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
     ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
@@ -42282,9 +53192,9 @@ static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void)
     ExpectIntEQ(wolfSSL_ASN1_TIME_set_string(gtime, "20180504123500Z"), 1);
 
     /* Invalid parameters testing. */
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 1);
     ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 20);
@@ -42337,6 +53247,9 @@ static int test_wolfSSL_ASN1_TIME(void)
     ExpectIntEQ(ASN1_TIME_check(NULL), 0);
     ExpectIntEQ(ASN1_TIME_check(asn_time), 1);
 
+    ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Z"), 1);
+    ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Za"), 0);
+
     ASN1_TIME_free(asn_time);
     ASN1_TIME_free(NULL);
 #endif
@@ -42935,7 +53848,7 @@ static int test_wolfSSL_ASN1_TYPE(void)
     return EXPECT_RESULT();
 }
 
-/* Testing code used in dpp.c in hostap */
+/* Testing code used in old dpp.c in hostap */
 #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
 typedef struct {
     /* AlgorithmIdentifier ecPublicKey with optional parameters present
@@ -42952,6 +53865,57 @@ ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY)
 
+typedef struct {
+    int type;
+    union {
+        ASN1_BIT_STRING *str1;
+        ASN1_BIT_STRING *str2;
+        ASN1_BIT_STRING *str3;
+    } d;
+} ASN1_CHOICE_TEST;
+
+ASN1_CHOICE(ASN1_CHOICE_TEST) = {
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str1, ASN1_BIT_STRING, 1),
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str2, ASN1_BIT_STRING, 2),
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str3, ASN1_BIT_STRING, 3)
+} ASN1_CHOICE_END(ASN1_CHOICE_TEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_CHOICE_TEST)
+
+/* Test nested objects */
+typedef struct {
+    DPP_BOOTSTRAPPING_KEY* key;
+    ASN1_INTEGER* asnNum;
+    ASN1_INTEGER* expNum;
+    STACK_OF(ASN1_GENERALSTRING) *strList;
+    ASN1_CHOICE_TEST* str;
+} TEST_ASN1_NEST1;
+
+ASN1_SEQUENCE(TEST_ASN1_NEST1) = {
+    ASN1_SIMPLE(TEST_ASN1_NEST1, key, DPP_BOOTSTRAPPING_KEY),
+    ASN1_SIMPLE(TEST_ASN1_NEST1, asnNum, ASN1_INTEGER),
+    ASN1_EXP(TEST_ASN1_NEST1, expNum, ASN1_INTEGER, 0),
+    ASN1_EXP_SEQUENCE_OF(TEST_ASN1_NEST1, strList, ASN1_GENERALSTRING, 1),
+    ASN1_SIMPLE(TEST_ASN1_NEST1, str, ASN1_CHOICE_TEST)
+} ASN1_SEQUENCE_END(TEST_ASN1_NEST1)
+
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST1)
+
+typedef struct {
+    ASN1_INTEGER* num;
+    DPP_BOOTSTRAPPING_KEY* key;
+    TEST_ASN1_NEST1* asn1_obj;
+} TEST_ASN1_NEST2;
+
+ASN1_SEQUENCE(TEST_ASN1_NEST2) = {
+    ASN1_SIMPLE(TEST_ASN1_NEST2, num, ASN1_INTEGER),
+    ASN1_SIMPLE(TEST_ASN1_NEST2, key, DPP_BOOTSTRAPPING_KEY),
+    ASN1_SIMPLE(TEST_ASN1_NEST2, asn1_obj, TEST_ASN1_NEST1)
+} ASN1_SEQUENCE_END(TEST_ASN1_NEST2)
+
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST2)
+/* End nested objects */
+
 typedef struct {
     ASN1_INTEGER *integer;
 } TEST_ASN1;
@@ -42962,16 +53926,13 @@ ASN1_SEQUENCE(TEST_ASN1) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1)
 
-typedef struct {
-    ASN1_OCTET_STRING *octet_string;
-} TEST_FAIL_ASN1;
+typedef STACK_OF(ASN1_INTEGER) TEST_ASN1_ITEM;
 
-#define WOLFSSL_ASN1_OCTET_STRING_ASN1   4
-ASN1_SEQUENCE(TEST_FAIL_ASN1) = {
-    ASN1_SIMPLE(TEST_FAIL_ASN1, octet_string, ASN1_OCTET_STRING),
-} ASN1_SEQUENCE_END(TEST_FAIL_ASN1)
+ASN1_ITEM_TEMPLATE(TEST_ASN1_ITEM) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, MemName, ASN1_INTEGER)
+ASN1_ITEM_TEMPLATE_END(TEST_ASN1_ITEM)
 
-IMPLEMENT_ASN1_FUNCTIONS(TEST_FAIL_ASN1)
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_ITEM)
 #endif
 
 static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
@@ -42984,7 +53945,9 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     EVP_PKEY *key = NULL;
     size_t len = 0;
     unsigned char *der = NULL;
-    DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
+    unsigned char *der2 = NULL;
+    const unsigned char *tmp = NULL;
+    DPP_BOOTSTRAPPING_KEY *bootstrap = NULL, *bootstrap2 = NULL;
     const unsigned char *in = ecc_clikey_der_256;
     WOLFSSL_ASN1_OBJECT* ec_obj = NULL;
     WOLFSSL_ASN1_OBJECT* group_obj = NULL;
@@ -42992,7 +53955,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     const EC_POINT *point = NULL;
     int nid;
     TEST_ASN1 *test_asn1 = NULL;
-    TEST_FAIL_ASN1 test_fail_asn1;
+    TEST_ASN1 *test_asn1_2 = NULL;
 
     const unsigned char badObjDer[] = { 0x06, 0x00 };
     const unsigned char goodObjDer[] = {
@@ -43005,9 +53968,9 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
 
     der = NULL;
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), 0);
-    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), 0);
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), -1);
+    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), -1);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1);
 
     ExpectNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
                                        (long)sizeof_ecc_clikey_der_256));
@@ -43058,15 +54021,23 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
         bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
     }
 
-    ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 16+len);
     der = NULL;
-    ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
-    ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16+len);
+    der2 = NULL;
+#ifdef WOLFSSL_ASN_TEMPLATE
+    tmp = der;
+    ExpectNotNull(d2i_DPP_BOOTSTRAPPING_KEY(&bootstrap2, &tmp, 16+len));
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap2, &der2), 16+len);
+    ExpectBufEQ(der, der2, 49);
+#endif
 
     XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+    XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
     EVP_PKEY_free(key);
     EC_KEY_free(eckey);
     DPP_BOOTSTRAPPING_KEY_free(bootstrap);
+    DPP_BOOTSTRAPPING_KEY_free(bootstrap2);
     bootstrap = NULL;
     DPP_BOOTSTRAPPING_KEY_free(NULL);
 
@@ -43090,7 +54061,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     }
     /* Encode with bad OBJECT_ID. */
     der = NULL;
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1);
 
     /* Fix OBJECT_ID and encode with empty BIT_STRING. */
     if (EXPECT_SUCCESS()) {
@@ -43100,7 +54071,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     }
     der = NULL;
     ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16);
-    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), 0);
+    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), -1);
     XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
     DPP_BOOTSTRAPPING_KEY_free(bootstrap);
 
@@ -43109,24 +54080,225 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     der = NULL;
     ExpectIntEQ(ASN1_INTEGER_set(test_asn1->integer, 100), 1);
     ExpectIntEQ(i2d_TEST_ASN1(test_asn1, &der), 5);
+    tmp = der;
+    ExpectNotNull(d2i_TEST_ASN1(&test_asn1_2, &tmp, 5));
+    der2 = NULL;
+    ExpectIntEQ(i2d_TEST_ASN1(test_asn1_2, &der2), 5);
+    ExpectBufEQ(der, der2, 5);
     XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+    XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
     TEST_ASN1_free(test_asn1);
+    TEST_ASN1_free(test_asn1_2);
 
     /* Test integer cases. */
     ExpectNull(wolfSSL_ASN1_item_new(NULL));
     TEST_ASN1_free(NULL);
 
-    /* Test error cases. */
-    ExpectNull(TEST_FAIL_ASN1_new());
-    ExpectNull(wolfSSL_ASN1_item_new(NULL));
-    TEST_FAIL_ASN1_free(NULL);
-    XMEMSET(&test_fail_asn1, 0, sizeof(TEST_FAIL_ASN1));
-    ExpectIntEQ(i2d_TEST_FAIL_ASN1(&test_fail_asn1, &der), 0);
+    /* Test nested asn1 objects */
+    {
+        TEST_ASN1_NEST2 *nested_asn1 = NULL;
+        TEST_ASN1_NEST2 *nested_asn1_2 = NULL;
+        int i;
+
+        ExpectNotNull(nested_asn1 = TEST_ASN1_NEST2_new());
+        /* Populate nested_asn1 with some random data */
+        /* nested_asn1->num */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->num, 30003), 1);
+        /* nested_asn1->key */
+        ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
+        group_obj = OBJ_nid2obj(NID_secp256k1);
+        ExpectIntEQ(X509_ALGOR_set0(nested_asn1->key->alg, ec_obj,
+                V_ASN1_OBJECT, group_obj), 1);
+        ec_obj = NULL;
+        group_obj = NULL;
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->key->pub_key, 50, 1),
+                1);
+        /* nested_asn1->asn1_obj->key */
+        ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
+        group_obj = OBJ_nid2obj(NID_secp256k1);
+        ExpectIntEQ(X509_ALGOR_set0(nested_asn1->asn1_obj->key->alg, ec_obj,
+                V_ASN1_OBJECT, group_obj), 1);
+        ec_obj = NULL;
+        group_obj = NULL;
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->key->pub_key,
+                500, 1), 1);
+        /* nested_asn1->asn1_obj->asnNum */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->asnNum, 666666), 1);
+        /* nested_asn1->asn1_obj->expNum */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->expNum, 22222), 1);
+        /* nested_asn1->asn1_obj->strList */
+        for (i = 10; i >= 0; i--) {
+            ASN1_GENERALSTRING* genStr;
+            char fmtStr[20];
+
+            ExpectIntGT(snprintf(fmtStr, sizeof(fmtStr), "Bonjour #%d", i), 0);
+            ExpectNotNull(genStr = ASN1_GENERALSTRING_new());
+            ExpectIntEQ(ASN1_GENERALSTRING_set(genStr, fmtStr, -1), 1);
+            ExpectIntGT(
+                    sk_ASN1_GENERALSTRING_push(nested_asn1->asn1_obj->strList,
+                            genStr), 0);
+        }
+        /* nested_asn1->asn1_obj->str */
+        ExpectNotNull(nested_asn1->asn1_obj->str->d.str2
+                = ASN1_BIT_STRING_new());
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->str->d.str2,
+                150, 1), 1);
+        nested_asn1->asn1_obj->str->type = 2;
+
+        der = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1, &der), 285);
+#ifdef WOLFSSL_ASN_TEMPLATE
+        tmp = der;
+        ExpectNotNull(d2i_TEST_ASN1_NEST2(&nested_asn1_2, &tmp, 285));
+        der2 = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1_2, &der2), 285);
+        ExpectBufEQ(der, der2, 285);
+        XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+
+        TEST_ASN1_NEST2_free(nested_asn1);
+        TEST_ASN1_NEST2_free(nested_asn1_2);
+    }
+
+    /* Test ASN1_ITEM_TEMPLATE */
+    {
+        TEST_ASN1_ITEM* asn1_item = NULL;
+        TEST_ASN1_ITEM* asn1_item2 = NULL;
+        int i;
+
+        ExpectNotNull(asn1_item = TEST_ASN1_ITEM_new());
+        for (i = 0; i < 11; i++) {
+            ASN1_INTEGER* asn1_num;
+
+            ExpectNotNull(asn1_num = ASN1_INTEGER_new());
+            ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1);
+            ExpectIntGT(wolfSSL_sk_insert(asn1_item, asn1_num, -1), 0);
+        }
+
+        der = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item, &der), 35);
+        tmp = der;
+        ExpectNotNull(d2i_TEST_ASN1_ITEM(&asn1_item2, &tmp, 35));
+        der2 = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item2, &der2), 35);
+        ExpectBufEQ(der, der2, 35);
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
+
+        TEST_ASN1_ITEM_free(asn1_item);
+        TEST_ASN1_ITEM_free(asn1_item2);
+    }
+
 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 #endif /* OPENSSL_ALL && HAVE_ECC && USE_CERT_BUFFERS_256 */
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_i2d_ASN1_TYPE(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    /* Taken from one of sssd's certs othernames */
+    unsigned char str_bin[] = {
+      0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
+      0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
+    };
+    ASN1_TYPE* asn1type = NULL;
+    unsigned char* der = NULL;
+
+    /* Create ASN1_TYPE manually as we don't have a d2i version yet */
+    {
+        ASN1_STRING* str = NULL;
+        ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
+        ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
+        ExpectNotNull(asn1type = ASN1_TYPE_new());
+        ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str);
+    }
+
+    ExpectIntEQ(i2d_ASN1_TYPE(asn1type, NULL), sizeof(str_bin));
+    ExpectIntEQ(i2d_ASN1_TYPE(asn1type, &der), sizeof(str_bin));
+    ExpectBufEQ(der, str_bin, sizeof(str_bin));
+
+    ASN1_TYPE_free(asn1type);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_i2d_ASN1_SEQUENCE(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    /* Taken from one of sssd's certs othernames */
+    unsigned char str_bin[] = {
+      0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
+      0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
+    };
+    ASN1_STRING* str = NULL;
+    unsigned char* der = NULL;
+
+    ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
+    ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
+    ExpectIntEQ(i2d_ASN1_SEQUENCE(str, NULL), sizeof(str_bin));
+    ExpectIntEQ(i2d_ASN1_SEQUENCE(str, &der), sizeof(str_bin));
+
+    ASN1_STRING_free(str);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_ASN1_strings(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    char text[] = "\0\0test string";
+    unsigned char* der = NULL;
+    ASN1_STRING* str = NULL;
+
+    /* Set the length byte */
+    text[1] = XSTRLEN(text + 2);
+
+    /* GENERALSTRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_GENERALSTRING;
+        ExpectNotNull(d2i_ASN1_GENERALSTRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_GENERALSTRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+    /* OCTET_STRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_OCTET_STRING;
+        ExpectNotNull(d2i_ASN1_OCTET_STRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_OCTET_STRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+    /* UTF8STRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_UTF8STRING;
+        ExpectNotNull(d2i_ASN1_UTF8STRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_UTF8STRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
 
 static int test_wolfSSL_lhash(void)
 {
@@ -43675,12 +54847,12 @@ static int test_wolfSSL_X509_check_host(void)
             WOLFSSL_SUCCESS);
 
     ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     X509_free(x509);
 
     ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     return EXPECT_RESULT();
 }
@@ -43698,7 +54870,7 @@ static int test_wolfSSL_X509_check_email(void)
 
     /* Should fail on non-matching email address */
     ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Should succeed on matching email address */
     ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0),
             WOLFSSL_SUCCESS);
@@ -43707,13 +54879,13 @@ static int test_wolfSSL_X509_check_email(void)
             WOLFSSL_SUCCESS);
     /* Should fail when email address is NULL */
     ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     X509_free(x509);
 
     /* Should fail when x509 is NULL */
     ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
     return EXPECT_RESULT();
 }
@@ -43776,7 +54948,7 @@ static int test_wc_AllocDer(void)
     word32 testSize = 1024;
 
     ExpectIntEQ(wc_AllocDer(NULL, testSize, CERT_TYPE, HEAP_HINT),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT), 0);
     ExpectNotNull(pDer);
     wc_FreeDer(&pDer);
@@ -43801,19 +54973,19 @@ static int test_wc_CertPemToDer(void)
         (int)cert_dersz, CERT_TYPE), 0);
 
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, -1, CERT_TYPE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL, -1, CERT_TYPE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der, -1, CERT_TYPE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, (int)cert_dersz,
-        CERT_TYPE), BAD_FUNC_ARG);
+        CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der,
-        (int)cert_dersz, CERT_TYPE), BAD_FUNC_ARG);
+        (int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL,
-        (int)cert_dersz, CERT_TYPE), BAD_FUNC_ARG);
+        (int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, -1,
-        CERT_TYPE), BAD_FUNC_ARG);
+        CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     if (cert_der != NULL)
         free(cert_der);
@@ -43864,11 +55036,11 @@ static int test_wc_KeyPemToDer(void)
 
     /* Bad arg: Cert buffer is NULL */
     ExpectIntEQ(wc_KeyPemToDer(NULL, cert_sz, cert_der, cert_dersz, ""),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Bad arg: Cert DER buffer non-NULL but size zero (or less) */
     ExpectIntEQ(wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test normal operation */
     cert_dersz = cert_sz; /* DER will be smaller than PEM */
@@ -43908,7 +55080,7 @@ static int test_wc_PubKeyPemToDer(void)
     byte* cert_der = NULL;
 
     ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
-        cert_der, (int)cert_dersz), BAD_FUNC_ARG);
+        cert_der, (int)cert_dersz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(load_file(key, &cert_buf, &cert_sz), 0);
     cert_dersz = cert_sz; /* DER will be smaller than PEM */
@@ -43948,7 +55120,7 @@ static int test_wc_PemPubKeyToDer(void)
     byte* cert_der = NULL;
 
     ExpectIntGE(wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
     ExpectIntGE(wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz), 0);
@@ -44031,19 +55203,19 @@ static int test_wc_GetPubKeyDerFromCert(void)
     /* test LENGTH_ONLY_E case */
     keyDerSz = 0;
     ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntGT(keyDerSz, 0);
 
     /* bad args: DecodedCert NULL */
-    ExpectIntEQ(wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* bad args: output key buff size */
-    ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* bad args: zero size output key buffer */
     keyDerSz = 0;
     ExpectIntEQ(ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDecodedCert(&decoded);
 
@@ -44111,7 +55283,7 @@ static int test_wc_GetPubKeyDerFromCert(void)
     /* test LENGTH_ONLY_E case */
     keyDerSz = 0;
     ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntGT(keyDerSz, 0);
 
     wc_FreeDecodedCert(&decoded);
@@ -44153,24 +55325,24 @@ static int test_wc_CheckCertSigPubKey(void)
 
     /* No certificate. */
     ExpectIntEQ(wc_CheckCertSigPubKey(NULL, cert_dersz, NULL, keyDer, keyDerSz,
-        ECDSAk), BAD_FUNC_ARG);
+        ECDSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Bad cert size. */
     ExpectIntNE(ret = wc_CheckCertSigPubKey(cert_der, 0, NULL, keyDer, keyDerSz,
         RSAk), 0);
-    ExpectTrue(ret == ASN_PARSE_E || ret == BUFFER_E);
+    ExpectTrue(ret == WC_NO_ERR_TRACE(ASN_PARSE_E) || ret == WC_NO_ERR_TRACE(BUFFER_E));
 
     /* No public key. */
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, NULL,
-        keyDerSz, RSAk), ASN_NO_SIGNER_E);
+        keyDerSz, RSAk), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 
     /* Bad public key size. */
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0,
-        RSAk), BAD_FUNC_ARG);
+        RSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Wrong aglo. */
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer,
-        keyDerSz, ECDSAk), ASN_PARSE_E);
+        keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_PARSE_E));
 
     wc_FreeDecodedCert(&decoded);
     if (cert_der != NULL)
@@ -44187,8 +55359,8 @@ static int test_wolfSSL_certs(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
     !defined(NO_RSA)
     X509*  x509ext = NULL;
-#ifdef OPENSSL_ALL
     X509*  x509 = NULL;
+#ifdef OPENSSL_ALL
     WOLFSSL_X509_EXTENSION* ext = NULL;
     ASN1_OBJECT* obj = NULL;
 #endif
@@ -44209,7 +55381,7 @@ static int test_wolfSSL_certs(void)
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
     #if !defined(NO_CHECK_PRIVATE_KEY)
-    ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_check_private_key(ctx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #endif
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
     #if !defined(NO_CHECK_PRIVATE_KEY)
@@ -44217,6 +55389,14 @@ static int test_wolfSSL_certs(void)
     #endif
     ExpectNotNull(ssl = SSL_new(ctx));
 
+    /* Invalid parameters. */
+    ExpectIntEQ(SSL_use_certificate_file(NULL, NULL, WOLFSSL_FILETYPE_PEM),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_use_certificate_file(ssl, NULL, WOLFSSL_FILETYPE_PEM),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_certificate_file(NULL, "./certs/server-cert.pem",
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
     #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
@@ -44225,6 +55405,16 @@ static int test_wolfSSL_certs(void)
     ExpectIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
     #endif /* HAVE_PK_CALLBACKS */
 
+    /* Invalid parameters. */
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(SSL_use_certificate(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_certificate(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_certificate(NULL, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* No data in certificate. */
+    ExpectIntEQ(SSL_use_certificate(ssl, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     /* create and use x509 */
 #ifdef OPENSSL_ALL
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
@@ -44241,6 +55431,15 @@ static int test_wolfSSL_certs(void)
 
 
     #if defined(USE_CERT_BUFFERS_2048)
+        /* Invalid parameters. */
+        ExpectIntEQ(SSL_use_certificate_ASN1(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        ExpectIntEQ(SSL_use_certificate_ASN1(ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        ExpectIntEQ(SSL_use_certificate_ASN1(NULL,
+                (unsigned char*)server_cert_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        /* No data. */
+        ExpectIntEQ(SSL_use_certificate_ASN1(ssl,
+                (unsigned char*)server_cert_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
         ExpectIntEQ(SSL_use_certificate_ASN1(ssl,
                                   (unsigned char*)server_cert_der_2048,
                                   sizeof_server_cert_der_2048), WOLFSSL_SUCCESS);
@@ -44259,7 +55458,7 @@ static int test_wolfSSL_certs(void)
                     WOLFSSL_SUCCESS);
 
         ExpectIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     }
     #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
 
@@ -44284,7 +55483,7 @@ static int test_wolfSSL_certs(void)
 
     ExpectNotNull(ext = X509_EXTENSION_new());
     X509_EXTENSION_set_critical(ext, 0);
-    ExpectIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE);
+    ExpectIntEQ(X509_EXTENSION_set_data(ext, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit,
             NULL);
     ExpectIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
@@ -44492,13 +55691,15 @@ static int test_wolfSSL_private_keys(void)
     #else
     ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
     #endif
-    ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM));
     /* Have to load a cert before you can check the private key against that
      * certificates public key! */
     #if !defined(NO_CHECK_PRIVATE_KEY)
-    ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #endif
-    ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
+        WOLFSSL_FILETYPE_PEM));
     #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
@@ -44508,12 +55709,34 @@ static int test_wolfSSL_private_keys(void)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
+    /* Invalid parameters. */
+    ExpectIntEQ(SSL_use_PrivateKey_file(NULL, NULL, WOLFSSL_FILETYPE_PEM),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_use_PrivateKey_file(NULL, svrKeyFile, WOLFSSL_FILETYPE_PEM),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_use_PrivateKey_file(ssl, NULL, WOLFSSL_FILETYPE_PEM),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
 #ifdef USE_CERT_BUFFERS_2048
     {
     const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
     unsigned char buf[FOURK_BUF];
     word32 bufSz;
 
+    /* Invalid parameters. */
+    ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL,
+        (unsigned char*)client_key_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key,
+        0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
     ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
                 (unsigned char*)client_key_der_2048,
                 sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
@@ -44548,8 +55771,15 @@ static int test_wolfSSL_private_keys(void)
     ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
 
-    /* pkey not set yet, expecting to fail */
-    ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
+    /* Invalid parameters. */
+    ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+    ExpectIntEQ(SSL_use_PrivateKey(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* pkey is empty - no key data to use. */
+    ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WC_NO_ERR_TRACE(ASN_PARSE_E));
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
 
     /* set PKEY and test again */
     ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
@@ -44964,9 +56194,9 @@ static int test_wolfSSL_PEM_PrivateKey_rsa(void)
     XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
 
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
-    ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
+    ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
-    ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE);
+    ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key,
         (long)sizeof_server_key_der_2048));
@@ -44975,17 +56205,17 @@ static int test_wolfSSL_PEM_PrivateKey_rsa(void)
     ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
         (long)sizeof_server_key_der_2048));
     ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_PrivateKey(bio,  NULL, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_PrivateKey(bio,  pkey, NULL, NULL, 0, NULL, NULL),
         WOLFSSL_SUCCESS);
     ExpectIntGT(BIO_pending(bio), 0);
     ExpectIntEQ(BIO_pending(bio), 1679);
     /* Check if the pubkey API writes only the public key */
 #ifdef WOLFSSL_KEY_GEN
-    ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
     ExpectIntGT(BIO_pending(pub_bio), 0);
     /* Previously both the private key and the pubkey calls would write
@@ -45082,7 +56312,7 @@ static int test_wolfSSL_PEM_PrivateKey_ecc(void)
     ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
         WOLFSSL_SUCCESS);
     ExpectIntGT(BIO_pending(bio), 0);
-    /* No parmeters. */
+    /* No parameters. */
     ExpectIntEQ(BIO_pending(bio), 227);
     /* Check if the pubkey API writes only the public key */
 #ifdef WOLFSSL_KEY_GEN
@@ -45279,7 +56509,7 @@ static int test_wolfSSL_PEM_PrivateKey(void)
         NULL), 0);
 #endif
 #ifdef WOLFSSL_KEY_GEN
-    ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     EVP_PKEY_free(pkey);
     pkey = NULL;
@@ -45413,12 +56643,12 @@ static int test_wolfSSL_PEM_file_RSAKey(void)
         XFCLOSE(fp);
     ExpectIntEQ(RSA_size(rsa), 256);
 
-    ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS);
 
     RSA_free(rsa);
@@ -45446,9 +56676,9 @@ static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
     }
 
     ExpectIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL),
         WOLFSSL_SUCCESS);
 
@@ -45502,7 +56732,7 @@ static int test_wolfSSL_PEM_bio_RSAKey(void)
     ExpectNotNull(rsa);
     ExpectIntEQ(RSA_size(rsa), 256);
     ExpectIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
-                                            NULL), WOLFSSL_FAILURE);
+                                            NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -45518,7 +56748,7 @@ static int test_wolfSSL_PEM_bio_RSAKey(void)
     ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL)));
     ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
     ExpectIntEQ(RSA_size(rsa), 256);
-    ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -45613,7 +56843,7 @@ static int test_wolfSSL_PEM_bio_DSAKey(void)
     ExpectNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
     ExpectIntEQ(BN_num_bytes(dsa->g), 128);
     ExpectIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -45629,7 +56859,7 @@ static int test_wolfSSL_PEM_bio_DSAKey(void)
     ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL)));
     ExpectNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
     ExpectIntEQ(BN_num_bytes(dsa->g), 128);
-    ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -45683,11 +56913,11 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     ExpectIntEQ(ec == ec2, 1);
     ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
     ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, ec, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     /* Public key data - fail. */
@@ -45702,11 +56932,11 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     bio = NULL;
 
     ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, NULL, NULL, NULL, 0, NULL,
-        NULL),WOLFSSL_FAILURE);
+        NULL),WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_ECPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, ec, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_ECPrivateKey(stderr, ec, NULL, NULL, 0, NULL, NULL),
         WOLFSSL_SUCCESS);
 
@@ -45741,7 +56971,7 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     ExpectNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, &ec2, NULL, NULL)));
     ExpectIntEQ(ec == ec2, 1);
     ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
-    ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     /* Test 0x30, 0x00 fails. */
@@ -45762,9 +56992,9 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     bio = NULL;
 
     /* Same test as above, but with a file pointer rather than a BIO. */
-    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS);
 
     EC_KEY_free(ec);
@@ -45920,33 +57150,123 @@ static int test_wolfSSL_tmp_dh(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
+    !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     byte buff[6000];
+    static const unsigned char p[] = {
+        0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba,
+        0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00,
+        0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6,
+        0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a,
+        0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf,
+        0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a,
+        0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6,
+        0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48,
+        0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d,
+        0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19,
+        0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f,
+        0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a,
+        0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6,
+        0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04,
+        0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38,
+        0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5,
+        0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e,
+        0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a,
+        0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc,
+        0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7,
+        0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36,
+        0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90,
+        0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3,
+        0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48,
+        0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a,
+        0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab,
+        0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b,
+        0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08,
+        0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6,
+        0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b,
+        0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa,
+        0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x93
+    };
+    int pSz = (int)sizeof(p);
+#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+    !defined(HAVE_SELFTEST)
+    static const unsigned char bad_p[] = {
+        0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba,
+        0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00,
+        0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6,
+        0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a,
+        0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf,
+        0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a,
+        0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6,
+        0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48,
+        0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d,
+        0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19,
+        0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f,
+        0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a,
+        0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6,
+        0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04,
+        0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38,
+        0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5,
+        0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e,
+        0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a,
+        0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc,
+        0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7,
+        0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36,
+        0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90,
+        0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3,
+        0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48,
+        0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a,
+        0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab,
+        0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b,
+        0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08,
+        0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6,
+        0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b,
+        0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa,
+        0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x91
+    };
+#endif
+    static const unsigned char g[] = { 0x02 };
+    int gSz = (int)sizeof(g);
+#if !defined(NO_DSA)
     char file[] = "./certs/dsaparams.pem";
+    DSA* dsa = NULL;
+#else
+    char file[] = "./certs/dh2048.pem";
+#endif
     XFILE f = XBADFILE;
     int  bytes = 0;
-    DSA* dsa = NULL;
     DH*  dh = NULL;
-#if defined(WOLFSSL_DH_EXTRA) && \
-    (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
     DH*  dh2 = NULL;
-#endif
     BIO*     bio = NULL;
     SSL*     ssl = NULL;
     SSL_CTX* ctx = NULL;
+#ifndef NO_WOLFSSL_CLIENT
+    SSL*     ssl_c = NULL;
+    SSL_CTX* ctx_c = NULL;
+#endif
 
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
-#else
-    ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
-#endif
     ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
         WOLFSSL_FILETYPE_PEM));
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
         WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectNotNull(ctx_c = SSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectTrue(SSL_CTX_use_certificate_file(ctx_c, svrCertFile,
+        WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx_c, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(ssl_c = SSL_new(ctx_c));
+#ifdef NO_WOLFSSL_SERVER
+    ctx = ctx_c;
+    ssl = ssl_c;
+#endif
+#endif
 
+    XMEMSET(buff, 0, sizeof(buff));
     ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
     ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
     if (f != XBADFILE)
@@ -45954,33 +57274,115 @@ static int test_wolfSSL_tmp_dh(void)
 
     ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
 
+#if !defined(NO_DSA)
     dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
     ExpectNotNull(dsa);
 
     dh = wolfSSL_DSA_dup_DH(dsa);
+#else
+    dh = wolfSSL_PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+#endif
     ExpectNotNull(dh);
 #if defined(WOLFSSL_DH_EXTRA) && \
     (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
     ExpectNotNull(dh2 = wolfSSL_DH_dup(dh));
+    DH_free(dh2);
+    dh2 = NULL;
 #endif
 
+    /* Failure cases */
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p   , 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, g   , 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p  , 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, g   , 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p   , 0, g   , 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p   , 1, g   , 1),
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , buff, 6000, g   , 1),
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
+#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+    !defined(HAVE_SELFTEST)
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, bad_p, pSz, g, gSz),
+        WC_NO_ERR_TRACE(DH_CHECK_PUB_E));
+#endif
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p   , 0, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, g   , 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p  , 0, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, g   , 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p   , 0, g   , 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p   , 1, g   , 1),
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , buff, 6000, g   , 1),
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
+#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+    !defined(HAVE_SELFTEST)
+#ifndef NO_WOLFSSL_SERVER
+    /* Parameters will be tested later so it passes now. */
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl, bad_p, pSz, g, gSz),
+        WOLFSSL_SUCCESS);
+#endif
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl_c, p, pSz, g, gSz),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, dh  ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_set_tmp_dh(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_set_tmp_dh(ssl , NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_set_tmp_dh(NULL, dh  ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* No p/g to use. */
+    dh2 = wolfSSL_DH_new();
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , dh2 ), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ((int)SSL_set_tmp_dh(ssl , dh2 ), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    DH_free(dh2);
+    dh2 = NULL;
+
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz),
+        WOLFSSL_SUCCESS);
     ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR);
+    ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 
     BIO_free(bio);
+#if !defined(NO_DSA)
     DSA_free(dsa);
+#endif
     DH_free(dh);
     dh = NULL;
-#if defined(WOLFSSL_DH_EXTRA) && \
-    (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
-    DH_free(dh2);
-    dh2 = NULL;
+#ifndef NO_WOLFSSL_CLIENT
+    if (ssl != ssl_c) {
+        SSL_free(ssl_c);
+    }
 #endif
     SSL_free(ssl);
+#ifndef NO_WOLFSSL_CLIENT
+    if (ctx != ctx_c) {
+        SSL_CTX_free(ctx_c);
+    }
+#endif
     SSL_CTX_free(ctx);
 #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif
@@ -46308,10 +57710,9 @@ static int test_wolfSSL_EVP_MD_size(void)
     /* error case */
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), 0);
+    ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), 0);
+    ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), 0);
     /* Cleanup is valid on uninit'ed struct */
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
 #endif /* OPENSSL_EXTRA */
@@ -46768,8 +58169,20 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caFile,
         WOLFSSL_FILETYPE_PEM));
+
+    /* Negative tests. */
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
     ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
 
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    /* Empty certificate. */
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(clientFile,
         WOLFSSL_FILETYPE_PEM));
 
@@ -46858,7 +58271,6 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
     return EXPECT_RESULT();
 }
 
-
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
 static int test_wolfSSL_ERR_peek_last_error_line(void)
 {
@@ -47193,7 +58605,7 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
         /* since store knows crl list */
         ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm,
                     "certs/server-revoked-cert.pem",
-                    WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
+                    WOLFSSL_FILETYPE_PEM ), WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
     }
 
     ExpectIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0);
@@ -47288,7 +58700,7 @@ static int test_wolfSSL_PKCS7_certs(void)
         while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) {
             X509_INFO* info = NULL;
             ExpectNotNull(info = sk_X509_INFO_shift(info_sk));
-            ExpectIntEQ(sk_X509_push(sk, info->x509), 1);
+            ExpectIntGT(sk_X509_push(sk, info->x509), 0);
             if (EXPECT_SUCCESS() && (info != NULL)) {
                 info->x509 = NULL;
             }
@@ -47427,7 +58839,7 @@ static int test_wolfSSL_X509_STORE_CTX(void)
         }
     #else
         ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
         ExpectNull(tmpDataRet);
     #endif
@@ -47450,7 +58862,7 @@ static int test_wolfSSL_X509_STORE_CTX(void)
         }
     #else
         ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
         ExpectNull(tmpDataRet);
     #endif
@@ -47479,7 +58891,7 @@ static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename,
         XFCLOSE(fp);
         fp = XBADFILE;
     }
-    ExpectIntEQ(sk_X509_push(chain, cert), 1);
+    ExpectIntGT(sk_X509_push(chain, cert), 0);
     if (EXPECT_FAIL())
         X509_free(cert);
 
@@ -47594,7 +59006,7 @@ static int test_wolfSSL_X509_STORE_set_flags(void)
         WOLFSSL_SUCCESS);
 #else
     ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
-        NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 
     wolfSSL_X509_free(x509);
@@ -47624,7 +59036,7 @@ static int test_wolfSSL_X509_LOOKUP_load_file(void)
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
             WOLFSSL_FILETYPE_PEM), 1);
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
-            WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
+            WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
     }
     ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
         X509_FILETYPE_PEM), 1);
@@ -47914,7 +59326,7 @@ static int test_wolfSSL_CTX_set_client_CA_list(void)
     ca_list = SSL_load_client_CA_file(caCertFile);
     ExpectNotNull(ca_list);
     ExpectNotNull(name = sk_X509_NAME_value(ca_list, 0));
-    ExpectIntEQ(sk_X509_NAME_push(names, name), 1);
+    ExpectIntEQ(sk_X509_NAME_push(names, name), 2);
     if (EXPECT_FAIL()) {
         wolfSSL_X509_NAME_free(name);
         name = NULL;
@@ -48106,7 +59518,7 @@ static THREAD_RETURN WOLFSSL_THREAD server_task_ech(void* args)
         if (ret != WOLFSSL_SUCCESS) {
             err = wolfSSL_get_error(ssl, 0);
         }
-    } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
+    } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E));
 
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
@@ -48140,20 +59552,19 @@ static THREAD_RETURN WOLFSSL_THREAD server_task_ech(void* args)
 #endif /* HAVE_ECH && WOLFSSL_TLS13 */
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
-static void keyLog_callback(const WOLFSSL* ssl, const char* line )
+static void keyLog_callback(const WOLFSSL* ssl, const char* line)
 {
+    XFILE fp;
+    const byte lf = '\n';
 
     AssertNotNull(ssl);
     AssertNotNull(line);
 
-    XFILE fp;
-    const byte  lf = '\n';
     fp = XFOPEN("./MyKeyLog.txt", "a");
-    XFWRITE( line, 1, strlen(line),fp);
-    XFWRITE( (void*)&lf,1,1,fp);
+    XFWRITE(line, 1, XSTRLEN(line), fp);
+    XFWRITE((void*)&lf, 1, 1, fp);
     XFFLUSH(fp);
     XFCLOSE(fp);
-
 }
 #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
 static int test_wolfSSL_CTX_set_keylog_callback(void)
@@ -48201,12 +59612,14 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
-/* This test is intended for checking whether keylog callback is called
- * in client during TLS handshake between the client and a server.
- */
+    /* This test is intended for checking whether keylog callback is called
+     * in client during TLS handshake between the client and a server.
+     */
     test_ssl_cbf server_cbf;
     test_ssl_cbf client_cbf;
     XFILE fp = XBADFILE;
+    char  buff[500];
+    int   found = 0;
 
     XMEMSET(&server_cbf, 0, sizeof(test_ssl_cbf));
     XMEMSET(&client_cbf, 0, sizeof(test_ssl_cbf));
@@ -48223,16 +59636,12 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void)
 
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
         &server_cbf, NULL), TEST_SUCCESS);
-    XSLEEP_MS(100);
 
     /* check if the keylog file exists */
-
-    char  buff[300] = {0};
-    int  found = 0;
-
     ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE);
     XFFLUSH(fp); /* Just to make sure any buffers get flushed */
 
+    XMEMSET(buff, 0, sizeof(buff));
     while (EXPECT_SUCCESS() && XFGETS(buff, (int)sizeof(buff), fp) != NULL) {
         if (0 == strncmp(buff,"CLIENT_RANDOM ", sizeof("CLIENT_RANDOM ")-1)) {
             found = 1;
@@ -48502,14 +59911,16 @@ static int post_auth_version_client_cb(WOLFSSL* ssl)
     /* do handshake and then test version error */
     ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
     ExpectStrEQ("TLSv1.2", wolfSSL_get_version(ssl));
-    ExpectIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_verify_client_post_handshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE)
     /* check was added to error queue */
-    ExpectIntEQ(wolfSSL_ERR_get_error(), -UNSUPPORTED_PROTO_VERSION);
+    ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(UNSUPPORTED_PROTO_VERSION));
 
     /* check the string matches expected string */
-    ExpectStrEQ(wolfSSL_ERR_error_string(-UNSUPPORTED_PROTO_VERSION, NULL),
+    #ifndef NO_ERROR_STRINGS
+    ExpectStrEQ(wolfSSL_ERR_error_string(-WC_NO_ERR_TRACE(UNSUPPORTED_PROTO_VERSION), NULL),
             "WRONG_SSL_VERSION");
+    #endif
 #endif
     return EXPECT_RESULT();
 }
@@ -48717,13 +60128,15 @@ static int test_wolfSSL_X509_STORE(void)
 
 #ifdef HAVE_CRL
     X509_STORE_CTX *storeCtx = NULL;
-    X509_CRL *crl = NULL;
     X509 *ca = NULL;
     X509 *cert = NULL;
-    const char crlPem[] = "./certs/crl/crl.revoked";
     const char srvCert[] = "./certs/server-revoked-cert.pem";
     const char caCert[] = "./certs/ca-cert.pem";
+#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP
+    X509_CRL *crl = NULL;
+    const char crlPem[] = "./certs/crl/crl.revoked";
     XFILE fp = XBADFILE;
+#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */
 
     ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
     ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
@@ -48743,6 +60156,7 @@ static int test_wolfSSL_X509_STORE(void)
     X509_free(ca);
     ca = NULL;
 
+#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP
     /* should fail to verify now after adding in CRL */
     ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
     ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
@@ -48772,6 +60186,7 @@ static int test_wolfSSL_X509_STORE(void)
     cert = NULL;
     X509_free(ca);
     ca = NULL;
+#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */
 #endif /* HAVE_CRL */
 
 
@@ -48854,14 +60269,14 @@ static int test_wolfSSL_X509_STORE_load_locations(void)
 
     /* Test bad arguments */
     ExpectIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL),
-        WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_load_locations(store, client_der_file, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_load_locations(store, ecc_file, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_load_locations(store, NULL, bad_path),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifdef HAVE_CRL
     /* Test with CRL */
@@ -48943,15 +60358,19 @@ static int test_X509_STORE_get0_objects(void)
         switch (X509_OBJECT_get_type(obj)) {
         case X509_LU_X509:
         {
-            WOLFSSL_X509* x509;
+            X509* x509 = NULL;
+            X509_NAME *subj_name = NULL;
             ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj));
             ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS);
+            ExpectNotNull(subj_name = X509_get_subject_name(x509));
+            ExpectPtrEq(obj, X509_OBJECT_retrieve_by_subject(objs, X509_LU_X509,
+                    subj_name));
             break;
         }
         case X509_LU_CRL:
 #ifdef HAVE_CRL
         {
-            WOLFSSL_CRL* crl = NULL;
+            X509_CRL* crl = NULL;
             ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj));
             ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS);
             break;
@@ -49057,7 +60476,7 @@ static int test_wolfSSL_BN(void)
     ExpectIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
     ExpectIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
     ExpectIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
-    ExpectIntEQ(BN_is_word(a, 3), SSL_FAILURE);
+    ExpectIntEQ(BN_is_word(a, 3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     {
@@ -49151,14 +60570,14 @@ static int test_wolfSSL_BN_init(void)
     ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
 
     /* a^b mod c = */
-    ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
 
     /* check result  3^2 mod 5 */
     ExpectIntEQ(BN_get_word(&dv), 4);
 
     /* a*b mod c = */
-    ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
+    ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
 
     /* check result  3*2 mod 5 */
@@ -49192,7 +60611,6 @@ static int test_wolfSSL_BN_enc_dec(void)
     XMEMSET(&emptyBN, 0, sizeof(emptyBN));
     ExpectNotNull(a = BN_new());
     ExpectNotNull(b = BN_new());
-    ExpectIntEQ(BN_set_word(a, 2), 1);
 
     /* Invalid parameters */
     ExpectIntEQ(BN_bn2bin(NULL, NULL), -1);
@@ -49204,8 +60622,10 @@ static int test_wolfSSL_BN_enc_dec(void)
     ExpectNull(BN_bn2dec(NULL));
     ExpectNull(BN_bn2dec(&emptyBN));
 
-    ExpectNull(BN_bin2bn(NULL, sizeof(binNum), NULL));
-    ExpectNull(BN_bin2bn(NULL, sizeof(binNum), a));
+    ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a));
+    BN_free(a);
+    ExpectNotNull(a = BN_new());
+    ExpectIntEQ(BN_set_word(a, 2), 1);
     ExpectNull(BN_bin2bn(binNum, -1, a));
     ExpectNull(BN_bin2bn(binNum, -1, NULL));
     ExpectNull(BN_bin2bn(binNum, sizeof(binNum), &emptyBN));
@@ -50147,7 +61567,7 @@ static int test_generate_cookie(void)
     ExpectNotNull(ssl = SSL_new(ctx));
 
     /* Test unconnected */
-    ExpectIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E);
+    ExpectIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), WC_NO_ERR_TRACE(GEN_COOKIE_E));
 
     wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie);
 
@@ -50233,7 +61653,7 @@ static int test_wolfSSL_set_options(void)
                     appData, sizeof(appData)), 0);
     }
 #else
-    ExpectIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNull(wolfSSL_get_app_data((const WOLFSSL*)ssl));
 #endif
 #endif
@@ -50347,37 +61767,37 @@ static int test_wolfSSL_set1_curves_list(void)
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifdef HAVE_ECC
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS);
 #endif
 #ifdef HAVE_CURVE25519
     ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #ifdef HAVE_CURVE448
     ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
-    ExpectIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifdef HAVE_ECC
-    ExpectIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS);
 #endif
 
 #ifdef HAVE_CURVE25519
     ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #ifdef HAVE_CURVE448
     ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     SSL_free(ssl);
@@ -50433,15 +61853,27 @@ static int test_wolfSSL_curves_mismatch(void)
     } test_params[] = {
 #ifdef WOLFSSL_TLS13
         {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3",
-                FATAL_ERROR, BAD_KEY_SHARE_DATA},
+                WC_NO_ERR_TRACE(FATAL_ERROR), WC_NO_ERR_TRACE(BAD_KEY_SHARE_DATA)},
 #endif
 #ifndef WOLFSSL_NO_TLS12
         {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2",
-                FATAL_ERROR, MATCH_SUITE_ERROR},
+                WC_NO_ERR_TRACE(FATAL_ERROR),
+#ifdef OPENSSL_EXTRA
+                WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL)
+#else
+                WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)
+#endif
+        },
 #endif
 #ifndef NO_OLD_TLS
         {wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLS 1.1",
-                FATAL_ERROR, MATCH_SUITE_ERROR},
+                WC_NO_ERR_TRACE(FATAL_ERROR),
+#ifdef OPENSSL_EXTRA
+                WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL)
+#else
+                WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)
+#endif
+        },
 #endif
     };
 
@@ -50458,7 +61890,7 @@ static int test_wolfSSL_curves_mismatch(void)
         func_cb_server.method = test_params[i].server_meth;
 
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
-            &func_cb_server, NULL), TEST_FAIL);
+            &func_cb_server, NULL), -1001);
         ExpectIntEQ(func_cb_client.last_err, test_params[i].client_last_err);
         ExpectIntEQ(func_cb_server.last_err, test_params[i].server_last_err);
 
@@ -50488,29 +61920,29 @@ static int test_wolfSSL_set1_sigalgs_list(void)
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
-    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifndef NO_RSA
     #ifndef NO_SHA256
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"),
                     WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"),
                     WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         #ifdef WC_RSA_PSS
             ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"),
                         WOLFSSL_SUCCESS);
@@ -50532,17 +61964,17 @@ static int test_wolfSSL_set1_sigalgs_list(void)
             ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl,
                        "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
         #endif
-        ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WOLFSSL_FAILURE);
-        ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WOLFSSL_FAILURE);
+        ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #endif
 #endif
 #ifdef HAVE_ECC
@@ -50689,7 +62121,7 @@ static int test_wolfSSL_BIO(void)
         buff[i] = i;
     }
     /* test BIO_free with NULL */
-    ExpectIntEQ(BIO_free(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(BIO_free(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Creating and testing type BIO_s_bio */
     ExpectNotNull(bio1 = BIO_new(BIO_s_bio()));
@@ -50741,7 +62173,7 @@ static int test_wolfSSL_BIO(void)
     ExpectIntEQ(BIO_ctrl_reset_read_request(bio1), 1);
 
     /* new pair */
-    ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE);
+    ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio2); /* free bio2 and automatically remove from pair */
     bio2 = NULL;
     ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
@@ -50749,8 +62181,8 @@ static int test_wolfSSL_BIO(void)
     ExpectIntEQ(BIO_nread(bio3, &bufPt, 10), 0);
 
     /* test wrap around... */
-    ExpectIntEQ(BIO_reset(bio1), 0);
-    ExpectIntEQ(BIO_reset(bio3), 0);
+    ExpectIntEQ(BIO_reset(bio1), 1);
+    ExpectIntEQ(BIO_reset(bio3), 1);
 
     /* fill write buffer, read only small amount then write again */
     ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
@@ -50775,7 +62207,7 @@ static int test_wolfSSL_BIO(void)
         ExpectIntEQ(bufPt[i], buff[4 + i]);
     }
 
-    ExpectIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(BIO_nread(bio3, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BIO_nread0(bio3, &bufPt), 4);
     for (i = 0; i < 4; i++) {
         ExpectIntEQ(bufPt[i], 0);
@@ -50792,7 +62224,7 @@ static int test_wolfSSL_BIO(void)
     ExpectNotNull(XMEMCPY(bufPt, buff, 20));
 
     /* test reset on data in bio1 write buffer */
-    ExpectIntEQ(BIO_reset(bio1), 0);
+    ExpectIntEQ(BIO_reset(bio1), 1);
     ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0);
     ExpectIntEQ(BIO_nread(bio3, &bufPt, 3), 0);
     ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
@@ -50823,7 +62255,7 @@ static int test_wolfSSL_BIO(void)
     {
         BIO* bioA = NULL;
         BIO* bioB = NULL;
-        ExpectIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
+        ExpectIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
         BIO_free(bioA);
         bioA = NULL;
@@ -50863,7 +62295,7 @@ static int test_wolfSSL_BIO(void)
         ExpectIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg));
 
         ExpectIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS);
-        ExpectIntEQ(BIO_reset(f_bio2), 0);
+        ExpectIntEQ(BIO_reset(f_bio2), 1);
         ExpectIntEQ(BIO_tell(NULL),-1);
         ExpectIntEQ(BIO_tell(f_bio2),0);
         ExpectIntEQ(BIO_seek(f_bio2, 4), 0);
@@ -51492,7 +62924,7 @@ static int test_wolfSSL_X509_max_altnames(void)
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
 
     /* Only test if max alt names has not been modified */
-#if WOLFSSL_MAX_ALT_NAMES == 128
+#if WOLFSSL_MAX_ALT_NAMES <= 1024
 
     WOLFSSL_CTX* ctx = NULL;
     /* File contains a certificate encoded with 130 subject alternative names */
@@ -51572,7 +63004,7 @@ static int test_wolfSSL_X509(void)
 
     ExpectNotNull(ctx = X509_STORE_CTX_new());
 
-    ExpectIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR);
+    ExpectIntEQ(X509_verify_cert(ctx), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 
     ExpectNotNull(store = X509_STORE_new());
     ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
@@ -51627,7 +63059,7 @@ static int test_wolfSSL_X509_get_ext_count(void)
     XFILE f = XBADFILE;
 
     /* NULL parameter check */
-    ExpectIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_get_ext_count(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
         SSL_FILETYPE_PEM));
@@ -51648,7 +63080,7 @@ static int test_wolfSSL_X509_get_ext_count(void)
     ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
 
     /* wolfSSL_X509_get_ext_count() NULL argument */
-    ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE);
+    ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     wolfSSL_X509_free(x509);
 #endif
@@ -51906,7 +63338,7 @@ static int test_wolfSSL_X509_sign(void)
     ExpectIntEQ(wolfSSL_X509_add_altname(x509,
                 "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
                 ASN_DNS_TYPE), SSL_SUCCESS);
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
     {
         unsigned char ip4_type[] = {127,128,0,255};
         unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab,
@@ -51939,7 +63371,7 @@ static int test_wolfSSL_X509_sign(void)
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
     ExpectIntEQ(X509_get_ext_count(x509), 1);
 #endif
-#if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
+#if defined(WOLFSSL_ALT_NAMES) && defined(WOLFSSL_IP_ALT_NAME)
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1);
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1);
 #endif
@@ -51955,7 +63387,7 @@ static int test_wolfSSL_X509_sign(void)
 #ifndef WOLFSSL_ALT_NAMES
     /* Valid case - size should be 781-786 with 16 byte serial number */
     ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz));
-#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#elif defined(WOLFSSL_IP_ALT_NAME)
     /* Valid case - size should be 955-960 with 16 byte serial number */
     ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz));
 #else
@@ -52030,7 +63462,7 @@ static int test_wolfSSL_X509_sign(void)
     ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
 
     /* uses ParseCert which fails on bad version number */
-    ExpectIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
+    ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     EVP_MD_CTX_free(mctx);
@@ -52067,8 +63499,11 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     X509* x509 = NULL;
     const ASN1_OBJECT* obj = NULL;
     const X509_ALGOR* alg = NULL;
+    X509_ALGOR* alg2 = NULL;
     int pptype = 0;
     const void *ppval = NULL;
+    byte* der = NULL;
+    const byte* tmp = NULL;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         SSL_FILETYPE_PEM));
@@ -52086,7 +63521,13 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     /* Make sure NID of X509_ALGOR is Sha256 with RSA */
     ExpectIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption);
 
+    ExpectIntEQ(i2d_X509_ALGOR(alg, &der), 15);
+    tmp = der;
+    ExpectNotNull(d2i_X509_ALGOR(&alg2, &tmp, 15));
+
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
     X509_free(x509);
+    X509_ALGOR_free(alg2);
 #endif
     return EXPECT_RESULT();
 }
@@ -53002,8 +64443,9 @@ static int test_wolfSSL_PKCS8_d2i(void)
     return EXPECT_RESULT();
 }
 
-#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
-    defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
+#if !defined(SINGLE_THREADED) && defined(ERROR_QUEUE_PER_THREAD) && \
+    !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
+    defined(DEBUG_WOLFSSL)
 #define LOGGING_THREADS 5
 #define ERROR_COUNT 10
 /* copied from logging.c since this is not exposed otherwise */
@@ -53058,8 +64500,9 @@ static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args)
 static int test_error_queue_per_thread(void)
 {
     int res = TEST_SKIPPED;
-#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
-    defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
+#if !defined(SINGLE_THREADED) && defined(ERROR_QUEUE_PER_THREAD) && \
+    !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
+    defined(DEBUG_WOLFSSL)
     THREAD_TYPE loggingThreads[LOGGING_THREADS];
     int i;
 
@@ -53160,13 +64603,13 @@ static int test_wolfSSL_ERR_get_error_order(void)
     /* Empty the queue. */
     wolfSSL_ERR_clear_error();
 
-    wolfSSL_ERR_put_error(0, 0, ASN_NO_SIGNER_E, "test", 0);
-    wolfSSL_ERR_put_error(0, 0, ASN_SELF_SIGNED_E, "test", 0);
+    wolfSSL_ERR_put_error(0, 0, WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), "test", 0);
+    wolfSSL_ERR_put_error(0, 0, WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E), "test", 0);
 
-    ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_NO_SIGNER_E);
-    ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_NO_SIGNER_E);
-    ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_SELF_SIGNED_E);
-    ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_SELF_SIGNED_E);
+    ExpectIntEQ(wolfSSL_ERR_peek_error(), -WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
+    ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
+    ExpectIntEQ(wolfSSL_ERR_peek_error(), -WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E));
+    ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E));
 #endif /* WOLFSSL_HAVE_ERROR_QUEUE && OPENSSL_EXTRA */
     return EXPECT_RESULT();
 }
@@ -53282,7 +64725,7 @@ static int test_wc_ERR_print_errors_fp(void)
     long sz;
     XFILE fp = XBADFILE;
 
-    WOLFSSL_ERROR(BAD_FUNC_ARG);
+    WOLFSSL_ERROR(WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectTrue((fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar")) !=
         XBADFILE);
     wc_ERR_print_errors_fp(fp);
@@ -53448,9 +64891,9 @@ static int test_wolfSSL_MD5_Transform(void)
     ExpectIntEQ(MD5_Transform(NULL, NULL), 0);
     ExpectIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(MD5_Transform(&md5.compat, NULL), 0);
-    ExpectIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Md5Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init MD5 CTX */
     ExpectIntEQ(wolfSSL_MD5_Init(&md5.compat), 1);
@@ -53646,9 +65089,9 @@ static int test_wolfSSL_SHA_Transform(void)
     ExpectIntEQ(SHA1_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA1_Transform(&sha.compat, NULL), 0);
-    ExpectIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ShaTransform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA CTX */
     ExpectIntEQ(SHA_Init(&sha.compat), 1);
@@ -53787,9 +65230,9 @@ static int test_wolfSSL_SHA256_Transform(void)
     ExpectIntEQ(SHA256_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA256_Transform(&sha256.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA256 CTX */
     ExpectIntEQ(SHA256_Init(&sha256.compat), 1);
@@ -53861,9 +65304,9 @@ static int test_wolfSSL_SHA512_Transform(void)
     ExpectIntEQ(SHA512_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA512_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA512 CTX */
     ExpectIntEQ(wolfSSL_SHA512_Init(&sha512.compat), 1);
@@ -53931,10 +65374,10 @@ static int test_wolfSSL_SHA512_224_Transform(void)
     ExpectIntEQ(SHA512_224_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA512_224_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA512_224_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha512_224Transform(NULL, (const byte*)&input1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA512 CTX */
     ExpectIntEQ(wolfSSL_SHA512_224_Init(&sha512.compat), 1);
@@ -54004,10 +65447,10 @@ static int test_wolfSSL_SHA512_256_Transform(void)
     ExpectIntEQ(SHA512_256_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA512_256_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA512_256_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha512_256Transform(NULL, (const byte*)&input1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA512 CTX */
     ExpectIntEQ(wolfSSL_SHA512_256_Init(&sha512.compat), 1);
@@ -54313,7 +65756,7 @@ static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
     ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 1);
     ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 1);
 #else
-    ExpectIntEQ(HMAC_size(hmac), BAD_FUNC_ARG);
+    ExpectIntEQ(HMAC_size(hmac), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 0);
     ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 0);
     ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 0);
@@ -55086,7 +66529,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
     /* wolfSSL_AES_wrap_key() 256-bit NULL iv */
     ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
     ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
-            15), WOLFSSL_FAILURE);
+            15), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
             sizeof(key256)), sizeof(wrapCipher));
     wc_AesFree((Aes*)&aes);
@@ -55094,7 +66537,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
     /* wolfSSL_AES_unwrap_key() 256-bit NULL iv */
     ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
     ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
-            23), WOLFSSL_FAILURE);
+            23), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
             sizeof(wrapCipher)), sizeof(wrapPlain));
     ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
@@ -55463,7 +66906,7 @@ static int test_wolfSSL_OBJ(void)
     ASN1_STRING *asn1 = NULL;
     unsigned char *buf_dyn = NULL;
 
-    ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
+    ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy));
     ExpectIntEQ(OBJ_obj2nid(obj), NID_any_policy);
     ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11);
@@ -55587,10 +67030,10 @@ static int test_wolfSSL_OBJ_cmp(void)
     ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy));
     ExpectNotNull(obj2 = OBJ_nid2obj(NID_sha256));
 
-    ExpectIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(OBJ_cmp(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(OBJ_cmp(obj, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(OBJ_cmp(NULL, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(OBJ_cmp(obj, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     ExpectIntEQ(OBJ_cmp(obj, obj), 0);
     ExpectIntEQ(OBJ_cmp(obj2, obj2), 0);
 
@@ -56051,8 +67494,8 @@ static int test_GENERAL_NAME_set0_othername(void) {
     ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
     sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
     gns = NULL;
-    ExpectNotNull(gns = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL,
-        NULL));
+    ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509,
+        NID_subject_alt_name, NULL, NULL));
 
     ExpectIntEQ(sk_GENERAL_NAME_num(gns), 3);
 
@@ -56116,6 +67559,8 @@ static int test_othername_and_SID_ext(void) {
     ASN1_OBJECT* sid_oid = NULL;
     ASN1_OCTET_STRING *sid_data = NULL;
 
+    ASN1_OBJECT* alt_names_oid = NULL;
+
     EVP_PKEY* priv = NULL;
     XFILE f = XBADFILE;
     byte* pt = NULL;
@@ -56176,6 +67621,10 @@ static int test_othername_and_SID_ext(void) {
     ExpectIntGT(X509_REQ_sign(x509, priv, EVP_sha256()), 0);
     pt = der;
     ExpectIntGT(derSz = i2d_X509_REQ(x509, &pt), 0);
+    X509_REQ_free(x509);
+    x509 = NULL;
+    pt = der;
+    ExpectNotNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt, derSz));
     sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
     gns = NULL;
     sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
@@ -56184,7 +67633,6 @@ static int test_othername_and_SID_ext(void) {
     ASN1_OBJECT_free(sid_oid);
     ASN1_OCTET_STRING_free(sid_data);
     X509_REQ_free(x509);
-    x509 = NULL;
     EVP_PKEY_free(priv);
 
     /* At this point everything used to generate what is in der is cleaned up.
@@ -56202,21 +67650,27 @@ static int test_othername_and_SID_ext(void) {
     ExpectIntEQ(sk_X509_EXTENSION_num(exts), 2);
 
     /* Check the SID extension. */
-    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts, 0));
+    ExpectNotNull(sid_oid = OBJ_txt2obj("1.3.6.1.4.1.311.25.2", 1));
+    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts,
+            X509_get_ext_by_OBJ(x509, sid_oid, -1)));
     ExpectNotNull(extval = X509_EXTENSION_get_data(ext));
     ExpectIntEQ(extval->length, sizeof(SidExtension));
     ExpectIntEQ(XMEMCMP(SidExtension, extval->data, sizeof(SidExtension)), 0);
+    ASN1_OBJECT_free(sid_oid);
 
     /* Check the AltNames extension. */
-    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts, 1));
+    ExpectNotNull(alt_names_oid = OBJ_txt2obj("subjectAltName", 0));
+    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts,
+            X509_get_ext_by_OBJ(x509, alt_names_oid, -1)));
     ExpectNotNull(extval = X509_EXTENSION_get_data(ext));
     ExpectIntEQ(extval->length, sizeof(expectedAltName));
     ExpectIntEQ(XMEMCMP(expectedAltName, extval->data, sizeof(expectedAltName)),
                 0);
+    ASN1_OBJECT_free(alt_names_oid);
 
     /* Cleanup */
-    ExpectNotNull(gns = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL,
-                                         NULL));
+    ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509,
+        NID_subject_alt_name, NULL, NULL));
     ExpectIntEQ(sk_GENERAL_NAME_num(gns), 1);
     ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 0));
     ExpectIntEQ(gn->type, 0);
@@ -56246,14 +67700,14 @@ static int test_wolfSSL_X509_set_name(void)
                                            1), WOLFSSL_SUCCESS);
     ExpectNotNull(x509 = X509_new());
 
-    ExpectIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_subject_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_subject_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_subject_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_issuer_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_issuer_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_issuer_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
 
     X509_free(x509);
@@ -56429,7 +67883,7 @@ static int test_wolfSSL_BIO_gets(void)
     /* try with bad args */
     ExpectNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
 #ifdef OPENSSL_ALL
-    ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), BAD_FUNC_ARG);
+    ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     /* try with real msg */
@@ -56529,7 +67983,7 @@ static int test_wolfSSL_BIO_gets(void)
     /* check error cases */
     BIO_free(bio);
     bio = NULL;
-    ExpectIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(BIO_gets(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
 
@@ -56842,7 +68296,7 @@ static int test_wolfSSL_BIO_connect(void)
     server_args.signal = &ready;
     start_thread(test_server_nofail, &server_args, &serverThread);
     wait_tcp_ready(&server_args);
-    ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0);
+    ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0);
 
     /* Start the test proper */
     /* Setup the TCP BIO */
@@ -56889,7 +68343,7 @@ static int test_wolfSSL_BIO_connect(void)
     server_args.signal = &ready;
     start_thread(test_server_nofail, &server_args, &serverThread);
     wait_tcp_ready(&server_args);
-    ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0);
+    ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0);
 
     ExpectNotNull(sslBio = BIO_new_ssl_connect(ctx));
     ExpectIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1);
@@ -56940,15 +68394,15 @@ static int test_wolfSSL_BIO_tls(void)
 
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = SSL_connect(ssl);
         err = SSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     /* in this use case, should return WANT READ
      * so that Qt will read the data from plain packet for next state.
      */
@@ -56960,6 +68414,182 @@ static int test_wolfSSL_BIO_tls(void)
     return EXPECT_RESULT();
 }
 
+
+static int test_wolfSSL_BIO_datagram(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA)
+    int ret;
+    SOCKET_T fd1 = SOCKET_INVALID, fd2 = SOCKET_INVALID;
+    WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL;
+    WOLFSSL_BIO_ADDR *bio_addr1 = NULL, *bio_addr2 = NULL;
+    SOCKADDR_IN sin1, sin2;
+    socklen_t slen;
+    static const char test_msg[] = "I am a datagram, short and stout.";
+    char test_msg_recvd[sizeof(test_msg) + 10];
+#ifdef USE_WINDOWS_API
+    static const DWORD timeout = 250; /* ms */
+#else
+    static const struct timeval timeout = { 0, 250000 };
+#endif
+
+    StartTCP();
+
+    if (EXPECT_SUCCESS()) {
+        fd1 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+        ExpectIntNE(fd1, SOCKET_INVALID);
+    }
+    if (EXPECT_SUCCESS()) {
+        fd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+        ExpectIntNE(fd2, SOCKET_INVALID);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio1 = wolfSSL_BIO_new_dgram(fd1, 1 /* closeF */);
+        ExpectNotNull(bio1);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio2 = wolfSSL_BIO_new_dgram(fd2, 1 /* closeF */);
+        ExpectNotNull(bio2);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        sin1.sin_family = AF_INET;
+        sin1.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+        sin1.sin_port = 0;
+        slen = (socklen_t)sizeof(sin1);
+        ExpectIntEQ(bind(fd1, (const struct sockaddr *)&sin1, slen), 0);
+        ExpectIntEQ(setsockopt(fd1, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0);
+        ExpectIntEQ(getsockname(fd1, (struct sockaddr *)&sin1, &slen), 0);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        sin2.sin_family = AF_INET;
+        sin2.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+        sin2.sin_port = 0;
+        slen = (socklen_t)sizeof(sin2);
+        ExpectIntEQ(bind(fd2, (const struct sockaddr *)&sin2, slen), 0);
+        ExpectIntEQ(setsockopt(fd2, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0);
+        ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio_addr1 = wolfSSL_BIO_ADDR_new();
+        ExpectNotNull(bio_addr1);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio_addr2 = wolfSSL_BIO_ADDR_new();
+        ExpectNotNull(bio_addr2);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        /* for OpenSSL compatibility, direct copying of sockaddrs into BIO_ADDRs must work right. */
+        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr2);
+    }
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+    ExpectIntEQ(wolfSSL_BIO_number_written(bio1), sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_number_read(bio2), sizeof(test_msg));
+#endif
+
+    /* bio2 should now have bio1's addr stored as its peer_addr, because the
+     * BIOs aren't "connected" yet.  use it to send a reply.
+     */
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR);
+    ExpectIntNE(BIO_should_retry(bio1), 0);
+
+    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR);
+    ExpectIntNE(BIO_should_retry(bio2), 0);
+
+    /* now "connect" the sockets. */
+
+    ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, (socklen_t)sizeof(sin2)), 0);
+    ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
+
+    if (EXPECT_SUCCESS()) {
+        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr2), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr2);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr1), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr1);
+    }
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+#ifdef __linux__
+    /* now "disconnect" the sockets and attempt transmits expected to fail. */
+
+    sin1.sin_family = AF_UNSPEC;
+    ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
+    ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
+    sin1.sin_family = AF_INET;
+
+    ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS);
+    ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS);
+
+    if (EXPECT_SUCCESS()) {
+        sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); /* 192.168.192.168 -- invalid for loopback interface. */
+        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr2);
+    }
+
+    test_msg_recvd[0] = 0;
+    errno = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), -1);
+    ExpectTrue((errno == EINVAL) || (errno == ENETUNREACH));
+
+#endif /* __linux__ */
+
+
+    if (bio1) {
+        ret = wolfSSL_BIO_free(bio1);
+        ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+    } else if (fd1 != SOCKET_INVALID)
+        CloseSocket(fd1);
+    if (bio2) {
+        ret = wolfSSL_BIO_free(bio2);
+        ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+    } else if (fd2 != SOCKET_INVALID)
+        CloseSocket(fd2);
+    if (bio_addr1)
+        wolfSSL_BIO_ADDR_free(bio_addr1);
+    if (bio_addr2)
+        wolfSSL_BIO_ADDR_free(bio_addr2);
+
+#endif /* !NO_BIO && WOLFSSL_DTLS && WOLFSSL_HAVE_BIO_ADDR && OPENSSL_EXTRA */
+
+    return EXPECT_RESULT();
+}
+
+
 #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
     defined(HAVE_HTTP_CLIENT)
 static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args)
@@ -57146,7 +68776,7 @@ static int test_wolfSSL_BIO_printf(void)
     XMEMSET(out, 0, sizeof(out));
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     ExpectIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
-    ExpectIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(BIO_printf(NULL, ""), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 30);
     ExpectIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
     BIO_free(bio);
@@ -57291,7 +68921,7 @@ static int test_wolfSSL_BIO_reset(void)
     ExpectIntEQ(BIO_write(bio, "WriteToReadonly", 15), 0);
     ExpectIntEQ(BIO_read(bio, buf, 16), -1);
     XMEMSET(buf, 0, 16);
-    ExpectIntEQ(BIO_reset(bio), 0);
+    ExpectIntEQ(BIO_reset(bio), 1);
     ExpectIntEQ(BIO_read(bio, buf, 16), 16);
     ExpectIntEQ(XMEMCMP(buf, "secure your data", 16), 0);
     BIO_free(bio);
@@ -57690,9 +69320,9 @@ static int test_wolfSSL_SESSION(void)
 
     /* TLS v1.3 requires session tickets */
     /* CHACHA and POLY1305 required for myTicketEncCb */
-#if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
-    !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
-            defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
+#if !defined(WOLFSSL_NO_TLS12) && (!defined(WOLFSSL_TLS13) || \
+    !(defined(HAVE_SESSION_TICKET) && ((defined(HAVE_CHACHA) && \
+            defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))))
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
 #else
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
@@ -57739,14 +69369,14 @@ static int test_wolfSSL_SESSION(void)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -57754,14 +69384,14 @@ static int test_wolfSSL_SESSION(void)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET));
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, (int)XSTRLEN(sendGET));
 
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -57769,14 +69399,14 @@ static int test_wolfSSL_SESSION(void)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_read(ssl, msg, sizeof(msg));
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, 23);
 
     ExpectPtrNE((sess = wolfSSL_get1_session(ssl)), NULL); /* ref count 1 */
@@ -57852,7 +69482,7 @@ static int test_wolfSSL_SESSION(void)
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
     /* get session from DER and update the timeout */
-    ExpectIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);
     wolfSSL_SESSION_free(sess); sess = NULL;
     sess = NULL;
@@ -57899,7 +69529,7 @@ static int test_wolfSSL_SESSION(void)
 #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
     ExpectIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS);
 #else
-    ExpectIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_session(ssl,sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     ExpectIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
 
@@ -57907,15 +69537,15 @@ static int test_wolfSSL_SESSION(void)
     /* fail case with miss match session context IDs (use compatibility API) */
     ExpectIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
             SSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_session(ssl, sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_free(ssl); ssl = NULL;
 
     ExpectIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz),
-            SSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz),
             SSL_SUCCESS);
     ExpectNotNull(ssl = wolfSSL_new(ctx));
-    ExpectIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_session(ssl, sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #endif /* OPENSSL_EXTRA */
 
@@ -58055,10 +69685,16 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
     defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE)
-static int clientSessRemCountMalloc = 0;
-static int serverSessRemCountMalloc = 0;
-static int clientSessRemCountFree = 0;
-static int serverSessRemCountFree = 0;
+#ifdef WOLFSSL_ATOMIC_OPS
+    typedef wolfSSL_Atomic_Int SessRemCounter_t;
+#else
+    typedef int SessRemCounter_t;
+#endif
+static SessRemCounter_t clientSessRemCountMalloc;
+static SessRemCounter_t serverSessRemCountMalloc;
+static SessRemCounter_t clientSessRemCountFree;
+static SessRemCounter_t serverSessRemCountFree;
+
 static WOLFSSL_CTX* serverSessCtx = NULL;
 static WOLFSSL_SESSION* serverSess = NULL;
 #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
@@ -58079,9 +69715,9 @@ static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess)
     side = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx);
     if (side != NULL) {
         if (*side == WOLFSSL_CLIENT_END)
-            clientSessRemCountFree++;
+            (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountFree, 1);
         else
-            serverSessRemCountFree++;
+            (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountFree, 1);
 
         SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL);
     }
@@ -58118,14 +69754,14 @@ static int SessRemSslSetupCb(WOLFSSL* ssl)
 
     if (SSL_is_server(ssl)) {
         side = &sessRemCtx_Server;
-        serverSessRemCountMalloc++;
+        (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountMalloc, 1);
         ExpectNotNull(serverSess = SSL_get1_session(ssl));
         ExpectIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)),
                 SSL_SUCCESS);
     }
     else {
         side = &sessRemCtx_Client;
-        clientSessRemCountMalloc++;
+        (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountMalloc, 1);
     #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
         !defined(NO_SESSION_CACHE_REF)
         ExpectNotNull(clientSess = SSL_get1_session(ssl));
@@ -58149,6 +69785,11 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
      * session object */
     test_ssl_cbf func_cb;
 
+    wolfSSL_Atomic_Int_Init(&clientSessRemCountMalloc, 0);
+    wolfSSL_Atomic_Int_Init(&serverSessRemCountMalloc, 0);
+    wolfSSL_Atomic_Int_Init(&clientSessRemCountFree, 0);
+    wolfSSL_Atomic_Int_Init(&serverSessRemCountFree, 0);
+
     XMEMSET(&func_cb, 0, sizeof(func_cb));
     func_cb.ctx_ready = SessRemCtxSetupCb;
     func_cb.on_result = SessRemSslSetupCb;
@@ -58209,34 +69850,34 @@ static int test_wolfSSL_ticket_keys(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
                 WOLFSSL_SUCCESS);
@@ -58395,7 +70036,10 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
         ExpectNull(d2i_RSAPrivateKey_bio(NULL, NULL));
 
         /* RSA not set yet, expecting to fail*/
-        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
+        rsa = wolfSSL_RSA_new();
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        wolfSSL_RSA_free(rsa);
+        rsa = NULL;
 
 #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
         /* set RSA using bio*/
@@ -58404,10 +70048,15 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
         ExpectNotNull(d2i_RSAPrivateKey_bio(bio, &rsa));
         ExpectNotNull(rsa);
 
+        /* Tests bad parameters */
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, rsa), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
         ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
 
         /* i2d RSAprivate key tests */
-        ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
+        ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
         ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
                                                sizeof_client_key_der_2048);
@@ -58422,6 +70071,13 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
                             sizeof_client_key_der_2048), 0);
         XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
 
+        RSA_free(rsa);
+        rsa = NULL;
+        ExpectIntGT(BIO_write(bio, client_key_der_2048,
+                    sizeof_client_key_der_2048), 0);
+        ExpectNotNull(d2i_RSA_PUBKEY_bio(bio, &rsa));
+        (void)BIO_reset(bio);
+
         RSA_free(rsa);
         rsa = RSA_new();
         ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 0);
@@ -58901,7 +70557,7 @@ static int test_wolfSSL_verify_result(void)
     WOLFSSL_CTX* ctx = NULL;
     long         result = 0xDEADBEEF;
 
-    ExpectIntEQ(WOLFSSL_FAILURE, wolfSSL_get_verify_result(ssl));
+    ExpectIntEQ(WC_NO_ERR_TRACE(WOLFSSL_FAILURE), wolfSSL_get_verify_result(ssl));
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectNotNull(ssl = SSL_new(ctx));
@@ -58942,7 +70598,7 @@ static int test_wolfSSL_msg_callback(void)
     ExpectNotNull(ssl = SSL_new(ctx));
     ExpectIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS);
     ExpectIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS);
-    ExpectIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE);
+    ExpectIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
@@ -59568,7 +71224,7 @@ static int test_wolfSSL_make_cert(void)
         if (ret >= 0) {
             ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntGT(ret, 0);
 
 #ifdef OPENSSL_EXTRA
@@ -59630,6 +71286,26 @@ static int test_wolfSSL_make_cert(void)
     return EXPECT_RESULT();
 }
 
+static int test_x509_get_key_id(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    X509 *x509 = NULL;
+    const ASN1_STRING* str = NULL;
+    byte* keyId = NULL;
+
+    ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile,
+        WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(str = X509_get0_subject_key_id(x509));
+    ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+
+    X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 
 static int test_wolfSSL_X509_get_version(void)
 {
@@ -59945,10 +71621,10 @@ static int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
 
     /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Should fail since ecKey is empty */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
 
@@ -60105,14 +71781,14 @@ static int test_wolfSSL_CTX_ctrl(void)
 
     /* Tests should fail with passed in NULL pointer */
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, NULL),
-        SSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #if !defined(NO_DH) && !defined(NO_DSA)
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, NULL),
-        SSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #ifdef HAVE_ECC
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, NULL),
-        SSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     /* Test with SSL_CTRL_EXTRA_CHAIN_CERT
@@ -60211,9 +71887,9 @@ static int test_wolfSSL_EVP_PKEY_assign(void)
     type = EVP_PKEY_RSA;
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
     ExpectNotNull(rsa = wolfSSL_RSA_new());
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, rsa),  WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, rsa),    WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, rsa),  WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, rsa),    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, rsa),  WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
         wolfSSL_RSA_free(rsa);
@@ -60226,9 +71902,9 @@ static int test_wolfSSL_EVP_PKEY_assign(void)
     type = EVP_PKEY_DSA;
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
     ExpectNotNull(dsa = wolfSSL_DSA_new());
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, dsa),  WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, dsa),    WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, dsa),  WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, dsa),    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, dsa),  WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
         wolfSSL_DSA_free(dsa);
@@ -60241,10 +71917,10 @@ static int test_wolfSSL_EVP_PKEY_assign(void)
     type = EVP_PKEY_EC;
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
     ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, ecKey), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL),  WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, ecKey),   WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL),  WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, ecKey),   WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
@@ -60283,9 +71959,9 @@ static int test_wolfSSL_EVP_PKEY_assign_DH(void)
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
 
     /* Bad cases */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Good case */
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS);
@@ -60340,15 +72016,15 @@ static int test_wolfSSL_EVP_PKEY_paramgen(void)
     EVP_PKEY*     pkey = NULL;
 
     /* Test error conditions. */
-    ExpectIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL));
-    ExpectIntEQ(EVP_PKEY_paramgen(ctx, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_paramgen(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifndef NO_RSA
     EVP_PKEY_CTX_free(ctx);
     /* Parameter generation for RSA not supported yet. */
     ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL));
-    ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
 #ifdef HAVE_ECC
@@ -60389,9 +72065,9 @@ static int test_wolfSSL_EVP_PKEY_keygen(void)
     ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
 
     /* Bad cases */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), 0);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), 0);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), 0);
 
     /* Good case */
     ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0);
@@ -60691,13 +72367,13 @@ static int test_wolfSSL_EVP_CIPHER_CTX_set_iv(void)
 
     /* Bad cases */
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen),
-        WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Good case */
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1);
@@ -61294,7 +72970,7 @@ static int test_wolfSSL_EVP_BytesToKey(void)
                 16);
     md = "2";
     ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
-                 WOLFSSL_FAILURE);
+                 WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Good case */
     md = EVP_sha256();
@@ -61449,7 +73125,7 @@ static int test_evp_cipher_aes_gcm(void)
             ExpectIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1),
                         SSL_SUCCESS);
             ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
-                        currentIv), SSL_FAILURE);
+                        currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
             ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0),
                         SSL_SUCCESS);
@@ -61473,7 +73149,7 @@ static int test_evp_cipher_aes_gcm(void)
          * been issued first.
          */
         ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
-                        currentIv), SSL_FAILURE);
+                        currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
         ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
                     (void*)iv), SSL_SUCCESS);
@@ -62291,7 +73967,7 @@ static int test_wolfSSL_X509_EXTENSION_get_critical(void)
         XFCLOSE(file);
     ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
 
-    ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0);
 
     wolfSSL_X509_free(x509);
@@ -62403,13 +74079,13 @@ static int test_wolfSSL_X509_cmp(void)
     ExpectIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
 
     /* wolfSSL_X509_cmp() testing NULL, valid args */
-    ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, cert2));
 
     /* wolfSSL_X509_cmp() testing valid, NULL args */
-    ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(cert1, NULL));
 
     /* wolfSSL_X509_cmp() testing NULL, NULL args */
-    ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, NULL));
 
     wolfSSL_X509_free(cert1);
     wolfSSL_X509_free(cert2);
@@ -62826,7 +74502,7 @@ static int test_wolfSSL_OCSP_id_cmp(void)
 static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
     WOLFSSL_OCSP_SINGLERESP single;
     const WOLFSSL_OCSP_CERTID* certId;
 
@@ -62843,7 +74519,8 @@ static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
 static int test_wolfSSL_OCSP_single_get0_status(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \
+    defined(WOLFSSL_OCSP_PARSE_STATUS)
     WOLFSSL_OCSP_SINGLERESP single;
     CertStatus certStatus;
     WOLFSSL_ASN1_TIME* thisDate;
@@ -62878,7 +74555,7 @@ static int test_wolfSSL_OCSP_single_get0_status(void)
 static int test_wolfSSL_OCSP_resp_count(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
     WOLFSSL_OCSP_BASICRESP basicResp;
     WOLFSSL_OCSP_SINGLERESP singleRespOne;
     WOLFSSL_OCSP_SINGLERESP singleRespTwo;
@@ -62899,7 +74576,7 @@ static int test_wolfSSL_OCSP_resp_count(void)
 static int test_wolfSSL_OCSP_resp_get0(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
     WOLFSSL_OCSP_BASICRESP basicResp;
     WOLFSSL_OCSP_SINGLERESP singleRespOne;
     WOLFSSL_OCSP_SINGLERESP singleRespTwo;
@@ -62916,6 +74593,294 @@ static int test_wolfSSL_OCSP_resp_get0(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_OCSP_parse_url(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(HAVE_OCSP)
+#define CK_OPU_OK(u, h, po, pa, s) do { \
+    char* host = NULL; \
+    char* port = NULL; \
+    char* path = NULL; \
+    int isSsl = 0; \
+    ExpectIntEQ(OCSP_parse_url(u, &host, &port, &path, &isSsl), 1); \
+    ExpectStrEQ(host, h); \
+    ExpectStrEQ(port, po); \
+    ExpectStrEQ(path, pa); \
+    ExpectIntEQ(isSsl, s); \
+    XFREE(host, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(port, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(path, NULL, DYNAMIC_TYPE_OPENSSL); \
+} while(0)
+
+#define CK_OPU_FAIL(u) do { \
+    char* host = NULL; \
+    char* port = NULL; \
+    char* path = NULL; \
+    int isSsl = 0; \
+    ExpectIntEQ(OCSP_parse_url(u, &host, &port, &path, &isSsl), 0); \
+    XFREE(host, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(port, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(path, NULL, DYNAMIC_TYPE_OPENSSL); \
+} while(0)
+
+    CK_OPU_OK("http://localhost", "localhost", "80", "/", 0);
+    CK_OPU_OK("https://wolfssl.com", "wolfssl.com", "443", "/", 1);
+    CK_OPU_OK("https://www.wolfssl.com/fips-140-3-announcement-to-the-world/",
+         "www.wolfssl.com", "443", "/fips-140-3-announcement-to-the-world/", 1);
+    CK_OPU_OK("http://localhost:1234", "localhost", "1234", "/", 0);
+    CK_OPU_OK("https://localhost:1234", "localhost", "1234", "/", 1);
+
+    CK_OPU_FAIL("ftp://localhost");
+    /* two strings to cppcheck doesn't mark it as a c++ style comment */
+    CK_OPU_FAIL("http/""/localhost");
+    CK_OPU_FAIL("http:/localhost");
+    CK_OPU_FAIL("https://localhost/path:1234");
+
+#undef CK_OPU_OK
+#undef CK_OPU_FAIL
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \
+    defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
+static time_t test_wolfSSL_OCSP_REQ_CTX_time_cb(time_t* t)
+{
+    if (t != NULL) {
+        *t = 1722006780;
+    }
+
+    return 1722006780;
+}
+#endif
+
+static int test_wolfSSL_OCSP_REQ_CTX(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \
+    defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
+    /* This buffer was taken from the ocsp-stapling.test test case 1. The ocsp
+     * response was captured in wireshark. It contains both the http and binary
+     * parts. The time test_wolfSSL_OCSP_REQ_CTX_time_cb is set exactly so that
+     * the time check passes. */
+    unsigned char ocspRespBin[] = {
+      0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30,
+      0x20, 0x4f, 0x4b, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74,
+      0x2d, 0x74, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69,
+      0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2d,
+      0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x0d, 0x0a, 0x43, 0x6f,
+      0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68,
+      0x3a, 0x20, 0x31, 0x38, 0x32, 0x31, 0x0d, 0x0a, 0x0d, 0x0a, 0x30, 0x82,
+      0x07, 0x19, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x12, 0x30, 0x82, 0x07,
+      0x0e, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01,
+      0x04, 0x82, 0x06, 0xff, 0x30, 0x82, 0x06, 0xfb, 0x30, 0x82, 0x01, 0x19,
+      0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
+      0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
+      0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e,
+      0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+      0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10,
+      0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c,
+      0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
+      0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69,
+      0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+      0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53,
+      0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31,
+      0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+      0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c,
+      0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30,
+      0x32, 0x34, 0x30, 0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x35,
+      0x5a, 0x30, 0x62, 0x30, 0x60, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b,
+      0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59,
+      0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18,
+      0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02,
+      0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e,
+      0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30,
+      0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x35, 0x5a, 0xa0, 0x11,
+      0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30, 0x37, 0x32, 0x36, 0x31, 0x35,
+      0x31, 0x33, 0x30, 0x35, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+      0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
+      0x00, 0x89, 0x7a, 0xe9, 0x6b, 0x66, 0x47, 0x8e, 0x52, 0x16, 0xf9, 0x8a,
+      0x5a, 0x1e, 0x7a, 0x35, 0xbb, 0x1d, 0x6c, 0xd8, 0x31, 0xbb, 0x24, 0xd2,
+      0xd7, 0xa4, 0x30, 0x27, 0x06, 0x17, 0x66, 0xd1, 0xf9, 0x8d, 0x24, 0xb0,
+      0x49, 0x37, 0x62, 0x13, 0x78, 0x5e, 0xa6, 0x6d, 0xea, 0xe3, 0xd0, 0x30,
+      0x82, 0x7d, 0xb6, 0xf6, 0x55, 0x82, 0x11, 0xdc, 0xe7, 0x0f, 0xd6, 0x24,
+      0xb4, 0x80, 0x23, 0x4f, 0xfd, 0xa7, 0x9a, 0x4b, 0xac, 0xf2, 0xd3, 0xde,
+      0x42, 0x10, 0xfb, 0x4b, 0x29, 0x06, 0x02, 0x7b, 0x47, 0x36, 0x70, 0x75,
+      0x45, 0x38, 0x8d, 0x3e, 0x55, 0x9c, 0xce, 0x78, 0xd8, 0x18, 0x45, 0x47,
+      0x2d, 0x2a, 0x46, 0x65, 0x13, 0x93, 0x1a, 0x98, 0x90, 0xc6, 0x2d, 0xd5,
+      0x05, 0x2a, 0xfc, 0xcb, 0xac, 0x53, 0x73, 0x93, 0x42, 0x4e, 0xdb, 0x17,
+      0x91, 0xcb, 0xe1, 0x08, 0x03, 0xd1, 0x33, 0x57, 0x4b, 0x1d, 0xb8, 0x71,
+      0x84, 0x01, 0x04, 0x47, 0x6f, 0x06, 0xfa, 0x76, 0x7d, 0xd9, 0x37, 0x64,
+      0x57, 0x37, 0x3a, 0x8f, 0x4d, 0x88, 0x11, 0xa5, 0xd4, 0xaa, 0xcb, 0x49,
+      0x47, 0x86, 0xdd, 0xcf, 0x46, 0xa6, 0xfa, 0x8e, 0xf2, 0x62, 0x0f, 0xc9,
+      0x25, 0xf2, 0x39, 0x62, 0x3e, 0x2d, 0x35, 0xc4, 0x76, 0x7b, 0xae, 0xd5,
+      0xe8, 0x85, 0xa1, 0xa6, 0x2d, 0x41, 0xd6, 0x8e, 0x3c, 0xfa, 0xdc, 0x6c,
+      0x66, 0xe2, 0x61, 0xe7, 0xe5, 0x90, 0xa1, 0xfd, 0x7f, 0xdb, 0x18, 0xd0,
+      0xeb, 0x6d, 0x73, 0x08, 0x5f, 0x6a, 0x65, 0x44, 0x50, 0xad, 0x38, 0x9d,
+      0xb6, 0xfb, 0xbf, 0x28, 0x55, 0x84, 0x65, 0xfa, 0x0e, 0x34, 0xfc, 0x43,
+      0x19, 0x80, 0x5c, 0x7d, 0x2d, 0x5b, 0xd8, 0x60, 0xec, 0x0e, 0xf9, 0x1e,
+      0x6e, 0x32, 0x3f, 0x35, 0xf7, 0xec, 0x7e, 0x47, 0xba, 0xb5, 0xd2, 0xaa,
+      0x5a, 0x9d, 0x07, 0x2c, 0xc5, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04,
+      0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02,
+      0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+      0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31,
+      0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+      0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57,
+      0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
+      0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74,
+      0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a,
+      0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30,
+      0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69,
+      0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06,
+      0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53,
+      0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30,
+      0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
+      0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73,
+      0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34,
+      0x30, 0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x34, 0x5a, 0x17,
+      0x0d, 0x32, 0x37, 0x30, 0x34, 0x32, 0x32, 0x31, 0x35, 0x31, 0x32, 0x30,
+      0x34, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+      0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+      0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
+      0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
+      0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30,
+      0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66,
+      0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
+      0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
+      0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16,
+      0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50,
+      0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f,
+      0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
+      0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66,
+      0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30,
+      0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+      0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02,
+      0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14,
+      0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23,
+      0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c,
+      0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b,
+      0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6,
+      0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe,
+      0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3,
+      0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43,
+      0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55,
+      0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73,
+      0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87,
+      0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97,
+      0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66,
+      0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17,
+      0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19,
+      0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08,
+      0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf,
+      0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8,
+      0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73,
+      0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84,
+      0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c,
+      0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00,
+      0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06,
+      0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03,
+      0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79,
+      0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56,
+      0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
+      0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f,
+      0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e,
+      0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97,
+      0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
+      0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a,
+      0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
+      0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61,
+      0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+      0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14,
+      0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67,
+      0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16,
+      0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+      0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f,
+      0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
+      0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66,
+      0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13,
+      0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b,
+      0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+      0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
+      0x01, 0x01, 0x00, 0x37, 0xb9, 0x66, 0xd3, 0xa1, 0x08, 0xfc, 0x37, 0x58,
+      0x4e, 0xe0, 0x8c, 0xd3, 0x7f, 0xa6, 0x0f, 0x59, 0xd3, 0x14, 0xf7, 0x4b,
+      0x36, 0xf7, 0x2e, 0x98, 0xeb, 0x7c, 0x03, 0x3f, 0x3a, 0xd6, 0x9c, 0xcd,
+      0xb4, 0x9e, 0x8d, 0x5f, 0x92, 0xa6, 0x6f, 0x63, 0x87, 0x34, 0xe8, 0x83,
+      0xfd, 0x6d, 0x34, 0x64, 0xb5, 0xf0, 0x9c, 0x71, 0x02, 0xb8, 0xf6, 0x2f,
+      0x10, 0xa0, 0x92, 0x8f, 0x3f, 0x86, 0x3e, 0xe2, 0x01, 0x5a, 0x56, 0x39,
+      0x0a, 0x8d, 0xb1, 0xbe, 0x03, 0xf7, 0xf8, 0xa7, 0x88, 0x46, 0xef, 0x81,
+      0xa0, 0xad, 0x86, 0xc9, 0xe6, 0x23, 0x89, 0x1d, 0xa6, 0x24, 0x45, 0xf2,
+      0x6a, 0x83, 0x2d, 0x8e, 0x92, 0x17, 0x1e, 0x44, 0x19, 0xfa, 0x0f, 0x47,
+      0x6b, 0x8f, 0x4a, 0xa2, 0xda, 0xab, 0xd5, 0x2b, 0xcd, 0xcb, 0x14, 0xf0,
+      0xb5, 0xcf, 0x7c, 0x76, 0x42, 0x32, 0x90, 0x21, 0xdc, 0xdd, 0x52, 0xfc,
+      0x53, 0x7e, 0xff, 0x7f, 0xd9, 0x58, 0x6b, 0x1f, 0x73, 0xee, 0x83, 0xf4,
+      0x67, 0xfa, 0x4a, 0x4f, 0x24, 0xe4, 0x2b, 0x10, 0x74, 0x89, 0x52, 0x9a,
+      0xf7, 0xa4, 0xe0, 0xaf, 0xf5, 0x63, 0xd7, 0xfa, 0x0b, 0x2c, 0xc9, 0x39,
+      0x5d, 0xbd, 0x44, 0x93, 0x69, 0xa4, 0x1d, 0x01, 0xe2, 0x66, 0xe7, 0xc1,
+      0x11, 0x44, 0x7d, 0x0a, 0x7e, 0x5d, 0x1d, 0x26, 0xc5, 0x4a, 0x26, 0x2e,
+      0xa3, 0x58, 0xc4, 0xf7, 0x10, 0xcb, 0xba, 0xe6, 0x27, 0xfc, 0xdb, 0x54,
+      0xe2, 0x60, 0x08, 0xc2, 0x0e, 0x4b, 0xd4, 0xaa, 0x22, 0x23, 0x93, 0x9f,
+      0xe1, 0xcb, 0x85, 0xa4, 0x41, 0x6f, 0x26, 0xa7, 0x77, 0x8a, 0xef, 0x66,
+      0xd0, 0xf8, 0x33, 0xf6, 0xfd, 0x6d, 0x37, 0x7a, 0x89, 0xcc, 0x88, 0x3b,
+      0x82, 0xd0, 0xa9, 0xdf, 0xf1, 0x3d, 0xdc, 0xb0, 0x06, 0x1c, 0xe4, 0x4b,
+      0x57, 0xb4, 0x0c, 0x65, 0xb9, 0xb4, 0x6c
+    };
+    OCSP_REQ_CTX *ctx = NULL;
+    OCSP_REQUEST *req = NULL;
+    OCSP_CERTID *cid = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    BIO* bio1 = NULL;
+    BIO* bio2 = NULL;
+    X509* cert = NULL;
+    X509 *issuer = NULL;
+    X509_LOOKUP *lookup = NULL;
+    X509_STORE *store = NULL;
+    STACK_OF(X509_OBJECT) *str_objs = NULL;
+    X509_OBJECT *x509_obj = NULL;
+
+    ExpectNotNull(bio1 = BIO_new(BIO_s_bio()));
+    ExpectNotNull(bio2 = BIO_new(BIO_s_bio()));
+    ExpectIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS);
+
+    /* Load the leaf cert */
+    ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
+            "certs/ocsp/server1-cert.pem", WOLFSSL_FILETYPE_PEM));
+
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
+    ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ocsp/server1-cert.pem",
+            X509_FILETYPE_PEM), 1);
+    ExpectNotNull(str_objs = X509_STORE_get0_objects(store));
+    ExpectNotNull(x509_obj = X509_OBJECT_retrieve_by_subject(str_objs,
+            X509_LU_X509, X509_get_issuer_name(cert)));
+    ExpectNotNull(issuer = X509_OBJECT_get0_X509(x509_obj));
+
+    ExpectNotNull(req = OCSP_REQUEST_new());
+    ExpectNotNull(cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer));
+    ExpectNotNull(OCSP_request_add0_id(req, cid));
+    ExpectIntEQ(OCSP_request_add1_nonce(req, NULL, -1), 1);
+
+    ExpectNotNull(ctx = OCSP_sendreq_new(bio1, "/", NULL, -1));
+    ExpectIntEQ(OCSP_REQ_CTX_add1_header(ctx, "Host", "127.0.0.1"), 1);
+    ExpectIntEQ(OCSP_REQ_CTX_set1_req(ctx, req), 1);
+    ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), -1);
+    ExpectIntEQ(BIO_write(bio2, ocspRespBin, sizeof(ocspRespBin)),
+            sizeof(ocspRespBin));
+    ExpectIntEQ(wc_SetTimeCb(test_wolfSSL_OCSP_REQ_CTX_time_cb), 0);
+    ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), 1);
+    ExpectIntEQ(wc_SetTimeCb(NULL), 0);
+    ExpectNotNull(rsp);
+
+    OCSP_REQ_CTX_free(ctx);
+    OCSP_REQUEST_free(req);
+    OCSP_RESPONSE_free(rsp);
+    BIO_free(bio1);
+    BIO_free(bio2);
+    X509_free(cert);
+    X509_STORE_free(store);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EVP_PKEY_derive(void)
 {
     EXPECT_DECLS;
@@ -63103,7 +75068,8 @@ static int test_wc_CreateEncryptedPKCS8Key(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \
- && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA)
+ && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) && \
+    !defined(NO_ASN_CRYPT)
     WC_RNG rng;
     byte* encKey = NULL;
     word32 encKeySz = 0;
@@ -63119,7 +75085,7 @@ static int test_wc_CreateEncryptedPKCS8Key(void)
     ExpectIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
         sizeof_server_key_der_2048, NULL, &encKeySz, password, (int)passwordSz,
         PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT,
         DYNAMIC_TYPE_TMP_BUFFER));
     /* Call with the allocated out buffer. */
@@ -63151,6 +75117,7 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
     int derSz = 0;
     word32 inOutIdx;
     const char* path = "./certs/server-keyPkcs8.der";
+    const char* pathAttributes = "./certs/ca-key-pkcs8-attribute.der";
     XFILE file = XBADFILE;
     byte der[2048];
 
@@ -63158,6 +75125,7 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
     ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0);
     if (file != XBADFILE)
         XFCLOSE(file);
+    file = XBADFILE; /* reset file to avoid warning of use after close */
 
     /* valid case */
     inOutIdx = 0;
@@ -63167,18 +75135,28 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
     /* inOutIdx > sz */
     inOutIdx = 4000;
     ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* null input */
     inOutIdx = 0;
     ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* invalid input, fill buffer with 1's */
     XMEMSET(der, 1, sizeof(der));
     inOutIdx = 0;
     ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
+
+    /* test parsing with attributes */
+    ExpectTrue((file = XFOPEN(pathAttributes, "rb")) != XBADFILE);
+    ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0);
+    if (file != XBADFILE)
+        XFCLOSE(file);
+
+    inOutIdx = 0;
+    ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx,
+        (word32)derSz), 0);
 #endif /* NO_ASN */
     return EXPECT_RESULT();
 }
@@ -63286,7 +75264,7 @@ static int test_wc_SetSubjectKeyId(void)
     ExpectIntEQ(0, wc_InitCert(&cert));
     ExpectIntEQ(0, wc_SetSubjectKeyId(&cert, file));
 
-    ExpectIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SetSubjectKeyId(NULL, file));
     ExpectIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name"));
 #endif
     return EXPECT_RESULT();
@@ -63306,7 +75284,7 @@ static int test_wc_SetSubject(void)
     ExpectIntEQ(0, wc_InitCert(&cert));
     ExpectIntEQ(0, wc_SetSubject(&cert, file));
 
-    ExpectIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SetSubject(NULL, file));
     ExpectIntGT(0, wc_SetSubject(&cert, "badfile.name"));
 #endif
     return EXPECT_RESULT();
@@ -63324,13 +75302,13 @@ static int test_CheckCertSignature(void)
     int   certSz;
 #endif
 
-    ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, NULL));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_CheckCertSignature(NULL, 0, NULL, NULL));
     ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
-    ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, cm));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_CheckCertSignature(NULL, 0, NULL, cm));
 
 #ifndef NO_RSA
 #ifdef USE_CERT_BUFFERS_1024
-    ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_1024,
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(server_cert_der_1024,
                 sizeof_server_cert_der_1024, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                 ca_cert_der_1024, sizeof_ca_cert_der_1024,
@@ -63338,7 +75316,7 @@ static int test_CheckCertSignature(void)
     ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_1024,
                 sizeof_server_cert_der_1024, NULL, cm));
 #elif defined(USE_CERT_BUFFERS_2048)
-    ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(server_cert_der_2048,
                 sizeof_server_cert_der_2048, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                 ca_cert_der_2048, sizeof_ca_cert_der_2048,
@@ -63349,7 +75327,7 @@ static int test_CheckCertSignature(void)
 #endif
 
 #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
-    ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(serv_ecc_der_256,
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(serv_ecc_der_256,
                 sizeof_serv_ecc_der_256, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                 ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
@@ -63369,7 +75347,7 @@ static int test_CheckCertSignature(void)
         XFCLOSE(fp);
         fp = XBADFILE;
     }
-    ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm));
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(cert, certSz, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
                 "./certs/ca-cert.pem", NULL));
     ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm));
@@ -63381,7 +75359,7 @@ static int test_CheckCertSignature(void)
         XFCLOSE(fp);
         fp = XBADFILE;
     }
-    ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm));
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(cert, certSz, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
                 "./certs/ca-ecc-cert.pem", NULL));
     ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm));
@@ -63445,11 +75423,11 @@ static int test_wc_ParseCert_Error(void)
         const int cSz;
         const int expRet;
     } t[] = {
-        {c0, sizeof(c0), ASN_PARSE_E}, /* Invalid bit-string length */
-        {c1, sizeof(c1), ASN_PARSE_E}, /* Invalid bit-string length */
-        {c2, sizeof(c2), ASN_PARSE_E}, /* Invalid integer length (zero) */
-        {c3, sizeof(c3), ASN_PARSE_E}, /* Valid INTEGER, but buffer too short */
-        {c4, sizeof(c4), ASN_PARSE_E}, /* Valid INTEGER, but not in bit-string */
+        {c0, sizeof(c0), WC_NO_ERR_TRACE(ASN_PARSE_E)}, /* Invalid bit-string length */
+        {c1, sizeof(c1), WC_NO_ERR_TRACE(ASN_PARSE_E)}, /* Invalid bit-string length */
+        {c2, sizeof(c2), WC_NO_ERR_TRACE(ASN_PARSE_E)}, /* Invalid integer length (zero) */
+        {c3, sizeof(c3), WC_NO_ERR_TRACE(ASN_PARSE_E)}, /* Valid INTEGER, but buffer too short */
+        {c4, sizeof(c4), WC_NO_ERR_TRACE(ASN_PARSE_E)}, /* Valid INTEGER, but not in bit-string */
     };
     const int tSz = (int)(sizeof(t) / sizeof(struct testStruct));
 
@@ -63578,7 +75556,7 @@ static int test_MakeCertWith0Ser(void)
 
 #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON)
     ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
 #else
     ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0);
 #endif
@@ -63662,7 +75640,7 @@ static int test_wc_ecc_get_curve_size_from_name(void)
     /* invalid case */
     ExpectIntEQ(wc_ecc_get_curve_size_from_name("BADCURVE"), -1);
     /* NULL input */
-    ExpectIntEQ(wc_ecc_get_curve_size_from_name(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_get_curve_size_from_name(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif /* HAVE_ECC */
     return EXPECT_RESULT();
 }
@@ -63678,7 +75656,7 @@ static int test_wc_ecc_get_curve_id_from_name(void)
     /* invalid case */
     ExpectIntEQ(wc_ecc_get_curve_id_from_name("BADCURVE"), -1);
     /* NULL input */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_name(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_get_curve_id_from_name(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif /* HAVE_ECC */
     return EXPECT_RESULT();
 }
@@ -63717,7 +75695,7 @@ static int test_wc_ecc_get_curve_id_from_dp_params(void)
         }
     #endif
     /* invalid case, NULL input*/
-    ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wolfSSL_EC_KEY_free(ecKey);
 
@@ -63803,7 +75781,7 @@ static int test_wc_ecc_get_curve_id_from_params(void)
     /* invalid case, NULL prime */
     ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
         Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
-        Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), BAD_FUNC_ARG);
+        Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* invalid case, invalid prime */
     ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize,
@@ -64073,7 +76051,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
         WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_PKEY_verify(
         ctx_verify, sig, siglen, zero, SHA256_DIGEST_LENGTH),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
     !defined(HAVE_SELFTEST)
@@ -64182,8 +76160,8 @@ static int test_EVP_PKEY_rsa(void)
 
     ExpectNotNull(rsa = wolfSSL_RSA_new());
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
-    ExpectIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
         wolfSSL_RSA_free(rsa);
@@ -64204,10 +76182,10 @@ static int test_EVP_PKEY_ec(void)
 
     ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
-    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Should fail since ecKey is empty */
-    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
@@ -64517,15 +76495,15 @@ static int test_X509_REQ(void)
     ExpectNotNull(pub = d2i_PUBKEY(NULL, &rsaPub,
         (long)sizeof_client_keypub_der_2048));
     ExpectNotNull(req = X509_REQ_new());
-    ExpectIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_set_subject_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_set_subject_name(req, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
-    ExpectIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_set_pubkey(NULL, pub), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_set_pubkey(req, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
-    ExpectIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_sign(req, priv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
     len = i2d_X509_REQ(req, &der);
     DEBUG_WRITE_DER(der, len, "req.der");
@@ -64633,7 +76611,7 @@ static int test_wolfssl_PKCS7(void)
     ExpectNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
     ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len));
     ExpectIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
-        PKCS7_NOVERIFY), WOLFSSL_FAILURE);
+        PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     PKCS7_free(pkcs7);
     pkcs7 = NULL;
 
@@ -64641,7 +76619,7 @@ static int test_wolfssl_PKCS7(void)
     p = data;
     ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len));
     ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
-        0), WOLFSSL_FAILURE);
+        0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     PKCS7_free(pkcs7);
     pkcs7 = NULL;
 
@@ -64768,7 +76746,7 @@ static int test_wolfSSL_PKCS7_sign(void)
         for (z = 0; z < outLen && ret != 0; z++) {
             ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
             if (ret < 0){
-                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
             }
         }
         ExpectIntEQ(ret, 0);
@@ -64858,7 +76836,7 @@ static int test_wolfSSL_PKCS7_sign(void)
         for (z = 0; z < outLen && ret != 0; z++) {
             ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
             if (ret < 0){
-                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
             }
         }
         ExpectIntEQ(ret, 0);
@@ -64917,7 +76895,7 @@ static int test_wolfSSL_PKCS7_sign(void)
         for (z = 0; z < outLen && ret != 0; z++) {
             ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
             if (ret < 0){
-                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
             }
         }
         ExpectIntEQ(ret, 0);
@@ -65153,7 +77131,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
     ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */
     ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
-        PKCS7_NOVERIFY), SSL_FAILURE);
+        PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     if (smimeTestFile != XBADFILE) {
         XFCLOSE(smimeTestFile);
         smimeTestFile = XBADFILE;
@@ -65417,7 +77395,7 @@ static int test_X509_STORE_No_SSL_CTX(void)
 
     /* Perform verification, which should NOT indicate CRL missing due to the
      * store CM's X509 store pointer being NULL */
-    ExpectIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
+    ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING));
 
     X509_CRL_free(crl);
     X509_STORE_free(store);
@@ -65488,7 +77466,7 @@ static int test_X509_LOOKUP_add_dir(void)
     ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
 
     /* Perform verification, which should NOT return CRL missing */
-    ExpectIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
+    ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING));
 
     X509_CRL_free(crl);
     crl = NULL;
@@ -65536,7 +77514,7 @@ static int test_X509_LOOKUP_add_dir(void)
 
     /* Now we SHOULD get CRL_MISSING, because we looked for PEM
      * in dir containing only ASN1/DER. */
-    ExpectIntEQ(X509_verify_cert(storeCtx), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx),
             X509_V_ERR_UNABLE_TO_GET_CRL);
 
@@ -65627,10 +77605,14 @@ static int test_RsaSigFailure_cm(void)
         /* test bad cert */
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
-           WOLFSSL_FATAL_ERROR);
+           WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+#elif defined(NO_ASN_CRYPT)
+        /* RSA verify is not called when ASN crypt support is disabled */
+        ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
+           WOLFSSL_SUCCESS);
 #else
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
-           ASN_SIG_CONFIRM_E);
+           WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E));
 #endif
     }
 
@@ -65660,10 +77642,14 @@ static int test_EccSigFailure_cm(void)
         /* test bad cert */
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
-           WOLFSSL_FATAL_ERROR);
+           WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+#elif defined(NO_ASN_CRYPT)
+        /* ECC verify is not called when ASN crypt support is disabled */
+        ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
+           WOLFSSL_SUCCESS);
 #else
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
-           ASN_SIG_CONFIRM_E);
+           WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E));
 #endif
     }
 
@@ -65727,7 +77713,13 @@ static int test_tls13_apis(void)
 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
     int          groups[2] = { WOLFSSL_ECC_SECP256R1,
 #ifdef WOLFSSL_HAVE_KYBER
+    #ifndef WOLFSSL_NO_KYBER512
                                WOLFSSL_KYBER_LEVEL1
+    #elif !defined(WOLFSSL_NO_KYBER768)
+                               WOLFSSL_KYBER_LEVEL3
+    #else
+                               WOLFSSL_KYBER_LEVEL5
+    #endif
 #else
                                WOLFSSL_ECC_SECP256R1
 #endif
@@ -65755,15 +77747,30 @@ static int test_tls13_apis(void)
 #if (!defined(NO_ECC256)  || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
             "P-256:secp256r1"
 #if defined(WOLFSSL_HAVE_KYBER)
+    #ifndef WOLFSSL_NO_KYBER512
             ":P256_KYBER_LEVEL1"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":P256_KYBER_LEVEL3"
+    #else
+            ":P256_KYBER_LEVEL5"
+    #endif
 #endif
 #endif
 #endif /* !defined(NO_ECC_SECP) */
 #if defined(WOLFSSL_HAVE_KYBER)
+    #ifndef WOLFSSL_NO_KYBER512
             ":KYBER_LEVEL1"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":KYBER_LEVEL3"
+    #else
+            ":KYBER_LEVEL5"
+    #endif
 #endif
             "";
 #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
+#if defined(WOLFSSL_HAVE_KYBER)
+    int kyberLevel;
+#endif
 
     (void)ret;
 
@@ -65798,14 +77805,14 @@ static int test_tls13_apis(void)
 #endif
 
 #ifdef WOLFSSL_SEND_HRR_COOKIE
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
@@ -65817,16 +77824,16 @@ static int test_tls13_apis(void)
 #ifdef HAVE_SUPPORTED_CURVES
 #ifdef HAVE_ECC
     ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     do {
         ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW);
     #endif
     }
-    while (ret == WC_PENDING_E);
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
 #ifndef NO_WOLFSSL_CLIENT
@@ -65834,25 +77841,25 @@ static int test_tls13_apis(void)
     do {
         ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW);
     #endif
     }
-    while (ret == WC_PENDING_E);
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
     do {
         ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW);
     #endif
     }
-    while (ret == WC_PENDING_E);
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
 #elif defined(HAVE_CURVE25519)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
         WOLFSSL_SUCCESS);
@@ -65866,7 +77873,7 @@ static int test_tls13_apis(void)
         WOLFSSL_SUCCESS);
 #endif
 #elif defined(HAVE_CURVE448)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
         WOLFSSL_SUCCESS);
@@ -65881,36 +77888,43 @@ static int test_tls13_apis(void)
 #endif
 #else
     ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
-        NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
     ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
-        NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 #endif
 
 #if defined(WOLFSSL_HAVE_KYBER)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG);
+#ifndef WOLFSSL_NO_KYBER768
+    kyberLevel = WOLFSSL_KYBER_LEVEL3;
+#elif !defined(WOLFSSL_NO_KYBER1024)
+    kyberLevel = WOLFSSL_KYBER_LEVEL5;
+#else
+    kyberLevel = WOLFSSL_KYBER_LEVEL1;
+#endif
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, kyberLevel), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3),
+    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, kyberLevel),
         WOLFSSL_SUCCESS);
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_KYBER_LEVEL3),
-        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, kyberLevel),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_KYBER_LEVEL3),
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, kyberLevel),
         WOLFSSL_SUCCESS);
 #endif
 #endif
 
-    ExpectIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_NoKeyShares(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
@@ -65920,32 +77934,32 @@ static int test_tls13_apis(void)
 #endif
 #endif /* HAVE_SUPPORTED_CURVES */
 
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
 #endif
@@ -65953,10 +77967,10 @@ static int test_tls13_apis(void)
     ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
 #endif
@@ -65964,139 +77978,139 @@ static int test_tls13_apis(void)
     ExpectIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_update_keys(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
+    ExpectIntEQ(wolfSSL_update_keys(clientSsl), WC_NO_ERR_TRACE(BUILD_MSG_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
+    ExpectIntEQ(wolfSSL_update_keys(serverSsl), WC_NO_ERR_TRACE(BUILD_MSG_ERROR));
 #endif
 
-    ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
 #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
-    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_request_certificate(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_request_certificate(clientSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
+    ExpectIntEQ(wolfSSL_request_certificate(serverSsl), WC_NO_ERR_TRACE(NOT_READY_ERROR));
 #endif
 #endif
 
 #ifdef HAVE_ECC
 #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
-    ExpectIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_preferred_group(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_preferred_group(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
+    ExpectIntEQ(wolfSSL_preferred_group(clientSsl), WC_NO_ERR_TRACE(NOT_READY_ERROR));
 #endif
 #endif
 
 #ifdef HAVE_SUPPORTED_CURVES
-    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
         WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
-        WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
+        WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
-    ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
         WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups,
-        WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
+        WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
 #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
@@ -66110,11 +78124,11 @@ static int test_tls13_apis(void)
         WOLFSSL_SUCCESS);
 #endif
 
-    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
-    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
@@ -66133,31 +78147,31 @@ static int test_tls13_apis(void)
 
 #ifdef WOLFSSL_EARLY_DATA
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
-    ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #else
-    ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
-    ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
+    ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
 #ifndef OPENSSL_EXTRA
     ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
     ExpectIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #endif
 #ifndef OPENSSL_EXTRA
@@ -66175,11 +78189,11 @@ static int test_tls13_apis(void)
 #endif
 
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
-    ExpectIntEQ(SSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(SSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef OPENSSL_EXTRA
@@ -66197,11 +78211,11 @@ static int test_tls13_apis(void)
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
-    ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #endif
 #ifndef OPENSSL_EXTRA
@@ -66219,49 +78233,49 @@ static int test_tls13_apis(void)
 
 
     ExpectIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
-        &outSz), BAD_FUNC_ARG);
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
-        &outSz), BAD_FUNC_ARG);
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
-        sizeof(earlyData), NULL), BAD_FUNC_ARG);
+        sizeof(earlyData), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
-        sizeof(earlyData), &outSz), SIDE_ERROR);
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
-        sizeof(earlyData), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
-        sizeof(earlyData), &outSz), WOLFSSL_FATAL_ERROR);
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #endif
 
     ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
-        sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1,
-        &outSz), BAD_FUNC_ARG);
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), NULL), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), SIDE_ERROR);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), WOLFSSL_FATAL_ERROR);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #endif
 #endif
 
@@ -66440,7 +78454,7 @@ static int test_tls13_cipher_suites(void)
         }
     }
     /* Test multiple occurrences of same cipher suite. */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     wolfSSL_free(ssl);
     ssl = NULL;
 
@@ -66459,7 +78473,7 @@ static int test_tls13_cipher_suites(void)
     /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
     ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
     /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     /* Check refined order - server order. */
     ExpectIntEQ(ssl->suites->suiteSz, 4);
     ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
@@ -66478,7 +78492,7 @@ static int test_tls13_cipher_suites(void)
     ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_UseClientSuites(ssl), 0);
     /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     /* Check refined order - client order. */
     ExpectIntEQ(ssl->suites->suiteSz, 4);
     ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
@@ -66560,7 +78574,7 @@ static int test_dh_ssl_setup(WOLFSSL* ssl)
     wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx);
     ExpectIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx);
     ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
-    if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
+    if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(SIDE_ERROR)) {
         ExpectIntEQ(ret, WOLFSSL_SUCCESS);
     }
     return EXPECT_RESULT();
@@ -66574,7 +78588,7 @@ static int test_dh_ssl_setup_fail(WOLFSSL* ssl)
     wolfSSL_SetDhAgreeCtx(ssl, NULL);
     ExpectNull(wolfSSL_GetDhAgreeCtx(ssl));
     ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
-    if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
+    if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(SIDE_ERROR)) {
         ExpectIntEQ(ret, WOLFSSL_SUCCESS);
     }
     return EXPECT_RESULT();
@@ -66595,7 +78609,7 @@ static int test_DhCallbacks(void)
 
     /* Test that DH callback APIs work. */
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
-    ExpectIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback);
     /* load client ca cert */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
@@ -66641,7 +78655,7 @@ static int test_DhCallbacks(void)
     func_cb_server.method = wolfTLSv1_2_server_method;
 
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
-        &func_cb_server, NULL), TEST_FAIL);
+        &func_cb_server, NULL), -1001);
 #endif
     return EXPECT_RESULT();
 }
@@ -66704,9 +78718,9 @@ static int test_get_rand_digit(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
     ExpectIntEQ(get_rand_digit(&rng, &d), 0);
-    ExpectIntEQ(get_rand_digit(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(get_rand_digit(NULL, &d), BAD_FUNC_ARG);
-    ExpectIntEQ(get_rand_digit(&rng, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(get_rand_digit(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(get_rand_digit(NULL, &d), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(get_rand_digit(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
 #endif
@@ -66752,9 +78766,9 @@ static int test_mp_cond_copy(void)
     ExpectIntEQ(mp_init(&a), MP_OKAY);
     ExpectIntEQ(mp_init(&b), MP_OKAY);
 
-    ExpectIntEQ(mp_cond_copy(NULL, copy, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_cond_copy(NULL, copy, &b), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_cond_copy(&a, copy, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(mp_cond_copy(NULL, copy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_cond_copy(NULL, copy, &b), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_cond_copy(&a, copy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(mp_cond_copy(&a, copy, &b), 0);
 
     mp_clear(&a);
@@ -66780,9 +78794,9 @@ static int test_mp_rand(void)
     ExpectIntEQ(mp_init(&a), MP_OKAY);
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
-    ExpectIntEQ(mp_rand(&a, digits, NULL), MISSING_RNG_E);
-    ExpectIntEQ(mp_rand(NULL, digits, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_rand(&a, 0, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(mp_rand(&a, digits, NULL), WC_NO_ERR_TRACE(MISSING_RNG_E));
+    ExpectIntEQ(mp_rand(NULL, digits, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_rand(&a, 0, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(mp_rand(&a, digits, &rng), 0);
 
     mp_clear(&a);
@@ -66831,14 +78845,14 @@ static int test_wc_export_int(void)
     ExpectIntEQ(mp_set(&mp, 1234), 0);
 
     ExpectIntEQ(wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     len = sizeof(buf)-1;
     ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     len = sizeof(buf);
     ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN), 0);
     len = 4; /* test input too small */
-    ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), BUFFER_E);
+    ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), WC_NO_ERR_TRACE(BUFFER_E));
     len = sizeof(buf);
     ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), 0);
     /* hex version of 1234 is 04D2 and should be 4 digits + 1 null */
@@ -66989,7 +79003,8 @@ static int test_wolfSSL_X509_load_crl_file(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
+    !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) && \
+    !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP)
     int i;
     char pem[][100] = {
         "./certs/crl/crl.pem",
@@ -67038,11 +79053,11 @@ static int test_wolfSSL_X509_load_crl_file(void)
         /* since store knows crl list */
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM),
-            CRL_CERT_REVOKED);
+            WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
 #ifdef WC_RSA_PSS
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM),
-            CRL_CERT_REVOKED);
+            WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
 #endif
     }
     /* once feeing store */
@@ -67073,7 +79088,7 @@ static int test_wolfSSL_X509_load_crl_file(void)
         /* since store knows crl list */
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM),
-            CRL_CERT_REVOKED);
+            WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
     }
 
     /* test for incorrect parameter */
@@ -67333,10 +79348,10 @@ static int test_wolfSSL_PEM_read(void)
     ExpectTrue((fp = XFOPEN(filename, "rb")) != XBADFILE);
 
     /* Fail cases. */
-    ExpectIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_read(fp, NULL, &header, &data, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_read(fp, &name, NULL, &data, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_read(fp, &name, &header, NULL, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_read(fp, &name, &header, &data, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
 
@@ -67388,9 +79403,9 @@ static int test_wolfSSL_PEM_read(void)
     ExpectIntGT(len, 0);
 
     /* Fail cases. */
-    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifndef NO_DES3
     ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS);
@@ -67398,22 +79413,22 @@ static int test_wolfSSL_PEM_read(void)
 
     /* Fail cases. */
     ExpectIntEQ(PEM_do_header(NULL, data, &len, PasswordCallBack,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_do_header(&cipher, data, &len, NULL,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(PEM_do_header(&cipher, data, &len, NoPasswordCallBack,
-                              (void*)"yassl123"), WOLFSSL_FAILURE);
+                              (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #if !defined(NO_DES3) && !defined(NO_MD5)
     ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
                               (void*)"yassl123"), WOLFSSL_SUCCESS);
 #else
     ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
-                              (void*)"yassl123"), WOLFSSL_FAILURE);
+                              (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     BIO_free(bio);
@@ -68127,19 +80142,22 @@ static int test_wolfssl_EVP_chacha20_poly1305(void)
     EVP_CIPHER_CTX* ctx = NULL;
     int outSz;
 
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(iv, 0, sizeof(iv));
+
     /* Encrypt. */
     ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL,
                 NULL), WOLFSSL_SUCCESS);
     /* Invalid IV length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
-                CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WOLFSSL_FAILURE);
+                CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid IV length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
                 CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS);
     /* Invalid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WOLFSSL_FAILURE);
+                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
                 CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS);
@@ -68154,7 +80172,7 @@ static int test_wolfssl_EVP_chacha20_poly1305(void)
     ExpectIntEQ(outSz, 0);
     /* Invalid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
-                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WOLFSSL_FAILURE);
+                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
                 CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS);
@@ -68223,7 +80241,7 @@ static int test_wolfssl_EVP_chacha20(void)
                 NULL), WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                16, NULL), WOLFSSL_FAILURE);
+                16, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
                 sizeof(plainText)), WOLFSSL_SUCCESS);
@@ -68288,7 +80306,7 @@ static int test_wolfssl_EVP_sm4_ecb(void)
         WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
@@ -68345,7 +80363,7 @@ static int test_wolfssl_EVP_sm4_cbc(void)
         WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
         sizeof(plainText)), WOLFSSL_SUCCESS);
@@ -68413,7 +80431,7 @@ static int test_wolfssl_EVP_sm4_ctr(void)
         WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
         sizeof(plainText)), WOLFSSL_SUCCESS);
@@ -68809,48 +80827,48 @@ static int test_wolfSSL_EVP_PKEY_hkdf(void)
     ExpectNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)));
     ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
     /* NULL ctx. */
-    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL md. */
-    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL salt is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)),
                 WOLFSSL_SUCCESS);
     /* Salt length <= 0. */
     /* Length 0 salt is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS);
-    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)),
                 WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL key. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Key length <= 0 */
-    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)),
                 WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL info is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)),
                 WOLFSSL_SUCCESS);
     /* Info length <= 0 */
     /* Length 0 info is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS);
-    ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)),
                 WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Extract and expand (default). */
     ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
     ExpectIntEQ(outKeySz, sizeof(extractAndExpand));
@@ -69068,7 +81086,7 @@ static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok,
     }
     /* Ignore CRL missing error */
 #ifndef OPENSSL_COMPATIBLE_DEFAULTS
-    if (cert_error == CRL_MISSING)
+    if (cert_error == WC_NO_ERR_TRACE(CRL_MISSING))
 #else
     if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL)
 #endif
@@ -69112,12 +81130,18 @@ static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx)
 #endif
     X509_STORE_set_verify_cb(cert_store,
             test_wolfSSL_X509_STORE_set_get_crl_verify);
-    ExpectNotNull(param = X509_STORE_get0_param(cert_store));
+    ExpectNotNull(X509_STORE_get0_param(cert_store));
+    ExpectNotNull(param = X509_VERIFY_PARAM_new());
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(param,
+            X509_STORE_get0_param(cert_store)), 1);
     ExpectIntEQ(X509_VERIFY_PARAM_set_flags(
         param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1);
+    ExpectIntEQ(X509_STORE_set1_param(cert_store, param), 1);
     ExpectIntEQ(X509_STORE_set_flags(cert_store,
             X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1);
 
+
+    X509_VERIFY_PARAM_free(param);
     return EXPECT_RESULT();
 }
 #endif
@@ -69170,7 +81194,7 @@ static int test_wolfSSL_dup_CA_list(void)
     for (i = 0; i < 3; i++) {
         name = X509_NAME_new();
         ExpectNotNull(name);
-        ExpectIntEQ(sk_X509_NAME_push(originalStack, name), WOLFSSL_SUCCESS);
+        ExpectIntEQ(sk_X509_NAME_push(originalStack, name), i+1);
         if (EXPECT_FAIL()) {
             X509_NAME_free(name);
         }
@@ -69316,7 +81340,7 @@ static int test_wolfSSL_BIO_get_len(void)
     BIO *bio = NULL;
     const char txt[] = "Some example text to push to the BIO.";
 
-    ExpectIntEQ(wolfSSL_BIO_get_len(bio), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
 
@@ -69326,7 +81350,7 @@ static int test_wolfSSL_BIO_get_len(void)
     bio = NULL;
 
     ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
-    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WOLFSSL_BAD_FILE);
+    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
     BIO_free(bio);
 #endif
     return EXPECT_RESULT();
@@ -69363,6 +81387,65 @@ static int test_wolfSSL_RSA(void)
     ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
     ExpectIntEQ(RSA_size(rsa), 256);
 
+#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)) && !defined(HAVE_SELFTEST)
+    {
+        /* Test setting only subset of parameters */
+        RSA *rsa2 = NULL;
+        unsigned char hash[SHA256_DIGEST_LENGTH];
+        unsigned char signature[2048/8];
+        unsigned int signatureLen = 0;
+
+        XMEMSET(hash, 0, sizeof(hash));
+        RSA_get0_key(rsa, &n, &e, &d);
+        RSA_get0_factors(rsa, &p, &q);
+        RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa), 1);
+        /* Quick sanity check */
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+
+        /* Verifying */
+        ExpectNotNull(rsa2 = RSA_new());
+        ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), NULL), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1),
+                BN_dup(iqmp)), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        RSA_free(rsa2);
+        rsa2 = NULL;
+
+        /* Signing */
+        XMEMSET(signature, 0, sizeof(signature));
+        ExpectNotNull(rsa2 = RSA_new());
+        ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), BN_dup(d)), 1);
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+        ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1);
+        XMEMSET(signature, 0, sizeof(signature));
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+        ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1),
+                BN_dup(iqmp)), 1);
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+        RSA_free(rsa2);
+        rsa2 = NULL;
+    }
+#endif
+
 #ifdef WOLFSSL_RSA_KEY_CHECK
     ExpectIntEQ(RSA_check_key(NULL), 0);
     ExpectIntEQ(RSA_check_key(rsa), 1);
@@ -69543,7 +81626,7 @@ static int test_wolfSSL_RSA_DER(void)
     buff = tbl[0].der;
     ExpectNull(d2i_RSAPrivateKey(&rsa, &buff, 1));
 
-    ExpectIntEQ(i2d_RSAPublicKey(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(i2d_RSAPublicKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     rsa = RSA_new();
     ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), 0);
     RSA_free(rsa);
@@ -69895,13 +81978,13 @@ static int test_wolfSSL_RSA_verify(void)
         signatureLength, pubKey), SSL_SUCCESS);
 
     ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, NULL,
-        signatureLength, NULL), SSL_FAILURE);
+        signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, signature,
-        signatureLength, pubKey), SSL_FAILURE);
+        signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, NULL,
-        signatureLength, pubKey), SSL_FAILURE);
+        signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
-        signatureLength, NULL), SSL_FAILURE);
+        signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 
     RSA_free(pKey);
@@ -70615,8 +82698,8 @@ static int test_wolfSSL_RSA_To_Der(void)
     rsa = NULL;
     ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
 
-    ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 0, HEAP_HINT), privDerSz);
     outDer = out;
@@ -70636,14 +82719,14 @@ static int test_wolfSSL_RSA_To_Der(void)
     RSA_free(rsa);
 
     ExpectNotNull(rsa = RSA_new());
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     RSA_free(rsa);
 
     der = pubDer;
     rsa = NULL;
     ExpectNotNull(wolfSSL_d2i_RSAPublicKey(&rsa, &der, pubDerSz));
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     RSA_free(rsa);
 #endif
 #endif
@@ -70819,6 +82902,30 @@ static int test_wolfSSL_DH(void)
     ExpectNotNull(dh->g);
     ExpectTrue(pt == buf);
     ExpectIntEQ(DH_generate_key(dh), 1);
+
+    /* first, test for expected successful key agreement. */
+    if (EXPECT_SUCCESS()) {
+        DH *dh2 = NULL;
+        unsigned char buf2[268];
+        int sz1 = 0, sz2 = 0;
+
+        ExpectNotNull(dh2 = d2i_DHparams(NULL, &pt, len));
+        ExpectIntEQ(DH_generate_key(dh2), 1);
+
+        ExpectIntGT(sz1=DH_compute_key(buf, dh2->pub_key, dh), 0);
+        ExpectIntGT(sz2=DH_compute_key(buf2, dh->pub_key, dh2), 0);
+        ExpectIntEQ(sz1, sz2);
+        ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0);
+
+        ExpectIntNE(sz1 = DH_size(dh), 0);
+        ExpectIntEQ(DH_compute_key_padded(buf, dh2->pub_key, dh), sz1);
+        ExpectIntEQ(DH_compute_key_padded(buf2, dh->pub_key, dh2), sz1);
+        ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0);
+
+        if (dh2 != NULL)
+            DH_free(dh2);
+    }
+
     ExpectIntEQ(DH_generate_key(dh), 1);
     ExpectIntEQ(DH_compute_key(NULL, NULL, NULL), -1);
     ExpectNotNull(pub = BN_new());
@@ -71052,7 +83159,7 @@ static int test_wolfSSL_DH(void)
     /* Test DH_up_ref() */
     dh = wolfSSL_DH_new();
     ExpectNotNull(dh);
-    ExpectIntEQ(wolfSSL_DH_up_ref(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_DH_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_DH_up_ref(dh), WOLFSSL_SUCCESS);
     DH_free(dh); /* decrease ref count */
     DH_free(dh); /* free WOLFSSL_DH */
@@ -71561,12 +83668,12 @@ static int test_wolfSSL_PEM_write_DHparams(void)
 
     ExpectNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
     ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
-    ExpectIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_DHparams(fp, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     DH_free(dh);
     dh = NULL;
 
     dh = wolfSSL_DH_new();
-    ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_DHparams(fp, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     if (fp != XBADFILE) {
         XFCLOSE(fp);
         fp = XBADFILE;
@@ -72237,7 +84344,7 @@ static int test_wolfSSL_EC_POINT(void)
         ctx), WOLFSSL_SUCCESS);
 
     /* check if point X coordinate is zero */
-    ExpectIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
+    ExpectIntEQ(BN_is_zero(X), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* set the same X and Y points in another object */
     ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y,
@@ -72740,6 +84847,18 @@ static int test_EC_i2d(void)
     ExpectNull(d2i_ECPrivateKey(&copy, &tmp, 1));
     ExpectNull(d2i_ECPrivateKey(&key, &tmp, 0));
 
+    {
+        EC_KEY *pubkey = NULL;
+        BIO* bio = NULL;
+
+        ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+        ExpectIntGT(BIO_write(bio, buf, len), 0);
+        ExpectNotNull(d2i_EC_PUBKEY_bio(bio, &pubkey));
+
+        BIO_free(bio);
+        EC_KEY_free(pubkey);
+    }
+
     ExpectIntEQ(i2d_ECPrivateKey(NULL, &p), 0);
     ExpectIntEQ(i2d_ECPrivateKey(NULL, NULL), 0);
 
@@ -72932,7 +85051,7 @@ static int test_wolfSSL_EC_KEY_dup(void)
     /* Test EC_KEY_up_ref */
     ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_up_ref(ecKey), WOLFSSL_SUCCESS);
     /* reference count doesn't follow duplicate */
     ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
@@ -73084,12 +85203,12 @@ static int test_wolfSSL_EC_KEY_print_fp(void)
     EC_KEY* key = NULL;
 
     /* Bad file pointer. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL key. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(NID_secp224r1)));
     /* Negative indent. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
@@ -73520,15 +85639,15 @@ static int test_stubs_are_stubs(void)
     CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN);
     CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN);
 
-    /* when implemented this should take WOLFSSL object insted, right now
+    /* when implemented this should take WOLFSSL object instead, right now
      * always returns 0 */
-    ExpectIntEQ(SSL_get_current_expansion(NULL), 0);
+    ExpectPtrEq(SSL_get_current_expansion(NULL), NULL);
 
     wolfSSL_CTX_free(ctx);
     ctx = NULL;
 
     ExpectStrEQ(SSL_COMP_get_name(NULL), "not supported");
-    ExpectIntEQ(SSL_get_current_expansion(), 0);
+    ExpectPtrEq(SSL_get_current_expansion(NULL), NULL);
 #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB && (!NO_WOLFSSL_CLIENT ||
         * !NO_WOLFSSL_SERVER) */
     return EXPECT_RESULT();
@@ -73616,9 +85735,9 @@ static int test_wolfSSL_CTX_LoadCRL(void)
     WOLFSSL_CERT_MANAGER* cm = NULL;
 
     #define FAIL_T1(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
-                                                BAD_FUNC_ARG)
+                                       WC_NO_ERR_TRACE(BAD_FUNC_ARG))
     #define FAIL_T2(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
-                                                NOT_COMPILED_IN)
+                                    WC_NO_ERR_TRACE(NOT_COMPILED_IN))
     #define SUCC_T(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
                                                 WOLFSSL_SUCCESS)
 #ifndef NO_WOLFSSL_CLIENT
@@ -73675,7 +85794,8 @@ static int test_wolfSSL_CTX_LoadCRL(void)
     return EXPECT_RESULT();
 }
 
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL)
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) && \
+    !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP)
 static int test_multiple_crls_same_issuer_ctx_ready(WOLFSSL_CTX* ctx)
 {
     EXPECT_DECLS;
@@ -73689,7 +85809,8 @@ static int test_multiple_crls_same_issuer_ctx_ready(WOLFSSL_CTX* ctx)
 static int test_multiple_crls_same_issuer(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL)
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) && \
+    !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP)
     test_ssl_cbf client_cbs, server_cbs;
     struct {
         const char* server_cert;
@@ -73711,7 +85832,7 @@ static int test_multiple_crls_same_issuer(void)
         client_cbs.ctx_ready = test_multiple_crls_same_issuer_ctx_ready;
 
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
-            &server_cbs, NULL), TEST_FAIL);
+            &server_cbs, NULL), -1001);
     }
 #endif
     return EXPECT_RESULT();
@@ -73799,11 +85920,11 @@ static int test_wolfSSL_dtls_set_mtu(void)
     }
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
-    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_get_error(ssl, WC_NO_ERR_TRACE(WOLFSSL_FAILURE)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
 
@@ -74082,14 +86203,14 @@ static int test_wolfSSL_dtls_fragments(void)
 
         /* The socket should be closed by the server resulting in a
          * socket error, fatal error or reading a close notify alert */
-        if (func_cb_client.last_err != SOCKET_ERROR_E &&
+        if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
                 func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN &&
-                func_cb_client.last_err != FATAL_ERROR) {
-            ExpectIntEQ(func_cb_client.last_err, SOCKET_ERROR_E);
+                func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) {
+            ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
         }
         /* Check the server returned an error indicating the msg buffer
          * was full */
-        ExpectIntEQ(func_cb_server.last_err, DTLS_TOO_MANY_FRAGMENTS_E);
+        ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E));
 
         if (EXPECT_FAIL())
             break;
@@ -74387,8 +86508,8 @@ static void test_AEAD_limit_client(WOLFSSL* ssl)
     w64Decrement(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount);
     /* Connection should fail with a DECRYPT_ERROR */
     ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
-    AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
-    AssertIntEQ(wolfSSL_get_error(ssl, ret), DECRYPT_ERROR);
+    AssertIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    AssertIntEQ(wolfSSL_get_error(ssl, ret), WC_NO_ERR_TRACE(DECRYPT_ERROR));
 
     test_AEAD_done = 1;
 }
@@ -74693,7 +86814,7 @@ static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl)
 
     res = wolfSSL_accept(ssl);
     err = wolfSSL_get_error(ssl, res);
-    AssertIntEQ(res, WOLFSSL_FATAL_ERROR);
+    AssertIntEQ(res, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     AssertIntEQ(err, WOLFSSL_ERROR_WANT_READ);
 
     AssertIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl));
@@ -74766,9 +86887,7 @@ static int test_wolfSSL_dtls_stateless(void)
 #endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE &&
         * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */
 
-#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
-    !defined(WOLFSSL_NO_CLIENT_AUTH))
+#ifdef HAVE_CERT_CHAIN_VALIDATION
 static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
 {
     int ret;
@@ -75177,7 +87296,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             }
-        } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
+        } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E));
     }
 
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
@@ -75211,7 +87330,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
     /* bidirectional shutdown */
     while (EXPECT_SUCCESS()) {
         ret = wolfSSL_shutdown(ssl);
-        ExpectIntNE(ret, WOLFSSL_FATAL_ERROR);
+        ExpectIntNE(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         if (ret == WOLFSSL_SUCCESS) {
             break;
         }
@@ -75226,7 +87345,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
     }
 
     /* detect TCP disconnect */
-    ExpectIntLE(ret,WOLFSSL_FAILURE);
+    ExpectIntLE(ret,WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN);
 
     ((func_args*)args)->return_code = EXPECT_RESULT();
@@ -75285,7 +87404,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             }
-        } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
+        } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E));
     }
 
     ExpectIntGE(wolfSSL_write(ssl, msg, len), 0);
@@ -75495,9 +87614,18 @@ static int test_wolfSSL_set_SSL_CTX(void)
 #ifdef WOLFSSL_SESSION_ID_CTX
     ExpectIntEQ(XMEMCMP(ssl->sessionCtx, session_id2, 4), 0);
 #endif
+#ifdef WOLFSSL_COPY_CERT
+    if (ctx2 != NULL && ctx2->certificate != NULL) {
+        ExpectFalse(ssl->buffers.certificate == ctx2->certificate);
+    }
+    if (ctx2 != NULL && ctx2->certChain != NULL) {
+        ExpectFalse(ssl->buffers.certChain == ctx2->certChain);
+    }
+#else
     ExpectTrue(ssl->buffers.certificate == ctx2->certificate);
     ExpectTrue(ssl->buffers.certChain == ctx2->certChain);
 #endif
+#endif
 
 #ifdef HAVE_SESSION_TICKET
     ExpectIntNE((wolfSSL_get_options(ssl) & SSL_OP_NO_TICKET), 0);
@@ -75514,8 +87642,17 @@ static int test_wolfSSL_set_SSL_CTX(void)
 #endif
     /* MUST change */
 #ifdef WOLFSSL_INT_H
+#ifdef WOLFSSL_COPY_CERT
+    if (ctx1 != NULL && ctx1->certificate != NULL) {
+        ExpectFalse(ssl->buffers.certificate == ctx1->certificate);
+    }
+    if (ctx1 != NULL && ctx1->certChain != NULL) {
+        ExpectFalse(ssl->buffers.certChain == ctx1->certChain);
+    }
+#else
     ExpectTrue(ssl->buffers.certificate == ctx1->certificate);
     ExpectTrue(ssl->buffers.certChain == ctx1->certChain);
+#endif
 #ifdef WOLFSSL_SESSION_ID_CTX
     ExpectIntEQ(XMEMCMP(ssl->sessionCtx, session_id1, 4), 0);
 #endif
@@ -75621,14 +87758,14 @@ static int test_wolfSSL_CTX_set_timeout(void)
     /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard,
      * wolfSSL_CTX_set_timeout returns previous timeout value on success.
      */
-    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* giving 0 as timeout value sets default timeout */
     timeout = wolfSSL_CTX_set_timeout(ctx, 0);
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout);
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20);
 
 #else
-    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1);
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1);
 #endif
@@ -75675,9 +87812,9 @@ static int test_CONF_CTX_CMDLINE(void)
     /* cmd invalid command */
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* cmd Certificate and Private Key*/
     {
@@ -75750,9 +87887,9 @@ static int test_CONF_CTX_FILE(void)
     /* sanity check */
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* cmd Certificate and Private Key*/
     {
@@ -76021,6 +88158,95 @@ static int test_wolfSSL_set_psk_use_session_callback(void)
     return EXPECT_RESULT();
 }
 
+/* similar to error_test() in wolfcrypt/test/test.c, but adding error codes from
+ * TLS layer.
+ */
+static int error_test(void)
+{
+    EXPECT_DECLS;
+    const char* errStr;
+    const char* unknownStr = wc_GetErrorString(0);
+
+#ifdef NO_ERROR_STRINGS
+    /* Ensure a valid error code's string matches an invalid code's.
+     * The string is that error strings are not available.
+     */
+    errStr = wc_GetErrorString(OPEN_RAN_E);
+    ExpectIntEQ(XSTRCMP(errStr, unknownStr), 0);
+    if (EXPECT_FAIL())
+        return OPEN_RAN_E;
+#else
+    int i;
+    int j = 0;
+    /* Values that are not or no longer error codes. */
+    static const struct {
+        int first;
+        int last;
+    } missing[] = {
+#ifndef OPENSSL_EXTRA
+        { 0, 0 },
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+        { -11, -12 },
+        { -15, -17 },
+        { -19, -19 },
+        { -26, -27 },
+        { -30, WC_FIRST_E+1 },
+#else
+        { -9, WC_FIRST_E+1 },
+#endif
+        { -124, -124 },
+        { -166, -169 },
+        { -300, -300 },
+        { -334, -336 },
+        { -346, -349 },
+        { -356, -356 },
+        { -358, -358 },
+        { -372, -372 },
+        { -384, -384 },
+        { -466, -499 },
+        { WOLFSSL_LAST_E-1, WOLFSSL_LAST_E-1 }
+    };
+
+    /* Check that all errors have a string and it's the same through the two
+     * APIs. Check that the values that are not errors map to the unknown
+     * string.
+     */
+    for (i = 0; i >= WOLFSSL_LAST_E-1; i--) {
+        int this_missing = 0;
+        for (j = 0; j < (int)XELEM_CNT(missing); ++j) {
+            if ((i <= missing[j].first) && (i >= missing[j].last)) {
+                this_missing = 1;
+                break;
+            }
+        }
+        errStr = wolfSSL_ERR_reason_error_string(i);
+
+        if (! this_missing) {
+            ExpectIntNE(XSTRCMP(errStr, unknownStr), 0);
+            if (EXPECT_FAIL()) {
+                return i;
+            }
+            ExpectTrue(XSTRLEN(errStr) < WOLFSSL_MAX_ERROR_SZ);
+            if (EXPECT_FAIL()) {
+                return i;
+            }
+        }
+        else {
+            j++;
+            ExpectIntEQ(XSTRCMP(errStr, unknownStr), 0);
+            if (EXPECT_FAIL()) {
+                return i;
+            }
+        }
+    }
+#endif
+
+    return 1;
+}
+
 static int test_wolfSSL_ERR_strings(void)
 {
     EXPECT_DECLS;
@@ -76035,19 +88261,19 @@ static int test_wolfSSL_ERR_strings(void)
     (void)err2;
 
 #if defined(OPENSSL_EXTRA)
-    ExpectNotNull(err = ERR_reason_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = ERR_reason_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE)));
     ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
 
-    ExpectNotNull(err = ERR_func_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = ERR_func_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE)));
     ExpectIntEQ((*err == '\0'), 1);
 
     ExpectNotNull(err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD));
     ExpectIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0);
 #else
-    ExpectNotNull(err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = wolfSSL_ERR_reason_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE)));
     ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
 
-    ExpectNotNull(err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = wolfSSL_ERR_func_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE)));
     ExpectIntEQ((*err == '\0'), 1);
 
     /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */
@@ -76056,6 +88282,8 @@ static int test_wolfSSL_ERR_strings(void)
 #endif
 #endif
 
+    ExpectIntEQ(error_test(), 1);
+
     return EXPECT_RESULT();
 }
 static int test_wolfSSL_EVP_shake128(void)
@@ -76119,13 +88347,13 @@ static int test_wolfSSL_EVP_sm3(void)
     ExpectTrue(mdCtx != NULL);
 
     /* Invalid Parameters */
-    ExpectIntEQ(EVP_DigestInit(NULL, md), BAD_FUNC_ARG);
+    ExpectIntEQ(EVP_DigestInit(NULL, md), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid Parameters */
     ExpectIntEQ(EVP_DigestInit(mdCtx, md), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(EVP_DigestUpdate(NULL, NULL, 1), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 1), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestUpdate(NULL, data, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_DigestUpdate(NULL, NULL, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestUpdate(NULL, data, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Valid Parameters */
     ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 0), WOLFSSL_SUCCESS);
@@ -76142,11 +88370,11 @@ static int test_wolfSSL_EVP_sm3(void)
         WOLFSSL_SUCCESS);
 
     /* Invalid Parameters */
-    ExpectIntEQ(EVP_DigestFinal(NULL, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_DigestFinal(NULL, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Valid Parameters */
     ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS);
@@ -76463,7 +88691,7 @@ static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer,
 }
 static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     const char* privKeyFile = (const char*)ctx;
     DerBuffer* pDer = NULL;
     int keyFormat = 0;
@@ -76479,7 +88707,7 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
                 case RSA_PUBLIC_ENCRYPT:
                 case RSA_PUBLIC_DECRYPT:
                     /* perform software based RSA public op */
-                    ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */
+                    ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); /* fallback to software */
                     break;
                 case RSA_PRIVATE_ENCRYPT:
                 case RSA_PRIVATE_DECRYPT:
@@ -76526,6 +88754,77 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
                 info->pk.rsa.type, ret, *info->pk.rsa.outLen);
         #endif
         }
+        #ifdef WOLF_CRYPTO_CB_RSA_PAD
+        else if (info->pk.type == WC_PK_TYPE_RSA_PKCS ||
+                 info->pk.type == WC_PK_TYPE_RSA_PSS  ||
+                 info->pk.type == WC_PK_TYPE_RSA_OAEP) {
+            RsaKey key;
+
+            if (info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ||
+                info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
+                /* Have all public key ops fall back to SW */
+                return CRYPTOCB_UNAVAILABLE;
+            }
+
+            if (info->pk.rsa.padding == NULL) {
+                return BAD_FUNC_ARG;
+            }
+
+            /* Initialize key */
+            ret = load_pem_key_file_as_der(privKeyFile, &pDer,
+                &keyFormat);
+            if (ret != 0) {
+                return ret;
+            }
+
+            ret = wc_InitRsaKey(&key, HEAP_HINT);
+            if (ret == 0) {
+                word32 keyIdx = 0;
+                /* load RSA private key and perform private transform */
+                ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx,
+                    &key, pDer->length);
+            }
+            /* Perform RSA operation */
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PKCS)) {
+            #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
+                ret = wc_RsaSSL_Sign(info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen, &key,
+                    info->pk.rsa.rng);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PSS)) {
+            #ifdef WC_RSA_PSS
+                ret = wc_RsaPSS_Sign_ex(info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen,
+                    info->pk.rsa.padding->hash, info->pk.rsa.padding->mgf,
+                    info->pk.rsa.padding->saltLen, &key, info->pk.rsa.rng);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_OAEP)) {
+            #if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_NO_PADDING)
+                ret = wc_RsaPrivateDecrypt_ex(
+                    info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen,
+                    &key, WC_RSA_OAEP_PAD, info->pk.rsa.padding->hash,
+                    info->pk.rsa.padding->mgf, info->pk.rsa.padding->label,
+                    info->pk.rsa.padding->labelSz);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+
+            if (ret > 0) {
+                *info->pk.rsa.outLen = ret;
+            }
+
+            wc_FreeRsaKey(&key);
+            wc_FreeDer(&pDer); pDer = NULL;
+        }
+        #endif /* ifdef WOLF_CRYPTO_CB_RSA_PAD */
     #endif /* !NO_RSA */
     #ifdef HAVE_ECC
         if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
@@ -77066,12 +89365,12 @@ static int test_wolfSSL_FIPS_mode(void)
 #if defined(OPENSSL_ALL)
 #ifdef HAVE_FIPS
     ExpectIntEQ(wolfSSL_FIPS_mode(), 1);
-    ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_SUCCESS);
 #else
     ExpectIntEQ(wolfSSL_FIPS_mode(), 0);
     ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #endif
     return EXPECT_RESULT();
@@ -77319,10 +89618,10 @@ static int test_wolfSSL_dtls_stateless2(void)
     wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
     wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
     /* send CH */
-    ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c2->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     ExpectIntNE(test_ctx.c_len, 0);
     /* consume HRR */
     test_ctx.c_len = 0;
@@ -77360,10 +89659,10 @@ static int test_wolfSSL_dtls_stateless_maxfrag(void)
         max_fragment = ssl_s->max_fragment;
     }
     /* send CH */
-    ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c2->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* CH without cookie shouldn't change state */
     ExpectIntEQ(ssl_s->max_fragment, max_fragment);
     ExpectIntNE(test_ctx.c_len, 0);
@@ -77445,10 +89744,10 @@ static int _test_wolfSSL_dtls_stateless_resume(byte useticket, byte bad)
     wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx);
     wolfSSL_SetIOReadCtx(ssl_s, &test_ctx);
     ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     ExpectFalse(bad && !buf_is_hvr(test_ctx.c_buff, test_ctx.c_len));
     ExpectFalse(!bad && buf_is_hvr(test_ctx.c_buff, test_ctx.c_len));
     if (!useticket) {
@@ -77501,10 +89800,10 @@ static int test_wolfSSL_dtls_stateless_downgrade(void)
     wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
     wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
     /* send CH */
-    ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c2->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     ExpectIntNE(test_ctx.c_len, 0);
     /* consume HRR */
     test_ctx.c_len = 0;
@@ -77541,23 +89840,23 @@ static int test_WOLFSSL_dtls_version_alert(void)
         wolfDTLSv1_2_client_method, wolfDTLSv1_server_method), 0);
 
     /* client hello */
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* hrr */
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* client hello 1 */
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* server hello */
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* should fail */
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == VERSION_ERROR));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(VERSION_ERROR)));
     /* shuould fail */
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == VERSION_ERROR || ssl_s->error == FATAL_ERROR));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(VERSION_ERROR) || ssl_s->error == WC_NO_ERR_TRACE(FATAL_ERROR)));
 
     wolfSSL_free(ssl_c);
     wolfSSL_free(ssl_s);
@@ -77653,8 +89952,8 @@ static int test_ticket_nonce_malloc_do(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len)
     char *buf[1024];
 
     ExpectIntEQ(send_new_session_ticket(ssl_s, len, len), 0);
-    ExpectTrue((wolfSSL_recv(ssl_c, buf, 1024, 0) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
+    ExpectTrue((wolfSSL_recv(ssl_c, buf, 1024, 0) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
 
     ExpectIntEQ(test_ticket_nonce_check(ssl_c->session, len), 0);
 
@@ -77712,10 +90011,10 @@ static int test_ticket_nonce_malloc(void)
     while (EXPECT_SUCCESS() && (ssl_c->options.handShakeDone == 0) &&
             (ssl_s->options.handShakeDone == 0)) {
         ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_SUCCESS) ||
-            (ssl_c->error == WANT_READ));
+            (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
 
         ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_SUCCESS) ||
-            (ssl_s->error == WANT_READ));
+            (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     }
 
     small = TLS13_TICKET_NONCE_STATIC_SZ;
@@ -78080,7 +90379,7 @@ static int test_wolfSSL_CRL_CERT_REVOKED_alert(void)
     server_cbs.on_cleanup = test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup;
 
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
-        &server_cbs, NULL), TEST_FAIL);
+        &server_cbs, NULL), -1001);
 
     return EXPECT_RESULT();
 }
@@ -78253,7 +90552,7 @@ static int test_extra_alerts_wrong_cs(void)
 
     /* CH */
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     /* consume CH */
@@ -78264,7 +90563,7 @@ static int test_extra_alerts_wrong_cs(void)
     test_ctx.c_len = sizeof(test_extra_alerts_wrong_cs_sh);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
     ExpectIntEQ(h.last_tx.code, handshake_failure);
@@ -78317,7 +90616,7 @@ static int test_wrong_cs_downgrade(void)
 
     /* CH */
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     /* consume CH */
@@ -78328,8 +90627,14 @@ static int test_wrong_cs_downgrade(void)
     test_ctx.c_len = sizeof(test_wrong_cs_downgrade_sh);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
-        MATCH_SUITE_ERROR);
+#ifdef OPENSSL_EXTRA
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL));
+#else
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(MATCH_SUITE_ERROR));
+#endif /* OPENSSL_EXTRA */
+
 
     wolfSSL_free(ssl_c);
     wolfSSL_CTX_free(ctx_c);
@@ -78437,16 +90742,16 @@ static int test_remove_hs_message(byte hs_message_type,
         wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     if (extra_round) {
         ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-        ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
             WOLFSSL_ERROR_WANT_READ);
 
         /* this will complete handshake from server side */
@@ -78465,7 +90770,7 @@ static int test_remove_hs_message(byte hs_message_type,
     }
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
     ExpectTrue(alert_type == 0xff || h.last_tx.code == alert_type);
@@ -78540,15 +90845,15 @@ static int test_extra_alerts_bad_psk(void)
     wolfSSL_set_psk_server_callback(ssl_s, test_server_psk_cb);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
     ExpectIntEQ(h.last_tx.code, handshake_failure);
@@ -78568,6 +90873,90 @@ static int test_extra_alerts_bad_psk(void)
 }
 #endif
 
+#if defined(OPENSSL_EXTRA) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
+/*
+ * Emulates wolfSSL_shutdown that goes on EAGAIN,
+ * by returning on output WOLFSSL_ERROR_WANT_WRITE.*/
+static int custom_wolfSSL_shutdown(WOLFSSL *ssl, char *buf,
+        int sz, void *ctx)
+{
+    (void)ssl;
+    (void)buf;
+    (void)ctx;
+    (void)sz;
+
+    return WOLFSSL_CBIO_ERR_WANT_WRITE;
+}
+
+static int test_multiple_alerts_EAGAIN(void)
+{
+    EXPECT_DECLS;
+    size_t size_of_last_packet = 0;
+
+    /* declare wolfSSL objects */
+    struct test_memio_ctx test_ctx;
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    /* Create and initialize WOLFSSL_CTX and WOLFSSL objects */
+#ifdef USE_TLSV13
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+          wolfTLSv1_3_client_method,  wolfTLSv1_3_server_method), 0);
+#else
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+         wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
+#endif
+    ExpectNotNull(ctx_c);
+    ExpectNotNull(ssl_c);
+    ExpectNotNull(ctx_s);
+    ExpectNotNull(ssl_s);
+
+    /* Load client certificates into WOLFSSL_CTX */
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_c, "./certs/ca-cert.pem", NULL), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+    /*
+     * We set the custom callback for the IO to emulate multiple EAGAINs
+     * on shutdown, so we can check that we don't send multiple packets.
+     * */
+    wolfSSL_SSLSetIOSend(ssl_c, custom_wolfSSL_shutdown);
+
+    /*
+     * We call wolfSSL_shutdown multiple times to reproduce the behaviour,
+     * to check that it doesn't add the CLOSE_NOTIFY packet multiple times
+     * on the output buffer.
+     * */
+    wolfSSL_shutdown(ssl_c);
+    wolfSSL_shutdown(ssl_c);
+
+    if (ssl_c != NULL) {
+        size_of_last_packet = ssl_c->buffers.outputBuffer.length;
+    }
+    wolfSSL_shutdown(ssl_c);
+
+    /*
+     * Finally we check the length of the output buffer.
+     * */
+    ExpectIntEQ((ssl_c->buffers.outputBuffer.length - size_of_last_packet), 0);
+
+    /* Cleanup and return */
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_s);
+    wolfSSL_free(ssl_s);
+
+    return EXPECT_RESULT();
+}
+#else
+static int test_multiple_alerts_EAGAIN(void)
+{
+    return TEST_SKIPPED;
+}
+#endif
+
 #if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
     && !defined(NO_PSK)
 static unsigned int test_tls13_bad_psk_binder_client_cb(WOLFSSL* ssl,
@@ -78617,16 +91006,16 @@ static int test_tls13_bad_psk_binder(void)
     wolfSSL_set_psk_server_callback(ssl_s, test_tls13_bad_psk_binder_server_cb);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ( wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
-        BAD_BINDER);
+    ExpectIntEQ( wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(BAD_BINDER));
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
-        FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(FATAL_ERROR));
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
     ExpectIntEQ(h.last_rx.code, illegal_parameter);
     ExpectIntEQ(h.last_rx.level, alert_fatal);
@@ -78696,10 +91085,10 @@ static int test_harden_no_secure_renegotiation(void)
     test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
 
     ExpectIntEQ(client_cbs.return_code, TEST_FAIL);
-    ExpectIntEQ(client_cbs.last_err, SECURE_RENEGOTIATION_E);
+    ExpectIntEQ(client_cbs.last_err, WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E));
     ExpectIntEQ(server_cbs.return_code, TEST_FAIL);
-    ExpectTrue(server_cbs.last_err == SOCKET_ERROR_E ||
-               server_cbs.last_err == FATAL_ERROR);
+    ExpectTrue(server_cbs.last_err == WC_NO_ERR_TRACE(SOCKET_ERROR_E) ||
+               server_cbs.last_err == WC_NO_ERR_TRACE(FATAL_ERROR));
 
     return EXPECT_RESULT();
 }
@@ -78717,13 +91106,13 @@ static int test_override_alt_cert_chain_cert_cb(int preverify,
     fprintf(stderr, "preverify: %d\n", preverify);
     fprintf(stderr, "store->error: %d\n", store->error);
     fprintf(stderr, "error reason: %s\n", wolfSSL_ERR_reason_error_string(store->error));
-    if (store->error == OCSP_INVALID_STATUS) {
+    if (store->error == WC_NO_ERR_TRACE(OCSP_INVALID_STATUS)) {
         fprintf(stderr, "Overriding OCSP error\n");
         return 1;
     }
 #ifndef WOLFSSL_ALT_CERT_CHAINS
-    else if ((store->error == ASN_NO_SIGNER_E ||
-              store->error == ASN_SELF_SIGNED_E
+    else if ((store->error == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) ||
+              store->error == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
     defined(HAVE_WEBSERVER)
             || store->error == WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
@@ -78797,7 +91186,7 @@ static int test_override_alt_cert_chain(void)
         {test_override_alt_cert_chain_client_ctx_ready,
                 test_override_alt_cert_chain_server_ctx_ready, TEST_SUCCESS},
         {test_override_alt_cert_chain_client_ctx_ready2,
-                test_override_alt_cert_chain_server_ctx_ready, TEST_FAIL},
+                test_override_alt_cert_chain_server_ctx_ready, -1001},
     };
 
     for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
@@ -78813,8 +91202,10 @@ static int test_override_alt_cert_chain(void)
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
             &server_cbs, NULL), params[i].result);
 
-        ExpectIntEQ(client_cbs.return_code, params[i].result);
-        ExpectIntEQ(server_cbs.return_code, params[i].result);
+        ExpectIntEQ(client_cbs.return_code,
+                    params[i].result <= 0 ? -1000 : TEST_SUCCESS);
+        ExpectIntEQ(server_cbs.return_code,
+                    params[i].result <= 0 ? -1000 : TEST_SUCCESS);
     }
 
     return EXPECT_RESULT();
@@ -78958,25 +91349,25 @@ static int test_rpk_set_xxx_cert_type(void)
     /* illegal parameter test caces */
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(NULL, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -78984,7 +91375,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, NULL,
@@ -79006,25 +91397,25 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(NULL, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -79032,7 +91423,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, NULL,
@@ -79054,25 +91445,25 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(NULL, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -79080,7 +91471,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, NULL,
@@ -79102,25 +91493,25 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(NULL, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -79128,7 +91519,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, NULL,
@@ -79149,16 +91540,16 @@ static int test_rpk_set_xxx_cert_type(void)
     /*------------------------------------------------*/
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(NULL, &tp),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl, NULL),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(NULL, &tp),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl, NULL),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 
     /* clean up */
@@ -79662,7 +92053,7 @@ static int test_tls13_rpk_handshake(void)
     if (ret != -1)
         return TEST_FAIL;
 
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), UNSUPPORTED_CERTIFICATE);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE));
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
                                                         WOLFSSL_SUCCESS);
@@ -79744,7 +92135,7 @@ static int test_tls13_rpk_handshake(void)
     /* expect server detect cert type mismatch then send Alert */
     ExpectIntNE(ret, 0);
     err = wolfSSL_get_error(ssl_c, ret);
-    ExpectIntEQ(err, UNSUPPORTED_CERTIFICATE);
+    ExpectIntEQ(err, WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE));
 
     /* client did not load RPK cert actually, so negotiation did not happen */
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -79877,7 +92268,7 @@ static int test_dtls13_bad_epoch_ch(void)
     ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntGE(test_ctx.s_len, EPOCH_OFF + 2);
@@ -79890,7 +92281,7 @@ static int test_dtls13_bad_epoch_ch(void)
     test_ctx.s_buff[EPOCH_OFF + 1] = 0x2;
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(ssl_s->msgsReceived.got_client_hello, 1);
@@ -79914,7 +92305,13 @@ static int test_dtls13_bad_epoch_ch(void)
 }
 #endif
 
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
+#if ((defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
+      defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID) && \
+      !defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)) || \
+     (!defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
+      !defined(NO_DES3))) || !defined(WOLFSSL_NO_TLS12)) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
 static int test_short_session_id_ssl_ready(WOLFSSL* ssl)
 {
     EXPECT_DECLS;
@@ -79988,7 +92385,6 @@ static int test_short_session_id(void)
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
             &server_cbf, NULL), TEST_SUCCESS);
     }
-
     return EXPECT_RESULT();
 }
 #else
@@ -80045,7 +92441,7 @@ static int test_wolfSSL_dtls13_null_cipher(void)
         *ptr = 'H';
         /* bad messages should be ignored in DTLS */
         ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), -1);
-        ExpectIntEQ(ssl_s->error, WANT_READ);
+        ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(WANT_READ));
     }
 
     wolfSSL_free(ssl_c);
@@ -80194,7 +92590,7 @@ static int test_dtls_ipv6_check(void)
     ExpectIntNE(fcntl(sockfd, F_SETFL, O_NONBLOCK), -1);
     wolfSSL_dtls_set_using_nonblock(ssl_c, 1);
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(ssl_c->error, SOCKET_ERROR_E);
+    ExpectIntEQ(ssl_c->error, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
 
     ExpectIntEQ(wolfSSL_dtls_set_peer(ssl_s, &fake_addr6, sizeof(fake_addr6)),
         WOLFSSL_SUCCESS);
@@ -80202,7 +92598,7 @@ static int test_dtls_ipv6_check(void)
     ExpectIntEQ(wolfSSL_set_fd(ssl_c, sockfd), WOLFSSL_SUCCESS);
     wolfSSL_dtls_set_using_nonblock(ssl_s, 1);
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(ssl_s->error, SOCKET_ERROR_E);
+    ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
     if (sockfd != -1)
         close(sockfd);
 
@@ -80417,7 +92813,7 @@ static int test_tls_alert_no_server_hello(void)
     test_ctx.c_len = sizeof(alert_msg);
 
     ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(FATAL_ERROR));
 
     wolfSSL_free(ssl_c);
     wolfSSL_CTX_free(ctx_c);
@@ -80495,9 +92891,9 @@ static int test_TLSX_CA_NAMES_bad_extension(void)
 
         ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
 #ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
-        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), OUT_OF_ORDER_E);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(OUT_OF_ORDER_E));
 #else
-        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), BUFFER_ERROR);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(BUFFER_ERROR));
 #endif
 
         wolfSSL_free(ssl_c);
@@ -80647,8 +93043,8 @@ static int test_session_ticket_hs_update(void)
     wolfSSL_SetLoggingPrefix("client");
     /* Read the ticket msg */
     ExpectIntEQ(wolfSSL_read(ssl_c, read_data, sizeof(read_data)),
-            WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
 
@@ -80663,13 +93059,13 @@ static int test_session_ticket_hs_update(void)
 
     wolfSSL_SetLoggingPrefix("client");
     /* Exchange initial flights for the second connection */
-    ExpectIntEQ(wolfSSL_connect(ssl_c2), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c2, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_connect(ssl_c2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c2, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
     wolfSSL_SetLoggingPrefix("server");
-    ExpectIntEQ(wolfSSL_accept(ssl_s2), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s2, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_accept(ssl_s2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s2, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
 
@@ -80678,8 +93074,8 @@ static int test_session_ticket_hs_update(void)
     /* Read the ticket msg */
     wolfSSL_SetLoggingPrefix("client");
     ExpectIntEQ(wolfSSL_read(ssl_c3, read_data, sizeof(read_data)),
-            WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c3, WOLFSSL_FATAL_ERROR),
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c3, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
 
@@ -80721,8 +93117,8 @@ static void test_dtls_downgrade_scr_server_on_result(WOLFSSL* ssl)
     char testMsg[] = "Message after SCR";
     char msgBuf[sizeof(testMsg)];
     if (wolfSSL_is_server(ssl)) {
-        AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_FATAL_ERROR);
-        AssertIntEQ(wolfSSL_get_error(ssl, -1), APP_DATA_READY);
+        AssertIntEQ(wolfSSL_Rehandshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+        AssertIntEQ(wolfSSL_get_error(ssl, -1), WC_NO_ERR_TRACE(APP_DATA_READY));
         AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf));
         AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS);
         AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
@@ -80781,8 +93177,8 @@ static void test_dtls_downgrade_scr_on_result(WOLFSSL* ssl)
     char testMsg[] = "Message after SCR";
     char msgBuf[sizeof(testMsg)];
     if (wolfSSL_is_server(ssl)) {
-        AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_FATAL_ERROR);
-        AssertIntEQ(wolfSSL_get_error(ssl, -1), APP_DATA_READY);
+        AssertIntEQ(wolfSSL_Rehandshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+        AssertIntEQ(wolfSSL_get_error(ssl, -1), WC_NO_ERR_TRACE(APP_DATA_READY));
         AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf));
         AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS);
         AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
@@ -81240,12 +93636,12 @@ static int test_certreq_sighash_algos(void)
     ExpectIntEQ(wolfSSL_use_certificate_file(ssl_s, "./certs/server-ecc.pem",
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_connect(ssl_c), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
-    ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_accept(ssl_s), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     /* Find the CertificateRequest message */
@@ -81292,7 +93688,8 @@ static int test_certreq_sighash_algos(void)
     return EXPECT_RESULT();
 }
 
-#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+    !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP)
 static int test_revoked_loaded_int_cert_ctx_ready1(WOLFSSL_CTX* ctx)
 {
     EXPECT_DECLS;
@@ -81337,12 +93734,47 @@ static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx)
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     return EXPECT_RESULT();
 }
+
+static int test_revoked_loaded_int_cert_ctx_ready3_crl_missing_cb(int ret,
+        WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm, void* ctx)
+{
+    (void)crl;
+    (void)cm;
+    (void)ctx;
+    if (ret == WC_NO_ERR_TRACE(CRL_MISSING))
+        return 1;
+    return 0;
+}
+
+/* Here we are allowing missing CRL's but want to error out when its revoked */
+static int test_revoked_loaded_int_cert_ctx_ready3(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
+    myVerifyAction = VERIFY_USE_PREVERFIY;
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/intermediate/ca-int-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/intermediate/ca-int2-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
+            WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
+            "./certs/crl/extra-crls/ca-int-cert-revoked.pem",
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_SetCRL_ErrorCb(ctx,
+            test_revoked_loaded_int_cert_ctx_ready3_crl_missing_cb, NULL),
+            WOLFSSL_SUCCESS);
+    return EXPECT_RESULT();
+}
 #endif
 
 static int test_revoked_loaded_int_cert(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+    !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP)
     test_ssl_cbf client_cbf;
     test_ssl_cbf server_cbf;
     struct {
@@ -81357,6 +93789,8 @@ static int test_revoked_loaded_int_cert(void)
             "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2},
         {"./certs/intermediate/server-chain-short.pem",
             "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2},
+        {"./certs/intermediate/server-chain-short.pem",
+            "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready3},
     };
     size_t i;
 
@@ -81374,15 +93808,14 @@ static int test_revoked_loaded_int_cert(void)
         client_cbf.ctx_ready = test_params[i].client_ctx_ready;
 
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
-            &server_cbf, NULL), TEST_FAIL);
-        ExpectIntEQ(client_cbf.last_err, CRL_CERT_REVOKED);
-        ExpectIntEQ(server_cbf.last_err, FATAL_ERROR);
+            &server_cbf, NULL), -1001);
+        ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
+        ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));
 
         if (!EXPECT_SUCCESS())
             break;
         printf("\t%s passed\n", test_params[i].certPemFile);
     }
-
 #endif
     return EXPECT_RESULT();
 }
@@ -81564,6 +93997,20 @@ static int test_dtls_frag_ch(void)
     /* Expect quietly dropping fragmented first CH */
     ExpectIntEQ(test_ctx.c_len, 0);
 
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
+    /* Disable ECH as it pushes it over our MTU */
+    wolfSSL_SetEchEnable(ssl_c, 0);
+#endif
+
+    /* Limit options to make the CH a fixed length */
+    /* See wolfSSL_parse_cipher_list for reason why we provide 1.3 AND 1.2
+     * ciphersuite. This is only necessary when building with OPENSSL_EXTRA. */
+    ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"
+#ifdef OPENSSL_EXTRA
+            ":DHE-RSA-AES256-GCM-SHA384"
+#endif
+            ));
+
     /* CH1 */
     ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
     ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
@@ -81712,6 +94159,144 @@ static int test_dtls_old_seq_number(void)
     return EXPECT_RESULT();
 }
 
+static int test_dtls13_basic_connection_id(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
+    && defined(WOLFSSL_DTLS_CID)
+    unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
+    unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
+    unsigned char readBuf[30];
+    const char* params[] = {
+#ifndef NO_SHA256
+#ifdef WOLFSSL_AES_128
+#ifdef HAVE_AESGCM
+        "TLS13-AES128-GCM-SHA256",
+#endif
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+        "TLS13-CHACHA20-POLY1305-SHA256",
+#endif
+#ifdef HAVE_AESCCM
+        "TLS13-AES128-CCM-8-SHA256",
+        "TLS13-AES128-CCM-SHA256",
+#endif
+#endif
+#ifdef HAVE_NULL_CIPHER
+        "TLS13-SHA256-SHA256",
+#endif
+#endif
+    };
+    size_t i;
+
+    /* We check if the side included the CID in their output */
+#define CLIENT_CID() mymemmem(test_ctx.s_buff, test_ctx.s_len, \
+                              client_cid, sizeof(client_cid))
+#define SERVER_CID() mymemmem(test_ctx.c_buff, test_ctx.c_len, \
+                              server_cid, sizeof(server_cid))
+
+    printf("\n");
+    for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) {
+        WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+        WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+        struct test_memio_ctx test_ctx;
+
+        printf("Testing %s ... ", params[i]);
+
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+        ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
+
+        ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i]), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i]), WOLFSSL_SUCCESS);
+
+        ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1);
+        ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid, sizeof(server_cid)),
+                1);
+        ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1);
+        ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid, sizeof(client_cid)),
+                1);
+
+        /* CH1 */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNull(CLIENT_CID());
+        /* HRR */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNull(SERVER_CID());
+        /* CH2 */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNull(CLIENT_CID());
+        /* Server first flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNotNull(SERVER_CID());
+        /* Client second flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNotNull(CLIENT_CID());
+        /* Server process flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+        /* Client process flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+
+        /* Write some data */
+        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], XSTRLEN(params[i])),
+                XSTRLEN(params[i]));
+        ExpectNotNull(CLIENT_CID());
+        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], XSTRLEN(params[i])),
+                XSTRLEN(params[i]));
+        ExpectNotNull(SERVER_CID());
+        /* Read the data */
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
+                XSTRLEN(params[i]));
+        ExpectStrEQ(readBuf, params[i]);
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
+                XSTRLEN(params[i]));
+        ExpectStrEQ(readBuf, params[i]);
+        /* Write short data */
+        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], 1), 1);
+        ExpectNotNull(CLIENT_CID());
+        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], 1), 1);
+        ExpectNotNull(SERVER_CID());
+        /* Read the short data */
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), 1);
+        ExpectIntEQ(readBuf[0], params[i][0]);
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1);
+        ExpectIntEQ(readBuf[0], params[i][0]);
+
+        /* Close connection */
+        ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+        ExpectNotNull(CLIENT_CID());
+        ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+        ExpectNotNull(SERVER_CID());
+        ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+        ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
+        if (EXPECT_SUCCESS())
+            printf("ok\n");
+        else
+            printf("failed\n");
+
+        wolfSSL_free(ssl_c);
+        wolfSSL_CTX_free(ctx_c);
+        wolfSSL_free(ssl_s);
+        wolfSSL_CTX_free(ctx_s);
+    }
+
+#undef CLIENT_CID
+#undef SERVER_CID
+
+#endif
+    return EXPECT_RESULT();
+}
+
 #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
     defined(HAVE_LIBOQS)
 static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
@@ -81852,7 +94437,7 @@ static int test_tls13_early_data(void)
 
             if (params[i].isUdp) {
                 ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
-                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(APP_DATA_READY));
 
                 /* Read server 0.5-RTT data */
                 ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
@@ -82171,7 +94756,7 @@ static int test_write_dup(void)
 
             ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c));
             ExpectIntEQ(wolfSSL_write(ssl_c, hiWorld, sizeof(hiWorld)),
-                    WRITE_DUP_WRITE_E);
+                    WC_NO_ERR_TRACE(WRITE_DUP_WRITE_E));
             ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)),
                     sizeof(hiWorld));
 
@@ -82181,7 +94766,7 @@ static int test_write_dup(void)
                     sizeof(hiWorld));
 
             ExpectIntEQ(wolfSSL_read(ssl_c2, readData, sizeof(readData)),
-                    WRITE_DUP_READ_E);
+                    WC_NO_ERR_TRACE(WRITE_DUP_READ_E));
             ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)),
                     sizeof(hiWorld));
 
@@ -82695,6 +95280,60 @@ static int test_wolfSSL_SendUserCanceled(void)
 #endif
     return EXPECT_RESULT();
 }
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
+    defined(HAVE_OCSP) && \
+    defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
+    !defined(WOLFSSL_NO_TLS12)
+static int test_ocsp_callback_fails_cb(void* ctx, const char* url, int urlSz,
+                        byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
+{
+    (void)ctx;
+    (void)url;
+    (void)urlSz;
+    (void)ocspReqBuf;
+    (void)ocspReqSz;
+    (void)ocspRespBuf;
+    return -1;
+}
+static int test_ocsp_callback_fails(void)
+{
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    EXPECT_DECLS;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx_c), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx_s), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl_c, WOLFSSL_CSR_OCSP,0), WOLFSSL_SUCCESS);
+    /* override URL to avoid exing from SendCertificateStatus because of no AuthInfo on the certificate */
+    ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx_s, "http://dummy.test"), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx_s, WOLFSSL_OCSP_NO_NONCE    | WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, caCertFile, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_SetOCSP_Cb(ssl_s, test_ocsp_callback_fails_cb, NULL, NULL), WOLFSSL_SUCCESS);
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WC_NO_ERR_TRACE(OCSP_INVALID_STATUS));
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+
+    return EXPECT_RESULT();
+}
+#else
+static int test_ocsp_callback_fails(void)
+{
+    return TEST_SKIPPED;
+}
+#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
+    defined(HAVE_OCSP) && \
+    defined(HAVE_CERTIFICATE_STATUS_REQUEST) */
+
 
 /*----------------------------------------------------------------------------*
  | Main
@@ -83067,9 +95706,12 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_dilithium_make_key),
     TEST_DECL(test_wc_dilithium_sign),
     TEST_DECL(test_wc_dilithium_verify),
+    TEST_DECL(test_wc_dilithium_sign_vfy),
     TEST_DECL(test_wc_dilithium_check_key),
+    TEST_DECL(test_wc_dilithium_public_der_decode),
     TEST_DECL(test_wc_dilithium_der),
     TEST_DECL(test_wc_dilithium_make_key_from_seed),
+    TEST_DECL(test_wc_dilithium_sig_kats),
     TEST_DECL(test_wc_dilithium_verify_kats),
 
     /* Signature API */
@@ -83183,6 +95825,9 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_ASN1_UTCTIME_print),
     TEST_DECL(test_wolfSSL_ASN1_TYPE),
     TEST_DECL(test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS),
+    TEST_DECL(test_wolfSSL_i2d_ASN1_TYPE),
+    TEST_DECL(test_wolfSSL_i2d_ASN1_SEQUENCE),
+    TEST_DECL(test_ASN1_strings),
 
     TEST_DECL(test_wolfSSL_lhash),
 
@@ -83429,6 +96074,10 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_X509_max_name_constraints),
     TEST_DECL(test_wolfSSL_make_cert),
 
+    /* X509 ACERT tests */
+    TEST_DECL(test_wolfSSL_X509_ACERT_verify),
+    TEST_DECL(test_wolfSSL_X509_ACERT_misc_api),
+
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_X509_INFO_multiple_info),
     TEST_DECL(test_wolfSSL_X509_INFO),
@@ -83440,6 +96089,7 @@ TEST_CASE testCases[] = {
 #endif
 
     TEST_DECL(test_wolfSSL_X509_CA_num),
+    TEST_DECL(test_x509_get_key_id),
     TEST_DECL(test_wolfSSL_X509_get_version),
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_X509_print),
@@ -83577,6 +96227,8 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_OCSP_single_get0_status),
     TEST_DECL(test_wolfSSL_OCSP_resp_count),
     TEST_DECL(test_wolfSSL_OCSP_resp_get0),
+    TEST_DECL(test_wolfSSL_OCSP_parse_url),
+    TEST_DECL(test_wolfSSL_OCSP_REQ_CTX),
 
     TEST_DECL(test_wolfSSL_PEM_read),
 
@@ -83732,9 +96384,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_CertManagerCRL),
     TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse),
     TEST_DECL(test_wolfSSL_CheckOCSPResponse),
-#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
-                           !defined(WOLFSSL_NO_CLIENT_AUTH))
+#ifdef HAVE_CERT_CHAIN_VALIDATION
     TEST_DECL(test_various_pathlen_chains),
 #endif
 
@@ -83812,19 +96462,28 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_SSL_CIPHER_get_xxx),
     TEST_DECL(test_wolfSSL_ERR_strings),
     TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes),
+    TEST_DECL(test_wolfSSL_CTX_use_certificate),
     TEST_DECL(test_wolfSSL_CTX_use_certificate_file),
     TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer),
+    TEST_DECL(test_wolfSSL_use_certificate_buffer),
     TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file),
+    TEST_DECL(test_wolfSSL_CTX_use_RSAPrivateKey_file),
+    TEST_DECL(test_wolfSSL_use_RSAPrivateKey_file),
+    TEST_DECL(test_wolfSSL_CTX_use_PrivateKey),
     TEST_DECL(test_wolfSSL_CTX_load_verify_locations),
     /* Large number of memory allocations. */
     TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs),
 
+#ifdef HAVE_CERT_CHAIN_VALIDATION
     TEST_DECL(test_wolfSSL_CertRsaPss),
+#endif
     TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex),
     TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex),
     TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format),
     TEST_DECL(test_wolfSSL_CTX_add1_chain_cert),
+    TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_buffer_format),
     TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_file_format),
+    TEST_DECL(test_wolfSSL_use_certificate_chain_file),
     TEST_DECL(test_wolfSSL_CTX_trust_peer_cert),
     TEST_DECL(test_wolfSSL_CTX_LoadCRL),
     TEST_DECL(test_multiple_crls_same_issuer),
@@ -83927,6 +96586,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_UseOCSPStapling),
     TEST_DECL(test_wolfSSL_UseOCSPStaplingV2),
     TEST_DECL(test_self_signed_stapling),
+    TEST_DECL(test_ocsp_callback_fails),
 
     /* Multicast */
     TEST_DECL(test_wolfSSL_mcast),
@@ -83954,6 +96614,7 @@ TEST_CASE testCases[] = {
     /* Can't memory test as server Asserts in thread. */
     TEST_DECL(test_wolfSSL_BIO_accept),
     TEST_DECL(test_wolfSSL_BIO_tls),
+    TEST_DECL(test_wolfSSL_BIO_datagram),
 #endif
 
 #if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12)
@@ -84005,6 +96666,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_extra_alerts_wrong_cs),
     TEST_DECL(test_extra_alerts_skip_hs),
     TEST_DECL(test_extra_alerts_bad_psk),
+    TEST_DECL(test_multiple_alerts_EAGAIN),
     TEST_DECL(test_tls13_bad_psk_binder),
     /* Can't memory test as client/server Asserts. */
     TEST_DECL(test_harden_no_secure_renegotiation),
@@ -84036,6 +96698,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_dtls13_frag_ch_pq),
     TEST_DECL(test_dtls_empty_keyshare_with_cookie),
     TEST_DECL(test_dtls_old_seq_number),
+    TEST_DECL(test_dtls13_basic_connection_id),
     TEST_DECL(test_tls13_pq_groups),
     TEST_DECL(test_tls13_early_data),
     TEST_DECL(test_tls_multi_handshakes_one_record),
diff --git a/tests/hash.c b/tests/hash.c
index a2ecf58b5e..1ebbc61998 100644
--- a/tests/hash.c
+++ b/tests/hash.c
@@ -1,6 +1,6 @@
 /* hash.c has unit tests
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/tests/quic.c b/tests/quic.c
index 30da859f36..5fa744f683 100644
--- a/tests/quic.c
+++ b/tests/quic.c
@@ -1,6 +1,6 @@
 /* quic.c QUIC unit tests
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -853,7 +853,7 @@ static void check_crypto_records(QuicTestContext *from, OutputBuffer *out, int i
                 rec_name = "Finished";
                 break;
             default:
-                sprintf(lbuffer, "%d", rec_type);
+                (void)XSNPRINTF(lbuffer, sizeof(lbuffer), "%d", rec_type);
                 rec_name = lbuffer;
                 break;
         }
@@ -949,7 +949,7 @@ static int QuicConversation_start(QuicConversation *conv, const byte *data,
     else {
         ret = wolfSSL_connect(conv->client->ssl);
         if (ret != WOLFSSL_SUCCESS) {
-            AssertIntEQ(wolfSSL_get_error(conv->client->ssl, 0), SSL_ERROR_WANT_READ);
+            AssertIntEQ(wolfSSL_get_error(conv->client->ssl, 0), WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
         }
         if (pwritten) *pwritten = 0;
     }
@@ -964,9 +964,9 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
     if (!conv->started) {
         n = wolfSSL_connect(conv->client->ssl);
         if (n != WOLFSSL_SUCCESS
-            && wolfSSL_get_error(conv->client->ssl, 0) != SSL_ERROR_WANT_READ) {
+            && wolfSSL_get_error(conv->client->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) {
             if (may_fail) return 0;
-            AssertIntEQ(SSL_ERROR_WANT_READ, wolfSSL_get_error(conv->client->ssl, 0));
+            AssertIntEQ(WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ), wolfSSL_get_error(conv->client->ssl, 0));
         }
         conv->started = 1;
     }
@@ -974,9 +974,9 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
         QuicTestContext_forward(conv->server, conv->client, conv->rec_log, sizeof(conv->rec_log));
         n = wolfSSL_quic_read_write(conv->client->ssl);
         if (n != WOLFSSL_SUCCESS
-            && wolfSSL_get_error(conv->client->ssl, 0) != SSL_ERROR_WANT_READ) {
+            && wolfSSL_get_error(conv->client->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) {
             if (may_fail) return 0;
-            AssertIntEQ(SSL_ERROR_WANT_READ, wolfSSL_get_error(conv->client->ssl, 0));
+            AssertIntEQ(WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ), wolfSSL_get_error(conv->client->ssl, 0));
         }
         return 1;
     }
@@ -990,9 +990,9 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
                                         (int)(sizeof(conv->early_data) - conv->early_data_len),
                                         &written);
             if (n < 0) {
-                if (wolfSSL_get_error(conv->server->ssl, 0) != SSL_ERROR_WANT_READ) {
+                if (wolfSSL_get_error(conv->server->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) {
                     if (may_fail) return 0;
-                    AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), SSL_ERROR_WANT_READ);
+                    AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
                 }
             }
             else if (n > 0) {
@@ -1006,9 +1006,9 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
         {
             n = wolfSSL_quic_read_write(conv->server->ssl);
             if (n != WOLFSSL_SUCCESS
-                && wolfSSL_get_error(conv->server->ssl, 0) != SSL_ERROR_WANT_READ) {
+                && wolfSSL_get_error(conv->server->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) {
                 if (may_fail) return 0;
-                AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), SSL_ERROR_WANT_READ);
+                AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
             }
         }
         return 1;
@@ -1070,7 +1070,7 @@ static int test_quic_client_hello(int verbose) {
     /* Without any QUIC transport params, this needs to fail */
     AssertTrue(wolfSSL_set_quic_transport_params(tctx.ssl, NULL, 0) == WOLFSSL_SUCCESS);
     AssertTrue(wolfSSL_quic_read_write(tctx.ssl) != 0);
-    AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), QUIC_TP_MISSING_E);
+    AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), WC_NO_ERR_TRACE(QUIC_TP_MISSING_E));
     QuicTestContext_free(&tctx);
 
     /* Set transport params, expect both extensions */
@@ -1080,7 +1080,7 @@ static int test_quic_client_hello(int verbose) {
                    "wolfssl.com", sizeof("wolfssl.com")-1);
 #endif
     AssertTrue(wolfSSL_connect(tctx.ssl) != 0);
-    AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), SSL_ERROR_WANT_READ);
+    AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
     check_quic_client_hello_tp(&tctx.output, 1, 1);
     QuicTestContext_free(&tctx);
 
@@ -1349,8 +1349,8 @@ static int test_quic_key_share(int verbose) {
                == WOLFSSL_SUCCESS);
     QuicConversation_init(&conv, &tclient, &tserver);
     QuicConversation_fail(&conv);
-    AssertIntEQ(wolfSSL_get_error(tserver.ssl, 0), SSL_ERROR_WANT_READ);
-    AssertIntEQ(wolfSSL_get_error(tclient.ssl, 0), BAD_KEY_SHARE_DATA);
+    AssertIntEQ(wolfSSL_get_error(tserver.ssl, 0), WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
+    AssertIntEQ(wolfSSL_get_error(tclient.ssl, 0), WC_NO_ERR_TRACE(BAD_KEY_SHARE_DATA));
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
     printf("    test_quic_key_share: no match ok\n");
diff --git a/tests/srp.c b/tests/srp.c
index a890f3cc1b..649a86efca 100644
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -1,6 +1,6 @@
 /* srp.c SRP unit tests
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -126,11 +126,11 @@ static void test_SrpInit(void)
     Srp srp;
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT,
                                          SRP_CLIENT_SIDE));
     /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT,
                                          (SrpSide)255));
     /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
 
@@ -147,8 +147,8 @@ static void test_SrpSetUsername(void)
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL, usernameSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetUsername(NULL, username, usernameSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetUsername(&srp, NULL, usernameSz));
 
     /* success */
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
@@ -165,7 +165,7 @@ static void test_SrpSetParams(void)
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpSetParams(&srp,
                                                   srp_N,    sizeof(srp_N),
                                                   srp_g,    sizeof(srp_g),
                                                   srp_salt, sizeof(srp_salt)));
@@ -174,19 +174,19 @@ static void test_SrpSetParams(void)
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(NULL,
                                               srp_N,    sizeof(srp_N),
                                               srp_g,    sizeof(srp_g),
                                               srp_salt, sizeof(srp_salt)));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp,
                                               NULL,     sizeof(srp_N),
                                               srp_g,    sizeof(srp_g),
                                               srp_salt, sizeof(srp_salt)));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp,
                                               srp_N,    sizeof(srp_N),
                                               NULL,      sizeof(srp_g),
                                               srp_salt, sizeof(srp_salt)));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp,
                                               srp_N,    sizeof(srp_N),
                                               srp_g,    sizeof(srp_g),
                                               NULL,     sizeof(srp_salt)));
@@ -215,9 +215,9 @@ static void test_SrpSetPassword(void)
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E),
                 wc_SrpSetPassword(&srp, password, passwordSz));
-    AssertIntEQ(SRP_CALL_ORDER_E,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E),
                 wc_SrpGetVerifier(&srp, v, &vSz));
 
     /* fix call order */
@@ -226,16 +226,16 @@ static void test_SrpSetPassword(void)
                                          srp_salt, sizeof(srp_salt)));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(NULL, password, passwordSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(&srp, NULL,     passwordSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetPassword(NULL, password, passwordSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetPassword(&srp, NULL,     passwordSz));
 
     /* success */
     AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(NULL, v,    &vSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(&srp, NULL, &vSz));
-    AssertIntEQ(BUFFER_E,     wc_SrpGetVerifier(&srp, v,    &vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetVerifier(NULL, v,    &vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetVerifier(&srp, NULL, &vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),     wc_SrpGetVerifier(&srp, v,    &vSz));
 
     /* success */
     vSz = sizeof(v);
@@ -244,14 +244,14 @@ static void test_SrpSetPassword(void)
     AssertIntEQ(0, XMEMCMP(srp_verifier, v, vSz));
 
     /* invalid params - client side srp */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, v, vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(&srp, v, vSz));
 
     wc_SrpTerm(&srp);
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(NULL, v,    vSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, NULL, vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(NULL, v,    vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(&srp, NULL, vSz));
 
     /* success */
     AssertIntEQ(0, wc_SrpSetVerifier(&srp, v, vSz));
@@ -273,16 +273,16 @@ static void test_SrpGetPublic(void)
                                          srp_salt, sizeof(srp_salt)));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* fix call order */
     AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, pub, &pubSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL,   &pubSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, pub, NULL));
-    AssertIntEQ(BUFFER_E,     wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(NULL, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(&srp, NULL,   &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(&srp, pub, NULL));
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),     wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* success */
     pubSz = sizeof(pub);
@@ -300,7 +300,7 @@ static void test_SrpGetPublic(void)
                                          srp_salt, sizeof(srp_salt)));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* fix call order */
     AssertIntEQ(0, wc_SrpSetVerifier(&srp, srp_verifier, sizeof(srp_verifier)));
@@ -328,7 +328,7 @@ static void test_SrpComputeKey(void)
     AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpComputeKey(&cli,
                                                    clientPubKey, clientPubKeySz,
                                                    serverPubKey, serverPubKeySz));
 
@@ -354,19 +354,19 @@ static void test_SrpComputeKey(void)
     AssertIntEQ(0, XMEMCMP(serverPubKey, srp_B, serverPubKeySz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(NULL,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(NULL,
                                                clientPubKey, clientPubKeySz,
                                                serverPubKey, serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                NULL,         clientPubKeySz,
                                                serverPubKey, serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                clientPubKey, 0,
                                                serverPubKey, serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                clientPubKey, clientPubKeySz,
                                                NULL,         serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                clientPubKey, clientPubKeySz,
                                                serverPubKey, 0));
 
@@ -432,16 +432,16 @@ static void test_SrpGetProofAndVerify(void)
 
     /* invalid params */
     serverProofSz = 0;
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(NULL, clientProof,&clientProofSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, NULL,       &clientProofSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, clientProof,NULL));
-    AssertIntEQ(BUFFER_E,     wc_SrpGetProof(&srv, serverProof,&serverProofSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(NULL, clientProof,&clientProofSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(&cli, NULL,       &clientProofSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(&cli, clientProof,NULL));
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),     wc_SrpGetProof(&srv, serverProof,&serverProofSz));
 
-    AssertIntEQ(BAD_FUNC_ARG,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG),
                 wc_SrpVerifyPeersProof(NULL, clientProof, clientProofSz));
-    AssertIntEQ(BAD_FUNC_ARG,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG),
                 wc_SrpVerifyPeersProof(&cli, NULL,        clientProofSz));
-    AssertIntEQ(BUFFER_E,
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),
                 wc_SrpVerifyPeersProof(&srv, serverProof, serverProofSz));
     serverProofSz = SRP_MAX_DIGEST_SIZE;
 
diff --git a/tests/suites.c b/tests/suites.c
index 7e26c3e6bc..7328789f46 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -1,6 +1,6 @@
 /* suites.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -172,6 +172,41 @@ static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
     return valid;
 }
 
+#ifdef WOLFSSL_HAVE_KYBER
+static int IsKyberLevelAvailable(const char* line)
+{
+    int available = 0;
+    const char* find = "--pqc ";
+    const char* begin = strstr(line, find);
+    const char* end;
+
+    if (begin != NULL) {
+        begin += 6;
+        end = XSTRSTR(begin, " ");
+
+        if ((size_t)end - (size_t)begin == 12) {
+        #ifndef WOLFSSL_NO_KYBER512
+            if (XSTRNCMP(begin, "KYBER_LEVEL1", 12) == 0) {
+                available = 1;
+            }
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRNCMP(begin, "KYBER_LEVEL3", 12) == 0) {
+                available = 1;
+            }
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRNCMP(begin, "KYBER_LEVEL5", 12) == 0) {
+                available = 1;
+            }
+        #endif
+        }
+    }
+
+    return (begin == NULL) || available;
+}
+#endif
+
 static int IsValidCert(const char* line)
 {
     int ret = 1;
@@ -356,6 +391,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
         #endif
         return NOT_BUILT_IN;
     }
+#ifdef WOLFSSL_HAVE_KYBER
+    if (!IsKyberLevelAvailable(commandLine)) {
+        #ifdef DEBUG_SUITE_TESTS
+            printf("Kyber level not supported in build: %s\n", commandLine);
+        #endif
+        return NOT_BUILT_IN;
+    }
+#endif
     if (!IsValidCert(commandLine)) {
         #ifdef DEBUG_SUITE_TESTS
             printf("certificate %s not supported in build\n", commandLine);
@@ -1060,7 +1103,9 @@ int SuiteTest(int argc, char** argv)
 #if defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_CUSTOM_CURVES) && \
     defined(HAVE_ECC_KOBLITZ) && defined(HAVE_ECC_BRAINPOOL) && \
         /* Intel QuickAssist and Cavium Nitrox do not support custom curves */ \
-        !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V)
+        !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V) && \
+        /* only supported with newer ASN template code */ \
+        defined(WOLFSSL_ASN_TEMPLATE)
 
     /* TLS non-NIST curves (Koblitz / Brainpool) */
     XSTRLCPY(argv0[1], "tests/test-ecc-cust-curves.conf", sizeof(argv0[1]));
@@ -1301,7 +1346,7 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
-#endif /* HAVE_RSA and HAVE_ECC */
+#endif /* !NO__RSA and HAVE_ECC */
 #endif /* !WC_STRICT_SIG */
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) && \
     (defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM))
diff --git a/tests/test-ecc-cust-curves.conf b/tests/test-ecc-cust-curves.conf
index 697d96796e..6f24783e86 100644
--- a/tests/test-ecc-cust-curves.conf
+++ b/tests/test-ecc-cust-curves.conf
@@ -179,3 +179,19 @@
 -k ./certs/ecc/bp256r1-key.pem
 -A ./certs/ecc/server-bp256r1-cert.pem
 -C
+
+# -- SECP256K1 without OID inside PKCS#8 --
+# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
+-v 3
+-l ECDHE-ECDSA-AES128-GCM-SHA256
+-c ./certs/ecc/server2-secp256k1-cert.pem
+-k ./certs/ecc/secp256k1-privkey.pem
+-d
+
+# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
+-v 3
+-l ECDHE-ECDSA-AES128-GCM-SHA256
+-A ./certs/ecc/ca-secp256k1-cert.pem
+-x
+-C
+
diff --git a/tests/unit.c b/tests/unit.c
index 2296c9fff4..870be9875c 100644
--- a/tests/unit.c
+++ b/tests/unit.c
@@ -1,6 +1,6 @@
 /* unit.c API unit tests driver
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -251,16 +251,14 @@ int unit_test(int argc, char** argv)
         SrpTest();
     }
 
-#ifndef NO_WOLFSSL_CIPHER_SUITE_TEST
-#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
-#ifndef SINGLE_THREADED
+#if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(SINGLE_THREADED)
     if ((ret = SuiteTest(argc, argv)) != 0) {
         fprintf(stderr, "suite test failed with %d\n", ret);
         goto exit;
     }
 #endif
-#endif
-#endif /* NO_WOLFSSL_CIPHER_SUITE_TEST */
 
 exit:
 #ifdef HAVE_WNR
diff --git a/tests/unit.h b/tests/unit.h
index 061e84d830..63825bc237 100644
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -1,6 +1,6 @@
 /* unit.c API unit tests driver
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,8 +20,8 @@
  */
 
 
-#ifndef CyaSSL_UNIT_H
-#define CyaSSL_UNIT_H
+#ifndef TESTS_UNIT_H
+#define TESTS_UNIT_H
 
 #include <wolfssl/ssl.h>
 #include <wolfssl/test.h>    /* thread and tcp stuff */
@@ -121,27 +121,55 @@
 #define AssertPtrGE(x, y) AssertPtr(x, y, >=,  <)
 #define AssertPtrLE(x, y) AssertPtr(x, y, <=,  >)
 
+#define TEST_FAIL               0
+#define TEST_SUCCESS            1
+#define TEST_SUCCESS_NO_MSGS    2
+#define TEST_SKIPPED            3  /* Test skipped - not run. */
+#define TEST_SKIPPED_NO_MSGS    4  /* Test skipped - not run. */
 
 #define EXPECT_DECLS \
-    int _ret = TEST_SKIPPED
+    int _ret = TEST_SKIPPED, _fail_codepoint_id = TEST_FAIL
+#define EXPECT_DECLS_NO_MSGS(fail_codepoint_offset)     \
+    int _ret = TEST_SKIPPED_NO_MSGS,                    \
+        _fail_codepoint_id = (fail_codepoint_offset)
+#define EXPECT_FAILURE_CODEPOINT_ID _fail_codepoint_id
 #define EXPECT_RESULT() \
-    _ret
+    ((void)_fail_codepoint_id,                                          \
+     _ret == TEST_SUCCESS_NO_MSGS ? TEST_SUCCESS :                      \
+     _ret == TEST_SKIPPED_NO_MSGS ? TEST_SKIPPED :                      \
+     _ret)
 #define EXPECT_SUCCESS() \
-    (_ret == TEST_SUCCESS)
+    ((_ret == TEST_SUCCESS) ||                                          \
+     (_ret == TEST_SKIPPED) ||                                          \
+     (_ret == TEST_SUCCESS_NO_MSGS) ||                                  \
+     (_ret == TEST_SKIPPED_NO_MSGS))
 #define EXPECT_FAIL() \
-    (_ret == TEST_FAIL)
-
-#define ExpFail(description, result) do {                                      \
-    printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__);           \
-    fputs("\n    expected: ", stdout); printf description;                     \
-    fputs("\n    result:   ", stdout); printf result; fputs("\n\n", stdout);   \
-    fflush(stdout);                                                            \
-    _ret = TEST_FAIL;                                                          \
+    (! EXPECT_SUCCESS())
+
+#define ExpFail(description, result) do {                                    \
+    if ((_ret == TEST_SUCCESS_NO_MSGS) || (_ret == TEST_SKIPPED_NO_MSGS))    \
+        _ret = _fail_codepoint_id;                                           \
+    else {                                                                   \
+        printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__);     \
+        fputs("\n    expected: ", stdout); printf description;               \
+        fputs("\n    result:   ", stdout); printf result;                    \
+        fputs("\n\n", stdout);                                               \
+        fflush(stdout);                                                      \
+        _ret = TEST_FAIL;                                                    \
+    }                                                                        \
 } while (0)
 
-#define Expect(test, description, result) do {                                 \
-    if (_ret != TEST_FAIL) { if (!(test)) ExpFail(description, result);        \
-                             else _ret = TEST_SUCCESS; }                       \
+#define Expect(test, description, result) do {                               \
+    if (EXPECT_SUCCESS()) {                                                  \
+        if (!(test))                                                         \
+            ExpFail(description, result);                                    \
+        else if (_ret == TEST_SKIPPED_NO_MSGS)                               \
+            _ret = TEST_SUCCESS_NO_MSGS;                                     \
+        else                                                                 \
+            _ret = TEST_SUCCESS;                                             \
+    }                                                                        \
+    if (_ret == TEST_SUCCESS_NO_MSGS)                                        \
+        --_fail_codepoint_id;                                                \
 } while (0)
 
 #define ExpectTrue(x)    Expect( (x), ("%s is true",     #x), (#x " => FALSE"))
@@ -149,14 +177,14 @@
 #define ExpectNotNull(x) Expect( (x), ("%s is not null", #x), (#x " => NULL"))
 
 #define ExpectNull(x) do {                                                     \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         PEDANTIC_EXTENSION void* _x = (void*)(x);                              \
         Expect(!_x, ("%s is null", #x), (#x " => %p", _x));                    \
     }                                                                          \
 } while(0)
 
 #define ExpectInt(x, y, op, er) do {                                           \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         int _x = (int)(x);                                                     \
         int _y = (int)(y);                                                     \
         Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%d " #er " %d", _x, _y));\
@@ -171,7 +199,7 @@
 #define ExpectIntLE(x, y) ExpectInt(x, y, <=,  >)
 
 #define ExpectStr(x, y, op, er) do {                                           \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         const char* _x = (const char*)(x);                                     \
         const char* _y = (const char*)(y);                                     \
         int         _z = (_x && _y) ? XSTRCMP(_x, _y) : -1;                    \
@@ -188,7 +216,7 @@
 #define ExpectStrLE(x, y) ExpectStr(x, y, <=,  >)
 
 #define ExpectPtr(x, y, op, er) do {                                           \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         PRAGMA_DIAG_PUSH                                                       \
           /* remarkably, without this inhibition, */                           \
           /* the _Pragma()s make the declarations warn. */                     \
@@ -211,7 +239,7 @@
 #define ExpectPtrLE(x, y) ExpectPtr(x, y, <=,  >)
 
 #define ExpectBuf(x, y, z, op, er) do {                                        \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         const byte* _x = (const byte*)(x);                                     \
         const byte* _y = (const byte*)(y);                                     \
         int         _z = (int)(z);                                             \
@@ -306,4 +334,4 @@ int w64wrapper_test(void);
 int QuicTest(void);
 
 
-#endif /* CyaSSL_UNIT_H */
+#endif /* TESTS_UNIT_H */
diff --git a/tests/utils.h b/tests/utils.h
index 7c715f49ab..8747ce4e53 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -1,6 +1,6 @@
 /* utils.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -124,25 +124,6 @@ int link_file(const char* in, const char* out)
 #endif
 #endif /* !NO_FILESYSTEM */
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
-
-/* This set of memio functions allows for more fine tuned control of the TLS
- * connection operations. For new tests, try to use ssl_memio first. */
-
-/* To dump the memory in gdb use
- *   dump memory client.bin test_ctx.c_buff test_ctx.c_buff+test_ctx.c_len
- *   dump memory server.bin test_ctx.s_buff test_ctx.s_buff+test_ctx.s_len
- * This can be imported into Wireshark by transforming the file with
- *   od -Ax -tx1 -v client.bin > client.bin.hex
- *   od -Ax -tx1 -v server.bin > server.bin.hex
- * And then loading test_output.dump.hex into Wireshark using the
- * "Import from Hex Dump..." option ion and selecting the TCP
- * encapsulation option.
- */
-
-#define HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES
-
 #define TEST_MEMIO_BUF_SZ (64 * 1024)
 struct test_memio_ctx
 {
@@ -153,7 +134,6 @@ struct test_memio_ctx
     int s_len;
     const char* s_ciphers;
 };
-
 int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
     int max_rounds, int *rounds);
 int test_memio_setup(struct test_memio_ctx *ctx,
@@ -165,228 +145,6 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx,
     byte *caCert, int caCertSz, byte *serverCert, int serverCertSz,
     byte *serverKey, int serverKeySz);
 
-
-static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz,
-    void *ctx)
-{
-    struct test_memio_ctx *test_ctx;
-    byte *buf;
-    int *len;
-
-    test_ctx = (struct test_memio_ctx*)ctx;
-
-    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
-        buf = test_ctx->c_buff;
-        len = &test_ctx->c_len;
-    }
-    else {
-        buf = test_ctx->s_buff;
-        len = &test_ctx->s_len;
-    }
-
-    if ((unsigned)(*len + sz) > TEST_MEMIO_BUF_SZ)
-        return WOLFSSL_CBIO_ERR_WANT_WRITE;
-
-#ifdef WOLFSSL_DUMP_MEMIO_STREAM
-    {
-        WOLFSSL_BIO *dump_file = wolfSSL_BIO_new_file("test_memio.dump", "a");
-        if (dump_file != NULL) {
-            (void)wolfSSL_BIO_write(dump_file, data, sz);
-            wolfSSL_BIO_free(dump_file);
-        }
-    }
-#endif
-    XMEMCPY(buf + *len, data, (size_t)sz);
-    *len += sz;
-
-    return sz;
-}
-
-static WC_INLINE int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz,
-    void *ctx)
-{
-    struct test_memio_ctx *test_ctx;
-    int read_sz;
-    byte *buf;
-    int *len;
-
-    test_ctx = (struct test_memio_ctx*)ctx;
-
-    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
-        buf = test_ctx->s_buff;
-        len = &test_ctx->s_len;
-    }
-    else {
-        buf = test_ctx->c_buff;
-        len = &test_ctx->c_len;
-    }
-
-    if (*len == 0)
-        return WOLFSSL_CBIO_ERR_WANT_READ;
-
-    read_sz = sz < *len ? sz : *len;
-
-    XMEMCPY(data, buf, (size_t)read_sz);
-    XMEMMOVE(buf, buf + read_sz,(size_t) (*len - read_sz));
-
-    *len -= read_sz;
-
-    return read_sz;
-}
-
-int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
-    int max_rounds, int *rounds)
-{
-    byte handshake_complete = 0, hs_c = 0, hs_s = 0;
-    int ret, err;
-
-    if (rounds != NULL)
-        *rounds = 0;
-    while (!handshake_complete && max_rounds > 0) {
-        if (!hs_c) {
-            wolfSSL_SetLoggingPrefix("client");
-            ret = wolfSSL_connect(ssl_c);
-            wolfSSL_SetLoggingPrefix(NULL);
-            if (ret == WOLFSSL_SUCCESS) {
-                hs_c = 1;
-            }
-            else {
-                err = wolfSSL_get_error(ssl_c, ret);
-                if (err != WOLFSSL_ERROR_WANT_READ &&
-                    err != WOLFSSL_ERROR_WANT_WRITE)
-                    return -1;
-            }
-        }
-        if (!hs_s) {
-            wolfSSL_SetLoggingPrefix("server");
-            ret = wolfSSL_accept(ssl_s);
-            wolfSSL_SetLoggingPrefix(NULL);
-            if (ret == WOLFSSL_SUCCESS) {
-                hs_s = 1;
-            }
-            else {
-                err = wolfSSL_get_error(ssl_s, ret);
-                if (err != WOLFSSL_ERROR_WANT_READ &&
-                    err != WOLFSSL_ERROR_WANT_WRITE)
-                    return -1;
-            }
-        }
-        handshake_complete = hs_c && hs_s;
-        max_rounds--;
-        if (rounds != NULL)
-            *rounds = *rounds + 1;
-    }
-
-    if (!handshake_complete)
-        return -1;
-
-    return 0;
-}
-
-int test_memio_setup_ex(struct test_memio_ctx *ctx,
-    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
-    method_provider method_c, method_provider method_s,
-    byte *caCert, int caCertSz, byte *serverCert, int serverCertSz,
-    byte *serverKey, int serverKeySz)
-{
-    int ret;
-    (void)caCert;
-    (void)caCertSz;
-    (void)serverCert;
-    (void)serverCertSz;
-    (void)serverKey;
-    (void)serverKeySz;
-
-    if (ctx_c != NULL && *ctx_c == NULL) {
-        *ctx_c = wolfSSL_CTX_new(method_c());
-        if (*ctx_c == NULL)
-            return -1;
-#ifndef NO_CERTS
-        if (caCert == NULL) {
-            ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
-        }
-        else {
-            ret = wolfSSL_CTX_load_verify_buffer(*ctx_c, caCert, (long)caCertSz,
-                                                 WOLFSSL_FILETYPE_ASN1);
-        }
-        if (ret != WOLFSSL_SUCCESS)
-            return -1;
-#endif /* NO_CERTS */
-        wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
-        wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
-        if (ctx->c_ciphers != NULL) {
-            ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers);
-            if (ret != WOLFSSL_SUCCESS)
-                return -1;
-        }
-    }
-
-    if (ctx_s != NULL && *ctx_s == NULL) {
-        *ctx_s = wolfSSL_CTX_new(method_s());
-        if (*ctx_s == NULL)
-            return -1;
-#ifndef NO_CERTS
-        if (serverKey == NULL) {
-            ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
-                WOLFSSL_FILETYPE_PEM);
-        }
-        else {
-            ret = wolfSSL_CTX_use_PrivateKey_buffer(*ctx_s, serverKey,
-                (long)serverKeySz, WOLFSSL_FILETYPE_ASN1);
-        }
-        if (ret != WOLFSSL_SUCCESS)
-            return- -1;
-
-        if (serverCert == NULL) {
-            ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
-                                                   WOLFSSL_FILETYPE_PEM);
-        }
-        else {
-            ret = wolfSSL_CTX_use_certificate_chain_buffer_format(*ctx_s,
-                serverCert, (long)serverCertSz, WOLFSSL_FILETYPE_ASN1);
-        }
-        if (ret != WOLFSSL_SUCCESS)
-            return -1;
-#endif /* NO_CERTS */
-        wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
-        wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
-        if (ctx->s_ciphers != NULL) {
-            ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
-            if (ret != WOLFSSL_SUCCESS)
-                return -1;
-        }
-    }
-
-    if (ctx_c != NULL && ssl_c != NULL) {
-        *ssl_c = wolfSSL_new(*ctx_c);
-        if (*ssl_c == NULL)
-            return -1;
-        wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
-        wolfSSL_SetIOReadCtx(*ssl_c, ctx);
-    }
-    if (ctx_s != NULL && ssl_s != NULL) {
-        *ssl_s = wolfSSL_new(*ctx_s);
-        if (*ssl_s == NULL)
-            return -1;
-        wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
-        wolfSSL_SetIOReadCtx(*ssl_s, ctx);
-#if !defined(NO_DH)
-        SetDH(*ssl_s);
-#endif
-    }
-
-    return 0;
-}
-
-int test_memio_setup(struct test_memio_ctx *ctx,
-    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
-    method_provider method_c, method_provider method_s)
-{
-    return test_memio_setup_ex(ctx, ctx_c, ctx_s, ssl_c, ssl_s, method_c,
-                               method_s, NULL, 0, NULL, 0, NULL, 0);
-}
-#endif
-
 #if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND)
 void signal_ready(tcp_ready* ready)
 {
diff --git a/tests/w64wrapper.c b/tests/w64wrapper.c
index 926de49d14..ffaa57cad8 100644
--- a/tests/w64wrapper.c
+++ b/tests/w64wrapper.c
@@ -1,6 +1,6 @@
 /* w64wrapper.c w64wrapper unit tests
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c
index b51f5ab4c2..3e0986e155 100644
--- a/testsuite/testsuite.c
+++ b/testsuite/testsuite.c
@@ -1,6 +1,6 @@
 /* testsuite.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -300,7 +300,7 @@ static int test_crl_monitor(void)
 
     printf("\nRunning CRL monitor test\n");
 
-    sprintf(rounds, "%d", CRL_MONITOR_TEST_ROUNDS);
+    (void)XSNPRINTF(rounds, sizeof(rounds), "%d", CRL_MONITOR_TEST_ROUNDS);
 
     XMEMSET(&server_args, 0, sizeof(func_args));
     XMEMSET(&client_args, 0, sizeof(func_args));
@@ -320,18 +320,19 @@ static int test_crl_monitor(void)
     InitTcpReady(&ready);
     start_thread(server_test, &server_args, &serverThread);
     wait_tcp_ready(&server_args);
-    sprintf(portNum, "%d", server_args.signal->port);
+    (void)XSNPRINTF(portNum, sizeof(portNum), "%d", server_args.signal->port);
 
     for (i = 0; i < CRL_MONITOR_TEST_ROUNDS; i++) {
         int expectFail;
         if (i % 2 == 0) {
+
             /* succeed on even rounds */
-            sprintf(buf, "%s/%s", tmpDir, "crl.pem");
+            (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem");
             if (STAGE_FILE("certs/crl/crl.pem", buf) != 0) {
                 fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf);
                 goto cleanup;
             }
-            sprintf(buf, "%s/%s", tmpDir, "crl.revoked");
+            (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked");
             /* The monitor can be holding the file handle and this will cause
              * the remove call to fail. Let's give the monitor a some time to
              * finish up. */
@@ -349,12 +350,12 @@ static int test_crl_monitor(void)
         }
         else {
             /* fail on odd rounds */
-            sprintf(buf, "%s/%s", tmpDir, "crl.revoked");
+            (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked");
             if (STAGE_FILE("certs/crl/crl.revoked", buf) != 0) {
                 fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf);
                 goto cleanup;
             }
-            sprintf(buf, "%s/%s", tmpDir, "crl.pem");
+            (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem");
             /* The monitor can be holding the file handle and this will cause
              * the remove call to fail. Let's give the monitor a some time to
              * finish up. */
@@ -395,9 +396,9 @@ static int test_crl_monitor(void)
 cleanup:
     if (ret != 0 && i >= 0)
         fprintf(stderr, "test_crl_monitor failed on iteration %d\n", i);
-    sprintf(buf, "%s/%s", tmpDir, "crl.pem");
+    (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem");
     rem_file(buf);
-    sprintf(buf, "%s/%s", tmpDir, "crl.revoked");
+    (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked");
     rem_file(buf);
     (void)rem_dir(tmpDir);
     return ret;
diff --git a/wolfcrypt/benchmark/README.md b/wolfcrypt/benchmark/README.md
index 6e2bed942f..269b9af9dc 100644
--- a/wolfcrypt/benchmark/README.md
+++ b/wolfcrypt/benchmark/README.md
@@ -11,9 +11,9 @@ Tool for performing cryptographic algorithm benchmarking.
 
 Compile with the following options for fixed units. Otherwise the units will auto-scale. See `-base10` parameter option, below.
 
-`-DWOLFSSL_BENCHMARK_FIXED_UNITS_GB` for GB/GiB  
-`-DWOLFSSL_BENCHMARK_FIXED_UNITS_MB` for MB/MiB  
-`-DWOLFSSL_BENCHMARK_FIXED_UNITS_KB` for KB/KiB  
+`-DWOLFSSL_BENCHMARK_FIXED_UNITS_GB` for GB/GiB
+`-DWOLFSSL_BENCHMARK_FIXED_UNITS_MB` for MB/MiB
+`-DWOLFSSL_BENCHMARK_FIXED_UNITS_KB` for KB/KiB
 `-DWOLFSSL_BENCHMARK_FIXED_UNITS_B` for Bytes
 
 To set the output to always be CSV:
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 95291d1d95..60f500c432 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -172,7 +172,7 @@
     #ifdef WOLFSSL_WC_KYBER
         #include <wolfssl/wolfcrypt/wc_kyber.h>
     #endif
-    #if defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
+    #if defined(HAVE_LIBOQS)
         #include <wolfssl/wolfcrypt/ext_kyber.h>
     #endif
 #endif
@@ -220,6 +220,9 @@
     #ifdef HAVE_RENESAS_SYNC
         #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
     #endif
+    #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+        #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    #endif
 #endif
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -526,7 +529,7 @@
                wc_GetErrorString(err));
         printf("%shash = %s\n", ok ? info_prefix : err_prefix, hash);
 
-        if (err == IN_CORE_FIPS_E) {
+        if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
             printf("%sIn core integrity hash check failure, copy above hash\n",
                    err_prefix);
             printf("%sinto verifyCore[] in fips_test.c and rebuild\n",
@@ -685,6 +688,11 @@
 #define BENCH_KYBER1024                 0x00000080
 #define BENCH_KYBER                     (BENCH_KYBER512 | BENCH_KYBER768 | \
                                          BENCH_KYBER1024)
+#define BENCH_ML_KEM_512                0x00000020
+#define BENCH_ML_KEM_768                0x00000040
+#define BENCH_ML_KEM_1024               0x00000080
+#define BENCH_ML_KEM                    (BENCH_ML_KEM_512 | BENCH_ML_KEM_768 | \
+                                         BENCH_ML_KEM_1024)
 #define BENCH_FALCON_LEVEL1_SIGN        0x00000001
 #define BENCH_FALCON_LEVEL5_SIGN        0x00000002
 #define BENCH_DILITHIUM_LEVEL2_SIGN     0x04000000
@@ -1087,6 +1095,10 @@ static const bench_pq_alg bench_pq_asym_opt[] = {
     { "-kyber512",          BENCH_KYBER512          },
     { "-kyber768",          BENCH_KYBER768          },
     { "-kyber1024",         BENCH_KYBER1024         },
+    { "-ml-kem",            BENCH_ML_KEM            },
+    { "-ml-kem-512",        BENCH_ML_KEM_512        },
+    { "-ml-kem-768",        BENCH_ML_KEM_768        },
+    { "-ml-kem-1024",       BENCH_ML_KEM_1024       },
 #endif
 #if defined(HAVE_FALCON)
     { "-falcon_level1",     BENCH_FALCON_LEVEL1_SIGN },
@@ -1663,18 +1675,6 @@ static const char* bench_result_words3[][5] = {
                                           const char *desc_extra);
 #endif
 
-#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) && \
-        !defined(HAVE_STACK_SIZE)
-#ifdef __cplusplus
-    extern "C" {
-#endif
-    WOLFSSL_API int wolfSSL_Debugging_ON(void);
-    WOLFSSL_API void wolfSSL_Debugging_OFF(void);
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-#endif
-
 #if !defined(WC_NO_RNG) && \
         ((!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) \
         || !defined(NO_DH) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_ECC) \
@@ -1801,7 +1801,7 @@ static const char* bench_result_words2[][5] = {
     {
         WOLF_EVENT_STATE state = asyncDev->event.state;
 
-        if (*ret == WC_PENDING_E) {
+        if (*ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             if (state == WOLF_EVENT_STATE_DONE) {
                 *ret = asyncDev->event.ret;
                 asyncDev->event.state = WOLF_EVENT_STATE_READY;
@@ -1977,7 +1977,9 @@ static int    numBlocks  = NUM_BLOCKS;
 static word32 bench_size = BENCH_SIZE;
 static int base2 = 1;
 static int digest_stream = 1;
+#ifdef HAVE_CHACHA
 static int encrypt_only = 0;
+#endif
 #ifdef HAVE_AES_CBC
 static int cipher_same_buffer = 0;
 #endif
@@ -3168,8 +3170,9 @@ static void* benchmarks_do(void* args)
     #endif
     #if ((defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) || \
          defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
-         defined(HAVE_RENESAS_SYNC)  || defined(WOLFSSL_CAAM)) && \
-        !defined(NO_HW_BENCH)
+         defined(HAVE_RENESAS_SYNC)  || defined(WOLFSSL_CAAM)) || \
+         ((defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \
+         defined(WOLF_CRYPTO_CB)) && !defined(NO_HW_BENCH)
         bench_aes_aad_options_wrap(bench_aesgcm, 1);
     #endif
     #ifndef NO_SW_BENCH
@@ -3672,7 +3675,7 @@ static void* benchmarks_do(void* args)
             #endif
 
                 if (wc_ecc_get_curve_size_from_id(curveId) !=
-                        ECC_BAD_ARG_E) {
+                        WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
                     bench_ecc_curve(curveId);
                     if (csv_format != 1) {
                         printf("\n");
@@ -8434,10 +8437,37 @@ static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz)
 void bench_rsaKeyGen(int useDeviceID)
 {
     int    k;
-#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
-    static const word32  keySizes[2] = {1024, 2048};
+
+#if !defined(RSA_MAX_SIZE) || !defined(RSA_MIN_SIZE)
+    static const word32  keySizes[2] = {1024, 2048 };
+#elif RSA_MAX_SIZE >= 4096
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[4] = {1024, 2048, 3072, 4096 };
+    #else
+        static const word32  keySizes[3] = {2048, 3072, 4096};
+    #endif
+#elif RSA_MAX_SIZE >= 3072
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[3] = {1024, 2048, 3072 };
+    #else
+        static const word32  keySizes[2] = {2048, 3072 };
+    #endif
+#elif RSA_MAX_SIZE >= 2048
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[2] = {1024, 2048 };
+    #else
+        static const word32  keySizes[1] = {2048};
+    #endif
 #else
-    static const word32  keySizes[1] = {2048};
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[1] = {1024 };
+    #else
+        #error No candidate RSA key sizes to benchmark.
+    #endif
 #endif
 
     for (k = 0; k < (int)(sizeof(keySizes)/sizeof(int)); k++) {
@@ -8957,7 +8987,7 @@ void bench_rsa_key(int useDeviceID, word32 rsaKeySz)
 
             /* create the RSA key */
             ret = wc_MakeRsaKey(rsaKey[i], (int)rsaKeySz, exp, &gRng);
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 isPending[i] = 1;
                 pending      = 1;
             }
@@ -9586,7 +9616,7 @@ static int lms_read_key_mem(byte* priv, word32 privSz, void* context)
 }
 static byte lms_priv[HSS_MAX_PRIVATE_KEY_LEN];
 
-static void bench_lms_keygen(int parm, byte* pub)
+static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
 {
     WC_RNG      rng;
     LmsKey      key;
@@ -9698,7 +9728,7 @@ static void bench_lms_keygen(int parm, byte* pub)
     wc_FreeRng(&rng);
 }
 
-static void bench_lms_sign_verify(int parm, byte* pub)
+static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
 {
     LmsKey       key;
     int          ret = 0;
@@ -9762,6 +9792,31 @@ static void bench_lms_sign_verify(int parm, byte* pub)
     case WC_LMS_PARM_L1_H15_W4:
     case WC_LMS_PARM_L2_H10_W8:
     case WC_LMS_PARM_L3_H5_W2:
+    case WC_LMS_PARM_L1_H5_W1:
+    case WC_LMS_PARM_L1_H5_W2:
+    case WC_LMS_PARM_L1_H5_W4:
+    case WC_LMS_PARM_L1_H5_W8:
+    case WC_LMS_PARM_L1_H10_W2:
+    case WC_LMS_PARM_L1_H10_W4:
+    case WC_LMS_PARM_L1_H10_W8:
+    case WC_LMS_PARM_L1_H15_W8:
+    case WC_LMS_PARM_L1_H20_W2:
+    case WC_LMS_PARM_L1_H20_W4:
+    case WC_LMS_PARM_L1_H20_W8:
+    case WC_LMS_PARM_L2_H5_W2:
+    case WC_LMS_PARM_L2_H5_W4:
+    case WC_LMS_PARM_L2_H5_W8:
+    case WC_LMS_PARM_L2_H15_W2:
+    case WC_LMS_PARM_L2_H15_W4:
+    case WC_LMS_PARM_L2_H15_W8:
+    case WC_LMS_PARM_L2_H20_W2:
+    case WC_LMS_PARM_L2_H20_W4:
+    case WC_LMS_PARM_L2_H20_W8:
+    case WC_LMS_PARM_L3_H10_W8:
+    case WC_LMS_PARM_L4_H5_W2:
+    case WC_LMS_PARM_L4_H5_W4:
+    case WC_LMS_PARM_L4_H10_W4:
+    case WC_LMS_PARM_L4_H10_W8:
     default:
         XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN);
         break;
@@ -9853,7 +9908,7 @@ static void bench_lms_sign_verify(int parm, byte* pub)
 
     loaded = 1;
 
-    sig = XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (sig == NULL) {
         printf("bench_lms_sign_verify malloc failed\n");
         goto exit_lms_sign_verify;
@@ -10175,15 +10230,11 @@ static void bench_xmss_sign_verify(const char * params)
     bench_stats_asym_finish(params, (int)sigSz, "verify", 0, count, start, ret);
 
     /* Cleanup everything. */
-    if (sig != NULL) {
-        XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        sig = NULL;
-    }
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    sig = NULL;
 
-    if (sk != NULL) {
-        XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        sk = NULL;
-    }
+    XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    sk = NULL;
 
     if (freeRng) {
         wc_FreeRng(&rng);
@@ -10638,11 +10689,15 @@ void bench_ecc(int useDeviceID, int curveId)
                      BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
 
+#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
     /* old scan-build misfires -Wmaybe-uninitialized on these. */
     XMEMSET(sig, 0, sizeof(sig));
     XMEMSET(digest, 0, sizeof(digest));
-    XMEMSET(shared, 0, sizeof(shared));
+#endif
 
+#ifdef HAVE_ECC_DHE
+    XMEMSET(shared, 0, sizeof(shared));
+#endif
     WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
                      sizeof(ecc_key), HEAP_HINT);
 
@@ -11039,10 +11094,8 @@ void bench_eccEncrypt(int curveId)
         wc_ecc_free(userB);
         XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (msg)
-        XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (out)
-        XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     wc_ecc_free(userB);
     wc_ecc_free(userA);
@@ -12451,11 +12504,9 @@ void bench_sakke(void)
 
 exit:
 
-    if (iTable)
-        XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
-    if (table)
-        XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     WC_FREE_VAR(genKey, HEAP_HINT);
 }
@@ -14207,6 +14258,15 @@ void bench_sphincsKeySign(byte level, byte optim)
         return (double)tv.SECONDS + (double)tv.MILLISECONDS / 1000;
     }
 
+#elif (defined(WOLFSSL_MAX3266X_OLD) || defined(WOLFSSL_MAX3266X)) \
+            && defined(MAX3266X_RTC)
+
+    double current_time(int reset)
+    {
+        (void)reset;
+        return wc_MXC_RTC_Time();
+    }
+
 #elif defined(FREESCALE_KSDK_BM)
 
     double current_time(int reset)
@@ -14696,8 +14756,10 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
 #endif
         else if (string_matches(argv[1], "-dgst_full"))
             digest_stream = 0;
+#ifdef HAVE_CHACHA
         else if (string_matches(argv[1], "-enc_only"))
             encrypt_only = 1;
+#endif
 #ifndef NO_RSA
         else if (string_matches(argv[1], "-rsa_sign"))
             rsa_sign_verify = 1;
diff --git a/wolfcrypt/benchmark/benchmark.h b/wolfcrypt/benchmark/benchmark.h
index b814a94763..5116dbe3dd 100644
--- a/wolfcrypt/benchmark/benchmark.h
+++ b/wolfcrypt/benchmark/benchmark.h
@@ -1,6 +1,6 @@
 /* wolfcrypt/benchmark/benchmark.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 8418fb0799..4c9a8d1811 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -1,6 +1,6 @@
 /* aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -82,6 +82,17 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <wolfssl/wolfcrypt/port/psa/psa.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#ifdef MAX3266X_CB
+    /* Revert back to SW so HW CB works */
+    /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    /* Turn off MAX3266X_AES in the context of this file when using CB */
+    #undef MAX3266X_AES
+#endif
+#endif
+
 #if defined(WOLFSSL_TI_CRYPT)
     #include <wolfcrypt/src/port/ti/ti-aes.c>
 #else
@@ -613,6 +624,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         #define AESNI_ALIGN 16
     #endif
 
+    /* note that all write access to these static variables must be idempotent,
+     * as arranged by Check_CPU_support_AES(), else they will be susceptible to
+     * data races.
+     */
     static int checkedAESNI = 0;
     static int haveAESNI  = 0;
     static word32 intel_flags = 0;
@@ -2201,7 +2216,8 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 }
 
 #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
-    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM))
+    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \
+    !defined(MAX3266X_AES)
 /* Encrypt a number of blocks using AES.
  *
  * @param [in]  aes  AES object.
@@ -2785,6 +2801,12 @@ extern void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz);
 static WARN_UNUSED_RESULT int wc_AesEncrypt(
     Aes* aes, const byte* inBlock, byte* outBlock)
 {
+#if defined(MAX3266X_AES)
+    word32 keySize;
+#endif
+#if defined(MAX3266X_CB)
+    int ret_cb;
+#endif
     word32 r;
 
     if (aes == NULL) {
@@ -2888,6 +2910,26 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
     }
 #endif
 
+#if defined(MAX3266X_AES)
+    if (wc_AesGetKeySize(aes, &keySize) == 0) {
+        return wc_MXC_TPU_AesEncrypt(inBlock, (byte*)aes->reg, (byte*)aes->key,
+                                    MXC_TPU_MODE_ECB, AES_BLOCK_SIZE,
+                                    outBlock, (unsigned int)keySize);
+    }
+#endif
+#ifdef MAX3266X_CB /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock,
+                                            AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AesEncrypt_C(aes, inBlock, outBlock, r);
 
     return 0;
@@ -3168,7 +3210,8 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 }
 
 #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
-    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM))
+    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \
+    !defined(MAX3266X_AES)
 /* Decrypt a number of blocks using AES.
  *
  * @param [in]  aes  AES object.
@@ -3535,6 +3578,12 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 static WARN_UNUSED_RESULT int wc_AesDecrypt(
     Aes* aes, const byte* inBlock, byte* outBlock)
 {
+#if defined(MAX3266X_AES)
+    word32 keySize;
+#endif
+#if defined(MAX3266X_CB)
+    int ret_cb;
+#endif
     word32 r;
 
     if (aes == NULL) {
@@ -3611,6 +3660,27 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
     } /* else !wc_esp32AesSupportedKeyLen for ESP32 */
 #endif
 
+#if defined(MAX3266X_AES)
+    if (wc_AesGetKeySize(aes, &keySize) == 0) {
+        return wc_MXC_TPU_AesDecrypt(inBlock, (byte*)aes->reg, (byte*)aes->key,
+                                    MXC_TPU_MODE_ECB, AES_BLOCK_SIZE,
+                                    outBlock, (unsigned int)keySize);
+    }
+#endif
+
+#ifdef MAX3266X_CB /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock,
+                                            AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AesDecrypt_C(aes, inBlock, outBlock, r);
 
     return 0;
@@ -4099,7 +4169,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
     XMEMCPY(rk, key, keySz);
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
-    (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES))
+    (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) && \
+    !defined(MAX3266X_AES)
     /* Always reverse words when using only SW */
     {
         ByteReverseWords(rk, rk, keySz);
@@ -4246,7 +4317,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
     } /* switch */
     ForceZero(&temp, sizeof(temp));
 
-#if defined(HAVE_AES_DECRYPT)
+#if defined(HAVE_AES_DECRYPT) && !defined(MAX3266X_AES)
     if (dir == AES_DECRYPTION) {
         unsigned int j;
 
@@ -4542,8 +4613,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
 #ifndef WC_AES_BITSLICED
     #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
-        (!defined(WOLFSSL_ESP32_CRYPT) || \
-          defined(NO_WOLFSSL_ESP32_CRYPT_AES))
+        (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) \
+        && !defined(MAX3266X_AES)
 
         /* software */
         ByteReverseWords(aes->key, aes->key, keylen);
@@ -5374,6 +5445,91 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     }
     #endif /* HAVE_AES_DECRYPT */
 
+#elif defined(MAX3266X_AES)
+    int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        word32 keySize;
+        int status;
+        byte *iv;
+
+        if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        /* Always enforce a length check */
+        if (sz % AES_BLOCK_SIZE) {
+        #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+            return BAD_LENGTH_E;
+        #else
+            return BAD_FUNC_ARG;
+        #endif
+        }
+        if (sz == 0) {
+            return 0;
+        }
+
+        iv = (byte*)aes->reg;
+        status = wc_AesGetKeySize(aes, &keySize);
+        if (status != 0) {
+            return status;
+        }
+
+        status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->key,
+                                        MXC_TPU_MODE_CBC, sz, out,
+                                        (unsigned int)keySize);
+        /* store iv for next call */
+        if (status == 0) {
+            XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        }
+        return (status == 0) ? 0 : -1;
+    }
+
+    #ifdef HAVE_AES_DECRYPT
+    int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        word32 keySize;
+        int status;
+        byte *iv;
+        byte temp_block[AES_BLOCK_SIZE];
+
+        if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        /* Always enforce a length check */
+        if (sz % AES_BLOCK_SIZE) {
+        #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+            return BAD_LENGTH_E;
+        #else
+            return BAD_FUNC_ARG;
+        #endif
+        }
+        if (sz == 0) {
+            return 0;
+        }
+
+        iv = (byte*)aes->reg;
+        status = wc_AesGetKeySize(aes, &keySize);
+        if (status != 0) {
+            return status;
+        }
+
+        /* get IV for next call */
+        XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->key,
+                                        MXC_TPU_MODE_CBC, sz, out,
+                                        keySize);
+
+        /* store iv for next call */
+        if (status == 0) {
+            XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
+        }
+        return (status == 0) ? 0 : -1;
+    }
+    #endif /* HAVE_AES_DECRYPT */
+
+
+
 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
 
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
@@ -8308,7 +8464,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     int ret;
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0) {
+    if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 ||
+        ((authTagSz > 0) && (authTag == NULL)) ||
+        ((authInSz > 0) && (authIn == NULL)))
+    {
         return BAD_FUNC_ARG;
     }
 
@@ -8437,8 +8596,8 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
      * in and out are don't cares, as this is is the GMAC case. */
     if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
         authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 ||
-        ivSz == 0) {
-
+        ivSz == 0 || ((authInSz > 0) && (authIn == NULL)))
+    {
         return BAD_FUNC_ARG;
     }
 
@@ -8855,7 +9014,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
     /* now use res as a mask for constant time return of ret, unless tag
      * mismatch, whereupon AES_GCM_AUTH_E is returned.
      */
-    ret = (ret & ~res) | (res & AES_GCM_AUTH_E);
+    ret = (ret & ~res) | (res & WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
 #endif
     return ret;
 }
@@ -11304,10 +11463,8 @@ void wc_AesFree(Aes* aes)
 #endif
 #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \
     !defined(WOLFSSL_AESNI)
-    if (aes->streamData != NULL) {
-        XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES);
-        aes->streamData = NULL;
-    }
+    XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES);
+    aes->streamData = NULL;
 #endif
 
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
@@ -11400,6 +11557,48 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize)
 #elif defined(WOLFSSL_RISCV_ASM)
     /* implemented in wolfcrypt/src/port/riscv/riscv-64-aes.c */
 
+#elif defined(MAX3266X_AES)
+
+int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL))
+        return BAD_FUNC_ARG;
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->key,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+
+#ifdef HAVE_AES_DECRYPT
+int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL))
+        return BAD_FUNC_ARG;
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->key,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_DECRYPT */
+
 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
 
 /* Software AES - ECB */
@@ -12167,8 +12366,7 @@ int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
 
   out:
 #ifdef WOLFSSL_SMALL_STACK
-    if (aes != NULL)
-        XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -12286,8 +12484,7 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
 
   out:
 #ifdef WOLFSSL_SMALL_STACK
-    if (aes)
-        XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -13606,7 +13803,7 @@ int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in,
  * See RFC 5297 Section 2.4.
  */
 static WARN_UNUSED_RESULT int S2V(
-    const byte* key, word32 keySz, const byte* assoc, word32 assocSz,
+    const byte* key, word32 keySz, const AesSivAssoc* assoc, word32 numAssoc,
     const byte* nonce, word32 nonceSz, const byte* data,
     word32 dataSz, byte* out)
 {
@@ -13620,6 +13817,8 @@ static WARN_UNUSED_RESULT int S2V(
 #endif
     word32 macSz = AES_BLOCK_SIZE;
     int ret = 0;
+    byte tmpi = 0;
+    word32 ai;
     word32 zeroBytes;
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -13632,32 +13831,48 @@ static WARN_UNUSED_RESULT int S2V(
     }
     if (ret == 0)
 #endif
-    {
+
+    if ((numAssoc > 126) || ((nonceSz > 0) && (numAssoc > 125))) {
+        /* See RFC 5297 Section 7. */
+        WOLFSSL_MSG("Maximum number of ADs (including the nonce) for AES SIV is"
+                    " 126.");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
         XMEMSET(tmp[1], 0, AES_BLOCK_SIZE);
         XMEMSET(tmp[2], 0, AES_BLOCK_SIZE);
 
         ret = wc_AesCmacGenerate(tmp[0], &macSz, tmp[1], AES_BLOCK_SIZE,
                                  key, keySz);
-        if (ret == 0) {
-            ShiftAndXorRb(tmp[1], tmp[0]);
-            ret = wc_AesCmacGenerate(tmp[0], &macSz, assoc, assocSz, key,
-                                     keySz);
-            if (ret == 0) {
-                xorbuf(tmp[1], tmp[0], AES_BLOCK_SIZE);
-            }
-        }
     }
 
     if (ret == 0) {
-        if (nonceSz > 0) {
-            ShiftAndXorRb(tmp[0], tmp[1]);
-            ret = wc_AesCmacGenerate(tmp[1], &macSz, nonce, nonceSz, key,
-                                     keySz);
+        /* Loop over authenticated associated data AD1..ADn */
+        for (ai = 0; ai < numAssoc; ++ai) {
+            ShiftAndXorRb(tmp[1-tmpi], tmp[tmpi]);
+            ret = wc_AesCmacGenerate(tmp[tmpi], &macSz, assoc[ai].assoc,
+                                     assoc[ai].assocSz, key, keySz);
+            if (ret != 0)
+                break;
+            xorbuf(tmp[1-tmpi], tmp[tmpi], AES_BLOCK_SIZE);
+            tmpi = 1 - tmpi;
+        }
+
+        /* Add nonce as final AD. See RFC 5297 Section 3. */
+        if ((ret == 0) && (nonceSz > 0)) {
+            ShiftAndXorRb(tmp[1-tmpi], tmp[tmpi]);
+            ret = wc_AesCmacGenerate(tmp[tmpi], &macSz, nonce,
+                                     nonceSz, key, keySz);
             if (ret == 0) {
-                xorbuf(tmp[0], tmp[1], AES_BLOCK_SIZE);
+                xorbuf(tmp[1-tmpi], tmp[tmpi], AES_BLOCK_SIZE);
             }
+            tmpi = 1 - tmpi;
         }
-        else {
+
+        /* For simplicity of the remaining code, make sure the "final" result
+           is always in tmp[0]. */
+        if (tmpi == 1) {
             XMEMCPY(tmp[0], tmp[1], AES_BLOCK_SIZE);
         }
     }
@@ -13693,9 +13908,7 @@ static WARN_UNUSED_RESULT int S2V(
                 }
             }
         #ifdef WOLFSSL_SMALL_STACK
-            if (cmac != NULL) {
-                XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
-            }
+            XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
         #elif defined(WOLFSSL_CHECK_MEM_ZERO)
             wc_MemZero_Check(cmac, sizeof(Cmac));
         #endif
@@ -13726,8 +13939,8 @@ static WARN_UNUSED_RESULT int S2V(
 }
 
 static WARN_UNUSED_RESULT int AesSivCipher(
-    const byte* key, word32 keySz, const byte* assoc,
-    word32 assocSz, const byte* nonce, word32 nonceSz,
+    const byte* key, word32 keySz, const AesSivAssoc* assoc,
+    word32 numAssoc, const byte* nonce, word32 nonceSz,
     const byte* data, word32 dataSz, byte* siv, byte* out,
     int enc)
 {
@@ -13751,7 +13964,7 @@ static WARN_UNUSED_RESULT int AesSivCipher(
 
     if (ret == 0) {
         if (enc == 1) {
-            ret = S2V(key, keySz / 2, assoc, assocSz, nonce, nonceSz, data,
+            ret = S2V(key, keySz / 2, assoc, numAssoc, nonce, nonceSz, data,
                       dataSz, sivTmp);
             if (ret != 0) {
                 WOLFSSL_MSG("S2V failed.");
@@ -13798,7 +14011,7 @@ static WARN_UNUSED_RESULT int AesSivCipher(
     }
 
     if (ret == 0 && enc == 0) {
-        ret = S2V(key, keySz / 2, assoc, assocSz, nonce, nonceSz, out, dataSz,
+        ret = S2V(key, keySz / 2, assoc, numAssoc, nonce, nonceSz, out, dataSz,
                   sivTmp);
         if (ret != 0) {
             WOLFSSL_MSG("S2V failed.");
@@ -13825,7 +14038,10 @@ int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
                      const byte* in, word32 inSz, byte* siv, byte* out)
 {
-    return AesSivCipher(key, keySz, assoc, assocSz, nonce, nonceSz, in, inSz,
+    AesSivAssoc ad;
+    ad.assoc = assoc;
+    ad.assocSz = assocSz;
+    return AesSivCipher(key, keySz, &ad, 1U, nonce, nonceSz, in, inSz,
                         siv, out, 1);
 }
 
@@ -13836,7 +14052,32 @@ int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
                      const byte* in, word32 inSz, byte* siv, byte* out)
 {
-    return AesSivCipher(key, keySz, assoc, assocSz, nonce, nonceSz, in, inSz,
+    AesSivAssoc ad;
+    ad.assoc = assoc;
+    ad.assocSz = assocSz;
+    return AesSivCipher(key, keySz, &ad, 1U, nonce, nonceSz, in, inSz,
+                        siv, out, 0);
+}
+
+/*
+ * See RFC 5297 Section 2.6.
+ */
+int wc_AesSivEncrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out)
+{
+    return AesSivCipher(key, keySz, assoc, numAssoc, nonce, nonceSz, in, inSz,
+                        siv, out, 1);
+}
+
+/*
+ * See RFC 5297 Section 2.7.
+ */
+int wc_AesSivDecrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out)
+{
+    return AesSivCipher(key, keySz, assoc, numAssoc, nonce, nonceSz, in, inSz,
                         siv, out, 0);
 }
 
diff --git a/wolfcrypt/src/aes_asm.S b/wolfcrypt/src/aes_asm.S
index f961a7975f..c8d3ca703f 100644
--- a/wolfcrypt/src/aes_asm.S
+++ b/wolfcrypt/src/aes_asm.S
@@ -1,6 +1,6 @@
 /* aes_asm.S
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/aes_asm.asm b/wolfcrypt/src/aes_asm.asm
index ef4e4b9cf2..c0cb58c636 100644
--- a/wolfcrypt/src/aes_asm.asm
+++ b/wolfcrypt/src/aes_asm.asm
@@ -1,6 +1,6 @@
 ; /* aes_asm.asm
 ;  *
-;  * Copyright (C) 2006-2023 wolfSSL Inc.
+; * Copyright (C) 2006-2024 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
diff --git a/wolfcrypt/src/aes_gcm_asm.S b/wolfcrypt/src/aes_gcm_asm.S
index 4175888f12..156354c406 100644
--- a/wolfcrypt/src/aes_gcm_asm.S
+++ b/wolfcrypt/src/aes_gcm_asm.S
@@ -1,6 +1,6 @@
 /* aes_gcm_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/aes_gcm_x86_asm.S b/wolfcrypt/src/aes_gcm_x86_asm.S
index 0559a206dd..8a384996ee 100644
--- a/wolfcrypt/src/aes_gcm_x86_asm.S
+++ b/wolfcrypt/src/aes_gcm_x86_asm.S
@@ -1,6 +1,6 @@
 /* aes_gcm_x86_asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/arc4.c b/wolfcrypt/src/arc4.c
index af298a0d2d..649d52fa3c 100644
--- a/wolfcrypt/src/arc4.c
+++ b/wolfcrypt/src/arc4.c
@@ -1,6 +1,6 @@
 /* arc4.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c
index c735ebfe48..2096ae90d0 100644
--- a/wolfcrypt/src/asm.c
+++ b/wolfcrypt/src/asm.c
@@ -1,6 +1,6 @@
 /* asm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -529,6 +529,27 @@ __asm__(                           \
 #define LOOP_START \
    mu = c[x] * mp
 
+#ifdef __APPLE__
+
+#define INNERMUL                     \
+__asm__(                             \
+   " mullw    r16,%3,%4       \n\t"  \
+   " mulhwu   r17,%3,%4       \n\t"  \
+   " addc     r16,r16,%2      \n\t"  \
+   " addze    r17,r17         \n\t"  \
+   " addc     %1,r16,%5       \n\t"  \
+   " addze    %0,r17          \n\t"  \
+:"=r"(cy),"=r"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"r16", "r17", "cc"); ++tmpm;
+
+#define PROPCARRY                    \
+__asm__(                             \
+   " addc     %1,%3,%2      \n\t"    \
+   " xor      %0,%2,%2      \n\t"    \
+   " addze    %0,%2         \n\t"    \
+:"=r"(cy),"=r"(_c[0]):"0"(cy),"1"(_c[0]):"cc");
+
+#else
+
 #define INNERMUL                     \
 __asm__(                             \
    " mullw    16,%3,%4       \n\t"   \
@@ -546,6 +567,8 @@ __asm__(                             \
    " addze    %0,%2         \n\t"    \
 :"=r"(cy),"=r"(_c[0]):"0"(cy),"1"(_c[0]):"cc");
 
+#endif
+
 #elif defined(TFM_PPC64)
 
 /* PPC64 */
@@ -555,6 +578,8 @@ __asm__(                             \
 #define LOOP_START \
    mu = c[x] * mp
 
+#ifdef __APPLE__
+
 #define INNERMUL                      \
 __asm__(                              \
    " mulld    r16,%3,%4       \n\t"   \
@@ -576,6 +601,31 @@ __asm__(                              \
    " addze    %0,%0          \n\t"    \
 :"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r16","cc");
 
+#else
+
+#define INNERMUL                     \
+__asm__(                             \
+   " mulld    16,%3,%4       \n\t"   \
+   " mulhdu   17,%3,%4       \n\t"   \
+   " addc     16,16,%0       \n\t"   \
+   " addze    17,17          \n\t"   \
+   " ldx      18,0,%1        \n\t"   \
+   " addc     16,16,18       \n\t"   \
+   " addze    %0,17          \n\t"   \
+   " sdx      16,0,%1        \n\t"   \
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","cc"); ++tmpm;
+
+#define PROPCARRY                    \
+__asm__(                             \
+   " ldx      16,0,%1       \n\t"    \
+   " addc     16,16,%0      \n\t"    \
+   " sdx      16,0,%1       \n\t"    \
+   " xor      %0,%0,%0      \n\t"    \
+   " addze    %0,%0         \n\t"    \
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"16","cc");
+
+#endif
+
 /******************************************************************/
 
 #elif defined(TFM_AVR32)
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 29efc64dae..bea4c89d0e 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1,6 +1,6 @@
 /* asn.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -56,6 +56,8 @@ ASN Options:
  * WOLFSSL_CERT_GEN: Cert generation. Saves extra certificate info in GetName.
  * WOLFSSL_NO_ASN_STRICT: Disable strict RFC compliance checks to
     restore 3.13.0 behavior.
+ * WOLFSSL_ASN_ALLOW_0_SERIAL: Even if WOLFSSL_NO_ASN_STRICT is not defined,
+    allow a length=1, but zero value serial numnber.
  * WOLFSSL_NO_OCSP_OPTIONAL_CERTS: Skip optional OCSP certs (responder issuer
     must still be trusted)
  * WOLFSSL_NO_TRUSTED_CERTS_VERIFY: Workaround for situation where entire cert
@@ -100,6 +102,9 @@ ASN Options:
  *  which is discouraged by X.690 specification - default values shall not
  *  be encoded.
  * NO_TIME_SIGNEDNESS_CHECK: Disabled the time_t signedness check.
+ * WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED: Allows the ECDSA/EdDSA signature
+ *  algorithms in certificates to have NULL parameter instead of empty.
+ *  DO NOT enable this unless required for interoperability.
 */
 
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -1092,7 +1097,7 @@ static int GetASN_Integer(const byte* input, word32 idx, int length,
  * @return  0 on success.
  * @return  ASN_PARSE_E when unused bits is invalid.
  */
-static int GetASN_BitString(const byte* input, word32 idx, int length)
+int GetASN_BitString(const byte* input, word32 idx, int length)
 {
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
@@ -1210,7 +1215,7 @@ static int GetASN_ObjectId(const byte* input, word32 idx, int length)
     /* Last octet of a sub-identifier has bit 8 clear. Last octet must be last
      * of a subidentifier. Ensure last octet hasn't got top bit set.
      */
-    else if ((input[(int)idx + length - 1] & 0x80) != 0x00) {
+    else if ((input[(int)idx + length - 1] & 0x80) == 0x80) {
         WOLFSSL_MSG("OID last octet has top bit set");
         ret = ASN_PARSE_E;
     }
@@ -1498,6 +1503,8 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
     int    minDepth;
     /* Integer had a zero prepended. */
     int    zeroPadded;
+    word32 tmpW32Val;
+    signed char tmpScharVal;
 
 #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
     WOLFSSL_ENTER("GetASN_Items");
@@ -1536,14 +1543,18 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
         /* Check if first of numbered choice. */
         if (choice == 0 && asn[i].optional > 1) {
             choice = asn[i].optional;
-            if (choiceMet[choice - 2] == -1) {
+            tmpScharVal = choiceMet[choice - 2];
+            XFENCE(); /* Prevent memory access */
+            if (tmpScharVal == -1) {
                 /* Choice seen but not found a match yet. */
                 choiceMet[choice - 2] = 0;
             }
         }
 
         /* Check for end of data or not a choice and tag not matching. */
-        if (idx == endIdx[depth] || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
+        tmpW32Val = endIdx[depth];
+        XFENCE(); /* Prevent memory access */
+        if (idx == tmpW32Val || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
                               (input[idx] & ~ASN_CONSTRUCTED) != asn[i].tag)) {
             if (asn[i].optional) {
                 /* Skip over ASN.1 items underneath this optional item. */
@@ -1611,6 +1622,7 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
 
         /* Store found tag in data. */
         data[i].tag = input[idx];
+        XFENCE(); /* Prevent memory access */
         if (data[i].dataType != ASN_DATA_TYPE_CHOICE) {
             int constructed = (input[idx] & ASN_CONSTRUCTED) == ASN_CONSTRUCTED;
             /* Check constructed match expected for non-choice ASN.1 item. */
@@ -2430,6 +2442,19 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx,
     if ((ret == 0) && (GetLength_ex(input, &idx, &length, maxIdx, check) < 0)) {
         ret = ASN_PARSE_E;
     }
+    if (ret == 0 && tag == ASN_OBJECT_ID) {
+        if (length < 3) {
+            /* OID data must be at least 3 bytes. */
+            WOLFSSL_MSG("OID length less than 3");
+            ret = ASN_PARSE_E;
+        }
+        else if ((input[(int)idx + length - 1] & 0x80) == 0x80) {
+            /* Last octet of a sub-identifier has bit 8 clear. Last octet must be
+            * last of a subidentifier. Ensure last octet hasn't got top bit set. */
+            WOLFSSL_MSG("OID last octet has top bit set");
+            ret = ASN_PARSE_E;
+        }
+    }
     if (ret == 0) {
         /* Return the length of data and index after header. */
         *len      = length;
@@ -2458,7 +2483,7 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx,
  * @return  BUFFER_E when there is not enough data to parse.
  * @return  ASN_PARSE_E when the expected tag is not found or length is invalid.
  */
-static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
+int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
                         word32 maxIdx)
 {
     return GetASNHeader_ex(input, tag, inOutIdx, len, maxIdx, 1);
@@ -2691,14 +2716,15 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len,
         return ret;
 
     if (*len > 0) {
-
 #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
         /* check for invalid padding on negative integer.
          * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1
          */
         if (*len > 1) {
-            if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80))
-                return ASN_PARSE_E;
+            if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80)) {
+                WOLFSSL_MSG("Bad INTEGER encoding of negative");
+                return ASN_EXPECT_0_E;
+            }
         }
 #endif
 
@@ -2708,8 +2734,10 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len,
             (*len)--;
 
 #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
-            if (*len > 0 && (input[*inOutIdx] & 0x80) == 0)
-                return ASN_PARSE_E;
+            if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) {
+                WOLFSSL_MSG("INTEGER is negative");
+                return ASN_EXPECT_0_E;
+            }
 #endif
         }
     }
@@ -3474,7 +3502,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len,
     }
 
     b = input[idx];
-    if (zeroBits && b != 0x00)
+    if (zeroBits && (b != 0x00))
         return ASN_EXPECT_0_E;
     if (b >= 0x08)
         return ASN_PARSE_E;
@@ -3637,14 +3665,14 @@ int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outS
     }
     else {
         *outSz = outIdx;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 }
 
 
 /* Convert BER to DER */
 
-/* Pull informtation from the ASN.1 BER encoded item header */
+/* Pull information from the ASN.1 BER encoded item header */
 static int GetBerHeader(const byte* data, word32* idx, word32 maxIdx,
                         byte* pTag, word32* pLen, int* indef)
 {
@@ -4005,13 +4033,11 @@ int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz)
     /* Return the length of the DER encoded ASN.1 */
     *derSz = j;
     if (der == NULL) {
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 end:
 #ifdef WOLFSSL_SMALL_STACK
-    if (indefItems != NULL) {
-        XFREE(indefItems, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(indefItems, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return ret;
 }
@@ -5626,7 +5652,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
     }
 
     /* compute length of encoded OID */
-    d = (in[0] * 40) + in[1];
+    d = ((word32)in[0] * 40) + in[1];
     len = 0;
     for (i = 1; i < (int)inSz; i++) {
         x = 0;
@@ -5649,7 +5675,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
         }
 
         /* calc first byte */
-        d = (in[0] * 40) + in[1];
+        d = ((word32)in[0] * 40) + in[1];
 
         /* encode bytes */
         x = 0;
@@ -5684,14 +5710,13 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
     }
 
     /* return length */
-    *outSz = len;
+    *outSz = (word32)len;
 
     return 0;
 }
 #endif /* HAVE_OID_ENCODING */
 
-#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \
-    defined(OPENSSL_ALL)
+#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT)
 /* Encode dotted form of OID into byte array version.
  *
  * @param [in]      in     Byte array containing OID.
@@ -5738,7 +5763,7 @@ int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz)
 
     return 0;
 }
-#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT || OPENSSL_ALL */
+#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT */
 
 /* Decode the header of a BER/DER encoded OBJECT ID.
  *
@@ -6048,22 +6073,8 @@ enum {
 #define algoIdASN_Length (sizeof(algoIdASN) / sizeof(ASNItem))
 #endif
 
-/* Get the OID id/sum from the BER encoding of an algorithm identifier.
- *
- * NULL tag is skipped if present.
- *
- * @param [in]      input     Buffer holding BER encoded data.
- * @param [in, out] inOutIdx  On in, start of algorithm identifier.
- *                            On out, start of ASN.1 item after algorithm id.
- * @param [out]     oid       Id of OID in algorithm identifier data.
- * @param [in]      oidType   Type of OID to expect.
- * @param [in]      maxIdx    Maximum index of data in buffer.
- * @return  0 on success.
- * @return  ASN_PARSE_E when encoding is invalid.
- * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
-int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
-                     word32 oidType, word32 maxIdx)
+static int GetAlgoIdImpl(const byte* input, word32* inOutIdx, word32* oid,
+                     word32 oidType, word32 maxIdx, byte *absentParams)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     int    length;
@@ -6089,6 +6100,10 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
                 ret = GetASNNull(input, &idx, maxIdx);
                 if (ret != 0)
                     return ret;
+
+                if (absentParams != NULL) {
+                    *absentParams = FALSE;
+                }
             }
         }
     }
@@ -6113,6 +6128,11 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
     if (ret == 0) {
         /* Return the OID id/sum. */
         *oid = dataASN[ALGOIDASN_IDX_OID].data.oid.sum;
+
+        if ((absentParams != NULL) &&
+            (dataASN[ALGOIDASN_IDX_NULL].tag == ASN_TAG_NULL)) {
+            *absentParams = FALSE;
+        }
     }
 
     FREE_ASNGETDATA(dataASN, NULL);
@@ -6120,6 +6140,37 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
+/* Get the OID id/sum from the BER encoding of an algorithm identifier.
+ *
+ * NULL tag is skipped if present.
+ *
+ * @param [in]      input     Buffer holding BER encoded data.
+ * @param [in, out] inOutIdx  On in, start of algorithm identifier.
+ *                            On out, start of ASN.1 item after algorithm id.
+ * @param [out]     oid       Id of OID in algorithm identifier data.
+ * @param [in]      oidType   Type of OID to expect.
+ * @param [in]      maxIdx    Maximum index of data in buffer.
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when encoding is invalid.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ */
+int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
+                     word32 oidType, word32 maxIdx)
+{
+    return GetAlgoIdImpl(input, inOutIdx, oid, oidType, maxIdx, NULL);
+}
+
+int GetAlgoIdEx(const byte* input, word32* inOutIdx, word32* oid,
+                     word32 oidType, word32 maxIdx, byte *absentParams)
+{
+    /* Assume absent until proven otherwise */
+    if (absentParams != NULL) {
+        *absentParams = TRUE;
+    }
+
+    return GetAlgoIdImpl(input, inOutIdx, oid, oidType, maxIdx, absentParams);
+}
+
 #ifndef NO_RSA
 
 #ifdef WC_RSA_PSS
@@ -6211,7 +6262,8 @@ static int RsaPssHashOidToMgf1(word32 oid, int* mgf)
     return ret;
 }
 
-#ifndef NO_CERTS
+#if !defined(NO_CERTS) && !defined(NO_ASN_CRYPT)
+
 /* Convert a hash OID to a fake signature OID.
  *
  * @param  [in]   oid     Hash OID.
@@ -6262,7 +6314,7 @@ static int RsaPssHashOidToSigOid(word32 oid, word32* sigOid)
 #endif
 
 #ifdef WOLFSSL_ASN_TEMPLATE
-/* ASN tag for hashAlgorigthm. */
+/* ASN tag for hashAlgorithm. */
 #define ASN_TAG_RSA_PSS_HASH        (ASN_CONTEXT_SPECIFIC | 0)
 /* ASN tag for maskGenAlgorithm. */
 #define ASN_TAG_RSA_PSS_MGF         (ASN_CONTEXT_SPECIFIC | 1)
@@ -6310,7 +6362,7 @@ enum {
 /* Number of items in ASN.1 template for an algorithm identifier. */
 #define rsaPssParamsASN_Length (sizeof(rsaPssParamsASN) / sizeof(ASNItem))
 #else
-/* ASN tag for hashAlgorigthm. */
+/* ASN tag for hashAlgorithm. */
 #define ASN_TAG_RSA_PSS_HASH        (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)
 /* ASN tag for maskGenAlgorithm. */
 #define ASN_TAG_RSA_PSS_MGF         (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)
@@ -6830,8 +6882,9 @@ static const ASNItem pkcs8KeyASN[] = {
 /*  PKEY_ALGO_PARAM_SEQ */            { 2, ASN_SEQUENCE, 1, 0, 1 },
 #endif
 /*  PKEY_DATA           */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
-                /* attributes            [0] Attributes OPTIONAL */
-                /* [[2: publicKey        [1] PublicKey OPTIONAL ]] */
+/*  OPTIONAL Attributes IMPLICIT [0] */
+                                  { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 1 },
+/* [[2: publicKey        [1] PublicKey OPTIONAL ]] */
 };
 enum {
     PKCS8KEYASN_IDX_SEQ = 0,
@@ -6844,6 +6897,7 @@ enum {
     PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ,
 #endif
     PKCS8KEYASN_IDX_PKEY_DATA,
+    PKCS8KEYASN_IDX_PKEY_ATTRIBUTES,
     WOLF_ENUM_DUMMY_LAST_ELEMENT(PKCS8KEYASN_IDX)
 };
 
@@ -6858,6 +6912,7 @@ enum {
  *                             On out, start of encoded key.
  * @param [in]       sz        Size of data in buffer.
  * @param [out]      algId     Key's algorithm id from PKCS #8 header.
+ * @param [out]      eccOid    ECC curve OID.
  * @return  Length of key data on success.
  * @return  BAD_FUNC_ARG when input or inOutIdx is NULL.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
@@ -6867,8 +6922,8 @@ enum {
  * @return  ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
  *          non-zero length.
  */
-int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
-                           word32* algId)
+int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
+                            word32* algId, word32* eccOid)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 idx;
@@ -6918,8 +6973,14 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
 #endif /* WC_RSA_PSS && !NO_RSA */
 
     if (tag == ASN_OBJECT_ID) {
-        if (SkipObjectId(input, &idx, sz) < 0)
-            return ASN_PARSE_E;
+        if ((*algId == ECDSAk) && (eccOid != NULL)) {
+            if (GetObjectId(input, &idx, eccOid, oidCurveType, sz) < 0)
+                return ASN_PARSE_E;
+        }
+        else {
+            if (SkipObjectId(input, &idx, sz) < 0)
+                return ASN_PARSE_E;
+        }
     }
 
     ret = GetOctetString(input, &idx, &length, sz);
@@ -6940,6 +7001,8 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
     byte version = 0;
     word32 idx;
 
+    (void)eccOid;
+
     /* Check validity of parameters. */
     if (input == NULL || inOutIdx == NULL) {
         return BAD_FUNC_ARG;
@@ -7013,6 +7076,11 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
                 if (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) {
                     ret = ASN_PARSE_E;
                 }
+                if (eccOid != NULL) {
+                    ASNGetData* oidCurve =
+                        &dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE];
+                    *eccOid = oidCurve->data.oid.sum;
+                }
                 break;
         #endif
         #ifdef HAVE_ED25519
@@ -7072,6 +7140,29 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
 #endif
 }
 
+/* Remove PKCS #8 header around an RSA, ECDSA, Ed25519, or Ed448.
+ *
+ * @param [in]       input     Buffer holding BER data.
+ * @param [in, out]  inOutIdx  On in, start of PKCS #8 encoding.
+ *                             On out, start of encoded key.
+ * @param [in]       sz        Size of data in buffer.
+ * @param [out]      algId     Key's algorithm id from PKCS #8 header.
+ * @return  Length of key data on success.
+ * @return  BAD_FUNC_ARG when input or inOutIdx is NULL.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
+ * @return  ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
+ *          non-zero length.
+ */
+int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
+                           word32* algId)
+{
+    return ToTraditionalInline_ex2(input, inOutIdx, sz, algId, NULL);
+}
+
+
 /* TODO: test case  */
 int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz)
 {
@@ -7147,7 +7238,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
 
         WOLFSSL_MSG("Checking size of PKCS8");
 
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     WOLFSSL_ENTER("wc_CreatePKCS8Key");
@@ -7217,7 +7308,9 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
     *outSz = tmpSz + sz;
     return (int)(tmpSz + sz);
 #else
-    DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length);
+    /* pkcs8KeyASN_Length-1, the -1 is because we are not adding the optional
+     * set of attributes */
+    DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1);
     int sz = 0;
     int ret = 0;
     word32 keyIdx = 0;
@@ -7238,7 +7331,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
         ret = ASN_PARSE_E;
     }
 
-    CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length, ret, NULL);
+    CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL);
 
     if (ret == 0) {
         /* Only support default PKCS #8 format - v0. */
@@ -7264,7 +7357,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
         SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_DATA], key, keySz);
 
         /* Get the size of the DER encoding. */
-        ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, &sz);
+        ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, &sz);
     }
     if (ret == 0) {
         /* Always return the calculated size. */
@@ -7273,11 +7366,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
     /* Check for buffer to encoded into. */
     if ((ret == 0) && (out == NULL)) {
         WOLFSSL_MSG("Checking size of PKCS8");
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (ret == 0) {
         /*  Encode PKCS #8 key into buffer. */
-        SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, out);
+        SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, out);
         ret = sz;
     }
 
@@ -8480,7 +8573,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
         if (out == NULL) {
             /* Sequence tag, length */
             *outSz = 1 + SetLength(outerLen, NULL) + outerLen;
-            return LENGTH_ONLY_E;
+            return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         SetOctetString(keySz + padSz, out);
 
@@ -8563,9 +8656,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (saltTmp != NULL) {
-        XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     WOLFSSL_LEAVE("wc_EncryptPKCS8Key", ret);
@@ -9065,7 +9156,7 @@ static const ASNItem p8EncPbes1ASN[] = {
 /* ENCALGO_PBEPARAM_SALT */             { 3, ASN_OCTET_STRING, 0, 0, 0 },
                         /* Iteration Count */
 /* ENCALGO_PBEPARAM_ITER */             { 3, ASN_INTEGER, 0, 0, 0 },
-/* ENCDATA               */     { 1, ASN_OCTET_STRING, 0, 0, 0 },
+/* ENCDATA               */     { 1, (ASN_CONTEXT_SPECIFIC | 0), 0, 0, 0 },
 };
 enum {
     P8ENCPBES1ASN_IDX_SEQ = 0,
@@ -9124,7 +9215,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
     word32 seqSz;
     word32 innerSz;
     int    ret;
-    int    version, id, blockSz = 0;
+    int    version, id = PBE_NONE, blockSz = 0;
 #ifdef WOLFSSL_SMALL_STACK
     byte*  saltTmp = NULL;
     byte*  cbcIv   = NULL;
@@ -9196,7 +9287,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 
     if (out == NULL) {
         *outSz = totalSz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     inOutIdx = 0;
@@ -9352,7 +9443,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
     /* Return size when no output buffer. */
     if ((ret == 0) && (out == NULL)) {
         *outSz = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check output buffer is big enough for encoded data. */
     if ((ret == 0) && (sz > (int)*outSz)) {
@@ -9399,6 +9490,42 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 #endif /* NO_PWDBASED */
 
 #ifndef NO_RSA
+#ifdef WOLFSSL_ASN_TEMPLATE
+/* ASN.1 template for an RSA public key.
+ * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
+ * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
+ */
+static const ASNItem rsaPublicKeyASN[] = {
+/*  SEQ            */ { 0, ASN_SEQUENCE, 1, 1, 0 },
+/*  ALGOID_SEQ     */     { 1, ASN_SEQUENCE, 1, 1, 0 },
+/*  ALGOID_OID     */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
+/*  ALGOID_NULL    */         { 2, ASN_TAG_NULL, 0, 0, 1 },
+#ifdef WC_RSA_PSS
+/*  ALGOID_P_SEQ   */         { 2, ASN_SEQUENCE, 1, 0, 1 },
+#endif
+/*  PUBKEY         */     { 1, ASN_BIT_STRING, 0, 1, 0 },
+                                                  /* RSAPublicKey */
+/*  PUBKEY_RSA_SEQ */         { 2, ASN_SEQUENCE, 1, 1, 0 },
+/*  PUBKEY_RSA_N   */             { 3, ASN_INTEGER, 0, 0, 0 },
+/*  PUBKEY_RSA_E   */             { 3, ASN_INTEGER, 0, 0, 0 },
+};
+enum {
+    RSAPUBLICKEYASN_IDX_SEQ = 0,
+    RSAPUBLICKEYASN_IDX_ALGOID_SEQ,
+    RSAPUBLICKEYASN_IDX_ALGOID_OID,
+    RSAPUBLICKEYASN_IDX_ALGOID_NULL,
+#ifdef WC_RSA_PSS
+    RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ,
+#endif
+    RSAPUBLICKEYASN_IDX_PUBKEY,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E
+};
+
+/* Number of items in ASN.1 template for an RSA public key. */
+#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem))
+#endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
 /* This function is to retrieve key position information in a cert.*
@@ -9409,9 +9536,10 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
                                       word32* key_n_len, word32* key_e,
                                       word32* key_e_len)
 {
-
+#ifndef WOLFSSL_ASN_TEMPLATE
     int ret = 0;
     int length = 0;
+
 #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
     byte b;
 #endif
@@ -9474,48 +9602,31 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
     }
     if (key_e_len)
         *key_e_len = length;
-
     return ret;
-}
-#endif /* WOLFSSL_RENESAS_TSIP */
-
-#ifdef WOLFSSL_ASN_TEMPLATE
-/* ASN.1 template for an RSA public key.
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
- */
-static const ASNItem rsaPublicKeyASN[] = {
-/*  SEQ            */ { 0, ASN_SEQUENCE, 1, 1, 0 },
-/*  ALGOID_SEQ     */     { 1, ASN_SEQUENCE, 1, 1, 0 },
-/*  ALGOID_OID     */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
-/*  ALGOID_NULL    */         { 2, ASN_TAG_NULL, 0, 0, 1 },
-#ifdef WC_RSA_PSS
-/*  ALGOID_P_SEQ   */         { 2, ASN_SEQUENCE, 1, 0, 1 },
-#endif
-/*  PUBKEY         */     { 1, ASN_BIT_STRING, 0, 1, 0 },
-                                                  /* RSAPublicKey */
-/*  PUBKEY_RSA_SEQ */         { 2, ASN_SEQUENCE, 1, 1, 0 },
-/*  PUBKEY_RSA_N   */             { 3, ASN_INTEGER, 0, 0, 0 },
-/*  PUBKEY_RSA_E   */             { 3, ASN_INTEGER, 0, 0, 0 },
-};
-enum {
-    RSAPUBLICKEYASN_IDX_SEQ = 0,
-    RSAPUBLICKEYASN_IDX_ALGOID_SEQ,
-    RSAPUBLICKEYASN_IDX_ALGOID_OID,
-    RSAPUBLICKEYASN_IDX_ALGOID_NULL,
-#ifdef WC_RSA_PSS
-    RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ,
-#endif
-    RSAPUBLICKEYASN_IDX_PUBKEY,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E
-};
+#else
+    int ret = 0;
+    const byte*  n   = NULL;
+    const byte*  e   = NULL; /* pointer to modulus/exponent */
+    word32 rawIndex = 0;
 
-/* Number of items in ASN.1 template for an RSA public key. */
-#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem))
+    ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, (word32)inSz,
+                                                &n, key_n_len, &e, key_e_len);
+    if (ret == 0) {
+        /* convert pointer to offset */
+        if (key_n != NULL) {
+            rawIndex = n - input;
+            *key_n += rawIndex;
+        }
+        if (key_e != NULL) {
+            rawIndex = e - input;
+            *key_e += rawIndex;
+        }
+    }
+    return ret;
 #endif
 
+}
+#endif /* WOLFSSL_RENESAS_TSIP */
 /* Decode RSA public key.
  *
  * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
@@ -10127,7 +10238,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv)
     /* if no output, then just getting size */
     if (output == NULL) {
         *outSz = total;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* make sure output fits in buffer */
@@ -10202,7 +10313,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv)
     ret = SizeASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, &sz);
     if (output == NULL) {
         *outSz = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check buffer is big enough for encoding. */
     if ((ret == 0) && ((int)*outSz < sz)) {
@@ -10266,7 +10377,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz)
 
     if (output == NULL) {
         *outSz = idx;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* make sure output fits in buffer */
     if (idx > *outSz) {
@@ -10314,7 +10425,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz)
     }
     if ((ret == 0) && (output == NULL)) {
         *outSz = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check buffer is big enough for encoding. */
     if ((ret == 0) && (*outSz < (word32)sz)) {
@@ -11165,7 +11276,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen,
     *inLen = outLen;
     if (output == NULL) {
         FreeTmpDsas(tmps, key->heap, ints);
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (outLen > *inLen) {
         FreeTmpDsas(tmps, key->heap, ints);
@@ -11227,7 +11338,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen,
     }
     if ((ret == 0) && (output == NULL)) {
         *inLen = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check buffer is big enough for encoding. */
     if ((ret == 0) && (sz > (int)*inLen)) {
@@ -11278,7 +11389,7 @@ int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen)
 }
 
 /* This version of the function allows output to be NULL. In that case, the
-   DsaKeyIntsToDer will return LENGTH_ONLY_E and the required output buffer
+   DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required output buffer
    size will be pointed to by inLen. */
 int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen)
 {
@@ -11374,10 +11485,10 @@ void FreeAltNames(DNS_entry* altNames, void* heap)
         DNS_entry* tmp = altNames->next;
 
         XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME);
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+    #ifdef WOLFSSL_IP_ALT_NAME
         XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME);
     #endif
-    #if defined(OPENSSL_ALL)
+    #ifdef WOLFSSL_RID_ALT_NAME
         XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME);
     #endif
         XFREE(altNames,       heap, DYNAMIC_TYPE_ALTNAME);
@@ -11412,17 +11523,17 @@ DNS_entry* AltNameDup(DNS_entry* from, void* heap)
 
 
     ret->name = CopyString(from->name, from->len, heap, DYNAMIC_TYPE_ALTNAME);
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
     ret->ipString = CopyString(from->ipString, 0, heap, DYNAMIC_TYPE_ALTNAME);
 #endif
-#ifdef OPENSSL_ALL
+#ifdef WOLFSSL_RID_ALT_NAME
     ret->ridString = CopyString(from->ridString, 0, heap, DYNAMIC_TYPE_ALTNAME);
 #endif
     if (ret->name == NULL
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
             || (from->ipString != NULL && ret->ipString == NULL)
 #endif
-#ifdef OPENSSL_ALL
+#ifdef WOLFSSL_RID_ALT_NAME
             || (from->ridString != NULL && ret->ridString == NULL)
 #endif
             ) {
@@ -11501,8 +11612,7 @@ void FreeDecodedCert(DecodedCert* cert)
         wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->subjectName);
 #endif /* WOLFSSL_X509_NAME_AVAILABLE */
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
-    if (cert->sce_tsip_encRsaKeyIdx != NULL)
-        XFREE(cert->sce_tsip_encRsaKeyIdx, cert->heap, DYNAMIC_TYPE_RSA);
+    XFREE(cert->sce_tsip_encRsaKeyIdx, cert->heap, DYNAMIC_TYPE_RSA);
 #endif
     FreeSignatureCtx(&cert->sigCtx);
 }
@@ -11535,9 +11645,11 @@ static int GetCertHeader(DecodedCert* cert)
                                                             cert->sigIndex) < 0)
         return ASN_PARSE_E;
 
-    if (wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial,
-                                           &cert->serialSz, cert->sigIndex) < 0)
-        return ASN_PARSE_E;
+    ret = wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial,
+        &cert->serialSz, cert->sigIndex);
+    if (ret < 0) {
+        return ret;
+    }
 
     return ret;
 }
@@ -11783,7 +11895,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
             pubSz = 1 + pubSz;
         else
             pubSz = 1 + 2 * pubSz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     #else
         ret = wc_ecc_export_x963_ex(key, NULL, &pubSz, comp);
     #endif
@@ -11957,9 +12069,13 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
     DECL_ASNSETDATA(dataASN, edPubKeyASN_Length);
 #endif
 
-    if (pubKey == NULL) {
+    /* validate parameters */
+    if (pubKey == NULL){
         return BAD_FUNC_ARG;
     }
+    if (output != NULL && outLen == 0) {
+        return BUFFER_E;
+    }
 
 #ifndef WOLFSSL_ASN_TEMPLATE
     /* calculate size */
@@ -13265,7 +13381,7 @@ static const byte rdnChoice[] = {
 };
 #endif
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
 /* used to set the human readable string for the IP address with a ASN_IP_TYPE
  * DNS entry
  * return 0 on success
@@ -13274,7 +13390,7 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
 {
     int ret = 0;
     size_t nameSz = 0;
-    char tmpName[WOLFSSL_MAX_IPSTR] = {0};
+    char tmpName[WOLFSSL_MAX_IPSTR];
     unsigned char* ip;
 
     if (entry == NULL || entry->type != ASN_IP_TYPE) {
@@ -13288,6 +13404,8 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
     }
     ip = (unsigned char*)entry->name;
 
+    XMEMSET(tmpName, 0, sizeof(tmpName));
+
     /* store IP addresses as a string */
     if (entry->len == WOLFSSL_IP4_ADDR_LEN) {
         if (XSNPRINTF(tmpName, sizeof(tmpName), "%u.%u.%u.%u", 0xFFU & ip[0],
@@ -13329,9 +13447,9 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
 
     return ret;
 }
-#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
+#endif /* WOLFSSL_IP_ALT_NAME */
 
-#if defined(OPENSSL_ALL)
+#ifdef WOLFSSL_RID_ALT_NAME
 /* used to set the human readable string for the registeredID with an
  * ASN_RID_TYPE DNS entry
  * return 0 on success
@@ -13340,7 +13458,9 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
 {
     int i, j, ret   = 0;
     int nameSz      = 0;
+#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
     int nid         = 0;
+#endif
     int tmpSize     = MAX_OID_SZ;
     word32 oid      = 0;
     word32 idx      = 0;
@@ -13360,47 +13480,53 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
 
     ret = GetOID((const byte*)entry->name, &idx, &oid, oidIgnoreType,
                  entry->len);
+    if (ret == 0) {
+    #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
+        if ((nid = oid2nid(oid, oidCsrAttrType)) > 0) {
+            /* OID has known string value */
+            finalName = (char*)wolfSSL_OBJ_nid2ln(nid);
+        }
+        else
+    #endif
+        {
+            /* Decode OBJECT_ID into dotted form array. */
+            ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len,
+                    tmpName, (word32*)&tmpSize);
 
-    if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) {
-        /* OID has known string value */
-        finalName = (char*)wolfSSL_OBJ_nid2ln(nid);
-    }
-    else {
-        /* Decode OBJECT_ID into dotted form array. */
-        ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len,
-                tmpName, (word32*)&tmpSize);
-
-        if (ret == 0) {
-            j = 0;
-            /* Append each number of dotted form. */
-            for (i = 0; i < tmpSize; i++) {
-                if (j >= MAX_OID_SZ) {
-                    return BUFFER_E;
-                }
+            if (ret == 0) {
+                j = 0;
+                /* Append each number of dotted form. */
+                for (i = 0; i < tmpSize; i++) {
+                    if (j >= MAX_OID_SZ) {
+                        return BUFFER_E;
+                    }
 
-                if (i < tmpSize - 1) {
-                    ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", tmpName[i]);
-                }
-                else {
-                    ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", tmpName[i]);
-                }
+                    if (i < tmpSize - 1) {
+                        ret = XSNPRINTF(oidName + j, (word32)(MAX_OID_SZ - j),
+                            "%d.", tmpName[i]);
+                    }
+                    else {
+                        ret = XSNPRINTF(oidName + j, (word32)(MAX_OID_SZ - j),
+                            "%d", tmpName[i]);
+                    }
 
-                if (ret >= 0) {
-                    j += ret;
-                }
-                else {
-                    return BUFFER_E;
+                    if (ret >= 0) {
+                        j += ret;
+                    }
+                    else {
+                        return BUFFER_E;
+                    }
                 }
+                ret = 0;
+                finalName = oidName;
             }
-            ret = 0;
-            finalName = oidName;
         }
     }
 
     if (ret == 0) {
         nameSz = (int)XSTRLEN((const char*)finalName);
 
-        entry->ridString = (char*)XMALLOC(nameSz + 1, heap,
+        entry->ridString = (char*)XMALLOC((word32)(nameSz + 1), heap,
                 DYNAMIC_TYPE_ALTNAME);
 
         if (entry->ridString == NULL) {
@@ -13408,13 +13534,13 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
         }
 
         if (ret == 0) {
-            XMEMCPY(entry->ridString, finalName, nameSz + 1);
+            XMEMCPY(entry->ridString, finalName, (word32)(nameSz + 1));
         }
     }
 
     return ret;
 }
-#endif /* OPENSSL_ALL && WOLFSSL_ASN_TEMPLATE */
+#endif /* WOLFSSL_RID_ALT_NAME */
 
 #ifdef WOLFSSL_ASN_TEMPLATE
 
@@ -13455,7 +13581,7 @@ static int AddDNSEntryToList(DNS_entry** lst, DNS_entry* entry)
 
 /* Allocate a DNS entry and set the fields.
  *
- * @param [in]      cert     Certificate object.
+ * @param [in]      heap     Heap hint.
  * @param [in]      str      DNS name string.
  * @param [in]      strLen   Length of DNS name string.
  * @param [in]      type     Type of DNS name string.
@@ -13463,27 +13589,23 @@ static int AddDNSEntryToList(DNS_entry** lst, DNS_entry* entry)
  * @return  0 on success.
  * @return  MEMORY_E when dynamic memory allocation fails.
  */
-static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
+static int SetDNSEntry(void* heap, const char* str, int strLen,
                        int type, DNS_entry** entries)
 {
     DNS_entry* dnsEntry;
     int ret = 0;
 
-    /* Only used for heap. */
-    (void)cert;
-
     /* TODO: consider one malloc. */
     /* Allocate DNS Entry object. */
-    dnsEntry = AltNameNew(cert->heap);
+    dnsEntry = AltNameNew(heap);
     if (dnsEntry == NULL) {
         ret = MEMORY_E;
     }
     if (ret == 0) {
         /* Allocate DNS Entry name - length of string plus 1 for NUL. */
-        dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
+        dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, heap,
                                                           DYNAMIC_TYPE_ALTNAME);
         if (dnsEntry->name == NULL) {
-            XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
             ret = MEMORY_E;
         }
     }
@@ -13494,29 +13616,27 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
         XMEMCPY(dnsEntry->name, str, (size_t)strLen);
         dnsEntry->name[strLen] = '\0';
 
-#if defined(OPENSSL_ALL)
+#ifdef WOLFSSL_RID_ALT_NAME
         /* store registeredID as a string */
-        if (type == ASN_RID_TYPE) {
-            if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) {
-                XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
-                XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
-            }
-        }
+        if (type == ASN_RID_TYPE)
+            ret = GenerateDNSEntryRIDString(dnsEntry, heap);
 #endif
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
-        /* store IP addresses as a string */
-        if (type == ASN_IP_TYPE) {
-            if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) {
-                XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
-                XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
-            }
-        }
     }
-    if (ret == 0) {
+#ifdef WOLFSSL_IP_ALT_NAME
+    /* store IP addresses as a string */
+    if (ret == 0 && type == ASN_IP_TYPE)
+        ret = GenerateDNSEntryIPString(dnsEntry, heap);
 #endif
+    if (ret == 0) {
         ret = AddDNSEntryToList(entries, dnsEntry);
     }
 
+    /* failure cleanup */
+    if (ret != 0 && dnsEntry != NULL) {
+        XFREE(dnsEntry->name, heap, DYNAMIC_TYPE_ALTNAME);
+        XFREE(dnsEntry, heap, DYNAMIC_TYPE_ALTNAME);
+    }
+
     return ret;
 }
 #endif
@@ -13775,7 +13895,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
  * @param [in, out] cert      Decoded certificate object.
  * @param [out]     full      Buffer to hold full name as a string.
  * @param [out]     hash      Buffer to hold hash of name.
- * @param [in]      nameType  ISSUER or SUBJECT.
+ * @param [in]      nameType  ASN_ISSUER or ASN_SUBJECT.
  * @param [in]      input     Buffer holding certificate name.
  * @param [in, out] inOutIdx  On in, start of certificate name.
  *                            On out, start of ASN.1 item after cert name.
@@ -13830,13 +13950,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
 
 #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
     /* store pointer to raw issuer */
-    if (nameType == ISSUER) {
+    if (nameType == ASN_ISSUER) {
         cert->issuerRaw = &input[srcIdx];
         cert->issuerRawLen = length;
     }
 #endif
 #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
-    if (nameType == SUBJECT) {
+    if (nameType == ASN_SUBJECT) {
         cert->subjectRaw = &input[srcIdx];
         cert->subjectRawLen = length;
     }
@@ -13905,26 +14025,30 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
             }
 
         #ifndef WOLFSSL_NO_ASN_STRICT
-            /* RFC 5280 section 4.1.2.4 lists a DirecotryString as being
+            /* RFC 5280 section 4.1.2.4 lists a DirectoryString as being
              * 1..MAX in length */
             if (strLen < 1) {
                 WOLFSSL_MSG("Non conforming DirectoryString of length 0 was"
                             " found");
                 WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow"
                             " empty DirectoryString's");
+            #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
+            !defined(WOLFCRYPT_ONLY)
+                wolfSSL_X509_NAME_free(dName);
+            #endif /* OPENSSL_EXTRA */
                 return ASN_PARSE_E;
             }
         #endif
 
             if (id == ASN_COMMON_NAME) {
-                if (nameType == SUBJECT) {
+                if (nameType == ASN_SUBJECT) {
                     cert->subjectCN = (char *)&input[srcIdx];
                     cert->subjectCNLen = strLen;
                     cert->subjectCNEnc = (char)b;
                 }
             #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
                 defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                else if (nameType == ISSUER) {
+                else if (nameType == ASN_ISSUER) {
                     cert->issuerCN = (char*)&input[srcIdx];
                     cert->issuerCNLen = strLen;
                     cert->issuerCNEnc = (char)b;
@@ -13943,7 +14067,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_NAME;
                 copyLen = sizeof(WOLFSSL_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectN = (char*)&input[srcIdx];
                         cert->subjectNLen = strLen;
                         cert->subjectNEnc = b;
@@ -13959,7 +14083,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_INITIALS;
                 copyLen = sizeof(WOLFSSL_INITIALS) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectI = (char*)&input[srcIdx];
                         cert->subjectILen = strLen;
                         cert->subjectIEnc = b;
@@ -13975,7 +14099,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_GIVEN_NAME;
                 copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectGN = (char*)&input[srcIdx];
                         cert->subjectGNLen = strLen;
                         cert->subjectGNEnc = b;
@@ -13991,7 +14115,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_DNQUALIFIER;
                 copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectDNQ = (char*)&input[srcIdx];
                         cert->subjectDNQLen = strLen;
                         cert->subjectDNQEnc = b;
@@ -14008,13 +14132,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_SUR_NAME;
                 copyLen = sizeof(WOLFSSL_SUR_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectSN = (char*)&input[srcIdx];
                         cert->subjectSNLen = strLen;
                         cert->subjectSNEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerSN = (char*)&input[srcIdx];
                         cert->issuerSNLen = strLen;
                         cert->issuerSNEnc = (char)b;
@@ -14031,13 +14155,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_COUNTRY_NAME;
                 copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectC = (char*)&input[srcIdx];
                         cert->subjectCLen = strLen;
                         cert->subjectCEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerC = (char*)&input[srcIdx];
                         cert->issuerCLen = strLen;
                         cert->issuerCEnc = (char)b;
@@ -14054,13 +14178,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_LOCALITY_NAME;
                 copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectL = (char*)&input[srcIdx];
                         cert->subjectLLen = strLen;
                         cert->subjectLEnc = (char)b;
                     }
                     #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerL = (char*)&input[srcIdx];
                         cert->issuerLLen = strLen;
                         cert->issuerLEnc = (char)b;
@@ -14077,13 +14201,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_STATE_NAME;
                 copyLen = sizeof(WOLFSSL_STATE_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectST = (char*)&input[srcIdx];
                         cert->subjectSTLen = strLen;
                         cert->subjectSTEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerST = (char*)&input[srcIdx];
                         cert->issuerSTLen = strLen;
                         cert->issuerSTEnc = (char)b;
@@ -14100,13 +14224,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_ORG_NAME;
                 copyLen = sizeof(WOLFSSL_ORG_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectO = (char*)&input[srcIdx];
                         cert->subjectOLen = strLen;
                         cert->subjectOEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerO = (char*)&input[srcIdx];
                         cert->issuerOLen = strLen;
                         cert->issuerOEnc = (char)b;
@@ -14123,13 +14247,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_ORGUNIT_NAME;
                 copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectOU = (char*)&input[srcIdx];
                         cert->subjectOULen = strLen;
                         cert->subjectOUEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerOU = (char*)&input[srcIdx];
                         cert->issuerOULen = strLen;
                         cert->issuerOUEnc = (char)b;
@@ -14146,13 +14270,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_SERIAL_NUMBER;
                 copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectSND = (char*)&input[srcIdx];
                         cert->subjectSNDLen = strLen;
                         cert->subjectSNDEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerSND = (char*)&input[srcIdx];
                         cert->issuerSNDLen = strLen;
                         cert->issuerSNDEnc = (char)b;
@@ -14169,7 +14293,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_USER_ID;
                 copyLen = sizeof(WOLFSSL_USER_ID) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectUID = (char*)&input[srcIdx];
                         cert->subjectUIDLen = strLen;
                         cert->subjectUIDEnc = (char)b;
@@ -14186,7 +14310,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_STREET_ADDR_NAME;
                 copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectStreet = (char*)&input[srcIdx];
                         cert->subjectStreetLen = strLen;
                         cert->subjectStreetEnc = (char)b;
@@ -14202,7 +14326,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_BUS_CAT;
                 copyLen = sizeof(WOLFSSL_BUS_CAT) - 1;
             #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                if (nameType == SUBJECT) {
+                if (nameType == ASN_SUBJECT) {
                     cert->subjectBC = (char*)&input[srcIdx];
                     cert->subjectBCLen = strLen;
                     cert->subjectBCEnc = (char)b;
@@ -14217,7 +14341,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_POSTAL_NAME;
                 copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectPC = (char*)&input[srcIdx];
                         cert->subjectPCLen = strLen;
                         cert->subjectPCEnc = (char)b;
@@ -14256,7 +14380,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_JOI_C;
                 copyLen = sizeof(WOLFSSL_JOI_C) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectJC = (char*)&input[srcIdx];
                         cert->subjectJCLen = strLen;
                         cert->subjectJCEnc = (char)b;
@@ -14274,7 +14398,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_JOI_ST;
                 copyLen = sizeof(WOLFSSL_JOI_ST) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectJS = (char*)&input[srcIdx];
                         cert->subjectJSLen = strLen;
                         cert->subjectJSEnc = (char)b;
@@ -14338,13 +14462,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
 
                 #if !defined(IGNORE_NAME_CONSTRAINTS) || \
                      defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectEmail = (char*)&input[srcIdx];
                         cert->subjectEmailLen = strLen;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \
                     (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT))
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerEmail = (char*)&input[srcIdx];
                         cert->issuerEmailLen = strLen;
                     }
@@ -14446,8 +14570,8 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
 
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
             !defined(WOLFCRYPT_ONLY)
-    if (nameType == ISSUER) {
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
+    if (nameType == ASN_ISSUER) {
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) &&\
     (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
         dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX);
         XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen);
@@ -14505,14 +14629,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
     if (ret == 0) {
     #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
         /* Store pointer and length to raw issuer. */
-        if (nameType == ISSUER) {
+        if (nameType == ASN_ISSUER) {
             cert->issuerRaw = &input[srcIdx];
             cert->issuerRawLen = len;
         }
     #endif
     #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
         /* Store pointer and length to raw subject. */
-        if (nameType == SUBJECT) {
+        if (nameType == ASN_SUBJECT) {
             cert->subjectRaw = &input[srcIdx];
             cert->subjectRawLen = len;
         }
@@ -14531,7 +14655,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                                &srcIdx, maxIdx);
             if (ret == 0) {
                 /* Put RDN data into certificate. */
-                ret = GetRDN(cert, full, &idx, &nid, nameType == SUBJECT,
+                ret = GetRDN(cert, full, &idx, &nid, nameType == ASN_SUBJECT,
                              dataASN);
             }
         #ifdef WOLFSSL_X509_NAME_AVAILABLE
@@ -14547,7 +14671,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 GetASN_GetRef(&dataASN[RDNASN_IDX_ATTR_VAL], &str, &strLen);
 
             #ifndef WOLFSSL_NO_ASN_STRICT
-                /* RFC 5280 section 4.1.2.4 lists a DirecotryString as being
+                /* RFC 5280 section 4.1.2.4 lists a DirectoryString as being
                  * 1..MAX in length */
                 if (ret == 0 && strLen < 1) {
                     WOLFSSL_MSG("Non conforming DirectoryString of length 0 was"
@@ -14589,7 +14713,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
 
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         /* Store X509_NAME in certificate. */
-        if (nameType == ISSUER) {
+        if (nameType == ASN_ISSUER) {
         #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
              defined(HAVE_LIGHTY)) && \
             (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
@@ -14639,7 +14763,7 @@ enum {
  * Either the issuer or subject name.
  *
  * @param [in, out] cert      Decoded certificate object.
- * @param [in]      nameType  Type of name being decoded: ISSUER or SUBJECT.
+ * @param [in]      nameType  Type being decoded: ASN_ISSUER or ASN_SUBJECT.
  * @param [in]      maxIdx    Index of next item after certificate name.
  * @return  0 on success.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
@@ -14660,7 +14784,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
 
     WOLFSSL_MSG("Getting Name");
 
-    if (nameType == ISSUER) {
+    if (nameType == ASN_ISSUER) {
         full = cert->issuer;
         hash = cert->issuerHash;
     }
@@ -14718,7 +14842,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
         cert->srcIdx = dataASN[CERTNAMEASN_IDX_NAME].offset;
 
         /* Get fields to fill in based on name type. */
-        if (nameType == ISSUER) {
+        if (nameType == ASN_ISSUER) {
             full = cert->issuer;
             hash = cert->issuerHash;
         }
@@ -14775,18 +14899,23 @@ static WC_INLINE int GetTime_Long(long* value, const byte* date, int* idx)
 }
 #endif
 
+/* Extract certTime from date string parameter.
+ * Reminder: idx is incremented in each call to GetTime()
+ * Return 0 on failure, 1 for success.  */
 int ExtractDate(const unsigned char* date, unsigned char format,
-                                                  struct tm* certTime, int* idx)
+                struct tm* certTime, int* idx)
 {
     XMEMSET(certTime, 0, sizeof(struct tm));
 
+    /* Get the first two bytes of the year (century) */
     if (format == ASN_UTC_TIME) {
         if (btoi(date[*idx]) >= 5)
             certTime->tm_year = 1900;
         else
             certTime->tm_year = 2000;
     }
-    else  { /* format == GENERALIZED_TIME */
+    else {
+        /* format == GENERALIZED_TIME */
 #ifdef WOLFSSL_LINUXKM
         if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0;
 #else
@@ -14806,11 +14935,7 @@ int ExtractDate(const unsigned char* date, unsigned char format,
     int tm_min  = certTime->tm_min;
     int tm_sec  = certTime->tm_sec;
 
-#ifdef WOLFSSL_LINUXKM
-    if (GetTime_Long(&tm_year, date, idx) != 0) return 0;
-#else
     if (GetTime(&tm_year, date, idx) != 0) return 0;
-#endif
     if (GetTime(&tm_mon , date, idx) != 0) return 0;
     if (GetTime(&tm_mday, date, idx) != 0) return 0;
     if (GetTime(&tm_hour, date, idx) != 0) return 0;
@@ -14824,28 +14949,30 @@ int ExtractDate(const unsigned char* date, unsigned char format,
     certTime->tm_hour = tm_hour;
     certTime->tm_min  = tm_min;
     certTime->tm_sec  = tm_sec;
-#else
-    /* adjust tm_year, tm_mon */
-#ifdef WOLFSSL_LINUXKM
-    if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0;
-#else
-    if (GetTime(&certTime->tm_year, date, idx) != 0) return 0;
-#endif
+#else /* !AVR */
+    /* Get the next two bytes of the year. */
+    #ifdef WOLFSSL_LINUXKM
+        if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0;
+    #else
+        if (GetTime(&certTime->tm_year, date, idx) != 0) return 0;
+    #endif
     certTime->tm_year -= 1900;
+
+    /* The next fields are expected in specific order in [date] string: */
     if (GetTime(&certTime->tm_mon , date, idx) != 0) return 0;
     certTime->tm_mon  -= 1;
     if (GetTime(&certTime->tm_mday, date, idx) != 0) return 0;
     if (GetTime(&certTime->tm_hour, date, idx) != 0) return 0;
     if (GetTime(&certTime->tm_min , date, idx) != 0) return 0;
     if (GetTime(&certTime->tm_sec , date, idx) != 0) return 0;
-#endif
+
+#endif /* !AVR */
 
     return 1;
 }
 
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
-    defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#ifdef WOLFSSL_ASN_TIME_STRING
 int GetTimeString(byte* date, int format, char* buf, int len)
 {
     struct tm t;
@@ -14891,7 +15018,7 @@ int GetTimeString(byte* date, int format, char* buf, int len)
 
     return 1;
 }
-#endif /* OPENSSL_ALL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+#endif /* WOLFSSL_ASN_TIME_STRING */
 
 /* Check time struct for valid values. Returns 0 for success */
 static int ValidateGmtime(struct tm* inTime)
@@ -15007,19 +15134,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len)
         hour = ts->tm_hour;
         mini = ts->tm_min;
         sec  = ts->tm_sec;
-    #if defined(WOLF_C89)
         if (len < ASN_UTC_TIME_SIZE) {
             WOLFSSL_MSG("buffer for GetFormattedTime is too short.");
             return BUFFER_E;
         }
-        ret = XSPRINTF((char*)buf,
-                        "%02d%02d%02d%02d%02d%02dZ", year, mon, day,
-                        hour, mini, sec);
-    #else
         ret = XSNPRINTF((char*)buf, len,
                         "%02d%02d%02d%02d%02d%02dZ", year, mon, day,
                         hour, mini, sec);
-    #endif
     }
     else {
         /* GeneralizedTime */
@@ -15029,19 +15150,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len)
         hour = ts->tm_hour;
         mini = ts->tm_min;
         sec  = ts->tm_sec;
-    #if defined(WOLF_C89)
         if (len < ASN_GENERALIZED_TIME_SIZE) {
             WOLFSSL_MSG("buffer for GetFormattedTime is too short.");
             return BUFFER_E;
         }
-        ret = XSPRINTF((char*)buf,
-                        "%4d%02d%02d%02d%02d%02dZ", year, mon, day,
-                        hour, mini, sec);
-    #else
         ret = XSNPRINTF((char*)buf, len,
                         "%4d%02d%02d%02d%02d%02dZ", year, mon, day,
                         hour, mini, sec);
-    #endif
     }
 
     return ret;
@@ -15092,7 +15207,7 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b)
 /* Make sure before and after dates are valid */
 /* date = ASN.1 raw */
 /* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */
-/* dateType = AFTER or BEFORE */
+/* dateType = ASN_AFTER or ASN_BEFORE */
 int wc_ValidateDate(const byte* date, byte format, int dateType)
 {
     time_t ltime;
@@ -15122,14 +15237,14 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
 #endif
 
 #ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW
-    if (dateType == BEFORE) {
+    if (dateType == ASN_BEFORE) {
         WOLFSSL_MSG("Skewing local time for before date check");
         ltime += WOLFSSL_BEFORE_DATE_CLOCK_SKEW;
     }
 #endif
 
 #ifdef WOLFSSL_AFTER_DATE_CLOCK_SKEW
-    if (dateType == AFTER) {
+    if (dateType == ASN_AFTER) {
         WOLFSSL_MSG("Skewing local time for after date check");
         ltime -= WOLFSSL_AFTER_DATE_CLOCK_SKEW;
     }
@@ -15163,13 +15278,13 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
         return 0;
     }
 
-    if (dateType == BEFORE) {
+    if (dateType == ASN_BEFORE) {
         if (DateLessThan(localTime, &certTime)) {
             WOLFSSL_MSG("Date BEFORE check failed");
             return 0;
         }
     }
-    else {  /* dateType == AFTER */
+    else {  /* dateType == ASN_AFTER */
         if (DateGreaterThan(localTime, &certTime)) {
             WOLFSSL_MSG("Date AFTER check failed");
             return 0;
@@ -15335,7 +15450,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
     byte   format;
     word32 startIdx = 0;
 
-    if (dateType == BEFORE)
+    if (dateType == ASN_BEFORE)
         cert->beforeDate = &cert->source[cert->srcIdx];
     else
         cert->afterDate = &cert->source[cert->srcIdx];
@@ -15349,7 +15464,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
     XMEMSET(date, 0, MAX_DATE_SIZE);
     XMEMCPY(date, datePtr, (size_t)length);
 
-    if (dateType == BEFORE)
+    if (dateType == ASN_BEFORE)
         cert->beforeDateLen = (int)(cert->srcIdx - startIdx);
     else
         cert->afterDateLen  = (int)(cert->srcIdx - startIdx);
@@ -15357,7 +15472,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
 #ifndef NO_ASN_TIME_CHECK
     if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE &&
             !XVALIDATE_DATE(date, format, dateType)) {
-        if (dateType == BEFORE) {
+        if (dateType == ASN_BEFORE) {
             WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E);
             return ASN_BEFORE_DATE_E;
         }
@@ -15383,10 +15498,10 @@ static int GetValidity(DecodedCert* cert, int verify, int maxIdx)
 
     maxIdx = (int)cert->srcIdx + length;
 
-    if (GetDate(cert, BEFORE, verify, maxIdx) < 0)
+    if (GetDate(cert, ASN_BEFORE, verify, maxIdx) < 0)
         badDate = ASN_BEFORE_DATE_E; /* continue parsing */
 
-    if (GetDate(cert, AFTER, verify, maxIdx) < 0)
+    if (GetDate(cert, ASN_AFTER, verify, maxIdx) < 0)
         return ASN_AFTER_DATE_E;
 
     if (badDate != 0)
@@ -15586,7 +15701,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
 
         WOLFSSL_MSG("Got Algo ID");
 
-        if ( (ret = GetName(cert, ISSUER, (int)cert->sigIndex)) < 0)
+        if ( (ret = GetName(cert, ASN_ISSUER, (int)cert->sigIndex)) < 0)
             return ret;
 
         if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0)
@@ -15595,7 +15710,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
     }
 #endif
 
-    if ( (ret = GetName(cert, SUBJECT, (int)cert->sigIndex)) < 0)
+    if ( (ret = GetName(cert, ASN_SUBJECT, (int)cert->sigIndex)) < 0)
         return ret;
 
     WOLFSSL_MSG("Got Subject Name");
@@ -15622,8 +15737,8 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
  * @return  0 on success.
  * @return  ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
  * @return  ASN_DATE_SZ_E when time data is not supported.
- * @return  ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return  ASN_AFTER_DATE_E when AFTER date is invalid.
+ * @return  ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
+ * @return  ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
  *          is invalid.
  * @return  BUFFER_E when data in buffer is too small.
@@ -15801,7 +15916,7 @@ word32 SetLengthEx(word32 length, byte* output, byte isIndef)
  * @param [out] output  Buffer to encode into.
  * @return  Number of bytes encoded.
  */
-static word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef)
+word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef)
 {
     if (output) {
         /* Encode tag first. */
@@ -16025,7 +16140,7 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
  * @return  Encoded data size on success.
  * @return  0 when dynamic memory allocation fails.
  */
-word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
+static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, byte absentParams)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 tagSz, idSz, seqSz, algoSz = 0;
@@ -16034,9 +16149,10 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
     byte   seqArray[MAX_SEQ_SZ + 1];  /* add object_id to end */
     word32    length = 0;
 
-    tagSz = (type == oidHashType ||
+    tagSz = ((type == oidHashType ||
              (type == oidSigType && !IsSigAlgoECC((word32)algoOID)) ||
-             (type == oidKeyType && algoOID == RSAk)) ? 2U : 0U;
+             (type == oidKeyType && algoOID == RSAk)) &&
+                (absentParams == FALSE)) ? 2U : 0U;
     algoName = OidFromId((word32)algoOID, (word32)type, &algoSz);
     if (algoName == NULL) {
         WOLFSSL_MSG("Unknown Algorithm");
@@ -16092,6 +16208,10 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
             /* Don't put out NULL DER item. */
             dataASN[ALGOIDASN_IDX_NULL].noOut = 1;
         }
+        /* Override for absent (not NULL) params */
+        if (TRUE == absentParams) {
+            dataASN[ALGOIDASN_IDX_NULL].noOut = 1;
+        }
         if (algoOID == DSAk) {
             /* Don't include SEQUENCE for DSA keys. */
             o = 1;
@@ -16134,6 +16254,27 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
+/* Encode an algorithm identifier.
+ *
+ * [algoOID, type] is unique.
+ *
+ * @param [in]  algoOID   Algorithm identifier.
+ * @param [out] output    Buffer to hold encoding.
+ * @param [in]  type      Type of OID being encoded.
+ * @param [in]  curveSz   Add extra space for curve data.
+ * @return  Encoded data size on success.
+ * @return  0 when dynamic memory allocation fails.
+ */
+word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
+{
+    return SetAlgoIDImpl(algoOID, output, type, curveSz, FALSE);
+}
+
+word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, byte absentParams)
+{
+    return SetAlgoIDImpl(algoOID, output, type, curveSz, absentParams);
+}
+
 #ifdef WOLFSSL_ASN_TEMPLATE
 /* Always encode PKCS#1 v1.5 RSA signature and compare to encoded data. */
 /* ASN.1 template for DigestInfo for a PKCS#1 v1.5 RSA signature.
@@ -16266,15 +16407,11 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
     if (sigCtx == NULL)
         return;
 
-    if (sigCtx->digest) {
-        XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST);
-        sigCtx->digest = NULL;
-    }
+    XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST);
+    sigCtx->digest = NULL;
 #if !(defined(NO_RSA) && defined(NO_DSA))
-    if (sigCtx->sigCpy) {
-        XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
-        sigCtx->sigCpy = NULL;
-    }
+    XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
+    sigCtx->sigCpy = NULL;
 #endif
 #ifndef NO_ASN_CRYPT
     if (sigCtx->key.ptr) {
@@ -16554,7 +16691,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
     const byte* sigParams, word32 sigParamsSz,
     byte* rsaKeyIdx)
 {
-    int ret = 0;
+    int ret = WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E); /* default to failure */
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
     CertAttribute* certatt = NULL;
 #endif
@@ -17690,6 +17827,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
 
 exit_cs:
 
+#else
+    /* For NO_ASN_CRYPT return "not compiled in" */
+    ret = NOT_COMPILED_IN;
 #endif /* !NO_ASN_CRYPT */
 
     (void)keyOID;
@@ -17736,8 +17876,7 @@ int wc_ConfirmAltSignature(
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (sigCtx != NULL)
-        XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
+    XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
 #endif
     return ret;
 }
@@ -17988,7 +18127,9 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
 #ifndef WOLFSSL_ASN_TEMPLATE
 static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry)
 {
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
+#if (defined(WOLFSSL_ASN_ALL) || defined(OPENSSL_EXTRA)) && \
+    !defined(WOLFSSL_ALT_NAMES_NO_REV)
+    /* logic to add alt name to end of list */
     dnsEntry->next = NULL;
     if (cert->altNames == NULL) {
         /* First on list */
@@ -18111,7 +18252,7 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
     }
 
     if (ret == 0) {
-        ret = SetDNSEntry(cert, buf, (int)bufLen, ASN_OTHER_TYPE, &entry);
+        ret = SetDNSEntry(cert->heap, buf, (int)bufLen, ASN_OTHER_TYPE, &entry);
         if (ret == 0) {
         #ifdef WOLFSSL_FPKI
             entry->oidSum = oid;
@@ -18138,10 +18279,12 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
  * @return  BUFFER_E when data in buffer is too small.
  */
 static int DecodeOtherName(DecodedCert* cert, const byte* input,
-                           word32* inOutIdx, word32 maxIdx)
+                           word32* inOutIdx, int len)
 {
     DECL_ASNGETDATA(dataASN, otherNameASN_Length);
     int ret = 0;
+    word32 maxIdx = *inOutIdx + (word32)len;
+    const char* name = (const char*)input + *inOutIdx;
 
     CALLOC_ASNGETDATA(dataASN, otherNameASN_Length, ret, cert->heap);
 
@@ -18170,7 +18313,9 @@ static int DecodeOtherName(DecodedCert* cert, const byte* input,
                            (int)dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum);
                 break;
             default:
-                WOLFSSL_MSG("\tunsupported OID skipping");
+                WOLFSSL_MSG("\tadding unsupported OID");
+                ret = SetDNSEntry(cert->heap, name, len, ASN_OTHER_TYPE,
+                        &cert->altNames);
                 break;
         }
     }
@@ -18202,8 +18347,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
 
     /* GeneralName choice: dnsName */
     if (tag == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_DNS_TYPE,
-                &cert->altNames);
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
+                ASN_DNS_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
@@ -18221,7 +18366,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
             return ASN_PARSE_E;
         }
 
-        ret = SetDNSEntry(cert, (const char*)(input + idxDir), strLen,
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idxDir), strLen,
                 ASN_DIR_TYPE, &cert->altDirNames);
         if (ret == 0) {
             idx += (word32)len;
@@ -18229,7 +18374,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
     }
     /* GeneralName choice: rfc822Name */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len,
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
                 ASN_RFC822_TYPE, &cert->altEmailNames);
         if (ret == 0) {
             idx += (word32)len;
@@ -18277,40 +18422,38 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
         }
     #endif
 
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_URI_TYPE,
-                &cert->altNames);
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
+                ASN_URI_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
     }
-    #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
-                                            defined(WOLFSSL_IP_ALT_NAME)
+    #ifdef WOLFSSL_IP_ALT_NAME
     /* GeneralName choice: iPAddress */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_IP_TYPE,
-                &cert->altNames);
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
+                ASN_IP_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
     }
-    #endif /* WOLFSSL_QT || OPENSSL_ALL */
-
-    #ifdef OPENSSL_ALL
+    #endif /* WOLFSSL_IP_ALT_NAME */
+    #ifdef WOLFSSL_RID_ALT_NAME
     /* GeneralName choice: registeredID */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len,
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
                 ASN_RID_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
     }
-    #endif
+    #endif /* WOLFSSL_RID_ALT_NAME */
 #endif /* IGNORE_NAME_CONSTRAINTS */
 #if defined(WOLFSSL_SEP) || defined(WOLFSSL_FPKI)
     /* GeneralName choice: otherName */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) {
         /* TODO: test data for code path */
-        ret = DecodeOtherName(cert, input, &idx, idx + (word32)len);
+        ret = DecodeOtherName(cert, input, &idx, len);
     }
 #endif
     /* GeneralName choice: dNSName, x400Address, ediPartyName */
@@ -18548,6 +18691,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 idx = 0;
     int length = 0;
+    word32 numNames = 0;
 
     WOLFSSL_ENTER("DecodeAltNames");
 
@@ -18580,8 +18724,13 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
             return BUFFER_E;
         }
 
-        current_byte = input[idx++];
+        numNames++;
+        if (numNames > WOLFSSL_MAX_ALT_NAMES) {
+            WOLFSSL_MSG("\tToo many subject alternative names");
+            return ASN_ALT_NAME_E;
+        }
 
+        current_byte = input[idx++];
         length--;
 
         /* Save DNS Type names in the altNames list. */
@@ -18775,7 +18924,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
             length -= strLen;
             idx    += (word32)strLen;
         }
-#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
         else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
             DNS_entry* ipAddr;
             int strLen;
@@ -18810,21 +18959,19 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
             XMEMCPY(ipAddr->name, &input[idx], strLen);
             ipAddr->name[strLen] = '\0';
 
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
             if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) {
                 WOLFSSL_MSG("\tOut of Memory for IP string");
                 XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
                 XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME);
                 return MEMORY_E;
             }
-        #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
             AddAltName(cert, ipAddr);
 
             length -= strLen;
             idx    += (word32)strLen;
         }
-#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
-#if defined(OPENSSL_ALL)
+#endif /* WOLFSSL_IP_ALT_NAME */
+#ifdef WOLFSSL_RID_ALT_NAME
         else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
             DNS_entry* rid;
             int strLen;
@@ -18871,7 +19018,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
             length -= strLen;
             idx    += (word32)strLen;
         }
-#endif /* OPENSSL_ALL */
+#endif /* WOLFSSL_RID_ALT_NAME */
 #endif /* IGNORE_NAME_CONSTRAINTS */
         else if (current_byte ==
                 (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) {
@@ -19473,15 +19620,11 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
 
         /* Set ocsp entry */
         if (b == GENERALNAME_URI && oid == AIA_OCSP_OID &&
-                cert->extAuthInfo == NULL)
-        {
+                cert->extAuthInfo == NULL) {
             cert->extAuthInfoSz = length;
             cert->extAuthInfo = input + idx;
-        #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
-            break;
-        #endif
         }
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+    #ifdef WOLFSSL_ASN_CA_ISSUER
         /* Set CaIssuers entry */
         else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID &&
                 cert->extAuthInfoCaIssuer == NULL)
@@ -19489,7 +19632,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
             cert->extAuthInfoCaIssuerSz = length;
             cert->extAuthInfoCaIssuer = input + idx;
         }
-        #endif
+    #endif
         idx += (word32)length;
     }
 
@@ -19527,11 +19670,8 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
                 GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
                         &cert->extAuthInfo, &sz32);
                 cert->extAuthInfoSz = (int)sz32;
-            #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
-                break;
-            #endif
             }
-            #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+        #ifdef WOLFSSL_ASN_CA_ISSUER
             /* Check we have CA Issuer and URI. */
             else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
                         AIA_CA_ISSUER_OID) &&
@@ -19542,7 +19682,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
                         &cert->extAuthInfoCaIssuer, &sz32);
                 cert->extAuthInfoCaIssuerSz = (int)sz32;
             }
-            #endif
+        #endif
             /* Otherwise skip. */
         }
     }
@@ -19618,13 +19758,14 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
         return ASN_PARSE_E;
     }
 
+    cert->extAuthKeyIdSz = length;
+
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 #ifdef WOLFSSL_AKID_NAME
     cert->extRawAuthKeyIdSrc = input;
     cert->extRawAuthKeyIdSz = sz;
 #endif
     cert->extAuthKeyIdSrc = &input[idx];
-    cert->extAuthKeyIdSz = length;
 #endif /* OPENSSL_EXTRA */
 
     return GetHashId(input + idx, length, cert->extAuthKeyId,
@@ -19720,9 +19861,9 @@ static int DecodeSubjKeyId(const byte* input, word32 sz, DecodedCert* cert)
 
     ret = GetOctetString(input, &idx, &length, sz);
     if (ret > 0) {
+        cert->extSubjKeyIdSz = (word32)length;
     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
         cert->extSubjKeyIdSrc = &input[idx];
-        cert->extSubjKeyIdSz = (word32)length;
     #endif /* OPENSSL_EXTRA */
 
         /* Get the hash or hash of the hash if wrong size. */
@@ -20111,6 +20252,7 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head,
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 idx = 0;
     int ret = 0;
+    word32 cnt = 0;
 
     (void)heap;
 
@@ -20119,6 +20261,14 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head,
         word32 nameIdx;
         byte b, bType;
 
+        if (limit > 0) {
+            cnt++;
+            if (cnt > limit) {
+                WOLFSSL_MSG("too many name constraints");
+                return ASN_NAME_INVALID_E;
+            }
+        }
+
         if (GetSequence(input, &idx, &seqLength, sz) < 0) {
             WOLFSSL_MSG("\tfail: should be a SEQUENCE");
             return ASN_PARSE_E;
@@ -20349,7 +20499,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz,
 }
 #endif /* IGNORE_NAME_CONSTRAINTS */
 
-#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \
+#if defined(WOLFSSL_CERT_EXT) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
 /* Decode ITU-T X.690 OID format to a string representation
@@ -20402,10 +20552,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
 exit:
     return w;
 }
-#endif /* WOLFSSL_CERT_EXT && !WOLFSSL_SEP */
+#endif /* WOLFSSL_CERT_EXT || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
-#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_QT)
-    #ifdef WOLFSSL_ASN_TEMPLATE
+#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
+#ifdef WOLFSSL_ASN_TEMPLATE
     /* ASN.1 template for PolicyInformation.
      * X.509: RFC 5280, 4.2.1.4 - Certificate Policies.
      */
@@ -20424,230 +20574,221 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
 
     /* Number of items in ASN.1 template for PolicyInformation. */
     #define policyInfoASN_Length (sizeof(policyInfoASN) / sizeof(ASNItem))
-    #endif
+#endif
 
-    /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */
-    static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert)
-    {
-    #ifndef WOLFSSL_ASN_TEMPLATE
-        word32 idx = 0;
-        word32 oldIdx;
-        int policy_length = 0;
-        int ret;
-        int total_length = 0;
-    #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \
-        !defined(WOLFSSL_DUP_CERTPOL)
-        int i;
-    #endif
+/* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */
+static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert)
+{
+#ifndef WOLFSSL_ASN_TEMPLATE
+    word32 idx = 0;
+    word32 oldIdx;
+    int policy_length = 0;
+    int ret;
+    int total_length = 0;
+#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL)
+    int i;
+#endif
 
-        WOLFSSL_ENTER("DecodeCertPolicy");
+    WOLFSSL_ENTER("DecodeCertPolicy");
 
-    #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
-        /* Check if cert is null before dereferencing below */
-        if (cert == NULL)
-            return BAD_FUNC_ARG;
-    #else
-        (void)cert;
-    #endif
+    /* Check if cert is null before dereferencing below */
+    if (cert == NULL)
+        return BAD_FUNC_ARG;
 
-    #if defined(WOLFSSL_CERT_EXT)
-         cert->extCertPoliciesNb = 0;
-    #endif
+#if defined(WOLFSSL_CERT_EXT)
+        cert->extCertPoliciesNb = 0;
+#endif
 
-        if (GetSequence(input, &idx, &total_length, sz) < 0) {
-            WOLFSSL_MSG("\tGet CertPolicy total seq failed");
-            return ASN_PARSE_E;
-        }
+    if (GetSequence(input, &idx, &total_length, sz) < 0) {
+        WOLFSSL_MSG("\tGet CertPolicy total seq failed");
+        return ASN_PARSE_E;
+    }
+
+    /* Validate total length */
+    if (total_length > (int)(sz - idx)) {
+        WOLFSSL_MSG("\tCertPolicy length mismatch");
+        return ASN_PARSE_E;
+    }
+
+    /* Unwrap certificatePolicies */
+    do {
+        int length = 0;
 
-        /* Validate total length */
-        if (total_length > (int)(sz - idx)) {
-            WOLFSSL_MSG("\tCertPolicy length mismatch");
+        if (GetSequence(input, &idx, &policy_length, sz) < 0) {
+            WOLFSSL_MSG("\tGet CertPolicy seq failed");
             return ASN_PARSE_E;
         }
 
-        /* Unwrap certificatePolicies */
-        do {
-            int length = 0;
+        oldIdx = idx;
+        ret = GetASNObjectId(input, &idx, &length, sz);
+        if (ret != 0)
+            return ret;
+        policy_length -= (int)(idx - oldIdx);
 
-            if (GetSequence(input, &idx, &policy_length, sz) < 0) {
-                WOLFSSL_MSG("\tGet CertPolicy seq failed");
+        if (length > 0) {
+            /* Verify length won't overrun buffer */
+            if (length > (int)(sz - idx)) {
+                WOLFSSL_MSG("\tCertPolicy length exceeds input buffer");
                 return ASN_PARSE_E;
             }
 
-            oldIdx = idx;
-            ret = GetASNObjectId(input, &idx, &length, sz);
-            if (ret != 0)
-                return ret;
-            policy_length -= (int)(idx - oldIdx);
-
-            if (length > 0) {
-                /* Verify length won't overrun buffer */
-                if (length > (int)(sz - idx)) {
-                    WOLFSSL_MSG("\tCertPolicy length exceeds input buffer");
-                    return ASN_PARSE_E;
-                }
-
-        #if defined(WOLFSSL_SEP)
+    #ifdef WOLFSSL_SEP
+            if (cert->deviceType == NULL) {
                 cert->deviceType = (byte*)XMALLOC((size_t)length, cert->heap,
-                                                         DYNAMIC_TYPE_X509_EXT);
+                                                        DYNAMIC_TYPE_X509_EXT);
                 if (cert->deviceType == NULL) {
                     WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
                     return MEMORY_E;
                 }
                 cert->deviceTypeSz = length;
                 XMEMCPY(cert->deviceType, input + idx, (size_t)length);
-                break;
-        #elif defined(WOLFSSL_CERT_EXT)
-                /* decode cert policy */
-                if (DecodePolicyOID(cert->extCertPolicies[
-                                       cert->extCertPoliciesNb], MAX_CERTPOL_SZ,
-                                       input + idx, length) <= 0) {
-                    WOLFSSL_MSG("\tCouldn't decode CertPolicy");
-                    WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
-                    return ASN_PARSE_E;
-                }
-            #ifndef WOLFSSL_DUP_CERTPOL
-                /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
-                 * NOT appear more than once in a certificate policies
-                 * extension". This is a sanity check for duplicates.
-                 * extCertPolicies should only have OID values, additional
-                 * qualifiers need to be stored in a separate array. */
-                for (i = 0; i < cert->extCertPoliciesNb; i++) {
-                    if (XMEMCMP(cert->extCertPolicies[i],
+            }
+    #endif
+
+    #ifdef WOLFSSL_CERT_EXT
+            /* decode cert policy */
+            if (DecodePolicyOID(cert->extCertPolicies[
+                                cert->extCertPoliciesNb], MAX_CERTPOL_SZ,
+                                input + idx, length) <= 0) {
+                WOLFSSL_MSG("\tCouldn't decode CertPolicy");
+                WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+                return ASN_PARSE_E;
+            }
+        #ifndef WOLFSSL_DUP_CERTPOL
+            /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
+             * NOT appear more than once in a certificate policies
+             * extension". This is a sanity check for duplicates.
+             * extCertPolicies should only have OID values, additional
+             * qualifiers need to be stored in a separate array. */
+            for (i = 0; i < cert->extCertPoliciesNb; i++) {
+                if (XMEMCMP(cert->extCertPolicies[i],
                             cert->extCertPolicies[cert->extCertPoliciesNb],
                             MAX_CERTPOL_SZ) == 0) {
-                            WOLFSSL_MSG("Duplicate policy OIDs not allowed");
-                            WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
-                            WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
-                            return CERTPOLICIES_E;
-                    }
+                    WOLFSSL_MSG("Duplicate policy OIDs not allowed");
+                    WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
+                    WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
+                    return CERTPOLICIES_E;
                 }
-            #endif /* !WOLFSSL_DUP_CERTPOL */
-                cert->extCertPoliciesNb++;
-        #else
-                WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0);
-                return 0;
-        #endif
             }
-            idx += (word32)policy_length;
-        } while((int)idx < total_length
-    #if defined(WOLFSSL_CERT_EXT)
-            && cert->extCertPoliciesNb < MAX_CERTPOL_NB
+        #endif /* !WOLFSSL_DUP_CERTPOL */
+            cert->extCertPoliciesNb++;
     #endif
-        );
-
-        WOLFSSL_LEAVE("DecodeCertPolicy", 0);
-        return 0;
-    #else /* WOLFSSL_ASN_TEMPLATE */
-        word32 idx = 0;
-        int ret = 0;
-        int total_length = 0;
-    #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \
-        !defined(WOLFSSL_DUP_CERTPOL)
-        int i;
+        }
+        idx += (word32)policy_length;
+    } while((int)idx < total_length
+    #ifdef WOLFSSL_CERT_EXT
+        && cert->extCertPoliciesNb < MAX_CERTPOL_NB
     #endif
+    );
 
-        WOLFSSL_ENTER("DecodeCertPolicy");
-        #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
-        /* Check if cert is null before dereferencing below */
-        if (cert == NULL)
-            ret = BAD_FUNC_ARG;
-        #endif
+    WOLFSSL_LEAVE("DecodeCertPolicy", 0);
+    return 0;
+#else /* WOLFSSL_ASN_TEMPLATE */
+    word32 idx = 0;
+    int ret = 0;
+    int total_length = 0;
+#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL)
+    int i;
+#endif
 
-        if (ret == 0) {
-        #if defined(WOLFSSL_CERT_EXT)
-            cert->extCertPoliciesNb = 0;
-        #endif
+    WOLFSSL_ENTER("DecodeCertPolicy");
 
-            /* Strip SEQUENCE OF and check using all data. */
-            if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0)
-            {
-               ret = ASN_PARSE_E;
-            }
+    /* Check if cert is null before dereferencing below */
+    if (cert == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+    #if defined(WOLFSSL_CERT_EXT)
+        cert->extCertPoliciesNb = 0;
+    #endif
+
+        /* Strip SEQUENCE OF and check using all data. */
+        if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0)
+        {
+            ret = ASN_PARSE_E;
         }
+    }
 
-        /* Unwrap certificatePolicies */
-        while ((ret == 0) && ((int)idx < total_length)
-        #if defined(WOLFSSL_CERT_EXT)
-            && (cert->extCertPoliciesNb < MAX_CERTPOL_NB)
-        #endif
-               ) {
-            ASNGetData dataASN[policyInfoASN_Length];
-            byte* data = NULL;
-            word32 length = 0;
+    /* Unwrap certificatePolicies */
+    while ((ret == 0) && ((int)idx < total_length)
+    #if defined(WOLFSSL_CERT_EXT)
+        && (cert->extCertPoliciesNb < MAX_CERTPOL_NB)
+    #endif
+            ) {
+        ASNGetData dataASN[policyInfoASN_Length];
+        byte* data = NULL;
+        word32 length = 0;
 
-            /* Clear dynamic data and check OID is a cert policy type. */
-            XMEMSET(dataASN, 0, sizeof(dataASN));
-            GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType);
-            ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1,
-                               input, &idx, (word32)sz);
-            if (ret == 0) {
-                /* Get the OID. */
-                GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length);
-                if (length == 0) {
-                    ret = ASN_PARSE_E;
-                }
-            }
-            #if defined(WOLFSSL_SEP)
-            /* Store OID in device type. */
-            if (ret == 0) {
-                cert->deviceType = (byte*)XMALLOC(length, cert->heap,
-                                                  DYNAMIC_TYPE_X509_EXT);
-                if (cert->deviceType == NULL) {
-                    WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
-                    ret = MEMORY_E;
-                }
+        /* Clear dynamic data and check OID is a cert policy type. */
+        XMEMSET(dataASN, 0, sizeof(dataASN));
+        GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType);
+        ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1,
+                            input, &idx, (word32)sz);
+        if (ret == 0) {
+            /* Get the OID. */
+            GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length);
+            if (length == 0) {
+                ret = ASN_PARSE_E;
             }
-            if (ret == 0) {
+        }
+    #ifdef WOLFSSL_SEP
+        /* Store OID in device type. */
+        if (ret == 0 && cert->deviceType == NULL) {
+            cert->deviceType = (byte*)XMALLOC(length, cert->heap,
+                                                DYNAMIC_TYPE_X509_EXT);
+            if (cert->deviceType != NULL) {
                 /* Store device type data and length. */
                 cert->deviceTypeSz = (int)length;
                 XMEMCPY(cert->deviceType, data, length);
-                break;
             }
-            #elif defined(WOLFSSL_CERT_EXT)
-            if (ret == 0) {
-                /* Decode cert policy. */
-                if (DecodePolicyOID(
-                                 cert->extCertPolicies[cert->extCertPoliciesNb],
-                                 MAX_CERTPOL_SZ, data, length) <= 0) {
-                    WOLFSSL_MSG("\tCouldn't decode CertPolicy");
-                    WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
-                    ret = ASN_PARSE_E;
-                }
+            else {
+                WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
+                ret = MEMORY_E;
             }
-            #ifndef WOLFSSL_DUP_CERTPOL
-            /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
-             * NOT appear more than once in a certificate policies
-             * extension". This is a sanity check for duplicates.
-             * extCertPolicies should only have OID values, additional
-             * qualifiers need to be stored in a separate array. */
-            for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) {
-                if (XMEMCMP(cert->extCertPolicies[i],
-                            cert->extCertPolicies[cert->extCertPoliciesNb],
-                            MAX_CERTPOL_SZ) == 0) {
-                    WOLFSSL_MSG("Duplicate policy OIDs not allowed");
-                    WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
-                    WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
-                    ret = CERTPOLICIES_E;
-                }
+        }
+    #endif /* WOLFSSL_SEP */
+
+    #ifdef WOLFSSL_CERT_EXT
+        if (ret == 0) {
+            /* Decode cert policy. */
+            if (DecodePolicyOID(
+                    cert->extCertPolicies[cert->extCertPoliciesNb],
+                    MAX_CERTPOL_SZ, data, length) <= 0) {
+                WOLFSSL_MSG("\tCouldn't decode CertPolicy");
+                WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+                ret = ASN_PARSE_E;
             }
-            #endif /* !defined(WOLFSSL_DUP_CERTPOL) */
-            if (ret == 0) {
-                /* Keep count of policies seen. */
-                cert->extCertPoliciesNb++;
+        }
+        #ifndef WOLFSSL_DUP_CERTPOL
+        /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
+         * NOT appear more than once in a certificate policies
+         * extension". This is a sanity check for duplicates.
+         * extCertPolicies should only have OID values, additional
+         * qualifiers need to be stored in a separate array. */
+        for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) {
+            if (XMEMCMP(cert->extCertPolicies[i],
+                        cert->extCertPolicies[cert->extCertPoliciesNb],
+                        MAX_CERTPOL_SZ) == 0) {
+                WOLFSSL_MSG("Duplicate policy OIDs not allowed");
+                WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
+                WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
+                ret = CERTPOLICIES_E;
             }
-            #else
-                (void)data;
-                WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0);
-                break;
-            #endif
         }
-
-        WOLFSSL_LEAVE("DecodeCertPolicy", 0);
-        return ret;
-    #endif /* WOLFSSL_ASN_TEMPLATE */
+        #endif /* !WOLFSSL_DUP_CERTPOL */
+        if (ret == 0) {
+            /* Keep count of policies seen. */
+            cert->extCertPoliciesNb++;
+        }
+    #endif /* WOLFSSL_CERT_EXT */
     }
-#endif /* WOLFSSL_SEP */
+
+    WOLFSSL_LEAVE("DecodeCertPolicy", 0);
+    return ret;
+#endif /* WOLFSSL_ASN_TEMPLATE */
+}
+#endif /* WOLFSSL_SEP || WOLFSSL_CERT_EXT  */
 
 #ifdef WOLFSSL_SUBJ_DIR_ATTR
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -20747,6 +20888,11 @@ static int DecodeSubjDirAttr(const byte* input, word32 sz, DecodedCert* cert)
 
     WOLFSSL_ENTER("DecodeSubjDirAttr");
 
+#ifdef OPENSSL_ALL
+    cert->extSubjDirAttrSrc = input;
+    cert->extSubjDirAttrSz = sz;
+#endif /* OPENSSL_ALL */
+
     CALLOC_ASNGETDATA(dataASN, subjDirAttrASN_Length, ret, cert->heap);
 
     /* Strip outer SEQUENCE. */
@@ -20984,6 +21130,7 @@ static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert)
         (void)cert;
     }
 
+    /* We do this to make sure the format of the extension is correct. */
     if (ret == 0) {
         GetASN_OID(&dataASN[ALTSIG_ALGOID_OID], oidSigType);
 
@@ -20993,8 +21140,8 @@ static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert)
     }
 
     if (ret == 0) {
-        cert->altSigAlgDer = dataASN[ALTSIG_ALGOID_SEQ].data.u8;
-        cert->altSigAlgLen = dataASN[ALTSIG_ALGOID_SEQ].length;
+        cert->altSigAlgDer = (byte *)input;
+        cert->altSigAlgLen = sz;
         cert->altSigAlgOID = dataASN[ALTSIG_ALGOID_OID].data.oid.sum;
     }
 
@@ -21176,15 +21323,11 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
 
         /* Certificate policies. */
         case CERT_POLICY_OID:
-        #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+        #ifdef WOLFSSL_SEP
             VERIFY_AND_SET_OID(cert->extCertPolicySet);
-            #if defined(OPENSSL_EXTRA) || \
-                defined(OPENSSL_EXTRA_X509_SMALL)
-                cert->extCertPolicyCrit = critical ? 1 : 0;
-            #endif
+            cert->extCertPolicyCrit = critical ? 1 : 0;
         #endif
-        #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || \
-            defined(WOLFSSL_QT)
+        #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
             if (DecodeCertPolicy(input, length, cert) < 0) {
                 ret = ASN_PARSE_E;
             }
@@ -21356,8 +21499,7 @@ enum {
 #define certExtASN_Length (sizeof(certExtASN) / sizeof(ASNItem))
 #endif
 
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
+#ifdef WC_ASN_UNKNOWN_EXT_CB
 int wc_SetUnknownExtCallback(DecodedCert* cert,
                              wc_UnknownExtCallback cb) {
     if (cert == NULL) {
@@ -21367,7 +21509,18 @@ int wc_SetUnknownExtCallback(DecodedCert* cert,
     cert->unknownExtCallback = cb;
     return 0;
 }
-#endif
+
+int wc_SetUnknownExtCallbackEx(DecodedCert* cert,
+                               wc_UnknownExtCallbackEx cb, void *ctx) {
+    if (cert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    cert->unknownExtCallbackEx = cb;
+    cert->unknownExtCallbackExCtx = ctx;
+    return 0;
+}
+#endif /* WC_ASN_UNKNOWN_EXT_CB */
 
 /*
  *  Processing the Certificate Extensions. This does not modify the current
@@ -21521,8 +21674,9 @@ static int DecodeCertExtensions(DecodedCert* cert)
             /* Decode the extension by type. */
             ret = DecodeExtensionType(input + idx, length, oid, critical, cert,
                                       &isUnknownExt);
-#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING)
-            if (isUnknownExt && (cert->unknownExtCallback != NULL)) {
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+            if (isUnknownExt && (cert->unknownExtCallback != NULL ||
+                                 cert->unknownExtCallbackEx != NULL)) {
                 word16 decOid[MAX_OID_SZ];
                 word32 decOidSz = sizeof(decOid);
                 ret = DecodeObjectId(
@@ -21536,12 +21690,22 @@ static int DecodeCertExtensions(DecodedCert* cert)
                     WOLFSSL_ERROR(ret);
                 }
 
-                ret = cert->unknownExtCallback(decOid, decOidSz, critical,
-                          dataASN[CERTEXTASN_IDX_VAL].data.buffer.data,
-                          dataASN[CERTEXTASN_IDX_VAL].length);
+                if ((ret == 0) && (cert->unknownExtCallback != NULL)) {
+                    ret = cert->unknownExtCallback(decOid, decOidSz, critical,
+                              dataASN[CERTEXTASN_IDX_VAL].data.buffer.data,
+                              dataASN[CERTEXTASN_IDX_VAL].length);
+                }
+
+                if ((ret == 0) && (cert->unknownExtCallbackEx != NULL)) {
+                    ret = cert->unknownExtCallbackEx(decOid, decOidSz, critical,
+                              dataASN[CERTEXTASN_IDX_VAL].data.buffer.data,
+                              dataASN[CERTEXTASN_IDX_VAL].length,
+                              cert->unknownExtCallbackExCtx);
+                }
             }
-#endif
+#else
             (void)isUnknownExt;
+#endif
 
             /* Move index on to next extension. */
             idx += length;
@@ -21724,12 +21888,12 @@ enum {
 /* Check the data data.
  *
  * @param [in] dataASN   ASN template dynamic data item.
- * @param [in] dataType  BEFORE or AFTER date.
+ * @param [in] dataType  ASN_BEFORE or ASN_AFTER date.
  * @return  0 on success.
  * @return  ASN_TIME_E when BER tag is nor UTC or GENERALIZED time.
  * @return  ASN_DATE_SZ_E when time data is not supported.
- * @return  ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return  ASN_AFTER_DATE_E when AFTER date is invalid.
+ * @return  ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
+ * @return  ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
  */
 static int CheckDate(ASNGetData *dataASN, int dateType)
 {
@@ -21747,14 +21911,18 @@ static int CheckDate(ASNGetData *dataASN, int dateType)
     }
 
 #ifndef NO_ASN_TIME_CHECK
-    /* Check date is a valid string and BEFORE or AFTER now. */
-    if ((ret == 0) &&
-            (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType))) {
-        if (dateType == BEFORE) {
-            ret = ASN_BEFORE_DATE_E;
-        }
-        else {
-            ret = ASN_AFTER_DATE_E;
+    /* Check date is a valid string and ASN_BEFORE or ASN_AFTER now. */
+    if (ret == 0) {
+        if (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType)) {
+            if (dateType == ASN_BEFORE) {
+                ret = ASN_BEFORE_DATE_E;
+            }
+            else if (dateType == ASN_AFTER) {
+                ret = ASN_AFTER_DATE_E;
+            }
+            else {
+                ret = ASN_TIME_E;
+            }
         }
     }
 #endif
@@ -21769,14 +21937,14 @@ static int CheckDate(ASNGetData *dataASN, int dateType)
  * @param [in]  verify           Whether to verify dates before and after now.
  * @param [out] criticalExt      Critical extension return code.
  * @param [out] badDateRet       Bad date return code.
- * @param [in]  stopAtPubKey     Stop parsing before subkectPublicKeyInfo.
- * @param [in]  stopAfterPubKey  Stop parsing after subkectPublicKeyInfo.
+ * @param [in]  stopAtPubKey     Stop parsing before subjectPublicKeyInfo.
+ * @param [in]  stopAfterPubKey  Stop parsing after subjectPublicKeyInfo.
  * @return  0 on success.
  * @return  ASN_CRIT_EXT_E when a critical extension was not recognized.
  * @return  ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
  * @return  ASN_DATE_SZ_E when time data is not supported.
- * @return  ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return  ASN_AFTER_DATE_E when AFTER date is invalid.
+ * @return  ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
+ * @return  ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
  *          is invalid.
  * @return  BUFFER_E when data in buffer is too small.
@@ -21879,7 +22047,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
         cert->version = version;
         cert->serialSz = (int)serialSz;
 
-    #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON)
+    #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) && \
+        !defined(WOLFSSL_ASN_ALLOW_0_SERIAL)
         /* RFC 5280 section 4.1.2.2 states that non-conforming CAs may issue
          * a negative or zero serial number and should be handled gracefully.
          * Since it is a non-conforming CA that issues a serial of 0 then we
@@ -21890,6 +22059,11 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
             ret = ASN_PARSE_E;
         }
     #endif
+        if (cert->serialSz == 0) {
+            WOLFSSL_MSG("Error serial size is zero. Should be at least one "
+                        "even with no serial number.");
+            ret = ASN_PARSE_E;
+        }
 
         cert->signatureOID = dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].data.oid.sum;
         cert->keyOID = dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID].data.oid.sum;
@@ -21897,27 +22071,27 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
 
         /* No bad date error - don't always care. */
         badDate = 0;
-        /* Find the item with the BEFORE date and check it. */
+        /* Find the item with the ASN_BEFORE date and check it. */
         i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0)
                 ? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC
                 : X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT;
-        if ((CheckDate(&dataASN[i], BEFORE) < 0) && (verify != NO_VERIFY) &&
+        if ((CheckDate(&dataASN[i], ASN_BEFORE) < 0) && (verify != NO_VERIFY) &&
                 (verify != VERIFY_SKIP_DATE)) {
             badDate = ASN_BEFORE_DATE_E;
         }
-        /* Store reference to BEFOREdate. */
+        /* Store reference to ASN_BEFORE date. */
         cert->beforeDate = GetASNItem_Addr(dataASN[i], cert->source);
         cert->beforeDateLen = (int)GetASNItem_Length(dataASN[i], cert->source);
 
-        /* Find the item with the AFTER date and check it. */
+        /* Find the item with the ASN_AFTER date and check it. */
         i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0)
                 ? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC
                 : X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT;
-        if ((CheckDate(&dataASN[i], AFTER) < 0) && (verify != NO_VERIFY) &&
+        if ((CheckDate(&dataASN[i], ASN_AFTER) < 0) && (verify != NO_VERIFY) &&
                 (verify != VERIFY_SKIP_DATE)) {
             badDate = ASN_AFTER_DATE_E;
         }
-        /* Store reference to AFTER date. */
+        /* Store reference to ASN_AFTER date. */
         cert->afterDate = GetASNItem_Addr(dataASN[i], cert->source);
         cert->afterDateLen = (int)GetASNItem_Length(dataASN[i], cert->source);
 
@@ -21955,16 +22129,20 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
         }
         /* Parameters not allowed after ECDSA or EdDSA algorithm OID. */
         else if (IsSigAlgoECC(cert->signatureOID)) {
-            if ((dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0)
-        #ifdef WC_RSA_PSS
-                || (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0)
+        #ifndef WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED
+            if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0) {
+                WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+                ret = ASN_PARSE_E;
+            }
         #endif
-                ) {
+        #ifdef WC_RSA_PSS
+            if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
                 WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
                 ret = ASN_PARSE_E;
             }
+        #endif
         }
-        #ifdef WC_RSA_PSS
+    #ifdef WC_RSA_PSS
         /* Check parameters starting with a SEQUENCE. */
         else if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
             word32 oid = dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum;
@@ -22006,7 +22184,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
                 cert->sigParamsLength = sigAlgParamsSz;
             }
         }
-        #endif
+    #endif
     }
     if ((ret == 0) && (!done)) {
         pubKeyEnd = dataASN[X509CERTASN_IDX_TBS_ISSUERUID].offset;
@@ -22048,13 +22226,13 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
     if ((ret == 0) && (issuer != NULL)) {
         idx = 0;
         /* Put issuer into cert and calculate hash. */
-        ret = GetCertName(cert, cert->issuer, cert->issuerHash, ISSUER, issuer,
+        ret = GetCertName(cert, cert->issuer, cert->issuerHash, ASN_ISSUER, issuer,
             &idx, issuerSz);
     }
     if ((ret == 0) && (subject != NULL)) {
         idx = 0;
         /* Put subject into cert and calculate hash. */
-        ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT,
+        ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT,
             subject, &idx, subjectSz);
     }
     if (ret == 0) {
@@ -22116,8 +22294,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
  * @return  ASN_CRIT_EXT_E when a critical extension was not recognized.
  * @return  ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
  * @return  ASN_DATE_SZ_E when time data is not supported.
- * @return  ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return  ASN_AFTER_DATE_E when AFTER date is invalid.
+ * @return  ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
+ * @return  ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
  *          is invalid.
  * @return  BUFFER_E when data in buffer is too small.
@@ -22462,7 +22640,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt)
 
         /* Parse the subject name. */
         idx = dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ].offset;
-        ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT,
+        ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT,
                           cert->source, &idx,
                           dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ].offset);
     }
@@ -23035,8 +23213,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
 
     FreeSignatureCtx(sigCtx);
 #ifdef WOLFSSL_SMALL_STACK
-    if (sigCtx != NULL)
-        XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
+    XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
 #endif
     return ret;
 #else /* WOLFSSL_ASN_TEMPLATE */
@@ -24025,8 +24202,10 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer
         else {
             /* no signer */
             WOLFSSL_MSG("No CA signer to verify with");
+            /* If you end up here with error -188,
+             * consider using WOLFSSL_ALT_CERT_CHAINS. */
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-            /* ret needs to be self-signer error for Qt compat */
+            /* ret needs to be self-signer error for openssl compatibility */
             if (cert->selfSigned) {
                 WOLFSSL_ERROR_VERBOSE(ASN_SELF_SIGNED_E);
                 return ASN_SELF_SIGNED_E;
@@ -24242,13 +24421,9 @@ void FreeTrustedPeer(TrustedPeerCert* tp, void* heap)
         return;
     }
 
-    if (tp->name) {
-        XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
-    }
+    XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
 
-    if (tp->sig) {
-        XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE);
-    }
+    XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE);
 #ifndef IGNORE_NAME_CONSTRAINTS
     if (tp->permittedNames)
         FreeNameSubtrees(tp->permittedNames, heap);
@@ -24486,6 +24661,10 @@ wcchar END_CERT             = "-----END CERTIFICATE-----";
     wcchar BEGIN_CERT_REQ   = "-----BEGIN CERTIFICATE REQUEST-----";
     wcchar END_CERT_REQ     = "-----END CERTIFICATE REQUEST-----";
 #endif
+#if defined(WOLFSSL_ACERT)
+    wcchar BEGIN_ACERT      = "-----BEGIN ATTRIBUTE CERTIFICATE-----";
+    wcchar END_ACERT        = "-----END ATTRIBUTE CERTIFICATE-----";
+#endif /* WOLFSSL_ACERT */
 #ifndef NO_DH
     wcchar BEGIN_DH_PARAM   = "-----BEGIN DH PARAMETERS-----";
     wcchar END_DH_PARAM     = "-----END DH PARAMETERS-----";
@@ -24514,6 +24693,10 @@ wcchar END_ENC_PRIV_KEY     = "-----END ENCRYPTED PRIVATE KEY-----";
     wcchar END_EC_PARAM     = "-----END EC PARAMETERS-----";
 #endif
 #endif
+#ifdef HAVE_PKCS7
+wcchar BEGIN_PKCS7          = "-----BEGIN PKCS7-----";
+wcchar END_PKCS7            = "-----END PKCS7-----";
+#endif
 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
                                                                 !defined(NO_DSA)
     wcchar BEGIN_DSA_PRIV   = "-----BEGIN DSA PRIVATE KEY-----";
@@ -24621,6 +24804,20 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             ret = 0;
             break;
     #endif
+    #ifdef HAVE_PKCS7
+        case PKCS7_TYPE:
+            if (header) *header = BEGIN_PKCS7;
+            if (footer) *footer = END_PKCS7;
+            ret = 0;
+            break;
+    #endif
+    #if defined(WOLFSSL_ACERT)
+        case ACERT_TYPE:
+            if (header) *header = BEGIN_ACERT;
+            if (footer) *footer = END_ACERT;
+            ret = 0;
+            break;
+    #endif /* WOLFSSL_ACERT */
     #ifndef NO_DSA
         case DSA_TYPE:
         case DSA_PRIVATEKEY_TYPE:
@@ -25658,7 +25855,7 @@ int wc_CertPemToDer(const unsigned char* pem, int pemSz,
     }
 
     if (type != CERT_TYPE && type != CHAIN_CERT_TYPE && type != CA_TYPE &&
-            type != CERTREQ_TYPE) {
+            type != CERTREQ_TYPE && type != PKCS7_TYPE) {
         WOLFSSL_MSG("Bad cert type");
         return BAD_FUNC_ARG;
     }
@@ -25949,7 +26146,7 @@ int wc_GetPubKeyDerFromCert(struct DecodedCert* cert,
     /* if derKey is NULL, return required output buffer size in derKeySz */
     if (derKey == NULL) {
         *derKeySz = cert->pubKeySize;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (ret == 0) {
@@ -26016,7 +26213,7 @@ int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz)
 
             if (uuid == NULL) {
                 *uuidSz = (word32)id->len;
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
 
             if ((int)*uuidSz < id->len) {
@@ -26044,7 +26241,7 @@ int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz)
         if (id != NULL && id->oidSum == FASCN_OID) {
             if (fascn == NULL) {
                 *fascnSz = (word32)id->len;
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
 
             if ((int)*fascnSz < id->len) {
@@ -27410,12 +27607,8 @@ static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input)
     }
 
     /* Dispose of allocated data. */
-    if (extKuASN != NULL) {
-        XFREE(extKuASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (dataASN != NULL) {
-        XFREE(dataASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(extKuASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dataASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 #endif
@@ -27965,9 +28158,9 @@ static int EncodeName(EncodedName* name, const char* nameStr,
                 break;
         #ifdef WOLFSSL_CUSTOM_OID
             case ASN_CUSTOM_NAME:
-                nameSz = cname->custom.valSz;
+                nameSz = (word32)cname->custom.valSz;
                 oid = cname->custom.oid;
-                oidSz = cname->custom.oidSz;
+                oidSz = (word32)cname->custom.oidSz;
                 break;
         #endif
         #ifdef WOLFSSL_CERT_REQ
@@ -28034,8 +28227,7 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
 }
 #endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
-#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
-    (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
+#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE
 
 /* Convert key usage string (comma delimited, null terminated) to word16
  * Returns 0 on success, negative on error */
@@ -28158,7 +28350,7 @@ int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage, void* heap)
     return ret;
 }
 
-#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */
+#endif /* WOLFSSL_ASN_PARSE_KEYUSAGE */
 
 #ifdef WOLFSSL_CERT_GEN
 /* Encodes one attribute of the name (issuer/subject)
@@ -28292,8 +28484,8 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN,
                 else if (type == ASN_CUSTOM_NAME) {
                 #ifdef WOLFSSL_CUSTOM_OID
                     SetRdnItems(namesASN + idx, dataASN + idx, name->custom.oid,
-                        name->custom.oidSz, name->custom.enc,
-                        name->custom.val, name->custom.valSz);
+                        (word32)name->custom.oidSz, (byte)name->custom.enc,
+                        name->custom.val, (word32)name->custom.valSz);
                 #endif
                 }
                 else {
@@ -28515,10 +28707,8 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap)
         }
     }
 
-    if (namesASN != NULL)
-        XFREE(namesASN, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (dataASN != NULL)
-        XFREE(dataASN, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(namesASN, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dataASN, heap, DYNAMIC_TYPE_TMP_BUFFER);
     (void)heap;
     return ret;
 #endif
@@ -31883,7 +32073,7 @@ int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
 WOLFSSL_ABI
 int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert)
 {
-    int rc = BAD_FUNC_ARG;
+    int rc = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     if ((subjectRaw != NULL) && (cert != NULL)) {
         *subjectRaw = cert->sbjRaw;
         rc = 0;
@@ -32333,7 +32523,7 @@ int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx,
     }
 
     XMEMCPY(cert->extKeyUsageOID[idx], oid, oidSz);
-    cert->extKeyUsageOIDSz[idx] = oidSz;
+    cert->extKeyUsageOIDSz[idx] = (byte)oidSz;
     cert->extKeyUsage |= EXTKEYUSE_USER;
 
     return 0;
@@ -32369,7 +32559,7 @@ int wc_SetCustomExtension(Cert *cert, int critical, const char *oid,
     ext->oid = (char*)oid;
     ext->crit = (critical == 0) ? 0 : 1;
     ext->val = (byte*)der;
-    ext->valSz = derSz;
+    ext->valSz = (int)derSz;
 
     cert->customCertExtCount++;
     return 0;
@@ -33660,9 +33850,9 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
     #else
     if (ret == 0) {
         /* Base X-ordinate */
-        DataToHexString(base + 1, curve->size, curve->Gx);
+        DataToHexString(base + 1, (word32)curve->size, curve->Gx);
         /* Base Y-ordinate */
-        DataToHexString(base + 1 + curve->size, curve->size, curve->Gy);
+        DataToHexString(base + 1 + curve->size, (word32)curve->size, curve->Gy);
         /* Prime */
         DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data,
                         dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length,
@@ -33887,6 +34077,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
     int curve_id = ECC_CURVE_DEF;
 #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2)
     word32 algId = 0;
+    word32 eccOid = 0;
 #endif
 
     /* Validate parameters. */
@@ -33896,11 +34087,11 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
 
 #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2)
     /* if has pkcs8 header skip it */
-    if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) {
+    if (ToTraditionalInline_ex2(input, inOutIdx, inSz, &algId, &eccOid) < 0) {
         /* ignore error, did not have pkcs8 header */
     }
     else {
-        curve_id = wc_ecc_get_oid(algId, NULL, NULL);
+        curve_id = wc_ecc_get_oid(eccOid, NULL, NULL);
     }
 #endif
 
@@ -34393,7 +34584,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
-#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
+#ifdef HAVE_ECC_KEY_EXPORT
 /* build DER formatted ECC key, include optional public key if requested,
  * return length on success, negative on error */
 int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
@@ -34528,7 +34719,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
             XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
         }
     #endif
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (inLen != NULL && totalSz > *inLen) {
         #ifndef WOLFSSL_NO_MALLOC
@@ -34640,7 +34831,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
     /* Return the size if no buffer. */
     if ((ret == 0) && (output == NULL)) {
         *inLen = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check the buffer is big enough. */
     if ((ret == 0) && (inLen != NULL) && (sz > (int)*inLen)) {
@@ -34779,7 +34970,7 @@ static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen,
         XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
         *outLen = pkcs8Sz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
 
     }
     else if (*outLen < pkcs8Sz) {
@@ -34824,7 +35015,7 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output,
     return eccToPKCS8(key, output, outLen, 1);
 }
 #endif /* HAVE_PKCS8 */
-#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
+#endif /* HAVE_ECC_KEY_EXPORT */
 #endif /* HAVE_ECC */
 
 #ifdef WC_ENABLE_ASYM_KEY_IMPORT
@@ -35255,10 +35446,13 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     int sz;
 #endif
 
-    /* Validate parameters. */
-    if (privKey == NULL || outLen == 0) {
+    /* validate parameters */
+    if (privKey == NULL) {
         return BAD_FUNC_ARG;
     }
+    if (output != NULL && outLen == 0) {
+        return BUFFER_E;
+    }
 
 #ifndef WOLFSSL_ASN_TEMPLATE
     /* calculate size */
@@ -35416,7 +35610,7 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen,
     byte   pubKey[CURVE25519_PUB_KEY_SIZE];
     word32 pubKeyLen = (word32)sizeof(pubKey);
 
-    if (key == NULL || output == NULL) {
+    if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -35789,7 +35983,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
     if (idx >= size)
         return BUFFER_E;
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     single->status->thisDateAsn = source + idx;
     localIdx = 0;
     if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL,
@@ -35810,7 +36004,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
 
 #ifndef NO_ASN_TIME_CHECK
 #ifndef WOLFSSL_NO_OCSP_DATE_CHECK
-    if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, BEFORE))
+    if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE))
         return ASN_BEFORE_DATE_E;
 #endif
 #endif
@@ -35825,7 +36019,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
         idx++;
         if (GetLength(source, &idx, &length, size) < 0)
             return ASN_PARSE_E;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
         single->status->nextDateAsn = source + idx;
         localIdx = 0;
         if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL,
@@ -35846,7 +36040,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
 
 #ifndef NO_ASN_TIME_CHECK
 #ifndef WOLFSSL_NO_OCSP_DATE_CHECK
-        if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, AFTER))
+        if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, ASN_AFTER))
             return ASN_AFTER_DATE_E;
 #endif
 #endif
@@ -35867,7 +36061,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
     *ioIndex = idx;
 
     return 0;
-#else
+#else /* WOLFSSL_ASN_TEMPLATE */
     DECL_ASNGETDATA(dataASN, singleResponseASN_Length);
     int ret = 0;
     word32 ocspDigestSize = OCSP_DIGEST_SIZE;
@@ -35877,10 +36071,6 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
     word32 issuerKeyHashLen;
     word32 thisDateLen;
     word32 nextDateLen;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
-    WOLFSSL_ASN1_TIME *at;
-#endif
 
     (void)wrapperSz;
 
@@ -35954,48 +36144,49 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
         /* Store the thisDate format - only one possible. */
         cs->thisDateFormat = ASN_GENERALIZED_TIME;
     #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK)
-        /* Check date is a valid string and BEFORE now. */
-        if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, BEFORE)) {
+        /* Check date is a valid string and ASN_BEFORE now. */
+        if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) {
             ret = ASN_BEFORE_DATE_E;
         }
+    #endif /* !NO_ASN_TIME_CHECK && !WOLFSSL_NO_OCSP_DATE_CHECK */
     }
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     if (ret == 0) {
-    #endif
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-        defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
         /* Store ASN.1 version of thisDate. */
+        WOLFSSL_ASN1_TIME *at;
         cs->thisDateAsn = GetASNItem_Addr(
                 dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT], source);
         at = &cs->thisDateParsed;
         at->type = ASN_GENERALIZED_TIME;
         XMEMCPY(at->data, cs->thisDate, thisDateLen);
         at->length = (int)thisDateLen;
-    #endif
     }
+#endif
     if ((ret == 0) &&
             (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) {
         /* Store the nextDate format - only one possible. */
         cs->nextDateFormat = ASN_GENERALIZED_TIME;
     #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK)
-        /* Check date is a valid string and AFTER now. */
-        if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, AFTER)) {
+        /* Check date is a valid string and ASN_AFTER now. */
+        if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) {
             ret = ASN_AFTER_DATE_E;
         }
+    #endif /* !NO_ASN_TIME_CHECK && !WOLFSSL_NO_OCSP_DATE_CHECK */
     }
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     if ((ret == 0) &&
-            (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) {
-    #endif
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-        defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
+            (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0))
+    {
         /* Store ASN.1 version of thisDate. */
+        WOLFSSL_ASN1_TIME *at;
         cs->nextDateAsn = GetASNItem_Addr(
                 dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], source);
         at = &cs->nextDateParsed;
         at->type = ASN_GENERALIZED_TIME;
         XMEMCPY(at->data, cs->nextDate, nextDateLen);
         at->length = (int)nextDateLen;
-    #endif
     }
+#endif
     if (ret == 0) {
         /* OcspEntry now used. */
         single->used = 1;
@@ -36003,7 +36194,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
 
     FREE_ASNGETDATA(dataASN, NULL);
     return ret;
-#endif
+#endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -36615,7 +36806,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
         int sigValid = -1;
 
         #ifndef NO_SKID
-            ca = GetCA(cm, resp->single->issuerKeyHash);
+            ca = GetCAByKeyHash(cm, resp->single->issuerKeyHash);
         #else
             ca = GetCA(cm, resp->single->issuerHash);
         #endif
@@ -36756,7 +36947,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
 
         /* Response didn't have a certificate - lookup CA. */
     #ifndef NO_SKID
-        ca = GetCA(cm, resp->single->issuerKeyHash);
+        ca = GetCAByKeyHash(cm, resp->single->issuerKeyHash);
     #else
         ca = GetCA(cm, resp->single->issuerHash);
     #endif
@@ -37393,8 +37584,7 @@ void FreeOcspRequest(OcspRequest* req)
     WOLFSSL_ENTER("FreeOcspRequest");
 
     if (req) {
-        if (req->serial)
-            XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+        XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
         req->serial = NULL;
 
 #ifdef OPENSSL_EXTRA
@@ -37407,13 +37597,10 @@ void FreeOcspRequest(OcspRequest* req)
         req->serialInt = NULL;
 #endif
 
-        if (req->url)
-            XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+        XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
         req->url = NULL;
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
-    defined(HAVE_LIGHTY)
+#ifdef OPENSSL_EXTRA
         if (req->cid != NULL)
             wolfSSL_OCSP_CERTID_free((WOLFSSL_OCSP_CERTID*)req->cid);
         req->cid = NULL;
@@ -37631,8 +37818,7 @@ void FreeDecodedCRL(DecodedCRL* dcrl)
         tmp = next;
     }
 #ifdef OPENSSL_EXTRA
-    if (dcrl->issuer != NULL)
-        XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL);
 #endif
 }
 
@@ -38010,7 +38196,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
     {
 #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
         if (verify != NO_VERIFY &&
-                !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
+                !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
             WOLFSSL_MSG("CRL after date is no longer valid");
             WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
             return CRL_CERT_DATE_ERR;
@@ -38073,6 +38259,7 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl)
     }
 
     dcrl->extAuthKeyIdSet = 1;
+
     /* Get the hash or hash of the hash if wrong size. */
     ret = GetHashId(input + idx, length, dcrl->extAuthKeyId,
         HashIdAlg(dcrl->signatureOID));
@@ -38098,6 +38285,8 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl)
             WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available");
         }
         else {
+            dcrl->extAuthKeyIdSet = 1;
+
             /* Get the hash or hash of the hash if wrong size. */
             ret = GetHashId(dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data,
                 (int)dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length,
@@ -38571,7 +38760,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
             tbsParams =
                 GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS],
                     buff);
-            tbsParamsSz =
+            tbsParamsSz =(int)
                 GetASNItem_Length(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS],
                     buff);
         }
@@ -38579,7 +38768,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
             sigParams =
                 GetASNItem_Addr(dataASN[CRLASN_IDX_SIGALGO_PARAMS],
                     buff);
-            sigParamsSz =
+            sigParamsSz = (int)
                 GetASNItem_Length(dataASN[CRLASN_IDX_SIGALGO_PARAMS],
                     buff);
             dcrl->sigParamsIndex =
@@ -38606,7 +38795,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
             ret = ASN_PARSE_E;
         }
         else if ((tbsParamsSz > 0) &&
-                 (XMEMCMP(tbsParams, sigParams, tbsParamsSz) != 0)) {
+                 (XMEMCMP(tbsParams, sigParams, (word32)tbsParamsSz) != 0)) {
             WOLFSSL_MSG("CRL TBS and signature parameter mismatch");
             ret = ASN_PARSE_E;
         }
@@ -38623,7 +38812,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
         if (dcrl->nextDateFormat != 0) {
             /* Next date was set, so validate it. */
             if (verify != NO_VERIFY &&
-                 !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
+                 !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
                 WOLFSSL_MSG("CRL after date is no longer valid");
                 ret = CRL_CERT_DATE_ERR;
                 WOLFSSL_ERROR_VERBOSE(ret);
@@ -38935,10 +39124,8 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers)
                 mimeType == MIME_PARAM)) && pos >= 1) {
                 mimeStatus = MIME_BODYVAL;
                 end = pos-1;
-                if (nameAttr != NULL) {
-                    XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
-                    nameAttr = NULL;
-                }
+                XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
+                nameAttr = NULL;
                 ret = wc_MIME_header_strip(curLine, &nameAttr, start, end);
                 if (ret) {
                     goto error;
@@ -38947,10 +39134,8 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers)
             }
             else if (mimeStatus == MIME_BODYVAL && cur == ';' && pos >= 1) {
                 end = pos-1;
-                if (bodyVal != NULL) {
-                    XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
-                    bodyVal = NULL;
-                }
+                XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
+                bodyVal = NULL;
                 ret = wc_MIME_header_strip(curLine, &bodyVal, start, end);
                 if (ret) {
                     goto error;
@@ -39043,12 +39228,9 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers)
     if (ret != 0)
         wc_MIME_free_hdrs(curHdr);
     wc_MIME_free_hdrs(nextHdr);
-    if (nameAttr != NULL)
-        XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
-    if (bodyVal != NULL)
-        XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
-    if (nextParam != NULL)
-        XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7);
 
     return ret;
 }
@@ -40030,6 +40212,1007 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
 }
 #endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
 
+#if defined(WOLFSSL_ACERT) && defined(WOLFSSL_ASN_TEMPLATE)
+/* Initialize decoded certificate object with buffer of DER encoding.
+ *
+ * @param [in, out] cert    Decoded certificate object.
+ * @param [in]      source  Buffer containing DER encoded certificate.
+ * @param [in]      inSz    Size of DER data in buffer in bytes.
+ * @param [in]      heap    Dynamic memory hint.
+ */
+void InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz,
+                      void* heap)
+{
+    if (acert == NULL) {
+        return;
+    }
+
+    WOLFSSL_MSG("InitDecodedAcert");
+
+    XMEMSET(acert, 0, sizeof(DecodedAcert));
+    acert->heap = heap;
+    acert->source = source;  /* don't own */
+    acert->maxIdx = inSz;    /* can't go over this index */
+    acert->heap = heap;
+
+    InitSignatureCtx(&acert->sigCtx, heap, INVALID_DEVID);
+
+    return;
+}
+
+/* Free the decoded attribute cert object's dynamic data.
+ *
+ * @param [in, out] acert  Attribute Decoded certificate object.
+ */
+void FreeDecodedAcert(DecodedAcert * acert)
+{
+    if (acert == NULL) {
+        return;
+    }
+
+    WOLFSSL_MSG("FreeDecodedAcert");
+
+    if (acert->holderIssuerName) {
+        FreeAltNames(acert->holderIssuerName, acert->heap);
+        acert->holderIssuerName = NULL;
+    }
+
+    if (acert->holderEntityName) {
+        FreeAltNames(acert->holderEntityName, acert->heap);
+        acert->holderEntityName = NULL;
+    }
+
+    if (acert->AttCertIssuerName) {
+        FreeAltNames(acert->AttCertIssuerName, acert->heap);
+        acert->AttCertIssuerName = NULL;
+    }
+
+    FreeSignatureCtx(&acert->sigCtx);
+
+    XMEMSET(acert, 0, sizeof(DecodedAcert));
+    return;
+}
+
+/* Decode an Attribute Cert GeneralName field.
+ *
+ * @param [in]      input     Buffer containing encoded OtherName.
+ * @param [in, out] inOutIdx  On in, the index of the start of the OtherName.
+ *                            On out, index after OtherName.
+ * @param [in]      len       Length of data in buffer.
+ * @param [in]      cert      Decoded attribute certificate object.
+ * @param [in, out] entries   Linked list of DNS name entries.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx,
+                                  byte tag, int len, DecodedAcert* acert,
+                                  DNS_entry** entries)
+{
+    int    ret = 0;
+    word32 idx = *inOutIdx;
+
+    /* GeneralName choice: dnsName */
+    if (tag == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                          ASN_DNS_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+#ifndef IGNORE_NAME_CONSTRAINTS
+    /* GeneralName choice: directoryName */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) {
+        int    strLen = 0;
+        word32 idxDir = idx;
+
+        /* Expecting a SEQUENCE using up all data. */
+        if (GetASN_Sequence(input, &idxDir, &strLen, idx + (word32)len, 1) < 0)
+        {
+            WOLFSSL_MSG("\tfail: seq length");
+            return ASN_PARSE_E;
+        }
+
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idxDir), strLen,
+                          ASN_DIR_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    /* GeneralName choice: rfc822Name */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                ASN_RFC822_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    /* GeneralName choice: uniformResourceIdentifier */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) {
+        WOLFSSL_MSG("\tPutting URI into list but not using");
+
+    #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
+        /* Verify RFC 5280 Sec 4.2.1.6 rule:
+           "The name MUST NOT be a relative URI"
+           As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
+           a scheme and hier-part.  So the only strict requirement is a ':'
+           being present after the scheme.  If a '/' is present as part of the
+           hier-part, it must come after the ':' (see RFC 3986 Sec 3). */
+        {
+            int i = 0;
+
+            /* skip past scheme (i.e http,ftp,...) finding first ':' char */
+            for (i = 0; i < len; i++) {
+                if (input[idx + (word32)i] == ':') {
+                    break;
+                }
+                if (input[idx + (word32)i] == '/') {
+                    i = len; /* error, found relative path since '/' was
+                              * encountered before ':'. Returning error
+                              * value in next if statement. */
+                }
+            }
+
+            /* test hier-part is empty */
+            if (i == 0 || i == len) {
+                WOLFSSL_MSG("\tEmpty or malformed URI");
+                WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
+                return ASN_ALT_NAME_E;
+            }
+
+            /* test if scheme is missing  */
+            if (input[idx + (word32)i] != ':') {
+                WOLFSSL_MSG("\tAlt Name must be absolute URI");
+                WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
+                return ASN_ALT_NAME_E;
+            }
+        }
+    #endif
+
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                          ASN_URI_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
+                                            defined(WOLFSSL_IP_ALT_NAME)
+    /* GeneralName choice: iPAddress */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                          ASN_IP_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    #endif /* WOLFSSL_QT || OPENSSL_ALL */
+
+    #ifdef OPENSSL_ALL
+    /* GeneralName choice: registeredID */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                ASN_RID_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    #endif
+#endif /* IGNORE_NAME_CONSTRAINTS */
+    /* GeneralName choice: dNSName, x400Address, ediPartyName */
+    else {
+        WOLFSSL_MSG("\tUnsupported name type, skipping");
+        idx += (word32)len;
+    }
+
+    if (ret == 0) {
+        /* Return index of next encoded byte. */
+        *inOutIdx = idx;
+    }
+    return ret;
+}
+
+/* Decode General Names from an ACERT input.
+ *
+ * @param [in]      input    Buffer holding encoded data.
+ * @param [in]      sz       Size of encoded data in bytes.
+ * @param [in, out] cert     Decoded certificate object.
+ * @param [in, out] entries  Linked list of DNS name entries.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int DecodeAcertGeneralNames(const byte* input, word32 sz,
+                                   DecodedAcert* acert,
+                                   DNS_entry** entries)
+{
+    word32 idx = 0;
+    int    length = 0;
+    int    ret = 0;
+    word32 numNames = 0;
+
+    /* Get SEQUENCE and expect all data to be accounted for. */
+    if (GetASN_Sequence(input, &idx, &length, sz, 1) != 0) {
+        WOLFSSL_MSG("\tBad Sequence");
+        return ASN_PARSE_E;
+    }
+
+    if (length == 0) {
+        /* There is supposed to be a non-empty sequence here. */
+        WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+        return ASN_PARSE_E;
+    }
+
+    if ((word32)length + idx != sz) {
+        return ASN_PARSE_E;
+    }
+
+    while ((ret == 0) && (idx < sz)) {
+        ASNGetData dataASN[altNameASN_Length];
+
+        numNames++;
+        if (numNames > WOLFSSL_MAX_ALT_NAMES) {
+            WOLFSSL_MSG("error: acert: too many subject alternative names");
+            ret = ASN_ALT_NAME_E;
+            break;
+        }
+
+        /* Clear dynamic data items. */
+        XMEMSET(dataASN, 0, sizeof(dataASN));
+        /* Parse GeneralName with the choices supported. */
+        GetASN_Choice(&dataASN[ALTNAMEASN_IDX_GN], generalNameChoice);
+        /* Decode a GeneralName choice. */
+        ret = GetASN_Items(altNameASN, dataASN, altNameASN_Length, 0, input,
+                           &idx, sz);
+
+        if (ret != 0) {
+            break;
+        }
+
+        ret = DecodeAcertGeneralName(input, &idx,
+                                     dataASN[ALTNAMEASN_IDX_GN].tag,
+                                     (int)dataASN[ALTNAMEASN_IDX_GN].length,
+                                     acert, entries);
+    }
+
+    return ret;
+}
+
+/* Holder has three potential forms:
+ *   Holder ::= SEQUENCE {
+ *     baseCertificateID   [0] IssuerSerial OPTIONAL,
+ *         -- the issuer and serial number of
+ *         -- the holder's Public Key Certificate
+ *     entityName          [1] GeneralNames OPTIONAL,
+ *         -- the name of the claimant or role
+ *     objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
+ *         -- used to directly authenticate the holder,
+ *         -- for example, an executable
+ *   }
+ *
+ * where IssuerSerial is:
+ *   IssuerSerial  ::=  SEQUENCE {
+ *     issuer         GeneralNames,
+ *     serial         CertificateSerialNumber,
+ *     issuerUID      UniqueIdentifier OPTIONAL
+ *   }
+ *
+ * Note:
+ *   - Holder Option 2 objectDigestInfo is not mandatory
+ *     for the spec and is not implemented here yet.
+ *
+ *   - issuerUniqueID not supported yet.
+ * */
+static const ASNItem HolderASN[] =
+{
+                     /* Holder root sequence. */
+/* HOLDER_SEQ  */    { 0, ASN_SEQUENCE, 1, 1, 0 },
+                         /* Holder Option 0:*/
+/* ISSUERSERIAL_SEQ  */  { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 2 },
+                             /* issuer         GeneralNames, */
+/* GN_SEQ  */                { 2, ASN_SEQUENCE, 1, 0, 0 },
+                             /* serial     CertificateSerialNumber */
+/* SERIAL_INT  */            { 2, ASN_INTEGER, 0, 0, 0 },
+                         /* Holder Option 1:*/
+/* GN_SEQ  */            { 1,  ASN_CONTEXT_SPECIFIC | 1, 1, 0, 2 },
+};
+
+enum {
+    HOLDER_IDX_SEQ = 0,
+    HOLDER_IDX_ISSUERSERIAL_SEQ,
+    HOLDER_IDX_GN_SEQ,
+    HOLDER_IDX_SERIAL_INT,
+    HOLDER_IDX_GN_SEQ_OPT1,
+};
+
+/* Number of items in ASN template for an X509 Acert. */
+#define HolderASN_Length (sizeof(HolderASN) / sizeof(ASNItem))
+
+/* Decode the Holder field of an x509 attribute certificate.
+ *
+ *
+ * @param [in]      input     Buffer containing encoded Holder field.
+ * @param [in]      len       Length of Holder field.
+ * @param [in]      cert      Decoded certificate object.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * */
+static int DecodeHolder(const byte* input, word32 len, DecodedAcert* acert)
+{
+    DECL_ASNGETDATA(dataASN, HolderASN_Length);
+    int    ret = 0;
+    word32 idx = 0;
+    word32 holderSerialSz = 0;
+
+    if (input == NULL || len <= 0 || acert == NULL) {
+        return BUFFER_E;
+    }
+
+    CALLOC_ASNGETDATA(dataASN, HolderASN_Length, ret, acert->heap);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        return MEMORY_E;
+    }
+
+    holderSerialSz = EXTERNAL_SERIAL_SIZE;
+
+    GetASN_Buffer(&dataASN[HOLDER_IDX_SERIAL_INT], acert->holderSerial,
+                  &holderSerialSz);
+
+    ret = GetASN_Items(HolderASN, dataASN, HolderASN_Length, 0, input,
+                       &idx, len);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("error: Holder: GetASN_Items failed");
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        return ret;
+    }
+
+    if (dataASN[HOLDER_IDX_SERIAL_INT].tag != 0) {
+        acert->holderSerialSz = (int)holderSerialSz;
+    }
+    else {
+        acert->holderSerialSz = 0;
+    }
+
+    {
+        /* Now parse the GeneralNames field.
+         * Use the HOLDER_IDX_GN_SEQ offset for input. */
+        const byte * gn_input = NULL;
+        word32       gn_len = 0;
+        word32       holder_index = HOLDER_IDX_GN_SEQ;
+
+        /* Determine which tag was seen. */
+        if (dataASN[HOLDER_IDX_GN_SEQ].tag != 0) {
+            gn_input = input + dataASN[holder_index].offset;
+            gn_len = dataASN[holder_index].length + 2;
+        }
+        else {
+            gn_input = input;
+            gn_len = len;
+        }
+
+        ret = DecodeAcertGeneralNames(gn_input, gn_len, acert,
+                                      &acert->holderIssuerName);
+
+        if (ret != 0) {
+            WOLFSSL_MSG("error: Holder: DecodeAcertGeneralNames failed");
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            return ret;
+        }
+    }
+
+    FREE_ASNGETDATA(dataASN, acert->heap);
+    return 0;
+}
+
+/* From RFC 5755.
+ * 4.2.3.  Issuer
+ *
+ * ACs conforming to this profile MUST use the v2Form choice, which MUST
+ * contain one and only one GeneralName in the issuerName, which MUST
+ * contain a non-empty distinguished name in the directoryName field.
+ * This means that all AC issuers MUST have non-empty distinguished
+ * names.  ACs conforming to this profile MUST omit the
+ * baseCertificateID and objectDigestInfo fields.
+ *
+ * 4.1.  X.509 Attribute Certificate Definition
+ *
+ * AttCertIssuer ::= CHOICE {
+ *   v1Form      GeneralNames,  -- MUST NOT be used in this
+ *                              -- profile
+ *   v2Form  [0] V2Form         -- v2 only
+ * }
+ *
+ * V2Form ::= SEQUENCE {
+ *   issuerName             GeneralNames  OPTIONAL,
+ *   baseCertificateID  [0] IssuerSerial  OPTIONAL,
+ *   objectDigestInfo   [1] ObjectDigestInfo  OPTIONAL
+ *          -- issuerName MUST be present in this profile
+ *          -- baseCertificateID and objectDigestInfo MUST
+ *          -- NOT be present in this profile
+ * }
+ * */
+static const ASNItem AttCertIssuerASN[] =
+{
+                           /* V2Form ::= SEQUENCE { */
+/* AttCertIssuer_GN_SEQ */ { 0, ASN_SEQUENCE, 1, 0, 0 },
+};
+
+enum {
+    ATTCERTISSUER_IDX_GN_SEQ,
+};
+
+/* Number of items in ASN template for an X509 Acert. */
+#define AttCertIssuerASN_Length (sizeof(AttCertIssuerASN) / sizeof(ASNItem))
+
+/* Decode the AttCertIssuer Field of an x509 attribute certificate.
+ *
+ *
+ * @param [in]      input     Buffer containing encoded AttCertIssuer field.
+ * @param [in]      len       Length of Holder field.
+ * @param [in]      cert      Decoded certificate object.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * */
+static int DecodeAttCertIssuer(const byte* input, word32 len,
+                               DecodedAcert* cert)
+{
+    DECL_ASNGETDATA(dataASN, AttCertIssuerASN_Length);
+    int          ret = 0;
+    word32       idx = 0;
+    const byte * gn_input = NULL;
+    word32       gn_len = 0;
+
+    if (input == NULL || len <= 0 || cert == NULL) {
+        return BUFFER_E;
+    }
+
+    CALLOC_ASNGETDATA(dataASN, AttCertIssuerASN_Length, ret, cert->heap);
+
+    if (ret != 0) {
+        return MEMORY_E;
+    }
+
+    ret = GetASN_Items(AttCertIssuerASN, dataASN, AttCertIssuerASN_Length,
+                       0, input, &idx, len);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, cert->heap);
+        WOLFSSL_MSG("error: AttCertIssuer: GetASN_Items failed");
+        return ret;
+    }
+
+    /* Now parse the GeneralNames field.
+     * Use the HOLDER_IDX_GN_SEQ offset for input. */
+    gn_input = input + dataASN[ATTCERTISSUER_IDX_GN_SEQ].offset;
+    gn_len = dataASN[ATTCERTISSUER_IDX_GN_SEQ].length + 2;
+
+    ret = DecodeAcertGeneralNames(gn_input, gn_len, cert,
+                                  &cert->AttCertIssuerName);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, cert->heap);
+        WOLFSSL_MSG("error: AttCertIssuer: DecodeAcertGeneralNames failed");
+        return ret;
+    }
+
+    FREE_ASNGETDATA(dataASN, cert->heap);
+    return 0;
+}
+
+
+/* ASN template for an X509 Attribute Certificate,
+ * from RFC 5755
+ */
+static const ASNItem AcertASN[] =
+{
+                          /* AttributeCertificate ::= SEQUENCE */
+/* SEQ                */  { 0, ASN_SEQUENCE, 1, 1, 0 },
+                              /* AttributeCertificateInfo ::= SEQUENCE  */
+/* ACINFO_SEQ         */      { 1, ASN_SEQUENCE, 1, 1, 0 },
+                                  /* AttCertVersion ::= INTEGER { v2(1) } */
+/* ACINFO_VER_INT     */          { 2, ASN_INTEGER, 0, 0, 0 },
+                                  /* holder   Holder */
+/* ACINFO_HOLDER_SEQ  */          { 2, ASN_SEQUENCE, 1, 0, 0 },
+                                  /* issuer   AttCertIssuer */
+/* ACINFO_CHOICE_SEQ  */          { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 2 },
+/* ACINFO_ISSUER_SEQ  */          { 2, ASN_SEQUENCE | 0, 1, 0, 2 },
+                                  /* signature    AlgorithmIdentifier */
+                                  /* AlgorithmIdentifier ::= SEQUENCE */
+/* ACINFO_ALGOID_SEQ */           { 2, ASN_SEQUENCE, 1, 1, 0 },
+                                      /* Algorithm    OBJECT IDENTIFIER */
+/* ACINFO_ALGOID_OID */               { 3, ASN_OBJECT_ID, 0, 0, 0 },
+                                      /* parameters */
+/* ACINFO_ALGOID_PARAMS_NULL */       { 3, ASN_TAG_NULL, 0, 0, 2 },
+#ifdef WC_RSA_PSS
+/* ACINFO_ALGOID_PARAMS */            { 3, ASN_SEQUENCE, 1, 0, 2 },
+#endif
+                                  /* CertificateSerialNumber ::= INTEGER */
+/* ACINFO_SERIAL        */        { 2, ASN_INTEGER, 0, 0, 0 },
+                                  /* Validity ::= SEQUENCE */
+/* ACINFO_VALIDITY_SEQ      */    { 2, ASN_SEQUENCE, 1, 1, 0 },
+                                      /* notBeforeTime  GeneralizedTime,  */
+/* ACINFO_VALIDITY_NOTB_GT  */        { 3, ASN_GENERALIZED_TIME, 0, 0, 2 },
+                                      /* notAfterTime   GeneralizedTime */
+/* ACINFO_VALIDITY_NOTA_GT  */        { 3, ASN_GENERALIZED_TIME, 0, 0, 3 },
+                                  /* attributes        SEQUENCE OF Attribute */
+/* ACINFO_ATTRIBUTES_SEQ    */    { 2, ASN_SEQUENCE, 1, 0, 0 },
+                                  /* issuerUniqueID    OPTIONAL, */
+/* ACINFO_UNIQUE_ID         */    { 2, ASN_CONTEXT_SPECIFIC | 1, 0, 0, 1 },
+                                  /* extensions        OPTIONAL */
+/* ACINFO_EXT               */    { 2, ASN_CONTEXT_SPECIFIC | 2, 1, 1, 1 },
+/* ACINFO_EXT_SEQ           */    { 2, ASN_SEQUENCE, 1, 0, 1 },
+                              /* signature    AlgorithmIdentifier */
+                              /* AlgorithmIdentifier ::= SEQUENCE */
+/* SIGALGO_SEQ         */     { 1, ASN_SEQUENCE, 1, 1, 0 },
+                                  /* Algorithm    OBJECT IDENTIFIER */
+/* SIGALGO_OID         */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
+                                  /* parameters */
+/* SIGALGO_PARAMS_NULL */         { 2, ASN_TAG_NULL, 0, 0, 2 },
+#ifdef WC_RSA_PSS
+/* SIGALGO_PARAMS      */         { 2, ASN_SEQUENCE, 1, 0, 2 },
+#endif
+                              /* signature    BIT STRING */
+/* SIGNATURE           */     { 1, ASN_BIT_STRING, 0, 0, 0 },
+};
+
+enum {
+    ACERT_IDX_SEQ = 0,
+    ACERT_IDX_ACINFO_SEQ,
+    ACERT_IDX_ACINFO_VER_INT,
+    /* ACINFO holder and issuer */
+    ACERT_IDX_ACINFO_HOLDER_SEQ,
+    ACERT_IDX_ACINFO_CHOICE_SEQ,
+    ACERT_IDX_ACINFO_ISSUER_SEQ,
+    /* ACINFO sig alg*/
+    ACERT_IDX_ACINFO_ALGOID_SEQ,
+    ACERT_IDX_ACINFO_ALGOID_OID,
+    ACERT_IDX_ACINFO_ALGOID_PARAMS_NULL,
+#ifdef WC_RSA_PSS
+    /* Additional RSA-PSS params. */
+    ACERT_IDX_ACINFO_ALGOID_PARAMS,
+#endif
+    /* serial number */
+    ACERT_IDX_ACINFO_SERIAL,
+    /* validity time */
+    ACERT_IDX_ACINFO_VALIDITY_SEQ,
+    ACERT_IDX_ACINFO_VALIDITY_NOTB_GT,
+    ACERT_IDX_ACINFO_VALIDITY_NOTA_GT,
+    /* attributes */
+    ACERT_IDX_ACINFO_ATTRIBUTES_SEQ,
+    /* unique identifier */
+    ACERT_IDX_ACINFO_UNIQUE_ID,
+    /* extensions */
+    ACERT_ACINFO_EXT,
+    ACERT_ACINFO_EXT_SEQ,
+    /* sig alg */
+    ACERT_IDX_SIGALGO_SEQ,
+    ACERT_IDX_SIGALGO_OID,
+    ACERT_IDX_SIGALGO_PARAMS_NULL,
+#ifdef WC_RSA_PSS
+    /* Additional RSA-PSS params. */
+    ACERT_IDX_SIGALGO_PARAMS,
+#endif
+    /* signature */
+    ACERT_IDX_SIGNATURE,
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(ACERT_IDX)
+};
+
+/* Number of items in ASN template for an X509 Acert. */
+#define AcertASN_Length (sizeof(AcertASN) / sizeof(ASNItem))
+
+/* Initial implementation for parsing and verifying an
+ * X509 Attribute Certificate (RFC 5755).
+ *
+ * At present these fields are NOT parsed:
+ *   - issuerUniqueID
+ *   - extensions
+ *   - attributes
+ *
+ * Returns 0 on success.
+ * Returns negative error code on error/failure.
+ * */
+int ParseX509Acert(DecodedAcert* acert, int verify)
+{
+    DECL_ASNGETDATA(dataASN, AcertASN_Length);
+    int    ret = 0;
+    word32 idx = 0;
+    int    badDate = 0;
+    byte   version = 0;
+    word32 serialSz = EXTERNAL_SERIAL_SIZE;
+
+    if (acert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    CALLOC_ASNGETDATA(dataASN, AcertASN_Length, ret, acert->heap);
+
+    if (ret != 0) {
+        return MEMORY_E;
+    }
+
+    /* Get the version and put the serial number into the buffer. */
+    GetASN_Int8Bit(&dataASN[ACERT_IDX_ACINFO_VER_INT], &version);
+
+    GetASN_Buffer(&dataASN[ACERT_IDX_ACINFO_SERIAL], acert->serial,
+                  &serialSz);
+
+    /* Check OID types for signature algorithm. */
+    GetASN_OID(&dataASN[ACERT_IDX_ACINFO_ALGOID_OID], oidSigType);
+    GetASN_OID(&dataASN[ACERT_IDX_SIGALGO_OID], oidSigType);
+
+    /* Parse the X509 certificate. */
+    ret = GetASN_Items(AcertASN, dataASN, AcertASN_Length, 1,
+                       acert->source, &acert->srcIdx, acert->maxIdx);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        return ret;
+    }
+
+    /* Check version is valid/supported - can't be negative. */
+    if (version > MAX_X509_VERSION) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        WOLFSSL_MSG("Unexpected attribute certificate version");
+        WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+        return ASN_PARSE_E;
+    }
+
+    acert->version = version;
+    acert->serialSz = (int)serialSz;
+
+    acert->signatureOID = dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum;
+    acert->certBegin = dataASN[ACERT_IDX_ACINFO_SEQ].offset;
+
+    /* check BEFORE date. */
+    idx = ACERT_IDX_ACINFO_VALIDITY_NOTB_GT;
+    if (CheckDate(&dataASN[idx], BEFORE) < 0) {
+        if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) {
+            badDate = ASN_BEFORE_DATE_E;
+        }
+    }
+
+    /* Store reference to BEFORE date. */
+    acert->beforeDate = GetASNItem_Addr(dataASN[idx], acert->source);
+    acert->beforeDateLen = (int)GetASNItem_Length(dataASN[idx], acert->source);
+
+    /* check AFTER date. */
+    idx = ACERT_IDX_ACINFO_VALIDITY_NOTA_GT;
+    if (CheckDate(&dataASN[idx], AFTER) < 0) {
+        if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) {
+            badDate = ASN_BEFORE_DATE_E;
+        }
+    }
+
+    /* Store reference to AFTER date. */
+    acert->afterDate = GetASNItem_Addr(dataASN[idx], acert->source);
+    acert->afterDateLen = (int)GetASNItem_Length(dataASN[idx], acert->source);
+
+    /* Store the signature information. */
+    acert->sigIndex = dataASN[ACERT_IDX_SIGALGO_SEQ].offset;
+    GetASN_GetConstRef(&dataASN[ACERT_IDX_SIGNATURE],
+                       &acert->signature, &acert->sigLength);
+
+    /* Make sure 'signature' and 'signatureAlgorithm' are the same. */
+    if (dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum != acert->signatureOID) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        WOLFSSL_ERROR_VERBOSE(ASN_SIG_OID_E);
+        return ASN_SIG_OID_E;
+    }
+
+    /* Parameters not allowed after ECDSA or EdDSA algorithm OID. */
+    if (IsSigAlgoECC(acert->signatureOID)) {
+        if ((dataASN[ACERT_IDX_SIGALGO_PARAMS_NULL].tag != 0)
+    #ifdef WC_RSA_PSS
+            || (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0)
+    #endif
+            ) {
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+            return ASN_PARSE_E;
+        }
+    }
+
+    #ifdef WC_RSA_PSS
+    /* Check parameters starting with a SEQUENCE. */
+    if (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0) {
+        word32       oid = dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum;
+        word32       sigAlgParamsSz = 0;
+        const byte * acParams = NULL;
+        word32       acParamsSz = 0;
+        const byte * sigAlgParams = NULL;
+
+        /* Parameters only with RSA PSS. */
+        if (oid != CTC_RSASSAPSS) {
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+            return ASN_PARSE_E;
+        }
+
+        /* Check RSA PSS parameters are the same. */
+        acParams = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                   acert->source);
+        acParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                       acert->source);
+        sigAlgParams = GetASNItem_Addr(dataASN[ACERT_IDX_SIGALGO_PARAMS],
+                                       acert->source);
+        sigAlgParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_SIGALGO_PARAMS],
+                                           acert->source);
+
+        if ((acParamsSz != sigAlgParamsSz) ||
+            (XMEMCMP(acParams, sigAlgParams, acParamsSz) != 0)) {
+
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+            return ASN_PARSE_E;
+        }
+
+        /* Store RSA PSS parameters for use in signature verification. */
+        acert->sigParamsIndex = dataASN[ACERT_IDX_SIGALGO_PARAMS].offset;
+        acert->sigParamsLength = sigAlgParamsSz;
+    }
+    #endif
+
+    /* Store the raw Attributes field. */
+    GetASN_GetConstRef(&dataASN[ACERT_IDX_ACINFO_ATTRIBUTES_SEQ],
+                       &acert->rawAttr, &acert->rawAttrLen);
+
+    {
+        /* Now parse the Holder and AttCertIssuer fields.
+         * Use the ACINFO holder and issuer sequence offset for input. */
+        const byte * holder_input = NULL;
+        word32       holder_len = 0;
+        const byte * issuer_input = NULL;
+        word32       issuer_len = 0;
+        word32       i_holder = ACERT_IDX_ACINFO_HOLDER_SEQ;
+        word32       i_issuer = 0;
+
+        /* Determine which issuer tag was seen. We need this to determine
+         * the holder_input. */
+        i_issuer = (dataASN[ACERT_IDX_ACINFO_CHOICE_SEQ].tag != 0) ?
+                    ACERT_IDX_ACINFO_CHOICE_SEQ : ACERT_IDX_ACINFO_ISSUER_SEQ;
+
+        holder_input = acert->source + dataASN[i_holder].offset;
+        holder_len = dataASN[i_issuer].offset - dataASN[i_holder].offset;
+
+        ret = DecodeHolder(holder_input, holder_len, acert);
+
+        if (ret != 0) {
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            return ret;
+        }
+
+        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+        printf("debug: parse acert:issuer index: %d\n", i_issuer);
+        #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+
+        GetASN_GetConstRef(&dataASN[i_issuer], &issuer_input, &issuer_len);
+
+        if (i_issuer == ACERT_IDX_ACINFO_CHOICE_SEQ && issuer_len > 0) {
+            /* Try to decode the AttCertIssuer as well. */
+            ret = DecodeAttCertIssuer(issuer_input, issuer_len, acert);
+
+            if (ret != 0) {
+                FREE_ASNGETDATA(dataASN, acert->heap);
+                return ret;
+            }
+        }
+        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+        else {
+            printf("debug: parse acert: unsupported issuer format: %d, %d\n",
+                   i_issuer, issuer_len);
+        }
+        #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+    }
+
+    if (badDate) {
+        if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) {
+            ret = badDate;
+        }
+    }
+
+    FREE_ASNGETDATA(dataASN, acert->heap);
+    return ret;
+}
+
+/* Given the parsed attribute cert info, verify the signature.
+ *
+ * The sigCtx is alloced and freed here.
+ *
+ * @param [in]      acinfo        the parsed acinfo sequence
+ * @param [in]      acinfoSz      the parsed acinfo sequence length
+ * @param [in]      pubKey        public key
+ * @param [in]      pubKeySz      public key length
+ * @param [in]      pubKeyOID     public key oid
+ * @param [in]      sig           the parsed signature
+ * @param [in]      sigSz         the parsed signature length
+ * @param [in]      sigOID        the parsed signature OID
+ * @param [in]      sigParams     the parsed signature RSA-PSS params
+ * @param [in]      sigParamsSz   the parsed signature RSA-PSS params length
+ * @param [in]      heap          heap hint
+ *
+ * @return  0   on verify success
+ * @return  < 0 on error
+ * */
+static int acert_sig_verify(const byte * acinfo, word32 acinfoSz,
+                            const byte * pubKey, word32 pubKeySz,
+                            int pubKeyOID, const byte * sig, word32 sigSz,
+                            word32 sigOID, const byte * sigParams,
+                            word32 sigParamsSz, void * heap)
+{
+#ifndef WOLFSSL_SMALL_STACK
+    SignatureCtx   sigCtx[1];
+#else
+    SignatureCtx * sigCtx = NULL;
+#endif
+    int            ret = 0;
+
+    #ifdef WOLFSSL_SMALL_STACK
+    sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap,
+                                    DYNAMIC_TYPE_SIGNATURE);
+    if (sigCtx == NULL) {
+        WOLFSSL_MSG("error: VerifyX509Acert: malloc sigCtx failed");
+        return MEMORY_E;
+    }
+    #endif
+
+    InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
+
+    /* Check x509 acert signature. */
+    ret = ConfirmSignature(sigCtx, acinfo, acinfoSz, pubKey, pubKeySz,
+                           (word32)pubKeyOID, sig, sigSz, sigOID,
+                           sigParams, sigParamsSz, NULL);
+
+    if (ret == WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E)) {
+        WOLFSSL_MSG("info: VerifyX509Acert: confirm signature failed");
+    }
+
+    FreeSignatureCtx(sigCtx);
+    #ifdef WOLFSSL_SMALL_STACK
+    XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
+    sigCtx = NULL;
+    #endif
+
+    return ret;
+}
+
+/* Verify the X509 ACERT signature, using the given pubkey.
+ *
+ * @param [in]      der         input acert in der format
+ * @param [in]      derSz       acert length
+ * @param [in]      pubKey      public key
+ * @param [in]      pubKeySz    public key length
+ * @param [in]      pubKeyOID   public key oid
+ * @param [in]      heap        heap hint
+ *
+ * @return  0   on success
+ * @return  < 0 on error
+ * */
+int VerifyX509Acert(const byte* der, word32 derSz,
+                    const byte* pubKey, word32 pubKeySz, int pubKeyOID,
+                    void * heap)
+{
+    DECL_ASNGETDATA(dataASN, AcertASN_Length);
+    word32         idx = 0;
+    int            ret = 0;
+    const byte *   acinfo = NULL; /* The acinfo sequence. */
+    word32         acinfoSz = 0;  /* The acinfo sequence length. */
+#ifdef WC_RSA_PSS
+    const byte *   acParams = NULL;
+    word32         acParamsSz = 0;
+#endif
+    const byte *   sig = NULL;
+    word32         sigSz = 0;
+    word32         sigOID = 0;
+    const byte *   sigParams = NULL;
+    word32         sigParamsSz = 0;
+
+    if (der == NULL || pubKey == NULL || derSz == 0 || pubKeySz == 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: bad args");
+        return BAD_FUNC_ARG;
+    }
+
+    CALLOC_ASNGETDATA(dataASN, AcertASN_Length, ret, heap);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: calloc dataASN failed");
+        return MEMORY_E;
+    }
+
+    /* Check OID types for signature algorithm. */
+    GetASN_OID(&dataASN[ACERT_IDX_ACINFO_ALGOID_OID], oidSigType);
+    GetASN_OID(&dataASN[ACERT_IDX_SIGALGO_OID], oidSigType);
+
+    /* Parse the X509 certificate. */
+    ret = GetASN_Items(AcertASN, dataASN, AcertASN_Length, 1,
+                       der, &idx, derSz);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: GetASN_Items failed");
+        FREE_ASNGETDATA(dataASN, heap);
+        return ret;
+    }
+
+    /* Check signature OIDs match. */
+    if (dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum
+        != dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum) {
+        WOLFSSL_MSG("error: VerifyX509Acert: sig OID mismatch");
+        FREE_ASNGETDATA(dataASN, heap);
+        return ASN_SIG_OID_E;
+    }
+
+    /* Get the attribute certificate info. */
+    acinfo = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_SEQ], der);
+    acinfoSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_SEQ], der);
+
+    if (acinfo == NULL || acinfoSz == 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: empty acinfo");
+        FREE_ASNGETDATA(dataASN, heap);
+        return ASN_PARSE_E;
+    }
+
+    /* Get acert signature and sig info. */
+    sigOID = dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum;
+    #ifdef WC_RSA_PSS
+    if (dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS].tag != 0) {
+        acParams = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                  der);
+        acParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                       der);
+    }
+    if (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0) {
+        sigParams = GetASNItem_Addr(dataASN[ACERT_IDX_SIGALGO_PARAMS], der);
+        sigParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_SIGALGO_PARAMS],
+                                        der);
+    }
+    #endif
+
+    GetASN_GetConstRef(&dataASN[ACERT_IDX_SIGNATURE], &sig, &sigSz);
+
+    #ifdef WC_RSA_PSS
+    if (acParamsSz != sigParamsSz) {
+        ret = ASN_PARSE_E;
+    }
+    else if ((acParamsSz > 0) && (sigOID != CTC_RSASSAPSS)) {
+        ret = ASN_PARSE_E;
+    }
+    else if ((acParamsSz > 0) &&
+             (XMEMCMP(acParams, sigParams, acParamsSz) != 0)) {
+        ret = ASN_PARSE_E;
+    }
+    #endif
+
+    if (ret == 0) {
+        /* Finally, do the verification. */
+        ret = acert_sig_verify(acinfo, acinfoSz,
+                               pubKey, pubKeySz, pubKeyOID,
+                               sig, sigSz, sigOID, sigParams, sigParamsSz,
+                               heap);
+    }
+
+    FREE_ASNGETDATA(dataASN, heap);
+    return ret;
+}
+#endif /* WOLFSSL_ACERT && WOLFSSL_ASN_TEMPLATE */
 
 #ifdef WOLFSSL_SEP
 
diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c
index adc6034040..bce74b305d 100644
--- a/wolfcrypt/src/blake2b.c
+++ b/wolfcrypt/src/blake2b.c
@@ -12,7 +12,7 @@
 */
 /* blake2b.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/blake2s.c b/wolfcrypt/src/blake2s.c
index 9efa84f3b8..7e36d6ee11 100644
--- a/wolfcrypt/src/blake2s.c
+++ b/wolfcrypt/src/blake2s.c
@@ -12,7 +12,7 @@
 */
 /* blake2s.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/camellia.c b/wolfcrypt/src/camellia.c
index 9f2897f281..3425177e56 100644
--- a/wolfcrypt/src/camellia.c
+++ b/wolfcrypt/src/camellia.c
@@ -27,7 +27,7 @@
 
 /* camellia.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index f4975604c7..f7ee6bba38 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -1,6 +1,6 @@
 /* chacha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,22 +35,57 @@ Public domain.
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)
+#ifdef HAVE_CHACHA
+    #include <wolfssl/wolfcrypt/chacha.h>
+    #include <wolfssl/wolfcrypt/error-crypt.h>
+
+    #ifdef NO_INLINE
+        #include <wolfssl/wolfcrypt/misc.h>
+    #else
+        #define WOLFSSL_MISC_INCLUDED
+        #include <wolfcrypt/src/misc.c>
+    #endif
+
+    #ifdef BIG_ENDIAN_ORDER
+        #define LITTLE32(x) ByteReverseWord32(x)
+    #else
+        #define LITTLE32(x) (x)
+    #endif
+
+    /* Number of rounds */
+    #define ROUNDS  20
+
+    #define U32C(v) (v##U)
+    #define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
+    #define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0])
+
+    #define ROTATE(v,c) rotlFixed(v, c)
+    #define XOR(v,w)    ((v) ^ (w))
+    #define PLUS(v,w)   (U32V((v) + (w)))
+    #define PLUSONE(v)  (PLUS((v),1))
+
+    #define QUARTERROUND(a,b,c,d) \
+        x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \
+        x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \
+        x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \
+        x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7);
+#endif /* HAVE_CHACHA */
+
+
+#if defined(WOLFSSL_ARMASM) && (!defined(WOLFSSL_ARMASM_NO_NEON) || \
+    defined(__thumb__))
     /* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */
 
+#elif defined(WOLFSSL_RISCV_ASM)
+    /* implementation located in wolfcrypt/src/port/rsicv/riscv-64-chacha.c */
+
 #else
+
+/* BEGIN ChaCha C implementation */
 #if defined(HAVE_CHACHA)
 
-#include <wolfssl/wolfcrypt/chacha.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #define WOLFSSL_MISC_INCLUDED
-    #include <wolfcrypt/src/misc.c>
-#endif
 
 #ifdef CHACHA_AEAD_TEST
     #include <stdio.h>
@@ -85,31 +120,6 @@ Public domain.
     static word32 cpuidFlags = 0;
 #endif
 
-#ifdef BIG_ENDIAN_ORDER
-    #define LITTLE32(x) ByteReverseWord32(x)
-#else
-    #define LITTLE32(x) (x)
-#endif
-
-/* Number of rounds */
-#define ROUNDS  20
-
-#define U32C(v) (v##U)
-#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
-#define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0])
-
-#define ROTATE(v,c) rotlFixed(v, c)
-#define XOR(v,w)    ((v) ^ (w))
-#define PLUS(v,w)   (U32V((v) + (w)))
-#define PLUSONE(v)  (PLUS((v),1))
-
-#define QUARTERROUND(a,b,c,d) \
-  x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \
-  x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \
-  x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \
-  x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7);
-
-
 /**
   * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
   * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
@@ -235,86 +245,6 @@ static WC_INLINE void wc_Chacha_wordtobyte(word32 x[CHACHA_CHUNK_WORDS],
 }
 #endif /* !USE_INTEL_CHACHA_SPEEDUP */
 
-
-#ifdef HAVE_XCHACHA
-
-/*
- * wc_HChacha_block - half a ChaCha block, for XChaCha
- *
- * see https://tools.ietf.org/html/draft-arciszewski-xchacha-03
- */
-static WC_INLINE void wc_HChacha_block(ChaCha* ctx, word32 stream[CHACHA_CHUNK_WORDS/2], word32 nrounds)
-{
-    word32 x[CHACHA_CHUNK_WORDS];
-    word32 i;
-
-    for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
-        x[i] = ctx->X[i];
-    }
-
-    for (i = nrounds; i > 0; i -= 2) {
-        QUARTERROUND(0, 4,  8, 12)
-        QUARTERROUND(1, 5,  9, 13)
-        QUARTERROUND(2, 6, 10, 14)
-        QUARTERROUND(3, 7, 11, 15)
-        QUARTERROUND(0, 5, 10, 15)
-        QUARTERROUND(1, 6, 11, 12)
-        QUARTERROUND(2, 7,  8, 13)
-        QUARTERROUND(3, 4,  9, 14)
-    }
-
-    for (i = 0; i < CHACHA_CHUNK_WORDS/4; ++i)
-        stream[i] = x[i];
-    for (i = CHACHA_CHUNK_WORDS/4; i < CHACHA_CHUNK_WORDS/2; ++i)
-        stream[i] = x[i + CHACHA_CHUNK_WORDS/2];
-}
-
-/* XChaCha -- https://tools.ietf.org/html/draft-arciszewski-xchacha-03 */
-int wc_XChacha_SetKey(ChaCha *ctx,
-                      const byte *key, word32 keySz,
-                      const byte *nonce, word32 nonceSz,
-                      word32 counter) {
-    word32 k[CHACHA_MAX_KEY_SZ];
-    byte iv[CHACHA_IV_BYTES];
-    int ret;
-
-    if (nonceSz != XCHACHA_NONCE_BYTES)
-        return BAD_FUNC_ARG;
-
-    if ((ret = wc_Chacha_SetKey(ctx, key, keySz)) < 0)
-        return ret;
-
-    /* form a first chacha IV from the first 16 bytes of the nonce.
-     * the first word is supplied in the "counter" arg, and
-     * the result is a full 128 bit nonceful IV for the one-time block
-     * crypto op that follows.
-     */
-    if ((ret = wc_Chacha_SetIV(ctx, nonce + 4, U8TO32_LITTLE(nonce))) < 0)
-        return ret;
-
-    wc_HChacha_block(ctx, k, 20); /* 20 rounds, but keeping half the output. */
-
-    /* the HChacha output is used as a 256 bit key for the main cipher. */
-    XMEMCPY(&ctx->X[4], k, 8 * sizeof(word32));
-
-    /* use 8 bytes from the end of the 24 byte nonce, padded up to 12 bytes,
-     * to form the IV for the main cipher.
-     */
-    XMEMSET(iv, 0, 4);
-    XMEMCPY(iv + 4, nonce + 16, 8);
-
-    if ((ret = wc_Chacha_SetIV(ctx, iv, counter)) < 0)
-        return ret;
-
-    ForceZero(k, sizeof k);
-    ForceZero(iv, sizeof iv);
-
-    return 0;
-}
-
-#endif /* HAVE_XCHACHA */
-
-
 #ifdef __cplusplus
     extern "C" {
 #endif
@@ -438,7 +368,13 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
 #endif
 }
 
-void wc_Chacha_purge_current_block(ChaCha* ctx) {
+#endif /* HAVE_CHACHA */
+#endif /* END ChaCha C implementation */
+
+#if defined(HAVE_CHACHA) && defined(HAVE_XCHACHA)
+
+void wc_Chacha_purge_current_block(ChaCha* ctx)
+{
     if (ctx->left > 0) {
         byte scratch[CHACHA_CHUNK_BYTES];
         XMEMSET(scratch, 0, sizeof(scratch));
@@ -446,6 +382,80 @@ void wc_Chacha_purge_current_block(ChaCha* ctx) {
     }
 }
 
-#endif /* HAVE_CHACHA */
+/*
+ * wc_HChacha_block - half a ChaCha block, for XChaCha
+ *
+ * see https://tools.ietf.org/html/draft-arciszewski-xchacha-03
+ */
+static WC_INLINE void wc_HChacha_block(ChaCha* ctx,
+    word32 stream[CHACHA_CHUNK_WORDS/2], word32 nrounds)
+{
+    word32 x[CHACHA_CHUNK_WORDS];
+    word32 i;
+
+    for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
+        x[i] = ctx->X[i];
+    }
+
+    for (i = nrounds; i > 0; i -= 2) {
+        QUARTERROUND(0, 4,  8, 12)
+        QUARTERROUND(1, 5,  9, 13)
+        QUARTERROUND(2, 6, 10, 14)
+        QUARTERROUND(3, 7, 11, 15)
+        QUARTERROUND(0, 5, 10, 15)
+        QUARTERROUND(1, 6, 11, 12)
+        QUARTERROUND(2, 7,  8, 13)
+        QUARTERROUND(3, 4,  9, 14)
+    }
+
+    for (i = 0; i < CHACHA_CHUNK_WORDS/4; ++i)
+        stream[i] = x[i];
+    for (i = CHACHA_CHUNK_WORDS/4; i < CHACHA_CHUNK_WORDS/2; ++i)
+        stream[i] = x[i + CHACHA_CHUNK_WORDS/2];
+}
+
+/* XChaCha -- https://tools.ietf.org/html/draft-arciszewski-xchacha-03 */
+int wc_XChacha_SetKey(ChaCha *ctx,
+                      const byte *key, word32 keySz,
+                      const byte *nonce, word32 nonceSz,
+                      word32 counter)
+{
+    int ret;
+    word32 k[CHACHA_MAX_KEY_SZ];
+    byte   iv[CHACHA_IV_BYTES];
+
+    if (nonceSz != XCHACHA_NONCE_BYTES)
+        return BAD_FUNC_ARG;
+
+    if ((ret = wc_Chacha_SetKey(ctx, key, keySz)) < 0)
+        return ret;
+
+    /* form a first chacha IV from the first 16 bytes of the nonce.
+     * the first word is supplied in the "counter" arg, and
+     * the result is a full 128 bit nonceful IV for the one-time block
+     * crypto op that follows.
+     */
+    if ((ret = wc_Chacha_SetIV(ctx, nonce + 4, U8TO32_LITTLE(nonce))) < 0)
+        return ret;
+
+    wc_HChacha_block(ctx, k, 20); /* 20 rounds, but keeping half the output. */
+
+    /* the HChacha output is used as a 256 bit key for the main cipher. */
+    XMEMCPY(&ctx->X[4], k, 8 * sizeof(word32));
+
+    /* use 8 bytes from the end of the 24 byte nonce, padded up to 12 bytes,
+     * to form the IV for the main cipher.
+     */
+    XMEMSET(iv, 0, 4);
+    XMEMCPY(iv + 4, nonce + 16, 8);
+
+    if ((ret = wc_Chacha_SetIV(ctx, iv, counter)) < 0)
+        return ret;
+
+    ForceZero(k, sizeof k);
+    ForceZero(iv, sizeof iv);
+
+    return 0;
+}
 
-#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_CHACHA && HAVE_XCHACHA */
diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c
index df4147c879..a29a18f25d 100644
--- a/wolfcrypt/src/chacha20_poly1305.c
+++ b/wolfcrypt/src/chacha20_poly1305.c
@@ -1,6 +1,6 @@
 /* chacha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c
index b77cc33ffe..8accb1a872 100644
--- a/wolfcrypt/src/cmac.c
+++ b/wolfcrypt/src/cmac.c
@@ -1,6 +1,6 @@
 /* cmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -242,9 +242,7 @@ int wc_CmacFree(Cmac* cmac)
     /* TODO: msg is leaked if wc_CmacFinal() is not called
      * e.g. when multiple calls to wc_CmacUpdate() and one fails but
      * wc_CmacFinal() not called. */
-    if (cmac->msg != NULL) {
-        XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     wc_AesFree(&cmac->aes);
     ForceZero(cmac, sizeof(Cmac));
@@ -414,9 +412,7 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
 
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (cmac) {
-        XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
-    }
+    XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
 #elif defined(WOLFSSL_CHECK_MEM_ZERO)
     wc_MemZero_Check(cmac, sizeof(Cmac));
 #endif
@@ -495,9 +491,7 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
                               INVALID_DEVID);
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (cmac) {
-        XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
-    }
+    XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
 #elif defined(WOLFSSL_CHECK_MEM_ZERO)
     wc_MemZero_Check(cmac, sizeof(Cmac));
 #endif
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 250994821e..aa87ae7949 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -1,6 +1,6 @@
 /* coding.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -458,7 +458,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
     *outLen = i;
 
     if (ret == 0)
-        return getSzOnly ? LENGTH_ONLY_E : 0;
+        return getSzOnly ? WC_NO_ERR_TRACE(LENGTH_ONLY_E) : 0;
 
     return ret;
 }
diff --git a/wolfcrypt/src/compress.c b/wolfcrypt/src/compress.c
index 58c154c596..941596e7fa 100644
--- a/wolfcrypt/src/compress.c
+++ b/wolfcrypt/src/compress.c
@@ -1,6 +1,6 @@
 /* compress.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -310,10 +310,8 @@ int wc_DeCompressDynamic(byte** out, int maxSz, int memoryType,
     if (inflateEnd(&stream) != Z_OK)
         result = DECOMPRESS_E;
 
-    if (tmp != NULL) {
-        XFREE(tmp, heap, memoryType);
-        tmp = NULL;
-    }
+    XFREE(tmp, heap, memoryType);
+    tmp = NULL;
 
     return result;
 }
diff --git a/wolfcrypt/src/cpuid.c b/wolfcrypt/src/cpuid.c
index fa7ee43675..67223860c8 100644
--- a/wolfcrypt/src/cpuid.c
+++ b/wolfcrypt/src/cpuid.c
@@ -1,6 +1,6 @@
 /* cpuid.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
index 06b9ebe5bc..23355493e9 100644
--- a/wolfcrypt/src/cryptocb.c
+++ b/wolfcrypt/src/cryptocb.c
@@ -1,6 +1,6 @@
 /* cryptocb.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,7 +55,6 @@
 #ifdef WOLFSSL_CAAM
     #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
 #endif
-
 /* TODO: Consider linked list with mutex */
 #ifndef MAX_CRYPTO_DEVID_CALLBACKS
 #define MAX_CRYPTO_DEVID_CALLBACKS 8
@@ -418,6 +417,62 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
+                    word32* outLen, int type, RsaKey* key, WC_RNG* rng,
+                           RsaPadding *padding)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    CryptoCb* dev;
+    int pk_type;
+
+    if (key == NULL)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
+
+    if (padding) {
+        switch(padding->pad_type) {
+#ifndef NO_PKCS11_RSA_PKCS
+        case WC_RSA_PKCSV15_PAD:
+            pk_type = WC_PK_TYPE_RSA_PKCS;
+            break;
+        case WC_RSA_PSS_PAD:
+            pk_type = WC_PK_TYPE_RSA_PSS;
+            break;
+        case WC_RSA_OAEP_PAD:
+            pk_type = WC_PK_TYPE_RSA_OAEP;
+            break;
+#endif /* NO_PKCS11_RSA_PKCS */
+        default:
+            pk_type = WC_PK_TYPE_RSA;
+        }
+    } else {
+        pk_type = WC_PK_TYPE_RSA;
+    }
+
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = pk_type;
+        cryptoInfo.pk.rsa.in = in;
+        cryptoInfo.pk.rsa.inLen = inLen;
+        cryptoInfo.pk.rsa.out = out;
+        cryptoInfo.pk.rsa.outLen = outLen;
+        cryptoInfo.pk.rsa.type = type;
+        cryptoInfo.pk.rsa.key = key;
+        cryptoInfo.pk.rsa.rng = rng;
+        cryptoInfo.pk.rsa.padding = padding;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif
+
 #ifdef WOLFSSL_KEY_GEN
 int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 {
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index 4cd29c4acd..e24034222f 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -1,6 +1,6 @@
 /* curve25519.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/curve448.c b/wolfcrypt/src/curve448.c
index dd320a8cc0..3cbf577c0b 100644
--- a/wolfcrypt/src/curve448.c
+++ b/wolfcrypt/src/curve448.c
@@ -1,6 +1,6 @@
 /* curve448.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index e66a33d1f2..93bdde27a2 100644
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -1,6 +1,6 @@
 /* des3.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1031,6 +1031,169 @@
     }
 
 
+#ifdef WOLFSSL_DES_ECB
+    /* One block, compatibility only */
+    int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+        byte temp_block[DES_BLOCK_SIZE];
+
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad cau_des_encrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+        #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_encrypt(temp_block, (byte*)des->key, out + offset);
+        #else
+            MMCAU_DES_EncryptEcb(temp_block, (byte*)des->key, out + offset);
+        #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+
+        }
+       return ret;
+
+    }
+
+    int wc_Des_EcbDecrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+        byte temp_block[DES_BLOCK_SIZE];
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad cau_des_decrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+
+        #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_decrypt(in + offset, (byte*)des->key, out + offset);
+        #else
+            MMCAU_DES_DecryptEcb(in + offset, (byte*)des->key, out + offset);
+        #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+        }
+
+        return ret;
+    }
+
+    int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+
+        byte temp_block[DES_BLOCK_SIZE];
+
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad 3ede cau_des_encrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+    #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_encrypt(temp_block,   (byte*)des->key[0], out + offset);
+            cau_des_decrypt(out + offset, (byte*)des->key[1], out + offset);
+            cau_des_encrypt(out + offset, (byte*)des->key[2], out + offset);
+    #else
+            MMCAU_DES_EncryptEcb(temp_block  , (byte*)des->key[0], out + offset);
+            MMCAU_DES_DecryptEcb(out + offset, (byte*)des->key[1], out + offset);
+            MMCAU_DES_EncryptEcb(out + offset, (byte*)des->key[2], out + offset);
+    #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+
+        }
+
+        return ret;
+    }
+
+    int wc_Des3_EcbDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+
+        byte temp_block[DES_BLOCK_SIZE];
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad 3ede cau_des_decrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+        #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_decrypt(in + offset,  (byte*)des->key[2], out + offset);
+            cau_des_encrypt(out + offset, (byte*)des->key[1], out + offset);
+            cau_des_decrypt(out + offset, (byte*)des->key[0], out + offset);
+        #else
+            MMCAU_DES_DecryptEcb(in + offset , (byte*)des->key[2], out + offset);
+            MMCAU_DES_EncryptEcb(out + offset, (byte*)des->key[1], out + offset);
+            MMCAU_DES_DecryptEcb(out + offset, (byte*)des->key[0], out + offset);
+        #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+        }
+
+        return ret;
+    }
+#endif /* WOLFSSL_DES_ECB */
+
+
 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
 
     /* PIC32MZ DES hardware requires size multiple of block size */
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index 28ed1978d7..c830d7a91a 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -1,6 +1,6 @@
 /* dh.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1028,7 +1028,7 @@ static int _ffc_pairwise_consistency_test(DhKey* key,
         if (n < 5)
             return 0;
         else
-            return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
+            return (word32)((double)2.4 * XPOW((double)n, 1.0/3.0) *
                     XPOW(XLOG((double)n), 2.0/3.0) - 5);
     }
 #endif /* WOLFSSL_DH_CONST*/
@@ -1153,7 +1153,7 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
     }
 
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-    wc_MemZero_Add("GeneratePrivateDh186 cBuf", cBuf, cSz);
+    wc_MemZero_Add("GeneratePrivateDh186 cBuf", cBuf, cSz); /* cppcheck-suppress uninitvar */
     mp_memzero_add("GeneratePrivateDh186 tmpX", tmpX);
 #endif
     do {
@@ -1981,7 +1981,7 @@ int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
 
 #ifndef WOLFSSL_KCAPI_DH
 static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
-    const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
+    const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz, int ct)
 {
     int ret = 0;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -2138,6 +2138,13 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 #endif
 
 #if !defined(WOLFSSL_SP_MATH)
+    if (ct) {
+        /* for the constant-time variant, we will probably use more bits in x for
+         * the modexp than we read from the private key, and those extra bits need
+         * to be zeroed.
+         */
+        XMEMSET(x, 0, sizeof *x);
+    }
     if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) {
     #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(z, key->heap, DYNAMIC_TYPE_DH);
@@ -2159,8 +2166,17 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
     if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
         ret = MP_READ_E;
 
-    if (ret == 0 && mp_exptmod(y, x, &key->p, z) != MP_OKAY)
-        ret = MP_EXPTMOD_E;
+    if (ret == 0) {
+        if (ct)
+            ret = mp_exptmod_ex(y, x,
+                                ((int)*agreeSz + DIGIT_BIT - 1) / DIGIT_BIT,
+                                &key->p, z);
+        else
+            ret = mp_exptmod(y, x, &key->p, z);
+        if (ret != MP_OKAY)
+            ret = MP_EXPTMOD_E;
+    }
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     if (ret == 0)
         mp_memzero_add("wc_DhAgree_Sync z", z);
@@ -2170,11 +2186,16 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
     if (ret == 0 && (mp_cmp_d(z, 1) == MP_EQ))
         ret = MP_VAL;
 
-    if (ret == 0 && mp_to_unsigned_bin(z, agree) != MP_OKAY)
-        ret = MP_TO_E;
-
-    if (ret == 0)
-        *agreeSz = (word32)mp_unsigned_bin_size(z);
+    if (ret == 0) {
+        if (ct) {
+            ret = mp_to_unsigned_bin_len_ct(z, agree, (int)*agreeSz);
+        }
+        else {
+            ret = mp_to_unsigned_bin(z, agree);
+            if (ret == MP_OKAY)
+                *agreeSz = (word32)mp_unsigned_bin_size(z);
+        }
+    }
 
     mp_forcezero(z);
     mp_clear(y);
@@ -2183,6 +2204,7 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
     RESTORE_VECTOR_REGISTERS();
 
 #else
+    (void)ct;
     ret = WC_KEY_SIZE_E;
 #endif
 
@@ -2238,7 +2260,8 @@ static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz,
 #endif
 
     /* otherwise use software DH */
-    ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
+    ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz,
+                          0);
 
     return ret;
 }
@@ -2267,13 +2290,69 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
     else
 #endif
     {
-        ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
+        ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub,
+                              pubSz, 0);
     }
 #endif /* WOLFSSL_KCAPI_DH */
 
     return ret;
 }
 
+int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz, const byte* priv,
+            word32 privSz, const byte* otherPub, word32 pubSz)
+{
+    int ret;
+    word32 requested_agreeSz;
+#ifndef WOLFSSL_NO_MALLOC
+    byte *agree_buffer = NULL;
+#else
+    byte agree_buffer[DH_MAX_SIZE / 8];
+#endif
+
+    if (key == NULL || agree == NULL || agreeSz == NULL || priv == NULL ||
+                                                            otherPub == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    requested_agreeSz = *agreeSz;
+
+#ifndef WOLFSSL_NO_MALLOC
+    agree_buffer = (byte *)XMALLOC(requested_agreeSz, key->heap,
+                                   DYNAMIC_TYPE_DH);
+    if (agree_buffer == NULL)
+        return MEMORY_E;
+#endif
+
+    XMEMSET(agree_buffer, 0, requested_agreeSz);
+
+    ret = wc_DhAgree_Sync(key, agree_buffer, agreeSz, priv, privSz, otherPub,
+                          pubSz, 1);
+
+    if (ret == 0) {
+        /* Arrange for correct fixed-length, right-justified key, even if the
+         * crypto back end doesn't support it.  This assures that the key is
+         * unconditionally agreed correctly.  With some crypto back ends,
+         * e.g. heapmath, there are no provisions for actual constant time, but
+         * with others the key computation and clamping is constant time, and
+         * the unclamping here is also constant time.
+         */
+        byte *agree_src = agree_buffer + *agreeSz - 1,
+            *agree_dst = agree + requested_agreeSz - 1;
+        while (agree_dst >= agree) {
+            word32 mask = (agree_src >= agree_buffer) - 1U;
+            agree_src += (mask & requested_agreeSz);
+            *agree_dst-- = *agree_src--;
+        }
+        *agreeSz = requested_agreeSz;
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    XFREE(agree_buffer, key->heap, DYNAMIC_TYPE_DH);
+#endif
+
+    return ret;
+}
+
 #ifdef WOLFSSL_DH_EXTRA
 WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst)
 {
@@ -3149,7 +3228,7 @@ int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
             *pSz = pLen;
             *qSz = qLen;
             *gSz = gLen;
-            ret = LENGTH_ONLY_E;
+            ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
     }
 
diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
index 007a9b35ee..da465efcc3 100644
--- a/wolfcrypt/src/dilithium.c
+++ b/wolfcrypt/src/dilithium.c
@@ -1,6 +1,6 @@
 /* dilithium.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,6 +58,19 @@
  * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM                           Default: OFF
  *   Compiles signature implementation that uses smaller amounts of memory but
  *   is considerably slower.
+ * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC                   Default: OFF
+ *   Compiles signature implementation that uses smaller amounts of memory but
+ *   is considerably slower. Allocates vectors and decodes private key data
+ *   into them upfront.
+ * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A                 Default: OFF
+ *   Compiles signature implementation that uses smaller amounts of memory but
+ *   is slower. Allocates matrix A and calculates it upfront.
+ * WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM                       Default: OFF
+ *   Compiles key generation implementation that uses smaller amounts of memory
+ *   but is slower.
+ * WOLFSSL_DILITHIUM_SMALL_MEM_POLY64                         Default: OFF
+ *   Compiles the small memory implementations to use a 64-bit polynomial.
+ *   Uses 2KB of memory but is slighlty quicker (2.75-7%).
  *
  * WOLFSSL_DILITHIUM_ALIGNMENT                                Default: 8
  *   Use to indicate whether loading and storing of words needs to be aligned.
@@ -67,6 +80,9 @@
  *
  * WOLFSSL_DILITHIUM_NO_ASN1                                  Default: OFF
  *   Disables any ASN.1 encoding or decoding code.
+ * WOLFSSL_DILITHIUM_REVERSE_HASH_OID                         Default: OFF
+ *   Reverse the DER encoded hash oid when signing and verifying a pre-hashed
+ *   message.
  *
  * WC_DILITHIUM_CACHE_MATRIX_A                                Default: OFF
  *   Enable caching of the A matrix on import.
@@ -79,6 +95,10 @@
  *   Enable caching of public key vectors on import.
  *   Enables WC_DILITHIUM_CACHE_MATRIX_A.
  *   Less work is required in sign operations.
+ * WC_DILITHIUM_FIXED_ARRAY                                   Default: OFF
+ *   Make the matrix and vectors of cached data fixed arrays that have
+ *   maximumal sizes for the configured parameters.
+ *   Useful in low dynamic memory situations.
  *
  * WOLFSSL_DILITHIUM_SIGN_CHECK_Y                             Default: OFF
  *   Check vector y is in required range as an early check on valid vector z.
@@ -129,6 +149,7 @@
 #endif
 
 #include <wolfssl/wolfcrypt/dilithium.h>
+#include <wolfssl/wolfcrypt/hash.h>
 #include <wolfssl/wolfcrypt/sha3.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
@@ -138,6 +159,18 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) && \
+        !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)
+    #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
+#endif
+#if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) && \
+        !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)
+    #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
+    #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+        #error "PRECALC and PRECALC_A is equivalent to non small mem"
+    #endif
+#endif
+
 #ifdef WOLFSSL_WC_DILITHIUM
 
 #ifdef DEBUG_DILITHIUM
@@ -217,6 +250,9 @@ void print_data(const char* name, const byte* d, int len)
 /* Number of bytes to a block of SHAKE-256 when generating s1 and s2. */
 #define DILITHIUM_GEN_S_BLOCK_BYTES    (WC_SHA3_256_COUNT * 8)
 
+/* Length of the hash OID to include in pre-hash message. */
+#define DILITHIUM_HASH_OID_LEN         11
+
 
 /* The ML-DSA parameters sets. */
 static const wc_dilithium_params dilithium_params[] = {
@@ -271,7 +307,7 @@ static const wc_dilithium_params dilithium_params[] = {
 static int dilithium_get_params(int level, const wc_dilithium_params** params)
 {
     unsigned int i;
-    int ret = NOT_COMPILED_IN;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
     for (i = 0; i < DILITHIUM_PARAMS_CNT; i++) {
         if (dilithium_params[i].level == level) {
@@ -318,7 +354,9 @@ static int dilithium_shake256(wc_Shake* shake256, const byte* data,
     return ret;
 }
 
-#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+#if !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+     !defined(WOLFSSL_DILITHIUM_NO_VERIFY))
 /* 256-bit hash using SHAKE-256.
  *
  * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d)
@@ -358,6 +396,198 @@ static int dilithium_hash256(wc_Shake* shake256, const byte* data1,
 }
 #endif
 
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+/* 256-bit hash of context and message using SHAKE-256.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *   10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                         ctx) || M
+ *   ...
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.Sign_internal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64))
+ *   ...
+ *
+ * @param [in, out] shake256  SHAKE-256 object.
+ * @param [in]      tr        Public key hash.
+ * @param [in]      trLen     Length of public key hash in bytes.
+ * @param [in]      preHash   0 when message was not hashed,
+ *                            1 when message was hashed.
+ * @param [in]      ctx       Context of signature.
+ * @param [in]      ctxLen    Length of context of signature in bytes.
+ * @param [in]      ctx       Message to sign.
+ * @param [in]      ctxLen    Length of message to sign in bytes.
+ * @param [out]     hash      Buffer to hold hash result.
+ * @param [in]      hashLen   Number of bytes of hash to return.
+ * @return  0 on success.
+ * @return  Negative on error.
+ */
+static int dilithium_hash256_ctx_msg(wc_Shake* shake256, const byte* tr,
+    byte trLen, byte preHash, const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* hash, word32 hashLen)
+{
+    int ret;
+    byte prefix[2];
+
+    prefix[0] = preHash;
+    prefix[1] = ctxLen;
+
+    /* Initialize SHAKE-256 operation. */
+    ret = wc_InitShake256(shake256, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        /* Update with public key hash. */
+        ret = wc_Shake256_Update(shake256, tr, trLen);
+    }
+    if (ret == 0) {
+        /* Update with context prefix - 0 | ctxLen. */
+        ret = wc_Shake256_Update(shake256, prefix, (word32)sizeof(prefix));
+    }
+    if (ret == 0) {
+        /* Update with context. */
+        ret = wc_Shake256_Update(shake256, ctx, ctxLen);
+    }
+    if (ret == 0) {
+        /* Update with message. */
+        ret = wc_Shake256_Update(shake256, msg, msgLen);
+    }
+    if (ret == 0) {
+        /* Compute hash of data. */
+        ret = wc_Shake256_Final(shake256, hash, hashLen);
+    }
+
+    return ret;
+}
+
+/* Get the OID for the digest hash.
+ *
+ * @param [in]  hash         Hash algorithm.
+ * @param [out] oidBuffer   Buffer to hold OID.
+ * @param [out] oidLen      Length of OID in buffer.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG if hash algorithm not known.
+ */
+static int dilithium_get_hash_oid(int hash, byte* oidBuffer, word32* oidLen)
+{
+    int ret = 0;
+    const byte* oid;
+
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+
+    oid = OidFromId(wc_HashGetOID((enum wc_HashType)hash), oidHashType, oidLen);
+    if ((oid != NULL) && (*oidLen <= DILITHIUM_HASH_OID_LEN - 2)) {
+#ifndef WOLFSSL_DILITHIUM_REVERSE_HASH_OID
+        oidBuffer[0] = 0x06;   /* ObjectID */
+        oidBuffer[1] = *oidLen;   /* ObjectID */
+        oidBuffer += 2;
+        XMEMCPY(oidBuffer, oid, *oidLen);
+#else
+        int i;
+        for (i = (int)*oidLen - 1; i >= 0; i--) {
+            *(oidBuffer++) = oid[i];
+        }
+        *(oidBuffer++) = *oidLen;   /* ObjectID */
+        * oidBuffer    = 0x06;   /* ObjectID */
+#endif
+        *oidLen += 2;
+     }
+     else {
+        ret = BAD_FUNC_ARG;
+    }
+
+#else
+
+    *oidLen = DILITHIUM_HASH_OID_LEN;
+#ifndef NO_SHA256
+    if (hash == WC_HASH_TYPE_SHA256) {
+        static byte sha256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
+        };
+        oid = sha256Oid;
+    }
+    else
+#endif
+#ifdef WOLFSSL_SHA384
+    if (hash == WC_HASH_TYPE_SHA384) {
+        static byte sha384Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
+        };
+        oid = sha384Oid;
+    }
+    else
+#endif
+#ifdef WOLFSSL_SHA512
+    if (hash == WC_HASH_TYPE_SHA512) {
+        static byte sha512Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
+        };
+        oid = sha512Oid;
+    }
+    else
+#ifndef WOLFSSL_NOSHA512_256
+    if (hash == WC_HASH_TYPE_SHA512_256) {
+        static byte sha512_256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06
+        };
+        oid = sha512_256Oid;
+    }
+    else
+#endif
+#endif
+    if (hash == WC_HASH_TYPE_SHAKE128) {
+        static byte shake128Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0B
+        };
+        oid = shake128Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHAKE256) {
+        static byte shake256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0C
+        };
+        oid = shake256Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHA3_256) {
+        static byte sha3_256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08
+        };
+        oid = sha3_256Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHA3_384) {
+        static byte sha3_384Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x09
+        };
+        oid = sha3_384Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHA3_512) {
+        static byte sha3_512Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0A
+        };
+        oid = sha3_512Oid;
+    }
+    else {
+        oid = NULL;
+        ret = BAD_FUNC_ARG;
+    }
+
+    if ((oid != NULL) && (*oidLen <= DILITHIUM_HASH_OID_LEN)) {
+#ifndef WOLFSSL_DILITHIUM_REVERSE_HASH_OID
+        XMEMCPY(oidBuffer, oid, *oidLen);
+#else
+        int i;
+        for (i = (int)*oidLen - 1; i >= 0; i--) {
+            *(oidBuffer++) = oid[i];
+        }
+#endif
+    }
+#endif
+
+    return ret;
+}
+#endif
+#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+
 #ifndef WOLFSSL_DILITHIUM_SMALL
 /* 128-bit hash using SHAKE-128.
  *
@@ -710,13 +940,13 @@ static void dilithium_vec_decode_eta_bits(const byte* p, byte eta, sword32* s,
  *   2: r0 <- r+ mod +/- 2^d
  *   3: return ((r+ - r0) / 2^d, r0)
  *
- * FIPS 204. 8.2: Algorithm 18 skEncode(rho, K, tr, s1, s2, t0)
+ * FIPS 204. 7.2: Algorithm 24 skEncode(rho, K, tr, s1, s2, t0)
  *   ...
  *   8: for i form 0 to k - 1 do
  *   9:     sk <- sk || BitPack(t0[i], s^(d-1) - 1, 2^(d-1))
  *  10: end for
  *
- * FIPS 204. 8.2: Algorithm 16 pkEncode(rho, t1)
+ * FIPS 204. 7.2: Algorithm 22 pkEncode(rho, t1)
  *   ...
  *   2: for i from 0 to k - 1 do
  *   3:     pk <- pk || SimpleBitPack(t1[i], 2^bitlen(q-1) - d - 1)
@@ -732,9 +962,9 @@ static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1)
     unsigned int i;
     unsigned int j;
 
-    /* Alg 18, Step 8 and Alg 16, Step 2. For each polynomial of vector. */
+    /* Alg 24, Step 8 and Alg 22, Step 2. For each polynomial of vector. */
     for (i = 0; i < d; i++) {
-        /* Alg 18, Step 9 and Alg 16, Step 3.
+        /* Alg 24, Step 9 and Alg 22, Step 3.
          * Do all polynomial values - 8 at a time. */
         for (j = 0; j < DILITHIUM_N; j += 8) {
             /* Take 8 values of t and take top bits and make positive. */
@@ -1674,43 +1904,24 @@ static void dilithium_vec_encode_w1(const sword32* w1, byte k, sword32 gamma2,
  * @param [in, out] shake128  SHAKE-128 object.
  * @param [in]      seed      Seed to hash to generate values.
  * @param [out]     a         Polynomial.
+ * @param [in]      h         Buffer to hold hashes.
  * @return  0 on success.
- * @return  MEMORY_E when dynamic memory allocation fails.
  * @return  Negative on hash error.
  */
-static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
-    byte* key_h)
+static int dilithium_rej_ntt_poly_ex(wc_Shake* shake128, byte* seed, sword32* a,
+    byte* h)
 {
-#ifdef WOLFSSL_DILITHIUM_SMALL
     int ret = 0;
+#ifdef WOLFSSL_DILITHIUM_SMALL
     int j = 0;
-#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC)
-    byte* h = NULL;
-#else
-    byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE];
-#endif
-
-    (void)key_h;
-
-#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
-    h = key_h;
-#elif defined(WOLFSSL_SMALL_STACK)
-    h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, NULL,
-        DYNAMIC_TYPE_DILITHIUM);
-    if (h == NULL) {
-        ret = MEMORY_E;
-    }
-#endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC */
 
-    if (ret == 0) {
-    #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
-        /* Reading 4 bytes for 3 so need to set 1 past for last read. */
-        h[DILITHIUM_GEN_A_BLOCK_BYTES] = 0;
-    #endif
+#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+    /* Reading 4 bytes for 3 so need to set 1 past for last read. */
+    h[DILITHIUM_GEN_A_BLOCK_BYTES] = 0;
+#endif
 
-        /* Initialize SHAKE-128 object for new hash. */
-        ret = wc_InitShake128(shake128, NULL, INVALID_DEVID);
-    }
+    /* Initialize SHAKE-128 object for new hash. */
+    ret = wc_InitShake128(shake128, NULL, INVALID_DEVID);
     if (ret == 0) {
         /* Absorb the seed. */
         ret = wc_Shake128_Absorb(shake128, seed, DILITHIUM_GEN_A_SEED_SZ);
@@ -1746,39 +1957,14 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
             }
         }
     }
-
-#if !defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && defined(WOLFSSL_SMALL_STACK)
-    XFREE(h, NULL, DYNAMIC_TYPE_DILITHIUM);
-#endif
-    return ret;
 #else
-    int ret = 0;
     unsigned int j = 0;
     unsigned int c;
-#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC)
-    byte* h = NULL;
-#else
-    byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE];
-#endif
-
-    (void)key_h;
-
-#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
-    h = key_h;
-#elif defined(WOLFSSL_SMALL_STACK)
-    h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, NULL,
-        DYNAMIC_TYPE_DILITHIUM);
-    if (h == NULL) {
-        ret = MEMORY_E;
-    }
-#endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC */
 
-    if (ret == 0) {
-        /* Generate enough SHAKE-128 output blocks to give high probability of
-         * being able to get 256 valid 3-byte, 23-bit values from it. */
-        ret = dilithium_squeeze128(shake128, seed, DILITHIUM_GEN_A_SEED_SZ, h,
-            DILITHIUM_GEN_A_NBLOCKS);
-    }
+    /* Generate enough SHAKE-128 output blocks to give high probability of
+     * being able to get 256 valid 3-byte, 23-bit values from it. */
+    ret = dilithium_squeeze128(shake128, seed, DILITHIUM_GEN_A_SEED_SZ, h,
+        DILITHIUM_GEN_A_NBLOCKS);
     if (ret == 0) {
     #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
         /* Reading 4 bytes for 3 so need to set 1 past for last read. */
@@ -1786,7 +1972,7 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
     #endif
 
         /* Use the first 256 triplets and know we won't exceed required. */
-#ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE
+    #ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE
         for (c = 0; c < (DILITHIUM_N - 1) * 3; c += 3) {
         #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
             /* Load 32-bit value and mask out 23 bits. */
@@ -1822,7 +2008,7 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
                 }
             }
         }
-#else
+    #else
         /* Do 15 bytes at a time: 255 * 3 / 15 = 51 */
         for (c = 0; c < DILITHIUM_N * 3; c += 24) {
         #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
@@ -1919,7 +2105,7 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
                 }
             }
         }
-#endif
+    #endif
         /* Keep generating more blocks and using triplets until we have enough.
          */
         while (j < DILITHIUM_N) {
@@ -1952,15 +2138,60 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
             }
         }
     }
-
-#if !defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && defined(WOLFSSL_SMALL_STACK)
-    XFREE(h, NULL, DYNAMIC_TYPE_DILITHIUM);
 #endif
+
     return ret;
+}
+
+#if (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM)) || \
+    defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))
+/* Generate a random polynomial by rejection.
+ *
+ * @param [in, out] shake128  SHAKE-128 object.
+ * @param [in]      seed      Seed to hash to generate values.
+ * @param [out]     a         Polynomial.
+ * @param [in]      heap      Dynamic memory hint.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * @return  Negative on hash error.
+ */
+static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
+    void* heap)
+{
+    int ret;
+#if defined(WOLFSSL_SMALL_STACK)
+    byte* h = NULL;
+#else
+    byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE];
+#endif
+
+    (void)heap;
+
+#if defined(WOLFSSL_SMALL_STACK)
+    h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, heap,
+        DYNAMIC_TYPE_DILITHIUM);
+    if (h == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+    ret = dilithium_rej_ntt_poly_ex(shake128, seed, a, h);
+
+#if defined(WOLFSSL_SMALL_STACK)
+    XFREE(h, heap, DYNAMIC_TYPE_DILITHIUM);
 #endif
+
+    return ret;
 }
+#endif
 
-#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+#if (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM)) || \
     defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
     (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
      !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \
@@ -1983,11 +2214,12 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
  * @param [in]      k         First dimension of matrix a.
  * @param [in]      l         Second dimension of matrix a.
  * @param [out]     a         Matrix of polynomials.
+ * @param [in]      heap      Dynamic memory hint.
  * @return  0 on success.
  * @return  Negative on hash error.
  */
 static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k,
-    byte l, sword32* a)
+    byte l, sword32* a, void* heap)
 {
     int ret = 0;
     byte r;
@@ -2005,7 +2237,7 @@ static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k,
             /* Put s into buffer to be hashed. */
             seed[DILITHIUM_PUB_SEED_SZ + 0] = s;
             /* Step 3: Create polynomial from hashing seed. */
-            ret = dilithium_rej_ntt_poly(shake128, seed, a, NULL);
+            ret = dilithium_rej_ntt_poly(shake128, seed, a, heap);
             /* Next polynomial. */
             a += DILITHIUM_N;
         }
@@ -2031,7 +2263,7 @@ static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k,
 #define DILITHIUM_COEFF_S_VALID_ETA2(b) \
     ((b) < DILITHIUM_ETA_2_MOD)
 
-static const byte dilithium_coeff_eta2[] = {
+static const char dilithium_coeff_eta2[] = {
     2, 1, 0, -1, -2,
     2, 1, 0, -1, -2,
     2, 1, 0, -1, -2
@@ -2514,6 +2746,7 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
 #endif
 
 #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+
 /* Expand commit to a polynomial.
  *
  * FIPS 204. 8.3: Algorithm 23 SampleInBall(rho)
@@ -2530,48 +2763,37 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
  *  11: end for
  *  12: return c
  *
- * @param [in]  shake256   SHAKE-256 object.
- * @param [in]  seed       Buffer containing seed to expand.
- * @param [in]  tau        Number of +/- 1s in polynomial.
- * @param [out] c          Commit polynomial.
- * @param [in]  key_block  Memory to use for block from key.
+ * @param [in]  shake256  SHAKE-256 object.
+ * @param [in]  seed      Buffer containing seed to expand.
+ * @param [in]  seedLen   Length of seed in bytes.
+ * @param [in]  tau       Number of +/- 1s in polynomial.
+ * @param [out] c         Commit polynomial.
+ * @param [in]  block     Memory to use for block from key.
  * @return  0 on success.
- * @return  MEMORY_E when dynamic memory allocation fails.
  * @return  Negative on hash error.
  */
-static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed,
-   byte tau, sword32* c, byte* key_block)
+static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed,
+   word32 seedLen, byte tau, sword32* c, byte* block)
 {
     int ret = 0;
     unsigned int k;
     unsigned int i;
     unsigned int s;
-#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC)
-    byte* block = NULL;
-#else
-    byte block[DILITHIUM_GEN_C_BLOCK_BYTES];
-#endif
     byte signs[DILITHIUM_SIGN_BYTES];
 
-    (void)key_block;
-
-#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
-    block = key_block;
-#elif defined(WOLFSSL_SMALL_STACK)
-    block = (byte*)XMALLOC(DILITHIUM_GEN_C_BLOCK_BYTES, NULL,
-        DYNAMIC_TYPE_DILITHIUM);
-    if (block == NULL) {
-        ret = MEMORY_E;
-    }
-#endif
-
     if (ret == 0) {
         /* Set polynomial to all zeros. */
         XMEMSET(c, 0, DILITHIUM_POLY_SIZE);
 
         /* Generate a block of data from seed. */
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        ret = dilithium_shake256(shake256, seed, seedLen, block,
+            DILITHIUM_GEN_C_BLOCK_BYTES);
+#else
+        (void)seedLen;
         ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block,
             DILITHIUM_GEN_C_BLOCK_BYTES);
+#endif
     }
     if (ret == 0) {
         /* Copy first 8 bytes of first hash block as random sign bits. */
@@ -2609,13 +2831,59 @@ static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed,
         s++;
     }
 
-#if !defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && defined(WOLFSSL_SMALL_STACK)
-    XFREE(block, NULL, DYNAMIC_TYPE_DILITHIUM);
+    return ret;
+}
+
+#if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))
+/* Expand commit to a polynomial.
+ *
+ * @param [in]  shake256  SHAKE-256 object.
+ * @param [in]  seed      Buffer containing seed to expand.
+ * @param [in]  seedLen   Length of seed in bytes.
+ * @param [in]  tau       Number of +/- 1s in polynomial.
+ * @param [out] c         Commit polynomial.
+ * @param [in]  heap      Dynamic memory hint.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * @return  Negative on hash error.
+ */
+static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed,
+   word32 seedLen, byte tau, sword32* c, void* heap)
+{
+    int ret = 0;
+#if defined(WOLFSSL_SMALL_STACK)
+    byte* block = NULL;
+#else
+    byte block[DILITHIUM_GEN_C_BLOCK_BYTES];
+#endif
+
+    (void)heap;
+
+#if defined(WOLFSSL_SMALL_STACK)
+    block = (byte*)XMALLOC(DILITHIUM_GEN_C_BLOCK_BYTES, heap,
+        DYNAMIC_TYPE_DILITHIUM);
+    if (block == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+    if (ret == 0) {
+        ret = dilithium_sample_in_ball_ex(shake256, seed, seedLen, tau, c,
+            block);
+    }
+
+#if defined(WOLFSSL_SMALL_STACK)
+    XFREE(block, heap, DYNAMIC_TYPE_DILITHIUM);
 #endif
     return ret;
 }
 #endif
 
+#endif
+
 /******************************************************************************
  * Decompose operations
  ******************************************************************************/
@@ -2734,7 +3002,8 @@ static void dilithium_decompose_q32(sword32 r, sword32* r0, sword32* r1)
 
 #ifndef WOLFSSL_DILITHIUM_NO_SIGN
 
-#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
+#if !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \
+    defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A)
 /* Decompose vector of polynomials into high and low based on GAMMA2.
  *
  * @param [in]  r       Vector of polynomials to decompose.
@@ -3124,11 +3393,11 @@ static int dilithium_check_hint(const byte* h, byte k, byte omega)
     unsigned int i;
 
     /* Skip polynomial index while count is 0. */
-    while ((h[omega + o] == 0) && (o < k)) {
+    while ((o < k) && (h[omega + o] == 0)) {
         o++;
     }
     /* Check all possible hints. */
-    for (i = 1; i < omega; i++) {
+    for (i = 1; (o < k) && (i < omega); i++) {
         /* Done with polynomial if index equals count of hints. */
         if (i == h[omega + o]) {
             /* Next polynomial index while count is index. */
@@ -5159,27 +5428,27 @@ static void dilithium_vec_make_pos(sword32* a, byte l)
 /* Make a key from a random seed.
  *
  * xi is seed passed in.
- * FIPS 204. 5: Algorithm 1 ML-DSA.KeyGen()
- *   ...
- *   2: (rho, rho', K) E {0,1}256 x {0,1}512 x {0,1}256 <- H(xi, 1024)
+ * FIPS 204. 6.1: Algorithm 6 ML-DSA.KeyGen_internal(xi)
+ *   1: (rho, rho', K) E B32 x B64 x B32 <- H(xi||k||l, 1024)
+ *   2:
  *   3: A_circum <- ExpandA(rho)
  *   4: (s1,s2) <- ExpandS(rho')
  *   5: t <- NTT-1(A_circum o NTT(s1)) + s2
  *   6: (t1, t0) <- Power2Round(t, d)
  *   7: pk <- pkEncode(rho, t1)
- *   8: tr <- H(BytesToBits(pk), 512)
+ *   8: tr <- H(pk, 64)
  *   9: sk <- skEncode(rho, K, tr, s1, s2, t0)
  *  10: return (pk, sk)
  *
- * FIPS 204. 8.2: Algorithm 16 pkEncode(rho, t1)
- *   1: pk <- BitsToBytes(rho)
- *   2: for i from 0 to l - 1 do
+ * FIPS 204. 7.2: Algorithm 22 pkEncode(rho, t1)
+ *   1: pk <- rho
+ *   2: for i from 0 to k - 1 do
  *   3:     pk <- pk || SimpleBitPack(t1[i], 2^(bitlen(q-1)-d) - 1)
  *   4: end for
  *   5: return pk
  *
- * FIPS 204. 8.2: Algorithm 18 skEncode(rho, K, tr, s, s2, t0)
- *   1: sk <- BitsToBytes(rho) || BitsToBytes(K) || BitsToBytes(tr)
+ * FIPS 204. 7.2: Algorithm 24 skEncode(rho, K, tr, s, s2, t0)
+ *   1: sk <- rho || K || tr
  *   2: for i from 0 to l - 1 do
  *   3:     sk <- sk || BitPack(s1[i], eta, eta)
  *   4: end for
@@ -5201,6 +5470,7 @@ static void dilithium_vec_make_pos(sword32* a, byte l)
  */
 static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 {
+#ifndef WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
     int ret = 0;
     const wc_dilithium_params* params = key->params;
     sword32* a = NULL;
@@ -5208,22 +5478,30 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
     sword32* s2 = NULL;
     sword32* t = NULL;
     byte* pub_seed = key->k;
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    byte kl[2];
+#endif
 
     /* Allocate memory for large intermediates. */
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
+#ifndef WC_DILITHIUM_FIXED_ARRAY
     if (key->a == NULL) {
-        key->a = (sword32*)XMALLOC(params->aSz, NULL, DYNAMIC_TYPE_DILITHIUM);
+        key->a = (sword32*)XMALLOC(params->aSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
         if (key->a == NULL) {
             ret = MEMORY_E;
         }
     }
+#endif
     if (ret == 0) {
         a = key->a;
     }
 #endif
 #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+#ifndef WC_DILITHIUM_FIXED_ARRAY
     if ((ret == 0) && (key->s1 == NULL)) {
-        key->s1 = (sword32*)XMALLOC(params->aSz, NULL, DYNAMIC_TYPE_DILITHIUM);
+        key->s1 = (sword32*)XMALLOC(params->aSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
         if (key->s1 == NULL) {
             ret = MEMORY_E;
         }
@@ -5232,6 +5510,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
             key->t0 = key->s2  + params->s2Sz / sizeof(*s2);
         }
     }
+#endif
     if (ret == 0) {
         s1 = key->s1;
         s2 = key->s2;
@@ -5247,7 +5526,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 #endif
 
         /* s1, s2, t, a */
-        s1 = (sword32*)XMALLOC(allocSz, NULL, DYNAMIC_TYPE_DILITHIUM);
+        s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
         if (s1 == NULL) {
             ret = MEMORY_E;
         }
@@ -5255,25 +5534,34 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
             s2 = s1 + params->s1Sz / sizeof(*s1);
             t  = s2 + params->s2Sz / sizeof(*s2);
 #ifndef WC_DILITHIUM_CACHE_MATRIX_A
-            a  = t  + params->s2Sz / sizeof(*s2);
+            a  = t  + params->s2Sz / sizeof(*t);
 #endif
         }
     }
 #endif
 
     if (ret == 0) {
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        kl[0] = params->k;
+        kl[1] = params->l;
+        /* Step 1: Create public seed, private seed and K from seed.
+         * Step 9; Alg 24, Step 1: Public seed is placed into private key. */
+        ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2,
+            pub_seed, DILITHIUM_SEEDS_SZ);
+#else
         /* Step 2: Create public seed, private seed and K from seed.
          * Step 9; Alg 18, Step 1: Public seed is placed into private key. */
         ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed,
             DILITHIUM_SEEDS_SZ);
+#endif
     }
     if (ret == 0) {
-        /* Step 7; Alg 16 Step 1: Copy public seed into public key. */
+        /* Step 7; Alg 22 Step 1: Copy public seed into public key. */
         XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ);
 
         /* Step 3: Expand public seed into a matrix of polynomials. */
         ret = dilithium_expand_a(&key->shake, pub_seed, params->k, params->l,
-            a);
+            a, key->heap);
     }
     if (ret == 0) {
         byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ;
@@ -5292,9 +5580,9 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 
         /* Step 9: Move k down to after public seed. */
         XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ);
-        /* Step 9. Alg 18 Steps 2-4: Encode s1 into private key. */
+        /* Step 9. Alg 24 Steps 2-4: Encode s1 into private key. */
         dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p);
-        /* Step 9. Alg 18 Steps 5-7: Encode s2 into private key. */
+        /* Step 9. Alg 24 Steps 5-7: Encode s2 into private key. */
         dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p);
 
         /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */
@@ -5305,11 +5593,11 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 
         /* Make positive for decomposing. */
         dilithium_vec_make_pos(t, params->k);
-        /* Step 6, Step 7, Step 9. Alg 16 Steps 2-4, Alg 18 Steps 8-10.
+        /* Step 6, Step 7, Step 9. Alg 22 Steps 2-4, Alg 24 Steps 8-10.
          * Decompose t in t0 and t1 and encode into public and private key.
          */
         dilithium_vec_encode_t0_t1(t, params->k, t0, t1);
-        /* Step 8. Alg 18, Step 1: Hash public key into private key. */
+        /* Step 8. Alg 24, Step 1: Hash public key into private key. */
         ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr,
             DILITHIUM_TR_SZ);
     }
@@ -5332,20 +5620,239 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
     }
 
 #ifndef WC_DILITHIUM_CACHE_PRIV_VECTORS
-    XFREE(s1, NULL, DYNAMIC_TYPE_DILITHIUM);
+    XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
 #endif
     return ret;
-}
+#else
+    int ret = 0;
+    const wc_dilithium_params* params = key->params;
+    sword32* a = NULL;
+    sword32* s1 = NULL;
+    sword32* s2 = NULL;
+    sword32* t = NULL;
+#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+    sword64* t64 = NULL;
+#endif
+    byte* h = NULL;
+    byte* pub_seed = key->k;
+    unsigned int r;
+    unsigned int s;
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    byte kl[2];
+#endif
 
-/* Make a key from a random seed.
- *
- * FIPS 204. 5: Algorithm 1 ML-DSA.KeyGen()
- *   1: xi <- {0,1}256  [Choose random seed]
- *   ...
- *
- * @param [in, out] key  Dilithium key.
- * @param [in]      rng  Random number generator.
- * @return  0 on success.
+    /* Allocate memory for large intermediates. */
+    if (ret == 0) {
+        unsigned int allocSz;
+
+        /* s1-l, s2-k, t-k, a-1 */
+        allocSz  = params->s1Sz + params->s2Sz + params->s2Sz +
+            DILITHIUM_REJ_NTT_POLY_H_SIZE + DILITHIUM_POLY_SIZE;
+    #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+        /* t64 */
+        allocSz += DILITHIUM_POLY_SIZE * 2;
+    #endif
+        s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (s1 == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            s2 = s1 + params->s1Sz / sizeof(*s1);
+            t  = s2 + params->s2Sz / sizeof(*s2);
+            h  = (byte*)(t  + params->s2Sz / sizeof(*t));
+            a  = (sword32*)(h + DILITHIUM_REJ_NTT_POLY_H_SIZE);
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            t64 = (sword64*)(a + DILITHIUM_N);
+        #endif
+        }
+    }
+
+    if (ret == 0) {
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        kl[0] = params->k;
+        kl[1] = params->l;
+        /* Step 1: Create public seed, private seed and K from seed.
+         * Step 9; Alg 24, Step 1: Public seed is placed into private key. */
+        ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2,
+            pub_seed, DILITHIUM_SEEDS_SZ);
+#else
+        /* Step 2: Create public seed, private seed and K from seed.
+         * Step 9; Alg 18, Step 1: Public seed is placed into private key. */
+        ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed,
+            DILITHIUM_SEEDS_SZ);
+#endif
+    }
+    if (ret == 0) {
+        byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ;
+
+        /* Step 7; Alg 22 Step 1: Copy public seed into public key. */
+        XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ);
+
+        /* Step 4: Expand private seed into to vectors of polynomials. */
+        ret = dilithium_expand_s(&key->shake, priv_seed, params->eta, s1,
+            params->l, s2, params->k);
+    }
+    if (ret == 0) {
+        byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+        byte* tr = k + DILITHIUM_K_SZ;
+        byte* s1p = tr + DILITHIUM_TR_SZ;
+        byte* s2p = s1p + params->s1EncSz;
+        byte* t0 = s2p + params->s2EncSz;
+        byte* t1 = key->p + DILITHIUM_PUB_SEED_SZ;
+        byte aseed[DILITHIUM_GEN_A_SEED_SZ];
+        sword32* s2t = s2;
+        sword32* tt = t;
+
+        /* Step 9: Move k down to after public seed. */
+        XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ);
+        /* Step 9. Alg 24 Steps 2-4: Encode s1 into private key. */
+        dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p);
+        /* Step 9. Alg 24 Steps 5-7: Encode s2 into private key. */
+        dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p);
+
+        /* Step 5: NTT(s1) */
+        dilithium_vec_ntt_small(s1, params->l);
+        /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */
+        XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ);
+        for (r = 0; (ret == 0) && (r < params->k); r++) {
+            sword32* s1t = s1;
+            unsigned int e;
+
+            /* Put r/i into buffer to be hashed. */
+            aseed[DILITHIUM_PUB_SEED_SZ + 1] = r;
+            for (s = 0; (ret == 0) && (s < params->l); s++) {
+
+                /* Put s into buffer to be hashed. */
+                aseed[DILITHIUM_PUB_SEED_SZ + 0] = s;
+                /* Step 3: Expand public seed into a matrix of polynomials. */
+                ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, a, h);
+                if (ret != 0) {
+                    break;
+                }
+                /* Matrix multiply. */
+            #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+                if (s == 0) {
+                #ifdef WOLFSSL_DILITHIUM_SMALL
+                    for (e = 0; e < DILITHIUM_N; e++) {
+                        tt[e] = dilithium_mont_red((sword64)a[e] * s1t[e]);
+                    }
+                #else
+                    for (e = 0; e < DILITHIUM_N; e += 8) {
+                        tt[e+0] = dilithium_mont_red((sword64)a[e+0]*s1t[e+0]);
+                        tt[e+1] = dilithium_mont_red((sword64)a[e+1]*s1t[e+1]);
+                        tt[e+2] = dilithium_mont_red((sword64)a[e+2]*s1t[e+2]);
+                        tt[e+3] = dilithium_mont_red((sword64)a[e+3]*s1t[e+3]);
+                        tt[e+4] = dilithium_mont_red((sword64)a[e+4]*s1t[e+4]);
+                        tt[e+5] = dilithium_mont_red((sword64)a[e+5]*s1t[e+5]);
+                        tt[e+6] = dilithium_mont_red((sword64)a[e+6]*s1t[e+6]);
+                        tt[e+7] = dilithium_mont_red((sword64)a[e+7]*s1t[e+7]);
+                    }
+                #endif
+                }
+                else {
+                #ifdef WOLFSSL_DILITHIUM_SMALL
+                    for (e = 0; e < DILITHIUM_N; e++) {
+                        tt[e] += dilithium_mont_red((sword64)a[e] * s1t[e]);
+                    }
+                #else
+                    for (e = 0; e < DILITHIUM_N; e += 8) {
+                        tt[e+0] += dilithium_mont_red((sword64)a[e+0]*s1t[e+0]);
+                        tt[e+1] += dilithium_mont_red((sword64)a[e+1]*s1t[e+1]);
+                        tt[e+2] += dilithium_mont_red((sword64)a[e+2]*s1t[e+2]);
+                        tt[e+3] += dilithium_mont_red((sword64)a[e+3]*s1t[e+3]);
+                        tt[e+4] += dilithium_mont_red((sword64)a[e+4]*s1t[e+4]);
+                        tt[e+5] += dilithium_mont_red((sword64)a[e+5]*s1t[e+5]);
+                        tt[e+6] += dilithium_mont_red((sword64)a[e+6]*s1t[e+6]);
+                        tt[e+7] += dilithium_mont_red((sword64)a[e+7]*s1t[e+7]);
+                    }
+                #endif
+                }
+            #else
+                if (s == 0) {
+                #ifdef WOLFSSL_DILITHIUM_SMALL
+                    for (e = 0; e < DILITHIUM_N; e++) {
+                        t64[e] = (sword64)a[e] * s1t[e];
+                    }
+                #else
+                    for (e = 0; e < DILITHIUM_N; e += 8) {
+                        t64[e+0] = (sword64)a[e+0] * s1t[e+0];
+                        t64[e+1] = (sword64)a[e+1] * s1t[e+1];
+                        t64[e+2] = (sword64)a[e+2] * s1t[e+2];
+                        t64[e+3] = (sword64)a[e+3] * s1t[e+3];
+                        t64[e+4] = (sword64)a[e+4] * s1t[e+4];
+                        t64[e+5] = (sword64)a[e+5] * s1t[e+5];
+                        t64[e+6] = (sword64)a[e+6] * s1t[e+6];
+                        t64[e+7] = (sword64)a[e+7] * s1t[e+7];
+                    }
+                #endif
+                }
+                else {
+                #ifdef WOLFSSL_DILITHIUM_SMALL
+                    for (e = 0; e < DILITHIUM_N; e++) {
+                        t64[e] += (sword64)a[e] * s1t[e];
+                    }
+                #else
+                    for (e = 0; e < DILITHIUM_N; e += 8) {
+                        t64[e+0] += (sword64)a[e+0] * s1t[e+0];
+                        t64[e+1] += (sword64)a[e+1] * s1t[e+1];
+                        t64[e+2] += (sword64)a[e+2] * s1t[e+2];
+                        t64[e+3] += (sword64)a[e+3] * s1t[e+3];
+                        t64[e+4] += (sword64)a[e+4] * s1t[e+4];
+                        t64[e+5] += (sword64)a[e+5] * s1t[e+5];
+                        t64[e+6] += (sword64)a[e+6] * s1t[e+6];
+                        t64[e+7] += (sword64)a[e+7] * s1t[e+7];
+                    }
+                #endif
+                }
+            #endif
+                /* Next polynomial. */
+                s1t += DILITHIUM_N;
+            }
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            for (e = 0; e < DILITHIUM_N; e++) {
+                tt[e] = dilithium_mont_red(t64[e]);
+            }
+        #endif
+            dilithium_invntt(tt);
+            dilithium_add(tt, s2t);
+            /* Make positive for decomposing. */
+            dilithium_make_pos(tt);
+
+            tt += DILITHIUM_N;
+            s2t += DILITHIUM_N;
+        }
+
+        /* Step 6, Step 7, Step 9. Alg 22 Steps 2-4, Alg 24 Steps 8-10.
+         * Decompose t in t0 and t1 and encode into public and private key.
+         */
+        dilithium_vec_encode_t0_t1(t, params->k, t0, t1);
+        /* Step 8. Alg 24, Step 1: Hash public key into private key. */
+        ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        /* Public key and private key are available. */
+        key->prvKeySet = 1;
+        key->pubKeySet = 1;
+    }
+
+    XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    return ret;
+#endif
+}
+
+/* Make a key from a random seed.
+ *
+ * FIPS 204. 5.1: Algorithm 1 ML-DSA.KeyGen()
+ *   1: xi <- B32  [Choose random seed]
+ *   2: if xi = NULL then
+ *   3:   return falsam
+ *   4: end if
+ *   5: return ML-DSA.KeyGen_internal(xi)
+ *
+ * @param [in, out] key  Dilithium key.
+ * @param [in]      rng  Random number generator.
+ * @return  0 on success.
  * @return  MEMORY_E when memory allocation fails.
  * @return  Other negative when an error occurs.
  */
@@ -5354,10 +5861,11 @@ static int dilithium_make_key(dilithium_key* key, WC_RNG* rng)
     int ret;
     byte seed[DILITHIUM_SEED_SZ];
 
-    /* Generate a 256-bit random seed. */
+    /* Step 1: Generate a 32 byte random seed. */
     ret = wc_RNG_GenerateBlock(rng, seed, DILITHIUM_SEED_SZ);
+    /* Step 2: Check for error. */
     if (ret == 0) {
-        /* Make key with random seed. */
+        /* Step 5: Make key with random seed. */
         ret = wc_dilithium_make_key_from_seed(key, seed);
     }
 
@@ -5368,10 +5876,11 @@ static int dilithium_make_key(dilithium_key* key, WC_RNG* rng)
 #ifndef WOLFSSL_DILITHIUM_NO_SIGN
 
 #if !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \
+    defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) || \
     defined(WC_DILITHIUM_CACHE_PRIV_VECTORS)
 /* Decode, from private key, and NTT private key vectors s1, s2, and t0.
  *
- * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M)
+ * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M)
  *   1: (rho, K, tr, s1, s2, t0) <- skDecode(sk)
  *   2: s1_circum <- NTT(s1)
  *   3: s2_circum <- NTT(s2)
@@ -5414,7 +5923,13 @@ static void dilithium_make_priv_vecs(dilithium_key* key, sword32* s1,
 
 /* Sign a message with the key and a seed.
  *
- * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M)
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.sign(sk, M, ctx)
+ *   ...
+ *  10: M' <- ByyesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx) || M
+ *   ...
+ *
+ * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M)
  *   1: (rho, K, tr, s1, s2, t0) <- skDecode(sk)
  *   2: s1_circum <- NTT(s1)
  *   3: s2_circum <- NTT(s2)
@@ -5453,26 +5968,25 @@ static void dilithium_make_priv_vecs(dilithium_key* key, sword32* s1,
  *  33: return sigma
  *
  * @param [in, out] key     Dilithium key.
- * @param [in, out] seed    Random seed.
- * @param [in]      msg     Message data to sign.
- * @param [in]      msgLen  Length of message data in bytes.
+ * @param [in]      seedMu  Random seed || mu.
  * @param [out]     sig     Buffer to hold signature.
  * @param [in, out] sigLen  On in, length of buffer in bytes.
  *                          On out, the length of the signature in bytes.
  * @return  0 on success.
+ * @return  BAD_FUNC_ARG when context length is greater than 255.
  * @return  BUFFER_E when the signature buffer is too small.
  * @return  MEMORY_E when memory allocation fails.
  * @return  Other negative when an error occurs.
  */
-static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
-    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
+static int dilithium_sign_with_seed_mu(dilithium_key* key,
+    const byte* seedMu, byte* sig, word32 *sigLen)
 {
 #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
     int ret = 0;
     const wc_dilithium_params* params = key->params;
-    byte* pub_seed = key->k;
-    byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
-    byte* tr = k + DILITHIUM_K_SZ;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* mu = seedMu + DILITHIUM_RND_SZ;
     sword32* a = NULL;
     sword32* s1 = NULL;
     sword32* s2 = NULL;
@@ -5483,13 +5997,11 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
     sword32* c = NULL;
     sword32* z = NULL;
     sword32* ct0 = NULL;
-    byte data[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
-    byte* mu = data + DILITHIUM_RND_SZ;
     byte priv_rand_seed[DILITHIUM_Y_SEED_SZ];
-    byte* h = sig + params->lambda * 2 + params->zEncSz;
+    byte* h = sig + params->lambda / 4 + params->zEncSz;
 
     /* Check the signature buffer isn't too small. */
-    if ((ret == 0) && (*sigLen < params->sigSz)) {
+    if (*sigLen < params->sigSz) {
         ret = BUFFER_E;
     }
     if (ret == 0) {
@@ -5499,19 +6011,23 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
 
     /* Allocate memory for large intermediates. */
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
+#ifndef WC_DILITHIUM_FIXED_ARRAY
     if ((ret == 0) && (key->a == NULL)) {
-        a = (sword32*)XMALLOC(params->aSz, NULL, DYNAMIC_TYPE_DILITHIUM);
+        a = (sword32*)XMALLOC(params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
         if (a == NULL) {
             ret = MEMORY_E;
         }
     }
+#endif
     if (ret == 0) {
         a = key->a;
     }
 #endif
 #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+#ifndef WC_DILITHIUM_FIXED_ARRAY
     if ((ret == 0) && (key->s1 == NULL)) {
-        key->s1 = (sword32*)XMALLOC(params->aSz, NULL, DYNAMIC_TYPE_DILITHIUM);
+        key->s1 = (sword32*)XMALLOC(params->aSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
         if (key->s1 == NULL) {
             ret = MEMORY_E;
         }
@@ -5520,6 +6036,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
             key->t0 = key->s2  + params->s2Sz / sizeof(*s2);
         }
     }
+#endif
     if (ret == 0) {
         s1 = key->s1;
         s2 = key->s2;
@@ -5540,7 +6057,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
         /* A */
         allocSz += params->aSz;
 #endif
-        y = (sword32*)XMALLOC(allocSz, NULL, DYNAMIC_TYPE_DILITHIUM);
+        y = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
         if (y == NULL) {
             ret = MEMORY_E;
         }
@@ -5578,24 +6095,15 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
         {
             /* Step 5: Create the matrix A from the public seed. */
             ret = dilithium_expand_a(&key->shake, pub_seed, params->k,
-                params->l, a);
+                params->l, a, key->heap);
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
             key->aSet = (ret == 0);
 #endif
         }
     }
-    if (ret == 0) {
-        /* Step 6: Compute the hash of tr, public key hash, and message. */
-        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
-            mu, DILITHIUM_MU_SZ);
-    }
-    if (ret == 0) {
-        /* Step 7: Copy random into buffer for hashing. */
-        XMEMCPY(data, seed, DILITHIUM_RND_SZ);
-    }
     if (ret == 0) {
         /* Step 9: Compute private random using hash. */
-        ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, data,
+        ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, seedMu,
             DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed,
             DILITHIUM_PRIV_RAND_SEED_SZ);
     }
@@ -5639,11 +6147,11 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
                 /* Step 15: Hash mu and encoded w1.
                  * Step 32: Hash is stored in signature. */
                 ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ,
-                    w1e, params->w1EncSz, commit, 2 * params->lambda);
+                    w1e, params->w1EncSz, commit, params->lambda / 4);
                 if (ret == 0) {
                     /* Step 17: Compute c from first 256 bits of commit. */
                     ret = dilithium_sample_in_ball(&key->shake, commit,
-                        params->tau, c, NULL);
+                        params->lambda / 4, params->tau, c, key->heap);
                 }
                 if (ret == 0) {
                     sword32 hi;
@@ -5707,23 +6215,24 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
         while ((ret == 0) && (!valid));
     }
     if (ret == 0) {
-        byte* ze = sig + params->lambda * 2;
+        byte* ze = sig + params->lambda / 4;
         /* Step 32: Encode z into signature.
          * Commit (c) and h already encoded into signature. */
         dilithium_vec_encode_gamma1(z, params->l, params->gamma1_bits, ze);
     }
 
-    XFREE(y, NULL, DYNAMIC_TYPE_DILITHIUM);
+    XFREE(y, key->heap, DYNAMIC_TYPE_DILITHIUM);
     return ret;
 #else
     int ret = 0;
     const wc_dilithium_params* params = key->params;
-    byte* pub_seed = key->k;
-    byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
-    byte* tr = k + DILITHIUM_K_SZ;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
     const byte* s1p = tr + DILITHIUM_TR_SZ;
     const byte* s2p = s1p + params->s1EncSz;
     const byte* t0p = s2p + params->s2EncSz;
+    const byte* mu = seedMu + DILITHIUM_RND_SZ;
     sword32* a = NULL;
     sword32* s1 = NULL;
     sword32* s2 = NULL;
@@ -5735,10 +6244,16 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
     sword32* c = NULL;
     sword32* z = NULL;
     sword32* ct0 = NULL;
-    byte data[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
-    byte* mu = data + DILITHIUM_RND_SZ;
+#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+    sword64* t64 = NULL;
+#endif
+    byte* blocks = NULL;
     byte priv_rand_seed[DILITHIUM_Y_SEED_SZ];
-    byte* h = sig + params->lambda * 2 + params->zEncSz;
+    byte* h = sig + params->lambda / 4 + params->zEncSz;
+#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+    byte maxK = (byte)min(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A,
+        params->k);
+#endif
 
     /* Check the signature buffer isn't too small. */
     if ((ret == 0) && (*sigLen < params->sigSz)) {
@@ -5753,58 +6268,101 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
     if (ret == 0) {
         unsigned int allocSz;
 
-        /* y-l, w0-k, w1-k, c-1, s1-1, A-1 */
-        allocSz = params->s1Sz + params->s2Sz + params->s2Sz +
+        /* y-l, w0-k, w1-k, blocks, c-1, z-1, A-1 */
+        allocSz  = params->s1Sz + params->s2Sz + params->s2Sz +
+            DILITHIUM_REJ_NTT_POLY_H_SIZE +
             DILITHIUM_POLY_SIZE +  DILITHIUM_POLY_SIZE + DILITHIUM_POLY_SIZE;
-        y = (sword32*)XMALLOC(allocSz, NULL, DYNAMIC_TYPE_DILITHIUM);
+    #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+        allocSz += params->s1Sz + params->s2Sz + params->s2Sz;
+    #elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A)
+        allocSz += maxK * params->l * DILITHIUM_POLY_SIZE;
+    #endif
+    #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+        allocSz += DILITHIUM_POLY_SIZE * 2;
+    #endif
+        y = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
         if (y == NULL) {
             ret = MEMORY_E;
         }
         else {
-            w0    = y  + params->s1Sz / sizeof(*y_ntt);
-            w1    = w0 + params->s2Sz / sizeof(*w0);
-            c     = w1 + params->s2Sz / sizeof(*w1);
-            s1    = c  + DILITHIUM_N;
-            a     = s1 + DILITHIUM_N;
-            s2    = s1;
-            t0    = s1;
-            ct0   = s1;
-            z     = s1;
-            y_ntt = s1;
+            w0     = y  + params->s1Sz / sizeof(*y_ntt);
+            w1     = w0 + params->s2Sz / sizeof(*w0);
+            blocks = (byte*)(w1 + params->s2Sz / sizeof(*w1));
+            c      = (sword32*)(blocks + DILITHIUM_REJ_NTT_POLY_H_SIZE);
+            z      = c  + DILITHIUM_N;
+            a      = z  + DILITHIUM_N;
+            ct0    = z;
+    #if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A)
+            y_ntt  = w0;
+            s1     = z;
+            s2     = z;
+            t0     = z;
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            t64    = (sword64*)(a + (1 + maxK * params->l) * DILITHIUM_N);
+        #endif
+    #elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC)
+            y_ntt  = z;
+            s1     = a  + DILITHIUM_N;
+            s2     = s1 + params->s1Sz / sizeof(*s1);
+            t0     = s2 + params->s2Sz / sizeof(*s2);
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            t64    = (sword64*)(t0 + params->s2Sz / sizeof(*t0));
+        #endif
+    #else
+            y_ntt  = z;
+            s1     = z;
+            s2     = z;
+            t0     = z;
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            t64    = (sword64*)(a + DILITHIUM_N);
+        #endif
+    #endif
         }
     }
 
-    if (ret == 0) {
-        /* Step 7: Copy random into buffer for hashing. */
-        XMEMCPY(data, seed, DILITHIUM_RND_SZ);
-
-        /* Step 6: Compute the hash of tr, public key hash, and message. */
-        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
-            mu, DILITHIUM_MU_SZ);
-    }
     if (ret == 0) {
         /* Step 9: Compute private random using hash. */
-        ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, data,
+        ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, seedMu,
             DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed,
             DILITHIUM_PRIV_RAND_SEED_SZ);
     }
+#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+    if (ret == 0) {
+        dilithium_make_priv_vecs(key, s1, s2, t0);
+    }
+#endif
+#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+    if (ret == 0) {
+        /* Step 5: Create the matrix A from the public seed. */
+        ret = dilithium_expand_a(&key->shake, pub_seed, maxK, params->l, a,
+            key->heap);
+    }
+#endif
     if (ret == 0) {
         word16 kappa = 0;
         int valid;
 
         /* Step 11: Start rejection sampling loop */
         do {
+            byte aseed[DILITHIUM_GEN_A_SEED_SZ];
             byte w1e[DILITHIUM_MAX_W1_ENC_SZ];
             sword32* w = w1;
             byte* commit = sig;
             byte r;
             byte s;
-            byte aseed[DILITHIUM_GEN_A_SEED_SZ];
             sword32 hi;
-            sword32* at = a;
             sword32* wt = w;
             sword32* w0t = w0;
             sword32* w1t = w1;
+            sword32* at = a;
+
+        #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+            w0t += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N;
+            w1t += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N;
+            wt += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N;
+            at += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * params->l *
+                DILITHIUM_N;
+        #endif
 
             valid = 1;
             /* Step 12: Compute vector y from private random seed and kappa. */
@@ -5815,13 +6373,33 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
                 (1 << params->gamma1_bits) - params->beta);
         #endif
 
+        #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+            /* Step 13: NTT-1(A o NTT(y)) */
+            XMEMCPY(y_ntt, y, params->s1Sz);
+            dilithium_vec_ntt(y_ntt, params->l);
+            dilithium_matrix_mul(w, a, y_ntt, maxK, params->l);
+            dilithium_vec_invntt(w, maxK);
+            /* Step 14, Step 22: Make values positive and decompose. */
+            dilithium_vec_make_pos(w, maxK);
+            dilithium_vec_decompose(w, maxK, params->gamma2, w0, w1);
+        #endif
             /* Step 5: Create the matrix A from the public seed. */
             /* Copy the seed into a buffer that has space for s and r. */
             XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ);
+        #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+            r = WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A;
+        #else
+            r = 0;
+        #endif
             /* Alg 26. Step 1: Loop over first dimension of matrix. */
-            for (r = 0; (ret == 0) && valid && (r < params->k); r++) {
+            for (; (ret == 0) && valid && (r < params->k); r++) {
                 unsigned int e;
                 sword32* yt = y;
+            #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+                sword32* y_ntt_t = z;
+            #else
+                sword32* y_ntt_t = y_ntt;
+            #endif
 
                 /* Put r/i into buffer to be hashed. */
                 aseed[DILITHIUM_PUB_SEED_SZ + 1] = r;
@@ -5830,29 +6408,115 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
                     /* Put s into buffer to be hashed. */
                     aseed[DILITHIUM_PUB_SEED_SZ + 0] = s;
                     /* Alg 26. Step 3: Create polynomial from hashing seed. */
-                    ret = dilithium_rej_ntt_poly(&key->shake, aseed, at,
-                        NULL);
+                    ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, at,
+                        blocks);
                     if (ret != 0) {
                         break;
                     }
-                    XMEMCPY(y_ntt, yt, DILITHIUM_POLY_SIZE);
-                    dilithium_ntt(y_ntt);
+                    XMEMCPY(y_ntt_t, yt, DILITHIUM_POLY_SIZE);
+                    dilithium_ntt(y_ntt_t);
                     /* Matrix multiply. */
+                #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
                     if (s == 0) {
+                    #ifdef WOLFSSL_DILITHIUM_SMALL
                         for (e = 0; e < DILITHIUM_N; e++) {
                             wt[e] = dilithium_mont_red((sword64)at[e] *
-                                    y_ntt[e]);
+                                y_ntt_t[e]);
+                        }
+                    #else
+                        for (e = 0; e < DILITHIUM_N; e += 8) {
+                            wt[e + 0] = dilithium_mont_red((sword64)at[e + 0] *
+                                y_ntt_t[e + 0]);
+                            wt[e + 1] = dilithium_mont_red((sword64)at[e + 1] *
+                                y_ntt_t[e + 1]);
+                            wt[e + 2] = dilithium_mont_red((sword64)at[e + 2] *
+                                y_ntt_t[e + 2]);
+                            wt[e + 3] = dilithium_mont_red((sword64)at[e + 3] *
+                                y_ntt_t[e + 3]);
+                            wt[e + 4] = dilithium_mont_red((sword64)at[e + 4] *
+                                y_ntt_t[e + 4]);
+                            wt[e + 5] = dilithium_mont_red((sword64)at[e + 5] *
+                                y_ntt_t[e + 5]);
+                            wt[e + 6] = dilithium_mont_red((sword64)at[e + 6] *
+                                y_ntt_t[e + 6]);
+                            wt[e + 7] = dilithium_mont_red((sword64)at[e + 7] *
+                                y_ntt_t[e + 7]);
                         }
+                    #endif
                     }
                     else {
+                    #ifdef WOLFSSL_DILITHIUM_SMALL
                         for (e = 0; e < DILITHIUM_N; e++) {
                             wt[e] += dilithium_mont_red((sword64)at[e] *
-                                     y_ntt[e]);
+                                y_ntt_t[e]);
+                        }
+                    #else
+                        for (e = 0; e < DILITHIUM_N; e += 8) {
+                            wt[e + 0] += dilithium_mont_red((sword64)at[e + 0] *
+                                y_ntt_t[e + 0]);
+                            wt[e + 1] += dilithium_mont_red((sword64)at[e + 1] *
+                                y_ntt_t[e + 1]);
+                            wt[e + 2] += dilithium_mont_red((sword64)at[e + 2] *
+                                y_ntt_t[e + 2]);
+                            wt[e + 3] += dilithium_mont_red((sword64)at[e + 3] *
+                                y_ntt_t[e + 3]);
+                            wt[e + 4] += dilithium_mont_red((sword64)at[e + 4] *
+                                y_ntt_t[e + 4]);
+                            wt[e + 5] += dilithium_mont_red((sword64)at[e + 5] *
+                                y_ntt_t[e + 5]);
+                            wt[e + 6] += dilithium_mont_red((sword64)at[e + 6] *
+                                y_ntt_t[e + 6]);
+                            wt[e + 7] += dilithium_mont_red((sword64)at[e + 7] *
+                                y_ntt_t[e + 7]);
+                        }
+                    #endif
+                    }
+                #else
+                    if (s == 0) {
+                    #ifdef WOLFSSL_DILITHIUM_SMALL
+                        for (e = 0; e < DILITHIUM_N; e++) {
+                            t64[e] = (sword64)at[e] * y_ntt_t[e];
+                        }
+                    #else
+                        for (e = 0; e < DILITHIUM_N; e += 8) {
+                            t64[e+0] = (sword64)at[e+0] * y_ntt_t[e+0];
+                            t64[e+1] = (sword64)at[e+1] * y_ntt_t[e+1];
+                            t64[e+2] = (sword64)at[e+2] * y_ntt_t[e+2];
+                            t64[e+3] = (sword64)at[e+3] * y_ntt_t[e+3];
+                            t64[e+4] = (sword64)at[e+4] * y_ntt_t[e+4];
+                            t64[e+5] = (sword64)at[e+5] * y_ntt_t[e+5];
+                            t64[e+6] = (sword64)at[e+6] * y_ntt_t[e+6];
+                            t64[e+7] = (sword64)at[e+7] * y_ntt_t[e+7];
+                        }
+                    #endif
+                    }
+                    else {
+                    #ifdef WOLFSSL_DILITHIUM_SMALL
+                        for (e = 0; e < DILITHIUM_N; e++) {
+                            t64[e] += (sword64)at[e] * y_ntt_t[e];
+                        }
+                    #else
+                        for (e = 0; e < DILITHIUM_N; e += 8) {
+                            t64[e+0] += (sword64)at[e+0] * y_ntt_t[e+0];
+                            t64[e+1] += (sword64)at[e+1] * y_ntt_t[e+1];
+                            t64[e+2] += (sword64)at[e+2] * y_ntt_t[e+2];
+                            t64[e+3] += (sword64)at[e+3] * y_ntt_t[e+3];
+                            t64[e+4] += (sword64)at[e+4] * y_ntt_t[e+4];
+                            t64[e+5] += (sword64)at[e+5] * y_ntt_t[e+5];
+                            t64[e+6] += (sword64)at[e+6] * y_ntt_t[e+6];
+                            t64[e+7] += (sword64)at[e+7] * y_ntt_t[e+7];
                         }
+                    #endif
                     }
+                #endif
                     /* Next polynomial. */
                     yt += DILITHIUM_N;
                 }
+            #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+                for (e = 0; e < DILITHIUM_N; e++) {
+                    wt[e] = dilithium_mont_red(t64[e]);
+                }
+            #endif
                 dilithium_invntt(wt);
                 /* Step 14, Step 22: Make values positive and decompose. */
                 dilithium_make_pos(wt);
@@ -5884,19 +6548,21 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
             }
             if ((ret == 0) && valid) {
                 sword32* yt = y;
+            #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
                 const byte* s1pt = s1p;
-                byte* ze = sig + params->lambda * 2;
+            #endif
+                byte* ze = sig + params->lambda / 4;
 
                 /* Step 15: Encode w1. */
                 dilithium_vec_encode_w1(w1, params->k, params->gamma2, w1e);
                 /* Step 15: Hash mu and encoded w1.
                  * Step 32: Hash is stored in signature. */
                 ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ,
-                    w1e, params->w1EncSz, commit, 2 * params->lambda);
+                    w1e, params->w1EncSz, commit, params->lambda / 4);
                 if (ret == 0) {
                     /* Step 17: Compute c from first 256 bits of commit. */
-                    ret = dilithium_sample_in_ball(&key->shake, commit,
-                        params->tau, c, NULL);
+                    ret = dilithium_sample_in_ball_ex(&key->shake, commit,
+                        params->lambda / 4, params->tau, c, blocks);
                 }
                 if (ret == 0) {
                     /* Step 18: NTT(c). */
@@ -5904,6 +6570,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
                 }
 
                 for (s = 0; (ret == 0) && valid && (s < params->l); s++) {
+            #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
                 #if !defined(WOLFSSL_NO_ML_DSA_44) || \
                     !defined(WOLFSSL_NO_ML_DSA_87)
                     /* -2..2 */
@@ -5921,6 +6588,9 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
                 #endif
                     dilithium_ntt_small(s1);
                     dilithium_mul(z, c, s1);
+            #else
+                    dilithium_mul(z, c, s1 + s * DILITHIUM_N);
+            #endif
                     /* Step 19: cs1 = NTT-1(c o s1) */
                     dilithium_invntt(z);
                     /* Step 21: z = y + cs1 */
@@ -5957,13 +6627,16 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
             }
             if ((ret == 0) && valid) {
                 const byte* t0pt = t0p;
+            #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
                 const byte* s2pt = s2p;
+            #endif
                 sword32* cs2 = ct0;
                 w0t = w0;
                 w1t = w1;
                 byte idx = 0;
 
                 for (r = 0; valid && (r < params->k); r++) {
+            #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
                 #if !defined(WOLFSSL_NO_ML_DSA_44) || \
                     !defined(WOLFSSL_NO_ML_DSA_87)
                     /* -2..2 */
@@ -5978,10 +6651,14 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
                         dilithium_decode_eta_4_bits(s2pt, s2);
                         s2pt += DILITHIUM_N / 2;
                     }
-                    #endif
+                #endif
                     dilithium_ntt_small(s2);
                     /* Step 20: cs2 = NTT-1(c o s2) */
                     dilithium_mul(cs2, c, s2);
+            #else
+                    /* Step 20: cs2 = NTT-1(c o s2) */
+                    dilithium_mul(cs2, c, s2 + r * DILITHIUM_N);
+            #endif
                     dilithium_invntt(cs2);
                     /* Step 22: w0 - cs2 */
                     dilithium_sub(w0t, cs2);
@@ -5990,11 +6667,16 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
                     hi = params->gamma2 - params->beta;
                     valid = dilithium_check_low(w0t, hi);
                     if (valid) {
+                    #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
                         dilithium_decode_t0(t0pt, t0);
                         dilithium_ntt(t0);
 
                         /* Step 25: ct0 = NTT-1(c o t0) */
                         dilithium_mul(ct0, c, t0);
+                    #else
+                        /* Step 25: ct0 = NTT-1(c o t0) */
+                        dilithium_mul(ct0, c, t0 + r * DILITHIUM_N);
+                    #endif
                         dilithium_invntt(ct0);
                         /* Step 27: Check ct0 has low enough values. */
                         valid = dilithium_check_low(ct0, params->gamma2);
@@ -6052,94 +6734,407 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
         while ((ret == 0) && (!valid));
     }
 
-    XFREE(y, NULL, DYNAMIC_TYPE_DILITHIUM);
+    XFREE(y, key->heap, DYNAMIC_TYPE_DILITHIUM);
     return ret;
 #endif
 }
 
-/* Sign a message with the key and a random number generator.
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+/* Sign a message with the key and a seed.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *  11: sigma <- ML-DSA.Sign_internal(sk, M', rnd)
+ *  12: return sigma
  *
- * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M)
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
  *   ...
- *   7: rnd <- {0,1}256  [Randomly generated.]
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
  *   ...
  *
  * @param [in, out] key     Dilithium key.
- * @param [in, out] rng     Random number generator.
+ * @param [in]      seed    Random seed.
+ * @param [in]      ctx     Context of signature.
+ * @param [in]      ctxLen  Length of context in bytes.
  * @param [in]      msg     Message data to sign.
  * @param [in]      msgLen  Length of message data in bytes.
  * @param [out]     sig     Buffer to hold signature.
  * @param [in, out] sigLen  On in, length of buffer in bytes.
  *                          On out, the length of the signature in bytes.
  * @return  0 on success.
+ * @return  BAD_FUNC_ARG when context length is greater than 255.
  * @return  BUFFER_E when the signature buffer is too small.
  * @return  MEMORY_E when memory allocation fails.
  * @return  Other negative when an error occurs.
  */
-static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, const byte* msg,
+static int dilithium_sign_ctx_msg_with_seed(dilithium_key* key,
+    const byte* seed, const byte* ctx, byte ctxLen, const byte* msg,
     word32 msgLen, byte* sig, word32 *sigLen)
 {
-    int ret = 0;
-    byte rnd[DILITHIUM_RND_SZ];
-
-    /* Must have a random number generator. */
-    if (rng == NULL) {
-        ret = BAD_FUNC_ARG;
-    }
+    int ret;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
 
+    XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ);
+    /* Step 6. Calculate mu. */
+    ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0,
+        ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ);
     if (ret == 0) {
-        /* Step 7: Generate random seed. */
-        ret = wc_RNG_GenerateBlock(rng, rnd, DILITHIUM_RND_SZ);
-    }
-    if (ret == 0) {
-        /* Sign with random seed. */
-        ret = dilithium_sign_msg_with_seed(key, rnd, msg, msgLen, sig,
-            sigLen);
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
     }
 
     return ret;
 }
+#endif
 
-#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
-
-#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
-
-#ifndef WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
-static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1)
+/* Sign a message with the key and a seed.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *  11: sigma <- ML-DSA.Sign_internal(sk, M', rnd)
+ *  12: return sigma
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      seed    Random seed.
+ * @param [in]      msg     Message data to sign.
+ * @param [in]      msgLen  Length of message data in bytes.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when context length is greater than 255.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
 {
-    const wc_dilithium_params* params = key->params;
-    const byte* t1p = key->p + DILITHIUM_PUB_SEED_SZ;
+    int ret;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
 
-    dilithium_vec_decode_t1(t1p, params->k, t1);
-    dilithium_vec_ntt(t1, params->k);
+    XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ);
+    /* Step 6. Calculate mu. */
+    ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, mu,
+        DILITHIUM_MU_SZ);
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
 
-#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
-    key->pubVecSet = 1;
-#endif
+    return ret;
 }
-#endif
 
-/* Verify signature of message using public key.
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+/* Sign a message with the key and a random number generator.
  *
- * FIPS 204. 6: Algorithm 3 ML-DSA.Verify(pk, M, sigma)
- *  1: (rho, t1) <- pkDecode(pk)
- *  2: (c_tilde, z, h) <- sigDecode(sigma)
- *  3: if h = falsam then return false
- *  4: end if
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *   5: rnd <- B32  [Randomly generated.]
+ *   6: if rnd = NULL then
+ *   7:     return falsam
+ *   8: end if
+ *   9:
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *   ...
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in, out] rng     Random number generator.
+ * @param [in]      ctx     Context of signature.
+ * @param [in]      ctxLen  Length of context.
+ * @param [in]      msg     Message data to sign.
+ * @param [in]      msgLen  Length of message data in bytes.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_msg(dilithium_key* key, WC_RNG* rng,
+    const byte* ctx, byte ctxLen, const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen)
+{
+    int ret = 0;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+
+    /* Must have a random number generator. */
+    if (rng == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 7: Generate random seed. */
+        ret = wc_RNG_GenerateBlock(rng, seedMu, DILITHIUM_RND_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0,
+            ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+#endif
+
+/* Sign a message with the key and a random number generator.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *   5: rnd <- B32  [Randomly generated.]
+ *   6: if rnd = NULL then
+ *   7:     return falsam
+ *   8: end if
+ *   9:
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *   ...
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in, out] rng     Random number generator.
+ * @param [in]      msg     Message data to sign.
+ * @param [in]      msgLen  Length of message data in bytes.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
+{
+    int ret = 0;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+
+    /* Must have a random number generator. */
+    if (rng == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 7: Generate random seed. */
+        ret = wc_RNG_GenerateBlock(rng, seedMu, DILITHIUM_RND_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
+            mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+/* Sign a pre-hashed message with the key and a seed.
+ *
+ * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH)
+ *   ...
+ *  10: switch PH do
+ *  11:    case SHA-256:
+ *  12:       OID <-  IntegerToBytes(0x0609608648016503040201, 11)
+ *  13:       PHm <- SHA256(M)    (not done here as hash is passed in)
+ *   ...
+ *  22: end switch
+ *  23: M' <- BytesToBits(IntegerToBytes(1, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || OID || PHm)
+ *  24: sigma <- ML-DSA.Sign_internal(sk, M', rnd)
+ *  25: return sigma
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key      Dilithium key.
+ * @param [in]      seed     Random seed.
+ * @param [in]      ctx      Context of signature.
+ * @param [in]      ctxLen   Length of context.
+ * @param [in]      hashAlg  Hash algorithm used on message.
+ * @param [in]      hash     Message hash to sign.
+ * @param [in]      hashLen  Length of message hash in bytes.
+ * @param [out]     sig      Buffer to hold signature.
+ * @param [in, out] sigLen   On in, length of buffer in bytes.
+ *                           On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_hash_with_seed(dilithium_key* key,
+    const byte* seed, const byte* ctx, byte ctxLen, int hashAlg,
+    const byte* hash, word32 hashLen, byte* sig, word32 *sigLen)
+{
+    int ret = 0;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+    byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE];
+    word32 oidMsgHashLen;
+
+    if ((ret == 0) && (hashLen > WC_MAX_DIGEST_SIZE)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ);
+
+        ret = dilithium_get_hash_oid(hashAlg, oidMsgHash, &oidMsgHashLen);
+    }
+    if (ret == 0) {
+        XMEMCPY(oidMsgHash + oidMsgHashLen, hash, hashLen);
+        oidMsgHashLen += hashLen;
+
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 1,
+            ctx, ctxLen, oidMsgHash, oidMsgHashLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+/* Sign a pre-hashed message with the key and a random number generator.
+ *
+ * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH)
+ *   ...
+ *   5: rnd <- B32  [Randomly generated.]
+ *   6: if rnd = NULL then
+ *   7:     return falsam
+ *   8: end if
+ *   ...
+ *
+ * @param [in, out] key      Dilithium key.
+ * @param [in, out] rng      Random number generator.
+ * @param [in]      ctx      Context of signature.
+ * @param [in]      ctxLen   Length of context.
+ * @param [in]      hashAlg  Hash algorithm used on message.
+ * @param [in]      hash     Message hash to sign.
+ * @param [in]      hashLen  Length of message hash in bytes.
+ * @param [out]     sig      Buffer to hold signature.
+ * @param [in, out] sigLen   On in, length of buffer in bytes.
+ *                           On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_hash(dilithium_key* key, WC_RNG* rng,
+    const byte* ctx, byte ctxLen, int hashAlg, const byte* hash, word32 hashLen,
+    byte* sig, word32 *sigLen)
+{
+    int ret = 0;
+    byte seed[DILITHIUM_RND_SZ];
+
+    /* Must have a random number generator. */
+    if (rng == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* Step 7: Generate random seed. */
+        ret = wc_RNG_GenerateBlock(rng, seed, DILITHIUM_RND_SZ);
+    }
+
+    if (ret == 0) {
+        ret = dilithium_sign_ctx_hash_with_seed(key, seed, ctx, ctxLen, hashAlg,
+            hash, hashLen, sig, sigLen);
+    }
+
+    return ret;
+}
+#endif
+
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+#if !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) || \
+     defined(WC_DILITHIUM_CACHE_PUB_VECTORS)
+/* Make public vector from public key data.
+ *
+ * @param [in, out] key  Key with public key data.
+ * @param [out]     t1   Vector in NTT form.
+ */
+static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1)
+{
+    const wc_dilithium_params* params = key->params;
+    const byte* t1p = key->p + DILITHIUM_PUB_SEED_SZ;
+
+    dilithium_vec_decode_t1(t1p, params->k, t1);
+    dilithium_vec_ntt(t1, params->k);
+
+#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+    key->pubVecSet = 1;
+#endif
+}
+#endif
+
+/* Verify signature of message using public key.
+ *
+ * FIPS 204. 6: Algorithm 3 ML-DSA.Verify(pk, M, sigma)
+ *  1: (rho, t1) <- pkDecode(pk)
+ *  2: (c_tilde, z, h) <- sigDecode(sigma)
+ *  3: if h = falsam then return false
+ *  4: end if
  *  5: A_circum <- ExpandS(rho)
  *  6: tr <- H(BytesToBits(pk), 512)
  *  7: mu <- H(tr||M, 512)
  *  8: (c1_tilde, c2_tilde) E {0,1}256 x {0,1)2*lambda-256 <- c_tilde
  *  9: c <- SampleInBall(c1_tilde)
- * 10: w'approx <- NTT-1(A_circum o NTT(z) - NTT(c) o NTT(t1.s^d))
+ * 10: w'approx <- NTT-1(A_circum o NTT(z) - NTT(c) o NTT(t1.2^d))
  * 11: w1' <- UseHint(h, w'approx)
  * 12: c'_tilde < H(mu||w1Encode(w1'), 2*lambda)
  * 13: return [[ ||z||inf < GAMMA1 - BETA]] and [[c_tilde = c'_tilde]] and
  *             [[number of 1's in h is <= OMEGA
  *
  * @param [in, out] key     Dilithium key.
- * @param [in]      msg     Message to verify.
- * @param [in]      msgLen  Length of message in bytes.
+ * @param [in]      mu      Data to verify.
  * @param [in]      sig     Signature to verify message.
  * @param [in]      sigLen  Length of message in bytes.
  * @param [out]     res     Result of verification.
@@ -6150,15 +7145,15 @@ static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1)
  * @return  MEMORY_E when memory allocation fails.
  * @return  Other negative when an error occurs.
  */
-static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
-    word32 msgLen, const byte* sig, word32 sigLen, int* res)
+static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
+    const byte* sig, word32 sigLen, int* res)
 {
 #ifndef WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
     int ret = 0;
     const wc_dilithium_params* params = key->params;
     const byte* pub_seed = key->p;
     const byte* commit = sig;
-    const byte* ze = sig + params->lambda * 2;
+    const byte* ze = sig + params->lambda / 4;
     const byte* h = ze + params->zEncSz;
     sword32* a = NULL;
     sword32* t1 = NULL;
@@ -6166,10 +7161,8 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
     sword32* z = NULL;
     sword32* w = NULL;
     sword32* t1c = NULL;
-    byte tr[DILITHIUM_TR_SZ];
-    byte* mu = tr;
+    byte commit_calc[DILITHIUM_TR_SZ];
     byte* w1e = NULL;
-    byte* commit_calc = tr;
     int valid = 0;
     sword32 hi;
 
@@ -6184,23 +7177,29 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
 
     /* Allocate memory for large intermediates. */
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
+#ifndef WC_DILITHIUM_FIXED_ARRAY
     if ((ret == 0) && (key->a == NULL)) {
-        key->a = (sword32*)XMALLOC(params->aSz, NULL, DYNAMIC_TYPE_DILITHIUM);
+        key->a = (sword32*)XMALLOC(params->aSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
         if (key->a == NULL) {
             ret = MEMORY_E;
         }
     }
+#endif
     if (ret == 0) {
         a = key->a;
     }
 #endif
 #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+#ifndef WC_DILITHIUM_FIXED_ARRAY
     if ((ret == 0) && (key->t1 == NULL)) {
-        key->t1 = (sword32*)XMALLOC(params->s2Sz, NULL, DYNAMIC_TYPE_DILITHIUM);
+        key->t1 = (sword32*)XMALLOC(params->s2Sz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
         if (key->t1 == NULL) {
             ret = MEMORY_E;
         }
     }
+#endif
     if (ret == 0) {
         t1 = key->t1;
     }
@@ -6216,7 +7215,7 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
         allocSz += params->aSz;
 #endif
 
-        z = (sword32*)XMALLOC(allocSz, NULL, DYNAMIC_TYPE_DILITHIUM);
+        z = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
         if (z == NULL) {
             ret = MEMORY_E;
         }
@@ -6260,7 +7259,7 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
         {
             /* Step 5: Expand pub seed to compute matrix A. */
             ret = dilithium_expand_a(&key->shake, pub_seed, params->k,
-                params->l, a);
+                params->l, a, key->heap);
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
             /* Whether we have cached A is dependent on success of operation. */
             key->aSet = (ret == 0);
@@ -6268,19 +7267,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
         }
     }
     if ((ret == 0) && valid) {
-        /* Step 6: Hash public key. */
-        ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr,
-            DILITHIUM_TR_SZ);
-    }
-    if ((ret == 0) && valid) {
-        /* Step 7: Hash hash of public key and message. */
-        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
-            mu, DILITHIUM_MU_SZ);
-    }
-    if ((ret == 0) && valid) {
-         /* Step 9: Compute c from first 256 bits of commit. */
-         ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c,
-             NULL);
+        /* Step 9: Compute c from commit. */
+        ret = dilithium_sample_in_ball(&key->shake, commit, params->lambda / 4,
+            params->tau, c, key->heap);
     }
     if ((ret == 0) && valid) {
         /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */
@@ -6296,15 +7285,15 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
         dilithium_vec_encode_w1(w, params->k, params->gamma2, w1e);
         /* Step 12: Hash mu and encoded w1. */
         ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e,
-            params->w1EncSz, commit_calc, 2 * params->lambda);
+            params->w1EncSz, commit_calc, params->lambda / 4);
     }
     if ((ret == 0) && valid) {
         /* Step 13: Compare commit. */
-        valid = (XMEMCMP(commit, commit_calc, 2 * params->lambda) == 0);
+        valid = (XMEMCMP(commit, commit_calc, params->lambda / 4) == 0);
     }
 
     *res = valid;
-    XFREE(z, NULL, DYNAMIC_TYPE_DILITHIUM);
+    XFREE(z, key->heap, DYNAMIC_TYPE_DILITHIUM);
     return ret;
 #else
     int ret = 0;
@@ -6312,24 +7301,27 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
     const byte* pub_seed = key->p;
     const byte* t1p = pub_seed + DILITHIUM_PUB_SEED_SZ;
     const byte* commit = sig;
-    const byte* ze = sig + params->lambda * 2;
+    const byte* ze = sig + params->lambda / 4;
     const byte* h = ze + params->zEncSz;
     sword32* t1 = NULL;
     sword32* a = NULL;
     sword32* c = NULL;
     sword32* z = NULL;
     sword32* w = NULL;
-    byte tr[DILITHIUM_TR_SZ];
-    byte* mu = tr;
+#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+    sword64* t64 = NULL;
+#endif
+#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
+    byte*    block = NULL;
+#endif
     byte* w1e = NULL;
-    byte* commit_calc = tr;
+    byte commit_calc[DILITHIUM_TR_SZ];
     int valid = 0;
     sword32 hi;
-    byte i;
-    unsigned int j;
+    unsigned int r;
     byte o;
     byte* encW1;
-    byte* seed = tr;
+    byte* seed = commit_calc;
 
     /* Ensure the signature is the right size for the parameters. */
     if (sigLen != params->sigSz) {
@@ -6344,17 +7336,27 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
     /* Allocate memory for large intermediates. */
     if (ret == 0) {
         /* z, c, w, t1, w1e. */
-        z = (sword32*)XMALLOC(params->s1Sz + 3 * DILITHIUM_POLY_SIZE +
-            DILITHIUM_MAX_W1_ENC_SZ, NULL, DYNAMIC_TYPE_DILITHIUM);
+        unsigned int allocSz;
+
+        allocSz  = params->s1Sz + 3 * DILITHIUM_POLY_SIZE +
+            DILITHIUM_REJ_NTT_POLY_H_SIZE + params->w1EncSz;
+    #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+        allocSz += DILITHIUM_POLY_SIZE * 2;
+    #endif
+        z = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
         if (z == NULL) {
             ret = MEMORY_E;
         }
         else {
-            c   = z + params->s1Sz / sizeof(*t1);
-            w   = c + DILITHIUM_N;
-            t1  = w + DILITHIUM_N;
-            w1e = (byte*)(t1 + DILITHIUM_N);
-            a   = t1;
+            c     = z + params->s1Sz / sizeof(*t1);
+            w     = c + DILITHIUM_N;
+            t1    = w + DILITHIUM_N;
+            block = (byte*)(t1 + DILITHIUM_N);
+            w1e   = block + DILITHIUM_REJ_NTT_POLY_H_SIZE;
+            a     = t1;
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            t64   = (sword64*)(w1e + params->w1EncSz);
+        #endif
         }
     }
 #else
@@ -6365,6 +7367,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
         t1 = key->t1;
         w1e = key->w1e;
         a = t1;
+    #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+        t64 = key->t64;
+    #endif
     }
 #endif
 
@@ -6381,11 +7386,11 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
 
          /* Step 9: Compute c from first 256 bits of commit. */
 #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
-         ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c,
-             key->block);
+         ret = dilithium_sample_in_ball_ex(&key->shake, commit,
+             params->lambda / 4, params->tau, c, key->block);
 #else
-         ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c,
-             NULL);
+         ret = dilithium_sample_in_ball_ex(&key->shake, commit,
+             params->lambda / 4, params->tau, c, block);
 #endif
     }
     if ((ret == 0) && valid) {
@@ -6397,8 +7402,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
         /* Copy the seed into a buffer that has space for s and r. */
         XMEMCPY(seed, pub_seed, DILITHIUM_PUB_SEED_SZ);
         /* Step 1: Loop over first dimension of matrix. */
-        for (i = 0; (ret == 0) && (i < params->k); i++) {
-            byte s;
+        for (r = 0; (ret == 0) && (r < params->k); r++) {
+            unsigned int s;
+            unsigned int e;
             const sword32* zt = z;
 
             /* Step 1: Decode and NTT vector t1. */
@@ -6408,112 +7414,292 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
 
             /* Step 10: - NTT(c) o NTT(t1)) */
             dilithium_ntt(w);
-#ifdef WOLFSSL_DILITHIUM_SMALL
-            for (j = 0; j < DILITHIUM_N; j++) {
-                w[j] = -dilithium_mont_red((sword64)c[j] * w[j]);
+    #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+        #ifdef WOLFSSL_DILITHIUM_SMALL
+            for (e = 0; e < DILITHIUM_N; e++) {
+                w[e] = -dilithium_mont_red((sword64)c[e] * w[e]);
             }
-#else
-            for (j = 0; j < DILITHIUM_N; j += 8) {
-                w[j+0] = -dilithium_mont_red((sword64)c[j+0] * w[j+0]);
-                w[j+1] = -dilithium_mont_red((sword64)c[j+1] * w[j+1]);
-                w[j+2] = -dilithium_mont_red((sword64)c[j+2] * w[j+2]);
-                w[j+3] = -dilithium_mont_red((sword64)c[j+3] * w[j+3]);
-                w[j+4] = -dilithium_mont_red((sword64)c[j+4] * w[j+4]);
-                w[j+5] = -dilithium_mont_red((sword64)c[j+5] * w[j+5]);
-                w[j+6] = -dilithium_mont_red((sword64)c[j+6] * w[j+6]);
-                w[j+7] = -dilithium_mont_red((sword64)c[j+7] * w[j+7]);
+        #else
+            for (e = 0; e < DILITHIUM_N; e += 8) {
+                w[e+0] = -dilithium_mont_red((sword64)c[e+0] * w[e+0]);
+                w[e+1] = -dilithium_mont_red((sword64)c[e+1] * w[e+1]);
+                w[e+2] = -dilithium_mont_red((sword64)c[e+2] * w[e+2]);
+                w[e+3] = -dilithium_mont_red((sword64)c[e+3] * w[e+3]);
+                w[e+4] = -dilithium_mont_red((sword64)c[e+4] * w[e+4]);
+                w[e+5] = -dilithium_mont_red((sword64)c[e+5] * w[e+5]);
+                w[e+6] = -dilithium_mont_red((sword64)c[e+6] * w[e+6]);
+                w[e+7] = -dilithium_mont_red((sword64)c[e+7] * w[e+7]);
             }
-#endif
+        #endif
+    #else
+        #ifdef WOLFSSL_DILITHIUM_SMALL
+            for (e = 0; e < DILITHIUM_N; e++) {
+                t64[e] = -(sword64)c[e] * w[e];
+            }
+        #else
+            for (e = 0; e < DILITHIUM_N; e += 8) {
+                t64[e+0] = -(sword64)c[e+0] * w[e+0];
+                t64[e+1] = -(sword64)c[e+1] * w[e+1];
+                t64[e+2] = -(sword64)c[e+2] * w[e+2];
+                t64[e+3] = -(sword64)c[e+3] * w[e+3];
+                t64[e+4] = -(sword64)c[e+4] * w[e+4];
+                t64[e+5] = -(sword64)c[e+5] * w[e+5];
+                t64[e+6] = -(sword64)c[e+6] * w[e+6];
+                t64[e+7] = -(sword64)c[e+7] * w[e+7];
+            }
+        #endif
+    #endif
 
             /* Step 5: Expand pub seed to compute matrix A. */
             /* Put r into buffer to be hashed. */
-            seed[DILITHIUM_PUB_SEED_SZ + 1] = i;
+            seed[DILITHIUM_PUB_SEED_SZ + 1] = r;
             for (s = 0; (ret == 0) && (s < params->l); s++) {
                 /* Put s into buffer to be hashed. */
                 seed[DILITHIUM_PUB_SEED_SZ + 0] = s;
                 /* Step 3: Create polynomial from hashing seed. */
             #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
-                ret = dilithium_rej_ntt_poly(&key->shake, seed, a, key->h);
+                ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, key->h);
             #else
-                ret = dilithium_rej_ntt_poly(&key->shake, seed, a, NULL);
+                ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, block);
             #endif
 
                 /* Step 10: w = A o NTT(z) - NTT(c) o NTT(t1) */
-#ifdef WOLFSSL_DILITHIUM_SMALL
-                for (j = 0; j < DILITHIUM_N; j++) {
-                    w[j] += dilithium_mont_red((sword64)a[j] * zt[j]);
+        #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            #ifdef WOLFSSL_DILITHIUM_SMALL
+                for (e = 0; e < DILITHIUM_N; e++) {
+                    w[e] += dilithium_mont_red((sword64)a[e] * zt[e]);
                 }
-#else
-                for (j = 0; j < DILITHIUM_N; j += 8) {
-                    w[j+0] += dilithium_mont_red((sword64)a[j+0] * zt[j+0]);
-                    w[j+1] += dilithium_mont_red((sword64)a[j+1] * zt[j+1]);
-                    w[j+2] += dilithium_mont_red((sword64)a[j+2] * zt[j+2]);
-                    w[j+3] += dilithium_mont_red((sword64)a[j+3] * zt[j+3]);
-                    w[j+4] += dilithium_mont_red((sword64)a[j+4] * zt[j+4]);
-                    w[j+5] += dilithium_mont_red((sword64)a[j+5] * zt[j+5]);
-                    w[j+6] += dilithium_mont_red((sword64)a[j+6] * zt[j+6]);
-                    w[j+7] += dilithium_mont_red((sword64)a[j+7] * zt[j+7]);
+            #else
+                for (e = 0; e < DILITHIUM_N; e += 8) {
+                    w[e+0] += dilithium_mont_red((sword64)a[e+0] * zt[e+0]);
+                    w[e+1] += dilithium_mont_red((sword64)a[e+1] * zt[e+1]);
+                    w[e+2] += dilithium_mont_red((sword64)a[e+2] * zt[e+2]);
+                    w[e+3] += dilithium_mont_red((sword64)a[e+3] * zt[e+3]);
+                    w[e+4] += dilithium_mont_red((sword64)a[e+4] * zt[e+4]);
+                    w[e+5] += dilithium_mont_red((sword64)a[e+5] * zt[e+5]);
+                    w[e+6] += dilithium_mont_red((sword64)a[e+6] * zt[e+6]);
+                    w[e+7] += dilithium_mont_red((sword64)a[e+7] * zt[e+7]);
                 }
-#endif
+            #endif
+        #else
+            #ifdef WOLFSSL_DILITHIUM_SMALL
+                for (e = 0; e < DILITHIUM_N; e++) {
+                    t64[e] += (sword64)a[e] * zt[e];
+                }
+            #else
+                for (e = 0; e < DILITHIUM_N; e += 8) {
+                    t64[e+0] += (sword64)a[e+0] * zt[e+0];
+                    t64[e+1] += (sword64)a[e+1] * zt[e+1];
+                    t64[e+2] += (sword64)a[e+2] * zt[e+2];
+                    t64[e+3] += (sword64)a[e+3] * zt[e+3];
+                    t64[e+4] += (sword64)a[e+4] * zt[e+4];
+                    t64[e+5] += (sword64)a[e+5] * zt[e+5];
+                    t64[e+6] += (sword64)a[e+6] * zt[e+6];
+                    t64[e+7] += (sword64)a[e+7] * zt[e+7];
+                }
+            #endif
+        #endif
                 /* Next polynomial. */
                 zt += DILITHIUM_N;
             }
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            for (e = 0; e < DILITHIUM_N; e++) {
+                w[e] = dilithium_mont_red(t64[e]);
+            }
+        #endif
 
             /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */
             dilithium_invntt(w);
 
-#ifndef WOLFSSL_NO_ML_DSA_44
+        #ifndef WOLFSSL_NO_ML_DSA_44
             if (params->gamma2 == DILITHIUM_Q_LOW_88) {
                 /* Step 11: Use hint to give full w1. */
-                dilithium_use_hint_88(w, h, i, &o);
+                dilithium_use_hint_88(w, h, r, &o);
                 /* Step 12: Encode w1. */
                 dilithium_encode_w1_88(w, encW1);
                 encW1 += DILITHIUM_Q_HI_88_ENC_BITS * 2 * DILITHIUM_N / 16;
             }
             else
-#endif
-#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+        #endif
+        #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
             if (params->gamma2 == DILITHIUM_Q_LOW_32) {
                 /* Step 11: Use hint to give full w1. */
-                dilithium_use_hint_32(w, h, params->omega, i, &o);
+                dilithium_use_hint_32(w, h, params->omega, r, &o);
                 /* Step 12: Encode w1. */
                 dilithium_encode_w1_32(w, encW1);
                 encW1 += DILITHIUM_Q_HI_32_ENC_BITS * 2 * DILITHIUM_N / 16;
             }
             else
-#endif
+        #endif
             {
             }
         }
     }
-    if ((ret == 0) && valid) {
-        /* Step 6: Hash public key. */
-        ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr,
-            DILITHIUM_TR_SZ);
-    }
-    if ((ret == 0) && valid) {
-        /* Step 7: Hash hash of public key and message. */
-        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
-            mu, DILITHIUM_MU_SZ);
-    }
     if ((ret == 0) && valid) {
         /* Step 12: Hash mu and encoded w1. */
         ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e,
-            params->w1EncSz, commit_calc, 2 * params->lambda);
+            params->w1EncSz, commit_calc, params->lambda / 4);
     }
     if ((ret == 0) && valid) {
         /* Step 13: Compare commit. */
-        valid = (XMEMCMP(commit, commit_calc, 2 * params->lambda) == 0);
+        valid = (XMEMCMP(commit, commit_calc, params->lambda / 4) == 0);
     }
 
     *res = valid;
 #ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
-    XFREE(z, NULL, DYNAMIC_TYPE_DILITHIUM);
+    XFREE(z, key->heap, DYNAMIC_TYPE_DILITHIUM);
 #endif
     return ret;
 #endif /* !WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */
 }
 
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+/* Verify signature of message using public key.
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      ctx     Context of verification.
+ * @param [in]      ctxLen  Length of context in bytes.
+ * @param [in]      msg     Message to verify.
+ * @param [in]      msgLen  Length of message in bytes.
+ * @param [in]      sig     Signature to verify message.
+ * @param [in]      sigLen  Length of message in bytes.
+ * @param [out]     res     Result of verification.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when hint is malformed.
+ * @return  BUFFER_E when the length of the signature does not match
+ *          parameters.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx,
+    word32 ctxLen, const byte* msg, word32 msgLen, const byte* sig,
+    word32 sigLen, int* res)
+{
+    int ret = 0;
+    byte tr[DILITHIUM_TR_SZ];
+    byte* mu = tr;
+
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 6: Hash public key. */
+        ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0,
+            ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_verify_mu(key, mu, sig, sigLen, res);
+    }
+
+    return ret;
+}
+#endif
+
+/* Verify signature of message using public key.
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      msg     Message to verify.
+ * @param [in]      msgLen  Length of message in bytes.
+ * @param [in]      sig     Signature to verify message.
+ * @param [in]      sigLen  Length of message in bytes.
+ * @param [out]     res     Result of verification.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when hint is malformed.
+ * @return  BUFFER_E when the length of the signature does not match
+ *          parameters.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
+    word32 msgLen, const byte* sig, word32 sigLen, int* res)
+{
+    int ret = 0;
+    byte tr[DILITHIUM_TR_SZ];
+    byte* mu = tr;
+
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 6: Hash public key. */
+        ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
+            mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_verify_mu(key, mu, sig, sigLen, res);
+    }
+
+    return ret;
+}
+
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+/* Verify signature of message using public key.
+ *
+ * @param [in, out] key       Dilithium key.
+ * @param [in]      ctx       Context of verification.
+ * @param [in]      ctxLen    Length of context in bytes.
+ * @param [iu]      hashAlg   Hash algorithm used on message.
+ * @param [in]      hash      Hash of message to verify.
+ * @param [in]      hashLen   Length of message hash in bytes.
+ * @param [in]      sig       Signature to verify message.
+ * @param [in]      sigLen    Length of message in bytes.
+ * @param [out]     res       Result of verification.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when hint is malformed.
+ * @return  BUFFER_E when the length of the signature does not match
+ *          parameters.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx,
+    word32 ctxLen, int hashAlg, const byte* hash, word32 hashLen,
+    const byte* sig, word32 sigLen, int* res)
+{
+    int ret = 0;
+    byte tr[DILITHIUM_TR_SZ];
+    byte* mu = tr;
+    byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE];
+    word32 oidMsgHashLen;
+
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 6: Hash public key. */
+        ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_get_hash_oid(hashAlg, oidMsgHash, &oidMsgHashLen);
+    }
+    if (ret == 0) {
+        XMEMCPY(oidMsgHash + oidMsgHashLen, hash, hashLen);
+        oidMsgHashLen += hashLen;
+
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 1,
+            ctx, ctxLen, oidMsgHash, oidMsgHashLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_verify_mu(key, mu, sig, sigLen, res);
+    }
+
+    return ret;
+}
+#endif
 #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
 
 #elif defined(HAVE_LIBOQS)
@@ -6524,13 +7710,13 @@ static int oqs_dilithium_make_key(dilithium_key* key, WC_RNG* rng)
     int ret = 0;
     OQS_SIG *oqssig = NULL;
 
-    if (key->level == 2) {
+    if (key->level == WC_ML_DSA_44) {
         oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd);
     }
-    else if (key->level == 3) {
+    else if (key->level == WC_ML_DSA_65) {
         oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd);
     }
-    else if (key->level == 5) {
+    else if (key->level == WC_ML_DSA_87) {
             oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd);
     }
     else {
@@ -6572,13 +7758,13 @@ static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
     }
 
     if (ret == 0) {
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd);
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd);
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd);
         }
         else {
@@ -6592,15 +7778,18 @@ static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
 
     /* check and set up out length */
     if (ret == 0) {
-        if ((key->level == 2) && (*sigLen < DILITHIUM_LEVEL2_SIG_SIZE)) {
+        if ((key->level == WC_ML_DSA_44) &&
+                (*sigLen < DILITHIUM_LEVEL2_SIG_SIZE)) {
             *sigLen = DILITHIUM_LEVEL2_SIG_SIZE;
             ret = BUFFER_E;
         }
-        else if ((key->level == 3) && (*sigLen < DILITHIUM_LEVEL3_SIG_SIZE)) {
+        else if ((key->level == WC_ML_DSA_65) &&
+                 (*sigLen < DILITHIUM_LEVEL3_SIG_SIZE)) {
             *sigLen = DILITHIUM_LEVEL3_SIG_SIZE;
             ret = BUFFER_E;
         }
-        else if ((key->level == 5) && (*sigLen < DILITHIUM_LEVEL5_SIG_SIZE)) {
+        else if ((key->level == WC_ML_DSA_87) &&
+                 (*sigLen < DILITHIUM_LEVEL5_SIG_SIZE)) {
             *sigLen = DILITHIUM_LEVEL5_SIG_SIZE;
             ret = BUFFER_E;
         }
@@ -6642,13 +7831,13 @@ static int oqs_dilithium_verify_msg(const byte* sig, word32 sigLen,
     }
 
     if (ret == 0) {
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd);
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd);
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd);
         }
         else {
@@ -6726,36 +7915,238 @@ int wc_dilithium_make_key(dilithium_key* key, WC_RNG* rng)
     return ret;
 }
 
-int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
+int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (seed == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+#ifdef WOLFSSL_WC_DILITHIUM
+        /* Check the level or parameters have been set. */
+        if (key->params == NULL) {
+            ret = BAD_STATE_E;
+        }
+        else {
+            /* Make the key. */
+            ret = dilithium_make_key_from_seed(key, seed);
+        }
+#elif defined(HAVE_LIBOQS)
+        /* Make the key. */
+        ret = NOT_COMPILED_IN;
+#endif
+    }
+
+    return ret;
+}
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+/* Sign the message using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  msg         [in]      Message to sign.
+ *  msgLen      [in]      Length of the message in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* sig, word32 *sigLen, dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng,
+                WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_msg(key, rng, ctx, ctxLen, msg, msgLen, sig,
+            sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = oqs_dilithium_sign_msg(msg, msgLen, sig, sigLen, key, rng);
+    #endif
+    }
+
+    return ret;
+}
+#endif
+
+/* Sign the message using the dilithium private key.
+ *
+ *  msg         [in]      Message to sign.
+ *  msgLen      [in]      Length of the message in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL or public key not set,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen, dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng,
+                WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_msg(key, rng, msg, msgLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = oqs_dilithium_sign_msg(msg, msgLen, sig, sigLen, key, rng);
+    #endif
+    }
+
+    return ret;
+}
+
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+/* Sign the message hash using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  hashAlg     [in]      Hash algorithm used on message.
+ *  hash        [in]      Hash of message to sign.
+ *  hashLen     [in]      Length of the message hash in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
+   const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
+   dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((hash == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_hash(key, rng, ctx, ctxLen, hashAlg, hash,
+            hashLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)hashAlg;
+        (void)hash;
+        (void)hashLen;
+        (void)rng;
+    #endif
+    }
+
+    return ret;
+}
+
+/* Sign the message using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  msg         [in]      Message to sign.
+ *  msgLen      [in]      Length of the message in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed)
 {
     int ret = 0;
 
     /* Validate parameters. */
-    if ((key == NULL) || (seed == NULL)) {
+    if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
         ret = BAD_FUNC_ARG;
     }
 
     if (ret == 0) {
-#ifdef WOLFSSL_WC_DILITHIUM
-        /* Check the level or parameters have been set. */
-        if (key->params == NULL) {
-            ret = BAD_STATE_E;
-        }
-        else {
-            /* Make the key. */
-            ret = dilithium_make_key_from_seed(key, seed);
-        }
-#elif defined(HAVE_LIBOQS)
-        /* Make the key. */
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_msg_with_seed(key, seed, ctx, ctxLen, msg,
+            msgLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
         ret = NOT_COMPILED_IN;
-#endif
+        (void)msgLen;
+        (void)seed;
+    #endif
     }
 
     return ret;
 }
 #endif
 
-#ifndef WOLFSSL_DILITHIUM_NO_SIGN
 /* Sign the message using the dilithium private key.
  *
  *  msg         [in]      Message to sign.
@@ -6768,8 +8159,8 @@ int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
  *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
  *          0 otherwise.
  */
-int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
-    word32 *sigLen, dilithium_key* key, WC_RNG* rng)
+int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen, dilithium_key* key, const byte* seed)
 {
     int ret = 0;
 
@@ -6778,72 +8169,117 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
         ret = BAD_FUNC_ARG;
     }
 
-#ifdef WOLF_CRYPTO_CB
-    if (ret == 0) {
-    #ifndef WOLF_CRYPTO_CB_FIND
-        if (key->devId != INVALID_DEVID)
-    #endif
-        {
-            ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng,
-                WC_PQC_SIG_TYPE_DILITHIUM, key);
-            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
-                return ret;
-            /* fall-through when unavailable */
-            ret = 0;
-        }
-    }
-#endif
-
     if (ret == 0) {
         /* Sign message. */
     #ifdef WOLFSSL_WC_DILITHIUM
-        ret = dilithium_sign_msg(key, rng, msg, msgLen, sig, sigLen);
+        ret = dilithium_sign_msg_with_seed(key, seed, msg, msgLen, sig, sigLen);
     #elif defined(HAVE_LIBOQS)
-        ret = oqs_dilithium_sign_msg(msg, msgLen, sig, sigLen, key, rng);
+        ret = NOT_COMPILED_IN;
+        (void)msgLen;
+        (void)seed;
     #endif
     }
 
     return ret;
 }
 
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Sign the message using the dilithium private key.
  *
- *  msg         [in]      Message to sign.
- *  msgLen      [in]      Length of the message in bytes.
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  hashAlg     [in]      Hash algorithm used on message.
+ *  hash        [in]      Hash of message to sign.
+ *  hashLen     [in]      Length of the message hash in bytes.
  *  sig         [out]     Buffer to write signature into.
  *  sigLen      [in/out]  On in, size of buffer.
  *                        On out, the length of the signature in bytes.
  *  key         [in]      Dilithium key to use when signing
- *  returns BAD_FUNC_ARG when a parameter is NULL or public key not set,
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
  *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
  *          0 otherwise.
  */
-int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
-    word32 *sigLen, dilithium_key* key, byte* seed)
+int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
+    int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed)
 {
     int ret = 0;
 
     /* Validate parameters. */
-    if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+    if ((hash == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
         ret = BAD_FUNC_ARG;
     }
 
     if (ret == 0) {
         /* Sign message. */
     #ifdef WOLFSSL_WC_DILITHIUM
-        ret = dilithium_sign_msg_with_seed(key, seed, msg, msgLen, sig, sigLen);
+        ret = dilithium_sign_ctx_hash_with_seed(key, seed, ctx, ctxLen,
+            hashAlg, hash, hashLen, sig, sigLen);
     #elif defined(HAVE_LIBOQS)
         ret = NOT_COMPILED_IN;
-        (void)msgLen;
+        (void)hashAlg;
+        (void)hash;
+        (void)hashLen;
         (void)seed;
     #endif
     }
 
     return ret;
 }
+#endif
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+/* Verify the message using the dilithium public key.
+ *
+ *  sig         [in]  Signature to verify.
+ *  sigLen      [in]  Size of signature in bytes.
+ *  ctx         [in]  Context of signature.
+ *  ctxLen      [in]  Length of context in bytes.
+ *  msg         [in]  Message to verify.
+ *  msgLen      [in]  Length of the message in bytes.
+ *  res         [out] *res is set to 1 on successful verification.
+ *  key         [in]  Dilithium key to use to verify.
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
+    word32 ctxLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (msg == NULL) || (res == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Verify message with signature. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_verify_ctx_msg(key, ctx, ctxLen, msg, msgLen, sig,
+            sigLen, res);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)sigLen;
+        (void)msgLen;
+        (void)res;
+    #endif
+    }
+
+    return ret;
+}
+#endif
+
 /* Verify the message using the dilithium public key.
  *
  *  sig         [in]  Signature to verify.
@@ -6893,6 +8329,55 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
 
     return ret;
 }
+
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+/* Verify the message using the dilithium public key.
+ *
+ *  sig         [in]  Signature to verify.
+ *  sigLen      [in]  Size of signature in bytes.
+ *  ctx         [in]  Context of signature.
+ *  ctxLen      [in]  Length of context in bytes.
+ *  hashAlg     [in]  Hash algorithm used on message.
+ *  hash        [in]  Hash of message to verify.
+ *  hashLen     [in]  Length of the message hash in bytes.
+ *  res         [out] *res is set to 1 on successful verification.
+ *  key         [in]  Dilithium key to use to verify.
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
+    const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash,
+    word32 hashLen, int* res, dilithium_key* key)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (hash == NULL) || (res == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Verify message with signature. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_verify_ctx_hash(key, ctx, ctxLen, hashAlg, hash,
+            hashLen, sig, sigLen, res);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)sigLen;
+        (void)hashAlg;
+        (void)hash;
+        (void)hashLen;
+    #endif
+    }
+
+    return ret;
+}
+#endif
 #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
 
 /* Initialize the dilithium private/public key.
@@ -6916,7 +8401,6 @@ int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId)
 {
     int ret = 0;
 
-    (void)heap;
     (void)devId;
 
     /* Validate parameters. */
@@ -6936,6 +8420,7 @@ int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId)
         key->idLen = 0;
         key->labelLen = 0;
     #endif
+        key->heap = heap;
     }
 
     return ret;
@@ -6963,7 +8448,7 @@ int wc_dilithium_init_id(dilithium_key* key, const unsigned char* id, int len,
     }
 
     /* Set the maximum level here */
-    wc_dilithium_set_level(key, 5);
+    wc_dilithium_set_level(key, WC_ML_DSA_87);
 
     return ret;
 }
@@ -6993,7 +8478,7 @@ int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap,
     }
 
     /* Set the maximum level here */
-    wc_dilithium_set_level(key, 5);
+    wc_dilithium_set_level(key, WC_ML_DSA_87);
 
     return ret;
 }
@@ -7013,7 +8498,8 @@ int wc_dilithium_set_level(dilithium_key* key, byte level)
     if (key == NULL) {
         ret = BAD_FUNC_ARG;
     }
-    if ((ret == 0) && (level != 2) && (level != 3) && (level != 5)) {
+    if ((ret == 0) && (level != WC_ML_DSA_44) && (level != WC_ML_DSA_65) &&
+            (level != WC_ML_DSA_87)) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -7024,23 +8510,25 @@ int wc_dilithium_set_level(dilithium_key* key, byte level)
     }
     if (ret == 0) {
         /* Clear any cached items. */
+#ifndef WC_DILITHIUM_FIXED_ARRAY
     #ifdef WC_DILITHIUM_CACHE_MATRIX_A
-        XFREE(key->a, NULL, WOLFSSL_WC_DILITHIUM);
+        XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM);
         key->a = NULL;
         key->aSet = 0;
     #endif
     #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
-        XFREE(key->s1, NULL, WOLFSSL_WC_DILITHIUM);
+        XFREE(key->s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
         key->s1 = NULL;
         key->s2 = NULL;
         key->t0 = NULL;
         key->privVecsSet = 0;
     #endif
     #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
-        XFREE(key->t1, NULL, WOLFSSL_WC_DILITHIUM);
+        XFREE(key->t1, key->heap, DYNAMIC_TYPE_DILITHIUM);
         key->t1 = NULL;
         key->pubVecSet = 0;
     #endif
+#endif
 #endif /* WOLFSSL_WC_DILITHIUM */
 
         /* Store level and indicate public and private key are not set. */
@@ -7066,8 +8554,8 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level)
     if ((key == NULL) || (level == NULL)) {
         ret = BAD_FUNC_ARG;
     }
-    if ((ret == 0) && (key->level != 2) && (key->level != 3) &&
-            (key->level != 5)) {
+    if ((ret == 0) && (key->level != WC_ML_DSA_44) &&
+            (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -7087,16 +8575,18 @@ void wc_dilithium_free(dilithium_key* key)
 {
     if (key != NULL) {
 #ifdef WOLFSSL_WC_DILITHIUM
+#ifndef WC_DILITHIUM_FIXED_ARRAY
         /* Dispose of cached items. */
     #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
-        XFREE(key->t1, NULL, WOLFSSL_WC_DILITHIUM);
+        XFREE(key->t1, key->heap, DYNAMIC_TYPE_DILITHIUM);
     #endif
     #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
-        XFREE(key->s1, NULL, WOLFSSL_WC_DILITHIUM);
+        XFREE(key->s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
     #endif
     #ifdef WC_DILITHIUM_CACHE_MATRIX_A
-        XFREE(key->a, NULL, WOLFSSL_WC_DILITHIUM);
+        XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM);
     #endif
+#endif
         /* Free the SHAKE-128/256 object. */
         wc_Shake256_Free(&key->shake);
 #endif
@@ -7114,16 +8604,16 @@ void wc_dilithium_free(dilithium_key* key)
  */
 int wc_dilithium_size(dilithium_key* key)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             ret = DILITHIUM_LEVEL2_KEY_SIZE;
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             ret = DILITHIUM_LEVEL3_KEY_SIZE;
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             ret = DILITHIUM_LEVEL5_KEY_SIZE;
         }
     }
@@ -7140,16 +8630,16 @@ int wc_dilithium_size(dilithium_key* key)
  */
 int wc_dilithium_priv_size(dilithium_key* key)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             ret = DILITHIUM_LEVEL2_PRV_KEY_SIZE;
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             ret = DILITHIUM_LEVEL3_PRV_KEY_SIZE;
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             ret = DILITHIUM_LEVEL5_PRV_KEY_SIZE;
         }
     }
@@ -7187,16 +8677,16 @@ int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len)
  */
 int wc_dilithium_pub_size(dilithium_key* key)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             ret = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             ret = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             ret = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
         }
     }
@@ -7233,16 +8723,16 @@ int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len)
  */
 int wc_dilithium_sig_size(dilithium_key* key)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             ret = DILITHIUM_LEVEL2_SIG_SIZE;
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             ret = DILITHIUM_LEVEL3_SIG_SIZE;
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             ret = DILITHIUM_LEVEL5_SIG_SIZE;
         }
     }
@@ -7320,7 +8810,7 @@ int wc_dilithium_check_key(dilithium_key* key)
 #endif
 
         /* Allocate memory for large intermediates. */
-        s1 = (sword32*)XMALLOC(allocSz, NULL, DYNAMIC_TYPE_DILITHIUM);
+        s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
         if (s1 == NULL) {
             ret = MEMORY_E;
         }
@@ -7346,7 +8836,7 @@ int wc_dilithium_check_key(dilithium_key* key)
             const byte* pub_seed = key->p;
 
             ret = dilithium_expand_a(&key->shake, pub_seed, params->k,
-                params->l, a);
+                params->l, a, key->heap);
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
             key->aSet = (ret == 0);
 #endif
@@ -7399,8 +8889,10 @@ int wc_dilithium_check_key(dilithium_key* key)
         }
     }
 
-    /* Dispose of allocated memory. */
-    XFREE(s1, NULL, DYNAMIC_TYPE_DILITHIUM);
+    if (key != NULL) {
+        /* Dispose of allocated memory. */
+        XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    }
 #else
     /* Validate parameter. */
     if (key == NULL) {
@@ -7455,7 +8947,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
     if (ret == 0) {
         /* Get length passed in for checking. */
         inLen = *outLen;
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             /* Set out length. */
             *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
             /* Validate length passed in. */
@@ -7463,7 +8955,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
                 ret = BUFFER_E;
             }
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             /* Set out length. */
             *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
             /* Validate length passed in. */
@@ -7471,7 +8963,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
                 ret = BUFFER_E;
             }
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             /* Set out length. */
             *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
             /* Validate length passed in. */
@@ -7517,19 +9009,19 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key)
         ret = BAD_FUNC_ARG;
     }
     if (ret == 0) {
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             /* Check length. */
             if (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE) {
                 ret = BAD_FUNC_ARG;
             }
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             /* Check length. */
             if (inLen != DILITHIUM_LEVEL3_PUB_KEY_SIZE) {
                 ret = BAD_FUNC_ARG;
             }
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             /* Check length. */
             if (inLen != DILITHIUM_LEVEL5_PUB_KEY_SIZE) {
                 ret = BAD_FUNC_ARG;
@@ -7549,40 +9041,44 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key)
         key->p = in;
     #endif
 
-    #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+    #ifndef WC_DILITHIUM_FIXED_ARRAY
         /* Allocate t1 if required. */
         if (key->t1 == NULL) {
-            key->t1 = (sword32*)XMALLOC(key->params->s2Sz, NULL,
+            key->t1 = (sword32*)XMALLOC(key->params->s2Sz, key->heap,
                 DYNAMIC_TYPE_DILITHIUM);
             if (key->t1 == NULL) {
                 ret = MEMORY_E;
             }
         }
+    #endif
     }
     if (ret == 0) {
         /* Compute t1 from public key data. */
         dilithium_make_pub_vec(key, key->t1);
-    #endif
-    #ifdef WC_DILITHIUM_CACHE_MATRIX_A
+#endif
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+    #ifndef WC_DILITHIUM_FIXED_ARRAY
         /* Allocate matrix a if required. */
         if (key->a == NULL) {
-            key->a = (sword32*)XMALLOC(key->params->aSz, NULL,
+            key->a = (sword32*)XMALLOC(key->params->aSz, key->heap,
                 DYNAMIC_TYPE_DILITHIUM);
             if (key->a == NULL) {
                 ret = MEMORY_E;
             }
         }
+    #endif
     }
     if (ret == 0) {
         /* Compute matrix a from public key data. */
         ret = dilithium_expand_a(&key->shake, key->p, key->params->k,
-            key->params->l, key->a);
+            key->params->l, key->a, key->heap);
         if (ret == 0) {
             key->aSet = 1;
         }
     }
     if (ret == 0) {
-    #endif
+#endif
         /* Public key is set. */
         key->pubKeySet = 1;
     }
@@ -7630,39 +9126,44 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz,
 
         /* Allocate and create cached values. */
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
+#ifndef WC_DILITHIUM_FIXED_ARRAY
     if (ret == 0) {
         /* Allocate matrix a if required. */
         if (key->a == NULL) {
-            key->a = (sword32*)XMALLOC(params->aSz, NULL,
+            key->a = (sword32*)XMALLOC(params->aSz, key->heap,
                 DYNAMIC_TYPE_DILITHIUM);
             if (key->a == NULL) {
                 ret = MEMORY_E;
             }
         }
     }
+#endif
     if (ret == 0) {
         /* Compute matrix a from private key data. */
         ret = dilithium_expand_a(&key->shake, key->k, params->k, params->l,
-            key->a);
+            key->a, key->heap);
         if (ret == 0) {
             key->aSet = 1;
         }
     }
 #endif
 #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+#ifndef WC_DILITHIUM_FIXED_ARRAY
     if ((ret == 0) && (key->s1 == NULL)) {
         /* Allocate L vector s1, K vector s2 and K vector t0 if required. */
         key->s1 = (sword32*)XMALLOC(params->s1Sz + params->s2Sz + params->s2Sz,
-            NULL, DYNAMIC_TYPE_DILITHIUM);
-         if (key->s1 == NULL) {
+            key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (key->s1 == NULL) {
             ret = MEMORY_E;
         }
+        if (ret == 0) {
+            /* Set pointers into allocated memory. */
+            key->s2 = key->s1 + params->s1Sz / sizeof(*key->s1);
+            key->t0 = key->s2 + params->s2Sz / sizeof(*key->s2);
+        }
     }
+#endif
     if (ret == 0) {
-        /* Set pointers into allocated memory. */
-        key->s2 = key->s1 + params->s1Sz / sizeof(*key->s1);
-        key->t0 = key->s2 + params->s2Sz / sizeof(*key->s2);
-
         /* Compute vectors from private key. */
         dilithium_make_priv_vecs(key, key->s1, key->s2, key->t0);
     }
@@ -7693,8 +9194,8 @@ int wc_dilithium_import_private(const byte* priv, word32 privSz,
     if ((priv == NULL) || (key == NULL)) {
         ret = BAD_FUNC_ARG;
     }
-    if ((ret == 0) && (key->level != 2) && (key->level != 3) &&
-            (key->level != 5)) {
+    if ((ret == 0) && (key->level != WC_ML_DSA_44) &&
+            (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -7730,8 +9231,8 @@ int wc_dilithium_import_key(const byte* priv, word32 privSz,
     if ((pub == NULL) && (pubSz != 0)) {
         ret = BAD_FUNC_ARG;
     }
-    if ((ret == 0) && (key->level != 2) && (key->level != 3) &&
-            (key->level != 5)) {
+    if ((ret == 0) && (key->level != WC_ML_DSA_44) &&
+            (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -7776,13 +9277,13 @@ int wc_dilithium_export_private(dilithium_key* key, byte* out,
     if (ret == 0) {
         inLen = *outLen;
         /* check and set up out length */
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             *outLen = DILITHIUM_LEVEL2_KEY_SIZE;
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             *outLen = DILITHIUM_LEVEL3_KEY_SIZE;
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             *outLen = DILITHIUM_LEVEL5_KEY_SIZE;
         }
         else {
@@ -7869,13 +9370,13 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
 
     if (ret == 0) {
         /* Get OID sum for level. */
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             keytype = DILITHIUM_LEVEL2k;
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             keytype = DILITHIUM_LEVEL3k;
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             keytype = DILITHIUM_LEVEL5k;
         }
         else {
@@ -7891,19 +9392,19 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
     }
     if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) {
         /* Check if the public key is included in the private key. */
-        if ((key->level == 2) &&
+        if ((key->level == WC_ML_DSA_44) &&
             (privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) {
             pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE;
             pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
             privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE;
         }
-        else if ((key->level == 3) &&
+        else if ((key->level == WC_ML_DSA_65) &&
                  (privKeyLen == DILITHIUM_LEVEL3_PRV_KEY_SIZE)) {
             pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE;
             pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
             privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE;
         }
-        else if ((key->level == 5) &&
+        else if ((key->level == WC_ML_DSA_87) &&
                  (privKeyLen == DILITHIUM_LEVEL5_PRV_KEY_SIZE)) {
             pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE;
             pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
@@ -7937,8 +9438,103 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
 
 #endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
 
+#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
+
 #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
 
+#if defined(WOLFSSL_DILITHIUM_NO_ASN1)
+#ifndef WOLFSSL_NO_ML_DSA_44
+static unsigned char dilithium_oid_44[] = {
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x04, 0x04
+};
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+static unsigned char dilithium_oid_65[] = {
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x06, 0x05
+};
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+static unsigned char dilithium_oid_87[] = {
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x08, 0x07
+};
+#endif
+
+static int dilitihium_get_der_length(const byte* input, word32* inOutIdx,
+    int *length, word32 inSz)
+{
+    int ret = 0;
+    word32 idx = *inOutIdx;
+    word32 len = 0;
+
+    if (idx >= inSz) {
+        ret = ASN_PARSE_E;
+    }
+    else if (input[idx] < 0x80) {
+        len = input[idx];
+        idx++;
+    }
+    else if ((input[idx] == 0x80) || (input[idx] >= 0x83)) {
+        ret = ASN_PARSE_E;
+    }
+    else if (input[idx] == 0x81) {
+        if (idx + 1 >= inSz) {
+            ret = ASN_PARSE_E;
+        }
+        else if (input[idx + 1] < 0x80) {
+            ret = ASN_PARSE_E;
+        }
+        else {
+            len = input[idx + 1];
+            idx += 2;
+        }
+    }
+    else if (input[idx] == 0x82) {
+        if (idx + 2 >= inSz) {
+            ret = ASN_PARSE_E;
+        }
+        else {
+            len = ((word16)input[idx + 1] << 8) + input[idx + 2];
+            idx += 3;
+            if (len < 0x100) {
+                ret = ASN_PARSE_E;
+            }
+        }
+    }
+
+    if ((ret == 0) && ((idx + len) > inSz)) {
+        ret = ASN_PARSE_E;
+    }
+
+    *length = (int)len;
+    *inOutIdx = idx;
+    return ret;
+}
+
+static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type,
+    word32 inSz)
+{
+    int ret = 0;
+    word32 idx = *inOutIdx;
+
+    if (idx >= inSz) {
+        ret = ASN_PARSE_E;
+    }
+    else if (input[idx] != type){
+        ret = ASN_PARSE_E;
+    }
+    else {
+        idx++;
+    }
+
+    *inOutIdx = idx;
+    return ret;
+}
+
+#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
+
 /* Decode the DER encoded Dilithium public key.
  *
  * @param [in]      input     Array holding DER encoded data.
@@ -7957,7 +9553,6 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
     int ret = 0;
     const byte* pubKey;
     word32 pubKeyLen = 0;
-    int keytype = 0;
 
     /* Validate parameters. */
     if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) {
@@ -7968,17 +9563,27 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
         /* Try to import the key directly. */
         ret = wc_dilithium_import_public(input, inSz, key);
         if (ret != 0) {
+        #if !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+            int keytype = 0;
+        #else
+            int length;
+            unsigned char* oid;
+            int oidLen;
+            word32 idx = 0;
+        #endif
+
             /* Start again. */
             ret = 0;
 
+    #if !defined(WOLFSSL_DILITHIUM_NO_ASN1)
             /* Get OID sum for level. */
-            if (key->level == 2) {
+            if (key->level == WC_ML_DSA_44) {
                 keytype = DILITHIUM_LEVEL2k;
             }
-            else if (key->level == 3) {
+            else if (key->level == WC_ML_DSA_65) {
                 keytype = DILITHIUM_LEVEL3k;
             }
-            else if (key->level == 5) {
+            else if (key->level == WC_ML_DSA_87) {
                 keytype = DILITHIUM_LEVEL5k;
             }
             else {
@@ -7990,6 +9595,77 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
                 ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKey,
                     &pubKeyLen, keytype);
             }
+    #else
+            /* Get OID sum for level. */
+        #ifndef WOLFSSL_NO_ML_DSA_44
+            if (key->level == WC_ML_DSA_44) {
+                oid = dilithium_oid_44;
+                oidLen = (int)sizeof(dilithium_oid_44);
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_DSA_65
+            if (key->level == WC_ML_DSA_65) {
+                oid = dilithium_oid_65;
+                oidLen = (int)sizeof(dilithium_oid_65);
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_DSA_87
+            if (key->level == WC_ML_DSA_87) {
+                oid = dilithium_oid_87;
+                oidLen = (int)sizeof(dilithium_oid_87);
+            }
+            else
+        #endif
+            {
+                /* Level not set. */
+                ret = BAD_FUNC_ARG;
+            }
+            if (ret == 0) {
+                ret = dilithium_check_type(input, &idx, 0x30, inSz);
+            }
+            if (ret == 0) {
+                ret = dilitihium_get_der_length(input, &idx, &length, inSz);
+            }
+            if (ret == 0) {
+                ret = dilithium_check_type(input, &idx, 0x30, inSz);
+            }
+            if (ret == 0) {
+                ret = dilitihium_get_der_length(input, &idx, &length, inSz);
+            }
+            if (ret == 0) {
+                ret = dilithium_check_type(input, &idx, 0x06, inSz);
+            }
+            if (ret == 0) {
+                ret = dilitihium_get_der_length(input, &idx, &length, inSz);
+            }
+            if (ret == 0) {
+                if ((length != oidLen) ||
+                        (XMEMCMP(input + idx, oid, oidLen) != 0)) {
+                    ret = ASN_PARSE_E;
+                }
+                idx += oidLen;
+            }
+            if (ret == 0) {
+                ret = dilithium_check_type(input, &idx, 0x03, inSz);
+            }
+            if (ret == 0) {
+                ret = dilitihium_get_der_length(input, &idx, &length, inSz);
+            }
+            if (ret == 0) {
+                if (input[idx] != 0) {
+                    ret = ASN_PARSE_E;
+                }
+                idx++;
+                length--;
+            }
+            if (ret == 0) {
+                /* This is the raw point data compressed or uncompressed. */
+                pubKeyLen = (word32)length;
+                pubKey = input + idx;
+            }
+    #endif
             if (ret == 0) {
                 /* Import public key data. */
                 ret = wc_dilithium_import_public(pubKey, pubKeyLen, key);
@@ -7999,6 +9675,8 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
     return ret;
 }
 
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+
 #ifdef WC_ENABLE_ASYM_KEY_EXPORT
 /* Encode the public part of a Dilithium key in DER.
  *
@@ -8030,15 +9708,15 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len,
 
     if (ret == 0) {
         /* Get OID and length for level. */
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             keytype = DILITHIUM_LEVEL2k;
             pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             keytype = DILITHIUM_LEVEL3k;
             pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             keytype = DILITHIUM_LEVEL5k;
             pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
         }
@@ -8057,10 +9735,14 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len,
 }
 #endif /* WC_ENABLE_ASYM_KEY_EXPORT */
 
+#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 */
+
 #endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
 
 #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
 
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+
 #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
 /* Encode the private and public data of a Dilithium key in DER.
  *
@@ -8075,20 +9757,20 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len,
  */
 int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     /* Validate parameters and check public and private key set. */
     if ((key != NULL) && key->prvKeySet && key->pubKeySet) {
         /* Create DER for level. */
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL2_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL2k);
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL3_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL3k);
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL5_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL5k);
         }
@@ -8111,20 +9793,20 @@ int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len)
  */
 int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 len)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     /* Validate parameters and check private key set. */
     if ((key != NULL) && key->prvKeySet) {
         /* Create DER for level. */
-        if (key->level == 2) {
+        if (key->level == WC_ML_DSA_44) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0,
                 output, len, DILITHIUM_LEVEL2k);
         }
-        else if (key->level == 3) {
+        else if (key->level == WC_ML_DSA_65) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0,
                 output, len, DILITHIUM_LEVEL3k);
         }
-        else if (key->level == 5) {
+        else if (key->level == WC_ML_DSA_87) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0,
                 output, len, DILITHIUM_LEVEL5k);
         }
@@ -8133,8 +9815,8 @@ int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 len)
     return ret;
 }
 
-#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
-
 #endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
 
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
 #endif /* HAVE_DILITHIUM */
diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index c1606b3d1d..6ed4435fdd 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -1,6 +1,6 @@
 /* dsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -542,7 +542,7 @@ int wc_DsaExportParamsRaw(DsaKey* dsa, byte* p, word32* pSz,
         *pSz = pLen;
         *qSz = qLen;
         *gSz = gLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (p == NULL || q == NULL || g == NULL)
@@ -616,7 +616,7 @@ int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, word32* ySz)
     if (x == NULL && y == NULL) {
         *xSz = xLen;
         *ySz = yLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (x == NULL || y == NULL)
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index ee1e7b7dbb..ee031a6aa9 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -1,6 +1,6 @@
 /* ecc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -236,14 +236,6 @@ ECC Curve Sizes:
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
 
-#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
-    #define GEN_MEM_ERR MP_MEM
-#elif defined(USE_FAST_MATH)
-    #define GEN_MEM_ERR FP_MEM
-#else
-    #define GEN_MEM_ERR MP_MEM
-#endif
-
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
     !defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \
@@ -864,6 +856,14 @@ enum {
 /* This holds the key settings.
    ***MUST*** be organized by size from smallest to largest. */
 
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+    #undef ecc_sets
+    #undef ecc_sets_count
+#endif
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+static
+#endif
 const ecc_set_type ecc_sets[] = {
 #ifdef ECC112
     #ifndef NO_ECC_SECP
@@ -1407,8 +1407,17 @@ const ecc_set_type ecc_sets[] = {
     }
 };
 #define ECC_SET_COUNT   (sizeof(ecc_sets)/sizeof(ecc_set_type))
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+static
+#endif
 const size_t ecc_sets_count = ECC_SET_COUNT - 1;
 
+const ecc_set_type *wc_ecc_get_sets(void) {
+    return ecc_sets;
+}
+size_t wc_ecc_get_sets_count(void) {
+    return ecc_sets_count;
+}
 
 #ifdef HAVE_OID_ENCODING
     /* encoded OID cache */
@@ -2491,8 +2500,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
    }
    if (err == MP_OKAY && mp_iszero((MP_INT_SIZE*)t2)) {
       /* T2 = X * X */
-      if (err == MP_OKAY)
-          err = mp_sqr(x, t2);
+      err = mp_sqr(x, t2);
       if (err == MP_OKAY)
           err = mp_montgomery_reduce(t2, modulus, mp);
       /* T1 = T2 + T1 */
@@ -2506,8 +2514,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
       /* use "a" in calc */
 
       /* T2 = T1 * T1 */
-      if (err == MP_OKAY)
-          err = mp_sqr(t1, t2);
+      err = mp_sqr(t1, t2);
       if (err == MP_OKAY)
           err = mp_montgomery_reduce(t2, modulus, mp);
       /* T1 = T2 * a */
@@ -3653,17 +3660,12 @@ static void ecc_key_tmp_final(ecc_key* key, void* heap)
    FREE_MP_INT_SIZE(key->t1, heap, DYNAMIC_TYPE_ECC);
 #else
 #ifdef ALT_ECC_SIZE
-   if (key->z != NULL)
-      XFREE(key->z, heap, DYNAMIC_TYPE_ECC);
-   if (key->y != NULL)
-      XFREE(key->y, heap, DYNAMIC_TYPE_ECC);
-   if (key->x != NULL)
-      XFREE(key->x, heap, DYNAMIC_TYPE_ECC);
+   XFREE(key->z, heap, DYNAMIC_TYPE_ECC);
+   XFREE(key->y, heap, DYNAMIC_TYPE_ECC);
+   XFREE(key->x, heap, DYNAMIC_TYPE_ECC);
 #endif
-   if (key->t2 != NULL)
-      XFREE(key->t2, heap, DYNAMIC_TYPE_ECC);
-   if (key->t1 != NULL)
-      XFREE(key->t1, heap, DYNAMIC_TYPE_ECC);
+   XFREE(key->t2, heap, DYNAMIC_TYPE_ECC);
+   XFREE(key->t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 }
 #endif /* WOLFSSL_SMALL_STACK_CACHE */
@@ -4981,8 +4983,7 @@ int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
     if (k == k_lcl)
         mp_clear(k);
 #ifdef WOLFSSL_SMALL_STACK
-    if (k_lcl != NULL)
-        XFREE(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER);
+    XFREE(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER);
 #endif
 #endif
 
@@ -5526,7 +5527,7 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
             /* Map in a separate call as this should be constant time */
             err = wc_ecc_mulmod_ex2(ecc_get_k(key), base, pub, curve->Af,
                                  curve->prime, curve->order, rng, 0, key->heap);
-            if (err == MP_MEM) {
+            if (err == WC_NO_ERR_TRACE(MP_MEM)) {
                err = MEMORY_E;
             }
         }
@@ -5542,7 +5543,7 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
 
     if (err != MP_OKAY
     #ifdef WOLFSSL_ASYNC_CRYPT
-        && err != WC_PENDING_E
+        && err != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
         /* clean up if failed */
@@ -5996,7 +5997,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
 
         if (err == MP_OKAY
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || err == WC_PENDING_E
+            || err == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             key->type = ECC_PRIVATEKEY;
@@ -6395,9 +6396,6 @@ static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp)
 
 #ifdef HAVE_ECC_SIGN
 
-#ifndef NO_ASN
-
-
 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) ||  \
     defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) || \
     defined(WOLFSSL_SILABS_SE_ACCEL) || defined(WOLFSSL_KCAPI_ECC) || \
@@ -6722,6 +6720,9 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
     DECL_MP_INT_SIZE_DYN(r, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
     DECL_MP_INT_SIZE_DYN(s, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
 #endif
+#ifdef NO_ASN
+    word32 keySz;
+#endif
 
     if (in == NULL || out == NULL || outlen == NULL || key == NULL) {
         return ECC_BAD_ARG_E;
@@ -6758,17 +6759,17 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
 #else
 
     NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
-#ifdef MP_INT_SIZE_CHECK_NULL
+    #ifdef MP_INT_SIZE_CHECK_NULL
     if (r == NULL)
         return MEMORY_E;
-#endif
+    #endif
     NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
-#ifdef MP_INT_SIZE_CHECK_NULL
+    #ifdef MP_INT_SIZE_CHECK_NULL
     if (s == NULL) {
         FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
         return MEMORY_E;
     }
-#endif
+    #endif
 
     err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key));
     if (err != 0) {
@@ -6800,8 +6801,26 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
         return err;
     }
 
+#ifndef NO_ASN
     /* encoded with DSA header */
     err = StoreECC_DSA_Sig(out, outlen, r, s);
+#else
+    /* No support for DSA ASN.1 header.
+     * Signature will be r+s directly. */
+    keySz = 0;
+    if (key->dp != NULL) {
+        keySz = (word32)key->dp->size;
+    }
+    if (keySz <= 0) {
+        WOLFSSL_MSG("Error: ECDSA sign raw signature size");
+        return WC_NO_ERR_TRACE(ECC_BAD_ARG_E);
+    }
+    *outlen = keySz * 2;
+
+    /* Export signature into r,s */
+    mp_to_unsigned_bin_len(r, out, keySz);
+    mp_to_unsigned_bin_len(s, out + keySz, keySz);
+#endif /* !NO_ASN */
 
     /* cleanup */
     mp_clear(r);
@@ -6813,7 +6832,6 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
     return err;
 #endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
 }
-#endif /* !NO_ASN */
 
 #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
     defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
@@ -6837,13 +6855,17 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
         if (key->sign_k == NULL) {
             key->sign_k = (mp_int*)XMALLOC(sizeof(mp_int), key->heap,
                                                             DYNAMIC_TYPE_ECC);
+            if (key->sign_k != NULL) {
+                err = mp_init(key->sign_k);
+                if (err != MP_OKAY) {
+                    XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC);
+                    key->sign_k = NULL;
+                }
+            }
         }
-
         if (key->sign_k != NULL) {
-            /* currently limiting to SHA256 for auto create */
-            if (mp_init(key->sign_k) != MP_OKAY ||
-                wc_ecc_gen_deterministic_k(in, inlen,
-                        WC_HASH_TYPE_SHA256, ecc_get_k(key), key->sign_k,
+            if (wc_ecc_gen_deterministic_k(in, inlen,
+                        key->hashType, ecc_get_k(key), key->sign_k,
                         curve->order, key->heap) != 0) {
                 mp_free(key->sign_k);
                 XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC);
@@ -6861,8 +6883,7 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
         }
     #else
         key->sign_k_set = 0;
-        /* currently limiting to SHA256 for auto create */
-        if (wc_ecc_gen_deterministic_k(in, inlen, WC_HASH_TYPE_SHA256,
+        if (wc_ecc_gen_deterministic_k(in, inlen, key->hashType,
                 ecc_get_k(key), key->sign_k, curve->order, key->heap) != 0) {
             err = ECC_PRIV_KEY_E;
         }
@@ -7479,7 +7500,7 @@ static int _HMAC_K(byte* K, word32 KSz, byte* V, word32 VSz,
     Hmac hmac;
     int  ret, init;
 
-    ret = init = wc_HmacInit(&hmac, heap, 0);
+    ret = init = wc_HmacInit(&hmac, heap, INVALID_DEVID);
     if (ret == 0)
         ret = wc_HmacSetKey(&hmac, hashType, K, KSz);
 
@@ -7519,7 +7540,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
         enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order,
         void* heap)
 {
-    int ret = 0, qbits = 0;
+    int ret = 0;
 #ifndef WOLFSSL_SMALL_STACK
     byte h1[MAX_ECC_BYTES];
     byte V[WC_MAX_DIGEST_SIZE];
@@ -7535,6 +7556,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
 #endif
     word32 xSz, VSz, KSz, h1len, qLen;
     byte intOct;
+    int qbits = 0;
 
     if (hash == NULL || k == NULL || order == NULL) {
         return BAD_FUNC_ARG;
@@ -7545,9 +7567,20 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
         return BAD_FUNC_ARG;
     }
 
-    if (hashSz != WC_SHA256_DIGEST_SIZE) {
-        WOLFSSL_MSG("Currently only SHA256 digest is supported");
-        return BAD_FUNC_ARG;
+    /* if none is provided then detect has type based on hash size */
+    if (hashType == WC_HASH_TYPE_NONE) {
+        if (hashSz == 64) {
+            hashType = WC_HASH_TYPE_SHA512;
+        }
+        else if (hashSz == 48) {
+            hashType = WC_HASH_TYPE_SHA384;
+        }
+        else if (hashSz == 32) {
+            hashType = WC_HASH_TYPE_SHA256;
+        }
+        else {
+            return BAD_FUNC_ARG;
+        }
     }
 
     if (mp_unsigned_bin_size(priv) > MAX_ECC_BYTES) {
@@ -7587,14 +7620,10 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
 
     /* bail out if any error has been hit at this point */
     if (ret != 0) {
-        if (x != NULL)
-            XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY);
-        if (K != NULL)
-            XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER);
-        if (V != NULL)
-            XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER);
-        if (h1 != NULL)
-            XFREE(h1, heap, DYNAMIC_TYPE_DIGEST);
+        XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER);
+        XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER);
+        XFREE(h1, heap, DYNAMIC_TYPE_DIGEST);
         return ret;
     }
 #endif
@@ -7615,6 +7644,16 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
         wc_MemZero_Add("wc_ecc_gen_deterministic_k x", x, qLen);
     #endif
         qbits = mp_count_bits(order);
+        if (qbits < 0)
+            ret = MP_VAL;
+    }
+
+    if (ret == 0) {
+         /* hash truncate if too long */
+        if (((WOLFSSL_BIT_SIZE) * hashSz) > (word32)qbits) {
+            /* calculate truncated hash size using bits rounded up byte */
+            hashSz = ((word32)qbits + (WOLFSSL_BIT_SIZE - 1)) / WOLFSSL_BIT_SIZE;
+        }
         ret = mp_read_unsigned_bin(z1, hash, hashSz);
     }
 
@@ -7636,7 +7675,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
                 ret = BUFFER_E;
             }
             else {
-                ret = mp_to_unsigned_bin_len(z1, h1, h1len);
+                ret = mp_to_unsigned_bin_len(z1, h1, (int)h1len);
             }
         }
         else
@@ -7705,7 +7744,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
                 ret = mp_read_unsigned_bin(k, x, xSz);
             }
 
-            if ((ret == 0) && ((int)(xSz * WOLFSSL_BIT_SIZE) != qbits)) {
+            if ((ret == 0) && ((xSz * WOLFSSL_BIT_SIZE) != (word32)qbits)) {
                 /* handle odd case where shift of 'k' is needed with RFC 6979
                  *  k = bits2int(T) in section 3.2 h.3 */
                 mp_rshb(k, ((int)xSz * WOLFSSL_BIT_SIZE) - qbits);
@@ -7737,16 +7776,11 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
 
     ForceZero(x, MAX_ECC_BYTES);
 #ifdef WOLFSSL_SMALL_STACK
-    if (z1 != NULL)
-        XFREE(z1, heap, DYNAMIC_TYPE_ECC_BUFFER);
-    if (x != NULL)
-        XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY);
-    if (K != NULL)
-        XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER);
-    if (V != NULL)
-        XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER);
-    if (h1 != NULL)
-        XFREE(h1, heap, DYNAMIC_TYPE_DIGEST);
+    XFREE(z1, heap, DYNAMIC_TYPE_ECC_BUFFER);
+    XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER);
+    XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER);
+    XFREE(h1, heap, DYNAMIC_TYPE_DIGEST);
 #elif defined(WOLFSSL_CHECK_MEM_ZERO)
     wc_MemZero_Check(x, MAX_ECC_BYTES);
 #endif
@@ -7758,15 +7792,23 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
 /* Sets the deterministic flag for 'k' generation with sign.
  * returns 0 on success
  */
-int wc_ecc_set_deterministic(ecc_key* key, byte flag)
+int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag,
+                                enum wc_HashType hashType)
 {
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
     key->deterministic = flag ? 1 : 0;
+    key->hashType = hashType;
     return 0;
 }
+
+int wc_ecc_set_deterministic(ecc_key* key, byte flag)
+{
+    return wc_ecc_set_deterministic_ex(key, flag, WC_HASH_TYPE_NONE);
+}
+
 #endif /* end sign_ex and deterministic sign */
 
 
@@ -7859,7 +7901,9 @@ int wc_ecc_free(ecc_key* key)
         return 0;
     }
 
-#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP)
+#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \
+    defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
+    defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
 #ifndef WOLFSSL_NO_MALLOC
     if (key->sign_k != NULL)
 #endif
@@ -8169,12 +8213,12 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
   /* allocate memory */
   tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER);
   if (tA == NULL) {
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
   tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER);
   if (tB == NULL) {
      XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER);
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
 #endif
 
@@ -8183,7 +8227,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
   if (key == NULL) {
      XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER);
      XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER);
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
 #endif
 #ifdef WOLFSSL_SMALL_STACK
@@ -8195,7 +8239,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
   #ifdef WOLFSSL_SMALL_STACK_CACHE
      XFREE(key, heap, DYNAMIC_TYPE_ECC_BUFFER);
   #endif
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
 #endif
 #ifdef WOLFSSL_SMALL_STACK_CACHE
@@ -8423,7 +8467,6 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
 
 
 #ifdef HAVE_ECC_VERIFY
-#ifndef NO_ASN
 /* verify
  *
  * w  = s^-1 mod n
@@ -8461,6 +8504,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 #ifdef WOLFSSL_ASYNC_CRYPT
     int isPrivateKeyOnly = 0;
 #endif
+#ifdef NO_ASN
+    word32 keySz;
+#endif
 
     if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
         return ECC_BAD_ARG_E;
@@ -8493,18 +8539,20 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
     r = key->r;
     s = key->s;
 #else
-    NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
-#ifdef MP_INT_SIZE_CHECK_NULL
+    NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap,
+        DYNAMIC_TYPE_ECC);
+    #ifdef MP_INT_SIZE_CHECK_NULL
     if (r == NULL)
         return MEMORY_E;
-#endif
-    NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
-#ifdef MP_INT_SIZE_CHECK_NULL
+    #endif
+    NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap,
+        DYNAMIC_TYPE_ECC);
+    #ifdef MP_INT_SIZE_CHECK_NULL
     if (s == NULL) {
         FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
         return MEMORY_E;
     }
-#endif
+    #endif
     err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key));
     if (err != 0) {
         FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
@@ -8527,6 +8575,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
             /* default to invalid signature */
             *res = 0;
 
+    #ifndef NO_ASN
             /* Decode ASN.1 ECDSA signature. */
         #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
             /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
@@ -8541,6 +8590,24 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
             if (err < 0) {
                 break;
             }
+    #else
+            /* No support for DSA ASN.1 header.
+             * Signature must be r+s directly. */
+            keySz = 0;
+            if (key->dp != NULL) {
+                keySz = (word32)key->dp->size;
+            }
+            if (siglen != keySz * 2) {
+                WOLFSSL_MSG("Error: ECDSA Verify raw signature size");
+                return WC_NO_ERR_TRACE(ECC_BAD_ARG_E);
+            }
+
+            /* Import signature into r,s */
+            mp_init(r);
+            mp_init(s);
+            mp_read_unsigned_bin(r, sig, keySz);
+            mp_read_unsigned_bin(s, sig + keySz, keySz);
+    #endif /* !NO_ASN */
             FALL_THROUGH;
 
         case ECC_STATE_VERIFY_DO:
@@ -8600,7 +8667,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
     return err;
 #endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
 }
-#endif /* !NO_ASN */
 
 #ifndef WOLF_CRYPTO_CB_ONLY_ECC
 
@@ -9089,7 +9155,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
    keySz = (word32)key->dp->size;
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \
-       defined(WOLFSSL_ASYNC_CRYPT_SW)
+    defined(WOLFSSL_ASYNC_CRYPT_SW)
     if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
         if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_ECC_VERIFY)) {
             WC_ASYNC_SW* sw = &key->asyncDev.sw;
@@ -9466,12 +9532,8 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
             }
 
         #ifdef WOLFSSL_SMALL_STACK
-            if (t1 != NULL) {
-                XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT);
-            }
-            if (t2 != NULL) {
-                XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT);
-            }
+            XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT);
+            XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT);
         #endif
 
             wc_ecc_curve_free(curve);
@@ -9548,7 +9610,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
     /* return length needed only */
     if (point != NULL && out == NULL && outLen != NULL) {
         *outLen = 1 + 2*numlen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (point == NULL || out == NULL || outLen == NULL)
@@ -9624,7 +9686,7 @@ int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point,
     /* return length needed only */
     if (point != NULL && out == NULL && outLen != NULL) {
         *outLen = output_len;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (point == NULL || out == NULL || outLen == NULL)
@@ -9688,7 +9750,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
       /* if key hasn't been setup assume max bytes for size estimation */
       numlen = key->dp ? (word32)key->dp->size : MAX_ECC_BYTES;
       *outLen = 1 + 2 * numlen;
-      return LENGTH_ONLY_E;
+      return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
    }
 
    if (key == NULL || out == NULL || outLen == NULL)
@@ -10166,23 +10228,32 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
     }
 
     if (!err && (flags & WC_ECC_FLAG_DEC_SIGN)) {
+#ifndef WOLFSSL_SMALL_STACK
+        #define SIG_SZ ((MAX_ECC_BYTES * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)
+        byte sig[SIG_SZ + WC_SHA256_DIGEST_SIZE];
+#else
         byte* sig;
+#endif
         byte* digest;
         word32 sigLen, digestLen;
         int dynRng = 0, res = 0;
 
         sigLen = (word32)wc_ecc_sig_size(key);
         digestLen = WC_SHA256_DIGEST_SIZE;
-        sig = (byte*)XMALLOC(sigLen + digestLen, NULL, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_SMALL_STACK
+        sig = (byte*)XMALLOC(sigLen + digestLen, key->heap, DYNAMIC_TYPE_ECC);
         if (sig == NULL)
             return MEMORY_E;
+#endif
         digest = sig + sigLen;
 
         if (rng == NULL) {
             dynRng = 1;
-            rng = wc_rng_new(NULL, 0, NULL);
+            rng = wc_rng_new(NULL, 0, key->heap);
             if (rng == NULL) {
-                XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_SMALL_STACK
+                XFREE(sig, key->heap, DYNAMIC_TYPE_ECC);
+#endif
                 return MEMORY_E;
             }
         }
@@ -10203,7 +10274,9 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
             wc_rng_free(rng);
         }
         ForceZero(sig, sigLen + digestLen);
-        XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(sig, key->heap, DYNAMIC_TYPE_ECC);
+#endif
     }
     (void)rng;
 
@@ -10737,12 +10810,8 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
             mp_clear(t1);
         }
     #ifdef WOLFSSL_SMALL_STACK
-        if (t1 != NULL) {
-            XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (t2 != NULL) {
-            XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT);
     #endif
 
         wc_ecc_curve_free(curve);
@@ -12422,7 +12491,7 @@ static int add_entry(int idx, ecc_point *g)
    /* allocate base and LUT */
    fp_cache[idx].g = wc_ecc_new_point();
    if (fp_cache[idx].g == NULL) {
-      return GEN_MEM_ERR;
+      return MP_MEM;
    }
 
    /* copy x and y */
@@ -12431,7 +12500,7 @@ static int add_entry(int idx, ecc_point *g)
        (mp_copy(g->z, fp_cache[idx].g->z) != MP_OKAY)) {
       wc_ecc_del_point(fp_cache[idx].g);
       fp_cache[idx].g = NULL;
-      return GEN_MEM_ERR;
+      return MP_MEM;
    }
 
    for (x = 0; x < (1U<<FP_LUT); x++) {
@@ -12444,7 +12513,7 @@ static int add_entry(int idx, ecc_point *g)
          wc_ecc_del_point(fp_cache[idx].g);
          fp_cache[idx].g         = NULL;
          fp_cache[idx].lru_count = 0;
-         return GEN_MEM_ERR;
+         return MP_MEM;
       }
    }
 
@@ -12480,7 +12549,7 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
 
    err = mp_init(tmp);
    if (err != MP_OKAY) {
-       err = GEN_MEM_ERR;
+       err = MP_MEM;
        goto errout;
    }
 
@@ -12756,7 +12825,7 @@ static int accel_fp_mul(int idx, const mp_int* k, ecc_point *R, mp_int* a,
              if ((mp_copy(fp_cache[idx].LUT[z]->x, R->x) != MP_OKAY) ||
                  (mp_copy(fp_cache[idx].LUT[z]->y, R->y) != MP_OKAY) ||
                  (mp_copy(&fp_cache[idx].mu,       R->z) != MP_OKAY)) {
-                 err = GEN_MEM_ERR;
+                 err = MP_MEM;
                  break;
              }
              first = 0;
@@ -13020,7 +13089,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
                  if ((mp_copy(fp_cache[idx1].LUT[zA]->x, R->x) != MP_OKAY) ||
                      (mp_copy(fp_cache[idx1].LUT[zA]->y, R->y) != MP_OKAY) ||
                      (mp_copy(&fp_cache[idx1].mu,        R->z) != MP_OKAY)) {
-                     err = GEN_MEM_ERR;
+                     err = MP_MEM;
                      break;
                  }
                     first = 0;
@@ -13035,7 +13104,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
                  if ((mp_copy(fp_cache[idx2].LUT[zB]->x, R->x) != MP_OKAY) ||
                      (mp_copy(fp_cache[idx2].LUT[zB]->y, R->y) != MP_OKAY) ||
                      (mp_copy(&fp_cache[idx2].mu,        R->z) != MP_OKAY)) {
-                     err = GEN_MEM_ERR;
+                     err = MP_MEM;
                      break;
                  }
                     first = 0;
@@ -14805,9 +14874,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
 #endif
 #ifdef WOLFSSL_SMALL_STACK
 #ifndef WOLFSSL_ECIES_OLD
-    if (peerKey != NULL) {
-        XFREE(peerKey, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
-    }
+    XFREE(peerKey, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
 #endif
     XFREE(sharedSecret, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
     XFREE(keys, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
@@ -15327,7 +15394,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
 
    if (*outLen < (1 + numlen)) {
       *outLen = 1 + numlen;
-      return LENGTH_ONLY_E;
+      return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
    }
 
    if (out == NULL)
@@ -15363,9 +15430,8 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
     /* find matching OID sum (based on encoded value) */
     for (x = 0; ecc_sets[x].size != 0; x++) {
         if (ecc_sets[x].oidSum == oidSum) {
-            int ret;
         #ifdef HAVE_OID_ENCODING
-            ret = 0;
+            int ret = 0;
             /* check cache */
             oid_cache_t* o = &ecc_oid_cache[x];
             if (o->oidSz == 0) {
@@ -15383,6 +15449,7 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
             if (ret == 0) {
                 ret = ecc_sets[x].id;
             }
+            return ret;
         #else
             if (oidSz) {
                 *oidSz = ecc_sets[x].oidSz;
@@ -15390,9 +15457,8 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
             if (oid) {
                 *oid = ecc_sets[x].oid;
             }
-            ret = ecc_sets[x].id;
+            return ecc_sets[x].id;
         #endif
-            return ret;
         }
     }
 
diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c
index 69d999b355..2be700fcb4 100644
--- a/wolfcrypt/src/eccsi.c
+++ b/wolfcrypt/src/eccsi.c
@@ -1,6 +1,6 @@
 /* eccsi.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -516,7 +516,7 @@ static int eccsi_encode_point(ecc_point* point, word32 size, byte* data,
 
     if (data == NULL) {
         *sz = size * 2 + !raw;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < size * 2 + !raw)) {
         err = BUFFER_E;
@@ -655,7 +655,7 @@ int wc_ExportEccsiKey(EccsiKey* key, byte* data, word32* sz)
     if (err == 0) {
         if (data == NULL) {
             *sz = (word32)(key->ecc.dp->size * 3);
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else if (*sz < (word32)key->ecc.dp->size * 3) {
             err = BUFFER_E;
@@ -777,7 +777,7 @@ int wc_ExportEccsiPrivateKey(EccsiKey* key, byte* data, word32* sz)
     if (err == 0) {
         if (data == NULL) {
             *sz = (word32)key->ecc.dp->size;
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else if (*sz < (word32)key->ecc.dp->size) {
             err = BUFFER_E;
@@ -1016,7 +1016,7 @@ int wc_EncodeEccsiPair(const EccsiKey* key, mp_int* ssk, ecc_point* pvt,
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)(key->ecc.dp->size * 3);
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < (word32)(key->ecc.dp->size * 3))) {
         err = BUFFER_E;
@@ -1077,7 +1077,7 @@ int wc_EncodeEccsiSsk(const EccsiKey* key, mp_int* ssk, byte* data, word32* sz)
     if (err == 0) {
         if (data == NULL) {
             *sz = (word32)key->ecc.dp->size;
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else if (*sz < (word32)key->ecc.dp->size) {
             err = BUFFER_E;
@@ -2000,7 +2000,7 @@ int wc_SignEccsiHash(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType,
         sz = (word32)key->ecc.dp->size;
         if (sig == NULL) {
             *sigSz = sz * 4 + 1;
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
     }
     if ((err == 0) && (*sigSz < sz * 4 + 1)) {
diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index 381b911596..86f594dd79 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -1,6 +1,6 @@
 /* ed25519.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/ed448.c b/wolfcrypt/src/ed448.c
index e9e865ce67..1598c9c98d 100644
--- a/wolfcrypt/src/ed448.c
+++ b/wolfcrypt/src/ed448.c
@@ -1,6 +1,6 @@
 /* ed448.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 2e25b60f7d..deedcbe1a6 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -1,6 +1,6 @@
 /* error.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,19 @@
 WOLFSSL_ABI
 const char* wc_GetErrorString(int error)
 {
-    switch (error) {
+    switch ((enum wolfCrypt_ErrorCodes)error) {
+
+    case MP_MEM :
+        return "MP integer dynamic memory allocation failed";
+
+    case MP_VAL :
+        return "MP integer invalid argument";
+
+    case MP_WOULDBLOCK :
+        return "MP integer non-blocking operation would block";
+
+    case MP_NOT_INF:
+        return "MP point not at infinity";
 
     case OPEN_RAN_E :
         return "opening random device error";
@@ -352,13 +364,13 @@ const char* wc_GetErrorString(int error)
         return "ECC is point on curve failed";
 
     case ECC_INF_E:
-        return " ECC point at infinity error";
+        return "ECC point at infinity error";
 
     case ECC_OUT_OF_RANGE_E:
-        return " ECC Qx or Qy out of range error";
+        return "ECC Qx or Qy out of range error";
 
     case ECC_PRIV_KEY_E:
-        return " ECC private key is not valid error";
+        return "ECC private key is not valid error";
 
     case SRP_CALL_ORDER_E:
         return "SRP function called in the wrong order error";
@@ -630,6 +642,8 @@ const char* wc_GetErrorString(int error)
     case PBKDF2_KAT_FIPS_E:
         return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure";
 
+    case MAX_CODE_E:
+    case MIN_CODE_E:
     default:
         return "unknown error number";
 
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index 42949fc432..bcd87b4285 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -1,6 +1,6 @@
 /* evp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -283,6 +283,40 @@ static const struct s_ent {
 
 static const char EVP_NULL[] = "NULL";
 
+static const struct pkey_type_name_ent {
+    int type;
+    const char *name;
+} pkey_type_names[] = {
+    { EVP_PKEY_RSA,     "RSA" },
+    { EVP_PKEY_EC,      "EC" },
+    { EVP_PKEY_DH,      "DH" },
+    { EVP_PKEY_DSA,     "DSA" }
+};
+
+static int pkey_type_by_name(const char *name) {
+    unsigned int i;
+    if (name == NULL)
+        return EVP_PKEY_NONE;
+    for (i = 0; i < XELEM_CNT(pkey_type_names); ++i) {
+        if (XSTRCMP(name, pkey_type_names[i].name) == 0)
+            return pkey_type_names[i].type;
+    }
+    return EVP_PKEY_NONE;
+}
+
+int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) {
+    int type;
+
+    if (pkey == NULL)
+        return WOLFSSL_FAILURE;
+
+    type = pkey_type_by_name(name);
+    if (type == EVP_PKEY_NONE)
+        return WOLFSSL_FAILURE;
+
+    return (pkey->type == type) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+
 #define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0)
 
 #define EVP_PKEY_PRINT_LINE_WIDTH_MAX  80
@@ -364,6 +398,9 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c)
       case DES_ECB_TYPE:      return 8;
       case DES_EDE3_ECB_TYPE: return 24;
   #endif
+  #ifndef NO_RC4
+      case ARC4_TYPE:         return 16;
+  #endif
   #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
       case CHACHA20_POLY1305_TYPE: return 32;
   #endif
@@ -452,7 +489,7 @@ void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx)
 
 int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (ctx != NULL) {
         WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_reset");
@@ -1688,7 +1725,7 @@ int  wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
 {
     int fl;
     if (ctx == NULL || out == NULL || outl == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_legacy");
     if (ctx->block_size == 1) {
@@ -1727,7 +1764,7 @@ int  wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
 
 int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
 {
-    if (ctx == NULL) return BAD_FUNC_ARG;
+    if (ctx == NULL) return WOLFSSL_FAILURE;
     switch (ctx->cipherType) {
 #if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4)
 #if !defined(NO_AES)
@@ -2009,7 +2046,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
 int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
 {
     if (cipher == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     switch (cipherType(cipher)) {
 #if !defined(NO_AES)
@@ -2269,7 +2306,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx,
     int padding)
 {
     if (ctx == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     if (padding) {
         ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_NO_PADDING;
     }
@@ -2281,9 +2318,10 @@ int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx,
 
 int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest)
 {
-    (void)digest;
     /* nothing to do */
-    return 0;
+    if (digest == NULL)
+        return WOLFSSL_FAILURE;
+    return WOLFSSL_SUCCESS;
 }
 
 
@@ -2679,9 +2717,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx,
     }
 
     if (ret == WOLFSSL_SUCCESS && salt != NULL && saltSz > 0) {
-        if (ctx->pkey->hkdfSalt != NULL) {
-            XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
-        }
+        XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
         ctx->pkey->hkdfSalt = (byte*)XMALLOC((size_t)saltSz, NULL,
             DYNAMIC_TYPE_SALT);
         if (ctx->pkey->hkdfSalt == NULL) {
@@ -2716,9 +2752,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx,
     }
 
     if (ret == WOLFSSL_SUCCESS) {
-        if (ctx->pkey->hkdfKey != NULL) {
-            XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
-        }
+        XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
         ctx->pkey->hkdfKey = (byte*)XMALLOC((size_t)keySz, NULL,
             DYNAMIC_TYPE_KEY);
         if (ctx->pkey->hkdfKey == NULL) {
@@ -3110,7 +3144,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
         if (!ctx->pkey->dsa)
             return WOLFSSL_FAILURE;
         bytes = wolfSSL_BN_num_bytes(ctx->pkey->dsa->q);
-        if (bytes == WOLFSSL_FAILURE)
+        if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WOLFSSL_FAILURE;
         bytes *= 2;
         if (!sig) {
@@ -3123,7 +3157,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
         /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */
         if (ret != WOLFSSL_SUCCESS)
             return ret;
-        if (bytes == WOLFSSL_FAILURE)
+        if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WOLFSSL_FAILURE;
         *siglen = (size_t)bytes;
         return WOLFSSL_SUCCESS;
@@ -3404,14 +3438,14 @@ int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
 int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
   WOLFSSL_EVP_PKEY **ppkey)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int ownPkey = 0;
     WOLFSSL_EVP_PKEY* pkey;
 
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen");
 
     if (ctx == NULL || ppkey == NULL) {
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     }
 
     pkey = *ppkey;
@@ -3421,7 +3455,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
                  ctx->pkey->type != EVP_PKEY_RSA &&
                  ctx->pkey->type != EVP_PKEY_DH)) {
             WOLFSSL_MSG("Key not set or key type not supported");
-            return BAD_FUNC_ARG;
+            return WOLFSSL_FAILURE;
         }
         pkey = wolfSSL_EVP_PKEY_new();
         if (pkey == NULL) {
@@ -3802,14 +3836,15 @@ static int DH_param_check(WOLFSSL_DH* dh_key)
         dh_key->q != NULL)
     {
         if (ret == WOLFSSL_SUCCESS &&
-            wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) ==
-            WOLFSSL_FAILURE) {
+            wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx)
+               == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             WOLFSSL_MSG("BN_mod_exp failed");
             ret = WOLFSSL_FAILURE;
         }
         else
             if (ret == WOLFSSL_SUCCESS &&
-                wolfSSL_BN_is_one(num1) == WOLFSSL_FAILURE) {
+                wolfSSL_BN_is_one(num1) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("dh_key->g is not suitable generator");
                 ret = WOLFSSL_FAILURE;
             }
@@ -3957,7 +3992,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
     (void)siglen;
 
     WOLFSSL_ENTER("EVP_SignFinal");
-    if (ctx == NULL)
+    if (ctx == NULL || sigret == NULL || siglen == NULL || pkey == NULL)
         return WOLFSSL_FAILURE;
 
     ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
@@ -3989,15 +4024,32 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
         if (ret != WOLFSSL_SUCCESS)
             return ret;
         bytes = wolfSSL_BN_num_bytes(pkey->dsa->q);
-        if (bytes == WOLFSSL_FAILURE || (int)*siglen < bytes * 2)
+        if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE) ||
+            (int)*siglen < bytes * 2)
+        {
             return WOLFSSL_FAILURE;
+        }
         *siglen = (unsigned int)(bytes * 2);
         return WOLFSSL_SUCCESS;
     }
 #endif
-    case EVP_PKEY_EC:
-        WOLFSSL_MSG("not implemented");
-        FALL_THROUGH;
+#ifdef HAVE_ECC
+    case EVP_PKEY_EC: {
+        WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_ECDSA_do_sign(md, (int)mdsize,
+                pkey->ecc);
+        if (ecdsaSig == NULL)
+            return WOLFSSL_FAILURE;
+        ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL);
+        if (ret <= 0 || ret > (int)*siglen)
+            return WOLFSSL_FAILURE;
+        ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sigret);
+        wolfSSL_ECDSA_SIG_free(ecdsaSig);
+        if (ret <= 0 || ret > (int)*siglen)
+            return WOLFSSL_FAILURE;
+        *siglen = (unsigned int)ret;
+        return WOLFSSL_SUCCESS;
+    }
+#endif
     default:
         break;
     }
@@ -4055,7 +4107,8 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     if (ctx == NULL) return WOLFSSL_FAILURE;
     WOLFSSL_ENTER("EVP_VerifyFinal");
     ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
-    if (ret <= 0) return ret;
+    if (ret <= 0)
+        return ret;
 
     (void)sig;
     (void)siglen;
@@ -4072,9 +4125,19 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
                 (unsigned int)siglen, pkey->rsa);
     }
 #endif /* NO_RSA */
-
+#ifdef HAVE_ECC
+    case EVP_PKEY_EC: {
+        WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG(
+            NULL, (const unsigned char **)&sig, (long)siglen);
+        if (ecdsaSig == NULL)
+            return WOLFSSL_FAILURE;
+        ret = wolfSSL_ECDSA_do_verify(md, (int)mdsize, ecdsaSig,
+            pkey->ecc);
+        wolfSSL_ECDSA_SIG_free(ecdsaSig);
+        return ret;
+    }
+#endif
     case EVP_PKEY_DSA:
-    case EVP_PKEY_EC:
         WOLFSSL_MSG("not implemented");
         FALL_THROUGH;
     default:
@@ -4085,9 +4148,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
 
 int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher)
 {
-    (void)cipher;
     /* nothing to do */
-    return 0;
+    if (cipher == NULL)
+        return WOLFSSL_FAILURE;
+    return WOLFSSL_SUCCESS;
 }
 
 
@@ -4144,7 +4208,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e,
     }
 
     ret = wolfSSL_CMAC_Init(ctx, priv, len, cipher, e);
-    if (ret == WOLFSSL_FAILURE) {
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
         wolfSSL_CMAC_CTX_free(ctx);
         WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0);
         return NULL;
@@ -4286,7 +4350,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
         }
         type = wolfSSL_EVP_get_digestbynid(default_digest);
         if (type == NULL) {
-            return BAD_FUNC_ARG;
+            return WOLFSSL_FAILURE;
         }
     }
 
@@ -4478,7 +4542,7 @@ int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
     WOLFSSL_ENTER("EVP_DigestSignInit");
 
     if (ctx == NULL || pkey == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
 }
@@ -4490,7 +4554,7 @@ int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
     WOLFSSL_ENTER("EVP_DigestSignUpdate");
 
     if (ctx == NULL || d == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfssl_evp_digest_pk_update(ctx, d, cnt);
 }
@@ -4500,7 +4564,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
 {
     unsigned char digest[WC_MAX_DIGEST_SIZE];
     unsigned int  hashLen;
-    int           ret = WOLFSSL_FAILURE;
+    int           ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("EVP_DigestSignFinal");
 
@@ -4603,7 +4667,7 @@ int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
     WOLFSSL_ENTER("EVP_DigestVerifyInit");
 
     if (ctx == NULL || type == NULL || pkey == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
 }
@@ -4615,7 +4679,7 @@ int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
     WOLFSSL_ENTER("EVP_DigestVerifyUpdate");
 
     if (ctx == NULL || d == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfssl_evp_digest_pk_update(ctx, d, (unsigned int)cnt);
 }
@@ -4756,7 +4820,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
 int wolfSSL_EVP_read_pw_string(char* buf, int bufSz, const char* banner, int v)
 {
     printf("%s", banner);
-    if (XGETPASSWD(buf, bufSz) == WOLFSSL_FAILURE) {
+    if (XGETPASSWD(buf, bufSz) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
         return -1;
     }
     (void)v; /* fgets always sanity checks size of input vs buffer */
@@ -5913,7 +5977,7 @@ void wolfSSL_EVP_init(void)
     int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \
                                     int arg, void *ptr)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
 #ifndef WC_NO_RNG
         WC_RNG rng;
@@ -6298,15 +6362,11 @@ void wolfSSL_EVP_init(void)
             ctx->keyLen     = 0;
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \
     defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
-            if (ctx->authBuffer) {
-                XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
-                ctx->authBuffer = NULL;
-            }
+            XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authBuffer = NULL;
             ctx->authBufferLen = 0;
-            if (ctx->authIn) {
-                XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-                ctx->authIn = NULL;
-            }
+            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authIn = NULL;
             ctx->authInSz = 0;
             ctx->authIvGenEnable = 0;
             ctx->authIncIv = 0;
@@ -6361,7 +6421,7 @@ void wolfSSL_EVP_init(void)
         }
 
         ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL);
-        if (ret == WOLFSSL_FAILURE)
+        if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             goto end;
 
         ret = wc_PBKDF1_ex(key, (int)info->keySz, iv, (int)info->ivSz, data, sz,
@@ -6428,10 +6488,8 @@ void wolfSSL_EVP_init(void)
     {
         int ret = WOLFSSL_SUCCESS;
 
-        if (ctx->authIn) {
-            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-            ctx->authIn = NULL;
-        }
+        XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+        ctx->authIn = NULL;
         ctx->authInSz = 0;
 
         ctx->block_size = AES_BLOCK_SIZE;
@@ -6520,7 +6578,7 @@ void wolfSSL_EVP_init(void)
     static int EvpCipherAesGCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst,
                                byte* src, word32 len)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     #ifndef WOLFSSL_AESGCM_STREAM
         /* No destination means only AAD. */
@@ -6635,10 +6693,8 @@ void wolfSSL_EVP_init(void)
     {
         int ret = WOLFSSL_SUCCESS;
 
-        if (ctx->authIn) {
-            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-            ctx->authIn = NULL;
-        }
+        XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+        ctx->authIn = NULL;
         ctx->authInSz = 0;
 
         ctx->block_size = AES_BLOCK_SIZE;
@@ -6714,7 +6770,7 @@ void wolfSSL_EVP_init(void)
     static int EvpCipherAesCCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst,
                                byte* src, word32 len)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         /* No destination means only AAD. */
         if (src != NULL && dst == NULL) {
@@ -6786,10 +6842,8 @@ void wolfSSL_EVP_init(void)
             return WOLFSSL_FAILURE;
         }
 
-        if (ctx->authIn) {
-            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-            ctx->authIn = NULL;
-        }
+        XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+        ctx->authIn = NULL;
         ctx->authInSz = 0;
 
         ctx->block_size = AES_BLOCK_SIZE;
@@ -7821,10 +7875,8 @@ void wolfSSL_EVP_init(void)
                 ctx->ivSz = GCM_NONCE_MID_SZ;
             }
             ctx->authTagSz  = SM4_BLOCK_SIZE;
-            if (ctx->authIn) {
-                XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-                ctx->authIn = NULL;
-            }
+            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authIn = NULL;
             ctx->authInSz = 0;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -7853,10 +7905,8 @@ void wolfSSL_EVP_init(void)
                 ctx->ivSz = GCM_NONCE_MID_SZ;
             }
             ctx->authTagSz  = SM4_BLOCK_SIZE;
-            if (ctx->authIn) {
-                XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-                ctx->authIn = NULL;
-            }
+            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authIn = NULL;
             ctx->authInSz = 0;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -8224,7 +8274,7 @@ void wolfSSL_EVP_init(void)
     int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
                            word32 len)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
 
@@ -9304,7 +9354,7 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void)
 
 int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type)
 {
-    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type");
 
@@ -9329,7 +9379,7 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type)
         }
     }
     else {
-        ret = BAD_FUNC_ARG;
+        ret = WOLFSSL_FAILURE;
     }
 
     WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret);
@@ -9873,10 +9923,24 @@ static const struct alias {
             const char *alias;
 } digest_alias_tbl[] =
 {
-    {"MD4", "ssl3-md4"},
-    {"MD5", "ssl3-md5"},
-    {"SHA1", "ssl3-sha1"},
+    {"MD4", "md4"},
+    {"MD5", "md5"},
+    {"SHA1", "sha1"},
     {"SHA1", "SHA"},
+    {"SHA224", "sha224"},
+    {"SHA256", "sha256"},
+    {"SHA384", "sha384"},
+    {"SHA512", "sha512"},
+    {"SHA512_224", "sha512_224"},
+    {"SHA3_224", "sha3_224"},
+    {"SHA3_256", "sha3_256"},
+    {"SHA3_384", "sha3_384"},
+    {"SHA3_512", "sha3_512"},
+    {"SM3", "sm3"},
+    {"BLAKE2B512", "blake2b512"},
+    {"BLAKE2S256", "blake2s256"},
+    {"SHAKE128", "shake128"},
+    {"SHAKE256", "shake256"},
     { NULL, NULL}
 };
 
@@ -10205,7 +10269,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
      * @param n message digest type name
      * @return alias name, otherwise NULL
      */
-    static const char* hasAliasName(const char* n)
+    static const char* getMdAliasName(const char* n)
     {
 
         const char* aliasnm = NULL;
@@ -10236,23 +10300,15 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     {
         struct do_all_md *md = (struct do_all_md*)arg;
 
-        const struct s_ent *ent;
-
         /* sanity check */
         if (md == NULL || nm == NULL || md->fn == NULL ||
             nm->type != WOLFSSL_OBJ_NAME_TYPE_MD_METH)
             return;
 
-        /* loop all md */
-        for (ent = md_tbl; ent->name != NULL; ent++){
-            /* check if the md has alias */
-            if(hasAliasName(ent->name) != NULL) {
-                md->fn(NULL, ent->name, ent->name, md->arg);
-            }
-            else {
-                md->fn(ent->name, ent->name, NULL, md->arg);
-            }
-        }
+        if (nm->alias)
+            md->fn(NULL, nm->name, nm->data, md->arg);
+        else
+            md->fn((const EVP_MD *)nm->data, nm->name, NULL, md->arg);
     }
 
     /* call md_do_all function to do all md algorithm via a callback function
@@ -10287,11 +10343,30 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
         if (!fn)
             return;
 
-        objnm.type = type;
-
         switch(type) {
             case WOLFSSL_OBJ_NAME_TYPE_MD_METH:
-                fn(&objnm, arg);
+                {
+                    const struct s_ent *ent;
+                    /* loop all md */
+                    for (ent = md_tbl; ent->name != NULL; ent++){
+                        XMEMSET(&objnm, 0, sizeof(objnm));
+
+                        /* populate objnm with info about the md */
+                        objnm.type = WOLFSSL_OBJ_NAME_TYPE_MD_METH;
+                        objnm.name = ent->name;
+                        objnm.data = (const char*)
+                                wolfSSL_EVP_get_digestbyname(ent->name);
+                        fn(&objnm, arg);
+
+                        /* check if the md has alias and also call fn with it */
+                        objnm.name = getMdAliasName(ent->name);
+                        if (objnm.name != NULL) {
+                            objnm.alias |= WOLFSSL_OBJ_NAME_ALIAS;
+                            objnm.data = ent->name;
+                            fn(&objnm, arg);
+                        }
+                    }
+                }
                 break;
             case WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH:
             case WOLFSSL_OBJ_NAME_TYPE_PKEY_METH:
@@ -10424,7 +10499,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
         WOLFSSL_ENTER("EVP_DigestInit");
 
         if (ctx == NULL) {
-            return BAD_FUNC_ARG;
+            return WOLFSSL_FAILURE;
         }
 
 
@@ -10522,7 +10597,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     #endif
         {
              ctx->macType = WC_HASH_TYPE_NONE;
-             return BAD_FUNC_ARG;
+             return WOLFSSL_FAILURE;
         }
 
         return ret;
@@ -10532,7 +10607,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
                                 size_t sz)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
         enum wc_HashType macType;
 
         WOLFSSL_ENTER("EVP_DigestUpdate");
@@ -10660,7 +10735,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
                                unsigned int* s)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
         enum wc_HashType macType;
 
         WOLFSSL_ENTER("EVP_DigestFinal");
@@ -10839,7 +10914,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type)
 
     if (type == NULL) {
         WOLFSSL_MSG("No md type arg");
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     }
 
 #ifndef NO_SHA
@@ -10905,7 +10980,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type)
     } else
 #endif
 
-    return BAD_FUNC_ARG;
+    return WOLFSSL_FAILURE;
 }
 
 int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
@@ -10914,7 +10989,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
 
     if (type == NULL) {
         WOLFSSL_MSG("No md type arg");
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     }
 
 #ifndef NO_SHA
@@ -10990,7 +11065,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
     }
 #endif
 
-    return BAD_FUNC_ARG;
+    return WOLFSSL_FAILURE;
 }
 
 #endif /* OPENSSL_EXTRA  || HAVE_CURL */
@@ -11108,18 +11183,12 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
 
                 #ifdef HAVE_HKDF
                 case EVP_PKEY_HKDF:
-                    if (key->hkdfSalt != NULL) {
-                        XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
-                        key->hkdfSalt = NULL;
-                    }
-                    if (key->hkdfKey != NULL) {
-                        XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
-                        key->hkdfKey = NULL;
-                    }
-                    if (key->hkdfInfo != NULL) {
-                        XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO);
-                        key->hkdfInfo = NULL;
-                    }
+                    XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
+                    key->hkdfSalt = NULL;
+                    XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
+                    key->hkdfKey = NULL;
+                    XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO);
+                    key->hkdfInfo = NULL;
                     key->hkdfSaltSz = 0;
                     key->hkdfKeySz = 0;
                     key->hkdfInfoSz = 0;
@@ -11279,7 +11348,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     int indent, int bitlen, ASN1_PCTX* pctx)
 {
     byte   buff[8] = { 0 };
-    int    res = WOLFSSL_FAILURE;
+    int    res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32 inOutIdx = 0;
     word32 nSz;             /* size of modulus */
     word32 eSz;             /* size of public exponent */
@@ -11598,10 +11667,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
         res = wolfSSL_BIO_write(out, "\n", 1) > 0;
     }
 
-    if (pub != NULL) {
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER);
-        pub = NULL;
-    }
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER);
+    pub = NULL;
 
     wc_ecc_free(key);
     mp_free(a);
@@ -11633,7 +11700,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
 
     byte    buff[8] = { 0 };
     int     length;
-    int     res = WOLFSSL_FAILURE;
+    int     res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32  inOutIdx = 0;
     word32  oid;
     byte    tagFound;
@@ -11851,7 +11918,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
 {
 
     byte    buff[8] = { 0 };
-    int     res = WOLFSSL_FAILURE;
+    int     res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32  length;
     word32  inOutIdx;
     word32  oid;
diff --git a/wolfcrypt/src/ext_kyber.c b/wolfcrypt/src/ext_kyber.c
index 77ab430de9..0c2cb2b437 100644
--- a/wolfcrypt/src/ext_kyber.c
+++ b/wolfcrypt/src/ext_kyber.c
@@ -1,6 +1,6 @@
 /* ext_kyber.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
-#ifdef WOLFSSL_HAVE_KYBER
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_WC_KYBER)
 #include <wolfssl/wolfcrypt/ext_kyber.h>
 
 #ifdef NO_INLINE
@@ -168,12 +168,6 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
         }
     }
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    (void)key;
-    if (ret == 0) {
-        *len = PQM4_PRIVATE_KEY_LENGTH;
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -216,12 +210,6 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
         }
     }
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    (void)key;
-    if (ret == 0) {
-        *len = PQM4_PUBLIC_KEY_LENGTH;
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -264,12 +252,6 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
         }
     }
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    (void)key;
-    if (ret == 0) {
-        *len = PQM4_CIPHERTEXT_LENGTH;
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -301,7 +283,7 @@ int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len)
 /**
  * Make a Kyber key object using a random number generator.
  *
- * NOTE: rng is ignored. OQS and PQM4 don't use our RNG.
+ * NOTE: rng is ignored. OQS doesn't use our RNG.
  *
  * @param  [in, out]  key   Kyber key ovject.
  * @param  [in]       rng   Random number generator.
@@ -362,14 +344,6 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
     wolfSSL_liboqsRngMutexUnlock();
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    if (ret == 0) {
-        if (crypto_kem_keypair(key->pub, key->priv) != 0) {
-            WOLFSSL_MSG("PQM4 keygen failure");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-#endif /* HAVE_PQM4 */
 
     if (ret != 0) {
         ForceZero(key, sizeof(*key));
@@ -394,7 +368,7 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
 {
     (void)rand;
     (void)len;
-    /* OQS and PQM4 don't support external randomness. */
+    /* OQS doesn't support external randomness. */
     return wc_KyberKey_MakeKey(key, NULL);
 }
 
@@ -471,14 +445,6 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
     wolfSSL_liboqsRngMutexUnlock();
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    if (ret == 0) {
-        if (crypto_kem_enc(ct, ss, key->pub) != 0) {
-            WOLFSSL_MSG("PQM4 Encapsulation failure.");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -501,7 +467,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
 {
     (void)rand;
     (void)len;
-    /* OQS and PQM4 don't support external randomness. */
+    /* OQS doesn't support external randomness. */
     return wc_KyberKey_Encapsulate(key, ct, ss, NULL);
 }
 
@@ -577,14 +543,6 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
 
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    if (ret == 0) {
-        if (crypto_kem_dec(ss, ct, key->priv) != 0) {
-            WOLFSSL_MSG("PQM4 Decapsulation failure.");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 
@@ -750,4 +708,4 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
     return ret;
 }
 
-#endif /* WOLFSSL_HAVE_KYBER */
+#endif /* WOLFSSL_HAVE_KYBER && !WOLFSSL_WC_KYBER */
diff --git a/wolfcrypt/src/ext_lms.c b/wolfcrypt/src/ext_lms.c
index 7a59576672..70dfa5bd7a 100644
--- a/wolfcrypt/src/ext_lms.c
+++ b/wolfcrypt/src/ext_lms.c
@@ -1,6 +1,6 @@
 /* ext_lms.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,8 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
-#ifdef WOLFSSL_HAVE_LMS
+#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS)
+
 #include <wolfssl/wolfcrypt/ext_lms.h>
 
 #ifdef NO_INLINE
@@ -1048,4 +1049,4 @@ int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz,
     return 0;
 }
 
-#endif /* WOLFSSL_HAVE_LMS */
+#endif /* WOLFSSL_HAVE_LMS && HAVE_LIBLMS */
diff --git a/wolfcrypt/src/ext_xmss.c b/wolfcrypt/src/ext_xmss.c
index 9ce012e255..938d5136d1 100644
--- a/wolfcrypt/src/ext_xmss.c
+++ b/wolfcrypt/src/ext_xmss.c
@@ -1,6 +1,6 @@
 /* ext_xmss.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,7 +28,8 @@
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/sha256.h>
 
-#ifdef WOLFSSL_HAVE_XMSS
+#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS)
+
 #include <wolfssl/wolfcrypt/ext_xmss.h>
 
 #ifdef NO_INLINE
@@ -1042,4 +1043,4 @@ int wc_XmssKey_Verify(XmssKey * key, const byte * sig, word32 sigLen,
     return ret;
 }
 
-#endif /* WOLFSSL_HAVE_XMSS */
+#endif /* WOLFSSL_HAVE_XMSS && HAVE_LIBXMSS */
diff --git a/wolfcrypt/src/falcon.c b/wolfcrypt/src/falcon.c
index 04309dbecb..b1aabb13b2 100644
--- a/wolfcrypt/src/falcon.c
+++ b/wolfcrypt/src/falcon.c
@@ -1,6 +1,6 @@
 /* falcon.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fe_448.c b/wolfcrypt/src/fe_448.c
index 36c6096945..ede162a5e2 100644
--- a/wolfcrypt/src/fe_448.c
+++ b/wolfcrypt/src/fe_448.c
@@ -1,6 +1,6 @@
 /* fe_448.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c
index 3556639600..ad10a0e944 100644
--- a/wolfcrypt/src/fe_low_mem.c
+++ b/wolfcrypt/src/fe_low_mem.c
@@ -1,6 +1,6 @@
 /* fe_low_mem.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c
index 704b455c34..2910151dfb 100644
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -1,6 +1,6 @@
 /* fe_operations.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mont_small.i b/wolfcrypt/src/fp_mont_small.i
index c0f9092487..c75547b6a3 100644
--- a/wolfcrypt/src/fp_mont_small.i
+++ b/wolfcrypt/src/fp_mont_small.i
@@ -1,6 +1,6 @@
 /* fp_mont_small.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_12.i b/wolfcrypt/src/fp_mul_comba_12.i
index b5840a5d7f..153b02c4eb 100644
--- a/wolfcrypt/src/fp_mul_comba_12.i
+++ b/wolfcrypt/src/fp_mul_comba_12.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_12.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_17.i b/wolfcrypt/src/fp_mul_comba_17.i
index 8092e4549e..6e2487cd61 100644
--- a/wolfcrypt/src/fp_mul_comba_17.i
+++ b/wolfcrypt/src/fp_mul_comba_17.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_17.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_20.i b/wolfcrypt/src/fp_mul_comba_20.i
index cec9e46e8b..b2994324fc 100644
--- a/wolfcrypt/src/fp_mul_comba_20.i
+++ b/wolfcrypt/src/fp_mul_comba_20.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_20.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_24.i b/wolfcrypt/src/fp_mul_comba_24.i
index 299ebc41db..cc1463e2de 100644
--- a/wolfcrypt/src/fp_mul_comba_24.i
+++ b/wolfcrypt/src/fp_mul_comba_24.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_24.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_28.i b/wolfcrypt/src/fp_mul_comba_28.i
index 13af28df84..5d079164fb 100644
--- a/wolfcrypt/src/fp_mul_comba_28.i
+++ b/wolfcrypt/src/fp_mul_comba_28.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_28.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_3.i b/wolfcrypt/src/fp_mul_comba_3.i
index 1ac5622e26..4318b8e0c5 100644
--- a/wolfcrypt/src/fp_mul_comba_3.i
+++ b/wolfcrypt/src/fp_mul_comba_3.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_3.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_32.i b/wolfcrypt/src/fp_mul_comba_32.i
index c8d3b6c0cd..e381d73596 100644
--- a/wolfcrypt/src/fp_mul_comba_32.i
+++ b/wolfcrypt/src/fp_mul_comba_32.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_32.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_4.i b/wolfcrypt/src/fp_mul_comba_4.i
index d4e400224e..0f404ff895 100644
--- a/wolfcrypt/src/fp_mul_comba_4.i
+++ b/wolfcrypt/src/fp_mul_comba_4.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_4.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_48.i b/wolfcrypt/src/fp_mul_comba_48.i
index a81cec53ad..2189b601bc 100644
--- a/wolfcrypt/src/fp_mul_comba_48.i
+++ b/wolfcrypt/src/fp_mul_comba_48.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_48.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_6.i b/wolfcrypt/src/fp_mul_comba_6.i
index 67ee873777..f5c33d2fc0 100644
--- a/wolfcrypt/src/fp_mul_comba_6.i
+++ b/wolfcrypt/src/fp_mul_comba_6.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_6.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_64.i b/wolfcrypt/src/fp_mul_comba_64.i
index 8f75cddafd..dba74829ef 100644
--- a/wolfcrypt/src/fp_mul_comba_64.i
+++ b/wolfcrypt/src/fp_mul_comba_64.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_64.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_7.i b/wolfcrypt/src/fp_mul_comba_7.i
index a50d30d866..ffb8a322e9 100644
--- a/wolfcrypt/src/fp_mul_comba_7.i
+++ b/wolfcrypt/src/fp_mul_comba_7.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_7.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_8.i b/wolfcrypt/src/fp_mul_comba_8.i
index a0a4d38fcb..044a731fb3 100644
--- a/wolfcrypt/src/fp_mul_comba_8.i
+++ b/wolfcrypt/src/fp_mul_comba_8.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_8.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_9.i b/wolfcrypt/src/fp_mul_comba_9.i
index cf63f82cab..4ebc103499 100644
--- a/wolfcrypt/src/fp_mul_comba_9.i
+++ b/wolfcrypt/src/fp_mul_comba_9.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_9.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_small_set.i b/wolfcrypt/src/fp_mul_comba_small_set.i
index 1ece3cc465..7b6277917d 100644
--- a/wolfcrypt/src/fp_mul_comba_small_set.i
+++ b/wolfcrypt/src/fp_mul_comba_small_set.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_small_set.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_12.i b/wolfcrypt/src/fp_sqr_comba_12.i
index f542b9129f..87deca00a8 100644
--- a/wolfcrypt/src/fp_sqr_comba_12.i
+++ b/wolfcrypt/src/fp_sqr_comba_12.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_12.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_17.i b/wolfcrypt/src/fp_sqr_comba_17.i
index 6987c5757a..b6c589a9fb 100644
--- a/wolfcrypt/src/fp_sqr_comba_17.i
+++ b/wolfcrypt/src/fp_sqr_comba_17.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_17.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_20.i b/wolfcrypt/src/fp_sqr_comba_20.i
index bd388d5fde..f8776d59eb 100644
--- a/wolfcrypt/src/fp_sqr_comba_20.i
+++ b/wolfcrypt/src/fp_sqr_comba_20.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_20.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_24.i b/wolfcrypt/src/fp_sqr_comba_24.i
index e57148a3c2..25178e3713 100644
--- a/wolfcrypt/src/fp_sqr_comba_24.i
+++ b/wolfcrypt/src/fp_sqr_comba_24.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_24.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_28.i b/wolfcrypt/src/fp_sqr_comba_28.i
index 78fb8e0164..1e639ffb70 100644
--- a/wolfcrypt/src/fp_sqr_comba_28.i
+++ b/wolfcrypt/src/fp_sqr_comba_28.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_28.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_3.i b/wolfcrypt/src/fp_sqr_comba_3.i
index bab8996dd9..b16412c920 100644
--- a/wolfcrypt/src/fp_sqr_comba_3.i
+++ b/wolfcrypt/src/fp_sqr_comba_3.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_3.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_32.i b/wolfcrypt/src/fp_sqr_comba_32.i
index 9ee96c52f1..359a47e41c 100644
--- a/wolfcrypt/src/fp_sqr_comba_32.i
+++ b/wolfcrypt/src/fp_sqr_comba_32.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_32.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_4.i b/wolfcrypt/src/fp_sqr_comba_4.i
index d0bae98021..92e38b5d6a 100644
--- a/wolfcrypt/src/fp_sqr_comba_4.i
+++ b/wolfcrypt/src/fp_sqr_comba_4.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_4.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_48.i b/wolfcrypt/src/fp_sqr_comba_48.i
index a9fa4f8e10..d6568f95e7 100644
--- a/wolfcrypt/src/fp_sqr_comba_48.i
+++ b/wolfcrypt/src/fp_sqr_comba_48.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_48.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_6.i b/wolfcrypt/src/fp_sqr_comba_6.i
index 2e91e69b15..a92eb1032a 100644
--- a/wolfcrypt/src/fp_sqr_comba_6.i
+++ b/wolfcrypt/src/fp_sqr_comba_6.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_6.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_64.i b/wolfcrypt/src/fp_sqr_comba_64.i
index a072269cb5..41da933311 100644
--- a/wolfcrypt/src/fp_sqr_comba_64.i
+++ b/wolfcrypt/src/fp_sqr_comba_64.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_64.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_7.i b/wolfcrypt/src/fp_sqr_comba_7.i
index 9ae37801df..2b2f1d8fb1 100644
--- a/wolfcrypt/src/fp_sqr_comba_7.i
+++ b/wolfcrypt/src/fp_sqr_comba_7.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_7.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_8.i b/wolfcrypt/src/fp_sqr_comba_8.i
index c0be97bb52..13b728366c 100644
--- a/wolfcrypt/src/fp_sqr_comba_8.i
+++ b/wolfcrypt/src/fp_sqr_comba_8.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_8.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_9.i b/wolfcrypt/src/fp_sqr_comba_9.i
index 92369de40c..aa04a22dfb 100644
--- a/wolfcrypt/src/fp_sqr_comba_9.i
+++ b/wolfcrypt/src/fp_sqr_comba_9.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_9.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_small_set.i b/wolfcrypt/src/fp_sqr_comba_small_set.i
index f8e0a4dc15..a47ca8c2dc 100644
--- a/wolfcrypt/src/fp_sqr_comba_small_set.i
+++ b/wolfcrypt/src/fp_sqr_comba_small_set.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_small_set.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/ge_448.c b/wolfcrypt/src/ge_448.c
index d2033af9a8..415928f97f 100644
--- a/wolfcrypt/src/ge_448.c
+++ b/wolfcrypt/src/ge_448.c
@@ -1,6 +1,6 @@
 /* ge_448.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -10781,18 +10781,10 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a,
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && (!defined(WOLFSSL_NO_MALLOC) ||                                                           defined(XMALLOC_USER))
-    if (p2 != NULL) {
-        XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (pi != NULL) {
-        XFREE(pi, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (bslide != NULL) {
-        XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (aslide != NULL) {
-        XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pi, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c
index abe6ea697a..df747a126c 100644
--- a/wolfcrypt/src/ge_low_mem.c
+++ b/wolfcrypt/src/ge_low_mem.c
@@ -1,6 +1,6 @@
 /* ge_low_mem.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c
index 57a838cda7..bcf9d354b5 100644
--- a/wolfcrypt/src/ge_operations.c
+++ b/wolfcrypt/src/ge_operations.c
@@ -1,6 +1,6 @@
 /* ge_operations.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -9470,18 +9470,12 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
   out:
 
-  if (aslide != NULL)
-      XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-  if (bslide != NULL)
-      XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-  if (Ai != NULL)
-      XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-  if (t != NULL)
-      XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-  if (u != NULL)
-      XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-  if (A2 != NULL)
-      XFREE(A2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(A2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
   return ret;
 #else
diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index bc69c3b482..db3a047998 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -1,6 +1,6 @@
 /* hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index fb71bf3abd..47f8f13824 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -1,6 +1,6 @@
 /* hmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c
index 15e8d85698..450ee73173 100644
--- a/wolfcrypt/src/hpke.c
+++ b/wolfcrypt/src/hpke.c
@@ -1,6 +1,6 @@
 /* hpke.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am
index e6a93af6d4..675415f843 100644
--- a/wolfcrypt/src/include.am
+++ b/wolfcrypt/src/include.am
@@ -139,7 +139,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \
               wolfcrypt/src/port/Renesas/README.md \
               wolfcrypt/src/port/cypress/psoc6_crypto.c \
-              wolfcrypt/src/port/liboqs/liboqs.c
+              wolfcrypt/src/port/liboqs/liboqs.c \
+              wolfcrypt/src/port/maxim/max3266x.c
 
 $(ASYNC_FILES):
 	$(AM_V_at)touch $(srcdir)/$@
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index dadfeb4eef..3deeaeb82e 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -1,6 +1,6 @@
 /* integer.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c
index 9edf3a5747..1bb338e80e 100644
--- a/wolfcrypt/src/kdf.c
+++ b/wolfcrypt/src/kdf.c
@@ -1,6 +1,6 @@
 /* kdf.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -84,11 +84,9 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
     word32 lastTime;
     int    ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    byte*  previous;
     byte*  current;
     Hmac*  hmac;
 #else
-    byte   previous[P_HASH_MAX_SIZE];  /* max size */
     byte   current[P_HASH_MAX_SIZE];   /* max size */
     Hmac   hmac[1];
 #endif
@@ -153,19 +151,16 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
     lastTime = times - 1;
 
 #ifdef WOLFSSL_SMALL_STACK
-    previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
-    current  = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
-    hmac     = (Hmac*)XMALLOC(sizeof(Hmac),    heap, DYNAMIC_TYPE_HMAC);
-    if (previous == NULL || current == NULL || hmac == NULL) {
-        if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
-        if (current)  XFREE(current,  heap, DYNAMIC_TYPE_DIGEST);
-        if (hmac)     XFREE(hmac,     heap, DYNAMIC_TYPE_HMAC);
+    current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
+    hmac    = (Hmac*)XMALLOC(sizeof(Hmac),    heap, DYNAMIC_TYPE_HMAC);
+    if (current == NULL || hmac == NULL) {
+        XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
+        XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
         return MEMORY_E;
     }
 #endif
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-    XMEMSET(previous, 0xff, P_HASH_MAX_SIZE);
-    wc_MemZero_Add("wc_PRF previous", previous, P_HASH_MAX_SIZE);
+    XMEMSET(current, 0xff, P_HASH_MAX_SIZE);
     wc_MemZero_Add("wc_PRF current", current, P_HASH_MAX_SIZE);
     wc_MemZero_Add("wc_PRF hmac", hmac, sizeof(Hmac));
 #endif
@@ -176,53 +171,53 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
         if (ret == 0)
             ret = wc_HmacUpdate(hmac, seed, seedLen); /* A0 = seed */
         if (ret == 0)
-            ret = wc_HmacFinal(hmac, previous);       /* A1 */
+            ret = wc_HmacFinal(hmac, current);        /* A1 */
         if (ret == 0) {
             word32 i;
             word32 idx = 0;
 
             for (i = 0; i < times; i++) {
-                ret = wc_HmacUpdate(hmac, previous, len);
+                ret = wc_HmacUpdate(hmac, current, len);
                 if (ret != 0)
                     break;
                 ret = wc_HmacUpdate(hmac, seed, seedLen);
                 if (ret != 0)
                     break;
-                ret = wc_HmacFinal(hmac, current);
-                if (ret != 0)
-                    break;
-
-                if ((i == lastTime) && lastLen)
-                    XMEMCPY(&result[idx], current,
-                                             min(lastLen, P_HASH_MAX_SIZE));
-                else {
-                    XMEMCPY(&result[idx], current, len);
+                if ((i != lastTime) || !lastLen) {
+                    ret = wc_HmacFinal(hmac, &result[idx]);
+                    if (ret != 0)
+                        break;
                     idx += len;
-                    ret = wc_HmacUpdate(hmac, previous, len);
+
+                    ret = wc_HmacUpdate(hmac, current, len);
                     if (ret != 0)
                         break;
-                    ret = wc_HmacFinal(hmac, previous);
+                    ret = wc_HmacFinal(hmac, current);
                     if (ret != 0)
                         break;
                 }
+                else {
+                    ret = wc_HmacFinal(hmac, current);
+                    if (ret != 0)
+                        break;
+                    XMEMCPY(&result[idx], current,
+                                             min(lastLen, P_HASH_MAX_SIZE));
+                }
             }
         }
         wc_HmacFree(hmac);
     }
 
-    ForceZero(previous,  P_HASH_MAX_SIZE);
-    ForceZero(current,   P_HASH_MAX_SIZE);
-    ForceZero(hmac,      sizeof(Hmac));
+    ForceZero(current, P_HASH_MAX_SIZE);
+    ForceZero(hmac,    sizeof(Hmac));
 
 #if defined(WOLFSSL_CHECK_MEM_ZERO)
-    wc_MemZero_Check(previous, P_HASH_MAX_SIZE);
-    wc_MemZero_Check(current,  P_HASH_MAX_SIZE);
-    wc_MemZero_Check(hmac,     sizeof(Hmac));
+    wc_MemZero_Check(current, P_HASH_MAX_SIZE);
+    wc_MemZero_Check(hmac,    sizeof(Hmac));
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
-    XFREE(current,  heap, DYNAMIC_TYPE_DIGEST);
+    XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
     XFREE(hmac,     heap, DYNAMIC_TYPE_HMAC);
 #endif
 
diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c
index de87dbf8d8..d548cd6149 100644
--- a/wolfcrypt/src/logging.c
+++ b/wolfcrypt/src/logging.c
@@ -1,6 +1,6 @@
 /* logging.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -471,26 +471,48 @@ void WOLFSSL_BUFFER(const byte* buffer, word32 length)
 
     while (buflen > 0) {
         int bufidx = 0;
-        XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "\t");
+        if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "\t")
+            >= (int)sizeof(line) - bufidx)
+        {
+            goto errout;
+        }
         bufidx++;
 
         for (i = 0; i < LINE_LEN; i++) {
             if (i < buflen) {
-                XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "%02x ", buffer[i]);
+                if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "%02x ",
+                              buffer[i]) >= (int)sizeof(line) - bufidx)
+                {
+                    goto errout;
+                }
             }
             else {
-                XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "   ");
+                if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "   ")
+                    >= (int)sizeof(line) - bufidx)
+                {
+                    goto errout;
+                }
             }
             bufidx += 3;
         }
 
-        XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "| ");
+        if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "| ")
+            >= (int)sizeof(line) - bufidx)
+        {
+            goto errout;
+        }
         bufidx++;
 
         for (i = 0; i < LINE_LEN; i++) {
             if (i < buflen) {
-                XSNPRINTF(&line[bufidx], sizeof(line)-bufidx,
-                     "%c", 31 < buffer[i] && buffer[i] < 127 ? buffer[i] : '.');
+                if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx,
+                              "%c", 31 < buffer[i] && buffer[i] < 127
+                              ? buffer[i]
+                              : '.')
+                    >= (int)sizeof(line) - bufidx)
+                {
+                    goto errout;
+                }
                 bufidx++;
             }
         }
@@ -499,6 +521,12 @@ void WOLFSSL_BUFFER(const byte* buffer, word32 length)
         buffer += LINE_LEN;
         buflen -= LINE_LEN;
     }
+
+    return;
+
+errout:
+
+    wolfssl_log(INFO_LOG, NULL, 0, "\t[Buffer error while rendering]");
 }
 
 #undef WOLFSSL_ENTER /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
@@ -506,7 +534,11 @@ void WOLFSSL_ENTER(const char* msg)
 {
     if (loggingEnabled) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
-        XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg);
+        if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg)
+            >= (int)sizeof(buffer))
+        {
+            buffer[sizeof(buffer) - 1] = 0;
+        }
         wolfssl_log(ENTER_LOG, NULL, 0, buffer);
     }
 }
@@ -516,7 +548,11 @@ void WOLFSSL_ENTER2(const char *file, int line, const char* msg)
 {
     if (loggingEnabled) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
-        XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg);
+        if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg)
+            >= (int)sizeof(buffer))
+        {
+            buffer[sizeof(buffer) - 1] = 0;
+        }
         wolfssl_log(ENTER_LOG, file, line, buffer);
     }
 }
@@ -527,8 +563,12 @@ void WOLFSSL_LEAVE(const char* msg, int ret)
 {
     if (loggingEnabled) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
-        XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d",
-                msg, ret);
+        if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d",
+                      msg, ret)
+            >= (int)sizeof(buffer))
+        {
+            buffer[sizeof(buffer) - 1] = 0;
+        }
         wolfssl_log(LEAVE_LOG, NULL, 0, buffer);
     }
 }
@@ -538,8 +578,12 @@ void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret)
 {
     if (loggingEnabled) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
-        XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d",
-                msg, ret);
+        if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d",
+                      msg, ret)
+            >= (int)sizeof(buffer))
+        {
+            buffer[sizeof(buffer) - 1] = 0;
+        }
         wolfssl_log(LEAVE_LOG, file, line, buffer);
     }
 }
@@ -1674,3 +1718,144 @@ void WOLFSSL_ERROR_MSG(const char* msg)
 }
 
 #endif  /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+
+#ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+
+#ifdef WOLFSSL_LINUXKM
+
+void wc_backtrace_render(void) {
+    dump_stack();
+}
+
+#else /* !WOLFSSL_LINUXKM */
+
+#include <backtrace-supported.h>
+
+#if BACKTRACE_SUPPORTED != 1
+    #error WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES is defined but BACKTRACE_SUPPORTED is 0.
+#endif
+
+#if !defined(WOLFSSL_MUTEX_INITIALIZER) && defined(WOLFSSL_NO_ATOMICS)
+    #error WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES requires WOLFSSL_MUTEX_INITIALIZER or wolfSSL_Atomic_Ints.
+#endif
+
+#include <backtrace.h>
+
+static int backtrace_callback(void *data, uintptr_t pc, const char *filename,
+                              int lineno, const char *function)
+{
+    if (function == NULL)
+        return 0;
+    /* the first callback is for the call to wc_print_backtrace() -- skip it. */
+    if (*(int *)data == 0) {
+        *(int *)data = 1;
+        return 0;
+    }
+#ifdef NO_STDIO_FILESYSTEM
+    printf("    #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc,
+           function, filename, lineno);
+#else
+    fprintf(stderr, "    #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc,
+            function, filename, lineno);
+#endif
+    return 0;
+}
+
+static void backtrace_error(void *data, const char *msg, int errnum) {
+    (void)data;
+#ifdef NO_STDIO_FILESYSTEM
+    printf("ERR TRACE: error %d while backtracing: %s", errnum, msg);
+#else
+    fprintf(stderr, "ERR TRACE: error %d while backtracing: %s", errnum, msg);
+#endif
+}
+
+static void backtrace_creation_error(void *data, const char *msg, int errnum) {
+    (void)data;
+#ifdef NO_STDIO_FILESYSTEM
+    printf("ERR TRACE: internal error %d "
+            "while initializing backtrace facility: %s", errnum, msg);
+    printf("ERR TRACE: internal error "
+           "while initializing backtrace facility");
+#else
+    fprintf(stderr, "ERR TRACE: internal error %d "
+            "while initializing backtrace facility: %s", errnum, msg);
+#endif
+}
+
+static int backtrace_init(struct backtrace_state **backtrace_state) {
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+    static wolfSSL_Mutex backtrace_create_state_mutex =
+        WOLFSSL_MUTEX_INITIALIZER(backtrace_create_state_mutex);
+    if (wc_LockMutex(&backtrace_create_state_mutex) != 0)
+        return -1;
+#elif defined(WOLFSSL_ATOMIC_OPS)
+    static wolfSSL_Atomic_Int init_count = 0;
+    if (wolfSSL_Atomic_Int_FetchAdd(&init_count, 1) != 1)
+        return -1;
+#endif
+    if (*backtrace_state == NULL) {
+        /* passing a NULL filename to backtrace_create_state() tells
+         * libbacktrace to use a target-specific strategy to determine the
+         * executable.  "libbacktrace supports ELF, PE/COFF, Mach-O, and XCOFF
+         * executables with DWARF debugging information.  In other words, it
+         * supports GNU/Linux, *BSD, macOS, Windows, and AIX."
+         */
+        *backtrace_state = backtrace_create_state(
+            NULL, 0, backtrace_creation_error, NULL);
+    }
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+    wc_UnLockMutex(&backtrace_create_state_mutex);
+#endif
+    if (*backtrace_state == NULL)
+        return -1;
+    return 0;
+}
+
+void wc_backtrace_render(void) {
+    static wolfSSL_Mutex backtrace_mutex
+        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(backtrace_mutex);
+    static struct backtrace_state *backtrace_state = NULL;
+    int depth = 0;
+
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    static wolfSSL_Atomic_Int init_count = 0;
+    if (init_count != 1) {
+        int cur_init_count = wolfSSL_Atomic_Int_FetchSub(&init_count, 1);
+        if (cur_init_count != 0) {
+            (void)wolfSSL_Atomic_Int_FetchAdd(&init_count, 1);
+            return;
+        }
+        if (wc_InitMutex(&backtrace_mutex) != 0)
+            return;
+        /* set init_count to 1, race-free: (-1) - (0-2) = 1 */
+        (void)wolfSSL_Atomic_Int_FetchSub(&init_count, cur_init_count - 2);
+    }
+#endif
+
+    /* backtrace_state can't be shared between threads even when
+     * BACKTRACE_SUPPORTS_THREADS == 1, so we serialize the render op.  this
+     * helpfully mutexes the initialization too.
+     */
+    if (wc_LockMutex(&backtrace_mutex) != 0)
+        return;
+
+    if (backtrace_state == NULL) {
+        if (backtrace_init(&backtrace_state) < 0) {
+            wc_UnLockMutex(&backtrace_mutex);
+            return;
+        }
+    }
+
+    /* note that the optimizer can produce misleading backtraces, even with
+     * -funwind-tables.  in contrast, the macro-generated "ERR TRACE" message
+     * from WC_ERR_TRACE() always accurately identifies the error code point.
+     */
+    backtrace_full(backtrace_state, 0, backtrace_callback, backtrace_error,
+                   (void *)&depth);
+
+    wc_UnLockMutex(&backtrace_mutex);
+}
+#endif /* !WOLFSSL_LINUXKM */
+
+#endif /* WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES */
diff --git a/wolfcrypt/src/md2.c b/wolfcrypt/src/md2.c
index 789704e675..c28a049d4f 100644
--- a/wolfcrypt/src/md2.c
+++ b/wolfcrypt/src/md2.c
@@ -1,6 +1,6 @@
 /* md2.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -123,7 +123,7 @@ void wc_Md2Final(Md2* md2, byte* hash)
     for (i = 0; i < padLen; i++)
         padding[i] = (byte)padLen;
 
-    wc_Md2Update(md2, padding, padLen);
+    wc_Md2Update(md2, padding, padLen); /* cppcheck-suppress uninitvar */
     wc_Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
 
     XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
diff --git a/wolfcrypt/src/md4.c b/wolfcrypt/src/md4.c
index 68eab5fb2b..65b4dc23f6 100644
--- a/wolfcrypt/src/md4.c
+++ b/wolfcrypt/src/md4.c
@@ -1,6 +1,6 @@
 /* md4.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index daab9c9ecf..f6ca240be9 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -1,6 +1,6 @@
 /* md5.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c
index 3e8d4ada58..164dc95717 100644
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@@ -1,6 +1,6 @@
 /* memory.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
index 10f733bd02..7a9bcb02c9 100644
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -1,6 +1,6 @@
 /* misc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -709,13 +709,23 @@ WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low) {
 
 WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap)
 {
-    a.n = a.n + b;
+    a.n += b;
     if (a.n < b && wrap != NULL)
         *wrap = 1;
 
     return a;
 }
 
+WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b,
+    byte *wrap)
+{
+    a.n += b.n;
+    if (a.n < b.n && wrap != NULL)
+        *wrap = 1;
+
+    return a;
+}
+
 WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap)
 {
     if (a.n < b && wrap != NULL)
@@ -796,6 +806,13 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift)
     return a;
 }
 
+WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b)
+{
+    w64wrapper ret;
+    ret.n = (word64)a * (word64)b;
+    return ret;
+}
+
 #else
 
 WC_MISC_STATIC WC_INLINE void w64Increment(w64wrapper *n)
@@ -831,7 +848,7 @@ WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low)
 
 WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap)
 {
-    a.n[1] = a.n[1] + b;
+    a.n[1] += b;
     if (a.n[1] < b) {
         a.n[0]++;
         if (wrap != NULL && a.n[0] == 0)
@@ -841,6 +858,24 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap)
     return a;
 }
 
+WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b,
+    byte *wrap)
+{
+    a.n[1] += b.n[1];
+    if (a.n[1] < b.n[1]) {
+        a.n[0]++;
+        if (wrap != NULL && a.n[0] == 0)
+                *wrap = 1;
+    }
+
+    a.n[0] += b.n[0];
+    if (wrap != NULL && a.n[0] < b.n[0]) {
+        *wrap = 1;
+    }
+
+    return a;
+}
+
 WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap)
 {
     byte _underflow = 0;
@@ -894,7 +929,7 @@ WC_MISC_STATIC WC_INLINE byte w64IsZero(w64wrapper a)
     return a.n[0] == 0 && a.n[1] == 0;
 }
 
-WC_MISC_STATIC WC_INLINE void c64toa(w64wrapper *a, byte *out)
+WC_MISC_STATIC WC_INLINE void c64toa(const w64wrapper *a, byte *out)
 {
 #ifdef BIG_ENDIAN_ORDER
     word32 *_out = (word32*)(out);
@@ -939,7 +974,7 @@ WC_MISC_STATIC WC_INLINE byte w64LT(w64wrapper a, w64wrapper b)
 WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift)
 {
      if (shift < 32) {
-         a.n[1] = (a.n[1] >> shift) || (a.n[0] << (32 - shift));
+         a.n[1] = (a.n[1] >> shift) | (a.n[0] << (32 - shift));
          a.n[0] >>= shift;
      }
      else {
@@ -951,7 +986,7 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift)
 WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift)
 {
      if (shift < 32) {
-         a.n[0] = (a.n[0] << shift) || (a.n[1] >> (32 - shift));
+         a.n[0] = (a.n[0] << shift) | (a.n[1] >> (32 - shift));
          a.n[1] <<= shift;
      }
      else {
@@ -961,6 +996,30 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift)
      return a;
 }
 
+WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b)
+{
+    w64wrapper ret;
+    word16 ltlA, ltlB, ltlC, ltlD;
+    word32 bigA, bigB, bigC, bigD;
+
+    ltlA = a & 0xFFFF;
+    ltlB = (a >> 16) & 0xFFFF;
+    ltlC = b & 0xFFFF;
+    ltlD = (b >> 16) & 0xFFFF;
+
+    bigA = (word32)ltlA * (word32)ltlC;
+    bigC = (word32)ltlB * (word32)ltlC;
+    bigD = (word32)ltlA * (word32)ltlD;
+    bigB = (word32)ltlB * (word32)ltlD;
+
+    ret = w64From32(0, bigB);
+    ret = w64ShiftLeft(ret, 16);
+    ret = w64Add32(ret, bigD, NULL);
+    ret = w64Add32(ret, bigC, NULL);
+    ret = w64ShiftLeft(ret, 16);
+    return w64Add32(ret, bigA, NULL);
+}
+
 #endif /* WORD64_AVAILABLE && !WOLFSSL_W64_WRAPPER_TEST */
 #endif /* WOLFSSL_W64_WRAPPER */
 
diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
index ef111a6dfb..3cddc646b4 100644
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@@ -1,6 +1,6 @@
 /* pkcs12.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -165,9 +165,7 @@ static void freeSafe(AuthenticatedSafe* safe, void* heap)
         safe->CI = ci->next;
         XFREE(ci, heap, DYNAMIC_TYPE_PKCS);
     }
-    if (safe->data != NULL) {
-        XFREE(safe->data, heap, DYNAMIC_TYPE_PKCS);
-    }
+    XFREE(safe->data, heap, DYNAMIC_TYPE_PKCS);
     XFREE(safe, heap, DYNAMIC_TYPE_PKCS);
 
     (void)heap;
@@ -191,22 +189,14 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12)
 
     /* free mac data */
     if (pkcs12->signData != NULL) {
-        if (pkcs12->signData->digest != NULL) {
-            XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST);
-        }
-        if (pkcs12->signData->salt != NULL) {
-            XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT);
-        }
+        XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST);
+        XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT);
         XFREE(pkcs12->signData, heap, DYNAMIC_TYPE_PKCS);
     }
 
 #ifdef ASN_BER_TO_DER
-    if (pkcs12->der != NULL) {
-        XFREE(pkcs12->der, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-    }
-    if (pkcs12->safeDer != NULL) {
-        XFREE(pkcs12->safeDer, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-    }
+    XFREE(pkcs12->der, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+    XFREE(pkcs12->safeDer, pkcs12->heap, DYNAMIC_TYPE_PKCS);
 #endif
 
     XFREE(pkcs12, heap, DYNAMIC_TYPE_PKCS);
@@ -533,8 +523,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
     /* failure cleanup */
     if (ret != 0) {
         if (mac) {
-            if (mac->digest)
-                XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST);
+            XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST);
             XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
         }
     }
@@ -856,9 +845,7 @@ int wc_d2i_PKCS12_fp(const char* file, WC_PKCS12** pkcs12)
         wc_PKCS12_free(*pkcs12);
         *pkcs12 = NULL;
     }
-    if (buf != NULL) {
-        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     WOLFSSL_LEAVE("wc_d2i_PKCS12_fp", ret);
 
@@ -1008,7 +995,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
             if (der == NULL && derSz != NULL) {
                 *derSz = (int)totalSz;
                 XFREE(sdBuf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
 
             if (*der == NULL) {
@@ -1099,9 +1086,7 @@ void wc_FreeCertList(WC_DerCertList* list, void* heap)
 
     while (current != NULL) {
         next = current->next;
-        if (current->buffer != NULL) {
-            XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
-        }
+        XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
         XFREE(current, heap, DYNAMIC_TYPE_PKCS);
         current = next;
     }
@@ -1707,10 +1692,8 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
         }
 
         /* free temporary buffer */
-        if (buf != NULL) {
-            XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-            buf = NULL;
-        }
+        XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+        buf = NULL;
 
         ci = ci->next;
         WOLFSSL_MSG("Done Parsing PKCS12 Content Info Container");
@@ -1744,10 +1727,8 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
             XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY);
             *pkey = NULL;
         }
-        if (buf) {
-            XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-            buf = NULL;
-        }
+        XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+        buf = NULL;
 
         wc_FreeCertList(certList, pkcs12->heap);
     }
@@ -1828,7 +1809,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
     }
     if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         *outSz =  sz + MAX_LENGTH_SZ + 1;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (ret < 0) {
         return ret;
@@ -1890,7 +1871,7 @@ static int wc_PKCS12_create_key_bag(WC_PKCS12* pkcs12, WC_RNG* rng,
     if (out == NULL) {
         *outSz = MAX_SEQ_SZ + WC_PKCS12_DATA_OBJ_SZ + 1 + MAX_LENGTH_SZ +
             length;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     heap = wc_PKCS12_GetHeap(pkcs12);
@@ -1967,7 +1948,7 @@ static int wc_PKCS12_create_cert_bag(WC_PKCS12* pkcs12,
         *outSz = (word32)(MAX_SEQ_SZ + WC_CERTBAG_OBJECT_ID + 1 + MAX_LENGTH_SZ +
             MAX_SEQ_SZ + WC_CERTBAG1_OBJECT_ID + 1 + MAX_LENGTH_SZ + 1 +
             MAX_LENGTH_SZ + (int)certSz);
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* check buffer size able to handle max size */
@@ -2112,7 +2093,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
         totalSz += SetLength(outerSz, seq) + outerSz;
         if (out == NULL) {
             *outSz = totalSz + SetSequence(totalSz, seq);
-            return LENGTH_ONLY_E;
+            return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
 
         if (*outSz < totalSz + SetSequence(totalSz, seq)) {
@@ -2200,7 +2181,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
 
         if (out == NULL) {
             *outSz = totalSz + SetSequence(totalSz, seq);
-            return LENGTH_ONLY_E;
+            return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
 
         if (*outSz < (totalSz + SetSequence(totalSz, seq))) {
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index acf7ef8f22..b77e9de171 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1,6 +1,6 @@
 /* pkcs7.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -289,7 +289,7 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
 
     /* try to store input data into stream buffer */
     if (inSz - rdSz > 0 && pkcs7->stream->length < expected) {
-        int len = (int)min(inSz - rdSz, expected - pkcs7->stream->length);
+        word32 len = min(inSz - rdSz, expected - pkcs7->stream->length);
 
         /* sanity check that the input buffer is not internal buffer */
         if (in == pkcs7->stream->buffer) {
@@ -385,7 +385,7 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
             }
         }
     #endif /* ASN_BER_TO_DER */
-        pkcs7->stream->maxLen = length + idx;
+        pkcs7->stream->maxLen = (word32)length + idx;
 
         if (pkcs7->stream->maxLen == 0) {
             pkcs7->stream->maxLen = defSz;
@@ -550,7 +550,7 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz)
        { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C };
 #endif
 
-    int idSz, idx = 0;
+    word32 idSz, idx = 0;
     word32 typeSz = 0;
     const byte* typeName = 0;
     byte ID_Length[MAX_LENGTH_SZ];
@@ -630,14 +630,14 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz)
         return BAD_FUNC_ARG;
     }
 
-    idSz  = (int)SetLength(typeSz, ID_Length);
+    idSz  = SetLength(typeSz, ID_Length);
     output[idx++] = ASN_OBJECT_ID;
     XMEMCPY(output + idx, ID_Length, idSz);
     idx += idSz;
     XMEMCPY(output + idx, typeName, typeSz);
     idx += typeSz;
 
-    return idx;
+    return (int)idx;
 }
 
 
@@ -819,7 +819,7 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
 
     isDynamic = pkcs7->isDynamic;
     XMEMSET(pkcs7, 0, sizeof(PKCS7));
-    pkcs7->isDynamic = isDynamic;
+    pkcs7->isDynamic = (isDynamic != 0);
 #ifdef WOLFSSL_HEAP_TEST
     pkcs7->heap = (void*)WOLFSSL_HEAP_TEST;
 #else
@@ -830,6 +830,14 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
     return 0;
 }
 
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb)
+{
+    if (pkcs7 != NULL) {
+        pkcs7->unknownExtCallback = cb;
+    }
+}
+#endif
 
 /* Certificate structure holding der pointer, size, and pointer to next
  * Pkcs7Cert struct. Used when creating SignedData types with multiple
@@ -879,7 +887,7 @@ static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7)
  * Returns total size of recipients, or negative upon error */
 static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7)
 {
-    int totalSz = 0;
+    word32 totalSz = 0;
     Pkcs7EncodedRecip* tmp = NULL;
 
     if (pkcs7 == NULL)
@@ -892,7 +900,7 @@ static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7)
         tmp = tmp->next;
     }
 
-    return totalSz;
+    return (int)totalSz;
 }
 
 
@@ -1074,6 +1082,9 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
     int devId;
     Pkcs7Cert* cert;
     Pkcs7Cert* lastCert;
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    wc_UnknownExtCallback cb;
+#endif
 
     if (pkcs7 == NULL || (derCert == NULL && derCertSz != 0)) {
         return BAD_FUNC_ARG;
@@ -1082,9 +1093,16 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
     heap = pkcs7->heap;
     devId = pkcs7->devId;
     cert = pkcs7->certList;
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    cb = pkcs7->unknownExtCallback; /* save / restore callback */
+#endif
     ret = wc_PKCS7_Init(pkcs7, heap, devId);
     if (ret != 0)
         return ret;
+
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    pkcs7->unknownExtCallback = cb;
+#endif
     pkcs7->certList = cert;
 
     if (derCert != NULL && derCertSz > 0) {
@@ -1133,6 +1151,10 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
         }
 
         InitDecodedCert(dCert, derCert, derCertSz, pkcs7->heap);
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+        if (pkcs7->unknownExtCallback != NULL)
+            wc_SetUnknownExtCallback(dCert, pkcs7->unknownExtCallback);
+#endif
         ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0);
         if (ret < 0) {
             FreeDecodedCert(dCert);
@@ -1143,7 +1165,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
         }
 
         /* verify extracted public key is valid before storing */
-        ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, dCert->keyOID,
+        ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, (int)dCert->keyOID,
                                          dCert->publicKey, dCert->pubKeySize);
         if (ret != 0) {
             WOLFSSL_MSG("Invalid public key, check pkcs7->cert");
@@ -1170,7 +1192,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
         XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE);
         pkcs7->issuer = dCert->issuerRaw;
         pkcs7->issuerSz = (word32)dCert->issuerRawLen;
-        XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);
+        XMEMCPY(pkcs7->issuerSn, dCert->serial, (word32)dCert->serialSz);
         pkcs7->issuerSnSz = (word32)dCert->serialSz;
         XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE);
 
@@ -1243,12 +1265,8 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap)
     current = attrib;
     while (current != NULL) {
         PKCS7DecodedAttrib* next = current->next;
-        if (current->oid != NULL)  {
-            XFREE(current->oid, heap, DYNAMIC_TYPE_PKCS7);
-        }
-        if (current->value != NULL) {
-            XFREE(current->value, heap, DYNAMIC_TYPE_PKCS7);
-        }
+        XFREE(current->oid, heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(current->value, heap, DYNAMIC_TYPE_PKCS7);
         XFREE(current, heap, DYNAMIC_TYPE_PKCS7);
         current = next;
     }
@@ -1260,10 +1278,8 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap)
 /* return 0 on success */
 static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7)
 {
-    if (pkcs7->signerInfo != NULL) {
-        XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        pkcs7->signerInfo = NULL;
-    }
+    XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    pkcs7->signerInfo = NULL;
 
     pkcs7->signerInfo = (PKCS7SignerInfo*)XMALLOC(sizeof(PKCS7SignerInfo),
             pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -1279,10 +1295,8 @@ static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7)
 static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7)
 {
     if (pkcs7->signerInfo != NULL) {
-        if (pkcs7->signerInfo->sid != NULL) {
-            XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            pkcs7->signerInfo->sid = NULL;
-        }
+        XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        pkcs7->signerInfo->sid = NULL;
         XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         pkcs7->signerInfo = NULL;
     }
@@ -1298,16 +1312,14 @@ static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz)
         return BAD_FUNC_ARG;
     }
 
-    if (pkcs7->signerInfo->sid != NULL) {
-        XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        pkcs7->signerInfo->sid = NULL;
-    }
-    pkcs7->signerInfo->sid = (byte*)XMALLOC(inSz, pkcs7->heap,
+    XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    pkcs7->signerInfo->sid = NULL;
+    pkcs7->signerInfo->sid = (byte*)XMALLOC((word32)inSz, pkcs7->heap,
             DYNAMIC_TYPE_PKCS7);
     if (pkcs7->signerInfo->sid == NULL) {
         return MEMORY_E;
     }
-    XMEMCPY(pkcs7->signerInfo->sid, in, inSz);
+    XMEMCPY(pkcs7->signerInfo->sid, in, (word32)inSz);
     pkcs7->signerInfo->sidSz = (word32)inSz;
     return 0;
 }
@@ -1329,15 +1341,11 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
     wc_PKCS7_FreeCertSet(pkcs7);
 
 #ifdef ASN_BER_TO_DER
-    if (pkcs7->der != NULL) {
-        XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        pkcs7->der = NULL;
-    }
+    XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    pkcs7->der = NULL;
 #endif
-    if (pkcs7->contentDynamic != NULL) {
-        XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        pkcs7->contentDynamic = NULL;
-    }
+    XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    pkcs7->contentDynamic = NULL;
 
     if (pkcs7->cek != NULL) {
         ForceZero(pkcs7->cek, pkcs7->cekSz);
@@ -1368,6 +1376,12 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
         pkcs7->cachedEncryptedContentSz = 0;
     }
 
+    if (pkcs7->customSKID) {
+        XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        pkcs7->customSKID = NULL;
+        pkcs7->customSKIDSz = 0;
+    }
+
     if (pkcs7->isDynamic) {
         pkcs7->isDynamic = 0;
         XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -1448,7 +1462,7 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz,
 
     if (out == NULL) {
         *outSz = attrib->valueSz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (*outSz < attrib->valueSz) {
@@ -1456,7 +1470,7 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz,
     }
 
     XMEMCPY(out, attrib->value, attrib->valueSz);
-    return attrib->valueSz;
+    return (int)attrib->valueSz;
 }
 
 
@@ -1471,7 +1485,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
     word32 seqSz;
     word32 octetStrSz;
     word32 oidSz = (word32)sizeof(oid);
-    int idx = 0;
+    word32 idx = 0;
 
     if (pkcs7 == NULL || output == NULL) {
         return BAD_FUNC_ARG;
@@ -1492,7 +1506,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
     XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
     idx += pkcs7->contentSz;
 
-    return idx;
+    return (int)idx;
 }
 
 
@@ -1556,26 +1570,26 @@ static int EncodeAttributes(EncodedAttrib* ea, int eaSz,
                                             PKCS7Attrib* attribs, int attribsSz)
 {
     int i;
-    int maxSz = (int)min((word32)eaSz, attribsSz);
+    int maxSz = (int)min((word32)eaSz, (word32)attribsSz);
     int allAttribsSz = 0;
 
     for (i = 0; i < maxSz; i++)
     {
-        int attribSz = 0;
+        word32 attribSz = 0;
 
         ea[i].value = attribs[i].value;
         ea[i].valueSz = attribs[i].valueSz;
         attribSz += ea[i].valueSz;
-        ea[i].valueSetSz = SetSet((word32)attribSz, ea[i].valueSet);
+        ea[i].valueSetSz = SetSet(attribSz, ea[i].valueSet);
         attribSz += ea[i].valueSetSz;
         ea[i].oid = attribs[i].oid;
         ea[i].oidSz = attribs[i].oidSz;
         attribSz += ea[i].oidSz;
-        ea[i].valueSeqSz = SetSequence((word32)attribSz, ea[i].valueSeq);
+        ea[i].valueSeqSz = SetSequence(attribSz, ea[i].valueSeq);
         attribSz += ea[i].valueSeqSz;
-        ea[i].totalSz = (word32)attribSz;
+        ea[i].totalSz = attribSz;
 
-        allAttribsSz += attribSz;
+        allAttribsSz += (int)attribSz;
     }
     return allAttribsSz;
 }
@@ -1664,7 +1678,8 @@ static int SortAttribArray(FlatAttrib** arr, int rows)
 static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows,
                                  EncodedAttrib* ea, int eaSz)
 {
-    int i, idx, sz;
+    int i;
+    word32 idx, sz;
     byte* output   = NULL;
     FlatAttrib* fa = NULL;
 
@@ -1697,7 +1712,7 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows,
 
         fa = derArr[i];
         fa->data = output;
-        fa->dataSz = (word32)sz;
+        fa->dataSz = sz;
     }
 
     return 0;
@@ -1708,7 +1723,8 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows,
 static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
                              int eaSz)
 {
-    int i, idx, ret;
+    int i, ret;
+    word32 idx;
     FlatAttrib** derArr = NULL;
     FlatAttrib*  fa     = NULL;
 
@@ -2087,8 +2103,9 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
         }
 
         esd->signedAttribsCount += cannedAttribsCount;
-        esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx],
-            (int)idx, cannedAttribs, cannedAttribsCount);
+        esd->signedAttribsSz += (word32)EncodeAttributes(
+            &esd->signedAttribs[atrIdx], (int)idx, cannedAttribs,
+            (int)cannedAttribsCount);
         atrIdx += idx;
     } else {
         esd->signedAttribsCount = 0;
@@ -2098,9 +2115,9 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
     /* add custom signed attributes if set */
     if (pkcs7->signedAttribsSz > 0 && pkcs7->signedAttribs != NULL) {
         esd->signedAttribsCount += pkcs7->signedAttribsSz;
-        esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx],
-                                  esd->signedAttribsCount,
-                                  pkcs7->signedAttribs, pkcs7->signedAttribsSz);
+        esd->signedAttribsSz += (word32)EncodeAttributes(
+            &esd->signedAttribs[atrIdx], (int)esd->signedAttribsCount,
+            pkcs7->signedAttribs, (int)pkcs7->signedAttribsSz);
     }
 
 #ifdef NO_ASN_TIME
@@ -2268,12 +2285,12 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
                                     word32 flatSignedAttribsSz, ESD* esd,
                                     byte* digestInfo, word32* digestInfoSz)
 {
-    int ret, hashSz, digIdx = 0;
+    int ret, digIdx = 0;
     byte digestInfoSeq[MAX_SEQ_SZ];
     byte digestStr[MAX_OCTET_STR_SZ];
     byte attribSet[MAX_SET_SZ];
     byte algoId[MAX_ALGO_SZ];
-    word32 digestInfoSeqSz, digestStrSz, algoIdSz;
+    word32 digestInfoSeqSz, digestStrSz, algoIdSz, dgstInfoSz, hashSz;
     word32 attribSetSz;
 
     if (pkcs7 == NULL || esd == NULL || digestInfo == NULL ||
@@ -2281,9 +2298,10 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
         return BAD_FUNC_ARG;
     }
 
-    hashSz = wc_HashGetDigestSize(esd->hashType);
-    if (hashSz < 0)
-        return hashSz;
+    ret = wc_HashGetDigestSize(esd->hashType);
+    if (ret < 0)
+        return ret;
+    hashSz = (word32)ret;
 
     if (flatSignedAttribsSz != 0) {
 
@@ -2314,25 +2332,26 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
         XMEMCPY(esd->contentAttribsDigest, esd->contentDigest + 2, hashSz);
     }
 
-    /* set algoID, with NULL attributes */
-    algoIdSz = SetAlgoID(pkcs7->hashOID, algoId, oidHashType, 0);
+    /* Set algoID, allow absent hash params */
+    algoIdSz = SetAlgoIDEx(pkcs7->hashOID, algoId, oidHashType,
+                           0, pkcs7->hashParamsAbsent);
 
     digestStrSz = SetOctetString(hashSz, digestStr);
-    digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz,
-                                  digestInfoSeq);
+    dgstInfoSz = algoIdSz + digestStrSz + hashSz;
+    digestInfoSeqSz = SetSequence(dgstInfoSz, digestInfoSeq);
 
-    if (*digestInfoSz < (digestInfoSeqSz + algoIdSz + digestStrSz + hashSz)) {
+    if (*digestInfoSz < (digestInfoSeqSz + dgstInfoSz)) {
         return BUFFER_E;
     }
 
     XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz);
-    digIdx += digestInfoSeqSz;
+    digIdx += (int)digestInfoSeqSz;
     XMEMCPY(digestInfo + digIdx, algoId, algoIdSz);
-    digIdx += algoIdSz;
+    digIdx += (int)algoIdSz;
     XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz);
-    digIdx += digestStrSz;
+    digIdx += (int)digestStrSz;
     XMEMCPY(digestInfo + digIdx, esd->contentAttribsDigest, hashSz);
-    digIdx += hashSz;
+    digIdx += (int)hashSz;
 
     *digestInfoSz = (word32)digIdx;
 
@@ -2478,7 +2497,7 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType,
 
     switch (cipherType) {
         case WC_CIPHER_NONE:
-            XMEMCPY(encContentOut, contentData, contentDataSz);
+            XMEMCPY(encContentOut, contentData, (word32)contentDataSz);
             if (esd && esd->contentDigestSet != 1) {
                 ret = wc_HashUpdate(&esd->hash, esd->hashType,
                     contentData, (word32)contentDataSz);
@@ -2515,7 +2534,7 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType,
         *outIdx += encContentOutOctSz;
         wc_PKCS7_WriteOut(pkcs7, (out)? out + *outIdx : NULL,
                                             encContentOut, (word32)contentDataSz);
-        *outIdx += contentDataSz;
+        *outIdx += (word32)contentDataSz;
     }
 
     return ret;
@@ -2552,10 +2571,10 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
         byte*  encContentOut;
         byte*  contentData;
         word32 idx = 0, outIdx = 0;
-        int padSz = 0;
+        word32 padSz = 0;
 
         if (cipherType != WC_CIPHER_NONE) {
-            padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz,
+            padSz = (word32)wc_PKCS7_GetPadSize(pkcs7->contentSz,
                    (word32)wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID));
         }
 
@@ -2607,8 +2626,8 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
                     return BAD_FUNC_ARG;
                 }
 
-                if (szLeft + totalSz > (word32)inSz)
-                    szLeft = inSz - totalSz;
+                if ((word32)szLeft + totalSz > (word32)inSz)
+                    szLeft = inSz - (int)totalSz;
 
                 contentDataRead = szLeft;
                 buf = in + totalSz;
@@ -2622,11 +2641,11 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
 
             /* check and handle octet boundary */
             sz = contentDataRead;
-            if (idx + sz > BER_OCTET_LENGTH) {
-                sz = BER_OCTET_LENGTH - idx;
+            if ((int)idx + sz > BER_OCTET_LENGTH) {
+                sz = BER_OCTET_LENGTH - (int)idx;
                 contentDataRead -= sz;
 
-                XMEMCPY(contentData + idx, buf, sz);
+                XMEMCPY(contentData + idx, buf, (word32)sz);
                 ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType,
                     aes, encContentOut, contentData, BER_OCTET_LENGTH, out,
                     &outIdx, esd);
@@ -2637,20 +2656,20 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
                 }
 
                 /* copy over any remaining data */
-                XMEMCPY(contentData, buf + sz, contentDataRead);
+                XMEMCPY(contentData, buf + sz, (word32)contentDataRead);
                 idx = (word32)contentDataRead;
             }
             else {
                 /* was not on an octet boundary, copy full
                  * amount over */
-                XMEMCPY(contentData + idx, buf, sz);
-                idx += sz;
+                XMEMCPY(contentData + idx, buf, (word32)sz);
+                idx += (word32)sz;
             }
         } while (totalSz < pkcs7->contentSz);
 
         /* add in padding to the end */
         if ((cipherType != WC_CIPHER_NONE) && (totalSz == pkcs7->contentSz)) {
-            int i;
+            word32 i;
 
             if (BER_OCTET_LENGTH < idx) {
                 XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
@@ -2661,7 +2680,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
             for (i = 0; i < padSz; i++) {
                 contentData[idx + i] = (byte)padSz;
             }
-            idx += padSz;
+            idx += (word32)padSz;
         }
 
         /* encrypt and flush out remainder of content data */
@@ -2687,7 +2706,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
         switch (cipherType) {
             case WC_CIPHER_NONE:
                 if (!pkcs7->detached) {
-                    XMEMCPY(out, in, inSz);
+                    XMEMCPY(out, in, (word32)inSz);
                 }
                 if (esd && esd->contentDigestSet != 1) {
                     ret = wc_HashInit(&esd->hash, esd->hashType);
@@ -2803,6 +2822,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     keyIdSize = KEYID_SIZE;
 #endif
 
+    /* use custom SKID if set */
+    if (pkcs7->customSKIDSz > 0) {
+        if (pkcs7->customSKID == NULL) {
+            WOLFSSL_MSG("Bad custom SKID setup, size > 0 and was NULL");
+            return BAD_FUNC_ARG;
+        }
+        keyIdSize = pkcs7->customSKIDSz;
+    }
+
 #ifdef WOLFSSL_SMALL_STACK
     signedDataOid = (byte *)XMALLOC(MAX_OID_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (signedDataOid == NULL) {
@@ -2909,9 +2937,11 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     } else if (pkcs7->sidType == CMS_SKID) {
         /* SubjectKeyIdentifier */
         esd->issuerSKIDSz = SetOctetString((word32)keyIdSize, esd->issuerSKID);
-        esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + keyIdSize,
+        esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz +
+                                           (word32)keyIdSize,
                                            esd->issuerSKIDSeq, 0);
-        signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + keyIdSize);
+        signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz +
+                         (word32)keyIdSize);
 
         /* version MUST be 3 */
         esd->signerVersionSz = (word32)SetMyVersion(3, esd->signerVersion, 0);
@@ -2924,8 +2954,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
     if (pkcs7->sidType != DEGENERATE_SID) {
         signerInfoSz += esd->signerVersionSz;
-        esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId,
-                                          oidHashType, 0);
+        esd->signerDigAlgoIdSz = SetAlgoIDEx(pkcs7->hashOID, esd->signerDigAlgoId,
+                                          oidHashType, 0, pkcs7->hashParamsAbsent);
         signerInfoSz += esd->signerDigAlgoIdSz;
 
         /* set signatureAlgorithm */
@@ -2935,8 +2965,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
             idx = ret;
             goto out;
         }
-        esd->digEncAlgoIdSz = SetAlgoID(digEncAlgoId, esd->digEncAlgoId,
-                                        digEncAlgoType, 0);
+        esd->digEncAlgoIdSz = SetAlgoIDEx(digEncAlgoId, esd->digEncAlgoId,
+                                        digEncAlgoType, 0, pkcs7->hashParamsAbsent);
         signerInfoSz += esd->digEncAlgoIdSz;
 
         /* build up signed attributes, include contentType, signingTime, and
@@ -2962,8 +2992,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
             flatSignedAttribsSz = esd->signedAttribsSz;
 
-            FlattenAttributes(pkcs7, flatSignedAttribs,
-                                       esd->signedAttribs, esd->signedAttribsCount);
+            FlattenAttributes(pkcs7, flatSignedAttribs, esd->signedAttribs,
+                                                  (int)esd->signedAttribsCount);
             esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz,
                                                               esd->signedAttribSet, 0);
         } else {
@@ -3010,8 +3040,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
         esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet, 0);
 
     if (pkcs7->sidType != DEGENERATE_SID) {
-        esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId,
-                                      oidHashType, 0);
+        esd->singleDigAlgoIdSz = SetAlgoIDEx(pkcs7->hashOID, esd->singleDigAlgoId,
+                                      oidHashType, 0, pkcs7->hashParamsAbsent);
     }
     esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet);
 
@@ -3121,37 +3151,37 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     idx = 0;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->outerSeq, esd->outerSeqSz);
-    idx += esd->outerSeqSz;
+    idx += (int)esd->outerSeqSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             signedDataOid, signedDataOidSz);
-    idx += signedDataOidSz;
+    idx += (int)signedDataOidSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->outerContent, esd->outerContentSz);
-    idx += esd->outerContentSz;
+    idx += (int)esd->outerContentSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->innerSeq, esd->innerSeqSz);
-    idx += esd->innerSeqSz;
+    idx += (int)esd->innerSeqSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->version, esd->versionSz);
-    idx += esd->versionSz;
+    idx += (int)esd->versionSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->digAlgoIdSet, esd->digAlgoIdSetSz);
-    idx += esd->digAlgoIdSetSz;
+    idx += (int)esd->digAlgoIdSetSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->singleDigAlgoId, esd->singleDigAlgoIdSz);
-    idx += esd->singleDigAlgoIdSz;
+    idx += (int)esd->singleDigAlgoIdSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->contentInfoSeq, esd->contentInfoSeqSz);
-    idx += esd->contentInfoSeqSz;
+    idx += (int)esd->contentInfoSeqSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             pkcs7->contentType, pkcs7->contentTypeSz);
-    idx += pkcs7->contentTypeSz;
+    idx += (int)pkcs7->contentTypeSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->innerContSeq, esd->innerContSeqSz);
-    idx += esd->innerContSeqSz;
+    idx += (int)esd->innerContSeqSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->innerOctets, esd->innerOctetsSz);
-    idx += esd->innerOctetsSz;
+    idx += (int)esd->innerOctetsSz;
 
     /* support returning header and footer without content */
     if (output2 && output2Sz) {
@@ -3167,14 +3197,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
         #endif
              && pkcs7->contentSz > 0) {
             wc_PKCS7_EncodeContentStream(pkcs7, esd, NULL, pkcs7->content,
-               pkcs7->contentSz, (output)? output + idx : NULL, WC_CIPHER_NONE);
+                (int)pkcs7->contentSz, (output)? output + idx : NULL,
+                WC_CIPHER_NONE);
             if (!pkcs7->detached) {
             #ifdef ASN_BER_TO_DER
                 if (pkcs7->encodeStream) {
                     byte indefEnd[ASN_INDEF_END_SZ * 3];
                     word32 localIdx = 0;
 
-                    idx += streamSz;
+                    idx += (int)streamSz;
 
                     /* end of content octet string */
                     localIdx += SetIndefEnd(indefEnd + localIdx);
@@ -3187,12 +3218,12 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
                     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
                         indefEnd, localIdx);
-                    idx += localIdx;
+                    idx += (int)localIdx;
                 }
                 else
             #endif
                 {
-                        idx += pkcs7->contentSz;
+                        idx += (int)pkcs7->contentSz;
                 }
             }
         }
@@ -3202,14 +3233,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     /* certificates */
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
         esd->certsSet, esd->certsSetSz);
-    idx += esd->certsSetSz;
+    idx += (int)esd->certsSetSz;
 
     if (pkcs7->noCerts != 1) {
         certPtr = pkcs7->certList;
         while (certPtr != NULL) {
             wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 certPtr->der, certPtr->derSz);
-            idx += certPtr->derSz;
+            idx += (int)certPtr->derSz;
             certPtr = certPtr->next;
         }
     }
@@ -3218,38 +3249,45 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signerInfoSet, esd->signerInfoSetSz);
-    idx += esd->signerInfoSetSz;
+    idx += (int)esd->signerInfoSetSz;
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signerInfoSeq, esd->signerInfoSeqSz);
-    idx += esd->signerInfoSeqSz;
+    idx += (int)esd->signerInfoSeqSz;
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signerVersion, esd->signerVersionSz);
-    idx += esd->signerVersionSz;
+    idx += (int)esd->signerVersionSz;
     /* SignerIdentifier */
     if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
         /* IssuerAndSerialNumber */
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerSnSeq, esd->issuerSnSeqSz);
-        idx += esd->issuerSnSeqSz;
+        idx += (int)esd->issuerSnSeqSz;
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerName, esd->issuerNameSz);
-        idx += esd->issuerNameSz;
+        idx += (int)esd->issuerNameSz;
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 pkcs7->issuer, pkcs7->issuerSz);
-        idx += pkcs7->issuerSz;
+        idx += (int)pkcs7->issuerSz;
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerSn, esd->issuerSnSz);
-        idx += esd->issuerSnSz;
+        idx += (int)esd->issuerSnSz;
     } else if (pkcs7->sidType == CMS_SKID) {
         /* SubjectKeyIdentifier */
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerSKIDSeq, esd->issuerSKIDSeqSz);
-        idx += esd->issuerSKIDSeqSz;
+        idx += (int)esd->issuerSKIDSeqSz;
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerSKID, esd->issuerSKIDSz);
-        idx += esd->issuerSKIDSz;
-        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+        idx += (int)esd->issuerSKIDSz;
+
+        if (pkcs7->customSKID) {
+            wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                pkcs7->customSKID, (word32)keyIdSize);
+        }
+        else {
+            wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 pkcs7->issuerSubjKeyId, (word32)keyIdSize);
+        }
         idx += keyIdSize;
     } else if (pkcs7->sidType == DEGENERATE_SID) {
         /* no signer infos in degenerate case */
@@ -3259,7 +3297,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     }
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signerDigAlgoId, esd->signerDigAlgoIdSz);
-    idx += esd->signerDigAlgoIdSz;
+    idx += (int)esd->signerDigAlgoIdSz;
 
     /* SignerInfo:Attributes */
     if (flatSignedAttribsSz > 0) {
@@ -3290,7 +3328,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
                 flatSignedAttribsSz = esd->signedAttribsSz;
                 FlattenAttributes(pkcs7, flatSignedAttribs,
-                                   esd->signedAttribs, esd->signedAttribsCount);
+                                  esd->signedAttribs,
+                                  (int)esd->signedAttribsCount);
             } else {
                 esd->signedAttribSetSz = 0;
             }
@@ -3298,10 +3337,10 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signedAttribSet, esd->signedAttribSetSz);
-        idx += esd->signedAttribSetSz;
+        idx += (int)esd->signedAttribSetSz;
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 flatSignedAttribs, flatSignedAttribsSz);
-        idx += flatSignedAttribsSz;
+        idx += (int)flatSignedAttribsSz;
     }
 
     if (hashBuf == NULL && pkcs7->sidType != DEGENERATE_SID) {
@@ -3317,14 +3356,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->digEncAlgoId, esd->digEncAlgoIdSz);
-    idx += esd->digEncAlgoIdSz;
+    idx += (int)esd->digEncAlgoIdSz;
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signerDigest, esd->signerDigestSz);
-    idx += esd->signerDigestSz;
+    idx += (int)esd->signerDigestSz;
 
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->encContentDigest, esd->encContentDigestSz);
-    idx += esd->encContentDigestSz;
+    idx += (int)esd->encContentDigestSz;
 
 #ifdef ASN_BER_TO_DER
     if (pkcs7->encodeStream) {
@@ -3342,7 +3381,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                     indefEnd, localIdx);
-        idx += localIdx;
+        idx += (int)localIdx;
     }
 #endif
 
@@ -3356,14 +3395,11 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
   out:
 
-    if (flatSignedAttribs != NULL)
-        XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (esd)
-        XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (signedDataOid)
-        XFREE(signedDataOid, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(signedDataOid, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return idx;
@@ -3404,6 +3440,40 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
     return ret;
 }
 
+
+/* Sets a custom SKID in PKCS7 struct, used before calling an encode operation
+ * Returns 0 on success, negative upon error. */
+int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, const byte* in, word16 inSz)
+{
+    int ret = 0;
+
+    if (pkcs7 == NULL || (in == NULL && inSz > 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (in == NULL) {
+        if (pkcs7->customSKID != NULL) {
+            XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        }
+        pkcs7->customSKIDSz = 0;
+        pkcs7->customSKID   = NULL;
+    }
+    else {
+        pkcs7->customSKID = (byte*)XMALLOC(inSz, pkcs7->heap,
+            DYNAMIC_TYPE_PKCS7);
+        if (pkcs7->customSKID == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMCPY(pkcs7->customSKID, in, inSz);
+            pkcs7->customSKIDSz = inSz;
+        }
+    }
+
+    return ret;
+}
+
+
 /* Toggle detached signature mode on/off for PKCS#7/CMS SignedData content type.
  * By default wolfCrypt includes the data to be signed in the SignedData
  * bundle. This data can be omitted in the case when a detached signature is
@@ -3422,7 +3492,7 @@ int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag)
     if (pkcs7 == NULL || (flag != 0 && flag != 1))
         return BAD_FUNC_ARG;
 
-    pkcs7->detached = flag;
+    pkcs7->detached = (flag != 0);
 
     return 0;
 }
@@ -3664,13 +3734,14 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
     }
 
     /* save encryptedData, reset output buffer and struct */
-    encrypted = (byte*)XMALLOC(encryptedSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    encrypted = (byte*)XMALLOC((word32)encryptedSz, pkcs7->heap,
+                               DYNAMIC_TYPE_PKCS7);
     if (encrypted == NULL) {
         ForceZero(output, outputSz);
         return MEMORY_E;
     }
 
-    XMEMCPY(encrypted, output, encryptedSz);
+    XMEMCPY(encrypted, output, (word32)encryptedSz);
     ForceZero(output, outputSz);
 
     ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId);
@@ -4181,14 +4252,18 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
         } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
 
-        FreeDecodedCert(dCert);
-        wc_ecc_free(key);
-
         if (ret == 0 && res == 1) {
             /* found signer that successfully verified signature */
             verified = 1;
+            XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE);
             pkcs7->verifyCert   = pkcs7->cert[i];
             pkcs7->verifyCertSz = pkcs7->certSz[i];
+        }
+
+        wc_ecc_free(key);
+        FreeDecodedCert(dCert);
+
+        if (ret == 0 && res == 1) {
             break;
         }
     }
@@ -4318,23 +4393,24 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
         }
     }
 
-    /* Set algoID, with NULL attributes */
-    algoIdSz = SetAlgoID(pkcs7->hashOID, algoId, oidHashType, 0);
+    /* Set algoID, match whatever was input to match either NULL or absent */
+    algoIdSz = SetAlgoIDEx(pkcs7->hashOID, algoId, oidHashType,
+                            0, pkcs7->hashParamsAbsent);
 
     digestStrSz = SetOctetString(hashSz, digestStr);
     digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz,
                                   digestInfoSeq);
 
     XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz);
-    digIdx += digestInfoSeqSz;
+    digIdx += (int)digestInfoSeqSz;
     XMEMCPY(digestInfo + digIdx, algoId, algoIdSz);
-    digIdx += algoIdSz;
+    digIdx += (int)algoIdSz;
     XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz);
-    digIdx += digestStrSz;
+    digIdx += (int)digestStrSz;
     XMEMCPY(digestInfo + digIdx, digest, hashSz);
-    digIdx += hashSz;
+    digIdx += (int)hashSz;
 
-    XMEMCPY(pkcs7Digest, digestInfo, digIdx);
+    XMEMCPY(pkcs7Digest, digestInfo, (word32)digIdx);
     *pkcs7DigestSz = (word32)digIdx;
 
     /* set plain digest pointer */
@@ -4728,7 +4804,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
             return ASN_SIG_KEY_E;
     }
 
-    return pkcs7->publicKeyOID;
+    return (int)pkcs7->publicKeyOID;
 }
 
 
@@ -4760,7 +4836,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
 
     while (idx < (word32)inSz) {
         int length  = 0;
-        int oidIdx;
+        word32 oidIdx;
         PKCS7DecodedAttrib* attrib;
 
         if (GetSequence(in, &idx, &length, (word32)inSz) < 0)
@@ -4773,7 +4849,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
         }
         XMEMSET(attrib, 0, sizeof(PKCS7DecodedAttrib));
 
-        oidIdx = (int)idx;
+        oidIdx = idx;
         if (GetObjectId(in, &idx, &oid, oidIgnoreType, (word32)inSz)
                 < 0) {
             XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -4795,7 +4871,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
             return ASN_PARSE_E;
         }
 
-        if ((inSz - idx) < (word32)length) {
+        if ((inSz - (int)idx) < length) {
             XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return ASN_PARSE_E;
@@ -4810,7 +4886,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
             return MEMORY_E;
         }
         XMEMCPY(attrib->value, in + idx, attrib->valueSz);
-        idx += length;
+        idx += (word32)length;
 
         /* store attribute in linked list */
         if (pkcs7->decodedAttrib != NULL) {
@@ -4863,6 +4939,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
     word32 sigOID = 0, hashOID = 0;
     word32 idx = *idxIn, localIdx;
     byte tag;
+    byte absentParams = FALSE;
 
     WOLFSSL_ENTER("wc_PKCS7_ParseSignerInfo");
     /* require a signer if degenerate case not allowed */
@@ -4899,7 +4976,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
 
             if (ret == 0) {
                 ret = wc_PKCS7_SignerInfoSetSID(pkcs7, in + idx, length);
-                idx += length;
+                idx += (word32)length;
             }
 
         } else if (ret == 0 && version == 3) {
@@ -4955,7 +5032,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
 
             if (ret == 0) {
                 ret = wc_PKCS7_SignerInfoSetSID(pkcs7, in + idx, length);
-                idx += length;
+                idx += (word32)length;
             }
 
         } else {
@@ -4964,10 +5041,12 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
         }
 
         /* Get the sequence of digestAlgorithm */
-        if (ret == 0 && GetAlgoId(in, &idx, &hashOID, oidHashType, inSz) < 0) {
+        if (ret == 0 && GetAlgoIdEx(in, &idx, &hashOID, oidHashType,
+                                    inSz, &absentParams) < 0) {
             ret = ASN_PARSE_E;
         }
         pkcs7->hashOID = (int)hashOID;
+        pkcs7->hashParamsAbsent = (absentParams != 0);
 
         /* Get the IMPLICIT[0] SET OF signedAttributes */
         localIdx = idx;
@@ -4988,7 +5067,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
                 ret = ASN_PARSE_E;
             }
 
-            idx += length;
+            idx += (word32)length;
         }
 
         /* Get digestEncryptionAlgorithm - key type or signature type */
@@ -5045,10 +5124,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
     /* no content case, do nothing */
     if (pkcs7->stream->noContent) {
         if (pkcs7->content && pkcs7->contentSz > 0) {
-            if (pkcs7->stream->content != NULL) {
-                XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                pkcs7->stream->content = NULL;
-            }
+            XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            pkcs7->stream->content = NULL;
 
             pkcs7->stream->content = (byte*)XMALLOC(pkcs7->contentSz,
                                             pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -5063,10 +5140,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
     }
 
     /* free pkcs7->contentDynamic buffer */
-    if (pkcs7->contentDynamic != NULL) {
-        XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        pkcs7->contentDynamic = NULL;
-    }
+    XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    pkcs7->contentDynamic = NULL;
 
     while(1) {
         if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
@@ -5121,7 +5196,7 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
                  * number of indef is stored in pkcs7->stream->cntIdfCnt.
                  */
                 pkcs7->stream->expected = (word32)(ASN_TAG_SZ + TRAILING_ZERO) *
-                                                    pkcs7->stream->cntIdfCnt;
+                                               (word32)pkcs7->stream->cntIdfCnt;
 
                 /* dec idx by one since already consumed to get ASN_EOC */
                 (*idx)--;
@@ -5201,10 +5276,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
 
                 if (pkcs7->stream->content == NULL) {
                     WOLFSSL_MSG("failed to grow content buffer.");
-                    if (tempBuf != NULL) {
-                        XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                        tempBuf = NULL;
-                    }
+                    XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                    tempBuf = NULL;
                     ret = MEMORY_E;
                     break;
                 }
@@ -5215,10 +5288,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
                     }
                     XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx,
                                                     pkcs7->stream->expected);
-                    if (tempBuf != NULL) {
-                        XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                        tempBuf = NULL;
-                    }
+                    XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                    tempBuf = NULL;
                 }
             }
 
@@ -5337,9 +5408,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
     switch (pkcs7->state) {
         case WC_PKCS7_START:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_SEQ_SZ +
+            /* The expected size calculation originally assumed digest OID
+             * with NULL params, -2 to also accept with absent params */
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, (MAX_SEQ_SZ +
                             MAX_VERSION_SZ + MAX_SEQ_SZ + MAX_LENGTH_SZ +
-                            ASN_TAG_SZ + MAX_OID_SZ + MAX_SEQ_SZ,
+                            ASN_TAG_SZ + MAX_OID_SZ + MAX_SEQ_SZ) - 2,
                             &pkiMsg, &idx)) != 0) {
                 break;
             }
@@ -5353,7 +5426,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 break;
             }
             if (ret == 0 && length > 0)
-                pkcs7->stream->maxLen = length + localIdx;
+                pkcs7->stream->maxLen = (word32)length + localIdx;
             else
                 pkcs7->stream->maxLen = inSz;
 
@@ -5495,7 +5568,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     ret = ASN_PARSE_E;
                 }
                 /* store hashType for later hashing */
-                pkcs7->stream->hashType = hashType;
+                pkcs7->stream->hashType = (int)hashType;
 
                 /* restore idx */
                 idx = localIdx;
@@ -5505,12 +5578,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
         #endif /* !NO_PKCS7_STREAM */
 
             /* Skip the set. */
-            idx += length;
+            idx += (word32)length;
             degenerate = (length == 0) ? 1 : 0;
         #ifndef NO_PKCS7_STREAM
-            pkcs7->stream->degenerate = degenerate;
+            pkcs7->stream->degenerate = (degenerate != 0);
         #endif /* !NO_PKCS7_STREAM */
-            if (pkcs7->noDegenerate == 1 && degenerate == 1) {
+            if (pkcs7->noDegenerate == 1 && degenerate != 0) {
                 ret = PKCS7_NO_SIGNER_E;
             }
 
@@ -5574,8 +5647,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 }
                 if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) == 0) {
                     contentType = pkiMsg + tmpIdx;
-                    contentTypeSz = length + (idx - tmpIdx);
-                    idx += length;
+                    contentTypeSz = (word32)length + (idx - tmpIdx);
+                    idx += (word32)length;
                 }
                 else {
                     ret = ASN_PARSE_E;
@@ -5608,7 +5681,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* Set error state if no more data left in ContentInfo, meaning
              * no content - may be detached. Will recover from error below */
             if ((encapContentInfoLen != 0) &&
-                (encapContentInfoLen - contentTypeSz == 0)) {
+                ((word32)encapContentInfoLen - contentTypeSz == 0)) {
                 ret = ASN_PARSE_E;
             #ifndef NO_PKCS7_STREAM
                 pkcs7->stream->noContent = 1;
@@ -5708,11 +5781,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
                     if (ret == 0) {
                         /* Use single OCTET_STRING directly, or reset length. */
-                        if (localIdx - start + length == (word32)contentLen) {
+                        if (localIdx - start + (word32)length ==
+                                                           (word32)contentLen) {
                             multiPart = 0;
                         } else {
                         #ifndef NO_PKCS7_STREAM
-                            pkcs7->stream->multi         = multiPart;
+                            pkcs7->stream->multi         = (multiPart != 0);
                             pkcs7->stream->currContIdx   = localIdx;
                             pkcs7->stream->currContSz    = (word32)length;
                             pkcs7->stream->currContRmnSz = (word32)length;
@@ -5740,7 +5814,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         ret = ASN_PARSE_E;
                 #ifndef NO_PKCS7_STREAM
                     if (ret == 0) {
-                        pkcs7->stream->multi         = multiPart;
+                        pkcs7->stream->multi         = (multiPart != 0);
                         pkcs7->stream->currContIdx   = localIdx;
                         pkcs7->stream->currContSz    = (word32)length;
                         pkcs7->stream->currContRmnSz = (word32)length;
@@ -5792,7 +5866,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
         #ifndef NO_PKCS7_STREAM
             /* save detached flag value */
-            pkcs7->stream->detached = detached;
+            pkcs7->stream->detached = (detached != 0);
 
             /* save contentType */
             pkcs7->stream->nonce = (byte*)XMALLOC(contentTypeSz, pkcs7->heap,
@@ -5836,10 +5910,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
         #ifndef NO_PKCS7_STREAM
         /* free pkcs7->stream->content buffer */
-        if (pkcs7->stream->content != NULL) {
-            XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            pkcs7->stream->content = NULL;
-        }
+        XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        pkcs7->stream->content = NULL;
         #endif /* !NO_PKCS7_STREAM */
 
             FALL_THROUGH;
@@ -6059,7 +6131,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         WOLFSSL_MSG("certificate set found");
 
                         /* adjust cert length */
-                        length += localIdx - certIdx;
+                        length += (int)(localIdx - certIdx);
                         idx = certIdx;
                     }
                 }
@@ -6137,13 +6209,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             if (length > 0 && in2Sz == 0) {
                 /* free tmpCert if not NULL */
                 XFREE(pkcs7->stream->tmpCert, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                pkcs7->stream->tmpCert = (byte*)XMALLOC(length,
+                pkcs7->stream->tmpCert = (byte*)XMALLOC((word32)length,
                         pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 if ((pkiMsg2 == NULL) || (pkcs7->stream->tmpCert == NULL)) {
                     ret = MEMORY_E;
                     break;
                 }
-                XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, length);
+                XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, (word32)length);
                 pkiMsg2 = pkcs7->stream->tmpCert;
                 pkiMsg2Sz = (word32)length;
                 idx = 0;
@@ -6174,7 +6246,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                             ret = ASN_PARSE_E;
 
                         cert = &pkiMsg2[idx];
-                        certSz += (certIdx - idx);
+                        certSz += (int)(certIdx - idx);
                         if (certSz > length) {
                             ret = BUFFER_E;
                             break;
@@ -6196,7 +6268,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
                         /* Save dynamic content before freeing PKCS7 struct */
                         if (pkcs7->contentDynamic != NULL) {
-                            contentDynamic = (byte*)XMALLOC(contentSz,
+                            contentDynamic = (byte*)XMALLOC((word32)contentSz,
                                                pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                             if (contentDynamic == NULL) {
                             #ifndef NO_PKCS7_STREAM
@@ -6206,13 +6278,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                                 break;
                             }
                             XMEMCPY(contentDynamic, pkcs7->contentDynamic,
-                                    contentSz);
+                                    (word32)contentSz);
                         }
 
                         /* Free pkcs7 resources but not the structure itself */
                         pkcs7->isDynamic = 0;
                         wc_PKCS7_Free(pkcs7);
-                        pkcs7->isDynamic = isDynamic;
+                        pkcs7->isDynamic = (isDynamic != 0);
                         /* This will reset PKCS7 structure and then set the
                          * certificate */
                         ret = wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz);
@@ -6225,7 +6297,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         }
 
                         /* Restore content is PKCS#7 flag */
-                        pkcs7->contentIsPkcs7Type = contentIsPkcs7Type;
+                        pkcs7->contentIsPkcs7Type = (contentIsPkcs7Type != 0);
 
                     #ifndef NO_PKCS7_STREAM
                         pkcs7->stream = stream;
@@ -6245,7 +6317,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
                         pkcs7->cert[0]   = cert;
                         pkcs7->certSz[0] = (word32)certSz;
-                        certIdx = idx + certSz;
+                        certIdx = idx + (word32)certSz;
 
                         for (i = 1; i < MAX_PKCS7_CERTS &&
                                 certIdx + 1 < pkiMsg2Sz &&
@@ -6267,21 +6339,22 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                                 }
 
                                 pkcs7->cert[i]   = &pkiMsg2[localIdx];
-                                pkcs7->certSz[i] = sz + (certIdx - localIdx);
-                                certIdx += sz;
+                                pkcs7->certSz[i] = (word32)sz +
+                                                   (certIdx - localIdx);
+                                certIdx += (word32)sz;
                             }
                         }
                     }
                 }
-                idx += length;
+                idx += (word32)length;
 
             if (!detached) {
                 /* set content and size after init of PKCS7 structure */
                 pkcs7->content   = content;
-                pkcs7->contentSz = contentSz;
+                pkcs7->contentSz = (word32)contentSz;
             }
 
-            idx = certIdx2 + length;
+            idx = certIdx2 + (word32)length;
 
             if (ret != 0) {
                 break;
@@ -6307,7 +6380,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* if certificate set has indef-length, there maybe trailing zeros.
              * add expected size to include size of zeros. */
             if (pkcs7->stream->cntIdfCnt > 0) {
-                pkcs7->stream->expected += pkcs7->stream->cntIdfCnt * 2;
+                pkcs7->stream->expected += (word32)pkcs7->stream->cntIdfCnt * 2;
             }
 
             if (pkcs7->stream->expected > (pkcs7->stream->maxLen -
@@ -6367,10 +6440,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* prior to find set of crls, remove trailing zeros of
              * set of certificates */
             if (ret == 0 && pkcs7->stream->cntIdfCnt > 0) {
-                int i;
+                word32 i;
+                word32 sz = (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
                 localIdx = idx;
-                for (i = 0; i < pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
-                                                                         i++) {
+                for (i = 0; i < sz; i++) {
                     if (pkiMsg2[localIdx + i] == 0)
                         continue;
                     else {
@@ -6379,7 +6452,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     }
                 }
                 if (ret == 0) {
-                    idx += pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
+                    idx += (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
                     pkcs7->stream->cntIdfCnt = 0;
                 }
             }
@@ -6396,7 +6469,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     ret = ASN_PARSE_E;
 
                 /* Skip the set */
-                idx += length;
+                idx += (word32)length;
             }
 
             /* Get the set of signerInfos */
@@ -6491,7 +6564,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     sig = &pkiMsg2[idx];
                     sigSz = length;
 
-                    idx += length;
+                    idx += (word32)length;
                 }
 
                 pkcs7->content = content;
@@ -6508,7 +6581,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* make sure that terminating zero's follow */
             if ((ret == WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK) || ret >= 0) &&
                     pkcs7->stream->indefLen == 1) {
-                int i;
+                word32 i;
                 for (i = 0; i < 3 * ASN_INDEF_END_SZ; i++) {
                     if (pkiMsg2[idx + i] != 0) {
                         ret = ASN_PARSE_E;
@@ -6570,7 +6643,7 @@ int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz)
 
     if (out == NULL) {
         *outSz = pkcs7->signerInfo->sidSz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (*outSz < pkcs7->signerInfo->sidSz) {
@@ -7044,22 +7117,22 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
 
     /* kekOctet */
     kekOctetSz = (int)SetOctetString(sizeof(word32), kekOctet);
-    sharedInfoSz += (kekOctetSz + sizeof(word32));
+    sharedInfoSz += (kekOctetSz + (int)sizeof(word32));
 
     /* suppPubInfo */
-    suppPubInfoSeqSz = SetImplicit(ASN_SEQUENCE, 2,
-                                   kekOctetSz + sizeof(word32),
-                                   suppPubInfoSeq, 0);
+    suppPubInfoSeqSz = (int)SetImplicit(ASN_SEQUENCE, 2,
+                                        (word32)kekOctetSz + sizeof(word32),
+                                        suppPubInfoSeq, 0);
     sharedInfoSz += suppPubInfoSeqSz;
 
     /* optional ukm/entityInfo */
     if (kari->ukmSz > 0) {
         entityUInfoOctetSz = (int)SetOctetString(kari->ukmSz, entityUInfoOctet);
-        sharedInfoSz += (entityUInfoOctetSz + kari->ukmSz);
+        sharedInfoSz += (entityUInfoOctetSz + (int)kari->ukmSz);
 
-        entityUInfoExplicitSz = SetExplicit(0, entityUInfoOctetSz +
-                                            kari->ukmSz,
-                                            entityUInfoExplicitSeq, 0);
+        entityUInfoExplicitSz = (int)SetExplicit(0,
+                                       (word32)entityUInfoOctetSz + kari->ukmSz,
+                                       entityUInfoExplicitSeq, 0);
         sharedInfoSz += entityUInfoExplicitSz;
     }
 
@@ -7071,29 +7144,30 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
     sharedInfoSeqSz = (int)SetSequence((word32)sharedInfoSz, sharedInfoSeq);
     sharedInfoSz += sharedInfoSeqSz;
 
-    kari->sharedInfo = (byte*)XMALLOC(sharedInfoSz, kari->heap,
+    kari->sharedInfo = (byte*)XMALLOC((word32)sharedInfoSz, kari->heap,
                                       DYNAMIC_TYPE_PKCS7);
     if (kari->sharedInfo == NULL)
         return MEMORY_E;
 
     kari->sharedInfoSz = (word32)sharedInfoSz;
 
-    XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, sharedInfoSeqSz);
+    XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, (word32)sharedInfoSeqSz);
     idx += sharedInfoSeqSz;
-    XMEMCPY(kari->sharedInfo + idx, keyInfo, keyInfoSz);
+    XMEMCPY(kari->sharedInfo + idx, keyInfo, (word32)keyInfoSz);
     idx += keyInfoSz;
     if (kari->ukmSz > 0) {
         XMEMCPY(kari->sharedInfo + idx, entityUInfoExplicitSeq,
-                entityUInfoExplicitSz);
+                (word32)entityUInfoExplicitSz);
         idx += entityUInfoExplicitSz;
-        XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet, entityUInfoOctetSz);
+        XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet,
+                (word32)entityUInfoOctetSz);
         idx += entityUInfoOctetSz;
         XMEMCPY(kari->sharedInfo + idx, kari->ukm, kari->ukmSz);
-        idx += kari->ukmSz;
+        idx += (int)kari->ukmSz;
     }
-    XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, suppPubInfoSeqSz);
+    XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, (word32)suppPubInfoSeqSz);
     idx += suppPubInfoSeqSz;
-    XMEMCPY(kari->sharedInfo + idx, kekOctet, kekOctetSz);
+    XMEMCPY(kari->sharedInfo + idx, kekOctet, (word32)kekOctetSz);
     idx += kekOctetSz;
 
     kekBitSz = (kari->kekSz) * 8;              /* convert to bits */
@@ -7126,7 +7200,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
     if (kSz < 0)
         return kSz;
 
-    kari->kek = (byte*)XMALLOC(kSz, kari->heap, DYNAMIC_TYPE_PKCS7);
+    kari->kek = (byte*)XMALLOC((word32)kSz, kari->heap, DYNAMIC_TYPE_PKCS7);
     if (kari->kek == NULL)
         return MEMORY_E;
 
@@ -7426,16 +7500,18 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     /* Start of RecipientEncryptedKeys */
 
     /* EncryptedKey */
-    encryptedKeyOctetSz = (int)SetOctetString(encryptedKeySz, encryptedKeyOctet);
-    totalSz += (encryptedKeyOctetSz + encryptedKeySz);
+    encryptedKeyOctetSz = (int)SetOctetString(encryptedKeySz,
+                                              encryptedKeyOctet);
+    totalSz += (encryptedKeyOctetSz + (int)encryptedKeySz);
 
     /* SubjectKeyIdentifier */
     subjKeyIdOctetSz = (int)SetOctetString((word32)keyIdSize, subjKeyIdOctet);
     totalSz += (subjKeyIdOctetSz + keyIdSize);
 
     /* RecipientKeyIdentifier IMPLICIT [0] */
-    recipKeyIdSeqSz = SetImplicit(ASN_SEQUENCE, 0, subjKeyIdOctetSz +
-                                  keyIdSize, recipKeyIdSeq, 0);
+    recipKeyIdSeqSz = (int)SetImplicit(ASN_SEQUENCE, 0,
+                                       (word32)(subjKeyIdOctetSz + keyIdSize),
+                                       recipKeyIdSeq, 0);
     totalSz += recipKeyIdSeqSz;
 
     /* RecipientEncryptedKey */
@@ -7450,9 +7526,9 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 
     if (kari->ukmSz > 0) {
         ukmOctetSz = (int)SetOctetString(kari->ukmSz, ukmOctetStr);
-        totalSz += (ukmOctetSz + kari->ukmSz);
+        totalSz += (ukmOctetSz + (int)kari->ukmSz);
 
-        ukmExplicitSz = SetExplicit(1, ukmOctetSz + kari->ukmSz,
+        ukmExplicitSz = (int)SetExplicit(1, (word32)ukmOctetSz + kari->ukmSz,
                                     ukmExplicitSeq, 0);
         totalSz += ukmExplicitSz;
     }
@@ -7475,7 +7551,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     origPubKeyStr[0] = ASN_BIT_STRING;
     origPubKeyStrSz = (int)SetLength(kari->senderKeyExportSz + 1,
                                 origPubKeyStr + 1) + 2;
-    totalSz += (origPubKeyStrSz + kari->senderKeyExportSz);
+    totalSz += (origPubKeyStrSz + (int)kari->senderKeyExportSz);
 
     /* Originator AlgorithmIdentifier, params set to NULL for interop
        compatibility */
@@ -7486,15 +7562,15 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 
     /* outer OriginatorPublicKey IMPLICIT [1] */
     origPubKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 1,
-                                  origAlgIdSz + origPubKeyStrSz +
-                                  kari->senderKeyExportSz, origPubKeySeq, 0);
+                               (word32)(origAlgIdSz + origPubKeyStrSz +
+                               (int)kari->senderKeyExportSz), origPubKeySeq, 0);
     totalSz += origPubKeySeqSz;
 
     /* outer OriginatorIdentifierOrKey IMPLICIT [0] */
     origIdOrKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 0,
-                                   origPubKeySeqSz + origAlgIdSz +
-                                   origPubKeyStrSz + kari->senderKeyExportSz,
-                                   origIdOrKeySeq, 0);
+                                (word32)(origPubKeySeqSz + origAlgIdSz +
+                                origPubKeyStrSz + (int)kari->senderKeyExportSz),
+                                origIdOrKeySeq, 0);
     totalSz += origIdOrKeySeqSz;
 
     /* version, always 3 */
@@ -7516,53 +7592,53 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         return BUFFER_E;
     }
 
-    XMEMCPY(recip->recip + idx, kariSeq, kariSeqSz);
-    idx += kariSeqSz;
-    XMEMCPY(recip->recip + idx, ver, verSz);
-    idx += verSz;
+    XMEMCPY(recip->recip + idx, kariSeq, (word32)kariSeqSz);
+    idx += (word32)kariSeqSz;
+    XMEMCPY(recip->recip + idx, ver, (word32)verSz);
+    idx += (word32)verSz;
 
-    XMEMCPY(recip->recip + idx, origIdOrKeySeq, origIdOrKeySeqSz);
-    idx += origIdOrKeySeqSz;
-    XMEMCPY(recip->recip + idx, origPubKeySeq, origPubKeySeqSz);
-    idx += origPubKeySeqSz;
+    XMEMCPY(recip->recip + idx, origIdOrKeySeq, (word32)origIdOrKeySeqSz);
+    idx += (word32)origIdOrKeySeqSz;
+    XMEMCPY(recip->recip + idx, origPubKeySeq, (word32)origPubKeySeqSz);
+    idx += (word32)origPubKeySeqSz;
 
     /* AlgorithmIdentifier with NULL parameter */
-    XMEMCPY(recip->recip + idx, origAlgId, origAlgIdSz);
-    idx += origAlgIdSz;
+    XMEMCPY(recip->recip + idx, origAlgId, (word32)origAlgIdSz);
+    idx += (word32)origAlgIdSz;
 
-    XMEMCPY(recip->recip + idx, origPubKeyStr, origPubKeyStrSz);
-    idx += origPubKeyStrSz;
+    XMEMCPY(recip->recip + idx, origPubKeyStr, (word32)origPubKeyStrSz);
+    idx += (word32)origPubKeyStrSz;
     /* ephemeral public key */
     XMEMCPY(recip->recip + idx, kari->senderKeyExport, kari->senderKeyExportSz);
     idx += kari->senderKeyExportSz;
 
     if (kari->ukmSz > 0) {
-        XMEMCPY(recip->recip + idx, ukmExplicitSeq, ukmExplicitSz);
-        idx += ukmExplicitSz;
-        XMEMCPY(recip->recip + idx, ukmOctetStr, ukmOctetSz);
-        idx += ukmOctetSz;
+        XMEMCPY(recip->recip + idx, ukmExplicitSeq, (word32)ukmExplicitSz);
+        idx += (word32)ukmExplicitSz;
+        XMEMCPY(recip->recip + idx, ukmOctetStr, (word32)ukmOctetSz);
+        idx += (word32)ukmOctetSz;
         XMEMCPY(recip->recip + idx, kari->ukm, kari->ukmSz);
         idx += kari->ukmSz;
     }
 
-    XMEMCPY(recip->recip + idx, keyEncryptAlgoId, keyEncryptAlgoIdSz);
-    idx += keyEncryptAlgoIdSz;
-    XMEMCPY(recip->recip + idx, keyWrapAlg, keyWrapAlgSz);
-    idx += keyWrapAlgSz;
+    XMEMCPY(recip->recip + idx, keyEncryptAlgoId, (word32)keyEncryptAlgoIdSz);
+    idx += (word32)keyEncryptAlgoIdSz;
+    XMEMCPY(recip->recip + idx, keyWrapAlg, (word32)keyWrapAlgSz);
+    idx += (word32)keyWrapAlgSz;
 
-    XMEMCPY(recip->recip + idx, recipEncKeysSeq, recipEncKeysSeqSz);
-    idx += recipEncKeysSeqSz;
-    XMEMCPY(recip->recip + idx, recipEncKeySeq, recipEncKeySeqSz);
-    idx += recipEncKeySeqSz;
-    XMEMCPY(recip->recip + idx, recipKeyIdSeq, recipKeyIdSeqSz);
-    idx += recipKeyIdSeqSz;
-    XMEMCPY(recip->recip + idx, subjKeyIdOctet, subjKeyIdOctetSz);
-    idx += subjKeyIdOctetSz;
+    XMEMCPY(recip->recip + idx, recipEncKeysSeq, (word32)recipEncKeysSeqSz);
+    idx += (word32)recipEncKeysSeqSz;
+    XMEMCPY(recip->recip + idx, recipEncKeySeq, (word32)recipEncKeySeqSz);
+    idx += (word32)recipEncKeySeqSz;
+    XMEMCPY(recip->recip + idx, recipKeyIdSeq, (word32)recipKeyIdSeqSz);
+    idx += (word32)recipKeyIdSeqSz;
+    XMEMCPY(recip->recip + idx, subjKeyIdOctet, (word32)subjKeyIdOctetSz);
+    idx += (word32)subjKeyIdOctetSz;
     /* subject key id */
-    XMEMCPY(recip->recip + idx, kari->decoded->extSubjKeyId, keyIdSize);
-    idx += keyIdSize;
-    XMEMCPY(recip->recip + idx, encryptedKeyOctet, encryptedKeyOctetSz);
-    idx += encryptedKeyOctetSz;
+    XMEMCPY(recip->recip + idx, kari->decoded->extSubjKeyId, (word32)keyIdSize);
+    idx += (word32)keyIdSize;
+    XMEMCPY(recip->recip + idx, encryptedKeyOctet, (word32)encryptedKeyOctetSz);
+    idx += (word32)encryptedKeyOctetSz;
     /* encrypted CEK */
     XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
     idx += encryptedKeySz;
@@ -7777,8 +7853,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
             XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return -1;
         }
-        snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial,
-                               MAX_SN_SZ, MAX_SN_SZ);
+        snSz = SetSerialNumber(decoded->serial, (word32)decoded->serialSz,
+                               serial, MAX_SN_SZ, MAX_SN_SZ);
         if (snSz < 0) {
             WOLFSSL_MSG("Error setting the serial number");
             FreeDecodedCert(decoded);
@@ -7791,8 +7867,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
             XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return -1;
         }
-        issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz,
-                                        issuerSerialSeq);
+        issuerSerialSeqSz = (int)SetSequence((word32)(issuerSeqSz + issuerSz +
+                                             snSz), issuerSerialSeq);
     } else if (sidType == CMS_SKID) {
 
         /* version, must be 2 for SubjectKeyIdentifier */
@@ -7827,7 +7903,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         return ALGO_ID_E;
     }
 
-    keyEncAlgSz = SetAlgoID(pkcs7->publicKeyOID, keyAlgArray, oidKeyType, 0);
+    keyEncAlgSz = (int)SetAlgoID((int)pkcs7->publicKeyOID, keyAlgArray,
+                                 oidKeyType, 0);
     if (keyEncAlgSz == 0) {
         FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK
@@ -7939,12 +8016,12 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 
     /* RecipientInfo */
     if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
-        recipSeqSz = (int)SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz +
-                                 issuerSz + snSz + keyEncAlgSz +
-                                 encKeyOctetStrSz + encryptedKeySz, recipSeq);
+        int recipLen =  verSz + (int)issuerSerialSeqSz + issuerSeqSz +
+            issuerSz + snSz + keyEncAlgSz + encKeyOctetStrSz +
+            (int)encryptedKeySz;
+        recipSeqSz = (int)SetSequence((word32)recipLen, recipSeq);
 
-        if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz +
-            keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz > MAX_RECIP_SZ) {
+        if ((recipSeqSz + recipLen) > MAX_RECIP_SZ) {
             WOLFSSL_MSG("RecipientInfo output buffer too small");
             FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK
@@ -7958,12 +8035,10 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         }
 
     } else {
-        recipSeqSz = SetSequence(verSz + ASN_TAG_SZ + issuerSKIDSz +
-                                 keyIdSize + keyEncAlgSz + encKeyOctetStrSz +
-                                 encryptedKeySz, recipSeq);
-
-        if (recipSeqSz + verSz + ASN_TAG_SZ + issuerSKIDSz + keyIdSize +
-            keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz > MAX_RECIP_SZ) {
+        int recipLen =  verSz + ASN_TAG_SZ + (int)issuerSKIDSz + keyIdSize +
+                keyEncAlgSz + encKeyOctetStrSz + (int)encryptedKeySz;
+        recipSeqSz = (int)SetSequence((word32)recipLen, recipSeq);
+        if ((recipSeqSz + recipLen) > MAX_RECIP_SZ) {
             WOLFSSL_MSG("RecipientInfo output buffer too small");
             FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK
@@ -7978,31 +8053,31 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     }
 
     idx = 0;
-    XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz);
-    idx += recipSeqSz;
-    XMEMCPY(recip->recip + idx, ver, verSz);
-    idx += verSz;
+    XMEMCPY(recip->recip + idx, recipSeq, (word32)recipSeqSz);
+    idx += (word32)recipSeqSz;
+    XMEMCPY(recip->recip + idx, ver, (word32)verSz);
+    idx += (word32)verSz;
     if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
-        XMEMCPY(recip->recip + idx, issuerSerialSeq, issuerSerialSeqSz);
-        idx += issuerSerialSeqSz;
-        XMEMCPY(recip->recip + idx, issuerSeq, issuerSeqSz);
-        idx += issuerSeqSz;
-        XMEMCPY(recip->recip + idx, decoded->issuerRaw, issuerSz);
-        idx += issuerSz;
-        XMEMCPY(recip->recip + idx, serial, snSz);
-        idx += snSz;
+        XMEMCPY(recip->recip + idx, issuerSerialSeq, (word32)issuerSerialSeqSz);
+        idx += (word32)issuerSerialSeqSz;
+        XMEMCPY(recip->recip + idx, issuerSeq, (word32)issuerSeqSz);
+        idx += (word32)issuerSeqSz;
+        XMEMCPY(recip->recip + idx, decoded->issuerRaw, (word32)issuerSz);
+        idx += (word32)issuerSz;
+        XMEMCPY(recip->recip + idx, serial, (word32)snSz);
+        idx += (word32)snSz;
     } else {
         recip->recip[idx] = ASN_CONTEXT_SPECIFIC;
         idx += ASN_TAG_SZ;
         XMEMCPY(recip->recip + idx, issuerSKID, issuerSKIDSz);
         idx += issuerSKIDSz;
-        XMEMCPY(recip->recip + idx, pkcs7->issuerSubjKeyId, keyIdSize);
-        idx += keyIdSize;
+        XMEMCPY(recip->recip + idx, pkcs7->issuerSubjKeyId, (word32)keyIdSize);
+        idx += (word32)keyIdSize;
     }
-    XMEMCPY(recip->recip + idx, keyAlgArray, keyEncAlgSz);
-    idx += keyEncAlgSz;
-    XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz);
-    idx += encKeyOctetStrSz;
+    XMEMCPY(recip->recip + idx, keyAlgArray, (word32)keyEncAlgSz);
+    idx += (word32)keyEncAlgSz;
+    XMEMCPY(recip->recip + idx, encKeyOctetStr, (word32)encKeyOctetStrSz);
+    idx += (word32)encKeyOctetStrSz;
     XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
     idx += encryptedKeySz;
 
@@ -8185,16 +8260,18 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
                         ret = NOT_COMPILED_IN;
                     }
                     else {
-                        ret = wc_AesGcmEncrypt(aes, out, in, inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
+                        ret = wc_AesGcmEncrypt(aes, out, in, (word32)inSz, iv,
+                                  (word32)ivSz, authTag, authTagSz, aad, aadSz);
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                        /* async encrypt not available here, so block till done */
+                        /* async encrypt not available here, so block till done
+                         */
                         ret = wc_AsyncWait(ret, &aes->asyncDev,
                             WC_ASYNC_FLAG_NONE);
                     #endif
                     }
                 #else
-                    ret = wc_AesGcmEncryptInit(aes, key, (word32)keySz, iv, ivSz);
+                    ret = wc_AesGcmEncryptInit(aes, key, (word32)keySz, iv,
+                        (word32)ivSz);
                     if (ret == 0) {
                         ret = wc_AesGcmEncryptUpdate(aes, NULL, NULL, 0, aad,
                             aadSz);
@@ -8246,8 +8323,9 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
             if (ret == 0) {
                 ret = wc_AesCcmSetKey(aes, key, (word32)keySz);
                 if (ret == 0) {
-                    ret = wc_AesCcmEncrypt(aes, out, in, (word32)inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
+                    ret = wc_AesCcmEncrypt(aes, out, in, (word32)inSz, iv,
+                                           (word32)ivSz, authTag, authTagSz,
+                                           aad, aadSz);
                 #ifdef WOLFSSL_ASYNC_CRYPT
                     /* async encrypt not available here, so block till done */
                     ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -8417,8 +8495,9 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
             if (ret == 0) {
                 ret = wc_AesGcmSetKey(aes, key, (word32)keySz);
                 if (ret == 0) {
-                    ret = wc_AesGcmDecrypt(aes, out, in, (word32)inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
+                    ret = wc_AesGcmDecrypt(aes, out, in, (word32)inSz, iv,
+                                           (word32)ivSz, authTag, authTagSz,
+                                           aad, aadSz);
                 #ifdef WOLFSSL_ASYNC_CRYPT
                     /* async decrypt not available here, so block till done */
                     ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -8456,8 +8535,9 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
             if (ret == 0) {
                 ret = wc_AesCcmSetKey(aes, key, (word32)keySz);
                 if (ret == 0) {
-                    ret = wc_AesCcmDecrypt(aes, out, in, (word32)inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
+                    ret = wc_AesCcmDecrypt(aes, out, in, (word32)inSz, iv,
+                                           (word32)ivSz, authTag, authTagSz,
+                                           aad, aadSz);
                 #ifdef WOLFSSL_ASYNC_CRYPT
                     /* async decrypt not available here, so block till done */
                     ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -8611,14 +8691,14 @@ int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz)
 /* return size of padded data, padded to blockSz chunks, or negative on error */
 int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
 {
-    int padSz;
+    word32 padSz;
 
     if (blockSz == 0)
         return BAD_FUNC_ARG;
 
     padSz = blockSz - (inputSz % blockSz);
 
-    return padSz;
+    return (int)padSz;
 }
 
 
@@ -8627,15 +8707,17 @@ int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
 int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
                      word32 blockSz)
 {
-    int i, padSz;
+    int ret;
+    word32 i, padSz;
 
     if (in == NULL  || inSz == 0 ||
         out == NULL || outSz == 0)
         return BAD_FUNC_ARG;
 
-    padSz = wc_PKCS7_GetPadSize(inSz, blockSz);
-    if (padSz < 0)
-        return padSz;
+    ret = wc_PKCS7_GetPadSize(inSz, blockSz);
+    if (ret < 0)
+        return ret;
+    padSz = (word32)ret;
 
     if (outSz < (inSz + padSz))
         return BAD_FUNC_ARG;
@@ -8646,7 +8728,7 @@ int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
         out[inSz + i] = (byte)padSz;
     }
 
-    return inSz + padSz;
+    return (int)(inSz + padSz);
 }
 
 
@@ -8707,8 +8789,8 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
 
     oriTypeLenSz = (int)SetLength(oriTypeSz, oriTypeLen);
 
-    recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + oriTypeLenSz + oriTypeSz +
-                             oriValueSz, recipSeq, 0);
+    recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + (word32)oriTypeLenSz +
+                             oriTypeSz + oriValueSz, recipSeq, 0);
 
     idx = 0;
     XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz);
@@ -8716,8 +8798,8 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
     /* oriType */
     recip->recip[idx] = ASN_OBJECT_ID;
     idx += 1;
-    XMEMCPY(recip->recip + idx, oriTypeLen, oriTypeLenSz);
-    idx += oriTypeLenSz;
+    XMEMCPY(recip->recip + idx, oriTypeLen, (word32)oriTypeLenSz);
+    idx += (word32)oriTypeLenSz;
     XMEMCPY(recip->recip + idx, oriType, oriTypeSz);
     idx += oriTypeSz;
     /* oriValue, input MUST already be ASN.1 encoded */
@@ -8762,8 +8844,8 @@ static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
         case PBKDF2_OID:
 
-            ret = wc_PBKDF2(out, passwd, (int)pLen, salt, saltSz, iterations,
-                            (int)outSz, prfOID);
+            ret = wc_PBKDF2(out, passwd, (int)pLen, salt, (int)saltSz,
+                            iterations, (int)outSz, prfOID);
             if (ret != 0) {
                 return ret;
             }
@@ -8805,17 +8887,17 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
     }
 
     /* get pad bytes needed to block boundary */
-    padSz = blockSz - ((4 + cekSz) % blockSz);
-    outLen = 4 + cekSz + padSz;
+    padSz = (word32)blockSz - ((4 + cekSz) % (word32)blockSz);
+    outLen = (int)(4 + cekSz + padSz);
 
     /* must be at least two blocks long */
     if (outLen < 2 * blockSz)
-        padSz += blockSz;
+        padSz += (word32)blockSz;
 
     /* if user set out to NULL, give back required length */
     if (out == NULL) {
         *outSz = (word32)outLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* verify output buffer is large enough */
@@ -8895,7 +8977,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
     }
 
     /* input needs to be blockSz multiple and at least 2 * blockSz */
-    if (((inSz % blockSz) != 0) || (inSz < (2 * (word32)blockSz))) {
+    if (((inSz % (word32)blockSz) != 0) || (inSz < (2 * (word32)blockSz))) {
         WOLFSSL_MSG("PWRI-KEK unwrap input must of block size and >= 2 "
                     "times block size");
         XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -8915,15 +8997,15 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
         /* using last decrypted block as IV, decrypt [0 ... n-1] blocks */
         lastBlock = outTmp + inSz - blockSz;
         ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz,
-                lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, inSz - blockSz,
-                outTmp, pkcs7->devId, pkcs7->heap);
+                lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in,
+                (int)inSz - blockSz, outTmp, pkcs7->devId, pkcs7->heap);
     }
 
     if (ret == 0) {
         /* decrypt using original kek and iv */
         ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz,
-                (byte*)iv, ivSz, NULL, 0, NULL, 0, outTmp, inSz, outTmp,
-                pkcs7->devId, pkcs7->heap);
+                (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, outTmp, (int)inSz,
+                outTmp, pkcs7->devId, pkcs7->heap);
     }
 
     if (ret != 0) {
@@ -9058,7 +9140,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     if (recip == NULL)
         return MEMORY_E;
 
-    kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    kek = (byte*)XMALLOC((word32)kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     if (kek == NULL) {
         XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return MEMORY_E;
@@ -9074,7 +9156,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
     encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
     XMEMSET(recip, 0, sizeof(Pkcs7EncodedRecip));
-    XMEMSET(kek, 0, kekKeySz);
+    XMEMSET(kek, 0, (word32)kekKeySz);
     XMEMSET(encryptedKey, 0, encryptedKeySz);
 
     /* generate KEK: expand password into KEK */
@@ -9106,12 +9188,12 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
     /* put together IV OCTET STRING */
     ivOctetStringSz = SetOctetString((word32)kekBlockSz, ivOctetString);
-    totalSz += (ivOctetStringSz + kekBlockSz);
+    totalSz += (ivOctetStringSz + (word32)kekBlockSz);
 
     /* set PWRIAlgorithms AlgorithmIdentifier, adding (ivOctetStringSz +
        blockKeySz) for IV OCTET STRING */
     pwriEncAlgoIdSz = SetAlgoID(encryptOID, pwriEncAlgoId,
-                                oidBlkType, ivOctetStringSz + kekBlockSz);
+                                oidBlkType, (int)ivOctetStringSz + kekBlockSz);
     totalSz += pwriEncAlgoIdSz;
 
     /* set KeyEncryptionAlgorithms OID */
@@ -9127,7 +9209,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
     /* KeyEncryptionAlgorithm SEQ */
     keyEncAlgoIdSeqSz = SetSequence(keyEncAlgoIdSz + pwriEncAlgoIdSz +
-                                    ivOctetStringSz + kekBlockSz,
+                                    ivOctetStringSz + (word32)kekBlockSz,
                                     keyEncAlgoIdSeq);
     totalSz += keyEncAlgoIdSeqSz;
 
@@ -9203,8 +9285,8 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     idx += pwriEncAlgoIdSz;
     XMEMCPY(recip->recip + idx, ivOctetString, ivOctetStringSz);
     idx += ivOctetStringSz;
-    XMEMCPY(recip->recip + idx, tmpIv, kekBlockSz);
-    idx += kekBlockSz;
+    XMEMCPY(recip->recip + idx, tmpIv, (word32)kekBlockSz);
+    idx += (word32)kekBlockSz;
     XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz);
     idx += encKeyOctetStrSz;
     XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
@@ -9339,7 +9421,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     }
 #endif
     encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
-    XMEMSET(encryptedKey, 0, encryptedKeySz);
+    XMEMSET(encryptedKey, 0, (word32)encryptedKeySz);
 
     #ifndef NO_AES
         direction = AES_ENCRYPTION;
@@ -9367,7 +9449,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     }
 
     encKeyOctetStrSz = SetOctetString((word32)encryptedKeySz, encKeyOctetStr);
-    totalSz += (encKeyOctetStrSz + encryptedKeySz);
+    totalSz += (encKeyOctetStrSz + (word32)encryptedKeySz);
 
     /* KeyEncryptionAlgorithmIdentifier */
     encAlgoIdSz = SetAlgoID(keyWrapOID, encAlgoId, oidKeyWrapType, 0);
@@ -9389,7 +9471,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
         #endif
             return timeSz;
         }
-        totalSz += timeSz;
+        totalSz += (word32)timeSz;
     }
 #endif
 
@@ -9400,7 +9482,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     }
 
     /* KEKIdentifier SEQ */
-    kekIdSeqSz = SetSequence(kekIdOctetStrSz + keyIdSz + timeSz +
+    kekIdSeqSz = SetSequence(kekIdOctetStrSz + keyIdSz + (word32)timeSz +
                              otherAttSeqSz + otherOIDSz + otherSz, kekIdSeq);
     totalSz += kekIdSeqSz;
 
@@ -9433,8 +9515,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     XMEMCPY(recip->recip + idx, keyId, keyIdSz);
     idx += keyIdSz;
     if (timePtr != NULL) {
-        XMEMCPY(recip->recip + idx, genTime, timeSz);
-        idx += timeSz;
+        XMEMCPY(recip->recip + idx, genTime, (word32)timeSz);
+        idx += (word32)timeSz;
     }
     if (other != NULL && otherSz > 0) {
         XMEMCPY(recip->recip + idx, otherAttSeq, otherAttSeqSz);
@@ -9448,8 +9530,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     idx += encAlgoIdSz;
     XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz);
     idx += encKeyOctetStrSz;
-    XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
-    idx += encryptedKeySz;
+    XMEMCPY(recip->recip + idx, encryptedKey, (word32)encryptedKeySz);
+    idx += (word32)encryptedKeySz;
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -9563,8 +9645,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     }
 
 #ifndef ASN_BER_TO_DER
-    if (output == NULL || outputSz == 0)
+    if (output == NULL || outputSz == 0) {
         return BAD_FUNC_ARG;
+    }
 #else
     /* if both output and callback are not set then error out */
     if ((output == NULL || outputSz == 0) && (pkcs7->streamOutCb == NULL)) {
@@ -9677,20 +9760,21 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return padSz;
     }
 
-    encryptedOutSz = pkcs7->contentSz + padSz;
+    encryptedOutSz = (int)pkcs7->contentSz + padSz;
 
 #ifdef ASN_BER_TO_DER
     if (pkcs7->getContentCb == NULL)
 #endif
     {
-        plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        plain = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
+                               DYNAMIC_TYPE_PKCS7);
         if (plain == NULL) {
             wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
             return MEMORY_E;
         }
 
         ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
-                               (word32)encryptedOutSz, blockSz);
+                               (word32)encryptedOutSz, (word32)blockSz);
         if (ret < 0) {
             XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
@@ -9703,7 +9787,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     if (pkcs7->streamOutCb == NULL)
 #endif
     {
-        encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
+        encryptedContent = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
                                           DYNAMIC_TYPE_PKCS7);
         if (encryptedContent == NULL) {
             XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -9729,9 +9813,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz,
                                 encContentOctet, pkcs7->encodeStream);
-    encContentSeqSz = (int)SetSequenceEx(contentTypeSz + contentEncAlgoSz +
-                              ivOctetStringSz + blockSz +
-                              encContentOctetSz + encryptedOutSz,
+    encContentSeqSz = (int)SetSequenceEx((word32)(contentTypeSz +
+                              contentEncAlgoSz + ivOctetStringSz + blockSz +
+                              encContentOctetSz + encryptedOutSz),
                               encContentSeq, pkcs7->encodeStream);
 
     /* keep track of sizes for outer wrapper layering */
@@ -9751,8 +9835,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         totalSz += ASN_INDEF_END_SZ;
 
         /* account for asn1 syntax around octet strings */
-        StreamOctetString(NULL, (word32)encryptedOutSz, NULL, &streamSz, &tmpIdx);
-        totalSz += (streamSz - encryptedOutSz);
+        StreamOctetString(NULL, (word32)encryptedOutSz, NULL, &streamSz,
+                                                                       &tmpIdx);
+        totalSz += ((int)streamSz - encryptedOutSz);
 
         /* resize encrypted content buffer */
         if (encryptedContent != NULL) {
@@ -9836,7 +9921,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     while (tmpRecip != NULL) {
         wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             tmpRecip->recip, tmpRecip->recipSz);
-        idx += tmpRecip->recipSz;
+        idx += (int)tmpRecip->recipSz;
         tmpRecip = tmpRecip->next;
     }
     wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
@@ -9862,16 +9947,12 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     /* encrypt content */
     ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek,
-            pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain,
+            (int)pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain,
             encryptedOutSz, encryptedContent);
     if (ret != 0) {
-        if (encryptedContent != NULL) {
-            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        }
+        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
-        if (plain != NULL) {
-            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        }
+        XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
         return ret;
@@ -9888,7 +9969,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
             wc_PKCS7_WriteOut(pkcs7, (output)? output + idx : NULL,
                 encryptedContent, streamSz);
         }
-        idx += streamSz;
+        idx += (int)streamSz;
 
         /* end of encrypted content */
         localIdx += SetIndefEnd(indefEnd + localIdx);
@@ -9907,23 +9988,19 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
         wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             indefEnd, localIdx);
-        idx += localIdx;
+        idx += (int)localIdx;
     }
     else
 #endif
     {
         wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
-            encryptedContent, encryptedOutSz);
+            encryptedContent, (word32)encryptedOutSz);
         idx += encryptedOutSz;
     }
 
-    if (plain != NULL) {
-        XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-    }
+    XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
-    if (encryptedContent != NULL) {
-        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-    }
+    XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
     return idx;
 }
@@ -10063,7 +10140,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                     return ASN_PARSE_E;
 
                 /* if we found correct recipient, issuer hashes will match */
-                if (XMEMCMP(issuerHash, pkcs7->issuerHash, keyIdSize) == 0) {
+                if (XMEMCMP(issuerHash, pkcs7->issuerHash,
+                            (word32)keyIdSize) == 0) {
                     *recipFound = 1;
                 }
 
@@ -10116,10 +10194,10 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
 
                 /* if we found correct recipient, SKID will match */
                 if (XMEMCMP(pkiMsg + (*idx), pkcs7->issuerSubjKeyId,
-                            keyIdSize) == 0) {
+                            (word32)keyIdSize) == 0) {
                     *recipFound = 1;
                 }
-                (*idx) += keyIdSize;
+                (*idx) += (word32)keyIdSize;
             }
 
             if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0)
@@ -10180,14 +10258,14 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
         #endif
 
             /* Always allocate to ensure aligned use with RSA */
-            encryptedKey = (byte*)XMALLOC(encryptedKeySz, pkcs7->heap,
+            encryptedKey = (byte*)XMALLOC((word32)encryptedKeySz, pkcs7->heap,
                                           DYNAMIC_TYPE_WOLF_BIGINT);
             if (encryptedKey == NULL)
                 return MEMORY_E;
 
             if (*recipFound == 1)
-                XMEMCPY(encryptedKey, &pkiMsg[*idx], encryptedKeySz);
-            *idx += encryptedKeySz;
+                XMEMCPY(encryptedKey, &pkiMsg[*idx], (word32)encryptedKeySz);
+            *idx += (word32)encryptedKeySz;
 
             /* load private key */
         #ifdef WOLFSSL_SMALL_STACK
@@ -10302,7 +10380,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                 return keySz;
             } else {
                 *decryptedKeySz = (word32)keySz;
-                XMEMCPY(decryptedKey, outKey, keySz);
+                XMEMCPY(decryptedKey, outKey, (word32)keySz);
                 ForceZero(encryptedKey, (word32)encryptedKeySz);
             }
 
@@ -10408,15 +10486,16 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari,
     kari->senderKeyInit = 1;
 
     /* length-1 for unused bits counter */
-    ret = wc_ecc_import_x963_ex(pkiMsg + (*idx), length - 1, kari->senderKey,
-            curve_id);
+    ret = wc_ecc_import_x963_ex(pkiMsg + (*idx), (word32)length - 1,
+            kari->senderKey, curve_id);
     if (ret != 0) {
-        ret = wc_EccPublicKeyDecode(pkiMsg, idx, kari->senderKey, *idx + length - 1);
+        ret = wc_EccPublicKeyDecode(pkiMsg, idx, kari->senderKey,
+            *idx + (word32)length - 1);
         if (ret != 0)
             return ret;
     }
     else {
-        (*idx) += length - 1;
+        (*idx) += (word32)(length - 1);
     }
 
     return 0;
@@ -10469,15 +10548,16 @@ static int wc_PKCS7_KariGetUserKeyingMaterial(WC_PKCS7_KARI* kari,
 
     kari->ukm = NULL;
     if (length > 0) {
-        kari->ukm = (byte*)XMALLOC(length, kari->heap, DYNAMIC_TYPE_PKCS7);
+        kari->ukm = (byte*)XMALLOC((word32)length, kari->heap,
+                                                            DYNAMIC_TYPE_PKCS7);
         if (kari->ukm == NULL)
             return MEMORY_E;
 
-        XMEMCPY(kari->ukm, pkiMsg + (*idx), length);
+        XMEMCPY(kari->ukm, pkiMsg + (*idx), (word32)length);
         kari->ukmOwner = 1;
     }
 
-    (*idx) += length;
+    (*idx) += (word32)length;
     kari->ukmSz = (word32)length;
 
     return 0;
@@ -10509,7 +10589,7 @@ static int wc_PKCS7_KariGetKeyEncryptionAlgorithmId(WC_PKCS7_KARI* kari,
         return ASN_PARSE_E;
     }
 
-    if (localIdx < *idx + length) {
+    if (localIdx < *idx + (word32)length) {
         *idx = localIdx;
     }
     /* remove KeyWrapAlgorithm, stored in parameter of KeyEncAlgoId */
@@ -10568,11 +10648,11 @@ static int wc_PKCS7_KariGetSubjectKeyIdentifier(WC_PKCS7_KARI* kari,
     if (length != keyIdSize)
         return ASN_PARSE_E;
 
-    XMEMCPY(rid, pkiMsg + (*idx), keyIdSize);
-    (*idx) += length;
+    XMEMCPY(rid, pkiMsg + (*idx), (word32)keyIdSize);
+    (*idx) += (word32)length;
 
     /* subject key id should match if recipient found */
-    if (XMEMCMP(rid, kari->decoded->extSubjKeyId, keyIdSize) == 0) {
+    if (XMEMCMP(rid, kari->decoded->extSubjKeyId, (word32)keyIdSize) == 0) {
         *recipFound = 1;
     }
 
@@ -10618,7 +10698,7 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari,
 
     /* if we found correct recipient, issuer hashes will match */
     if (kari->decodedInit == 1) {
-        if (XMEMCMP(rid, kari->decoded->issuerHash, keyIdSize) == 0) {
+        if (XMEMCMP(rid, kari->decoded->issuerHash, (word32)keyIdSize) == 0) {
             *recipFound = 1;
         }
     }
@@ -10653,7 +10733,7 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari,
     ret = mp_init(recipSerial);
     if (ret == MP_OKAY)
         ret = mp_read_unsigned_bin(recipSerial, kari->decoded->serial,
-                             kari->decoded->serialSz);
+                             (word32)kari->decoded->serialSz);
     if (ret != MP_OKAY) {
         mp_clear(serial);
         WOLFSSL_MSG("Failed to parse CMS recipient serial number");
@@ -10745,9 +10825,9 @@ static int wc_PKCS7_KariGetRecipientEncryptedKeys(WC_PKCS7_KARI* kari,
     if (length > *encryptedKeySz)
         return BUFFER_E;
 
-    XMEMCPY(encryptedKey, pkiMsg + (*idx), length);
+    XMEMCPY(encryptedKey, pkiMsg + (*idx), (word32)length);
     *encryptedKeySz = length;
-    (*idx) += length;
+    (*idx) += (word32)length;
 
     return 0;
 }
@@ -10858,12 +10938,12 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
             if (GetASNObjectId(pkiMsg, idx, &oriOIDSz, pkiMsgSz) != 0)
                 return ASN_PARSE_E;
 
-            XMEMCPY(oriOID, pkiMsg + *idx, oriOIDSz);
-            *idx += oriOIDSz;
+            XMEMCPY(oriOID, pkiMsg + *idx, (word32)oriOIDSz);
+            *idx += (word32)oriOIDSz;
 
             /* get oriValue, increment idx */
             oriValue = pkiMsg + *idx;
-            oriValueSz = seqSz - (*idx - tmpIdx);
+            oriValueSz = (word32)seqSz - (*idx - tmpIdx);
             *idx += oriValueSz;
 
             /* pass oriOID and oriValue to user callback, expect back
@@ -10971,12 +11051,13 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             if (GetLength(pkiMsg, idx, &saltSz, pkiMsgSz) < 0)
                 return ASN_PARSE_E;
 
-            salt = (byte*)XMALLOC(saltSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            salt = (byte*)XMALLOC((word32)saltSz, pkcs7->heap,
+                                                            DYNAMIC_TYPE_PKCS7);
             if (salt == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(salt, pkiMsg + (*idx), saltSz);
-            *idx += saltSz;
+            XMEMCPY(salt, pkiMsg + (*idx), (word32)saltSz);
+            *idx += (word32)saltSz;
 
             /* get KDF iterations */
             if (GetMyVersion(pkiMsg, idx, &iterations, pkiMsgSz) < 0) {
@@ -10997,7 +11078,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* get pwriEncAlgoId */
-            if (GetAlgoId(pkiMsg, idx, &pwriEncAlgoId, oidBlkType, pkiMsgSz) < 0) {
+            if (GetAlgoId(pkiMsg, idx, &pwriEncAlgoId, oidBlkType,
+                                                                pkiMsgSz) < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return ASN_PARSE_E;
             }
@@ -11037,8 +11119,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
                 return ASN_PARSE_E;
             }
 
-            XMEMCPY(tmpIv, pkiMsg + (*idx), length);
-            *idx += length;
+            XMEMCPY(tmpIv, pkiMsg + (*idx), (word32)length);
+            *idx += (word32)length;
 
             /* get EncryptedKey */
             if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0) {
@@ -11065,7 +11147,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* generate KEK */
-            kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            kek = (byte*)XMALLOC((word32)kekKeySz, pkcs7->heap,
+                                                            DYNAMIC_TYPE_PKCS7);
             if (kek == NULL) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -11073,8 +11156,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             ret = wc_PKCS7_GenerateKEK_PWRI(pkcs7, pkcs7->pass, pkcs7->passSz,
-                                            salt, (word32)saltSz, kdfAlgoId, hashOID,
-                                            iterations, kek, (word32)kekKeySz);
+                                  salt, (word32)saltSz, (int)kdfAlgoId, hashOID,
+                                  iterations, kek, (word32)kekKeySz);
             if (ret < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -11084,8 +11167,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* decrypt CEK with KEK */
             ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, (word32)kekKeySz,
-                                             pkiMsg + (*idx), (word32)length, cek,
-                                             cekSz, tmpIv, (word32)blockSz,
+                                             pkiMsg + (*idx), (word32)length,
+                                             cek, cekSz, tmpIv, (word32)blockSz,
                                              (int)pwriEncAlgoId);
             if (ret < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -11112,7 +11195,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* mark recipFound, since we only support one RecipientInfo for now */
             *recipFound = 1;
-            *idx += length;
+            *idx += (word32)length;
         #ifndef NO_PKCS7_STREAM
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
                 break;
@@ -11190,7 +11273,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
                                    &dateLen) != 0) {
                     return ASN_PARSE_E;
                 }
-                *idx += (dateLen + 1);
+                *idx += (word32)(dateLen + 1);
             }
 
             if (*idx > pkiMsgSz) {
@@ -11206,7 +11289,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
                     return ASN_PARSE_E;
 
                 /* skip it */
-                *idx += length;
+                *idx += (word32)length;
             }
 
             if (*idx > pkiMsgSz) {
@@ -11252,7 +11335,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* mark recipFound, since we only support one RecipientInfo for now */
             *recipFound = 1;
-            *idx += length;
+            *idx += (word32)length;
 
         #ifndef NO_PKCS7_STREAM
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
@@ -12299,8 +12382,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             ret = 0;
         #endif
 
-            XMEMCPY(tmpIv, &pkiMsg[idx], length);
-            idx += length;
+            XMEMCPY(tmpIv, &pkiMsg[idx], (word32)length);
+            idx += (word32)length;
 
             explicitOctet = 0;
             localIdx = idx;
@@ -12360,7 +12443,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                  * consecutive OCTET STRINGs, if so loop through
                  * collecting and caching encrypted content bytes */
                 localIdx = idx;
-                while (idx < (localIdx + encryptedContentTotalSz)) {
+                while (idx < (localIdx + (word32)encryptedContentTotalSz)) {
 
                     if (GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) {
                         ret = ASN_PARSE_E;
@@ -12385,7 +12468,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                     }
 
                     /* advance idx past encrypted content */
-                    idx += encryptedContentSz;
+                    idx += (word32)encryptedContentSz;
                 }
 
                 if (ret != 0) {
@@ -12399,7 +12482,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                 if (ret != 0) {
                     break;
                 }
-                idx += encryptedContentTotalSz;
+                idx += (word32)encryptedContentTotalSz;
             }
 
             /* use cached content */
@@ -12423,7 +12506,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                 ret = BUFFER_E;
                 break;
             }
-            XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
+            XMEMCPY(output, encryptedContent,
+                                           (word32)encryptedContentSz - padLen);
 
             /* free memory, zero out keys */
             ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
@@ -12731,17 +12815,18 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
             contentTypeAttrib.valueSz = pkcs7->contentTypeSz;
         }
 
-        authAttribsSz += EncodeAttributes(authAttribs, 1,
-                                          &contentTypeAttrib, 1);
+        authAttribsSz += (word32)EncodeAttributes(authAttribs, 1,
+                                                         &contentTypeAttrib, 1);
         authAttribsCount += 1;
     }
 
     /* authAttribs: add in user authenticated attributes */
     if (pkcs7->authAttribs != NULL && pkcs7->authAttribsSz > 0) {
-        authAttribsSz += EncodeAttributes(authAttribs + authAttribsCount,
-                                 MAX_AUTH_ATTRIBS_SZ - authAttribsCount,
+        authAttribsSz += (word32)EncodeAttributes(
+                                 authAttribs + authAttribsCount,
+                                 (int)(MAX_AUTH_ATTRIBS_SZ - authAttribsCount),
                                  pkcs7->authAttribs,
-                                 pkcs7->authAttribsSz);
+                                 (int)pkcs7->authAttribsSz);
         authAttribsCount += pkcs7->authAttribsSz;
     }
 
@@ -12789,20 +12874,19 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
     /* build up unauthenticated attributes (unauthAttrs) */
     if (pkcs7->unauthAttribsSz > 0) {
-        unauthAttribsSz = EncodeAttributes(unauthAttribs + unauthAttribsCount,
-                                     MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount,
-                                     pkcs7->unauthAttribs,
-                                     pkcs7->unauthAttribsSz);
+        unauthAttribsSz = (word32)EncodeAttributes(
+                              unauthAttribs + unauthAttribsCount,
+                              (int)(MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount),
+                              pkcs7->unauthAttribs,
+                              (int)pkcs7->unauthAttribsSz);
         unauthAttribsCount = pkcs7->unauthAttribsSz;
 
         flatUnauthAttribs = (byte*)XMALLOC(unauthAttribsSz, pkcs7->heap,
                                             DYNAMIC_TYPE_PKCS7);
         if (flatUnauthAttribs == NULL) {
             wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-            if (aadBuffer)
-                XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            if (flatAuthAttribs)
-                XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return MEMORY_E;
         }
 
@@ -12823,56 +12907,48 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
     /* Copy content to plain buffer (zero-padded) to encrypt in full,
      * contiguous blocks */
-    plain = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    plain = (byte*)XMALLOC((word32)encryptedAllocSz, pkcs7->heap,
+        DYNAMIC_TYPE_PKCS7);
     if (plain == NULL) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (aadBuffer)
-            XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return MEMORY_E;
     }
 
     XMEMCPY(plain, pkcs7->content, pkcs7->contentSz);
     if ((encryptedAllocSz - encryptedOutSz) > 0) {
-        XMEMSET(plain + encryptedOutSz, 0, encryptedAllocSz - encryptedOutSz);
+        XMEMSET(plain + encryptedOutSz, 0,
+            (word32)(encryptedAllocSz - encryptedOutSz));
     }
 
-    encryptedContent = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap,
+    encryptedContent = (byte*)XMALLOC((word32)encryptedAllocSz, pkcs7->heap,
                                       DYNAMIC_TYPE_PKCS7);
     if (encryptedContent == NULL) {
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (aadBuffer)
-            XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return MEMORY_E;
     }
 
     /* encrypt content */
     ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek,
-            pkcs7->cekSz, nonce, nonceSz, aadBuffer, aadBufferSz, authTag,
-            sizeof(authTag), plain, encryptedOutSz, encryptedContent);
+            (int)pkcs7->cekSz, nonce, (int)nonceSz, aadBuffer, aadBufferSz,
+            authTag, sizeof(authTag), plain, encryptedOutSz, encryptedContent);
 
     XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     plain = NULL;
 
-    if (aadBuffer) {
-        XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        aadBuffer = NULL;
-    }
+    XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    aadBuffer = NULL;
 
     if (ret != 0) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
@@ -12882,10 +12958,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
                             sizeof(contentType));
     if (ret < 0) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
@@ -12899,41 +12973,41 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     macIntSz = (word32)SetMyVersion(sizeof(authTag), macInt, 0);
 
     /* add nonce and icv len into parameters string RFC5084 */
-    algoParamSeqSz = SetSequence(nonceOctetStringSz + nonceSz + macIntSz,
-            algoParamSeq);
+    algoParamSeqSz = SetSequence((word32)nonceOctetStringSz + nonceSz +
+            macIntSz, algoParamSeq);
 
     /* build up our ContentEncryptionAlgorithmIdentifier sequence,
      * adding (nonceOctetStringSz + blockSz + macIntSz) for nonce OCTET STRING
      * and tag size */
     contentEncAlgoSz = (int)SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
-                                 oidBlkType, nonceOctetStringSz + nonceSz +
-                                 macIntSz + algoParamSeqSz);
+                                 oidBlkType, nonceOctetStringSz + (int)nonceSz +
+                                 (int)macIntSz + (int)algoParamSeqSz);
 
     if (contentEncAlgoSz == 0) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return BAD_FUNC_ARG;
     }
 
     encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz,
                                     encContentOctet, 0);
-    encContentSeqSz = (int)SetSequence(contentTypeSz + contentEncAlgoSz +
-                                  nonceOctetStringSz + nonceSz + macIntSz +
-                                  algoParamSeqSz + encContentOctetSz +
-                                  encryptedOutSz, encContentSeq);
+    encContentSeqSz = (int)SetSequence((word32)contentTypeSz +
+                               (word32)contentEncAlgoSz +
+                               (word32)nonceOctetStringSz + nonceSz + macIntSz +
+                               algoParamSeqSz + (word32)encContentOctetSz +
+                               (word32)encryptedOutSz, encContentSeq);
 
     macOctetStringSz = (int)SetOctetString(sizeof(authTag), macOctetString);
 
     /* keep track of sizes for outer wrapper layering */
-    totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
-              contentEncAlgoSz + nonceOctetStringSz + nonceSz + macIntSz +
-              algoParamSeqSz + encContentOctetSz + encryptedOutSz +
-              authAttribsSz + authAttribsSetSz + macOctetStringSz +
-              sizeof(authTag) + unauthAttribsSz + unauthAttribsSetSz;
+    totalSz = verSz + recipSetSz + recipSz + encContentSeqSz +
+              contentTypeSz + contentEncAlgoSz + nonceOctetStringSz +
+              (int)nonceSz + (int)macIntSz + (int)algoParamSeqSz +
+              encContentOctetSz + encryptedOutSz + (int)authAttribsSz +
+              (int)authAttribsSetSz + macOctetStringSz + (int)sizeof(authTag) +
+              (int)unauthAttribsSz + (int)unauthAttribsSetSz;
 
     /* EnvelopedData */
     envDataSeqSz = (int)SetSequence((word32)totalSz, envDataSeq);
@@ -12951,80 +13025,76 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     if (totalSz > (int)outputSz) {
         WOLFSSL_MSG("Pkcs7_encrypt output buffer too small");
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return BUFFER_E;
     }
 
-    XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
+    XMEMCPY(output + idx, contentInfoSeq, (word32)contentInfoSeqSz);
     idx += contentInfoSeqSz;
-    XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
+    XMEMCPY(output + idx, outerContentType, (word32)outerContentTypeSz);
     idx += outerContentTypeSz;
-    XMEMCPY(output + idx, outerContent, outerContentSz);
+    XMEMCPY(output + idx, outerContent, (word32)outerContentSz);
     idx += outerContentSz;
-    XMEMCPY(output + idx, envDataSeq, envDataSeqSz);
+    XMEMCPY(output + idx, envDataSeq, (word32)envDataSeqSz);
     idx += envDataSeqSz;
-    XMEMCPY(output + idx, ver, verSz);
+    XMEMCPY(output + idx, ver, (word32)verSz);
     idx += verSz;
-    XMEMCPY(output + idx, recipSet, recipSetSz);
+    XMEMCPY(output + idx, recipSet, (word32)recipSetSz);
     idx += recipSetSz;
     /* copy in recipients from list */
     tmpRecip = pkcs7->recipList;
     while (tmpRecip != NULL) {
         XMEMCPY(output + idx, tmpRecip->recip, tmpRecip->recipSz);
-        idx += tmpRecip->recipSz;
+        idx += (int)tmpRecip->recipSz;
         tmpRecip = tmpRecip->next;
     }
     wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-    XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
+    XMEMCPY(output + idx, encContentSeq, (word32)encContentSeqSz);
     idx += encContentSeqSz;
-    XMEMCPY(output + idx, contentType, contentTypeSz);
+    XMEMCPY(output + idx, contentType, (word32)contentTypeSz);
     idx += contentTypeSz;
-    XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
+    XMEMCPY(output + idx, contentEncAlgo, (word32)contentEncAlgoSz);
     idx += contentEncAlgoSz;
     XMEMCPY(output + idx, algoParamSeq, algoParamSeqSz);
-    idx += algoParamSeqSz;
-    XMEMCPY(output + idx, nonceOctetString, nonceOctetStringSz);
+    idx += (int)algoParamSeqSz;
+    XMEMCPY(output + idx, nonceOctetString, (word32)nonceOctetStringSz);
     idx += nonceOctetStringSz;
     XMEMCPY(output + idx, nonce, nonceSz);
-    idx += nonceSz;
+    idx += (int)nonceSz;
     XMEMCPY(output + idx, macInt, macIntSz);
-    idx += macIntSz;
+    idx += (int)macIntSz;
 
 
-    XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
+    XMEMCPY(output + idx, encContentOctet, (word32)encContentOctetSz);
     idx += encContentOctetSz;
-    XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
+    XMEMCPY(output + idx, encryptedContent, (word32)encryptedOutSz);
     idx += encryptedOutSz;
 
     /* authenticated attributes */
     if (flatAuthAttribs && authAttribsSz > 0) {
         XMEMCPY(output + idx, authAttribSet, authAttribsSetSz);
-        idx += authAttribsSetSz;
+        idx += (int)authAttribsSetSz;
         XMEMCPY(output + idx, flatAuthAttribs, authAttribsSz);
-        idx += authAttribsSz;
+        idx += (int)authAttribsSz;
         XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     }
 
-    XMEMCPY(output + idx, macOctetString, macOctetStringSz);
+    XMEMCPY(output + idx, macOctetString, (word32)macOctetStringSz);
     idx += macOctetStringSz;
     XMEMCPY(output + idx, authTag, sizeof(authTag));
-    idx += sizeof(authTag);
+    idx += (int)sizeof(authTag);
 
     /* unauthenticated attributes */
     if (unauthAttribsSz > 0) {
         XMEMCPY(output + idx, unauthAttribSet, unauthAttribsSetSz);
-        idx += unauthAttribsSetSz;
+        idx += (int)unauthAttribsSetSz;
         XMEMCPY(output + idx, flatUnauthAttribs, unauthAttribsSz);
-        idx += unauthAttribsSz;
+        idx += (int)unauthAttribsSz;
     }
 
-    if (flatUnauthAttribs != NULL) {
-        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-    }
+    XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
     XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
@@ -13268,8 +13338,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             }
 
             if (ret == 0) {
-                XMEMCPY(nonce, &pkiMsg[idx], nonceSz);
-                idx += nonceSz;
+                XMEMCPY(nonce, &pkiMsg[idx], (word32)nonceSz);
+                idx += (word32)nonceSz;
             }
 
             /* get mac size, also stored in OPTIONAL parameter of AlgoID */
@@ -13324,14 +13394,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             /* store nonce for later */
             if (nonceSz > 0) {
                 pkcs7->stream->nonceSz = (word32)nonceSz;
-                pkcs7->stream->nonce = (byte*)XMALLOC(nonceSz, pkcs7->heap,
-                        DYNAMIC_TYPE_PKCS7);
+                pkcs7->stream->nonce = (byte*)XMALLOC((word32)nonceSz,
+                        pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 if (pkcs7->stream->nonce == NULL) {
                     ret = MEMORY_E;
                     break;
                 }
                 else {
-                    XMEMCPY(pkcs7->stream->nonce, nonce, nonceSz);
+                    XMEMCPY(pkcs7->stream->nonce, nonce, (word32)nonceSz);
                 }
             }
 
@@ -13380,15 +13450,16 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                                    encryptedContentSz + expBlockSz -
                                    (encryptedContentSz % expBlockSz) :
                                    encryptedContentSz;
-            encryptedContent = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap,
-                                                            DYNAMIC_TYPE_PKCS7);
+            encryptedContent = (byte*)XMALLOC((word32)encryptedAllocSz,
+                                               pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             if (ret == 0 && encryptedContent == NULL) {
                 ret = MEMORY_E;
             }
 
             if (ret == 0) {
-                XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz);
-                idx += encryptedContentSz;
+                XMEMCPY(encryptedContent, &pkiMsg[idx],
+                                                    (word32)encryptedContentSz);
+                idx += (word32)encryptedContentSz;
             }
         #ifndef NO_PKCS7_STREAM
                 pkcs7->stream->bufferPt = encryptedContent;
@@ -13407,7 +13478,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             #ifndef NO_PKCS7_STREAM
                 pkcs7->stream->expected = (word32)length;
             #endif
-                encodedAttribSz = length + (idx - encodedAttribIdx);
+                encodedAttribSz = (word32)length + (idx - encodedAttribIdx);
 
                 if (ret != 0)
                     break;
@@ -13464,12 +13535,12 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                 break;
             }
 
-            idx += length;
+            idx += (word32)length;
 
     #ifndef NO_PKCS7_STREAM
             if (encodedAttribSz > 0) {
-                XMEMCPY(pkcs7->stream->aad + (encodedAttribSz - length),
-                        authAttrib, authAttribSz);
+                XMEMCPY(pkcs7->stream->aad + (encodedAttribSz - (word32)length),
+                        authAttrib, (word32)authAttribSz);
             }
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
                 break;
@@ -13513,8 +13584,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             }
 
             if (ret == 0) {
-                XMEMCPY(authTag, &pkiMsg[idx], authTagSz);
-                idx += authTagSz;
+                XMEMCPY(authTag, &pkiMsg[idx], (word32)authTagSz);
+                idx += (word32)authTagSz;
             }
 
             if (ret == 0 && authAttrib != NULL) {
@@ -13539,14 +13610,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             /* store tag for later */
             if (authTagSz > 0) {
                 pkcs7->stream->tagSz = (word32)authTagSz;
-                pkcs7->stream->tag = (byte*)XMALLOC(authTagSz, pkcs7->heap,
-                        DYNAMIC_TYPE_PKCS7);
+                pkcs7->stream->tag = (byte*)XMALLOC((word32)authTagSz,
+                        pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 if (pkcs7->stream->tag == NULL) {
                     ret = MEMORY_E;
                     break;
                 }
                 else {
-                    XMEMCPY(pkcs7->stream->tag, authTag, authTagSz);
+                    XMEMCPY(pkcs7->stream->tag, authTag, (word32)authTagSz);
                 }
             }
 
@@ -13570,7 +13641,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                     break;
                 }
                 else {
-                    XMEMCPY(nonce, pkcs7->stream->nonce, nonceSz);
+                    XMEMCPY(nonce, pkcs7->stream->nonce, (word32)nonceSz);
                 }
             }
 
@@ -13582,7 +13653,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                     break;
                 }
                 else {
-                    XMEMCPY(authTag, pkcs7->stream->tag, authTagSz);
+                    XMEMCPY(authTag, pkcs7->stream->tag, (word32)authTagSz);
                 }
             }
 
@@ -13602,8 +13673,9 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             /* decrypt encryptedContent */
             ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, decryptedKey,
                     blockKeySz, nonce, nonceSz, encodedAttribs, encodedAttribSz,
-                    authTag, (word32)authTagSz, encryptedContent, encryptedContentSz,
-                    encryptedContent, pkcs7->devId, pkcs7->heap);
+                    authTag, (word32)authTagSz, encryptedContent,
+                    encryptedContentSz, encryptedContent, pkcs7->devId,
+                    pkcs7->heap);
             if (ret != 0) {
                 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return ret;
@@ -13615,7 +13687,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             }
 
             /* copy plaintext to output */
-            XMEMCPY(output, encryptedContent, encryptedContentSz);
+            XMEMCPY(output, encryptedContent, (word32)encryptedContentSz);
 
             /* free memory, zero out keys */
             ForceZero(encryptedContent, (word32)encryptedContentSz);
@@ -13646,7 +13718,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
         }
         XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     }
+#else
+    if (ret < 0) {
+        ForceZero(encryptedContent, (word32)encryptedContentSz);
+        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
+    }
 #endif
+
 #ifndef NO_PKCS7_STREAM
     if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
         wc_PKCS7_ResetStream(pkcs7);
@@ -13751,21 +13830,21 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     if (padSz < 0)
         return padSz;
 
-    encryptedOutSz = pkcs7->contentSz + padSz;
+    encryptedOutSz = (int)pkcs7->contentSz + padSz;
 
-    plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
+    plain = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
                            DYNAMIC_TYPE_PKCS7);
     if (plain == NULL)
         return MEMORY_E;
 
     ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
-                           (word32)encryptedOutSz, blockSz);
+                           (word32)encryptedOutSz, (word32)blockSz);
     if (ret < 0) {
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
 
-    encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
+    encryptedContent = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
                                       DYNAMIC_TYPE_PKCS7);
     if (encryptedContent == NULL) {
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -13795,8 +13874,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     }
 
     ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID,
-            pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, blockSz, NULL,
-            0, NULL, 0, plain, encryptedOutSz, encryptedContent);
+            pkcs7->encryptionKey, (int)pkcs7->encryptionKeySz, tmpIv, blockSz,
+            NULL, 0, NULL, 0, plain, encryptedOutSz, encryptedContent);
     if (ret != 0) {
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -13806,9 +13885,9 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0,
                                     (word32)encryptedOutSz, encContentOctet, 0);
 
-    encContentSeqSz = (int)SetSequence(contentTypeSz + contentEncAlgoSz +
-                                  ivOctetStringSz + blockSz +
-                                  encContentOctetSz + encryptedOutSz,
+    encContentSeqSz = (int)SetSequence((word32)(contentTypeSz +
+                                  contentEncAlgoSz + ivOctetStringSz + blockSz +
+                                  encContentOctetSz + encryptedOutSz),
                                   encContentSeq);
 
     /* optional UnprotectedAttributes */
@@ -13830,11 +13909,13 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         }
 
         attribsCount = pkcs7->unprotectedAttribsSz;
-        attribsSz = EncodeAttributes(attribs, pkcs7->unprotectedAttribsSz,
+        attribsSz = (word32)EncodeAttributes(attribs,
+                                     (int)pkcs7->unprotectedAttribsSz,
                                      pkcs7->unprotectedAttribs,
-                                     pkcs7->unprotectedAttribsSz);
+                                     (int)pkcs7->unprotectedAttribsSz);
 
-        flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap,
+                                                            DYNAMIC_TYPE_PKCS7);
         if (flatAttribs == NULL) {
             XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -13860,7 +13941,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     /* keep track of sizes for outer wrapper layering */
     totalSz = verSz + encContentSeqSz + contentTypeSz + contentEncAlgoSz +
               ivOctetStringSz + blockSz + encContentOctetSz + encryptedOutSz +
-              attribsSz + attribsSetSz;
+              (int)attribsSz + (int)attribsSetSz;
 
     /* EncryptedData */
     encDataSeqSz = (int)SetSequence((word32)totalSz, encDataSeq);
@@ -13881,51 +13962,47 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     if (totalSz > (int)outputSz) {
         WOLFSSL_MSG("PKCS#7 output buffer too small");
-        if (attribs != NULL)
-            XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAttribs != NULL)
-            XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return BUFFER_E;
     }
 
-    XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
+    XMEMCPY(output + idx, contentInfoSeq, (word32)contentInfoSeqSz);
     idx += contentInfoSeqSz;
-    XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
+    XMEMCPY(output + idx, outerContentType, (word32)outerContentTypeSz);
     idx += outerContentTypeSz;
-    XMEMCPY(output + idx, outerContent, outerContentSz);
+    XMEMCPY(output + idx, outerContent, (word32)outerContentSz);
     idx += outerContentSz;
-    XMEMCPY(output + idx, encDataSeq, encDataSeqSz);
+    XMEMCPY(output + idx, encDataSeq, (word32)encDataSeqSz);
     idx += encDataSeqSz;
-    XMEMCPY(output + idx, ver, verSz);
+    XMEMCPY(output + idx, ver, (word32)verSz);
     idx += verSz;
-    XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
+    XMEMCPY(output + idx, encContentSeq, (word32)encContentSeqSz);
     idx += encContentSeqSz;
-    XMEMCPY(output + idx, contentType, contentTypeSz);
+    XMEMCPY(output + idx, contentType, (word32)contentTypeSz);
     idx += contentTypeSz;
-    XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
+    XMEMCPY(output + idx, contentEncAlgo, (word32)contentEncAlgoSz);
     idx += contentEncAlgoSz;
-    XMEMCPY(output + idx, ivOctetString, ivOctetStringSz);
+    XMEMCPY(output + idx, ivOctetString, (word32)ivOctetStringSz);
     idx += ivOctetStringSz;
-    XMEMCPY(output + idx, tmpIv, blockSz);
+    XMEMCPY(output + idx, tmpIv, (word32)blockSz);
     idx += blockSz;
-    XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
+    XMEMCPY(output + idx, encContentOctet, (word32)encContentOctetSz);
     idx += encContentOctetSz;
-    XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
+    XMEMCPY(output + idx, encryptedContent, (word32)encryptedOutSz);
     idx += encryptedOutSz;
 
     if (pkcs7->unprotectedAttribsSz != 0) {
         XMEMCPY(output + idx, attribSet, attribsSetSz);
-        idx += attribsSetSz;
+        idx += (int)attribsSetSz;
         XMEMCPY(output + idx, flatAttribs, attribsSz);
-        idx += attribsSz;
+        idx += (int)attribsSz;
     }
 
-    if (attribs != NULL)
-        XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-    if (flatAttribs != NULL)
-        XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
@@ -14186,8 +14263,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
             tmpIv  = pkcs7->stream->tmpIv;
             length = (int)pkcs7->stream->expected;
 #endif
-            XMEMCPY(tmpIv, &pkiMsg[idx], length);
-            idx += length;
+            XMEMCPY(tmpIv, &pkiMsg[idx], (word32)length);
+            idx += (word32)length;
             /* read encryptedContent, cont[0] */
             if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0)
                 ret = ASN_PARSE_E;
@@ -14207,7 +14284,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                 break;
             }
 
-            if (pkcs7->stream->totalRd +  encryptedContentSz <
+            if (pkcs7->stream->totalRd + (word32)encryptedContentSz <
                     pkcs7->stream->maxLen) {
                 pkcs7->stream->flagOne = 1;
             }
@@ -14236,21 +14313,23 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
             tmpIv      = pkcs7->stream->tmpIv;
 #endif
             if (ret == 0 && (encryptedContent = (byte*)XMALLOC(
-                encryptedContentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7)) == NULL) {
+                                  (unsigned int)encryptedContentSz, pkcs7->heap,
+                                  DYNAMIC_TYPE_PKCS7)) == NULL) {
                 ret = MEMORY_E;
                 break;
             }
 
             if (ret == 0) {
-                XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz);
-                idx += encryptedContentSz;
+                XMEMCPY(encryptedContent, &pkiMsg[idx],
+                    (unsigned int)encryptedContentSz);
+                idx += (word32)encryptedContentSz;
 
                 /* decrypt encryptedContent */
                 ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID,
-                            pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv,
-                            expBlockSz, NULL, 0, NULL, 0, encryptedContent,
-                            encryptedContentSz, encryptedContent,
-                            pkcs7->devId, pkcs7->heap);
+                              pkcs7->encryptionKey, (int)pkcs7->encryptionKeySz,
+                              tmpIv, expBlockSz, NULL, 0, NULL, 0,
+                              encryptedContent, encryptedContentSz,
+                              encryptedContent, pkcs7->devId, pkcs7->heap);
                 if (ret != 0) {
                     XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 }
@@ -14267,7 +14346,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                 }
 
                 /* copy plaintext to output */
-                XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
+                XMEMCPY(output, encryptedContent,
+                    (unsigned int)(encryptedContentSz - padLen));
 
                 /* get implicit[1] unprotected attributes, optional */
                 wc_PKCS7_FreeDecodedAttrib(pkcs7->decodedAttrib, pkcs7->heap);
@@ -14370,7 +14450,7 @@ int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag,
         return BAD_FUNC_ARG;
     }
 #ifdef ASN_BER_TO_DER
-    pkcs7->encodeStream = flag;
+    pkcs7->encodeStream = (flag != 0);
     pkcs7->getContentCb = getContentCb;
     pkcs7->streamOutCb  = streamOutCb;
     pkcs7->streamCtx    = ctx;
@@ -14406,7 +14486,7 @@ int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag)
     if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
     }
-    pkcs7->noCerts = flag;
+    pkcs7->noCerts = (flag != 0);
     return 0;
 }
 
diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c
index cde754752a..48529d78c1 100644
--- a/wolfcrypt/src/poly1305.c
+++ b/wolfcrypt/src/poly1305.c
@@ -1,6 +1,6 @@
 /* poly1305.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,6 +29,13 @@ and Daniel J. Bernstein
 */
 
 
+/*
+ * WOLFSSL_W64_WRAPPER Uses wrappers around word64 types for a system that does
+ *                     not have word64 available. As expected it reduces
+ *                     performance. Benchmarks collected July 2024 show
+ *                     303.004 MiB/s with and 1874.194 MiB/s without.
+ */
+
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -199,7 +206,7 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac);
 #endif
 
 #elif defined(POLY130564)
-#ifndef WOLFSSL_ARMASM
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
     static word64 U8TO64(const byte* p)
     {
         return
@@ -223,8 +230,9 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac);
         p[6] = (byte)(v >> 48);
         p[7] = (byte)(v >> 56);
     }
-#endif/* WOLFSSL_ARMASM */
-#else /* if not 64 bit then use 32 bit */
+#endif/* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
+/* if not 64 bit then use 32 bit */
+#elif !defined(WOLFSSL_ARMASM) || !defined(__thumb__)
 
     static word32 U8TO32(const byte *p)
     {
@@ -261,7 +269,8 @@ static WC_INLINE void u32tole64(const word32 inLe32, byte outLe64[8])
 }
 
 
-#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__)
+#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
+    !defined(__thumb__))) && !defined(WOLFSSL_RISCV_ASM)
 /*
 This local function operates on a message with a given number of bytes
 with a given ctx pointer to a Poly1305 structure.
@@ -332,8 +341,22 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m,
     word32 r0,r1,r2,r3,r4;
     word32 s1,s2,s3,s4;
     word32 h0,h1,h2,h3,h4;
-    word64 d0,d1,d2,d3,d4;
     word32 c;
+#ifdef WOLFSSL_W64_WRAPPER
+    #ifdef WOLFSSL_SMALL_STACK
+    w64wrapper* d;
+
+    d = (w64wrapper*)XMALLOC(5 * sizeof(w64wrapper), NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (d == NULL) {
+        return MEMORY_E;
+    }
+    #else
+    w64wrapper d[5];
+    #endif
+#else
+    word64 d0,d1,d2,d3,d4;
+#endif
 
 
     r0 = ctx->r[0];
@@ -362,6 +385,41 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         h4 += (U8TO32(m+12) >> 8) | hibit;
 
         /* h *= r */
+#ifdef WOLFSSL_W64_WRAPPER
+        {
+            w64wrapper tmp;
+
+            d[0] = w64Mul(h0, r0); tmp = w64Mul(h1, s4);
+            d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h2, s3);
+            d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h3, s2);
+            d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h4, s1);
+            d[0] = w64Add(d[0], tmp, NULL);
+
+            d[1] = w64Mul(h0, r1); tmp = w64Mul(h1, r0);
+            d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h2, s4);
+            d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h3, s3);
+            d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h4, s2);
+            d[1] = w64Add(d[1], tmp, NULL);
+
+            d[2] = w64Mul(h0, r2); tmp = w64Mul(h1, r1);
+            d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h2, r0);
+            d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h3, s4);
+            d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h4, s3);
+            d[2] = w64Add(d[2], tmp, NULL);
+
+            d[3] = w64Mul(h0, r3); tmp = w64Mul(h1, r2);
+            d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h2, r1);
+            d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h3, r0);
+            d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h4, s4);
+            d[3] = w64Add(d[3], tmp, NULL);
+
+            d[4] = w64Mul(h0, r4); tmp = w64Mul(h1, r3);
+            d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h2, r2);
+            d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h3, r1);
+            d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h4, r0);
+            d[4] = w64Add(d[4], tmp, NULL);
+        }
+#else
         d0 = ((word64)h0 * r0) + ((word64)h1 * s4) + ((word64)h2 * s3) +
              ((word64)h3 * s2) + ((word64)h4 * s1);
         d1 = ((word64)h0 * r1) + ((word64)h1 * r0) + ((word64)h2 * s4) +
@@ -372,13 +430,31 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m,
              ((word64)h3 * r0) + ((word64)h4 * s4);
         d4 = ((word64)h0 * r4) + ((word64)h1 * r3) + ((word64)h2 * r2) +
              ((word64)h3 * r1) + ((word64)h4 * r0);
+#endif
 
         /* (partial) h %= p */
+#ifdef WOLFSSL_W64_WRAPPER
+        c = w64GetLow32(w64ShiftRight(d[0], 26));
+        h0 = w64GetLow32(d[0]) & 0x3ffffff;
+        d[1] = w64Add32(d[1], c, NULL);
+        c = w64GetLow32(w64ShiftRight(d[1], 26));
+        h1 = w64GetLow32(d[1]) & 0x3ffffff;
+        d[2] = w64Add32(d[2], c, NULL);
+        c = w64GetLow32(w64ShiftRight(d[2], 26));
+        h2 = w64GetLow32(d[2]) & 0x3ffffff;
+        d[3] = w64Add32(d[3], c, NULL);
+        c = w64GetLow32(w64ShiftRight(d[3], 26));
+        h3 = w64GetLow32(d[3]) & 0x3ffffff;
+        d[4] = w64Add32(d[4], c, NULL);
+        c = w64GetLow32(w64ShiftRight(d[4], 26));
+        h4 = w64GetLow32(d[4]) & 0x3ffffff;
+#else
                       c = (word32)(d0 >> 26); h0 = (word32)d0 & 0x3ffffff;
         d1 += c;      c = (word32)(d1 >> 26); h1 = (word32)d1 & 0x3ffffff;
         d2 += c;      c = (word32)(d2 >> 26); h2 = (word32)d2 & 0x3ffffff;
         d3 += c;      c = (word32)(d3 >> 26); h3 = (word32)d3 & 0x3ffffff;
         d4 += c;      c = (word32)(d4 >> 26); h4 = (word32)d4 & 0x3ffffff;
+#endif
         h0 += c * 5;  c =  (h0 >> 26); h0 =                h0 & 0x3ffffff;
         h1 += c;
 
@@ -392,6 +468,10 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m,
     ctx->h[3] = h3;
     ctx->h[4] = h4;
 
+#if defined(WOLFSSL_W64_WRAPPER) && defined(WOLFSSL_SMALL_STACK)
+    XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
     return 0;
 
 #endif /* end of 64 bit cpu blocks or 32 bit cpu */
@@ -413,9 +493,7 @@ static int poly1305_block(Poly1305* ctx, const unsigned char *m)
     return poly1305_blocks(ctx, m, POLY1305_BLOCK_SIZE);
 #endif
 }
-#endif /* !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) */
 
-#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__)
 int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
 {
 #if defined(POLY130564) && !defined(USE_INTEL_POLY1305_SPEEDUP)
@@ -517,7 +595,11 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
 
     word32 h0,h1,h2,h3,h4,c;
     word32 g0,g1,g2,g3,g4;
+#ifdef WOLFSSL_W64_WRAPPER
+    w64wrapper f;
+#else
     word64 f;
+#endif
     word32 mask;
 
 #endif
@@ -656,10 +738,31 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
     h3 = ((h3 >> 18) | (h4 <<  8)) & 0xffffffff;
 
     /* mac = (h + pad) % (2^128) */
+#ifdef WOLFSSL_W64_WRAPPER
+    f = w64From32(0, h0);
+    f = w64Add32(f, ctx->pad[0], NULL);
+    h0 = w64GetLow32(f);
+
+    f = w64ShiftRight(f, 32);
+    f = w64Add32(f, h1, NULL);
+    f = w64Add32(f, ctx->pad[1], NULL);
+    h1 = w64GetLow32(f);
+
+    f = w64ShiftRight(f, 32);
+    f = w64Add32(f, h2, NULL);
+    f = w64Add32(f, ctx->pad[2], NULL);
+    h2 = w64GetLow32(f);
+
+    f = w64ShiftRight(f, 32);
+    f = w64Add32(f, h3, NULL);
+    f = w64Add32(f, ctx->pad[3], NULL);
+    h3 = w64GetLow32(f);
+#else
     f = (word64)h0 + ctx->pad[0]            ; h0 = (word32)f;
     f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word32)f;
     f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word32)f;
     f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word32)f;
+#endif
 
     U32TO8(mac + 0, h0);
     U32TO8(mac + 4, h1);
@@ -686,7 +789,8 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
 
     return 0;
 }
-#endif /* !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) */
+#endif /* (!WOLFSSL_ARMASM || (!__aarch64__ && !__thumb__)) &&
+        * !WOLFSSL_RISCV_ASM */
 
 
 int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
@@ -781,7 +885,8 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
         /* process full blocks */
         if (bytes >= POLY1305_BLOCK_SIZE) {
             size_t want = ((size_t)bytes & ~((size_t)POLY1305_BLOCK_SIZE - 1));
-#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__)
+#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
+    !defined(__thumb__))) && !defined(WOLFSSL_RISCV_ASM)
             int ret;
             ret = poly1305_blocks(ctx, m, want);
             if (ret != 0)
diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md
index 40114f9fd9..b2f9d60f58 100644
--- a/wolfcrypt/src/port/Espressif/README.md
+++ b/wolfcrypt/src/port/Espressif/README.md
@@ -160,10 +160,10 @@ ECDSA    256 sign            4 ops took 1.101 sec, avg 275.250 ms, 3.633 ops/sec
 ECDSA    256 verify          2 ops took 1.092 sec, avg 546.000 ms, 1.832 ops/sec
 ```
 
-Condition  :  
-- Model    : ESP32-WROOM-32  
-- CPU Speed: 240Mhz  
-- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)  
+Condition  :
+- Model    : ESP32-WROOM-32
+- CPU Speed: 240Mhz
+- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)
 - OS       : Ubuntu 18.04.1 LTS (Bionic Beaver)
 
 ## Support
diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c
index bef77b09e4..ad371c7603 100644
--- a/wolfcrypt/src/port/Espressif/esp32_sha.c
+++ b/wolfcrypt/src/port/Espressif/esp32_sha.c
@@ -135,7 +135,11 @@ static const char* TAG = "wolf_hw_sha";
 #endif
 
     static uintptr_t mutex_ctx_owner = NULLPTR;
+
+#if (defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)) \
+    || defined(WOLFSSL_DEBUG_MUTEX)
     static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED;
+#endif
 
 #if defined(ESP_MONITOR_HW_TASK_LOCK)
     #ifdef SINGLE_THREADED
@@ -506,7 +510,7 @@ int esp_sha224_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst)
     dst->ctx.initializer = (uintptr_t)&dst->ctx;
     #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
     {
-        /* not HW mode for copy, so we are not interested in task owner: */
+        /* Not HW mode for copy, so we are not interested in task owner: */
         dst->ctx.task_owner = 0;
     }
     #endif
@@ -985,8 +989,10 @@ int esp_sha_hw_in_use()
 */
 uintptr_t esp_sha_hw_islocked(WC_ESP32SHA* ctx)
 {
-    TaskHandle_t mutexHolder;
     uintptr_t ret = 0;
+    #ifndef SINGLE_THREADED
+        TaskHandle_t mutexHolder;
+    #endif
     CTX_STACK_CHECK(ctx);
 
 #ifdef WOLFSSL_DEBUG_MUTEX
@@ -1132,7 +1138,9 @@ uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx)
         ESP_LOGW(TAG, "esp_sha_release_unfinished_lock mode = %d", ctx->mode);
 #endif
         if (ctx->mode == ESP32_SHA_HW) {
+#if defined(DEBUG_WOLFSSL_ESP32_UNFINISHED_HW)
             ESP_LOGW(TAG, "esp_sha_release_unfinished_lock HW!");
+#endif
         }
     }
     return ret;
diff --git a/wolfcrypt/src/port/Espressif/esp32_util.c b/wolfcrypt/src/port/Espressif/esp32_util.c
index 793554a4a8..d5d77edde8 100644
--- a/wolfcrypt/src/port/Espressif/esp32_util.c
+++ b/wolfcrypt/src/port/Espressif/esp32_util.c
@@ -98,21 +98,44 @@ int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex) {
 }
 
 /*
- * call the ESP-IDF mutex lock; xSemaphoreTake
+ * Call the ESP-IDF mutex lock; xSemaphoreTake
  * this is a general mutex locker, used for different mutex objects for
  * different HW acclerators or other single-use HW features.
+ *
+ * We should already have known if the resource is in use or not.
+ *
+ * Return 0 (ESP_OK) on success, otherwise BAD_MUTEX_E
  */
 int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) {
+    int ret;
     if (mutex == NULL) {
         WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex");
         return BAD_MUTEX_E;
     }
 
 #ifdef SINGLE_THREADED
-    return wc_LockMutex(mutex); /* xSemaphoreTake take with portMAX_DELAY */
+    /* does nothing in single thread mode, always return 0 */
+    ret = wc_LockMutex(mutex);
 #else
-    return ((xSemaphoreTake(*mutex, block_time) == pdTRUE) ? 0 : BAD_MUTEX_E);
+    ret = xSemaphoreTake(*mutex, block_time);
+    ESP_LOGV(TAG, "xSemaphoreTake 0x%x = %d", (intptr_t)*mutex, ret);
+    if (ret == pdTRUE) {
+        ret = ESP_OK;
+    }
+    else {
+        if (ret == pdFALSE) {
+            ESP_LOGW(TAG, "xSemaphoreTake failed for 0x%x. Still busy?",
+                           (intptr_t)*mutex);
+            ret = ESP_ERR_NOT_FINISHED;
+        }
+        else {
+            ESP_LOGE(TAG, "xSemaphoreTake 0x%x unexpected = %d",
+                           (intptr_t)*mutex, ret);
+            ret = BAD_MUTEX_E;
+        }
+    }
 #endif
+    return ret;
 }
 
 /*
@@ -120,17 +143,36 @@ int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) {
  *
  */
 esp_err_t esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) {
+    int ret = pdTRUE;
     if (mutex == NULL) {
         WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex");
         return BAD_MUTEX_E;
     }
 
 #ifdef SINGLE_THREADED
-    return wc_UnLockMutex(mutex);
+    ret = wc_UnLockMutex(mutex);
 #else
-    xSemaphoreGive(*mutex);
-    return ESP_OK;
+    ESP_LOGV(TAG, ">> xSemaphoreGive 0x%x", (intptr_t)*mutex);
+    TaskHandle_t mutexHolder = xSemaphoreGetMutexHolder(*mutex);
+
+    if (mutexHolder == NULL) {
+        ESP_LOGW(TAG, "esp_CryptHwMutexUnLock with no lock owner 0x%x",
+                        (intptr_t)*mutex);
+        ret = ESP_OK;
+    }
+    else {
+        ret = xSemaphoreGive(*mutex);
+        if (ret == pdTRUE) {
+            ESP_LOGV(TAG, "Success: give mutex 0x%x", (intptr_t)*mutex);
+            ret = ESP_OK;
+        }
+        else {
+            ESP_LOGV(TAG, "Failed: give mutex 0x%x", (intptr_t)*mutex);
+            ret = ESP_FAIL;
+        }
+    }
 #endif
+    return ret;
 }
 #endif /* WOLFSSL_ESP32_CRYPT, etc. */
 
@@ -168,6 +210,7 @@ static int ShowExtendedSystemInfo_platform_espressif(void)
 
     WOLFSSL_VERSION_PRINTF("Xthal_have_ccount: %u",
                            Xthal_have_ccount);
+#endif
 
     /* this is the legacy stack size */
 #if defined(CONFIG_MAIN_TASK_STACK_SIZE)
@@ -205,24 +248,35 @@ static int ShowExtendedSystemInfo_platform_espressif(void)
 
 #endif
 
-#elif CONFIG_IDF_TARGET_ESP32S2
-    WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u",
+/* Platform-specific attributes of interest*/
+#if CONFIG_IDF_TARGET_ESP32
+    #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
+        WOLFSSL_VERSION_PRINTF("CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: %u MHz",
+                               CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ);
+    #endif
+    WOLFSSL_VERSION_PRINTF("Xthal_have_ccount: %u",
                            Xthal_have_ccount);
-#elif CONFIG_IDF_TARGET_ESP32C6
-  /* TODO find Xthal for C6 */
+
 #elif CONFIG_IDF_TARGET_ESP32C2
-  /* TODO find Xthal for C6 */
-#elif defined(CONFIG_IDF_TARGET_ESP8684)
-  /* TODO find Xthal for C6 */
+    /* TODO find Xthal for C2 */
 #elif CONFIG_IDF_TARGET_ESP32C3
     /* not supported at this time */
-#elif CONFIG_IDF_TARGET_ESP32S3
-    WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u",
-                           Xthal_have_ccount);
+#elif CONFIG_IDF_TARGET_ESP32C6
+    /* TODO find Xthal for C6 */
 #elif CONFIG_IDF_TARGET_ESP32H2
-    /* not supported at this time */
-#elif CONFIG_IDF_TARGET_ESP32C2
-    /* not supported at this time */
+    /* TODO find Xthal for H2 */
+#elif CONFIG_IDF_TARGET_ESP32S2
+    ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz",
+                   CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
+             );
+    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
+#elif CONFIG_IDF_TARGET_ESP32S3
+    ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
+                   CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
+             );
+    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /* TODO find Xthal for ESP8684 */
 #else
     /* not supported at this time */
 #endif
@@ -438,6 +492,7 @@ esp_err_t ShowExtendedSystemInfo_config(void)
 {
     esp_ShowMacroStatus_need_header = 1;
 
+    show_macro("NO_ESP32_CRYPT",            STR_IFNDEF(NO_ESP32_CRYPT));
     show_macro("NO_ESPIDF_DEFAULT",         STR_IFNDEF(NO_ESPIDF_DEFAULT));
 
     show_macro("HW_MATH_ENABLED",           STR_IFNDEF(HW_MATH_ENABLED));
@@ -562,11 +617,11 @@ int ShowExtendedSystemInfo(void)
 
 #if defined(WOLFSSL_MULTI_INSTALL_WARNING)
     /* CMake may have detected undesired multiple installs, so give warning. */
-    WOLFSSL_VERSION_PRINTF("");
+    WOLFSSL_VERSION_PRINTF(WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
     WOLFSSL_VERSION_PRINTF("WARNING: Multiple wolfSSL installs found.");
     WOLFSSL_VERSION_PRINTF("Check ESP-IDF components and "
                            "local project [components] directory.");
-    WOLFSSL_VERSION_PRINTF("");
+    WOLFSSL_VERSION_PRINTF(WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 #else
     #ifdef WOLFSSL_USER_SETTINGS_DIR
     {
@@ -737,14 +792,11 @@ esp_err_t esp_EnabledWatchdog(void)
                       ESP_IDF_VERSION_MAJOR);
     #endif
 #endif
-
-#ifdef DEBUG_WOLFSSL
-    ESP_LOGI(TAG, "Watchdog enabled.");
-#endif
-
     return ret;
 }
 
+
+
 /* Print a MATH_INT_T attribute list.
  *
  * Note with the right string parameters, the result can be pasted as
@@ -904,4 +956,49 @@ esp_err_t esp_hw_show_metrics(void)
     return ESP_OK;
 }
 
+int show_binary(byte* theVar, size_t dataSz) {
+    printf("*****************************************************\n");
+    word32 i;
+    for (i = 0; i < dataSz; i++)
+        printf("%02X", theVar[i]);
+    printf("\n");
+    printf("******************************************************\n");
+    return 0;
+}
+
+int hexToBinary(byte* toVar, const char* fromHexString, size_t szHexString ) {
+    int ret = 0;
+    /* Calculate the actual binary length of the hex string */
+    size_t byteLen = szHexString / 2;
+
+    if (toVar == NULL || fromHexString == NULL) {
+        ESP_LOGE("ssh", " error");
+        return -1;
+    }
+    if ((szHexString % 2 != 0)) {
+        ESP_LOGE("ssh", "fromHexString length not even!");
+    }
+
+    ESP_LOGW(TAG, "Replacing %d bytes at %x", byteLen, (word32)toVar);
+    memset(toVar, 0, byteLen);
+    /* Iterate through the hex string and convert to binary */
+    for (size_t i = 0; i < szHexString; i += 2) {
+        /* Convert hex character to decimal */
+        int decimalValue;
+        sscanf(&fromHexString[i], "%2x", &decimalValue);
+        size_t index = i / 2;
+#if (0)
+        /* Optionall peek at new values */
+        byte new_val =  (decimalValue & 0x0F) << ((i % 2) * 4);
+        ESP_LOGI("hex", "Current char = %d", toVar[index]);
+        ESP_LOGI("hex", "New val = %d", decimalValue);
+#endif
+        toVar[index]  = decimalValue;
+    }
+
+    return ret;
+}
+
+
+
 #endif /* WOLFSSL_ESPIDF */
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
index 8c5cd37082..7cea73bda6 100644
--- a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
@@ -161,7 +161,7 @@ static const char* sdk_memory_segment_text[SDK_MEMORY_SEGMENT_COUNT + 1] = {
 int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end)
 {
     const char* str;
-    int len = 0;
+    word32 len = 0;
     str = sdk_memory_segment_text[m];
     sdk_memory_segment_start[m] = start;
     sdk_memory_segment_end[m] = end;
@@ -173,7 +173,7 @@ int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end)
         ESP_LOGI(TAG, "                  Start         End          Length");
     }
     else {
-        len = (uint32_t)end - (uint32_t)start;
+        len = (word32)end - (word32)start;
         ESP_LOGI(TAG, "%s: %p ~ %p : 0x%05x (%d)", str, start, end, len, len );
     }
     return ESP_OK;
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
index 1ef8de408b..c4bed901fc 100644
--- a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
@@ -23,14 +23,19 @@
     #include <config.h>
 #endif
 
-/* Reminder: user_settings.h is needed and included from settings.h
- * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */
-#include <wolfssl/wolfcrypt/settings.h>
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+#endif
+
 
 #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
+#include "sdkconfig.h" /* programmatically generated from sdkconfig */
+
 #if defined(USE_WOLFSSL_ESP_SDK_TIME)
 /* Espressif */
-#include "sdkconfig.h" /* programmatically generated from sdkconfig */
 #include <esp_log.h>
 #include <esp_err.h>
 
@@ -145,11 +150,11 @@ int set_fixed_default_time(void)
      * but let's set a default time, just in case */
     struct tm timeinfo = {
         .tm_year = 2024 - 1900,
-        .tm_mon  = 1,
-        .tm_mday = 05,
+        .tm_mon  =  9 - 1, /* Month, where 0 = Jan */
+        .tm_mday =  3 ,    /* Day of the month 30  */
         .tm_hour = 13,
-        .tm_min  = 01,
-        .tm_sec  = 05
+        .tm_min  =  1,
+        .tm_sec  =  5
     };
     struct timeval now;
     time_t interim_time;
diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c
index 4ccc075b15..6924b31ebf 100644
--- a/wolfcrypt/src/port/Renesas/renesas_common.c
+++ b/wolfcrypt/src/port/Renesas/renesas_common.c
@@ -1,6 +1,6 @@
 /* renesas_common.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,39 +19,50 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if defined(WOLFSSL_RENESAS_FSPSM_TLS) \
-    || defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) \
-    || defined(WOLFSSL_RENESAS_TSIP_TLS) \
-    || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+    defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
+    defined(WOLFSSL_RENESAS_TSIP_TLS) || \
+    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
 #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
     defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
-  #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
-  #define cmn_hw_lock    wc_fspsm_hw_lock
-  #define cmn_hw_unlock  wc_fspsm_hw_unlock
+
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
+    #define cmn_hw_lock    wc_fspsm_hw_lock
+    #define cmn_hw_unlock  wc_fspsm_hw_unlock
+
 #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
-    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-  #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
-  #define cmn_hw_lock    tsip_hw_lock
-  #define cmn_hw_unlock  tsip_hw_unlock
+      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
-  #define FSPSM_ST       TsipUserCtx;
-  #define MAX_FSPSM_CBINDEX 5
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+    #define cmn_hw_lock    tsip_hw_lock
+    #define cmn_hw_unlock  tsip_hw_unlock
+
+    #define FSPSM_ST       TsipUserCtx;
+    #define MAX_FSPSM_CBINDEX 5
 #endif
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/asn.h>
+#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
 #include <wolfssl/internal.h>
+#endif
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/port/renesas/renesas_cmn.h>
+#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
+
+#define INITIAL_DEVID 7890
 
 uint32_t   g_CAscm_Idx = (uint32_t)-1; /* index of CM table    */
-static int gdevId = 7890;           /* initial dev Id for Crypt Callback */
+static int gdevId = INITIAL_DEVID;     /* initial dev Id for Crypt Callback */
 
 #ifdef WOLF_CRYPTO_CB
 /* store callback ctx by devId */
@@ -59,7 +70,7 @@ static int gdevId = 7890;           /* initial dev Id for Crypt Callback */
     defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
 FSPSM_ST    *gCbCtx[MAX_FSPSM_CBINDEX];
 #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
-            defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 #define FSPSM_ST       TsipUserCtx;
 #define MAX_FSPSM_CBINDEX 5
 TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX];
@@ -68,7 +79,7 @@ TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX];
 #include <wolfssl/wolfcrypt/cryptocb.h>
 
 
-WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl)
+WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl)
 {
     int ret = 0;
     WOLFSSL_ENTER("Renesas_cmn_Cleanup");
@@ -111,11 +122,9 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl,
     int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     WOLFSSL_ENTER("Renesas_cmn_RsaSignCheckCb");
 
-    #if defined(WOLFSSL_RENESAS_TSIP)
-
-    return tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx);
-
-    #endif /* WOLFSSL_RENESAS_TSIP */
+#if defined(WOLFSSL_RENESAS_TSIP)
+    ret = tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx);
+#endif /* WOLFSSL_RENESAS_TSIP */
 
     WOLFSSL_LEAVE("Renesas_cmn_RsaSignCheckCb", ret);
     return ret;
@@ -151,29 +160,31 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 
     WOLFSSL_ENTER("Renesas_cmn_CryptoDevCb");
 
-#if defined(WOLFSSL_RENESAS_TSIP_TLS) \
-    || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-    TsipUserCtx*      cbInfo = (TsipUserCtx*)ctx;
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
+    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+    TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
 #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
-        defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+      defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
     FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
 #endif
 
     if (info == NULL || ctx == NULL)
         return BAD_FUNC_ARG;
 
-#ifdef DEBUG_WOLFSSL
+#if defined(DEBUG_WOLFSSL)
     printf("CryptoDevCb: Algo Type %d session key set: %d\n",
                                     info->algo_type, cbInfo->session_key_set);
 #endif
+#if defined(DEBUG_CRYPTOCB)
+    wc_CryptoCb_InfoString(info);
+#endif
 
-#if defined(WOLFSSL_RENESAS_TSIP) \
-    || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+#if defined(WOLFSSL_RENESAS_TSIP) || \
+    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
     ret = CRYPTOCB_UNAVAILABLE;
 
     if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
-
-    #if !defined(NO_AES) || !defined(NO_DES3)
+    #if !defined(NO_AES)
     #ifdef HAVE_AESGCM
         if (info->cipher.type == WC_CIPHER_AES_GCM
         #ifdef WOLFSSL_RENESAS_TSIP_TLS
@@ -236,44 +247,51 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
             }
         }
     #endif /* HAVE_AES_CBC */
-    #endif /* !NO_AES || !NO_DES3 */
+    #endif /* !NO_AES */
     }
-    #if defined(WOLFSSL_KEY_GEN)
-    if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
-            (info->pk.rsakg.size == 1024 ||
-            info->pk.rsakg.size == 2048)) {
-        ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
-    }
-  #endif
 
-    /* Is called for signing
-     * Can handle only RSA PkCS#1v1.5 padding scheme here.
-    */
     if (info->algo_type == WC_ALGO_TYPE_PK) {
-        #if !defined(NO_RSA)
-        if (info->pk.type == WC_PK_TYPE_RSA) {
-            if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
-                ret = tsip_SignRsaPkcs(info, ctx);
-            }
-            #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-            else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
-                    ret = wc_tsip_RsaVerifyPkcs(info, ctx);
-            }
-            #endif
+    #if !defined(NO_RSA)
+        #if defined(WOLFSSL_KEY_GEN)
+        if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
+            (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
+            ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
+        }
+        #endif
+
+        /* RSA Signing
+         * Can handle only RSA PkCS#1v1.5 padding scheme here.
+         */
+        if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
+            ret = tsip_SignRsaPkcs(info, cbInfo);
+        }
+        #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+        /* RSA Verify */
+        if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
+            ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
+        }
+        #endif
+    #endif /* !NO_RSA */
+
+    #if defined(HAVE_ECC)
+        #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+        if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
+            ret = tsip_SignEcdsa(info, cbInfo);
         }
-        #endif /* NO_RSA */
-        #if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS)
-        else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
-            ret = tsip_SignEcdsa(info, ctx);
+        #endif
+        #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+        if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
+            ret = tsip_VerifyEcdsa(info, cbInfo);
         }
-        #endif /* HAVE_ECC */
+        #endif
+    #endif /* HAVE_ECC */
     }
-#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
-        defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
 
-    if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
+#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+      defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
 
-    #if !defined(NO_AES) || !defined(NO_DES3)
+    if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
+    #if !defined(NO_AES)
     #ifdef HAVE_AESGCM
         if (info->cipher.type == WC_CIPHER_AES_GCM) {
 
@@ -342,20 +360,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                 }
         }
     #endif /* HAVE_AES_CBC */
-    #endif /* !NO_AES || !NO_DES3 */
+    #endif /* !NO_AES */
     }
-    #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
-    else if (info->algo_type == WC_ALGO_TYPE_PK) {
 
-       #if !defined(NO_RSA)
-       #if defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+    else if (info->algo_type == WC_ALGO_TYPE_PK) {
+    #if defined(WOLFSSL_KEY_GEN)
         if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
             (info->pk.rsakg.size == 1024 ||
              info->pk.rsakg.size == 2048)) {
             ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key,
                     info->pk.rsakg.size, (void*)ctx);
         }
-       #endif
+    #endif
         if (info->pk.type == WC_PK_TYPE_RSA) {
             /* to perform RSA on SCE, wrapped keys should be installed
              * in advance. SCE supports 1024 or 2048 bits key size.
@@ -406,9 +423,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                     "RSA operation falls through to SW operation.");
             }
         }
-       #endif /* NO_RSA && WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
     }
-    #endif /* NO_RSA */
+    #endif /* !NO_RSA */
 #endif /* TSIP or SCE */
 
     (void)devIdArg;
@@ -424,17 +440,20 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
  * session_key_generated : if session key has been generated
  * return  1 for usable, 0 for unusable
  */
-int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
+int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated)
 {
-    int ret;
+    int ret = 0;
 
     #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         ret = tsip_usable(ssl, session_key_generated);
     #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
-            defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+          defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
         ret = wc_fspsm_usable(ssl, session_key_generated);
     #endif
 
+    (void)ssl;
+    (void)session_key_generated;
+
     return ret;
 }
 
@@ -447,8 +466,8 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
  */
 WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)
 {
-    if (devId >= 7890 && devId <= (MAX_FSPSM_CBINDEX + 7890))
-        return gCbCtx[devId - 7890];
+    if (devId >= INITIAL_DEVID && devId <= (MAX_FSPSM_CBINDEX + INITIAL_DEVID))
+        return gCbCtx[devId - INITIAL_DEVID];
     else
         return NULL;
 }
@@ -462,13 +481,13 @@ WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)
  *         device Id starts from 7890, and increases + 1 its number
  *         when the method is successfully called.
  */
-int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
+int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
 {
     (void)ssl;
     (void)ctx;
 
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) \
-    || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+ #if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
+     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
     TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
  #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
        defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
@@ -476,18 +495,21 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
  #endif
 
     if (cbInfo == NULL
-   #if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) &&\
+   #if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
         !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
-       !defined(HAVE_RENESAS_SYNC)
-        || ssl == NULL) {
-   #else
-     ) {
+        !defined(HAVE_RENESAS_SYNC)
+        || ssl == NULL
    #endif
-        printf("Invalid devId\n");
+    ) {
+        WOLFSSL_MSG("Invalid devId\n");
         return INVALID_DEVID;
     }
     /* need exclusive control because of static variable */
     if ((cmn_hw_lock()) == 0) {
+        /* sanity check for overflow */
+        if (gdevId < 0) {
+            gdevId = INITIAL_DEVID;
+        }
         cbInfo->devId = gdevId++;
         cmn_hw_unlock();
     }
@@ -509,12 +531,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
     if (ssl)
         wolfSSL_SetDevId(ssl, cbInfo->devId);
    #endif
-    /* sanity check for overflow */
-    if (gdevId < 0) {
-        gdevId = 7890;
-    }
 
-    gCbCtx[cbInfo->devId - 7890] = (void*)cbInfo;
+    gCbCtx[cbInfo->devId - INITIAL_DEVID] = (void*)cbInfo;
 
     return cbInfo->devId;
 }
@@ -532,8 +550,8 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id)
 }
 
 #endif /* WOLF_CRYPTO_CB */
-#endif /* WOLFSSL_RENESAS_FSPSM_TLS|| WOLFSSL_RENESAS_FSPSM_CRYPTONLY
-          WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+#endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY
+          WOLFSSL_RENESAS_TSIP_TLS  || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
 
 #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
 
@@ -805,7 +823,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
     WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
     if (Renesas_cmn_usable(ssl, 0)) {
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-        ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, cbInfo->devId);
+        ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId);
 #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
         ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId);
 #endif
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
index 37a2bedeaf..0028786c57 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
index bba843ed02..3ea643892d 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_sha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -100,10 +100,8 @@ static void FSPSM_HashFree(wolfssl_FSPSM_Hash* hash)
         return;
 
 #if defined(WOLFSSL_RENESAS_SCEPROTECT)
-    if (hash->msg != NULL) {
-        XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        hash->msg = NULL;
-    }
+    XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    hash->msg = NULL;
 #endif
 
 }
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
index f0d19e758e..e3f1547bec 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_util.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,8 +18,12 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#include <wolfssl/wolfcrypt/types.h>
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/types.h>
 
 #if defined(WOLFSSL_RENESAS_RSIP) || \
     defined(WOLFSSL_RENESAS_SCEPROTECT)
@@ -367,8 +371,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
 
     ret = fspsm_ServerKeyExVerify(2, ssl, sigforSCE, 64, ctx);
 
-    if (sigforSCE)
-        XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
+    XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
 
     if (ret == WOLFSSL_SUCCESS) {
         *result = 1;
@@ -854,10 +857,8 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
             cbInfo->keyflgs_tls.bits.session_key_set = 1;
         }
 
-        if (key_client_aes)
-            XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES);
-        if (key_server_aes)
-            XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES);
+        XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES);
+        XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES);
 
         /* unlock hw */
         wc_fspsm_hw_unlock();
@@ -1070,9 +1071,7 @@ WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
         if (ret != FSP_SUCCESS) {
             WOLFSSL_MSG(" R_XXX_TlsCertificateVerification() failed");
         }
-        if (sigforSCE) {
-          XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
-        }
+        XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
         wc_fspsm_hw_unlock();
     }
     else {
diff --git a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c
index 170ebb5e42..caee3c2a3e 100644
--- a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c
@@ -2,7 +2,7 @@
  *
  * Contributed by Johnson Controls Tyco IP Holdings LLP.
  *
- * Use of this Software is subject to the GPLv2 License
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -13,7 +13,7 @@
  *
  * wolfSSL is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
@@ -159,10 +159,8 @@ static void RX64_HashFree(wolfssl_RX64_HW_Hash* hash)
     if (hash == NULL)
         return;
 
-    if (hash->msg != NULL) {
-        XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        hash->msg = NULL;
-    }
+    XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    hash->msg = NULL;
 }
 
 /**
diff --git a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c
index 2d995d99f4..72505868e2 100644
--- a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c
@@ -2,7 +2,7 @@
  *
  * Contributed by Johnson Controls Tyco IP Holdings LLP.
  *
- * Use of this Software is subject to the GPLv2 License
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -13,7 +13,7 @@
  *
  * wolfSSL is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
index ecdf977e57..dc9bcd5f30 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
@@ -1,6 +1,6 @@
 /* renesas_tsip_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
index 1da7869ebc..13db2dba12 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
@@ -1,6 +1,6 @@
 /* renesas_sce_rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,7 @@
 #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
 
 #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
-/* Make Rsa key for TSIP and set it to callback ctx
+/* Make RSA key for TSIP and set it to callback ctx
  * Assumes to be called by Crypt Callback
  *
  * size   desired keylenth, in bits. supports 1024 or 2048 bits
@@ -59,6 +59,11 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
+    if (size != 1024 && size != 2048) {
+        WOLFSSL_MSG("Failed to generate key pair by TSIP");
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
     if ((ret = tsip_hw_lock()) == 0) {
         if (size == 1024) {
             tsip_pair1024_key =
@@ -80,26 +85,18 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
 
             ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key);
         }
-        else
-            return CRYPTOCB_UNAVAILABLE;
 
         if (ret == TSIP_SUCCESS) {
             if (size == 1024) {
-                if (info->rsa1024pri_keyIdx != NULL) {
-                    XFREE(info->rsa1024pri_keyIdx, NULL,
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                if (info->rsa1024pub_keyIdx != NULL) {
-                    XFREE(info->rsa1024pub_keyIdx, NULL,
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-                }
+                XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                 info->rsa1024pri_keyIdx =
                 (tsip_rsa1024_private_key_index_t*)XMALLOC(
                     sizeof(tsip_rsa1024_private_key_index_t), NULL,
                                                 DYNAMIC_TYPE_RSA_BUFFER);
 
                 if (info->rsa1024pri_keyIdx == NULL) {
-                    XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                     return MEMORY_E;
                 }
 
@@ -109,9 +106,8 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
                                                 DYNAMIC_TYPE_RSA_BUFFER);
 
                 if (info->rsa1024pub_keyIdx == NULL) {
-                    XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                    XFREE(info->rsa1024pri_keyIdx, 0,
-                                                DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                     return MEMORY_E;
                 }
                 /* copy generated key pair and free malloced key */
@@ -121,27 +117,21 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
                 XMEMCPY(info->rsa1024pub_keyIdx,
                                     &tsip_pair1024_key->public,
                                     sizeof(tsip_rsa1024_public_key_index_t));
-                XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
 
                 info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
                 info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
             }
             else if (size == 2048) {
-                if (info->rsa2048pri_keyIdx != NULL) {
-                    XFREE(info->rsa2048pri_keyIdx, NULL,
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                if (info->rsa2048pub_keyIdx != NULL) {
-                    XFREE(info->rsa2048pub_keyIdx, NULL,
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                }
+                XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                XFREE(info->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                 info->rsa2048pri_keyIdx =
                 (tsip_rsa2048_private_key_index_t*)XMALLOC(
                     sizeof(tsip_rsa2048_private_key_index_t), NULL,
                                     DYNAMIC_TYPE_RSA_BUFFER);
 
                 if (info->rsa2048pri_keyIdx == NULL) {
-                    XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                     return MEMORY_E;
                 }
 
@@ -151,11 +141,12 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
                                     DYNAMIC_TYPE_RSA_BUFFER);
 
                 if (info->rsa2048pub_keyIdx == NULL) {
-                    XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                    XFREE(info->rsa2048pri_keyIdx, 0,
+                    XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(info->rsa2048pri_keyIdx, NULL,
                                     DYNAMIC_TYPE_RSA_BUFFER);
                     return MEMORY_E;
                 }
+
                 /* copy generated key pair and free malloced key */
                 XMEMCPY(info->rsa2048pri_keyIdx,
                             &tsip_pair2048_key->private,
@@ -163,21 +154,17 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
                 XMEMCPY(info->rsa2048pub_keyIdx,
                             &tsip_pair2048_key->public,
                             sizeof(tsip_rsa2048_public_key_index_t));
-                XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
 
                 info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
                 info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
-
             }
         }
-        else {
-            WOLFSSL_MSG("Failed to generate key pair by TSIP");
-            return CRYPTOCB_UNAVAILABLE;
-        }
 
         tsip_hw_unlock();
     }
 
+
     return 0;
 }
 
@@ -199,21 +186,19 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
     int ret = 0;
     e_tsip_err_t    err = TSIP_SUCCESS;
     tsip_rsa_byte_data_t hashData, sigData;
-
     uint8_t  tsip_hash_type;
 
-
     /* sanity check */
     if (info == NULL || tuc == NULL){
         return BAD_FUNC_ARG;
     }
 
     if (ret == 0) {
-       if (tuc->sing_hash_type == md5_mac)
+       if (tuc->sign_hash_type == md5_mac)
            tsip_hash_type = R_TSIP_RSA_HASH_MD5;
-       else if (tuc->sing_hash_type == sha_mac)
+       else if (tuc->sign_hash_type == sha_mac)
            tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
-       else if (tuc->sing_hash_type == sha256_mac)
+       else if (tuc->sign_hash_type == sha256_mac)
            tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
        else
            ret = CRYPTOCB_UNAVAILABLE;
@@ -221,8 +206,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
     switch (tuc->wrappedKeyType) {
         case TSIP_KEY_TYPE_RSA1024:
-            if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1)
-            {
+            if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
                 ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
 
                 WOLFSSL_MSG("tsip rsa private key 1024 not set");
@@ -232,11 +216,10 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
             }
             break;
         case TSIP_KEY_TYPE_RSA2048:
-            if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1)
-            {
+            if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
                 ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
 
-                WOLFSSL_MSG("tsip rsa private key 1024 not set");
+                WOLFSSL_MSG("tsip rsa private key 2048 not set");
                 if (ret != 0)
                     ret = CRYPTOCB_UNAVAILABLE;
             }
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
index 38ddd7b3e1..7e67bd8bf1 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
@@ -1,6 +1,6 @@
 /* renesas_tsip_sha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,23 +18,25 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#include <string.h>
-#include <stdio.h>
 
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
+
+#if !defined(NO_SHA) || !defined(NO_SHA256)
+#include <string.h>
+#include <stdio.h>
+
 #include <wolfssl/internal.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
     #define WOLFSSL_MISC_INCLUDED
     #include <wolfcrypt/src/misc.c>
 #endif
-#if !defined(NO_SHA) || !defined(NO_SHA256)
-
-#include <wolfssl/wolfcrypt/logging.h>
 
 #if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
@@ -287,10 +289,8 @@ static void TSIPHashFree(wolfssl_TSIP_Hash* hash)
     if (hash == NULL)
         return;
 
-    if (hash->msg != NULL) {
-        XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        hash->msg = NULL;
-    }
+    XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    hash->msg = NULL;
 }
 
 static int TSIPHashInit(wolfssl_TSIP_Hash* hash, void* heap, int devId,
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
index 842ffb2bda..2746ed8d5d 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
@@ -1,6 +1,6 @@
 /* renesas_tsip_util.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,6 +18,11 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <wolfssl/wolfcrypt/settings.h>
 
 #if defined(WOLFSSL_RENESAS_TSIP)
@@ -34,11 +39,15 @@
     #define WOLFSSL_MISC_INCLUDED
     #include <wolfcrypt/src/misc.c>
 #endif
-#include <wolfssl/ssl.h>
-#include <wolfssl/internal.h>
-#include <wolfssl/error-ssl.h>
+
+#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+    #include <wolfssl/ssl.h>
+    #include <wolfssl/internal.h>
+    #include <wolfssl/error-ssl.h>
+#endif
 #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
 #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
+
 #include <stdio.h>
 
 #define TSIP_SIGNING_DATA_PREFIX_SZ     64
@@ -171,6 +180,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
     return ret;
 }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
 #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
 /* Set client encrypted public key data.
@@ -189,8 +199,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
 
     WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt");
 
-    if (uc == NULL
-    || keyBuf == NULL || keyBufLen == 0) {
+    if (uc == NULL || keyBuf == NULL || keyBufLen == 0) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -412,20 +421,16 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
         }
     }
 
-    if (ret != 0) {
-        if (kse->key != NULL)
-            XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-        if (kse->pubKey != NULL)
-            XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    if ((ret != 0) && (ret != CRYPTOCB_UNAVAILABLE)) {
+        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = NULL;
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
     }
     WOLFSSL_LEAVE("tsip_Tls13GenEccKeyPair", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
-
-
 
-#if defined(WOLFSSL_TLS13)
 /* generate shared secret(pre-master secret)
  * get peer's raw ECDHE public key from KeyShareEntry.
  * The pre-master secret generated by TSIP is stored into
@@ -514,11 +519,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
     WOLFSSL_LEAVE("tsip_Tls13GenSharedSecret", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
-
 
-
-#if defined(WOLFSSL_TLS13)
 WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
 {
     int ret = 0;
@@ -543,11 +544,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsip_Tls13DeriveEarlySecret", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
-
 
-
-#if defined(WOLFSSL_TLS13)
 /* derive handshake secret.
  * get pre-master secret stored in TsipUserCtx.sharedSecret13Idx.
  * Derived handshake secret is stored into TsipUserCtx.handshakeSecret13Idx
@@ -621,11 +618,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsip_Tls13DeriveHandshakeSecret", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
-
 
-
-#if defined(WOLFSSL_TLS13)
 static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
 {
     int ret = 0;
@@ -705,11 +698,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsipTls13DeriveClientHandshakeKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
-
 
-
-#if defined(WOLFSSL_TLS13)
 static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
 {
     int ret = 0;
@@ -789,11 +778,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsipTls13DeriveServerHandshakeKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
 {
     int ret = 0;
@@ -881,11 +866,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsipTls13DeriveTrafficKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
 {
     int ret     = 0;
@@ -953,11 +934,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsipTls13UpdateClientTrafficKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
 {
     int ret     = 0;
@@ -1025,11 +1002,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsipTls13UpdateServerTrafficKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 /* Derive the keys for TLS v1.3.
  *
  * ssl    The WOLFSSL object.
@@ -1124,11 +1097,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl,
     WOLFSSL_LEAVE("tsip_Tls13DeriveKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
-
 
-
-#if defined(WOLFSSL_TLS13)
 WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
 {
     int ret = 0;
@@ -1198,11 +1167,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsip_Tls13DeriveMasterSecret", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
-
 
-
-#if defined(WOLFSSL_TLS13)
 /* verify handshake
  * ssl     WOLFSSL object
  * hash    buffer holding decrypted finished message content from server.
@@ -1288,11 +1253,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
     WOLFSSL_LEAVE("tsipTls13VerifyHandshake", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
-
 
-
-#if defined(WOLFSSL_TLS13)
 /* handles finished message from server.
  * verify hmac in the message. Also output verify data to
  * TsipUserCtx.verifyDataIdx, which is used for deriving master secret.
@@ -1334,11 +1295,7 @@ WOLFSSL_LOCAL int tsip_Tls13HandleFinished(
     WOLFSSL_LEAVE("tsip_Tls13HandleFinished", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
-
-
 
-#if defined(WOLFSSL_TLS13)
 /* Build TLS v1.3 Message and make it encrypted with AEAD algorithm.
  * TSIP supports AES-GCM and AES-CCM.
  * ssl         The WOLFSSL object.
@@ -1434,11 +1391,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
     WOLFSSL_LEAVE("tsip_Tls13BuildMessage", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
-
-
 
-#if defined(WOLFSSL_TLS13)
 /* Send finished message to the server.
  *
  * ssl     WOLFSSL object
@@ -1501,9 +1454,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished(
     WOLFSSL_LEAVE("tsip_Tls13SendFinished", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-#if defined(WOLFSSL_TLS13)
 /* Parse and handle a TLS v1.3 CertificateVerify message sent from a server.
  *
  * ssl       WOLFSSL object
@@ -1644,9 +1595,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
     WOLFSSL_LEAVE("tsip_Tls13CertificateVerify", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-#if defined(WOLFSSL_TLS13)
 /* Send the TLS v1.3 CertificateVerify message. A part of the message is
  * processed by TSIP for acceleration.
  *
@@ -1740,7 +1689,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
             }
         }
         else {
-            if (!tuc->ClientEccP256PrivKey_set) {
+            if (!tuc->ClientEccPrivKey_set) {
                 ret = NO_PRIVATE_KEY;
             }
         }
@@ -1781,7 +1730,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
             }
             else {
                 err = R_TSIP_Tls13CertificateVerifyGenerate(
-                            (uint32_t*)&(tuc->EcdsaP256PrivateKeyIdx),
+                            (uint32_t*)&(tuc->EcdsaPrivateKeyIdx),
                             TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
                                                 hash,
                                                 message + HANDSHAKE_HEADER_SZ,
@@ -1817,7 +1766,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
         }
         else {
 #if defined(WOLFSSL_CHECK_SIG_FAULTS)
-            if (!tuc->ClientEccP256PubKey_set) {
+            if (!tuc->ClientEccPubKey_set) {
                 ret = NO_PRIVATE_KEY;
             }
 #endif /* WOLFSSL_CHECK_SIG_FAULTS */
@@ -1886,7 +1835,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 
                 err = R_TSIP_EcdsaP256SignatureVerification(
                             &ecdsa_sig, &ecdsa_hash,
-                            &tuc->EcdsaP256PublicKeyIdx);
+                            &tuc->EcdsaPublicKeyIdx);
                 WOLFSSL_MSG("Perform self-verify for ecc signature");
 #endif /* WOLFSSL_CHECK_SIG_FAULTS */
             }
@@ -1927,6 +1876,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 #endif /* WOLFSSL_TLS13 */
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
 
+
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
 
 static uint32_t GetTsipCipherSuite(
@@ -2072,7 +2022,7 @@ static int tsip_ServerKeyExVerify(
         WOLFSSL_MSG("Failed to lock tsip hw");
     }
 
-    XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(peerkey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
     return ret;
@@ -2145,7 +2095,7 @@ int wc_tsip_EccVerify(
         return CRYPTOCB_UNAVAILABLE;
     }
 
-    /* concatenate r and s parts of the signature so that TSIP can handle it*/
+    /* concatenate r and s parts of the signature so that TSIP can handle it */
     /* r */
     if (sig[offset] == 0x20) {
         XMEMCPY(sigforSCE, &sig[offset+1], rs_size);
@@ -2346,8 +2296,10 @@ static byte _tls2tsipdef(byte cipher)
  * The target key should be set with tsip_use_PrivateKey_buffer in advance.
  * Acceptable key types are:
  *   TSIP_KEY_TYPE_RSA2048     rsa 2048 bit key
- *   TSIP_KEY_TYPE_RSA4096     rsa 4096 bit key(Not supported as of now)
+ *   TSIP_KEY_TYPE_RSA3072     rsa 3072 bit key
+ *   TSIP_KEY_TYPE_RSA4096     rsa 4096 bit key
  *   TSIP_KEY_TYPE_ECDSAP256   ecdsa p256r1 key
+ *   TSIP_KEY_TYPE_ECDSAP384   ecdsa p384r1 key
  */
 static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
 {
@@ -2403,12 +2355,12 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
             #if defined(HAVE_ECC)
             case TSIP_KEY_TYPE_ECDSAP256:
 
-                tuc->ClientEccP256PrivKey_set = 0;
+                tuc->ClientEccPrivKey_set = 0;
                 err = R_TSIP_GenerateEccP256PrivateKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPrivKey,
-                                    &(tuc->EcdsaP256PrivateKeyIdx));
+                                    &(tuc->EcdsaPrivateKeyIdx));
                 if (err == TSIP_SUCCESS) {
-                    tuc->ClientEccP256PrivKey_set = 1;
+                    tuc->ClientEccPrivKey_set = 1;
                 }
                 else {
                     ret = WC_HW_E;
@@ -2436,8 +2388,10 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
  * The target key should be set with tsip_use_PublicKey_buffer in advance.
  * Acceptable key types are:
  *   TSIP_KEY_TYPE_RSA2048     rsa 2048 bit key
- *   TSIP_KEY_TYPE_RSA4096     rsa 4096 bit key(Not supported as of now)
+ *   TSIP_KEY_TYPE_RSA3072     rsa 3072 bit key
+ *   TSIP_KEY_TYPE_RSA4096     rsa 4096 bit key
  *   TSIP_KEY_TYPE_ECDSAP256   ecdsa p256r1 key
+ *   TSIP_KEY_TYPE_ECDSAP384   ecdsa p384r1 key
  */
 WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
 {
@@ -2468,22 +2422,19 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
     }
 
     if ((ret = tsip_hw_lock()) == 0) {
-        switch(keyType) {
+        switch (keyType) {
 
         #if !defined(NO_RSA)
             case TSIP_KEY_TYPE_RSA2048:
             #if defined(WOLFSSL_RENESAS_TSIP_TLS)
                 tuc->ClientRsa2048PubKey_set = 0;
             #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-                if (tuc->rsa2048pub_keyIdx != NULL) {
-                    XFREE(tuc->rsa2048pub_keyIdx, NULL,
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                }
-
+                XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0;
                 tuc->rsa2048pub_keyIdx =
-                (tsip_rsa2048_public_key_index_t*)XMALLOC(
-                    sizeof(tsip_rsa2048_public_key_index_t), NULL,
-                                    DYNAMIC_TYPE_RSA_BUFFER);
+                    (tsip_rsa2048_public_key_index_t*)XMALLOC(
+                        sizeof(tsip_rsa2048_public_key_index_t), NULL,
+                        DYNAMIC_TYPE_RSA_BUFFER);
                 if (tuc->rsa2048pub_keyIdx == NULL) {
                     return MEMORY_E;
                 }
@@ -2507,25 +2458,47 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
                     ret = WC_HW_E;
                 }
                 break;
-        #endif
 
-        #if !defined(NO_RSA)
             case TSIP_KEY_TYPE_RSA4096:
                 /* not supported as of TSIPv1.15 */
                 ret = CRYPTOCB_UNAVAILABLE;
                 break;
-        #endif
+        #endif /* !NO_RSA */
 
-        #if defined(HAVE_ECC) && \
-            defined(WOLFSSL_RENESAS_TSIP_TLS)
+        #if defined(HAVE_ECC)
             case TSIP_KEY_TYPE_ECDSAP256:
-
-                tuc->ClientEccP256PubKey_set = 0;
-                err = R_TSIP_GenerateEccP256PublicKeyIndex(
+            case TSIP_KEY_TYPE_ECDSAP384:
+            #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+                tuc->ClientEccPubKey_set = 0;
+            #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+                tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
+            #endif
+                if (keyType == TSIP_KEY_TYPE_ECDSAP256) {
+                    err = R_TSIP_GenerateEccP256PublicKeyIndex(
+                                    provisioning_key, iv, (uint8_t*)encPubKey,
+                            #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+                                    &(tuc->EcdsaPublicKeyIdx)
+                            #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+                                    &tuc->eccpub_keyIdx
+                            #endif
+                    );
+                }
+                else if (keyType == TSIP_KEY_TYPE_ECDSAP384) {
+                    err = R_TSIP_GenerateEccP384PublicKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPubKey,
-                                    &(tuc->EcdsaP256PublicKeyIdx));
+                            #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+                                    &(tuc->EcdsaPublicKeyIdx)
+                            #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+                                    &tuc->eccpub_keyIdx
+                            #endif
+                    );
+                }
                 if (err == TSIP_SUCCESS) {
-                    tuc->ClientEccP256PubKey_set = 1;
+                #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+                    tuc->ClientEccPubKey_set = 1;
+                #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+                    tuc->keyflgs_crypt.bits.eccpub_key_set = 1;
+                #endif
                 }
                 else {
                     ret = WC_HW_E;
@@ -2545,41 +2518,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
     WOLFSSL_LEAVE("tsipImportPublicKey", ret);
     return ret;
 }
-/*
-* lock hw engine.
-* this should be called before using engine.
-*/
-WOLFSSL_LOCAL int tsip_hw_lock(void)
-{
-    int ret = 0;
-
-    if (tsip_CryptHwMutexInit_ == 0) {
-
-        ret = tsip_CryptHwMutexInit(&tsip_mutex);
-
-        if (ret == 0) {
-            tsip_CryptHwMutexInit_ = 1;
-        }
-        else {
-            WOLFSSL_MSG(" mutex initialization failed.");
-            return -1;
-        }
-    }
-    if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) {
-        /* this should not happens */
-        return -1;
-    }
-
-    return ret;
-}
 
-/*
-* release hw engine
-*/
-WOLFSSL_LOCAL void tsip_hw_unlock(void)
-{
-    tsip_CryptHwMutexUnLock(&tsip_mutex);
-}
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
 /* check if tsip tls functions can be used for the cipher      */
 /* return  :1 when tsip can be used , 0 not be used.           */
@@ -2678,6 +2617,41 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated)
 }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
 
+/*
+* lock hw engine.
+* this should be called before using engine.
+*/
+WOLFSSL_LOCAL int tsip_hw_lock(void)
+{
+    int ret = 0;
+
+    if (tsip_CryptHwMutexInit_ == 0) {
+
+        ret = tsip_CryptHwMutexInit(&tsip_mutex);
+
+        if (ret == 0) {
+            tsip_CryptHwMutexInit_ = 1;
+        }
+        else {
+            WOLFSSL_MSG(" mutex initialization failed.");
+            return -1;
+        }
+    }
+    if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) {
+        /* this should not happens */
+        return -1;
+    }
+
+    return ret;
+}
+
+/*
+* release hw engine
+*/
+WOLFSSL_LOCAL void tsip_hw_unlock(void)
+{
+    tsip_CryptHwMutexUnLock(&tsip_mutex);
+}
 
 /* open TSIP driver
  * return 0 on success.
@@ -2696,6 +2670,7 @@ WOLFSSL_LOCAL int tsip_Open(void)
         if (ret != TSIP_SUCCESS) {
             WOLFSSL_MSG("RENESAS TSIP Open failed");
         }
+
     #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
 
@@ -2722,11 +2697,13 @@ WOLFSSL_LOCAL int tsip_Open(void)
                 if (ret != TSIP_SUCCESS) {
                     WOLFSSL_MSG("R_TSIP_(Re)Open: NG");
                 }
-                    /* init vars */
+
+                /* init vars */
                 g_CAscm_Idx = (uint32_t)-1;
             }
         }
     #endif
+
 #elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106)
 
         ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
@@ -2756,7 +2733,8 @@ WOLFSSL_LOCAL int tsip_Open(void)
                 if (ret != TSIP_SUCCESS) {
                     WOLFSSL_MSG("R_TSIP_(Re)Open failed");
                 }
-                 /* init vars */
+
+                /* init vars */
                 g_CAscm_Idx = (uint32_t)-1;
             }
         }
@@ -2832,7 +2810,8 @@ void tsip_inform_user_keys_ex(
     word32    encrypted_user_tls_key_type)
 {
     WOLFSSL_ENTER("tsip_inform_user_keys_ex");
-    ForceZero(&g_user_key_info, sizeof(g_user_key_info));
+
+    XMEMSET(&g_user_key_info, 0, sizeof(g_user_key_info));
     g_user_key_info.encrypted_provisioning_key = NULL;
     g_user_key_info.iv = NULL;
 
@@ -3036,13 +3015,25 @@ int wc_tsip_ShaXHmacVerify(
     }
     wrapped_key = ssl->keys.tsip_server_write_MAC_secret;
 
-    if (wrapped_key.type == TSIP_KEY_INDEX_TYPE_HMAC_SHA1_FOR_TLS) {
+    if (wrapped_key.type ==
+#if (WOLFSSL_RENESAS_TSIP_VER >= 121)
+        TSIP_KEY_INDEX_TYPE_TLS_SERVER_HMAC_SHA1_FOR_CLIENT
+#else
+        TSIP_KEY_INDEX_TYPE_HMAC_SHA1_FOR_TLS
+#endif
+     ){
         WOLFSSL_MSG("perform Sha1-Hmac verification");
         initFn   = R_TSIP_Sha1HmacVerifyInit;
         updateFn = R_TSIP_Sha1HmacVerifyUpdate;
         finalFn  = R_TSIP_Sha1HmacVerifyFinal;
     }
-    else if (wrapped_key.type == TSIP_KEY_INDEX_TYPE_HMAC_SHA256_FOR_TLS) {
+    else if (wrapped_key.type ==
+#if (WOLFSSL_RENESAS_TSIP_VER >= 121)
+        TSIP_KEY_INDEX_TYPE_TLS_SERVER_HMAC_SHA256_FOR_CLIENT
+#else
+        TSIP_KEY_INDEX_TYPE_HMAC_SHA256_FOR_TLS
+#endif
+    ) {
         WOLFSSL_MSG("perform Sha256-Hmac verification");
         initFn   = R_TSIP_Sha256HmacVerifyInit;
         updateFn = R_TSIP_Sha256HmacVerifyUpdate;
@@ -3567,9 +3558,7 @@ int wc_tsip_tls_CertVerify(
         if (ret != TSIP_SUCCESS) {
             WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification failed");
         }
-        if (sigforSCE) {
-            XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC);
-        }
+        XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC);
         tsip_hw_unlock();
     }
     else {
@@ -3690,7 +3679,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
         ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
     }
 
-
     if (ret == 0) {
         if (ssl->options.hashAlgo == md5_mac)
             tsip_hash_type = R_TSIP_RSA_HASH_MD5;
@@ -3705,11 +3693,11 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
     (void)ssl;
 
     if (ret == 0) {
-       if (tuc->sing_hash_type == md5_mac)
+       if (tuc->sign_hash_type == md5_mac)
            tsip_hash_type = R_TSIP_RSA_HASH_MD5;
-       else if (tuc->sing_hash_type == sha_mac)
+       else if (tuc->sign_hash_type == sha_mac)
            tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
-       else if (tuc->sing_hash_type == sha256_mac)
+       else if (tuc->sign_hash_type == sha256_mac)
            tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
        else
            ret = CRYPTOCB_UNAVAILABLE;
@@ -3717,15 +3705,13 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
     switch (tuc->wrappedKeyType) {
         case TSIP_KEY_TYPE_RSA1024:
-            if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1)
-            {
-                WOLFSSL_MSG("tsip rsa private key 2048 not set");
+            if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
+                WOLFSSL_MSG("tsip rsa private key 1024 not set");
                     ret = CRYPTOCB_UNAVAILABLE;
             }
             break;
         case TSIP_KEY_TYPE_RSA2048:
-            if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1)
-            {
+            if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
                 WOLFSSL_MSG("tsip rsa private key 2048 not set");
                     ret = CRYPTOCB_UNAVAILABLE;
             }
@@ -3735,7 +3721,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
             ret = CRYPTOCB_UNAVAILABLE;
             break;
     }
-
 #endif
 
     if (ret == 0) {
@@ -3902,7 +3887,8 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
 }
 #endif /* !NO_RSA && TSIP_TLS */
 
-#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS)
+#if defined(HAVE_ECC)
+#if defined(WOLFSSL_RENESAS_TSIP_TLS)
 /*   Perform signing with the client's ECC private key on hash value of messages
  *   exchanged with server.
  *
@@ -3922,7 +3908,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
 {
     int ret = 0;
     e_tsip_err_t    err = TSIP_SUCCESS;
-    tsip_rsa_byte_data_t hashData, sigData;
+    tsip_ecdsa_byte_data_t hashData, sigData;
     byte  offsetForWork;
     byte* out = NULL;
     byte* sig = NULL;
@@ -3961,7 +3947,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
         if ((ret = tsip_hw_lock()) == 0) {
             switch (tuc->wrappedKeyType) {
 
-                #if defined(HAVE_ECC)
+                #if !defined(NO_ECC256)
                 case TSIP_KEY_TYPE_ECDSAP256:
                     offsetForWork = R_TSIP_ECDSA_DATA_BYTE_SIZE + 32;
                     if (*(info->pk.eccsign.outlen) <
@@ -3974,7 +3960,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
                                                             offsetForWork;
                     err = R_TSIP_EcdsaP256SignatureGenerate(
                                                 &hashData, &sigData,
-                                                &tuc->EcdsaP256PrivateKeyIdx);
+                                                &tuc->EcdsaPrivateKeyIdx);
                     if (err != TSIP_SUCCESS) {
                         ret = WC_HW_E;
                         break;
@@ -4012,16 +3998,6 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
                     break;
                 #endif
 
-                #if defined(HAVE_ECC192)
-                case TSIP_KEY_TYPE_ECDSAP192:
-                    ret = CRYPTOCB_UNAVAILABLE;
-                    break;
-                #endif
-                #if defined(HAVE_ECC224)
-                case TSIP_KEY_TYPE_ECDSAP224:
-                    ret = CRYPTOCB_UNAVAILABLE;
-                    break;
-                #endif
                 #if defined(HAVE_ECC384)
                 case TSIP_KEY_TYPE_ECDSAP384:
                     ret = CRYPTOCB_UNAVAILABLE;
@@ -4042,7 +4018,114 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
     WOLFSSL_LEAVE("tsip_SignEcdsa", ret);
     return ret;
 }
-#endif /* HAVE_ECC && TSIP_TLS */
+#endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
+#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+/* zero pad or truncate hash */
+static int tsip_HashPad(int curveSz, uint8_t* hash,
+    const uint8_t* hashIn, int hashSz)
+{
+    if (hashSz > curveSz)
+        hashSz = curveSz;
+    XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
+    return curveSz;
+}
+
+/* Perform verify with the wrapped public key, provided hash and signature r+s
+ *
+ * parameters
+ *   info->pk.eccverify.in    : the buffer holding hash value of messages
+ *   info->pk.eccverify.inlen : hash data size
+ *   info->pk.eccverify.out   : the buffer where the signature data is output to
+ *   info->pk.eccverify.outlen: the length of the buffer pk.eccsign.out
+ *   tuc:  the pointer to the TsipUserCtx structure
+ * returns
+ *   0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
+ */
+WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
+{
+    int ret = 0;
+    e_tsip_err_t    err = TSIP_SUCCESS;
+    tsip_ecdsa_byte_data_t hashData, sigData;
+    /* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32
+     * if using SHA2-256 with ECDSA SECP384R1 */
+    uint8_t hash[TSIP_MAX_ECC_BYTES];
+
+    WOLFSSL_ENTER("tsip_VerifyEcdsa");
+
+    if (info == NULL || tuc == NULL) {
+        ret = CRYPTOCB_UNAVAILABLE;
+    }
+
+    XMEMSET(hash, 0, sizeof(hash));
+
+    if (ret == 0) {
+        /* import public key_index from wrapped key */
+        ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
+    }
+
+    if (ret == 0) {
+        int curveSz = info->pk.eccverify.key->dp->size;
+        hashData.pdata      = (uint8_t*)hash;
+        hashData.data_type  = tuc->keyflgs_crypt.bits.message_type;
+        sigData.pdata       = (uint8_t*)info->pk.eccverify.sig;
+        sigData.data_length = info->pk.eccverify.siglen;
+
+        if ((ret = tsip_hw_lock()) == 0) {
+            switch (tuc->wrappedKeyType) {
+            #if !defined(NO_ECC256)
+                case TSIP_KEY_TYPE_ECDSAP256:
+                    /* zero pad or truncate */
+                    hashData.data_length = tsip_HashPad(curveSz,
+                        hash, info->pk.eccverify.hash,
+                        info->pk.eccverify.hashlen);
+
+                    err = R_TSIP_EcdsaP256SignatureVerification(&sigData,
+                        &hashData, &tuc->eccpub_keyIdx);
+                    if (err == TSIP_SUCCESS) {
+                        *info->pk.eccverify.res = 1; /* success */
+                    }
+                    else {
+                        ret = WC_HW_E;
+                    }
+                    break;
+                    break;
+            #endif
+
+            #if defined(HAVE_ECC384)
+                case TSIP_KEY_TYPE_ECDSAP384:
+                    /* zero pad or truncate */
+                    hashData.data_length = tsip_HashPad(curveSz,
+                        hash, info->pk.eccverify.hash,
+                        info->pk.eccverify.hashlen);
+
+                    err = R_TSIP_EcdsaP384SignatureVerification(&sigData,
+                        &hashData, &tuc->eccpub_keyIdx);
+                    if (err == TSIP_SUCCESS) {
+                        *info->pk.eccverify.res = 1; /* success */
+                    }
+                    else {
+                        ret = WC_HW_E;
+                    }
+                    break;
+            #endif
+
+                default:
+                    WOLFSSL_MSG("ECDSA public key size not available");
+                    ret = CRYPTOCB_UNAVAILABLE;
+                    break;
+            }
+            tsip_hw_unlock();
+        }
+        else {
+            WOLFSSL_MSG("mutex locking error");
+        }
+    }
+    WOLFSSL_LEAVE("tsip_VerifyEcdsa", ret);
+    return ret;
+}
+#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+#endif /* HAVE_ECC */
 
 
 #ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG
diff --git a/wolfcrypt/src/port/af_alg/afalg_aes.c b/wolfcrypt/src/port/af_alg/afalg_aes.c
index 27ee88f610..3fd9023604 100644
--- a/wolfcrypt/src/port/af_alg/afalg_aes.c
+++ b/wolfcrypt/src/port/af_alg/afalg_aes.c
@@ -1,6 +1,6 @@
 /* afalg_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/af_alg/afalg_hash.c b/wolfcrypt/src/port/af_alg/afalg_hash.c
index ee5599480f..c14dfb0ee7 100644
--- a/wolfcrypt/src/port/af_alg/afalg_hash.c
+++ b/wolfcrypt/src/port/af_alg/afalg_hash.c
@@ -1,6 +1,6 @@
 /* afalg_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -53,10 +53,8 @@ static void AfalgHashFree(wolfssl_AFALG_Hash* hash)
     }
 
     #if defined(WOLFSSL_AFALG_HASH_KEEP)
-    if (hash->msg != NULL) {
-        XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        hash->msg = NULL;
-    }
+    XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    hash->msg = NULL;
     #endif
 }
 
diff --git a/wolfcrypt/src/port/af_alg/wc_afalg.c b/wolfcrypt/src/port/af_alg/wc_afalg.c
index b6671f7b85..b278d1f7d3 100644
--- a/wolfcrypt/src/port/af_alg/wc_afalg.c
+++ b/wolfcrypt/src/port/af_alg/wc_afalg.c
@@ -1,6 +1,6 @@
 /* wc_afalg.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/aria/aria-crypt.c b/wolfcrypt/src/port/aria/aria-crypt.c
index d310c6eb1b..0dd20b0c87 100644
--- a/wolfcrypt/src/port/aria/aria-crypt.c
+++ b/wolfcrypt/src/port/aria/aria-crypt.c
@@ -1,6 +1,6 @@
 /* aria-crypt.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/aria/aria-cryptocb.c b/wolfcrypt/src/port/aria/aria-cryptocb.c
index 906a07a739..cd9ed74376 100644
--- a/wolfcrypt/src/port/aria/aria-cryptocb.c
+++ b/wolfcrypt/src/port/aria/aria-cryptocb.c
@@ -1,6 +1,6 @@
 /* aria-cryptocb.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
index 99812b3dbf..345f19408e 100644
--- a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-aes-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
index daaf1235d6..97edaf4a9b 100644
--- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-aes-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -411,7 +411,7 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p)
 static const uint32_t L_AES_ARM32_rcon[] = {
     0x01000000, 0x02000000, 0x04000000, 0x08000000,
     0x10000000, 0x20000000, 0x40000000, 0x80000000,
-    0x1b000000, 0x36000000, 
+    0x1b000000, 0x36000000,
 };
 
 void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks);
diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S
index a09996238d..69cb22e4e4 100644
--- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S
@@ -1,6 +1,6 @@
 /* armv8-32-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
index 2b97581d82..09ef2eb439 100644
--- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
index 381cd25584..14a1ec48f5 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-sha256-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
index a10241f814..391075340e 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-sha256-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
index 2ab9f93576..76629726f7 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-sha3-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
index 21b968580e..6d2efa1b0b 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-sha3-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
index 48e7ec4264..4dbfeafad9 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
index cf29ab59ff..b59668d12a 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c
index b40dd7b558..87df6f0895 100644
--- a/wolfcrypt/src/port/arm/armv8-aes.c
+++ b/wolfcrypt/src/port/arm/armv8-aes.c
@@ -1,6 +1,6 @@
 /* armv8-aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -44,6 +44,17 @@
     #endif
 #endif
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+
+/* Enable Hardware Callback */
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    /* Revert back to SW so HW CB works */
+    /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+#endif
+
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
@@ -14928,6 +14939,20 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz,
+                                      authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     XMEMCPY(B+1, nonce, nonceSz);
     lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B[0] = (authInSz > 0 ? 64 : 0)
@@ -15000,6 +15025,20 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz,
+            authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     o = out;
     oSz = inSz;
     XMEMCPY(B+1, nonce, nonceSz);
@@ -16534,7 +16573,14 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         return BAD_FUNC_ARG;
     }
 #endif
-
+#ifdef WOLF_CRYPTO_CB
+    if (aes->devId != INVALID_DEVID) {
+        if (keylen > sizeof(aes->devKey)) {
+            return BAD_FUNC_ARG;
+        }
+        XMEMCPY(aes->devKey, userKey, keylen);
+    }
+#endif
 #ifdef WOLFSSL_AES_COUNTER
     aes->left = 0;
 #endif /* WOLFSSL_AES_COUNTER */
@@ -16584,6 +16630,20 @@ static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
         return KEYUSAGE_E;
     }
 
+#ifdef MAX3266X_CB /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock,
+                                            AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            return ret_cb;
+        }
+        /* fall-through when unavailable */
+    }
+#endif
+
     AES_ECB_encrypt(inBlock, outBlock, AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     return 0;
@@ -16598,6 +16658,19 @@ static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
         return KEYUSAGE_E;
     }
 
+#ifdef MAX3266X_CB /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock,
+                                            AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     return 0;
@@ -16652,6 +16725,18 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #endif
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret = wc_CryptoCb_AesCbcEncrypt(aes, out, in, sz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds,
         (unsigned char*)aes->reg);
 
@@ -16681,6 +16766,18 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #endif
     }
 
+    #ifdef WOLF_CRYPTO_CB
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (aes->devId != INVALID_DEVID)
+        #endif
+        {
+            int crypto_cb_ret = wc_CryptoCb_AesCbcDecrypt(aes, out, in, sz);
+            if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return crypto_cb_ret;
+            /* fall-through when unavailable */
+        }
+    #endif
+
     AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds,
         (unsigned char*)aes->reg);
 
@@ -16703,6 +16800,18 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         WOLFSSL_ERROR_VERBOSE(KEYUSAGE_E);
         return KEYUSAGE_E;
     }
+    #ifdef WOLF_CRYPTO_CB
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (aes->devId != INVALID_DEVID)
+        #endif
+        {
+            int crypto_cb_ret = wc_CryptoCb_AesCtrEncrypt(aes, out, in, sz);
+            if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return crypto_cb_ret;
+            /* fall-through when unavailable */
+        }
+    #endif
+
 
     tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
     /* consume any unused bytes left in aes->tmp */
@@ -17080,6 +17189,13 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         return BAD_FUNC_ARG;
     }
 
+
+    #ifdef WOLF_CRYPTO_CB
+        if (aes->devId != INVALID_DEVID) {
+            XMEMCPY(aes->devKey, key, len);
+        }
+    #endif
+
     XMEMSET(iv, 0, AES_BLOCK_SIZE);
     ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
 
@@ -17241,6 +17357,20 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return KEYUSAGE_E;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesGcmEncrypt(aes, out, in, sz, iv, ivSz, authTag,
+                                      authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
@@ -17329,6 +17459,20 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesGcmDecrypt(aes, out, in, sz, iv, ivSz,
+                                      authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
diff --git a/wolfcrypt/src/port/arm/armv8-chacha.c b/wolfcrypt/src/port/arm/armv8-chacha.c
index 18dd9e596e..c7de0a265b 100644
--- a/wolfcrypt/src/port/arm/armv8-chacha.c
+++ b/wolfcrypt/src/port/arm/armv8-chacha.c
@@ -1,6 +1,6 @@
 /* armv8-chacha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.S b/wolfcrypt/src/port/arm/armv8-curve25519.S
index 3f04ce87ad..cf20f60809 100644
--- a/wolfcrypt/src/port/arm/armv8-curve25519.S
+++ b/wolfcrypt/src/port/arm/armv8-curve25519.S
@@ -1,6 +1,6 @@
 /* armv8-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-curve25519_c.c
index c9a98222e3..6af75a632b 100644
--- a/wolfcrypt/src/port/arm/armv8-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/armv8-curve25519_c.c
@@ -1,6 +1,6 @@
 /* armv8-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-poly1305.c b/wolfcrypt/src/port/arm/armv8-poly1305.c
index d0aab02348..4d838c7036 100644
--- a/wolfcrypt/src/port/arm/armv8-poly1305.c
+++ b/wolfcrypt/src/port/arm/armv8-poly1305.c
@@ -1,6 +1,6 @@
 /* armv8-poly1305.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -49,151 +49,126 @@
     #include <stdio.h>
 #endif
 
-static WC_INLINE void poly1305_blocks_16(Poly1305* ctx, const unsigned char *m,
-                                         size_t bytes)
+static WC_INLINE void poly1305_blocks_aarch64_16(Poly1305* ctx,
+    const unsigned char *m, size_t bytes)
 {
     __asm__ __volatile__ (
+        /* Check for zero bytes to do. */
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE] \n\t"
-        "BLO        L_poly1305_16_64_done_%= \n\t"
-        /* Load r and h */
-        "LDP        x21, x23, %[ctx_r]   \n\t"
-        "LDR        w25, %[ctx_r_4]      \n\t"
-        "LDP        x2, x4, %[ctx_h]     \n\t"
-        "LDR        w6, %[ctx_h_4]       \n\t"
-        "LSR        x22, x21, #32        \n\t"
-        "LSR        x24, x23, #32        \n\t"
-        "LSR        x3, x2, #32          \n\t"
-        "LSR        x5, x4, #32          \n\t"
-        "AND        x21, x21, #0x3ffffff \n\t"
-        "AND        x23, x23, #0x3ffffff \n\t"
-        "AND        x2, x2, #0x3ffffff   \n\t"
-        "AND        x4, x4, #0x3ffffff   \n\t"
-        /* s1 = r1 * 5; */
-        /* s2 = r2 * 5; */
-        /* s3 = r3 * 5; */
-        /* s4 = r4 * 5; */
-        "MOV        x15, #5              \n\t"
-        "CMP        %[finished], #0      \n\t"
-        "MUL        w7, w22, w15         \n\t"
-        "CSET       %[finished], EQ      \n\t"
-        "MUL        w8, w23, w15         \n\t"
-        "LSL        %[finished], %[finished], #24 \n\t"
-        "MUL        w9, w24, w15         \n\t"
-        "MOV        x14, #0x3ffffff      \n\t"
-        "MUL        w10, w25, w15        \n\t"
+        "BLO        L_poly1305_aarch64_16_done_%= \n\t"
+
+        "MOV        x12, #1               \n\t"
+        /* Load h */
+        "LDP        w4, w5, [%[ctx_h], #0]   \n\t"
+        "LDP        w6, w7, [%[ctx_h], #8]   \n\t"
+        "LDR        w8, [%[ctx_h], #16]   \n\t"
+        /* Base 26 -> Base 64 */
+        "ORR        x4, x4, x5, LSL #26\n\t"
+        "ORR        x4, x4, x6, LSL #52\n\t"
+        "LSR        x5, x6, #12\n\t"
+        "ORR        x5, x5, x7, LSL #14\n\t"
+        "ORR        x5, x5, x8, LSL #40\n\t"
+        "LSR        x6, x8, #24\n\t"
+        /* Load r */
+        "LDP        x8, x9, %[ctx_r64]   \n\t"
+        "SUB        %[finished], x12, %[finished]\n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_16_64_loop_%=: \n\t"
-        /* t0 = U8TO64(&m[0]); */
-        /* t1 = U8TO64(&m[8]); */
-        "LDP        x16, x17, [%[m]], #16 \n\t"
-        /* h0 += (U8TO32(m + 0)) & 0x3ffffff; */
-        "AND        x26, x16, #0x3ffffff \n\t"
-        "ADD        x2, x2, x26          \n\t"
-        /* h1 += (U8TO32(m + 3) >> 2) & 0x3ffffff; */
-        "AND        x26, x14, x16, LSR #26 \n\t"
-        "ADD        x3, x3, x26          \n\t"
-        /* h2 += (U8TO32(m + 6) >> 4) & 0x3ffffff; */
-        "EXTR       x26, x17, x16, #52   \n\t"
-        "AND        x26, x26, #0x3ffffff \n\t"
-        "ADD        x4, x4, x26          \n\t"
-        /* h3 += (U8TO32(m + 9) >> 6) & 0x3ffffff; */
-        "AND        x26, x14, x17, LSR #14 \n\t"
-        "ADD        x5, x5, x26          \n\t"
-        /* h4 += (U8TO32(m + 12) >> 8) | hibit; */
-        "ORR        x17, %[finished], x17, LSR #40 \n\t"
-        "ADD        x6, x6, x17          \n\t"
-        /* d0 = h0 * r0 + h1 * s4 + h2 * s3 + h3 * s2 + h4 * s1 */
-        /* d1 = h0 * r1 + h1 * r0 + h2 * s4 + h3 * s3 + h4 * s2 */
-        /* d2 = h0 * r2 + h1 * r1 + h2 * r0 + h3 * s4 + h4 * s3 */
-        /* d3 = h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * s4 */
-        /* d4 = h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0 */
-        "MUL        x16, x2, x21         \n\t"
-        "MUL        x17, x2, x22         \n\t"
-        "MUL        x26, x2, x23         \n\t"
-        "MUL        x19, x2, x24         \n\t"
-        "MUL        x20, x2, x25         \n\t"
-        "MADD       x16, x3, x10, x16    \n\t"
-        "MADD       x17, x3, x21, x17    \n\t"
-        "MADD       x26, x3, x22, x26    \n\t"
-        "MADD       x19, x3, x23, x19    \n\t"
-        "MADD       x20, x3, x24, x20    \n\t"
-        "MADD       x16, x4, x9, x16     \n\t"
-        "MADD       x17, x4, x10, x17    \n\t"
-        "MADD       x26, x4, x21, x26    \n\t"
-        "MADD       x19, x4, x22, x19    \n\t"
-        "MADD       x20, x4, x23, x20    \n\t"
-        "MADD       x16, x5, x8, x16     \n\t"
-        "MADD       x17, x5, x9, x17     \n\t"
-        "MADD       x26, x5, x10, x26    \n\t"
-        "MADD       x19, x5, x21, x19    \n\t"
-        "MADD       x20, x5, x22, x20    \n\t"
-        "MADD       x16, x6, x7, x16     \n\t"
-        "MADD       x17, x6, x8, x17     \n\t"
-        "MADD       x26, x6, x9, x26     \n\t"
-        "MADD       x19, x6, x10, x19    \n\t"
-        "MADD       x20, x6, x21, x20    \n\t"
-        /* d1 = d1 + d0 >> 26 */
-        /* d2 = d2 + d1 >> 26 */
-        /* d3 = d3 + d2 >> 26 */
-        /* d4 = d4 + d3 >> 26 */
-        /* h0 = d0 & 0x3ffffff */
-        /* h1 = d1 & 0x3ffffff */
-        /* h2 = d2 & 0x3ffffff */
-        /* h0 = h0 + (d4 >> 26) * 5 */
-        /* h1 = h1 + h0 >> 26 */
-        /* h3 = d3 & 0x3ffffff */
-        /* h4 = d4 & 0x3ffffff */
-        /* h0 = h0 & 0x3ffffff */
-        "ADD        x17, x17, x16, LSR #26 \n\t"
-        "ADD        x20, x20, x19, LSR #26 \n\t"
-        "AND        x16, x16, #0x3ffffff \n\t"
-        "LSR        x2, x20, #26         \n\t"
-        "AND        x19, x19, #0x3ffffff \n\t"
-        "MADD       x16, x2, x15, x16    \n\t"
-        "ADD        x26, x26, x17, LSR #26 \n\t"
-        "AND        x17, x17, #0x3ffffff \n\t"
-        "AND        x20, x20, #0x3ffffff \n\t"
-        "ADD        x19, x19, x26, LSR #26 \n\t"
-        "AND        x4, x26, #0x3ffffff  \n\t"
-        "ADD        x3, x17, x16, LSR #26 \n\t"
-        "AND        x2, x16, #0x3ffffff  \n\t"
-        "ADD        x6, x20, x19, LSR #26 \n\t"
-        "AND        x5, x19, #0x3ffffff  \n\t"
-        "SUB        %[bytes], %[bytes], %[POLY1305_BLOCK_SIZE] \n\t"
-        "CMP        %[bytes], %[POLY1305_BLOCK_SIZE] \n\t"
-        "BHS        L_poly1305_16_64_loop_%= \n\t"
-        /* Store h */
-        "ORR        x2, x2, x3, LSL #32  \n\t"
-        "ORR        x4, x4, x5, LSL #32  \n\t"
-        "STP        x2, x4, %[ctx_h]     \n\t"
-        "STR        w6, %[ctx_h_4]       \n\t"
+    "L_poly1305_aarch64_16_loop_%=: \n\t"
+        /* Load m */
+        "LDR        x10, [%[m]]          \n\t"
+        "LDR        x11, [%[m], 8]       \n\t"
+        /* Add m and !finished at bit 128. */
+        "ADDS       x4, x4, x10          \n\t"
+        "ADCS       x5, x5, x11          \n\t"
+        "ADC        x6, x6, %[finished]  \n\t"
+
+        /* r * h */
+        /* r0 * h0 */
+        "MUL        x12, x8, x4\n\t"
+        "UMULH      x13, x8, x4\n\t"
+        /* r0 * h1 */
+        "MUL        x16, x8, x5\n\t"
+        "UMULH      x14, x8, x5\n\t"
+        /* r1 * h0 */
+        "MUL        x15, x9, x4\n\t"
+        "ADDS       x13, x13, x16\n\t"
+        "UMULH      x17, x9, x4\n\t"
+        "ADC        x14, x14, xzr\n\t"
+        "ADDS       x13, x13, x15\n\t"
+        /* r0 * h2 */
+        "MUL        x16, x8, x6\n\t"
+        "ADCS       x14, x14, x17\n\t"
+        "UMULH      x17, x8, x6\n\t"
+        "ADC        x15, xzr, xzr\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        /* r1 * h1 */
+        "MUL        x16, x9, x5\n\t"
+        "ADC        x15, x15, x17\n\t"
+        "UMULH      x19, x9, x5\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        /* r1 * h2 */
+        "MUL        x17, x9, x6\n\t"
+        "ADCS       x15, x15, x19\n\t"
+        "UMULH      x19, x9, x6\n\t"
+        "ADC        x16, xzr, xzr\n\t"
+        "ADDS       x15, x15, x17\n\t"
+        "ADC        x16, x16, x19\n\t"
+        /* h' = x12, x13, x14, x15, x16 */
+
+        /* h' mod 2^130 - 5 */
+        /* Get top two bits from h[2]. */
+        "AND        x6, x14, 3\n\t"
+        /* Get high bits from h[2]. */
+        "AND        x14, x14, -4\n\t"
+        /* Add top bits * 4. */
+        "ADDS       x4, x12, x14\n\t"
+        "ADCS       x5, x13, x15\n\t"
+        "ADC        x6, x6, x16\n\t"
+        /* Move down 2 bits. */
+        "EXTR       x14, x15, x14, 2\n\t"
+        "EXTR       x15, x16, x15, 2\n\t"
+        /* Add top bits. */
+        "ADDS       x4, x4, x14\n\t"
+        "ADCS       x5, x5, x15\n\t"
+        "ADC        x6, x6, xzr\n\t"
+
+        "SUBS       %[bytes], %[bytes], %[POLY1305_BLOCK_SIZE]\n\t"
+        "ADD        %[m], %[m], %[POLY1305_BLOCK_SIZE]\n\t"
+        "BGT        L_poly1305_aarch64_16_loop_%=\n\t"
+
+        /* Base 64 -> Base 26 */
+        "MOV        x10, #0x3ffffff\n\t"
+        "EXTR       x8, x6, x5, #40\n\t"
+        "AND        x7, x10, x5, LSR #14\n\t"
+        "EXTR       x6, x5, x4, #52\n\t"
+        "AND        x5, x10, x4, LSR #26\n\t"
+        "AND        x4, x4, x10\n\t"
+        "AND        x6, x6, x10\n\t"
+        "AND        x8, x8, x10\n\t"
+        "STP        w4, w5, [%[ctx_h], #0]   \n\t"
+        "STP        w6, w7, [%[ctx_h], #8]   \n\t"
+        "STR        w8, [%[ctx_h], #16]   \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_16_64_done_%=: \n\t"
-        : [ctx_h] "+m" (ctx->h[0]),
-          [ctx_h_4] "+m" (ctx->h[4]),
-          [bytes] "+r" (bytes),
-          [m] "+r" (m)
+    "L_poly1305_aarch64_16_done_%=: \n\t"
+        : [bytes] "+r" (bytes), [m] "+r" (m)
         : [POLY1305_BLOCK_SIZE] "I" (POLY1305_BLOCK_SIZE),
-          [ctx_r] "m" (ctx->r[0]),
-          [ctx_r_4] "m" (ctx->r[4]),
+          [ctx_r64] "m" (ctx->r64[0]), [ctx_h] "r" (ctx->h),
           [finished] "r" ((word64)ctx->finished)
         : "memory", "cc",
-          "w2", "w3", "w4", "w5", "w6", "w7", "w8", "w9", "w10", "w15",
-          "w21", "w22", "w23", "w24", "w25", "x2", "x3", "x4", "x5", "x6",
-          "x7", "x8", "x9", "x10", "x14", "x15", "x16", "x17", "x19", "x20",
-          "x21", "x22", "x23", "x24", "x25", "x26"
+          "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14",
+          "x15", "x16", "x17", "x19"
     );
 }
 
-void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
-                            size_t bytes)
+void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m,
+    size_t bytes)
 {
     __asm__ __volatile__ (
         /* If less than 4 blocks to process then use regular method */
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE]*4 \n\t"
-        "BLO        L_poly1305_64_done_%= \n\t"
+        "BLO        L_poly1305_aarch64_64_done_%= \n\t"
         "MOV        x9, #0x3ffffff       \n\t"
         /* Load h */
         "LDP        x20, x22, [%[h]]     \n\t"
@@ -221,7 +196,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "MOV        v26.D[1], x9         \n\t"
         "DUP        v30.4S, v26.S[0]     \n\t"
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE]*6 \n\t"
-        "BLO        L_poly1305_64_start_block_size_64_%= \n\t"
+        "BLO        L_poly1305_aarch64_64_start_block_size_64_%= \n\t"
         /* Load r^2 to NEON v0, v1, v2, v3, v4 */
         "LD4        { v0.S-v3.S }[2], [%[r_2]], #16 \n\t"
         "LD1        { v4.S }[2], [%[r_2]] \n\t"
@@ -284,7 +259,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "ADD        v19.2S, v19.2S, v14.2S \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_loop_128_%=: \n\t"
+    "L_poly1305_aarch64_64_loop_128_%=: \n\t"
         /* d0 = h0*r0 + h1*s4 + h2*s3 + h3*s2 + h4*s1 */
         /* d1 = h0*r1 + h1*r0 + h2*s4 + h3*s3 + h4*s2 */
         /* d2 = h0*r2 + h1*r1 + h2*r0 + h3*s4 + h4*s3 */
@@ -395,7 +370,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "UMLAL2     v25.2D, v14.4S, v0.4S \n\t"
         /* If less than six message blocks left then leave loop */
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE]*6 \n\t"
-        "BLS        L_poly1305_64_loop_128_final_%= \n\t"
+        "BLS        L_poly1305_aarch64_64_loop_128_final_%= \n\t"
         /* Load m */
         /* Load four message blocks to NEON v10, v11, v12, v13, v14 */
         "LD4        { v10.4S-v13.4S }, [%[m]], #64 \n\t"
@@ -447,10 +422,10 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "MOV        v17.S[1], v17.S[2]   \n\t"
         "MOV        v18.S[1], v18.S[2]   \n\t"
         "MOV        v19.S[1], v19.S[2]   \n\t"
-        "B          L_poly1305_64_loop_128_%= \n\t"
+        "B          L_poly1305_aarch64_64_loop_128_%= \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_loop_128_final_%=: \n\t"
+    "L_poly1305_aarch64_64_loop_128_final_%=: \n\t"
         /* Load m */
         /* Load two message blocks to NEON v10, v11, v12, v13, v14 */
         "LD2        { v10.2D-v11.2D }, [%[m]], #32 \n\t"
@@ -525,12 +500,12 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "MOV        v19.S[1], v19.S[2]   \n\t"
         /* If less than 2 blocks left go straight to final multiplication. */
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE]*2 \n\t"
-        "BLO        L_poly1305_64_last_mult_%= \n\t"
-        /* Else go to one loop of L_poly1305_64_loop_64 */
-        "B          L_poly1305_64_loop_64_%= \n\t"
+        "BLO        L_poly1305_aarch64_64_last_mult_%= \n\t"
+        /* Else go to one loop of L_poly1305_aarch64_64_loop_64 */
+        "B          L_poly1305_aarch64_64_loop_64_%= \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_start_block_size_64_%=: \n\t"
+    "L_poly1305_aarch64_64_start_block_size_64_%=: \n\t"
         /* Load r^2 to NEON v0, v1, v2, v3, v4 */
         "LD4R       { v0.2S-v3.2S }, [%[r_2]], #16 \n\t"
         "LD1R       { v4.2S }, [%[r_2]]  \n\t"
@@ -581,7 +556,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "ADD        v19.2S, v19.2S, v14.2S \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_loop_64_%=: \n\t"
+    "L_poly1305_aarch64_64_loop_64_%=: \n\t"
         /* d0 = h0*r0 + h1*s4 + h2*s3 + h3*s2 + h4*s1 */
         /* d1 = h0*r1 + h1*r0 + h2*s4 + h3*s3 + h4*s2 */
         /* d2 = h0*r2 + h1*r1 + h2*r0 + h3*s4 + h4*s3 */
@@ -709,10 +684,10 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "MOV        v19.S[1], v19.S[2]   \n\t"
         /* If at least two message blocks left then loop_64 */
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE]*2 \n\t"
-        "BHS        L_poly1305_64_loop_64_%= \n\t"
+        "BHS        L_poly1305_aarch64_64_loop_64_%= \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_last_mult_%=: \n\t"
+    "L_poly1305_aarch64_64_last_mult_%=: \n\t"
         /* Load r */
         "LD4        { v0.S-v3.S }[1], [%[r]], #16 \n\t"
         /* Compute h*r^2 */
@@ -849,7 +824,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "SUB        %[h], %[h], #16      \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_done_%=: \n\t"
+    "L_poly1305_aarch64_64_done_%=: \n\t"
         : [bytes] "+r" (bytes),
           [m] "+r" (m),
           [ctx] "+m" (ctx)
@@ -869,12 +844,12 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
           "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27",
           "x28", "x30"
     );
-    poly1305_blocks_16(ctx, m, bytes);
+    poly1305_blocks_aarch64_16(ctx, m, bytes);
 }
 
-void poly1305_block(Poly1305* ctx, const unsigned char *m)
+void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m)
 {
-    poly1305_blocks_16(ctx, m, POLY1305_BLOCK_SIZE);
+    poly1305_blocks_aarch64_16(ctx, m, POLY1305_BLOCK_SIZE);
 }
 
 #if defined(POLY130564)
@@ -910,151 +885,147 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
         "LDP        x10, x11, [%[key], #16] \n\t"
         /* Load clamp */
         "LDP        x12, x13, [%[clamp]] \n\t"
+        /* Save pad for later */
+        "STP        x10, x11, [%[ctx_pad]] \n\t"
         /* Apply clamp */
         /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
         "AND        x8, x8, x12          \n\t"
         "AND        x9, x9, x13          \n\t"
-        "MOV        x19, xzr             \n\t"
-        "MOV        x20, xzr             \n\t"
-        "MOV        x21, xzr             \n\t"
-        "MOV        x22, xzr             \n\t"
-        "MOV        x23, xzr             \n\t"
-        "BFI        x19, x8, #0, #26     \n\t"
-        "LSR        x8, x8, #26          \n\t"
-        "BFI        x20, x8, #0, #26     \n\t"
-        "LSR        x8, x8, #26          \n\t"
-        "BFI        x21, x8, #0, #12     \n\t"
-        "BFI        x21, x9, #12, #14    \n\t"
-        "LSR        x9, x9, #14          \n\t"
-        "BFI        x22, x9, #0, #26     \n\t"
-        "LSR        x9, x9, #26          \n\t"
-        "BFI        x23, x9, #0, #24     \n\t"
+        "STP        x8, x9, [%[ctx_r64]] \n\t"
+        /* 128-bits: Base 64 -> Base 26 */
+        "MOV        x20, #0x3ffffff\n\t"
+        "LSR        x15, x9, #40\n\t"
+        "AND        x14, x20, x9, LSR #14\n\t"
+        "EXTR       x13, x9, x8, #52\n\t"
+        "AND        x12, x20, x8, LSR #26\n\t"
+        "AND        x11, x8, x20\n\t"
+        "AND        x13, x13, x20\n\t"
+        "AND        x15, x15, x20\n\t"
+        "STP        w11, w12, [%[ctx_r], #0]   \n\t"
+        "STP        w13, w14, [%[ctx_r], #8]   \n\t"
+        "STR        w15, [%[ctx_r], #16]   \n\t"
+
         /* Compute r^2 */
-        /* r*5 */
-        "MOV        x8, #5               \n\t"
-        "MUL        x24, x20, x8         \n\t"
-        "MUL        x25, x21, x8         \n\t"
-        "MUL        x26, x22, x8         \n\t"
-        "MUL        x27, x23, x8         \n\t"
-        /* d = r*r */
-        /* d0 = h0 * r0 + h1 * s4 + h2 * s3 + h3 * s2 + h4 * s1 */
-        /* d1 = h0 * r1 + h1 * r0 + h2 * s4 + h3 * s3 + h4 * s2 */
-        /* d2 = h0 * r2 + h1 * r1 + h2 * r0 + h3 * s4 + h4 * s3 */
-        /* d3 = h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * s4 */
-        /* d4 = h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0 */
-        "MUL        x14, x19, x19        \n\t"
-        "MUL        x15, x19, x20        \n\t"
-        "MUL        x16, x19, x21        \n\t"
-        "MUL        x17, x19, x22        \n\t"
-        "MUL        x7, x19, x23         \n\t"
-        "MADD       x14, x20, x27, x14   \n\t"
-        "MADD       x15, x20, x19, x15   \n\t"
-        "MADD       x16, x20, x20, x16   \n\t"
-        "MADD       x17, x20, x21, x17   \n\t"
-        "MADD       x7, x20, x22, x7     \n\t"
-        "MADD       x14, x21, x26, x14   \n\t"
-        "MADD       x15, x21, x27, x15   \n\t"
-        "MADD       x16, x21, x19, x16   \n\t"
-        "MADD       x17, x21, x20, x17   \n\t"
-        "MADD       x7, x21, x21, x7     \n\t"
-        "MADD       x14, x22, x25, x14   \n\t"
-        "MADD       x15, x22, x26, x15   \n\t"
-        "MADD       x16, x22, x27, x16   \n\t"
-        "MADD       x17, x22, x19, x17   \n\t"
-        "MADD       x7, x22, x20, x7     \n\t"
-        "MADD       x14, x23, x24, x14   \n\t"
-        "MADD       x15, x23, x25, x15   \n\t"
-        "MADD       x16, x23, x26, x16   \n\t"
-        "MADD       x17, x23, x27, x17   \n\t"
-        "MADD       x7, x23, x19, x7     \n\t"
+        /* r0 * r0 */
+        "MUL        x12, x8, x8\n\t"
+        "UMULH      x13, x8, x8\n\t"
+        /* 2 * r0 * r1 */
+        "MUL        x15, x8, x9\n\t"
+        "UMULH      x16, x8, x9\n\t"
+        "ADDS       x13, x13, x15\n\t"
+        "ADC        x14, xzr, x16\n\t"
+        "ADDS       x13, x13, x15\n\t"
+        "ADCS       x14, x14, x16\n\t"
+        "ADC        x15, xzr, xzr\n\t"
+        /* r1 * r1 */
+        "MUL        x16, x9, x9\n\t"
+        "UMULH      x17, x9, x9\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        "ADC        x15, x15, x17\n\t"
         /* r_2 = r^2 % P */
-        "ADD        x15, x15, x14, LSR #26 \n\t"
-        "ADD        x7, x7, x17, LSR #26 \n\t"
-        "AND        x14, x14, #0x3ffffff \n\t"
-        "LSR        x9, x7, #26          \n\t"
-        "AND        x17, x17, #0x3ffffff \n\t"
-        "MADD       x14, x9, x8, x14     \n\t"
-        "ADD        x16, x16, x15, LSR #26 \n\t"
-        "AND        x15, x15, #0x3ffffff \n\t"
-        "AND        x7, x7, #0x3ffffff   \n\t"
-        "ADD        x17, x17, x16, LSR #26 \n\t"
-        "AND        x16, x16, #0x3ffffff \n\t"
-        "ADD        x15, x15, x14, LSR #26 \n\t"
-        "AND        x14, x14, #0x3ffffff \n\t"
-        "ADD        x7, x7, x17, LSR #26 \n\t"
-        "AND        x17, x17, #0x3ffffff \n\t"
-        /* Store r */
-        "ORR        x19, x19, x20, LSL #32 \n\t"
-        "ORR        x21, x21, x22, LSL #32 \n\t"
-        "STP        x19, x21, [%[ctx_r]] \n\t"
-        "STR        w23, [%[ctx_r], #16] \n\t"
-        "MOV        x8, #5               \n\t"
-        "MUL        x24, x15, x8         \n\t"
-        "MUL        x25, x16, x8         \n\t"
-        "MUL        x26, x17, x8         \n\t"
-        "MUL        x27, x7, x8          \n\t"
-        /* Compute r^4 */
-        /* d0 = h0 * r0 + h1 * s4 + h2 * s3 + h3 * s2 + h4 * s1 */
-        /* d1 = h0 * r1 + h1 * r0 + h2 * s4 + h3 * s3 + h4 * s2 */
-        /* d2 = h0 * r2 + h1 * r1 + h2 * r0 + h3 * s4 + h4 * s3 */
-        /* d3 = h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * s4 */
-        /* d4 = h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0 */
-        "MUL        x19, x14, x14        \n\t"
-        "MUL        x20, x14, x15        \n\t"
-        "MUL        x21, x14, x16        \n\t"
-        "MUL        x22, x14, x17        \n\t"
-        "MUL        x23, x14, x7         \n\t"
-        "MADD       x19, x15, x27, x19   \n\t"
-        "MADD       x20, x15, x14, x20   \n\t"
-        "MADD       x21, x15, x15, x21   \n\t"
-        "MADD       x22, x15, x16, x22   \n\t"
-        "MADD       x23, x15, x17, x23   \n\t"
-        "MADD       x19, x16, x26, x19   \n\t"
-        "MADD       x20, x16, x27, x20   \n\t"
-        "MADD       x21, x16, x14, x21   \n\t"
-        "MADD       x22, x16, x15, x22   \n\t"
-        "MADD       x23, x16, x16, x23   \n\t"
-        "MADD       x19, x17, x25, x19   \n\t"
-        "MADD       x20, x17, x26, x20   \n\t"
-        "MADD       x21, x17, x27, x21   \n\t"
-        "MADD       x22, x17, x14, x22   \n\t"
-        "MADD       x23, x17, x15, x23   \n\t"
-        "MADD       x19, x7, x24, x19    \n\t"
-        "MADD       x20, x7, x25, x20    \n\t"
-        "MADD       x21, x7, x26, x21    \n\t"
-        "MADD       x22, x7, x27, x22    \n\t"
-        "MADD       x23, x7, x14, x23    \n\t"
-        /* r^4 % P */
-        "ADD        x20, x20, x19, LSR #26 \n\t"
-        "ADD        x23, x23, x22, LSR #26 \n\t"
-        "AND        x19, x19, #0x3ffffff \n\t"
-        "LSR        x9, x23, #26         \n\t"
-        "AND        x22, x22, #0x3ffffff \n\t"
-        "MADD       x19, x9, x8, x19     \n\t"
-        "ADD        x21, x21, x20, LSR #26 \n\t"
-        "AND        x20, x20, #0x3ffffff \n\t"
-        "AND        x23, x23, #0x3ffffff \n\t"
-        "ADD        x22, x22, x21, LSR #26 \n\t"
-        "AND        x21, x21, #0x3ffffff \n\t"
-        "ADD        x20, x20, x19, LSR #26 \n\t"
-        "AND        x19, x19, #0x3ffffff \n\t"
-        "ADD        x23, x23, x22, LSR #26 \n\t"
-        "AND        x22, x22, #0x3ffffff \n\t"
+        /* Get top two bits from r^2[2]. */
+        "AND        x10, x14, 3\n\t"
+        /* Get high bits from r^2[2]. */
+        "AND        x14, x14, -4\n\t"
+        /* Add top bits * 4. */
+        "ADDS       x8, x12, x14\n\t"
+        "ADCS       x9, x13, x15\n\t"
+        "ADC        x10, x10, xzr\n\t"
+        /* Move down 2 bits. */
+        "EXTR       x14, x15, x14, 2\n\t"
+        "LSR        x15, x15, 2\n\t"
+        /* Add top bits. */
+        "ADDS       x8, x8, x14\n\t"
+        "ADCS       x9, x9, x15\n\t"
+        "ADC        x10, x10, xzr\n\t"
+        /* 130-bits: Base 64 -> Base 26 */
+        "EXTR       x15, x10, x9, #40\n\t"
+        "AND        x14, x20, x9, LSR #14\n\t"
+        "EXTR       x13, x9, x8, #52\n\t"
+        "AND        x12, x20, x8, LSR #26\n\t"
+        "AND        x11, x8, x20\n\t"
+        "AND        x13, x13, x20\n\t"
+        "AND        x15, x15, x20\n\t"
         /* Store r^2 */
-        "ORR        x14, x14, x15, LSL #32 \n\t"
-        "ORR        x16, x16, x17, LSL #32 \n\t"
-        "STP        x14, x16, [%[ctx_r_2]] \n\t"
-        "STR        w7, [%[ctx_r_2], #16] \n\t"
+        "STP        w11, w12, [%[ctx_r_2], #0]   \n\t"
+        "STP        w13, w14, [%[ctx_r_2], #8]   \n\t"
+        "STR        w15, [%[ctx_r_2], #16]   \n\t"
+
+        /* Compute r^4 */
+        /* r0 * r0 */
+        "MUL        x12, x8, x8\n\t"
+        "UMULH      x13, x8, x8\n\t"
+        /* 2 * r0 * r1 */
+        "MUL        x15, x8, x9\n\t"
+        "UMULH      x16, x8, x9\n\t"
+        "ADDS       x13, x13, x15\n\t"
+        "ADC        x14, xzr, x16\n\t"
+        "ADDS       x13, x13, x15\n\t"
+        "ADCS       x14, x14, x16\n\t"
+        "ADC        x15, xzr, xzr\n\t"
+        /* 2 * r0 * r2 */
+        "MUL        x16, x8, x10\n\t"
+        "UMULH      x17, x8, x10\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        "ADC        x15, x15, x17\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        "ADC        x15, x15, x17\n\t"
+        /* r1 * r1 */
+        "MUL        x16, x9, x9\n\t"
+        "UMULH      x17, x9, x9\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        "ADCS       x15, x15, x17\n\t"
+        "ADC        x16, xzr, xzr\n\t"
+        /* 2 * r1 * r2 */
+        "MUL        x17, x9, x10\n\t"
+        "UMULH      x19, x9, x10\n\t"
+        "ADDS       x15, x15, x17\n\t"
+        "ADC        x16, x16, x19\n\t"
+        "ADDS       x15, x15, x17\n\t"
+        "ADC        x16, x16, x19\n\t"
+        /* r2 * r2 */
+        "MUL        x17, x10, x10\n\t"
+        "ADD        x16, x16, x17\n\t"
+        /* r_4 = r^4 % P */
+        /* Get top two bits from r^4[2]. */
+        "AND        x10, x14, 3\n\t"
+        /* Get high bits from r^4[2]. */
+        "AND        x14, x14, -4\n\t"
+        /* Add top bits * 4. */
+        "ADDS       x8, x12, x14\n\t"
+        "ADCS       x9, x13, x15\n\t"
+        "ADC        x10, x10, x16\n\t"
+        /* Move down 2 bits. */
+        "EXTR       x14, x15, x14, 2\n\t"
+        "EXTR       x15, x16, x15, 2\n\t"
+        "LSR        x16, x16, 2\n\t"
+        /* Add top bits. */
+        "ADDS       x8, x8, x14\n\t"
+        "ADCS       x9, x9, x15\n\t"
+        "ADC        x10, x10, x16\n\t"
+        /* Top again as it was 260 bits mod less than 130 bits. */
+        "AND        x11, x10, -4\n\t"
+        "AND        x10, x10, 3\n\t"
+        "ADD        x11, x11, x11, LSR #2\n\t"
+        "ADDS       x8, x8, x11\n\t"
+        "ADCS       x9, x9, xzr\n\t"
+        "ADC        x10, x10, xzr\n\t"
+        /* 130-bits: Base 64 -> Base 26 */
+        "EXTR       x15, x10, x9, #40\n\t"
+        "AND        x14, x20, x9, LSR #14\n\t"
+        "EXTR       x13, x9, x8, #52\n\t"
+        "AND        x12, x20, x8, LSR #26\n\t"
+        "AND        x11, x8, x20\n\t"
+        "AND        x13, x13, x20\n\t"
+        "AND        x15, x15, x20\n\t"
         /* Store r^4 */
-        "ORR        x19, x19, x20, LSL #32 \n\t"
-        "ORR        x21, x21, x22, LSL #32 \n\t"
-        "STP        x19, x21, [%[ctx_r_4]] \n\t"
-        "STR        w23, [%[ctx_r_4], #16] \n\t"
+        "STP        w11, w12, [%[ctx_r_4], #0]   \n\t"
+        "STP        w13, w14, [%[ctx_r_4], #8]   \n\t"
+        "STR        w15, [%[ctx_r_4], #16]   \n\t"
+
         /* h (accumulator) = 0 */
         "STP        xzr, xzr, [%[ctx_h_0]] \n\t"
         "STR        wzr, [%[ctx_h_0], #16] \n\t"
-        /* Save pad for later */
-        "STP        x10, x11, [%[ctx_pad]] \n\t"
         /* Zero leftover */
         "STR        xzr, [%[ctx_leftover]] \n\t"
         /* Zero finished */
@@ -1062,6 +1033,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
         :
         : [clamp] "r" (clamp),
           [key] "r" (key),
+          [ctx_r64] "r" (ctx->r64),
           [ctx_r] "r" (ctx->r),
           [ctx_r_2] "r" (ctx->r_2),
           [ctx_r_4] "r" (ctx->r_4),
@@ -1070,9 +1042,8 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
           [ctx_leftover] "r" (&ctx->leftover),
           [ctx_finished] "r" (&ctx->finished)
         : "memory", "cc",
-          "w7", "w14", "w15", "w16", "w17", "w19", "w20", "w21", "w22", "w23",
-          "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16",
-          "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27"
+          "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17",
+          "x19", "x20"
     );
 
     return 0;
@@ -1081,7 +1052,6 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
 
 int wc_Poly1305Final(Poly1305* ctx, byte* mac)
 {
-
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
@@ -1092,72 +1062,59 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
         for (; i < POLY1305_BLOCK_SIZE; i++)
             ctx->buffer[i] = 0;
         ctx->finished = 1;
-        poly1305_block(ctx, ctx->buffer);
+        poly1305_block_aarch64(ctx, ctx->buffer);
     }
 
     __asm__ __volatile__ (
-        /* Load raw h and zero h registers */
-        "LDP        x2, x3, %[h_addr]    \n\t"
-        "MOV        x5, xzr              \n\t"
-        "LDR        w4, %[h_4_addr]      \n\t"
-        "MOV        x6, xzr              \n\t"
-        "LDP        x16, x17, %[pad_addr] \n\t"
+        "LDP        x9, x10, %[ctx_pad] \n\t"
+        /* Load h */
+        "LDP        w4, w5, [%[ctx_h], #0]   \n\t"
+        "LDP        w6, w7, [%[ctx_h], #8]   \n\t"
+        "LDR        w8, [%[ctx_h], #16]   \n\t"
         /* Base 26 -> Base 64 */
-        "MOV        w5, w2               \n\t"
-        "LSR        x2, x2, #32          \n\t"
-        "ORR        x5, x5, x2, LSL #26  \n\t"
-        "ORR        x5, x5, x3, LSL #52  \n\t"
-        "LSR        w6, w3, #12          \n\t"
-        "LSR        x3, x3, #32          \n\t"
-        "ORR        x6, x6, x3, LSL #14  \n\t"
-        "ORR        x6, x6, x4, LSL #40  \n\t"
-        "LSR        x7, x4, #24          \n\t"
+        "ORR        x4, x4, x5, LSL #26\n\t"
+        "ORR        x4, x4, x6, LSL #52\n\t"
+        "LSR        x5, x6, #12\n\t"
+        "ORR        x5, x5, x7, LSL #14\n\t"
+        "ORR        x5, x5, x8, LSL #40\n\t"
+        "LSR        x6, x8, #24\n\t"
         /* Check if h is larger than p */
-        "ADDS       x2, x5, #5           \n\t"
-        "ADCS       x3, x6, xzr          \n\t"
-        "ADC        x4, x7, xzr          \n\t"
+        "ADDS       x1, x4, #5           \n\t"
+        "ADCS       x2, x5, xzr          \n\t"
+        "ADC        x3, x6, xzr          \n\t"
         /* Check if h+5 is larger than 2^130 */
-        "CMP        x4, #3               \n\t"
+        "CMP        x3, #3               \n\t"
+        "CSEL       x4, x1, x4, HI       \n\t"
         "CSEL       x5, x2, x5, HI       \n\t"
-        "CSEL       x6, x3, x6, HI       \n\t"
-        "ADDS       x5, x5, x16          \n\t"
-        "ADC        x6, x6, x17          \n\t"
-        "STP        x5, x6, [%[mac]]     \n\t"
-        : [mac] "+r" (mac)
-        : [pad_addr] "m" (ctx->pad),
-          [h_addr] "m" (ctx->h),
-          [h_4_addr] "m" (ctx->h[4])
+        "ADDS       x4, x4, x9           \n\t"
+        "ADC        x5, x5, x10          \n\t"
+        "STP        x4, x5, [%[mac]]     \n\t"
+
+        /* Zero out h */
+        "STP        xzr, xzr, [%[ctx_h]] \n\t"
+        "STR        wzr, [%[ctx_h], #16] \n\t"
+        /* Zero out r64 */
+        "STP        xzr, xzr, [%[ctx_r64]] \n\t"
+        /* Zero out r */
+        "STP        xzr, xzr, [%[ctx_r]] \n\t"
+        "STR        wzr, [%[ctx_r], #16] \n\t"
+        /* Zero out r_2 */
+        "STP        xzr, xzr, [%[ctx_r_2]] \n\t"
+        "STR        wzr, [%[ctx_r_2], #16] \n\t"
+        /* Zero out r_4 */
+        "STP        xzr, xzr, [%[ctx_r_4]] \n\t"
+        "STR        wzr, [%[ctx_r_4], #16] \n\t"
+        /* Zero out pad */
+        "STP        xzr, xzr, %[ctx_pad] \n\t"
+        :
+        : [ctx_pad] "m" (ctx->pad), [ctx_h] "r" (ctx->h), [mac] "r" (mac),
+          [ctx_r64] "r" (ctx->r64), [ctx_r] "r" (ctx->r),
+          [ctx_r_2] "r" (ctx->r_2), [ctx_r_4] "r" (ctx->r_4)
         : "memory", "cc",
-          "w2", "w3", "w4", "w5", "w6", "w7", "x2", "x3", "x4", "x5",
-          "x6", "x7", "x16", "x17"
+          "w4", "w5", "w6", "w7", "w8",
+          "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10"
     );
 
-    /* zero out the state */
-    ctx->h[0] = 0;
-    ctx->h[1] = 0;
-    ctx->h[2] = 0;
-    ctx->h[3] = 0;
-    ctx->h[4] = 0;
-    ctx->r[0] = 0;
-    ctx->r[1] = 0;
-    ctx->r[2] = 0;
-    ctx->r[3] = 0;
-    ctx->r[4] = 0;
-    ctx->r_2[0] = 0;
-    ctx->r_2[1] = 0;
-    ctx->r_2[2] = 0;
-    ctx->r_2[3] = 0;
-    ctx->r_2[4] = 0;
-    ctx->r_4[0] = 0;
-    ctx->r_4[1] = 0;
-    ctx->r_4[2] = 0;
-    ctx->r_4[3] = 0;
-    ctx->r_4[4] = 0;
-    ctx->pad[0] = 0;
-    ctx->pad[1] = 0;
-    ctx->pad[2] = 0;
-    ctx->pad[3] = 0;
-
     return 0;
 }
 
diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c
index 5555aa8e2a..dabe7af9c3 100644
--- a/wolfcrypt/src/port/arm/armv8-sha256.c
+++ b/wolfcrypt/src/port/arm/armv8-sha256.c
@@ -1,6 +1,6 @@
 /* armv8-sha256.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -57,6 +57,10 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
 #if defined(FREESCALE_MMCAU_SHA)
     #ifdef FREESCALE_MMCAU_CLASSIC_SHA
         #include "cau_api.h"
@@ -1513,25 +1517,44 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
 
 int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
 {
+    int ret = 0;
     if (sha256 == NULL)
         return BAD_FUNC_ARG;
+    ret = InitSha256(sha256);
+    if (ret != 0)
+        return ret;
 
     sha256->heap = heap;
 #ifdef WOLF_CRYPTO_CB
     sha256->devId = devId;
+    sha256->devCtx = NULL;
 #endif
-    (void)devId;
 
-    return InitSha256(sha256);
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+    (void)devId;
+    return ret;
 }
 
 int wc_InitSha256(wc_Sha256* sha256)
 {
-    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha256_ex(sha256, NULL, devId);
 }
 
 void wc_Sha256Free(wc_Sha256* sha256)
 {
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+#endif
     (void)sha256;
 }
 
@@ -1541,6 +1564,18 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha256->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha256Hash(sha256, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha256Update(sha256, data, len);
 }
 
@@ -1573,6 +1608,18 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha256->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_Sha256Hash(sha256, NULL, 0, hash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     ret = Sha256Final(sha256, hash);
     if (ret != 0)
         return ret;
@@ -1621,6 +1668,13 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
 
     XMEMCPY(dst, src, sizeof(wc_Sha256));
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-sha3-asm.S
index 209ee0cf48..1652f41b4c 100644
--- a/wolfcrypt/src/port/arm/armv8-sha3-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-sha3-asm.S
@@ -1,6 +1,6 @@
 /* armv8-sha3-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
index 1f2d040849..bb4114d42b 100644
--- a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-sha3-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-sha512-asm.S
index 3ff015800b..5ff72c37b7 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-sha512-asm.S
@@ -1,6 +1,6 @@
 /* armv8-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
index 027dc8a133..ba7dc82e06 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/armv8-sha512.c b/wolfcrypt/src/port/arm/armv8-sha512.c
index 3eaefff831..5a0691bee3 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512.c
@@ -1,6 +1,6 @@
 /* sha512.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -172,6 +172,10 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     sha512->W = NULL;
 #endif
+#ifdef WOLF_CRYPTO_CB
+    sha512->devId = devId;
+    sha512->devCtx = NULL;
+#endif
 
     if (type == WC_HASH_TYPE_SHA512) {
         ret = InitSha512(sha512);
@@ -201,6 +205,12 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
 
 int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
 {
+#ifdef MAX3266X_SHA_CB
+    if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0) {
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     return InitSha512_Family(sha512, heap, devId, WC_HASH_TYPE_SHA512);
 }
 
@@ -508,6 +518,18 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha512->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha512Update(sha512, data, len);
 }
 
@@ -626,13 +648,20 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash,
         return BAD_FUNC_ARG;
 
 #ifdef WOLF_CRYPTO_CB
-    if (sha512->devId != INVALID_DEVID) {
-        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
-        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha512->devId != INVALID_DEVID)
+    #endif
+    {
+        byte localHash[WC_SHA512_DIGEST_SIZE];
+        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, localHash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            XMEMCPY(hash, localHash, digestSz);
             return ret;
+        }
         /* fall-through when unavailable */
     }
 #endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
     if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
     #if defined(HAVE_INTEL_QA)
@@ -661,7 +690,12 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
 
 int wc_InitSha512(wc_Sha512* sha512)
 {
-    return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha512_ex(sha512, NULL, devId);
 }
 
 void wc_Sha512Free(wc_Sha512* sha512)
@@ -670,11 +704,14 @@ void wc_Sha512Free(wc_Sha512* sha512)
         return;
 
 #ifdef WOLFSSL_SMALL_STACK_CACHE
-    if (sha512->W != NULL) {
-        XFREE(sha512->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        sha512->W = NULL;
-    }
+    XFREE(sha512->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    sha512->W = NULL;
 #endif
+
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+#endif
+
 }
 
 #ifdef OPENSSL_EXTRA
@@ -726,6 +763,18 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha384->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha512Update((wc_Sha512*)sha384, data, len);
 }
 
@@ -759,6 +808,18 @@ int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha384->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     ret = Sha512Final((wc_Sha512*)sha384);
     if (ret != 0)
         return ret;
@@ -784,7 +845,16 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     sha384->W = NULL;
 #endif
-
+#ifdef WOLF_CRYPTO_CB
+    sha384->devId = devId;
+    sha384->devCtx = NULL;
+#endif
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
     (void)devId;
 
     return ret;
@@ -792,7 +862,12 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 
 int wc_InitSha384(wc_Sha384* sha384)
 {
-    return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha384_ex(sha384, NULL, devId);
 }
 
 void wc_Sha384Free(wc_Sha384* sha384)
@@ -801,11 +876,14 @@ void wc_Sha384Free(wc_Sha384* sha384)
         return;
 
 #ifdef WOLFSSL_SMALL_STACK_CACHE
-    if (sha384->W != NULL) {
-        XFREE(sha384->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        sha384->W = NULL;
-    }
+    XFREE(sha384->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    sha384->W = NULL;
+#endif
+
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
 #endif
+
 }
 
 #endif /* WOLFSSL_SHA384 */
@@ -884,6 +962,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
      dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
@@ -1041,6 +1126,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
      dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/arm/cryptoCell.c b/wolfcrypt/src/port/arm/cryptoCell.c
index 1c73349e11..0a9a7cdde5 100644
--- a/wolfcrypt/src/port/arm/cryptoCell.c
+++ b/wolfcrypt/src/port/arm/cryptoCell.c
@@ -1,6 +1,6 @@
 /* cryptoCell.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/cryptoCellHash.c b/wolfcrypt/src/port/arm/cryptoCellHash.c
index cf567c2870..bbcd208b05 100644
--- a/wolfcrypt/src/port/arm/cryptoCellHash.c
+++ b/wolfcrypt/src/port/arm/cryptoCellHash.c
@@ -1,6 +1,6 @@
 /* cryptoCellHash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm.S b/wolfcrypt/src/port/arm/thumb2-aes-asm.S
index 68695a7ea8..34f860884c 100644
--- a/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-aes-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-aes-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -670,7 +670,7 @@ L_AES_invert_key_mix_loop:
 	EOR	r8, r8, r9, ROR #24
 	STR	r8, [r0], #4
 	SUBS	r11, r11, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_invert_key_mix_loop
 #else
 	BNE.W	L_AES_invert_key_mix_loop
@@ -703,13 +703,13 @@ AES_set_encrypt_key:
 	LDR	r10, L_AES_Thumb2_te
 	ADR	lr, L_AES_Thumb2_rcon
 	CMP	r1, #0x80
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_set_encrypt_key_start_128
 #else
 	BEQ.W	L_AES_set_encrypt_key_start_128
 #endif
 	CMP	r1, #0xc0
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_set_encrypt_key_start_192
 #else
 	BEQ.W	L_AES_set_encrypt_key_start_192
@@ -1026,7 +1026,7 @@ L_AES_encrypt_block_nr:
 	EOR	r6, r6, r10
 	EOR	r7, r7, r11
 	SUBS	r1, r1, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_encrypt_block_nr
 #else
 	BNE.W	L_AES_encrypt_block_nr
@@ -1154,13 +1154,13 @@ AES_ECB_encrypt:
 	LDR	r12, [sp, #36]
 	PUSH	{r3}
 	CMP	r12, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_ECB_encrypt_start_block_128
 #else
 	BEQ.W	L_AES_ECB_encrypt_start_block_128
 #endif
 	CMP	r12, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_ECB_encrypt_start_block_192
 #else
 	BEQ.W	L_AES_ECB_encrypt_start_block_192
@@ -1196,7 +1196,7 @@ L_AES_ECB_encrypt_loop_block_256:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_encrypt_loop_block_256
 #else
 	BNE.W	L_AES_ECB_encrypt_loop_block_256
@@ -1238,7 +1238,7 @@ L_AES_ECB_encrypt_loop_block_192:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_encrypt_loop_block_192
 #else
 	BNE.W	L_AES_ECB_encrypt_loop_block_192
@@ -1280,7 +1280,7 @@ L_AES_ECB_encrypt_loop_block_128:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_encrypt_loop_block_128
 #else
 	BNE.W	L_AES_ECB_encrypt_loop_block_128
@@ -1305,13 +1305,13 @@ AES_CBC_encrypt:
 	LDM	r9, {r4, r5, r6, r7}
 	PUSH	{r3, r9}
 	CMP	r8, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_encrypt_start_block_128
 #else
 	BEQ.W	L_AES_CBC_encrypt_start_block_128
 #endif
 	CMP	r8, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_encrypt_start_block_192
 #else
 	BEQ.W	L_AES_CBC_encrypt_start_block_192
@@ -1351,7 +1351,7 @@ L_AES_CBC_encrypt_loop_block_256:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_encrypt_loop_block_256
 #else
 	BNE.W	L_AES_CBC_encrypt_loop_block_256
@@ -1397,7 +1397,7 @@ L_AES_CBC_encrypt_loop_block_192:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_encrypt_loop_block_192
 #else
 	BNE.W	L_AES_CBC_encrypt_loop_block_192
@@ -1443,7 +1443,7 @@ L_AES_CBC_encrypt_loop_block_128:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_encrypt_loop_block_128
 #else
 	BNE.W	L_AES_CBC_encrypt_loop_block_128
@@ -1474,13 +1474,13 @@ AES_CTR_encrypt:
 	STM	r8, {r4, r5, r6, r7}
 	PUSH	{r3, r8}
 	CMP	r12, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CTR_encrypt_start_block_128
 #else
 	BEQ.W	L_AES_CTR_encrypt_start_block_128
 #endif
 	CMP	r12, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CTR_encrypt_start_block_192
 #else
 	BEQ.W	L_AES_CTR_encrypt_start_block_192
@@ -1524,12 +1524,12 @@ L_AES_CTR_encrypt_loop_block_256:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CTR_encrypt_loop_block_256
 #else
 	BNE.W	L_AES_CTR_encrypt_loop_block_256
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_CTR_encrypt_end
 #else
 	B.W	L_AES_CTR_encrypt_end
@@ -1574,12 +1574,12 @@ L_AES_CTR_encrypt_loop_block_192:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CTR_encrypt_loop_block_192
 #else
 	BNE.W	L_AES_CTR_encrypt_loop_block_192
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_CTR_encrypt_end
 #else
 	B.W	L_AES_CTR_encrypt_end
@@ -1624,7 +1624,7 @@ L_AES_CTR_encrypt_loop_block_128:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CTR_encrypt_loop_block_128
 #else
 	BNE.W	L_AES_CTR_encrypt_loop_block_128
@@ -1750,7 +1750,7 @@ L_AES_decrypt_block_nr:
 	EOR	r6, r6, r10
 	EOR	r7, r7, r11
 	SUBS	r1, r1, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_decrypt_block_nr
 #else
 	BNE.W	L_AES_decrypt_block_nr
@@ -2138,13 +2138,13 @@ AES_ECB_decrypt:
 	MOV	r12, r2
 	ADR	r2, L_AES_Thumb2_td4
 	CMP	r8, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_ECB_decrypt_start_block_128
 #else
 	BEQ.W	L_AES_ECB_decrypt_start_block_128
 #endif
 	CMP	r8, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_ECB_decrypt_start_block_192
 #else
 	BEQ.W	L_AES_ECB_decrypt_start_block_192
@@ -2179,7 +2179,7 @@ L_AES_ECB_decrypt_loop_block_256:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_decrypt_loop_block_256
 #else
 	BNE.W	L_AES_ECB_decrypt_loop_block_256
@@ -2220,7 +2220,7 @@ L_AES_ECB_decrypt_loop_block_192:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_decrypt_loop_block_192
 #else
 	BNE.W	L_AES_ECB_decrypt_loop_block_192
@@ -2261,7 +2261,7 @@ L_AES_ECB_decrypt_loop_block_128:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_decrypt_loop_block_128
 #else
 	BNE.W	L_AES_ECB_decrypt_loop_block_128
@@ -2286,13 +2286,13 @@ AES_CBC_decrypt:
 	ADR	r2, L_AES_Thumb2_td4
 	PUSH	{r3, r4}
 	CMP	r8, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_decrypt_loop_block_128
 #else
 	BEQ.W	L_AES_CBC_decrypt_loop_block_128
 #endif
 	CMP	r8, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_decrypt_loop_block_192
 #else
 	BEQ.W	L_AES_CBC_decrypt_loop_block_192
@@ -2337,7 +2337,7 @@ L_AES_CBC_decrypt_loop_block_256:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_decrypt_end_odd
 #else
 	BEQ.W	L_AES_CBC_decrypt_end_odd
@@ -2382,12 +2382,12 @@ L_AES_CBC_decrypt_loop_block_256:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_decrypt_loop_block_256
 #else
 	BNE.W	L_AES_CBC_decrypt_loop_block_256
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_CBC_decrypt_end
 #else
 	B.W	L_AES_CBC_decrypt_end
@@ -2432,7 +2432,7 @@ L_AES_CBC_decrypt_loop_block_192:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_decrypt_end_odd
 #else
 	BEQ.W	L_AES_CBC_decrypt_end_odd
@@ -2477,12 +2477,12 @@ L_AES_CBC_decrypt_loop_block_192:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_decrypt_loop_block_192
 #else
 	BNE.W	L_AES_CBC_decrypt_loop_block_192
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_CBC_decrypt_end
 #else
 	B.W	L_AES_CBC_decrypt_end
@@ -2527,7 +2527,7 @@ L_AES_CBC_decrypt_loop_block_128:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_decrypt_end_odd
 #else
 	BEQ.W	L_AES_CBC_decrypt_end_odd
@@ -2572,7 +2572,7 @@ L_AES_CBC_decrypt_loop_block_128:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_decrypt_loop_block_128
 #else
 	BNE.W	L_AES_CBC_decrypt_loop_block_128
@@ -3170,7 +3170,7 @@ L_GCM_gmult_len_start_block:
 	POP	{r3}
 	SUBS	r3, r3, #0x10
 	ADD	r2, r2, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_GCM_gmult_len_start_block
 #else
 	BNE.W	L_GCM_gmult_len_start_block
@@ -3202,13 +3202,13 @@ AES_GCM_encrypt:
 	STM	r8, {r4, r5, r6, r7}
 	PUSH	{r3, r8}
 	CMP	r12, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_GCM_encrypt_start_block_128
 #else
 	BEQ.W	L_AES_GCM_encrypt_start_block_128
 #endif
 	CMP	r12, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_GCM_encrypt_start_block_192
 #else
 	BEQ.W	L_AES_GCM_encrypt_start_block_192
@@ -3249,12 +3249,12 @@ L_AES_GCM_encrypt_loop_block_256:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_GCM_encrypt_loop_block_256
 #else
 	BNE.W	L_AES_GCM_encrypt_loop_block_256
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_GCM_encrypt_end
 #else
 	B.W	L_AES_GCM_encrypt_end
@@ -3296,12 +3296,12 @@ L_AES_GCM_encrypt_loop_block_192:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_GCM_encrypt_loop_block_192
 #else
 	BNE.W	L_AES_GCM_encrypt_loop_block_192
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_GCM_encrypt_end
 #else
 	B.W	L_AES_GCM_encrypt_end
@@ -3343,7 +3343,7 @@ L_AES_GCM_encrypt_loop_block_128:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_GCM_encrypt_loop_block_128
 #else
 	BNE.W	L_AES_GCM_encrypt_loop_block_128
diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
index 399157589e..ddf9d11412 100644
--- a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-aes-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -211,23 +211,33 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
         "ADD	r10, %[ks], %[rounds], LSL #4\n\t"
         "MOV	r11, %[rounds]\n\t"
         "\n"
-    "L_AES_invert_key_loop%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_invert_key_loop:\n\t"
+#else
+    "L_AES_invert_key_loop_%=:\n\t"
+#endif
         "LDM	%[ks], {r2, r3, r4, r5}\n\t"
         "LDM	r10, {r6, r7, r8, r9}\n\t"
         "STM	r10, {r2, r3, r4, r5}\n\t"
         "STM	%[ks]!, {r6, r7, r8, r9}\n\t"
         "SUBS	r11, r11, #0x2\n\t"
         "SUB	r10, r10, #0x10\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_AES_invert_key_loop%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_invert_key_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_AES_invert_key_loop\n\t"
 #else
-        "BNE.N	L_AES_invert_key_loop%=\n\t"
+        "BNE.N	L_AES_invert_key_loop_%=\n\t"
 #endif
         "SUB	%[ks], %[ks], %[rounds], LSL #3\n\t"
         "ADD	%[ks], %[ks], #0x10\n\t"
         "SUB	r11, %[rounds], #0x1\n\t"
         "\n"
-    "L_AES_invert_key_mix_loop%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_invert_key_mix_loop:\n\t"
+#else
+    "L_AES_invert_key_mix_loop_%=:\n\t"
+#endif
         "LDM	%[ks], {r2, r3, r4, r5}\n\t"
         "UBFX	r6, r2, #0, #8\n\t"
         "UBFX	r7, r2, #8, #8\n\t"
@@ -294,10 +304,12 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
         "EOR	r8, r8, r9, ROR #24\n\t"
         "STR	r8, [%[ks]], #4\n\t"
         "SUBS	r11, r11, #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_invert_key_mix_loop%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_invert_key_mix_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_invert_key_mix_loop\n\t"
 #else
-        "BNE.W	L_AES_invert_key_mix_loop%=\n\t"
+        "BNE.W	L_AES_invert_key_mix_loop_%=\n\t"
 #endif
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [ks] "+r" (ks), [rounds] "+r" (rounds),
@@ -339,16 +351,20 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "MOV	r10, %[L_AES_Thumb2_te]\n\t"
         "MOV	lr, %[L_AES_Thumb2_rcon]\n\t"
         "CMP	%[len], #0x80\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_set_encrypt_key_start_128%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_set_encrypt_key_start_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_set_encrypt_key_start_128\n\t"
 #else
-        "BEQ.W	L_AES_set_encrypt_key_start_128%=\n\t"
+        "BEQ.W	L_AES_set_encrypt_key_start_128_%=\n\t"
 #endif
         "CMP	%[len], #0xc0\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_set_encrypt_key_start_192%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_set_encrypt_key_start_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_set_encrypt_key_start_192\n\t"
 #else
-        "BEQ.W	L_AES_set_encrypt_key_start_192%=\n\t"
+        "BEQ.W	L_AES_set_encrypt_key_start_192_%=\n\t"
 #endif
         "LDR	r4, [%[key]]\n\t"
         "LDR	r5, [%[key], #4]\n\t"
@@ -371,7 +387,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "SUB	%[ks], %[ks], #0x10\n\t"
         "MOV	r12, #0x6\n\t"
         "\n"
-    "L_AES_set_encrypt_key_loop_256%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_set_encrypt_key_loop_256:\n\t"
+#else
+    "L_AES_set_encrypt_key_loop_256_%=:\n\t"
+#endif
         "UBFX	r4, r7, #0, #8\n\t"
         "UBFX	r5, r7, #8, #8\n\t"
         "UBFX	r6, r7, #16, #8\n\t"
@@ -414,10 +434,12 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "STM	%[ks], {r4, r5, r6, r7}\n\t"
         "SUB	%[ks], %[ks], #0x10\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_AES_set_encrypt_key_loop_256%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_set_encrypt_key_loop_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_AES_set_encrypt_key_loop_256\n\t"
 #else
-        "BNE.N	L_AES_set_encrypt_key_loop_256%=\n\t"
+        "BNE.N	L_AES_set_encrypt_key_loop_256_%=\n\t"
 #endif
         "UBFX	r4, r7, #0, #8\n\t"
         "UBFX	r5, r7, #8, #8\n\t"
@@ -440,13 +462,19 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "ADD	%[ks], %[ks], #0x10\n\t"
         "STM	%[ks], {r4, r5, r6, r7}\n\t"
         "SUB	%[ks], %[ks], #0x10\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_set_encrypt_key_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_set_encrypt_key_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_AES_set_encrypt_key_end\n\t"
 #else
-        "B.N	L_AES_set_encrypt_key_end%=\n\t"
+        "B.N	L_AES_set_encrypt_key_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_set_encrypt_key_start_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_set_encrypt_key_start_192:\n\t"
+#else
+    "L_AES_set_encrypt_key_start_192_%=:\n\t"
+#endif
         "LDR	r4, [%[key]]\n\t"
         "LDR	r5, [%[key], #4]\n\t"
         "LDR	r6, [%[key], #8]\n\t"
@@ -464,7 +492,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "MOV	r7, r9\n\t"
         "MOV	r12, #0x7\n\t"
         "\n"
-    "L_AES_set_encrypt_key_loop_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_set_encrypt_key_loop_192:\n\t"
+#else
+    "L_AES_set_encrypt_key_loop_192_%=:\n\t"
+#endif
         "UBFX	r4, r9, #0, #8\n\t"
         "UBFX	r5, r9, #8, #8\n\t"
         "UBFX	r6, r9, #16, #8\n\t"
@@ -487,10 +519,12 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r9, r9, r8\n\t"
         "STM	%[ks], {r4, r5, r6, r7, r8, r9}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_AES_set_encrypt_key_loop_192%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_set_encrypt_key_loop_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_AES_set_encrypt_key_loop_192\n\t"
 #else
-        "BNE.N	L_AES_set_encrypt_key_loop_192%=\n\t"
+        "BNE.N	L_AES_set_encrypt_key_loop_192_%=\n\t"
 #endif
         "UBFX	r4, r9, #0, #8\n\t"
         "UBFX	r5, r9, #8, #8\n\t"
@@ -511,13 +545,19 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r6, r6, r5\n\t"
         "EOR	r7, r7, r6\n\t"
         "STM	%[ks], {r4, r5, r6, r7}\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_set_encrypt_key_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_set_encrypt_key_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_AES_set_encrypt_key_end\n\t"
 #else
-        "B.N	L_AES_set_encrypt_key_end%=\n\t"
+        "B.N	L_AES_set_encrypt_key_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_set_encrypt_key_start_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_set_encrypt_key_start_128:\n\t"
+#else
+    "L_AES_set_encrypt_key_start_128_%=:\n\t"
+#endif
         "LDR	r4, [%[key]]\n\t"
         "LDR	r5, [%[key], #4]\n\t"
         "LDR	r6, [%[key], #8]\n\t"
@@ -529,7 +569,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "STM	%[ks], {r4, r5, r6, r7}\n\t"
         "MOV	r12, #0xa\n\t"
         "\n"
-    "L_AES_set_encrypt_key_loop_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_set_encrypt_key_loop_128:\n\t"
+#else
+    "L_AES_set_encrypt_key_loop_128_%=:\n\t"
+#endif
         "UBFX	r4, r7, #0, #8\n\t"
         "UBFX	r5, r7, #8, #8\n\t"
         "UBFX	r6, r7, #16, #8\n\t"
@@ -550,13 +594,19 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r7, r7, r6\n\t"
         "STM	%[ks], {r4, r5, r6, r7}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_AES_set_encrypt_key_loop_128%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_set_encrypt_key_loop_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_AES_set_encrypt_key_loop_128\n\t"
 #else
-        "BNE.N	L_AES_set_encrypt_key_loop_128%=\n\t"
+        "BNE.N	L_AES_set_encrypt_key_loop_128_%=\n\t"
 #endif
         "\n"
-    "L_AES_set_encrypt_key_end%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_set_encrypt_key_end:\n\t"
+#else
+    "L_AES_set_encrypt_key_end_%=:\n\t"
+#endif
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks),
           [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c), [L_AES_Thumb2_rcon] "+r" (L_AES_Thumb2_rcon_c)
@@ -586,7 +636,11 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
 
     __asm__ __volatile__ (
         "\n"
-    "L_AES_encrypt_block_nr%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_encrypt_block_nr:\n\t"
+#else
+    "L_AES_encrypt_block_nr_%=:\n\t"
+#endif
         "UBFX	r8, r5, #16, #8\n\t"
         "LSR	r11, r4, #24\n\t"
         "UBFX	lr, r6, #8, #8\n\t"
@@ -688,10 +742,12 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
         "EOR	r6, r6, r10\n\t"
         "EOR	r7, r7, r11\n\t"
         "SUBS	%[nr], %[nr], #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_encrypt_block_nr%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_encrypt_block_nr_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_encrypt_block_nr\n\t"
 #else
-        "BNE.W	L_AES_encrypt_block_nr%=\n\t"
+        "BNE.W	L_AES_encrypt_block_nr_%=\n\t"
 #endif
         "UBFX	r8, r5, #16, #8\n\t"
         "LSR	r11, r4, #24\n\t"
@@ -830,19 +886,27 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "PUSH	{%[ks]}\n\t"
         "CMP	r12, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_ECB_encrypt_start_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_ECB_encrypt_start_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_ECB_encrypt_start_block_128\n\t"
 #else
-        "BEQ.W	L_AES_ECB_encrypt_start_block_128%=\n\t"
+        "BEQ.W	L_AES_ECB_encrypt_start_block_128_%=\n\t"
 #endif
         "CMP	r12, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_ECB_encrypt_start_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_ECB_encrypt_start_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_ECB_encrypt_start_block_192\n\t"
 #else
-        "BEQ.W	L_AES_ECB_encrypt_start_block_192%=\n\t"
+        "BEQ.W	L_AES_ECB_encrypt_start_block_192_%=\n\t"
 #endif
         "\n"
-    "L_AES_ECB_encrypt_loop_block_256%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_encrypt_loop_block_256:\n\t"
+#else
+    "L_AES_ECB_encrypt_loop_block_256_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -873,20 +937,32 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_encrypt_loop_block_256%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_encrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_ECB_encrypt_loop_block_256\n\t"
 #else
-        "BNE.W	L_AES_ECB_encrypt_loop_block_256%=\n\t"
+        "BNE.W	L_AES_ECB_encrypt_loop_block_256_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_ECB_encrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_ECB_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_AES_ECB_encrypt_end\n\t"
 #else
-        "B.N	L_AES_ECB_encrypt_end%=\n\t"
+        "B.N	L_AES_ECB_encrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_ECB_encrypt_start_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_encrypt_start_block_192:\n\t"
+#else
+    "L_AES_ECB_encrypt_start_block_192_%=:\n\t"
+#endif
         "\n"
-    "L_AES_ECB_encrypt_loop_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_encrypt_loop_block_192:\n\t"
+#else
+    "L_AES_ECB_encrypt_loop_block_192_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -917,20 +993,32 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_encrypt_loop_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_encrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_ECB_encrypt_loop_block_192\n\t"
 #else
-        "BNE.W	L_AES_ECB_encrypt_loop_block_192%=\n\t"
+        "BNE.W	L_AES_ECB_encrypt_loop_block_192_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_ECB_encrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_ECB_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_AES_ECB_encrypt_end\n\t"
 #else
-        "B.N	L_AES_ECB_encrypt_end%=\n\t"
+        "B.N	L_AES_ECB_encrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_ECB_encrypt_start_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_encrypt_start_block_128:\n\t"
+#else
+    "L_AES_ECB_encrypt_start_block_128_%=:\n\t"
+#endif
         "\n"
-    "L_AES_ECB_encrypt_loop_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_encrypt_loop_block_128:\n\t"
+#else
+    "L_AES_ECB_encrypt_loop_block_128_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -961,13 +1049,19 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_encrypt_loop_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_encrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_ECB_encrypt_loop_block_128\n\t"
 #else
-        "BNE.W	L_AES_ECB_encrypt_loop_block_128%=\n\t"
+        "BNE.W	L_AES_ECB_encrypt_loop_block_128_%=\n\t"
 #endif
         "\n"
-    "L_AES_ECB_encrypt_end%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_encrypt_end:\n\t"
+#else
+    "L_AES_ECB_encrypt_end_%=:\n\t"
+#endif
         "POP	{%[ks]}\n\t"
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr),
@@ -1021,19 +1115,27 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "LDM	r9, {r4, r5, r6, r7}\n\t"
         "PUSH	{%[ks], r9}\n\t"
         "CMP	r8, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_encrypt_start_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_encrypt_start_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_CBC_encrypt_start_block_128\n\t"
 #else
-        "BEQ.W	L_AES_CBC_encrypt_start_block_128%=\n\t"
+        "BEQ.W	L_AES_CBC_encrypt_start_block_128_%=\n\t"
 #endif
         "CMP	r8, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_encrypt_start_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_encrypt_start_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_CBC_encrypt_start_block_192\n\t"
 #else
-        "BEQ.W	L_AES_CBC_encrypt_start_block_192%=\n\t"
+        "BEQ.W	L_AES_CBC_encrypt_start_block_192_%=\n\t"
 #endif
         "\n"
-    "L_AES_CBC_encrypt_loop_block_256%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_encrypt_loop_block_256:\n\t"
+#else
+    "L_AES_CBC_encrypt_loop_block_256_%=:\n\t"
+#endif
         "LDR	r8, [lr]\n\t"
         "LDR	r9, [lr, #4]\n\t"
         "LDR	r10, [lr, #8]\n\t"
@@ -1068,20 +1170,32 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_encrypt_loop_block_256%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_encrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_CBC_encrypt_loop_block_256\n\t"
 #else
-        "BNE.W	L_AES_CBC_encrypt_loop_block_256%=\n\t"
+        "BNE.W	L_AES_CBC_encrypt_loop_block_256_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_CBC_encrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_CBC_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_AES_CBC_encrypt_end\n\t"
 #else
-        "B.N	L_AES_CBC_encrypt_end%=\n\t"
+        "B.N	L_AES_CBC_encrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_CBC_encrypt_start_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_encrypt_start_block_192:\n\t"
+#else
+    "L_AES_CBC_encrypt_start_block_192_%=:\n\t"
+#endif
         "\n"
-    "L_AES_CBC_encrypt_loop_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_encrypt_loop_block_192:\n\t"
+#else
+    "L_AES_CBC_encrypt_loop_block_192_%=:\n\t"
+#endif
         "LDR	r8, [lr]\n\t"
         "LDR	r9, [lr, #4]\n\t"
         "LDR	r10, [lr, #8]\n\t"
@@ -1116,20 +1230,32 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_encrypt_loop_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_encrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_CBC_encrypt_loop_block_192\n\t"
 #else
-        "BNE.W	L_AES_CBC_encrypt_loop_block_192%=\n\t"
+        "BNE.W	L_AES_CBC_encrypt_loop_block_192_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_CBC_encrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_CBC_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_AES_CBC_encrypt_end\n\t"
 #else
-        "B.N	L_AES_CBC_encrypt_end%=\n\t"
+        "B.N	L_AES_CBC_encrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_CBC_encrypt_start_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_encrypt_start_block_128:\n\t"
+#else
+    "L_AES_CBC_encrypt_start_block_128_%=:\n\t"
+#endif
         "\n"
-    "L_AES_CBC_encrypt_loop_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_encrypt_loop_block_128:\n\t"
+#else
+    "L_AES_CBC_encrypt_loop_block_128_%=:\n\t"
+#endif
         "LDR	r8, [lr]\n\t"
         "LDR	r9, [lr, #4]\n\t"
         "LDR	r10, [lr, #8]\n\t"
@@ -1164,13 +1290,19 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_encrypt_loop_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_encrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_CBC_encrypt_loop_block_128\n\t"
 #else
-        "BNE.W	L_AES_CBC_encrypt_loop_block_128%=\n\t"
+        "BNE.W	L_AES_CBC_encrypt_loop_block_128_%=\n\t"
 #endif
         "\n"
-    "L_AES_CBC_encrypt_end%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_encrypt_end:\n\t"
+#else
+    "L_AES_CBC_encrypt_end_%=:\n\t"
+#endif
         "POP	{%[ks], r9}\n\t"
         "STM	r9, {r4, r5, r6, r7}\n\t"
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -1233,19 +1365,27 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "STM	r8, {r4, r5, r6, r7}\n\t"
         "PUSH	{%[ks], r8}\n\t"
         "CMP	r12, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CTR_encrypt_start_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_CTR_encrypt_start_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_CTR_encrypt_start_block_128\n\t"
 #else
-        "BEQ.W	L_AES_CTR_encrypt_start_block_128%=\n\t"
+        "BEQ.W	L_AES_CTR_encrypt_start_block_128_%=\n\t"
 #endif
         "CMP	r12, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CTR_encrypt_start_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_CTR_encrypt_start_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_CTR_encrypt_start_block_192\n\t"
 #else
-        "BEQ.W	L_AES_CTR_encrypt_start_block_192%=\n\t"
+        "BEQ.W	L_AES_CTR_encrypt_start_block_192_%=\n\t"
 #endif
         "\n"
-    "L_AES_CTR_encrypt_loop_block_256%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CTR_encrypt_loop_block_256:\n\t"
+#else
+    "L_AES_CTR_encrypt_loop_block_256_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADDS	r11, r7, #0x1\n\t"
@@ -1284,20 +1424,32 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CTR_encrypt_loop_block_256%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_CTR_encrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_CTR_encrypt_loop_block_256\n\t"
 #else
-        "BNE.W	L_AES_CTR_encrypt_loop_block_256%=\n\t"
+        "BNE.W	L_AES_CTR_encrypt_loop_block_256_%=\n\t"
 #endif
-#ifdef __GNUC__
-        "B	L_AES_CTR_encrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_CTR_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.W	L_AES_CTR_encrypt_end\n\t"
 #else
-        "B.W	L_AES_CTR_encrypt_end%=\n\t"
+        "B.W	L_AES_CTR_encrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_CTR_encrypt_start_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CTR_encrypt_start_block_192:\n\t"
+#else
+    "L_AES_CTR_encrypt_start_block_192_%=:\n\t"
+#endif
         "\n"
-    "L_AES_CTR_encrypt_loop_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CTR_encrypt_loop_block_192:\n\t"
+#else
+    "L_AES_CTR_encrypt_loop_block_192_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADDS	r11, r7, #0x1\n\t"
@@ -1336,20 +1488,32 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CTR_encrypt_loop_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_CTR_encrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_CTR_encrypt_loop_block_192\n\t"
 #else
-        "BNE.W	L_AES_CTR_encrypt_loop_block_192%=\n\t"
+        "BNE.W	L_AES_CTR_encrypt_loop_block_192_%=\n\t"
 #endif
-#ifdef __GNUC__
-        "B	L_AES_CTR_encrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_CTR_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.W	L_AES_CTR_encrypt_end\n\t"
 #else
-        "B.W	L_AES_CTR_encrypt_end%=\n\t"
+        "B.W	L_AES_CTR_encrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_CTR_encrypt_start_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CTR_encrypt_start_block_128:\n\t"
+#else
+    "L_AES_CTR_encrypt_start_block_128_%=:\n\t"
+#endif
         "\n"
-    "L_AES_CTR_encrypt_loop_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CTR_encrypt_loop_block_128:\n\t"
+#else
+    "L_AES_CTR_encrypt_loop_block_128_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADDS	r11, r7, #0x1\n\t"
@@ -1388,13 +1552,19 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CTR_encrypt_loop_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_CTR_encrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_CTR_encrypt_loop_block_128\n\t"
 #else
-        "BNE.W	L_AES_CTR_encrypt_loop_block_128%=\n\t"
+        "BNE.W	L_AES_CTR_encrypt_loop_block_128_%=\n\t"
 #endif
         "\n"
-    "L_AES_CTR_encrypt_end%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CTR_encrypt_end:\n\t"
+#else
+    "L_AES_CTR_encrypt_end_%=:\n\t"
+#endif
         "POP	{%[ks], r8}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
@@ -1438,7 +1608,11 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
 
     __asm__ __volatile__ (
         "\n"
-    "L_AES_decrypt_block_nr%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_decrypt_block_nr:\n\t"
+#else
+    "L_AES_decrypt_block_nr_%=:\n\t"
+#endif
         "UBFX	r8, r7, #16, #8\n\t"
         "LSR	r11, r4, #24\n\t"
         "UBFX	r12, r6, #8, #8\n\t"
@@ -1540,10 +1714,12 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
         "EOR	r6, r6, r10\n\t"
         "EOR	r7, r7, r11\n\t"
         "SUBS	%[nr], %[nr], #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_decrypt_block_nr%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_decrypt_block_nr_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_decrypt_block_nr\n\t"
 #else
-        "BNE.W	L_AES_decrypt_block_nr%=\n\t"
+        "BNE.W	L_AES_decrypt_block_nr_%=\n\t"
 #endif
         "UBFX	r8, r7, #16, #8\n\t"
         "LSR	r11, r4, #24\n\t"
@@ -1717,19 +1893,27 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "MOV	r12, %[len]\n\t"
         "MOV	r2, %[L_AES_Thumb2_td4]\n\t"
         "CMP	r8, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_ECB_decrypt_start_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_ECB_decrypt_start_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_ECB_decrypt_start_block_128\n\t"
 #else
-        "BEQ.W	L_AES_ECB_decrypt_start_block_128%=\n\t"
+        "BEQ.W	L_AES_ECB_decrypt_start_block_128_%=\n\t"
 #endif
         "CMP	r8, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_ECB_decrypt_start_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_ECB_decrypt_start_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_ECB_decrypt_start_block_192\n\t"
 #else
-        "BEQ.W	L_AES_ECB_decrypt_start_block_192%=\n\t"
+        "BEQ.W	L_AES_ECB_decrypt_start_block_192_%=\n\t"
 #endif
         "\n"
-    "L_AES_ECB_decrypt_loop_block_256%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_decrypt_loop_block_256:\n\t"
+#else
+    "L_AES_ECB_decrypt_loop_block_256_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -1759,20 +1943,32 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_decrypt_loop_block_256%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_decrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_ECB_decrypt_loop_block_256\n\t"
 #else
-        "BNE.W	L_AES_ECB_decrypt_loop_block_256%=\n\t"
+        "BNE.W	L_AES_ECB_decrypt_loop_block_256_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_ECB_decrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_ECB_decrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_AES_ECB_decrypt_end\n\t"
 #else
-        "B.N	L_AES_ECB_decrypt_end%=\n\t"
+        "B.N	L_AES_ECB_decrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_ECB_decrypt_start_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_decrypt_start_block_192:\n\t"
+#else
+    "L_AES_ECB_decrypt_start_block_192_%=:\n\t"
+#endif
         "\n"
-    "L_AES_ECB_decrypt_loop_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_decrypt_loop_block_192:\n\t"
+#else
+    "L_AES_ECB_decrypt_loop_block_192_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -1802,20 +1998,32 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_decrypt_loop_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_decrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_ECB_decrypt_loop_block_192\n\t"
 #else
-        "BNE.W	L_AES_ECB_decrypt_loop_block_192%=\n\t"
+        "BNE.W	L_AES_ECB_decrypt_loop_block_192_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_ECB_decrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_ECB_decrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_AES_ECB_decrypt_end\n\t"
 #else
-        "B.N	L_AES_ECB_decrypt_end%=\n\t"
+        "B.N	L_AES_ECB_decrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_ECB_decrypt_start_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_decrypt_start_block_128:\n\t"
+#else
+    "L_AES_ECB_decrypt_start_block_128_%=:\n\t"
+#endif
         "\n"
-    "L_AES_ECB_decrypt_loop_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_decrypt_loop_block_128:\n\t"
+#else
+    "L_AES_ECB_decrypt_loop_block_128_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -1845,13 +2053,19 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_decrypt_loop_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_decrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_ECB_decrypt_loop_block_128\n\t"
 #else
-        "BNE.W	L_AES_ECB_decrypt_loop_block_128%=\n\t"
+        "BNE.W	L_AES_ECB_decrypt_loop_block_128_%=\n\t"
 #endif
         "\n"
-    "L_AES_ECB_decrypt_end%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_ECB_decrypt_end:\n\t"
+#else
+    "L_AES_ECB_decrypt_end_%=:\n\t"
+#endif
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr),
           [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c), [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c)
@@ -1906,19 +2120,27 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "MOV	r2, %[L_AES_Thumb2_td4]\n\t"
         "PUSH	{%[ks], r4}\n\t"
         "CMP	r8, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_decrypt_loop_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_decrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_CBC_decrypt_loop_block_128\n\t"
 #else
-        "BEQ.W	L_AES_CBC_decrypt_loop_block_128%=\n\t"
+        "BEQ.W	L_AES_CBC_decrypt_loop_block_128_%=\n\t"
 #endif
         "CMP	r8, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_decrypt_loop_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_decrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_CBC_decrypt_loop_block_192\n\t"
 #else
-        "BEQ.W	L_AES_CBC_decrypt_loop_block_192%=\n\t"
+        "BEQ.W	L_AES_CBC_decrypt_loop_block_192_%=\n\t"
 #endif
         "\n"
-    "L_AES_CBC_decrypt_loop_block_256%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_decrypt_loop_block_256:\n\t"
+#else
+    "L_AES_CBC_decrypt_loop_block_256_%=:\n\t"
+#endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
@@ -1958,10 +2180,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_decrypt_end_odd%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_decrypt_end_odd_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_CBC_decrypt_end_odd\n\t"
 #else
-        "BEQ.W	L_AES_CBC_decrypt_end_odd%=\n\t"
+        "BEQ.W	L_AES_CBC_decrypt_end_odd_%=\n\t"
 #endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
@@ -2003,18 +2227,26 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_decrypt_loop_block_256%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_decrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_CBC_decrypt_loop_block_256\n\t"
 #else
-        "BNE.W	L_AES_CBC_decrypt_loop_block_256%=\n\t"
+        "BNE.W	L_AES_CBC_decrypt_loop_block_256_%=\n\t"
 #endif
-#ifdef __GNUC__
-        "B	L_AES_CBC_decrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_CBC_decrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.W	L_AES_CBC_decrypt_end\n\t"
 #else
-        "B.W	L_AES_CBC_decrypt_end%=\n\t"
+        "B.W	L_AES_CBC_decrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_CBC_decrypt_loop_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_decrypt_loop_block_192:\n\t"
+#else
+    "L_AES_CBC_decrypt_loop_block_192_%=:\n\t"
+#endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
@@ -2054,10 +2286,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_decrypt_end_odd%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_decrypt_end_odd_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_CBC_decrypt_end_odd\n\t"
 #else
-        "BEQ.W	L_AES_CBC_decrypt_end_odd%=\n\t"
+        "BEQ.W	L_AES_CBC_decrypt_end_odd_%=\n\t"
 #endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
@@ -2099,18 +2333,26 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_decrypt_loop_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_decrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_CBC_decrypt_loop_block_192\n\t"
 #else
-        "BNE.W	L_AES_CBC_decrypt_loop_block_192%=\n\t"
+        "BNE.W	L_AES_CBC_decrypt_loop_block_192_%=\n\t"
 #endif
-#ifdef __GNUC__
-        "B	L_AES_CBC_decrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_CBC_decrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.W	L_AES_CBC_decrypt_end\n\t"
 #else
-        "B.W	L_AES_CBC_decrypt_end%=\n\t"
+        "B.W	L_AES_CBC_decrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_CBC_decrypt_loop_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_decrypt_loop_block_128:\n\t"
+#else
+    "L_AES_CBC_decrypt_loop_block_128_%=:\n\t"
+#endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
@@ -2150,10 +2392,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_decrypt_end_odd%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_decrypt_end_odd_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_CBC_decrypt_end_odd\n\t"
 #else
-        "BEQ.W	L_AES_CBC_decrypt_end_odd%=\n\t"
+        "BEQ.W	L_AES_CBC_decrypt_end_odd_%=\n\t"
 #endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
@@ -2195,25 +2439,37 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_decrypt_loop_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_decrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_CBC_decrypt_loop_block_128\n\t"
 #else
-        "BNE.W	L_AES_CBC_decrypt_loop_block_128%=\n\t"
+        "BNE.W	L_AES_CBC_decrypt_loop_block_128_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_CBC_decrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_CBC_decrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_AES_CBC_decrypt_end\n\t"
 #else
-        "B.N	L_AES_CBC_decrypt_end%=\n\t"
+        "B.N	L_AES_CBC_decrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_CBC_decrypt_end_odd%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_decrypt_end_odd:\n\t"
+#else
+    "L_AES_CBC_decrypt_end_odd_%=:\n\t"
+#endif
         "LDR	r4, [sp, #4]\n\t"
         "LDRD	r8, r9, [r4, #16]\n\t"
         "LDRD	r10, r11, [r4, #24]\n\t"
         "STRD	r8, r9, [r4]\n\t"
         "STRD	r10, r11, [r4, #8]\n\t"
         "\n"
-    "L_AES_CBC_decrypt_end%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_CBC_decrypt_end:\n\t"
+#else
+    "L_AES_CBC_decrypt_end_%=:\n\t"
+#endif
         "POP	{%[ks], r4}\n\t"
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv),
@@ -2264,7 +2520,11 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
     __asm__ __volatile__ (
         "MOV	lr, %[L_GCM_gmult_len_r]\n\t"
         "\n"
-    "L_GCM_gmult_len_start_block%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_GCM_gmult_len_start_block:\n\t"
+#else
+    "L_GCM_gmult_len_start_block_%=:\n\t"
+#endif
         "PUSH	{r3}\n\t"
         "LDR	r12, [r0, #12]\n\t"
         "LDR	%[len], [r2, #12]\n\t"
@@ -2809,10 +3069,12 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "POP	{r3}\n\t"
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	%[data], %[data], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_GCM_gmult_len_start_block%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_GCM_gmult_len_start_block_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_GCM_gmult_len_start_block\n\t"
 #else
-        "BNE.W	L_GCM_gmult_len_start_block%=\n\t"
+        "BNE.W	L_GCM_gmult_len_start_block_%=\n\t"
 #endif
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len),
@@ -2867,19 +3129,27 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "STM	r8, {r4, r5, r6, r7}\n\t"
         "PUSH	{%[ks], r8}\n\t"
         "CMP	r12, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_GCM_encrypt_start_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_GCM_encrypt_start_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_GCM_encrypt_start_block_128\n\t"
 #else
-        "BEQ.W	L_AES_GCM_encrypt_start_block_128%=\n\t"
+        "BEQ.W	L_AES_GCM_encrypt_start_block_128_%=\n\t"
 #endif
         "CMP	r12, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_GCM_encrypt_start_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_AES_GCM_encrypt_start_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.W	L_AES_GCM_encrypt_start_block_192\n\t"
 #else
-        "BEQ.W	L_AES_GCM_encrypt_start_block_192%=\n\t"
+        "BEQ.W	L_AES_GCM_encrypt_start_block_192_%=\n\t"
 #endif
         "\n"
-    "L_AES_GCM_encrypt_loop_block_256%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_GCM_encrypt_loop_block_256:\n\t"
+#else
+    "L_AES_GCM_encrypt_loop_block_256_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADD	r7, r7, #0x1\n\t"
@@ -2915,20 +3185,32 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_GCM_encrypt_loop_block_256%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_GCM_encrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_GCM_encrypt_loop_block_256\n\t"
 #else
-        "BNE.W	L_AES_GCM_encrypt_loop_block_256%=\n\t"
+        "BNE.W	L_AES_GCM_encrypt_loop_block_256_%=\n\t"
 #endif
-#ifdef __GNUC__
-        "B	L_AES_GCM_encrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_GCM_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.W	L_AES_GCM_encrypt_end\n\t"
 #else
-        "B.W	L_AES_GCM_encrypt_end%=\n\t"
+        "B.W	L_AES_GCM_encrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_GCM_encrypt_start_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_GCM_encrypt_start_block_192:\n\t"
+#else
+    "L_AES_GCM_encrypt_start_block_192_%=:\n\t"
+#endif
         "\n"
-    "L_AES_GCM_encrypt_loop_block_192%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_GCM_encrypt_loop_block_192:\n\t"
+#else
+    "L_AES_GCM_encrypt_loop_block_192_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADD	r7, r7, #0x1\n\t"
@@ -2964,20 +3246,32 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_GCM_encrypt_loop_block_192%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_GCM_encrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_GCM_encrypt_loop_block_192\n\t"
 #else
-        "BNE.W	L_AES_GCM_encrypt_loop_block_192%=\n\t"
+        "BNE.W	L_AES_GCM_encrypt_loop_block_192_%=\n\t"
 #endif
-#ifdef __GNUC__
-        "B	L_AES_GCM_encrypt_end%=\n\t"
+#if defined(__GNUC__)
+        "B	L_AES_GCM_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.W	L_AES_GCM_encrypt_end\n\t"
 #else
-        "B.W	L_AES_GCM_encrypt_end%=\n\t"
+        "B.W	L_AES_GCM_encrypt_end_%=\n\t"
 #endif
         "\n"
-    "L_AES_GCM_encrypt_start_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_GCM_encrypt_start_block_128:\n\t"
+#else
+    "L_AES_GCM_encrypt_start_block_128_%=:\n\t"
+#endif
         "\n"
-    "L_AES_GCM_encrypt_loop_block_128%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_GCM_encrypt_loop_block_128:\n\t"
+#else
+    "L_AES_GCM_encrypt_loop_block_128_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADD	r7, r7, #0x1\n\t"
@@ -3013,13 +3307,19 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_GCM_encrypt_loop_block_128%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_AES_GCM_encrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_AES_GCM_encrypt_loop_block_128\n\t"
 #else
-        "BNE.W	L_AES_GCM_encrypt_loop_block_128%=\n\t"
+        "BNE.W	L_AES_GCM_encrypt_loop_block_128_%=\n\t"
 #endif
         "\n"
-    "L_AES_GCM_encrypt_end%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_AES_GCM_encrypt_end:\n\t"
+#else
+    "L_AES_GCM_encrypt_end_%=:\n\t"
+#endif
         "POP	{%[ks], r8}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm.S b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
new file mode 100644
index 0000000000..4c3c2e7e77
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
@@ -0,0 +1,575 @@
+/* thumb2-chacha-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && defined(__thumb__)
+#ifndef WOLFSSL_ARMASM_INLINE
+	.thumb
+	.syntax unified
+#ifdef HAVE_CHACHA
+	.text
+	.align	4
+	.globl	wc_chacha_setiv
+	.type	wc_chacha_setiv, %function
+wc_chacha_setiv:
+	PUSH	{r4, r5, r6, lr}
+	ADD	r3, r0, #0x34
+	LDR	r4, [r1]
+	LDR	r5, [r1, #4]
+	LDR	r6, [r1, #8]
+	STR	r2, [r0, #48]
+#ifdef BIG_ENDIAN_ORDER
+	REV	r4, r4
+	REV	r5, r5
+	REV	r6, r6
+#endif /* BIG_ENDIAN_ORDER */
+	STM	r3, {r4, r5, r6}
+	POP	{r4, r5, r6, pc}
+	/* Cycle Count = 26 */
+	.size	wc_chacha_setiv,.-wc_chacha_setiv
+	.text
+	.type	L_chacha_thumb2_constants, %object
+	.size	L_chacha_thumb2_constants, 32
+	.align	4
+L_chacha_thumb2_constants:
+	.word	0x61707865
+	.word	0x3120646e
+	.word	0x79622d36
+	.word	0x6b206574
+	.word	0x61707865
+	.word	0x3320646e
+	.word	0x79622d32
+	.word	0x6b206574
+	.text
+	.align	4
+	.globl	wc_chacha_setkey
+	.type	wc_chacha_setkey, %function
+wc_chacha_setkey:
+	PUSH	{r4, r5, r6, r7, lr}
+	ADR	r7, L_chacha_thumb2_constants
+	SUBS	r2, r2, #0x10
+	ADD	r7, r7, r2
+	/* Start state with constants */
+	LDM	r7, {r3, r4, r5, r6}
+	STM	r0!, {r3, r4, r5, r6}
+	/* Next is first 16 bytes of key. */
+	LDR	r3, [r1]
+	LDR	r4, [r1, #4]
+	LDR	r5, [r1, #8]
+	LDR	r6, [r1, #12]
+#ifdef BIG_ENDIAN_ORDER
+	REV	r3, r3
+	REV	r4, r4
+	REV	r5, r5
+	REV	r6, r6
+#endif /* BIG_ENDIAN_ORDER */
+	STM	r0!, {r3, r4, r5, r6}
+	/* Next 16 bytes of key. */
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_setkey_same_keyb_ytes
+#else
+	BEQ.N	L_chacha_thumb2_setkey_same_keyb_ytes
+#endif
+	/* Update key pointer for next 16 bytes. */
+	ADD	r1, r1, r2
+	LDR	r3, [r1]
+	LDR	r4, [r1, #4]
+	LDR	r5, [r1, #8]
+	LDR	r6, [r1, #12]
+L_chacha_thumb2_setkey_same_keyb_ytes:
+	STM	r0, {r3, r4, r5, r6}
+	POP	{r4, r5, r6, r7, pc}
+	/* Cycle Count = 60 */
+	.size	wc_chacha_setkey,.-wc_chacha_setkey
+	.text
+	.align	4
+	.globl	wc_chacha_crypt_bytes
+	.type	wc_chacha_crypt_bytes, %function
+wc_chacha_crypt_bytes:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x34
+	MOV	lr, r0
+	STRD	r0, r1, [sp, #32]
+	STRD	r2, r3, [sp, #40]
+L_chacha_thumb2_crypt_block:
+	/* Put x[12]..x[15] onto stack. */
+	LDRD	r4, r5, [lr, #48]
+	LDRD	r6, r7, [lr, #56]
+	STRD	r4, r5, [sp, #16]
+	STRD	r6, r7, [sp, #24]
+	/* Load x[0]..x[12] into registers. */
+	LDM	lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}
+	/* 10x 2 full rounds to perform. */
+	MOV	lr, #0xa
+	STR	lr, [sp, #48]
+L_chacha_thumb2_crypt_loop:
+	/* 0, 4,  8, 12 */
+	/* 1, 5,  9, 13 */
+	LDR	lr, [sp, #20]
+	ADD	r0, r0, r4
+	ADD	r1, r1, r5
+	EOR	r12, r12, r0
+	EOR	lr, lr, r1
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r8, r8, r12
+	ADD	r9, r9, lr
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	ROR	r4, r4, #20
+	ROR	r5, r5, #20
+	ADD	r0, r0, r4
+	ADD	r1, r1, r5
+	EOR	r12, r12, r0
+	EOR	lr, lr, r1
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r8, r8, r12
+	ADD	r9, r9, lr
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	ROR	r4, r4, #25
+	ROR	r5, r5, #25
+	STR	r12, [sp, #16]
+	STR	lr, [sp, #20]
+	/* 2, 6, 10, 14 */
+	/* 3, 7, 11, 15 */
+	LDR	r12, [sp, #24]
+	LDR	lr, [sp, #28]
+	ADD	r2, r2, r6
+	ADD	r3, r3, r7
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r10, r10, r12
+	ADD	r11, r11, lr
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	ROR	r6, r6, #20
+	ROR	r7, r7, #20
+	ADD	r2, r2, r6
+	ADD	r3, r3, r7
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r10, r10, r12
+	ADD	r11, r11, lr
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	ROR	r6, r6, #25
+	ROR	r7, r7, #25
+	/* 3, 4,  9, 14 */
+	/* 0, 5, 10, 15 */
+	ADD	r3, r3, r4
+	ADD	r0, r0, r5
+	EOR	r12, r12, r3
+	EOR	lr, lr, r0
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r9, r9, r12
+	ADD	r10, r10, lr
+	EOR	r4, r4, r9
+	EOR	r5, r5, r10
+	ROR	r4, r4, #20
+	ROR	r5, r5, #20
+	ADD	r3, r3, r4
+	ADD	r0, r0, r5
+	EOR	r12, r12, r3
+	EOR	lr, lr, r0
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r9, r9, r12
+	ADD	r10, r10, lr
+	EOR	r4, r4, r9
+	EOR	r5, r5, r10
+	ROR	r4, r4, #25
+	ROR	r5, r5, #25
+	STR	r12, [sp, #24]
+	STR	lr, [sp, #28]
+	LDR	r12, [sp, #16]
+	LDR	lr, [sp, #20]
+	/* 1, 6, 11, 12 */
+	/* 2, 7,  8, 13 */
+	ADD	r1, r1, r6
+	ADD	r2, r2, r7
+	EOR	r12, r12, r1
+	EOR	lr, lr, r2
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r11, r11, r12
+	ADD	r8, r8, lr
+	EOR	r6, r6, r11
+	EOR	r7, r7, r8
+	ROR	r6, r6, #20
+	ROR	r7, r7, #20
+	ADD	r1, r1, r6
+	ADD	r2, r2, r7
+	EOR	r12, r12, r1
+	EOR	lr, lr, r2
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r11, r11, r12
+	ADD	r8, r8, lr
+	EOR	r6, r6, r11
+	EOR	r7, r7, r8
+	ROR	r6, r6, #25
+	ROR	r7, r7, #25
+	STR	lr, [sp, #20]
+	/* Check if we have done enough rounds. */
+	LDR	lr, [sp, #48]
+	SUBS	lr, lr, #0x1
+	STR	lr, [sp, #48]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGT	L_chacha_thumb2_crypt_loop
+#else
+	BGT.N	L_chacha_thumb2_crypt_loop
+#endif
+	STM	sp, {r8, r9, r10, r11, r12}
+	LDR	lr, [sp, #32]
+	MOV	r12, sp
+	/* Add in original state */
+	LDM	lr!, {r8, r9, r10, r11}
+	ADD	r0, r0, r8
+	ADD	r1, r1, r9
+	ADD	r2, r2, r10
+	ADD	r3, r3, r11
+	LDM	lr!, {r8, r9, r10, r11}
+	ADD	r4, r4, r8
+	ADD	r5, r5, r9
+	ADD	r6, r6, r10
+	ADD	r7, r7, r11
+	LDM	r12, {r8, r9}
+	LDM	lr!, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	STM	r12!, {r8, r9}
+	LDM	r12, {r8, r9}
+	LDM	lr!, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	STM	r12!, {r8, r9}
+	LDM	r12, {r8, r9}
+	LDM	lr!, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	ADD	r10, r10, #0x1
+	STM	r12!, {r8, r9}
+	STR	r10, [lr, #-8]
+	LDM	r12, {r8, r9}
+	LDM	lr, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	STM	r12, {r8, r9}
+	LDR	r12, [sp, #44]
+	CMP	r12, #0x40
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_crypt_lt_block
+#else
+	BLT.N	L_chacha_thumb2_crypt_lt_block
+#endif
+	LDR	r12, [sp, #40]
+	LDR	lr, [sp, #36]
+	/* XOR state into 64 bytes. */
+	LDR	r8, [r12]
+	LDR	r9, [r12, #4]
+	LDR	r10, [r12, #8]
+	LDR	r11, [r12, #12]
+	EOR	r0, r0, r8
+	EOR	r1, r1, r9
+	EOR	r2, r2, r10
+	EOR	r3, r3, r11
+	STR	r0, [lr]
+	STR	r1, [lr, #4]
+	STR	r2, [lr, #8]
+	STR	r3, [lr, #12]
+	LDR	r8, [r12, #16]
+	LDR	r9, [r12, #20]
+	LDR	r10, [r12, #24]
+	LDR	r11, [r12, #28]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	STR	r4, [lr, #16]
+	STR	r5, [lr, #20]
+	STR	r6, [lr, #24]
+	STR	r7, [lr, #28]
+	LDR	r4, [sp]
+	LDR	r5, [sp, #4]
+	LDR	r6, [sp, #8]
+	LDR	r7, [sp, #12]
+	LDR	r8, [r12, #32]
+	LDR	r9, [r12, #36]
+	LDR	r10, [r12, #40]
+	LDR	r11, [r12, #44]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	STR	r4, [lr, #32]
+	STR	r5, [lr, #36]
+	STR	r6, [lr, #40]
+	STR	r7, [lr, #44]
+	LDR	r4, [sp, #16]
+	LDR	r5, [sp, #20]
+	LDR	r6, [sp, #24]
+	LDR	r7, [sp, #28]
+	LDR	r8, [r12, #48]
+	LDR	r9, [r12, #52]
+	LDR	r10, [r12, #56]
+	LDR	r11, [r12, #60]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	STR	r4, [lr, #48]
+	STR	r5, [lr, #52]
+	STR	r6, [lr, #56]
+	STR	r7, [lr, #60]
+	LDR	r3, [sp, #44]
+	ADD	r12, r12, #0x40
+	ADD	lr, lr, #0x40
+	STR	r12, [sp, #40]
+	STR	lr, [sp, #36]
+	SUBS	r3, r3, #0x40
+	LDR	lr, [sp, #32]
+	STR	r3, [sp, #44]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_chacha_thumb2_crypt_block
+#else
+	BNE.N	L_chacha_thumb2_crypt_block
+#endif
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_done
+#else
+	B.N	L_chacha_thumb2_crypt_done
+#endif
+L_chacha_thumb2_crypt_lt_block:
+	/* Store in over field of ChaCha. */
+	LDR	lr, [sp, #32]
+	ADD	r12, lr, #0x44
+	STM	r12!, {r0, r1, r2, r3, r4, r5, r6, r7}
+	LDM	sp, {r0, r1, r2, r3, r4, r5, r6, r7}
+	STM	r12, {r0, r1, r2, r3, r4, r5, r6, r7}
+	LDRD	r2, r3, [sp, #40]
+	LDR	r1, [sp, #36]
+	RSB	r12, r3, #0x40
+	STR	r12, [lr, #64]
+	ADD	lr, lr, #0x44
+L_chacha_thumb2_crypt_16byte_loop:
+	CMP	r3, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_crypt_word_loop
+#else
+	BLT.N	L_chacha_thumb2_crypt_word_loop
+#endif
+	/* 16 bytes of state XORed into message. */
+	LDM	lr!, {r4, r5, r6, r7}
+	LDR	r8, [r2]
+	LDR	r9, [r2, #4]
+	LDR	r10, [r2, #8]
+	LDR	r11, [r2, #12]
+	EOR	r8, r8, r4
+	EOR	r9, r9, r5
+	EOR	r10, r10, r6
+	EOR	r11, r11, r7
+	SUBS	r3, r3, #0x10
+	STR	r8, [r1]
+	STR	r9, [r1, #4]
+	STR	r10, [r1, #8]
+	STR	r11, [r1, #12]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_crypt_done
+#else
+	BEQ.N	L_chacha_thumb2_crypt_done
+#endif
+	ADD	r2, r2, #0x10
+	ADD	r1, r1, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_16byte_loop
+#else
+	B.N	L_chacha_thumb2_crypt_16byte_loop
+#endif
+L_chacha_thumb2_crypt_word_loop:
+	CMP	r3, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_crypt_byte_start
+#else
+	BLT.N	L_chacha_thumb2_crypt_byte_start
+#endif
+	/* 4 bytes of state XORed into message. */
+	LDR	r4, [lr]
+	LDR	r8, [r2]
+	EOR	r8, r8, r4
+	SUBS	r3, r3, #0x4
+	STR	r8, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_crypt_done
+#else
+	BEQ.N	L_chacha_thumb2_crypt_done
+#endif
+	ADD	lr, lr, #0x4
+	ADD	r2, r2, #0x4
+	ADD	r1, r1, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_word_loop
+#else
+	B.N	L_chacha_thumb2_crypt_word_loop
+#endif
+L_chacha_thumb2_crypt_byte_start:
+	LDR	r4, [lr]
+L_chacha_thumb2_crypt_byte_loop:
+	LDRB	r8, [r2]
+	EOR	r8, r8, r4
+	SUBS	r3, r3, #0x1
+	STRB	r8, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_crypt_done
+#else
+	BEQ.N	L_chacha_thumb2_crypt_done
+#endif
+	LSR	r4, r4, #8
+	ADD	r2, r2, #0x1
+	ADD	r1, r1, #0x1
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_byte_loop
+#else
+	B.N	L_chacha_thumb2_crypt_byte_loop
+#endif
+L_chacha_thumb2_crypt_done:
+	ADD	sp, sp, #0x34
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 508 */
+	.size	wc_chacha_crypt_bytes,.-wc_chacha_crypt_bytes
+	.text
+	.align	4
+	.globl	wc_chacha_use_over
+	.type	wc_chacha_use_over, %function
+wc_chacha_use_over:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+L_chacha_thumb2_over_16byte_loop:
+	CMP	r3, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_over_word_loop
+#else
+	BLT.N	L_chacha_thumb2_over_word_loop
+#endif
+	/* 16 bytes of state XORed into message. */
+	LDR	r4, [r0]
+	LDR	r5, [r0, #4]
+	LDR	r6, [r0, #8]
+	LDR	r7, [r0, #12]
+	LDR	r8, [r2]
+	LDR	r9, [r2, #4]
+	LDR	r10, [r2, #8]
+	LDR	r11, [r2, #12]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	SUBS	r3, r3, #0x10
+	STR	r4, [r1]
+	STR	r5, [r1, #4]
+	STR	r6, [r1, #8]
+	STR	r7, [r1, #12]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_over_done
+#else
+	BEQ.N	L_chacha_thumb2_over_done
+#endif
+	ADD	r0, r0, #0x10
+	ADD	r2, r2, #0x10
+	ADD	r1, r1, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_over_16byte_loop
+#else
+	B.N	L_chacha_thumb2_over_16byte_loop
+#endif
+L_chacha_thumb2_over_word_loop:
+	CMP	r3, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_over_byte_loop
+#else
+	BLT.N	L_chacha_thumb2_over_byte_loop
+#endif
+	/* 4 bytes of state XORed into message. */
+	LDR	r4, [r0]
+	LDR	r8, [r2]
+	EOR	r4, r4, r8
+	SUBS	r3, r3, #0x4
+	STR	r4, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_over_done
+#else
+	BEQ.N	L_chacha_thumb2_over_done
+#endif
+	ADD	r0, r0, #0x4
+	ADD	r2, r2, #0x4
+	ADD	r1, r1, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_over_word_loop
+#else
+	B.N	L_chacha_thumb2_over_word_loop
+#endif
+L_chacha_thumb2_over_byte_loop:
+	/* 4 bytes of state XORed into message. */
+	LDRB	r4, [r0]
+	LDRB	r8, [r2]
+	EOR	r4, r4, r8
+	SUBS	r3, r3, #0x1
+	STRB	r4, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_over_done
+#else
+	BEQ.N	L_chacha_thumb2_over_done
+#endif
+	ADD	r0, r0, #0x1
+	ADD	r2, r2, #0x1
+	ADD	r1, r1, #0x1
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_over_byte_loop
+#else
+	B.N	L_chacha_thumb2_over_byte_loop
+#endif
+L_chacha_thumb2_over_done:
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 108 */
+	.size	wc_chacha_use_over,.-wc_chacha_use_over
+#endif /* HAVE_CHACHA */
+#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section        .note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
new file mode 100644
index 0000000000..0dcdc4e3eb
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
@@ -0,0 +1,731 @@
+/* thumb2-chacha-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef HAVE_CHACHA
+#include <wolfssl/wolfcrypt/chacha.h>
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p)
+#else
+void wc_chacha_setiv(word32* x, const byte* iv, word32 counter)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register word32* x __asm__ ("r0") = (word32*)x_p;
+    register const byte* iv __asm__ ("r1") = (const byte*)iv_p;
+    register word32 counter __asm__ ("r2") = (word32)counter_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "ADD	r3, %[x], #0x34\n\t"
+        "LDR	r4, [%[iv]]\n\t"
+        "LDR	r5, [%[iv], #4]\n\t"
+        "LDR	r6, [%[iv], #8]\n\t"
+        "STR	%[counter], [%[x], #48]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "REV	r4, r4\n\t"
+        "REV	r5, r5\n\t"
+        "REV	r6, r6\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "STM	r3, {r4, r5, r6}\n\t"
+        : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter)
+        :
+        : "memory", "r3", "r4", "r5", "r6", "cc"
+    );
+}
+
+XALIGNED(16) static const uint32_t L_chacha_thumb2_constants[] = {
+    0x61707865, 0x3120646e, 0x79622d36, 0x6b206574,
+    0x61707865, 0x3320646e, 0x79622d32, 0x6b206574,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p)
+#else
+void wc_chacha_setkey(word32* x, const byte* key, word32 keySz)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register word32* x __asm__ ("r0") = (word32*)x_p;
+    register const byte* key __asm__ ("r1") = (const byte*)key_p;
+    register word32 keySz __asm__ ("r2") = (word32)keySz_p;
+    register uint32_t* L_chacha_thumb2_constants_c __asm__ ("r3") = (uint32_t*)&L_chacha_thumb2_constants;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r7, %[L_chacha_thumb2_constants]\n\t"
+        "SUBS	%[keySz], %[keySz], #0x10\n\t"
+        "ADD	r7, r7, %[keySz]\n\t"
+        /* Start state with constants */
+        "LDM	r7, {r3, r4, r5, r6}\n\t"
+        "STM	%[x]!, {r3, r4, r5, r6}\n\t"
+        /* Next is first 16 bytes of key. */
+        "LDR	r3, [%[key]]\n\t"
+        "LDR	r4, [%[key], #4]\n\t"
+        "LDR	r5, [%[key], #8]\n\t"
+        "LDR	r6, [%[key], #12]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "REV	r3, r3\n\t"
+        "REV	r4, r4\n\t"
+        "REV	r5, r5\n\t"
+        "REV	r6, r6\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "STM	%[x]!, {r3, r4, r5, r6}\n\t"
+        /* Next 16 bytes of key. */
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_setkey_same_keyb_ytes_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_setkey_same_keyb_ytes\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_setkey_same_keyb_ytes_%=\n\t"
+#endif
+        /* Update key pointer for next 16 bytes. */
+        "ADD	%[key], %[key], %[keySz]\n\t"
+        "LDR	r3, [%[key]]\n\t"
+        "LDR	r4, [%[key], #4]\n\t"
+        "LDR	r5, [%[key], #8]\n\t"
+        "LDR	r6, [%[key], #12]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_setkey_same_keyb_ytes:\n\t"
+#else
+    "L_chacha_thumb2_setkey_same_keyb_ytes_%=:\n\t"
+#endif
+        "STM	%[x], {r3, r4, r5, r6}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz),
+          [L_chacha_thumb2_constants] "+r" (L_chacha_thumb2_constants_c)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "cc"
+#else
+        : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz)
+        : [L_chacha_thumb2_constants] "r" (L_chacha_thumb2_constants)
+        : "memory", "r4", "r5", "r6", "r7", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p, word32 len_p)
+#else
+void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register ChaCha* ctx __asm__ ("r0") = (ChaCha*)ctx_p;
+    register byte* c __asm__ ("r1") = (byte*)c_p;
+    register const byte* m __asm__ ("r2") = (const byte*)m_p;
+    register word32 len __asm__ ("r3") = (word32)len_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x34\n\t"
+        "MOV	lr, %[ctx]\n\t"
+        "STRD	%[ctx], %[c], [sp, #32]\n\t"
+        "STRD	%[m], %[len], [sp, #40]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_block:\n\t"
+#else
+    "L_chacha_thumb2_crypt_block_%=:\n\t"
+#endif
+        /* Put x[12]..x[15] onto stack. */
+        "LDRD	r4, r5, [lr, #48]\n\t"
+        "LDRD	r6, r7, [lr, #56]\n\t"
+        "STRD	r4, r5, [sp, #16]\n\t"
+        "STRD	r6, r7, [sp, #24]\n\t"
+        /* Load x[0]..x[12] into registers. */
+        "LDM	lr, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
+        /* 10x 2 full rounds to perform. */
+        "MOV	lr, #0xa\n\t"
+        "STR	lr, [sp, #48]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_loop_%=:\n\t"
+#endif
+        /* 0, 4,  8, 12 */
+        /* 1, 5,  9, 13 */
+        "LDR	lr, [sp, #20]\n\t"
+        "ADD	%[ctx], %[ctx], r4\n\t"
+        "ADD	%[c], %[c], r5\n\t"
+        "EOR	r12, r12, %[ctx]\n\t"
+        "EOR	lr, lr, %[c]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r8, r8, r12\n\t"
+        "ADD	r9, r9, lr\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "ROR	r4, r4, #20\n\t"
+        "ROR	r5, r5, #20\n\t"
+        "ADD	%[ctx], %[ctx], r4\n\t"
+        "ADD	%[c], %[c], r5\n\t"
+        "EOR	r12, r12, %[ctx]\n\t"
+        "EOR	lr, lr, %[c]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r8, r8, r12\n\t"
+        "ADD	r9, r9, lr\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "ROR	r4, r4, #25\n\t"
+        "ROR	r5, r5, #25\n\t"
+        "STR	r12, [sp, #16]\n\t"
+        "STR	lr, [sp, #20]\n\t"
+        /* 2, 6, 10, 14 */
+        /* 3, 7, 11, 15 */
+        "LDR	r12, [sp, #24]\n\t"
+        "LDR	lr, [sp, #28]\n\t"
+        "ADD	%[m], %[m], r6\n\t"
+        "ADD	%[len], %[len], r7\n\t"
+        "EOR	r12, r12, %[m]\n\t"
+        "EOR	lr, lr, %[len]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r10, r10, r12\n\t"
+        "ADD	r11, r11, lr\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "ROR	r6, r6, #20\n\t"
+        "ROR	r7, r7, #20\n\t"
+        "ADD	%[m], %[m], r6\n\t"
+        "ADD	%[len], %[len], r7\n\t"
+        "EOR	r12, r12, %[m]\n\t"
+        "EOR	lr, lr, %[len]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r10, r10, r12\n\t"
+        "ADD	r11, r11, lr\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "ROR	r6, r6, #25\n\t"
+        "ROR	r7, r7, #25\n\t"
+        /* 3, 4,  9, 14 */
+        /* 0, 5, 10, 15 */
+        "ADD	%[len], %[len], r4\n\t"
+        "ADD	%[ctx], %[ctx], r5\n\t"
+        "EOR	r12, r12, %[len]\n\t"
+        "EOR	lr, lr, %[ctx]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r9, r9, r12\n\t"
+        "ADD	r10, r10, lr\n\t"
+        "EOR	r4, r4, r9\n\t"
+        "EOR	r5, r5, r10\n\t"
+        "ROR	r4, r4, #20\n\t"
+        "ROR	r5, r5, #20\n\t"
+        "ADD	%[len], %[len], r4\n\t"
+        "ADD	%[ctx], %[ctx], r5\n\t"
+        "EOR	r12, r12, %[len]\n\t"
+        "EOR	lr, lr, %[ctx]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r9, r9, r12\n\t"
+        "ADD	r10, r10, lr\n\t"
+        "EOR	r4, r4, r9\n\t"
+        "EOR	r5, r5, r10\n\t"
+        "ROR	r4, r4, #25\n\t"
+        "ROR	r5, r5, #25\n\t"
+        "STR	r12, [sp, #24]\n\t"
+        "STR	lr, [sp, #28]\n\t"
+        "LDR	r12, [sp, #16]\n\t"
+        "LDR	lr, [sp, #20]\n\t"
+        /* 1, 6, 11, 12 */
+        /* 2, 7,  8, 13 */
+        "ADD	%[c], %[c], r6\n\t"
+        "ADD	%[m], %[m], r7\n\t"
+        "EOR	r12, r12, %[c]\n\t"
+        "EOR	lr, lr, %[m]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r11, r11, r12\n\t"
+        "ADD	r8, r8, lr\n\t"
+        "EOR	r6, r6, r11\n\t"
+        "EOR	r7, r7, r8\n\t"
+        "ROR	r6, r6, #20\n\t"
+        "ROR	r7, r7, #20\n\t"
+        "ADD	%[c], %[c], r6\n\t"
+        "ADD	%[m], %[m], r7\n\t"
+        "EOR	r12, r12, %[c]\n\t"
+        "EOR	lr, lr, %[m]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r11, r11, r12\n\t"
+        "ADD	r8, r8, lr\n\t"
+        "EOR	r6, r6, r11\n\t"
+        "EOR	r7, r7, r8\n\t"
+        "ROR	r6, r6, #25\n\t"
+        "ROR	r7, r7, #25\n\t"
+        "STR	lr, [sp, #20]\n\t"
+        /* Check if we have done enough rounds. */
+        "LDR	lr, [sp, #48]\n\t"
+        "SUBS	lr, lr, #0x1\n\t"
+        "STR	lr, [sp, #48]\n\t"
+#if defined(__GNUC__)
+        "BGT	L_chacha_thumb2_crypt_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_chacha_thumb2_crypt_loop\n\t"
+#else
+        "BGT.N	L_chacha_thumb2_crypt_loop_%=\n\t"
+#endif
+        "STM	sp, {r8, r9, r10, r11, r12}\n\t"
+        "LDR	lr, [sp, #32]\n\t"
+        "MOV	r12, sp\n\t"
+        /* Add in original state */
+        "LDM	lr!, {r8, r9, r10, r11}\n\t"
+        "ADD	%[ctx], %[ctx], r8\n\t"
+        "ADD	%[c], %[c], r9\n\t"
+        "ADD	%[m], %[m], r10\n\t"
+        "ADD	%[len], %[len], r11\n\t"
+        "LDM	lr!, {r8, r9, r10, r11}\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "ADD	r6, r6, r10\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "LDM	r12, {r8, r9}\n\t"
+        "LDM	lr!, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "STM	r12!, {r8, r9}\n\t"
+        "LDM	r12, {r8, r9}\n\t"
+        "LDM	lr!, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "STM	r12!, {r8, r9}\n\t"
+        "LDM	r12, {r8, r9}\n\t"
+        "LDM	lr!, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "ADD	r10, r10, #0x1\n\t"
+        "STM	r12!, {r8, r9}\n\t"
+        "STR	r10, [lr, #-8]\n\t"
+        "LDM	r12, {r8, r9}\n\t"
+        "LDM	lr, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "STM	r12, {r8, r9}\n\t"
+        "LDR	r12, [sp, #44]\n\t"
+        "CMP	r12, #0x40\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_crypt_lt_block_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_crypt_lt_block\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_crypt_lt_block_%=\n\t"
+#endif
+        "LDR	r12, [sp, #40]\n\t"
+        "LDR	lr, [sp, #36]\n\t"
+        /* XOR state into 64 bytes. */
+        "LDR	r8, [r12]\n\t"
+        "LDR	r9, [r12, #4]\n\t"
+        "LDR	r10, [r12, #8]\n\t"
+        "LDR	r11, [r12, #12]\n\t"
+        "EOR	%[ctx], %[ctx], r8\n\t"
+        "EOR	%[c], %[c], r9\n\t"
+        "EOR	%[m], %[m], r10\n\t"
+        "EOR	%[len], %[len], r11\n\t"
+        "STR	%[ctx], [lr]\n\t"
+        "STR	%[c], [lr, #4]\n\t"
+        "STR	%[m], [lr, #8]\n\t"
+        "STR	%[len], [lr, #12]\n\t"
+        "LDR	r8, [r12, #16]\n\t"
+        "LDR	r9, [r12, #20]\n\t"
+        "LDR	r10, [r12, #24]\n\t"
+        "LDR	r11, [r12, #28]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "STR	r4, [lr, #16]\n\t"
+        "STR	r5, [lr, #20]\n\t"
+        "STR	r6, [lr, #24]\n\t"
+        "STR	r7, [lr, #28]\n\t"
+        "LDR	r4, [sp]\n\t"
+        "LDR	r5, [sp, #4]\n\t"
+        "LDR	r6, [sp, #8]\n\t"
+        "LDR	r7, [sp, #12]\n\t"
+        "LDR	r8, [r12, #32]\n\t"
+        "LDR	r9, [r12, #36]\n\t"
+        "LDR	r10, [r12, #40]\n\t"
+        "LDR	r11, [r12, #44]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "STR	r4, [lr, #32]\n\t"
+        "STR	r5, [lr, #36]\n\t"
+        "STR	r6, [lr, #40]\n\t"
+        "STR	r7, [lr, #44]\n\t"
+        "LDR	r4, [sp, #16]\n\t"
+        "LDR	r5, [sp, #20]\n\t"
+        "LDR	r6, [sp, #24]\n\t"
+        "LDR	r7, [sp, #28]\n\t"
+        "LDR	r8, [r12, #48]\n\t"
+        "LDR	r9, [r12, #52]\n\t"
+        "LDR	r10, [r12, #56]\n\t"
+        "LDR	r11, [r12, #60]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "STR	r4, [lr, #48]\n\t"
+        "STR	r5, [lr, #52]\n\t"
+        "STR	r6, [lr, #56]\n\t"
+        "STR	r7, [lr, #60]\n\t"
+        "LDR	%[len], [sp, #44]\n\t"
+        "ADD	r12, r12, #0x40\n\t"
+        "ADD	lr, lr, #0x40\n\t"
+        "STR	r12, [sp, #40]\n\t"
+        "STR	lr, [sp, #36]\n\t"
+        "SUBS	%[len], %[len], #0x40\n\t"
+        "LDR	lr, [sp, #32]\n\t"
+        "STR	%[len], [sp, #44]\n\t"
+#if defined(__GNUC__)
+        "BNE	L_chacha_thumb2_crypt_block_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_chacha_thumb2_crypt_block\n\t"
+#else
+        "BNE.N	L_chacha_thumb2_crypt_block_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_lt_block:\n\t"
+#else
+    "L_chacha_thumb2_crypt_lt_block_%=:\n\t"
+#endif
+        /* Store in over field of ChaCha. */
+        "LDR	lr, [sp, #32]\n\t"
+        "ADD	r12, lr, #0x44\n\t"
+        "STM	r12!, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t"
+        "LDM	sp, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t"
+        "STM	r12, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t"
+        "LDRD	%[m], %[len], [sp, #40]\n\t"
+        "LDR	%[c], [sp, #36]\n\t"
+        "RSB	r12, %[len], #0x40\n\t"
+        "STR	r12, [lr, #64]\n\t"
+        "ADD	lr, lr, #0x44\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_16byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_16byte_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x10\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_crypt_word_loop\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#endif
+        /* 16 bytes of state XORed into message. */
+        "LDM	lr!, {r4, r5, r6, r7}\n\t"
+        "LDR	r8, [%[m]]\n\t"
+        "LDR	r9, [%[m], #4]\n\t"
+        "LDR	r10, [%[m], #8]\n\t"
+        "LDR	r11, [%[m], #12]\n\t"
+        "EOR	r8, r8, r4\n\t"
+        "EOR	r9, r9, r5\n\t"
+        "EOR	r10, r10, r6\n\t"
+        "EOR	r11, r11, r7\n\t"
+        "SUBS	%[len], %[len], #0x10\n\t"
+        "STR	r8, [%[c]]\n\t"
+        "STR	r9, [%[c], #4]\n\t"
+        "STR	r10, [%[c], #8]\n\t"
+        "STR	r11, [%[c], #12]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "ADD	%[m], %[m], #0x10\n\t"
+        "ADD	%[c], %[c], #0x10\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_16byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_16byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_16byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_word_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_word_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x4\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_crypt_byte_start_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_crypt_byte_start\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_crypt_byte_start_%=\n\t"
+#endif
+        /* 4 bytes of state XORed into message. */
+        "LDR	r4, [lr]\n\t"
+        "LDR	r8, [%[m]]\n\t"
+        "EOR	r8, r8, r4\n\t"
+        "SUBS	%[len], %[len], #0x4\n\t"
+        "STR	r8, [%[c]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "ADD	lr, lr, #0x4\n\t"
+        "ADD	%[m], %[m], #0x4\n\t"
+        "ADD	%[c], %[c], #0x4\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_word_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_byte_start:\n\t"
+#else
+    "L_chacha_thumb2_crypt_byte_start_%=:\n\t"
+#endif
+        "LDR	r4, [lr]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_byte_loop_%=:\n\t"
+#endif
+        "LDRB	r8, [%[m]]\n\t"
+        "EOR	r8, r8, r4\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "STRB	r8, [%[c]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "LSR	r4, r4, #8\n\t"
+        "ADD	%[m], %[m], #0x1\n\t"
+        "ADD	%[c], %[c], #0x1\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_done:\n\t"
+#else
+    "L_chacha_thumb2_crypt_done_%=:\n\t"
+#endif
+        "ADD	sp, sp, #0x34\n\t"
+        : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, word32 len_p)
+#else
+void wc_chacha_use_over(byte* over, byte* output, const byte* input, word32 len)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register byte* over __asm__ ("r0") = (byte*)over_p;
+    register byte* output __asm__ ("r1") = (byte*)output_p;
+    register const byte* input __asm__ ("r2") = (const byte*)input_p;
+    register word32 len __asm__ ("r3") = (word32)len_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_16byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_over_16byte_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x10\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_over_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_over_word_loop\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_over_word_loop_%=\n\t"
+#endif
+        /* 16 bytes of state XORed into message. */
+        "LDR	r4, [%[over]]\n\t"
+        "LDR	r5, [%[over], #4]\n\t"
+        "LDR	r6, [%[over], #8]\n\t"
+        "LDR	r7, [%[over], #12]\n\t"
+        "LDR	r8, [%[input]]\n\t"
+        "LDR	r9, [%[input], #4]\n\t"
+        "LDR	r10, [%[input], #8]\n\t"
+        "LDR	r11, [%[input], #12]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "SUBS	%[len], %[len], #0x10\n\t"
+        "STR	r4, [%[output]]\n\t"
+        "STR	r5, [%[output], #4]\n\t"
+        "STR	r6, [%[output], #8]\n\t"
+        "STR	r7, [%[output], #12]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_over_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_over_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_over_done_%=\n\t"
+#endif
+        "ADD	%[over], %[over], #0x10\n\t"
+        "ADD	%[input], %[input], #0x10\n\t"
+        "ADD	%[output], %[output], #0x10\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_over_16byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_over_16byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_over_16byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_word_loop:\n\t"
+#else
+    "L_chacha_thumb2_over_word_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x4\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_over_byte_loop\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#endif
+        /* 4 bytes of state XORed into message. */
+        "LDR	r4, [%[over]]\n\t"
+        "LDR	r8, [%[input]]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "SUBS	%[len], %[len], #0x4\n\t"
+        "STR	r4, [%[output]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_over_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_over_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_over_done_%=\n\t"
+#endif
+        "ADD	%[over], %[over], #0x4\n\t"
+        "ADD	%[input], %[input], #0x4\n\t"
+        "ADD	%[output], %[output], #0x4\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_over_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_over_word_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_over_word_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_over_byte_loop_%=:\n\t"
+#endif
+        /* 4 bytes of state XORed into message. */
+        "LDRB	r4, [%[over]]\n\t"
+        "LDRB	r8, [%[input]]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "STRB	r4, [%[output]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_over_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_over_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_over_done_%=\n\t"
+#endif
+        "ADD	%[over], %[over], #0x1\n\t"
+        "ADD	%[input], %[input], #0x1\n\t"
+        "ADD	%[output], %[output], #0x1\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_over_byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_done:\n\t"
+#else
+    "L_chacha_thumb2_over_done_%=:\n\t"
+#endif
+        : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input), [len] "+r" (len)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+    );
+}
+
+#endif /* HAVE_CHACHA */
+#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha.c b/wolfcrypt/src/port/arm/thumb2-chacha.c
new file mode 100644
index 0000000000..a189ccddd3
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-chacha.c
@@ -0,0 +1,178 @@
+/* thumb2-chacha.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ARMASM) && defined(__thumb__)
+#ifdef HAVE_CHACHA
+
+#include <wolfssl/wolfcrypt/chacha.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef CHACHA_AEAD_TEST
+    #include <stdio.h>
+#endif
+
+#ifdef CHACHA_TEST
+    #include <stdio.h>
+#endif
+
+
+/* Set the Initialization Vector (IV) and counter into ChaCha context.
+ *
+ * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
+ * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
+ *
+ * @param [in] ctx      ChaCha context.
+ * @param [in] iv       IV to set.
+ * @param [in] counter  Starting value of counter.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or IV is NULL.
+ */
+int wc_Chacha_SetIV(ChaCha* ctx, const byte* iv, word32 counter)
+{
+    int ret = 0;
+#ifdef CHACHA_AEAD_TEST
+    word32 i;
+
+    printf("NONCE : ");
+    if (iv != NULL) {
+        for (i = 0; i < CHACHA_IV_BYTES; i++) {
+            printf("%02x", iv[i]);
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (iv == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* No unused bytes to XOR into input. */
+        ctx->left = 0;
+
+        /* Set counter and IV into state. */
+        wc_chacha_setiv(ctx->X, iv, counter);
+    }
+
+    return ret;
+}
+
+/* Set the key into the ChaCha context.
+ *
+ * Key setup. 8 word iv (nonce)
+ *
+ * @param [in] ctx    ChaCha context.
+ * @param [in] key    Key to set.
+ * @param [in] keySz  Length of key in bytes. Valid values:
+ *                        CHACHA_MAX_KEY_SZ and (CHACHA_MAX_KEY_SZ / 2)
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or key is NULL.
+ * @return  BAD_FUNC_ARG when keySz is invalid.
+ */
+int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
+{
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    printf("ChaCha key used :\n");
+    if (key != NULL) {
+        word32 i;
+        for (i = 0; i < keySz; i++) {
+            printf("%02x", key[i]);
+            if ((i % 8) == 7)
+               printf("\n");
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else if ((keySz != (CHACHA_MAX_KEY_SZ / 2)) &&
+             (keySz !=  CHACHA_MAX_KEY_SZ     )) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ctx->left = 0;
+
+        wc_chacha_setkey(ctx->X, key, keySz);
+    }
+
+    return ret;
+}
+
+/* API to encrypt/decrypt a message of any size.
+ *
+ * @param [in]  ctx     ChaCha context.
+ * @param [out] output  Enciphered output.
+ * @param [in]  input   Input to encipher.
+ * @param [in]  len     Length of input in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx, output or input is NULL.
+ */
+int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, word32 len)
+{
+    int ret = 0;
+
+    if ((ctx == NULL) || (output == NULL) || (input == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Handle left over bytes from last block. */
+    if ((ret == 0) && (len > 0) && (ctx->left > 0)) {
+        byte* over = ((byte*)ctx->over) + CHACHA_CHUNK_BYTES - ctx->left;
+        word32 l = min(len, ctx->left);
+
+        wc_chacha_use_over(over, output, input, l);
+
+        ctx->left -= l;
+        input += l;
+        output += l;
+        len -= l;
+    }
+
+    if ((ret == 0) && (len != 0)) {
+        wc_chacha_crypt_bytes(ctx, output, input, len);
+    }
+
+    return ret;
+}
+
+#endif /* HAVE_CHACHA */
+#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519.S b/wolfcrypt/src/port/arm/thumb2-curve25519.S
index e6b5dcf5d2..42da2f45f1 100644
--- a/wolfcrypt/src/port/arm/thumb2-curve25519.S
+++ b/wolfcrypt/src/port/arm/thumb2-curve25519.S
@@ -1,6 +1,6 @@
 /* thumb2-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -2741,7 +2741,7 @@ L_curve25519_bits:
 	LDR	r1, [sp, #180]
 	SUBS	r1, r1, #0x1
 	STR	r1, [sp, #180]
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BGE	L_curve25519_bits
 #else
 	BGE.W	L_curve25519_bits
@@ -2750,7 +2750,7 @@ L_curve25519_bits:
 	STR	r1, [sp, #180]
 	SUBS	r2, r2, #0x4
 	STR	r2, [sp, #176]
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BGE	L_curve25519_words
 #else
 	BGE.W	L_curve25519_words
diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
index 884b9089dc..21ad67bac3 100644
--- a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
@@ -1,6 +1,6 @@
 /* thumb2-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -2789,9 +2789,17 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "MOV	%[a], #0x1c\n\t"
         "STR	%[a], [sp, #176]\n\t"
         "\n"
-    "L_curve25519_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_words:\n\t"
+#else
+    "L_curve25519_words_%=:\n\t"
+#endif
         "\n"
-    "L_curve25519_bits%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_bits:\n\t"
+#else
+    "L_curve25519_bits_%=:\n\t"
+#endif
         "LDR	%[n], [sp, #164]\n\t"
         "LDR	%[a], [%[n], r2]\n\t"
         "LDR	%[n], [sp, #180]\n\t"
@@ -2971,19 +2979,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "LDR	%[n], [sp, #180]\n\t"
         "SUBS	%[n], %[n], #0x1\n\t"
         "STR	%[n], [sp, #180]\n\t"
-#ifdef __GNUC__
-        "BGE	L_curve25519_bits%=\n\t"
+#if defined(__GNUC__)
+        "BGE	L_curve25519_bits_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.W	L_curve25519_bits\n\t"
 #else
-        "BGE.W	L_curve25519_bits%=\n\t"
+        "BGE.W	L_curve25519_bits_%=\n\t"
 #endif
         "MOV	%[n], #0x1f\n\t"
         "STR	%[n], [sp, #180]\n\t"
         "SUBS	%[a], %[a], #0x4\n\t"
         "STR	%[a], [sp, #176]\n\t"
-#ifdef __GNUC__
-        "BGE	L_curve25519_words%=\n\t"
+#if defined(__GNUC__)
+        "BGE	L_curve25519_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.W	L_curve25519_words\n\t"
 #else
-        "BGE.W	L_curve25519_words%=\n\t"
+        "BGE.W	L_curve25519_words_%=\n\t"
 #endif
         /* Invert */
         "ADD	r1, sp, #0x0\n\t"
@@ -3015,17 +3027,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x4\n\t"
         "\n"
-    "L_curve25519_inv_1%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_1:\n\t"
+#else
+    "L_curve25519_inv_1_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_1%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_1\n\t"
 #else
-        "BNE.N	L_curve25519_inv_1%=\n\t"
+        "BNE.N	L_curve25519_inv_1_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3036,17 +3054,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x9\n\t"
         "\n"
-    "L_curve25519_inv_2%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_2:\n\t"
+#else
+    "L_curve25519_inv_2_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_2%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_2\n\t"
 #else
-        "BNE.N	L_curve25519_inv_2%=\n\t"
+        "BNE.N	L_curve25519_inv_2_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3057,17 +3081,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x13\n\t"
         "\n"
-    "L_curve25519_inv_3%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_3:\n\t"
+#else
+    "L_curve25519_inv_3_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x80\n\t"
         "ADD	r0, sp, #0x80\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_3%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_3\n\t"
 #else
-        "BNE.N	L_curve25519_inv_3%=\n\t"
+        "BNE.N	L_curve25519_inv_3_%=\n\t"
 #endif
         "ADD	r2, sp, #0x60\n\t"
         "ADD	r1, sp, #0x80\n\t"
@@ -3075,17 +3105,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0xa\n\t"
         "\n"
-    "L_curve25519_inv_4%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_4:\n\t"
+#else
+    "L_curve25519_inv_4_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_4%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_4\n\t"
 #else
-        "BNE.N	L_curve25519_inv_4%=\n\t"
+        "BNE.N	L_curve25519_inv_4_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3096,17 +3132,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x31\n\t"
         "\n"
-    "L_curve25519_inv_5%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_5:\n\t"
+#else
+    "L_curve25519_inv_5_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_5%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_5\n\t"
 #else
-        "BNE.N	L_curve25519_inv_5%=\n\t"
+        "BNE.N	L_curve25519_inv_5_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3117,17 +3159,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x63\n\t"
         "\n"
-    "L_curve25519_inv_6%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_6:\n\t"
+#else
+    "L_curve25519_inv_6_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x80\n\t"
         "ADD	r0, sp, #0x80\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_6%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_6\n\t"
 #else
-        "BNE.N	L_curve25519_inv_6%=\n\t"
+        "BNE.N	L_curve25519_inv_6_%=\n\t"
 #endif
         "ADD	r2, sp, #0x60\n\t"
         "ADD	r1, sp, #0x80\n\t"
@@ -3135,17 +3183,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x32\n\t"
         "\n"
-    "L_curve25519_inv_7%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_7:\n\t"
+#else
+    "L_curve25519_inv_7_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_7%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_7\n\t"
 #else
-        "BNE.N	L_curve25519_inv_7%=\n\t"
+        "BNE.N	L_curve25519_inv_7_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3153,17 +3207,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x5\n\t"
         "\n"
-    "L_curve25519_inv_8%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_8:\n\t"
+#else
+    "L_curve25519_inv_8_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_8%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_8\n\t"
 #else
-        "BNE.N	L_curve25519_inv_8%=\n\t"
+        "BNE.N	L_curve25519_inv_8_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3227,7 +3287,11 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "STM	r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "MOV	%[a], #0xfe\n\t"
         "\n"
-    "L_curve25519_bits%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_bits:\n\t"
+#else
+    "L_curve25519_bits_%=:\n\t"
+#endif
         "STR	%[a], [sp, #168]\n\t"
         "LDR	%[n], [sp, #160]\n\t"
         "AND	r4, %[a], #0x1f\n\t"
@@ -3312,10 +3376,12 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "LDR	%[a], [sp, #168]\n\t"
         "SUBS	%[a], %[a], #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGE	L_curve25519_bits%=\n\t"
+#if defined(__GNUC__)
+        "BGE	L_curve25519_bits_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_curve25519_bits\n\t"
 #else
-        "BGE.N	L_curve25519_bits%=\n\t"
+        "BGE.N	L_curve25519_bits_%=\n\t"
 #endif
         /*   Cycle Count: 171 */
         "LDR	%[n], [sp, #184]\n\t"
@@ -3352,17 +3418,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x4\n\t"
         "\n"
-    "L_curve25519_inv_1%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_1:\n\t"
+#else
+    "L_curve25519_inv_1_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_1%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_1\n\t"
 #else
-        "BNE.N	L_curve25519_inv_1%=\n\t"
+        "BNE.N	L_curve25519_inv_1_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3373,17 +3445,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x9\n\t"
         "\n"
-    "L_curve25519_inv_2%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_2:\n\t"
+#else
+    "L_curve25519_inv_2_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_2%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_2\n\t"
 #else
-        "BNE.N	L_curve25519_inv_2%=\n\t"
+        "BNE.N	L_curve25519_inv_2_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3394,17 +3472,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x13\n\t"
         "\n"
-    "L_curve25519_inv_3%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_3:\n\t"
+#else
+    "L_curve25519_inv_3_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x80\n\t"
         "ADD	r0, sp, #0x80\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_3%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_3\n\t"
 #else
-        "BNE.N	L_curve25519_inv_3%=\n\t"
+        "BNE.N	L_curve25519_inv_3_%=\n\t"
 #endif
         "ADD	r2, sp, #0x60\n\t"
         "ADD	r1, sp, #0x80\n\t"
@@ -3412,17 +3496,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0xa\n\t"
         "\n"
-    "L_curve25519_inv_4%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_4:\n\t"
+#else
+    "L_curve25519_inv_4_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_4%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_4\n\t"
 #else
-        "BNE.N	L_curve25519_inv_4%=\n\t"
+        "BNE.N	L_curve25519_inv_4_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3433,17 +3523,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x31\n\t"
         "\n"
-    "L_curve25519_inv_5%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_5:\n\t"
+#else
+    "L_curve25519_inv_5_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_5%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_5\n\t"
 #else
-        "BNE.N	L_curve25519_inv_5%=\n\t"
+        "BNE.N	L_curve25519_inv_5_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3454,17 +3550,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x63\n\t"
         "\n"
-    "L_curve25519_inv_6%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_6:\n\t"
+#else
+    "L_curve25519_inv_6_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x80\n\t"
         "ADD	r0, sp, #0x80\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_6%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_6\n\t"
 #else
-        "BNE.N	L_curve25519_inv_6%=\n\t"
+        "BNE.N	L_curve25519_inv_6_%=\n\t"
 #endif
         "ADD	r2, sp, #0x60\n\t"
         "ADD	r1, sp, #0x80\n\t"
@@ -3472,17 +3574,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x32\n\t"
         "\n"
-    "L_curve25519_inv_7%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_7:\n\t"
+#else
+    "L_curve25519_inv_7_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_7%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_7\n\t"
 #else
-        "BNE.N	L_curve25519_inv_7%=\n\t"
+        "BNE.N	L_curve25519_inv_7_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3490,17 +3598,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x5\n\t"
         "\n"
-    "L_curve25519_inv_8%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_curve25519_inv_8:\n\t"
+#else
+    "L_curve25519_inv_8_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_8%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_curve25519_inv_8\n\t"
 #else
-        "BNE.N	L_curve25519_inv_8%=\n\t"
+        "BNE.N	L_curve25519_inv_8_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3582,17 +3696,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x4\n\t"
         "\n"
-    "L_fe_invert1%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_invert1:\n\t"
+#else
+    "L_fe_invert1_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert1%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_invert1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_invert1\n\t"
 #else
-        "BNE.N	L_fe_invert1%=\n\t"
+        "BNE.N	L_fe_invert1_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3603,17 +3723,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x9\n\t"
         "\n"
-    "L_fe_invert2%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_invert2:\n\t"
+#else
+    "L_fe_invert2_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert2%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_invert2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_invert2\n\t"
 #else
-        "BNE.N	L_fe_invert2%=\n\t"
+        "BNE.N	L_fe_invert2_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3624,17 +3750,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x13\n\t"
         "\n"
-    "L_fe_invert3%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_invert3:\n\t"
+#else
+    "L_fe_invert3_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert3%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_invert3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_invert3\n\t"
 #else
-        "BNE.N	L_fe_invert3%=\n\t"
+        "BNE.N	L_fe_invert3_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3642,17 +3774,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0xa\n\t"
         "\n"
-    "L_fe_invert4%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_invert4:\n\t"
+#else
+    "L_fe_invert4_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert4%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_invert4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_invert4\n\t"
 #else
-        "BNE.N	L_fe_invert4%=\n\t"
+        "BNE.N	L_fe_invert4_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3663,17 +3801,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x31\n\t"
         "\n"
-    "L_fe_invert5%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_invert5:\n\t"
+#else
+    "L_fe_invert5_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert5%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_invert5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_invert5\n\t"
 #else
-        "BNE.N	L_fe_invert5%=\n\t"
+        "BNE.N	L_fe_invert5_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3684,17 +3828,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x63\n\t"
         "\n"
-    "L_fe_invert6%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_invert6:\n\t"
+#else
+    "L_fe_invert6_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert6%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_invert6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_invert6\n\t"
 #else
-        "BNE.N	L_fe_invert6%=\n\t"
+        "BNE.N	L_fe_invert6_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3702,17 +3852,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x32\n\t"
         "\n"
-    "L_fe_invert7%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_invert7:\n\t"
+#else
+    "L_fe_invert7_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert7%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_invert7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_invert7\n\t"
 #else
-        "BNE.N	L_fe_invert7%=\n\t"
+        "BNE.N	L_fe_invert7_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3720,17 +3876,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x5\n\t"
         "\n"
-    "L_fe_invert8%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_invert8:\n\t"
+#else
+    "L_fe_invert8_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert8%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_invert8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_invert8\n\t"
 #else
-        "BNE.N	L_fe_invert8%=\n\t"
+        "BNE.N	L_fe_invert8_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4268,17 +4430,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x4\n\t"
         "\n"
-    "L_fe_pow22523_1%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_pow22523_1:\n\t"
+#else
+    "L_fe_pow22523_1_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_1%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_pow22523_1\n\t"
 #else
-        "BNE.N	L_fe_pow22523_1%=\n\t"
+        "BNE.N	L_fe_pow22523_1_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4289,17 +4457,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x9\n\t"
         "\n"
-    "L_fe_pow22523_2%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_pow22523_2:\n\t"
+#else
+    "L_fe_pow22523_2_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_2%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_pow22523_2\n\t"
 #else
-        "BNE.N	L_fe_pow22523_2%=\n\t"
+        "BNE.N	L_fe_pow22523_2_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4310,17 +4484,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x13\n\t"
         "\n"
-    "L_fe_pow22523_3%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_pow22523_3:\n\t"
+#else
+    "L_fe_pow22523_3_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_3%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_pow22523_3\n\t"
 #else
-        "BNE.N	L_fe_pow22523_3%=\n\t"
+        "BNE.N	L_fe_pow22523_3_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -4328,17 +4508,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0xa\n\t"
         "\n"
-    "L_fe_pow22523_4%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_pow22523_4:\n\t"
+#else
+    "L_fe_pow22523_4_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_4%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_pow22523_4\n\t"
 #else
-        "BNE.N	L_fe_pow22523_4%=\n\t"
+        "BNE.N	L_fe_pow22523_4_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4349,17 +4535,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x31\n\t"
         "\n"
-    "L_fe_pow22523_5%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_pow22523_5:\n\t"
+#else
+    "L_fe_pow22523_5_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_5%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_pow22523_5\n\t"
 #else
-        "BNE.N	L_fe_pow22523_5%=\n\t"
+        "BNE.N	L_fe_pow22523_5_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4370,17 +4562,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x63\n\t"
         "\n"
-    "L_fe_pow22523_6%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_pow22523_6:\n\t"
+#else
+    "L_fe_pow22523_6_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_6%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_pow22523_6\n\t"
 #else
-        "BNE.N	L_fe_pow22523_6%=\n\t"
+        "BNE.N	L_fe_pow22523_6_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -4388,17 +4586,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x32\n\t"
         "\n"
-    "L_fe_pow22523_7%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_pow22523_7:\n\t"
+#else
+    "L_fe_pow22523_7_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_7%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_pow22523_7\n\t"
 #else
-        "BNE.N	L_fe_pow22523_7%=\n\t"
+        "BNE.N	L_fe_pow22523_7_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4406,17 +4610,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x2\n\t"
         "\n"
-    "L_fe_pow22523_8%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_fe_pow22523_8:\n\t"
+#else
+    "L_fe_pow22523_8_%=:\n\t"
+#endif
         "MOV	r1, sp\n\t"
         "MOV	r0, sp\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_8%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_fe_pow22523_8\n\t"
 #else
-        "BNE.N	L_fe_pow22523_8%=\n\t"
+        "BNE.N	L_fe_pow22523_8_%=\n\t"
 #endif
         "LDR	r2, [sp, #100]\n\t"
         "MOV	r1, sp\n\t"
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
new file mode 100644
index 0000000000..b727e8164e
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
@@ -0,0 +1,369 @@
+/* thumb2-poly1305-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && defined(__thumb__)
+#ifndef WOLFSSL_ARMASM_INLINE
+	.thumb
+	.syntax unified
+#ifdef HAVE_POLY1305
+	.text
+	.align	4
+	.globl	poly1305_blocks_thumb2_16
+	.type	poly1305_blocks_thumb2_16, %function
+poly1305_blocks_thumb2_16:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x1c
+	CMP	r2, #0x0
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_poly1305_thumb2_16_done
+#else
+	BEQ.N	L_poly1305_thumb2_16_done
+#endif
+	ADD	lr, sp, #0xc
+	STM	lr, {r0, r1, r2, r3}
+	/* Get h pointer */
+	ADD	lr, r0, #0x10
+	LDM	lr, {r4, r5, r6, r7, r8}
+L_poly1305_thumb2_16_loop:
+	/* Add m to h */
+	LDR	r1, [sp, #16]
+	LDR	r2, [r1]
+	LDR	r3, [r1, #4]
+	LDR	r9, [r1, #8]
+	LDR	r10, [r1, #12]
+	LDR	r11, [sp, #24]
+	ADDS	r4, r4, r2
+	ADCS	r5, r5, r3
+	ADCS	r6, r6, r9
+	ADCS	r7, r7, r10
+	ADD	r1, r1, #0x10
+	ADC	r8, r8, r11
+#ifdef WOLFSSL_SP_NO_UMAAL
+	STM	lr, {r4, r5, r6, r7, r8}
+#else
+	/* h[0]-h[2] in r4-r6 for multiplication. */
+	STR	r7, [lr, #12]
+	STR	r8, [lr, #16]
+#endif /* WOLFSSL_SP_NO_UMAAL */
+	STR	r1, [sp, #16]
+	LDR	r1, [sp, #12]
+	/* Multiply h by r */
+#ifdef WOLFSSL_SP_NO_UMAAL
+	/* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+	LDR	r3, [r1]
+	EOR	r0, r0, r0
+	/* r[0] * h[0] */
+	/* h[0] in r4 */
+	UMULL	r4, r5, r3, r4
+	/* r[0] * h[2] */
+	/* h[2] in r6 */
+	UMULL	r6, r7, r3, r6
+	/* r[0] * h[4] */
+	/* h[4] in r8 */
+	MUL	r8, r3, r8
+	/* r[0] * h[1] */
+	LDR	r2, [lr, #4]
+	MOV	r12, r0
+	UMLAL	r5, r12, r3, r2
+	/* r[0] * h[3] */
+	LDR	r2, [lr, #12]
+	ADDS	r6, r6, r12
+	ADC	r7, r7, r0
+	UMLAL	r7, r8, r3, r2
+	/* r[1] * h[0] */
+	LDR	r3, [r1, #4]
+	LDR	r2, [lr]
+	MOV	r12, r0
+	UMLAL	r5, r12, r3, r2
+	/* r[1] * h[1] */
+	LDR	r2, [lr, #4]
+	ADDS	r6, r6, r12
+	ADC	r12, r0, r0
+	UMLAL	r6, r12, r3, r2
+	/* r[1] * h[2] */
+	LDR	r2, [lr, #8]
+	ADDS	r7, r7, r12
+	ADC	r12, r0, r0
+	UMLAL	r7, r12, r3, r2
+	/* r[1] * h[3] */
+	LDR	r2, [lr, #12]
+	ADDS	r8, r8, r12
+	ADC	r9, r0, r0
+	UMLAL	r8, r9, r3, r2
+	/* r[1] * h[4] */
+	LDR	r2, [lr, #16]
+	MLA	r9, r3, r2, r9
+	/* r[2] * h[0] */
+	LDR	r3, [r1, #8]
+	LDR	r2, [lr]
+	MOV	r12, r0
+	UMLAL	r6, r12, r3, r2
+	/* r[2] * h[1] */
+	LDR	r2, [lr, #4]
+	ADDS	r7, r7, r12
+	ADC	r12, r0, r0
+	UMLAL	r7, r12, r3, r2
+	/* r[2] * h[2] */
+	LDR	r2, [lr, #8]
+	ADDS	r8, r8, r12
+	ADC	r12, r0, r0
+	UMLAL	r8, r12, r3, r2
+	/* r[2] * h[3] */
+	LDR	r2, [lr, #12]
+	ADDS	r9, r9, r12
+	ADC	r10, r0, r0
+	UMLAL	r9, r10, r3, r2
+	/* r[2] * h[4] */
+	LDR	r2, [lr, #16]
+	MLA	r10, r3, r2, r10
+	/* r[3] * h[0] */
+	LDR	r3, [r1, #12]
+	LDR	r2, [lr]
+	MOV	r12, r0
+	UMLAL	r7, r12, r3, r2
+	/* r[3] * h[1] */
+	LDR	r2, [lr, #4]
+	ADDS	r8, r8, r12
+	ADC	r12, r0, r0
+	UMLAL	r8, r12, r3, r2
+	/* r[3] * h[2] */
+	LDR	r2, [lr, #8]
+	ADDS	r9, r9, r12
+	ADC	r10, r10, r0
+	UMLAL	r9, r10, r3, r2
+	/* r[3] * h[3] */
+	LDR	r2, [lr, #12]
+	MOV	r11, r0
+	UMLAL	r10, r11, r3, r2
+	/* r[3] * h[4] */
+	LDR	r2, [lr, #16]
+	MOV	r12, r0
+	MLA	r11, r3, r2, r11
+#else
+	LDM	r1, {r0, r1, r2, r3}
+	/* r[0] * h[0] */
+	UMULL	r10, r11, r0, r4
+	/* r[1] * h[0] */
+	UMULL	r12, r7, r1, r4
+	/* r[0] * h[1] */
+	UMAAL	r11, r12, r0, r5
+	/* r[2] * h[0] */
+	UMULL	r8, r9, r2, r4
+	/* r[1] * h[1] */
+	UMAAL	r12, r8, r1, r5
+	/* r[0] * h[2] */
+	UMAAL	r12, r7, r0, r6
+	/* r[3] * h[0] */
+	UMAAL	r8, r9, r3, r4
+	STM	sp, {r10, r11, r12}
+	/* r[2] * h[1] */
+	UMAAL	r7, r8, r2, r5
+	/* Replace h[0] with h[3] */
+	LDR	r4, [lr, #12]
+	/* r[1] * h[2] */
+	UMULL	r10, r11, r1, r6
+	/* r[2] * h[2] */
+	UMAAL	r8, r9, r2, r6
+	/* r[0] * h[3] */
+	UMAAL	r7, r10, r0, r4
+	/* r[3] * h[1] */
+	UMAAL	r8, r11, r3, r5
+	/* r[1] * h[3] */
+	UMAAL	r8, r10, r1, r4
+	/* r[3] * h[2] */
+	UMAAL	r9, r11, r3, r6
+	/* r[2] * h[3] */
+	UMAAL	r9, r10, r2, r4
+	/* Replace h[1] with h[4] */
+	LDR	r5, [lr, #16]
+	/* r[3] * h[3] */
+	UMAAL	r10, r11, r3, r4
+	MOV	r12, #0x0
+	/* r[0] * h[4] */
+	UMAAL	r8, r12, r0, r5
+	/* r[1] * h[4] */
+	UMAAL	r9, r12, r1, r5
+	/* r[2] * h[4] */
+	UMAAL	r10, r12, r2, r5
+	/* r[3] * h[4] */
+	UMAAL	r11, r12, r3, r5
+	/* DONE */
+	LDM	sp, {r4, r5, r6}
+#endif /* WOLFSSL_SP_NO_UMAAL */
+	/* r12 will be zero because r is masked. */
+	/* Load length */
+	LDR	r2, [sp, #20]
+	/* Reduce mod 2^130 - 5 */
+	BIC	r3, r8, #0x3
+	AND	r8, r8, #0x3
+	ADDS	r4, r4, r3
+	LSR	r3, r3, #2
+	ADCS	r5, r5, r9
+	ORR	r3, r3, r9, LSL #30
+	ADCS	r6, r6, r10
+	LSR	r9, r9, #2
+	ADCS	r7, r7, r11
+	ORR	r9, r9, r10, LSL #30
+	ADC	r8, r8, r12
+	LSR	r10, r10, #2
+	ADDS	r4, r4, r3
+	ORR	r10, r10, r11, LSL #30
+	ADCS	r5, r5, r9
+	LSR	r11, r11, #2
+	ADCS	r6, r6, r10
+	ADCS	r7, r7, r11
+	ADC	r8, r8, r12
+	/* Sub 16 from length. */
+	SUBS	r2, r2, #0x10
+	/* Store length. */
+	STR	r2, [sp, #20]
+	/* Loop again if more message to do. */
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGT	L_poly1305_thumb2_16_loop
+#else
+	BGT.N	L_poly1305_thumb2_16_loop
+#endif
+	STM	lr, {r4, r5, r6, r7, r8}
+L_poly1305_thumb2_16_done:
+	ADD	sp, sp, #0x1c
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 250 */
+	.size	poly1305_blocks_thumb2_16,.-poly1305_blocks_thumb2_16
+	.text
+	.type	L_poly1305_thumb2_clamp, %object
+	.size	L_poly1305_thumb2_clamp, 16
+	.align	4
+L_poly1305_thumb2_clamp:
+	.word	0xfffffff
+	.word	0xffffffc
+	.word	0xffffffc
+	.word	0xffffffc
+	.text
+	.align	4
+	.globl	poly1305_set_key
+	.type	poly1305_set_key, %function
+poly1305_set_key:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, lr}
+	/* Load mask. */
+	ADR	r10, L_poly1305_thumb2_clamp
+	LDM	r10, {r6, r7, r8, r9}
+	/* Load and cache padding. */
+	LDR	r2, [r1, #16]
+	LDR	r3, [r1, #20]
+	LDR	r4, [r1, #24]
+	LDR	r5, [r1, #28]
+	ADD	r10, r0, #0x24
+	STM	r10, {r2, r3, r4, r5}
+	/* Load, mask and store r. */
+	LDR	r2, [r1]
+	LDR	r3, [r1, #4]
+	LDR	r4, [r1, #8]
+	LDR	r5, [r1, #12]
+	AND	r2, r2, r6
+	AND	r3, r3, r7
+	AND	r4, r4, r8
+	AND	r5, r5, r9
+	ADD	r10, r0, #0x0
+	STM	r10, {r2, r3, r4, r5}
+	/* h (accumulator) = 0 */
+	EOR	r6, r6, r6
+	EOR	r7, r7, r7
+	EOR	r8, r8, r8
+	EOR	r9, r9, r9
+	ADD	r10, r0, #0x10
+	EOR	r5, r5, r5
+	STM	r10, {r5, r6, r7, r8, r9}
+	/* Zero leftover */
+	STR	r5, [r0, #52]
+	POP	{r4, r5, r6, r7, r8, r9, r10, pc}
+	/* Cycle Count = 70 */
+	.size	poly1305_set_key,.-poly1305_set_key
+	.text
+	.align	4
+	.globl	poly1305_final
+	.type	poly1305_final, %function
+poly1305_final:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	ADD	r11, r0, #0x10
+	LDM	r11, {r2, r3, r4, r5, r6}
+	/* Add 5 and check for h larger than p. */
+	ADDS	r7, r2, #0x5
+	ADCS	r7, r3, #0x0
+	ADCS	r7, r4, #0x0
+	ADCS	r7, r5, #0x0
+	ADC	r7, r6, #0x0
+	SUB	r7, r7, #0x4
+	LSR	r7, r7, #31
+	SUB	r7, r7, #0x1
+	AND	r7, r7, #0x5
+	/* Add 0/5 to h. */
+	ADDS	r2, r2, r7
+	ADCS	r3, r3, #0x0
+	ADCS	r4, r4, #0x0
+	ADC	r5, r5, #0x0
+	/* Add padding */
+	ADD	r11, r0, #0x24
+	LDM	r11, {r7, r8, r9, r10}
+	ADDS	r2, r2, r7
+	ADCS	r3, r3, r8
+	ADCS	r4, r4, r9
+	ADC	r5, r5, r10
+	/* Store MAC */
+	STR	r2, [r1]
+	STR	r3, [r1, #4]
+	STR	r4, [r1, #8]
+	STR	r5, [r1, #12]
+	/* Zero out h. */
+	EOR	r2, r2, r2
+	EOR	r3, r3, r3
+	EOR	r4, r4, r4
+	EOR	r5, r5, r5
+	EOR	r6, r6, r6
+	ADD	r11, r0, #0x10
+	STM	r11, {r2, r3, r4, r5, r6}
+	/* Zero out r. */
+	ADD	r11, r0, #0x0
+	STM	r11, {r2, r3, r4, r5}
+	/* Zero out padding. */
+	ADD	r11, r0, #0x24
+	STM	r11, {r2, r3, r4, r5}
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 82 */
+	.size	poly1305_final,.-poly1305_final
+#endif /* HAVE_POLY1305 */
+#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section        .note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
new file mode 100644
index 0000000000..437141ab06
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
@@ -0,0 +1,422 @@
+/* thumb2-poly1305-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_blocks_thumb2_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, int notLast_p)
+#else
+void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int notLast)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p;
+    register const byte* m __asm__ ("r1") = (const byte*)m_p;
+    register word32 len __asm__ ("r2") = (word32)len_p;
+    register int notLast __asm__ ("r3") = (int)notLast_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x1c\n\t"
+        "CMP	%[len], #0x0\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_poly1305_thumb2_16_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_poly1305_thumb2_16_done\n\t"
+#else
+        "BEQ.N	L_poly1305_thumb2_16_done_%=\n\t"
+#endif
+        "ADD	lr, sp, #0xc\n\t"
+        "STM	lr, {%[ctx], %[m], %[len], %[notLast]}\n\t"
+        /* Get h pointer */
+        "ADD	lr, %[ctx], #0x10\n\t"
+        "LDM	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_poly1305_thumb2_16_loop:\n\t"
+#else
+    "L_poly1305_thumb2_16_loop_%=:\n\t"
+#endif
+        /* Add m to h */
+        "LDR	%[m], [sp, #16]\n\t"
+        "LDR	%[len], [%[m]]\n\t"
+        "LDR	%[notLast], [%[m], #4]\n\t"
+        "LDR	r9, [%[m], #8]\n\t"
+        "LDR	r10, [%[m], #12]\n\t"
+        "LDR	r11, [sp, #24]\n\t"
+        "ADDS	r4, r4, %[len]\n\t"
+        "ADCS	r5, r5, %[notLast]\n\t"
+        "ADCS	r6, r6, r9\n\t"
+        "ADCS	r7, r7, r10\n\t"
+        "ADD	%[m], %[m], #0x10\n\t"
+        "ADC	r8, r8, r11\n\t"
+#ifdef WOLFSSL_SP_NO_UMAAL
+        "STM	lr, {r4, r5, r6, r7, r8}\n\t"
+#else
+        /* h[0]-h[2] in r4-r6 for multiplication. */
+        "STR	r7, [lr, #12]\n\t"
+        "STR	r8, [lr, #16]\n\t"
+#endif /* WOLFSSL_SP_NO_UMAAL */
+        "STR	%[m], [sp, #16]\n\t"
+        "LDR	%[m], [sp, #12]\n\t"
+        /* Multiply h by r */
+#ifdef WOLFSSL_SP_NO_UMAAL
+        /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+        "LDR	%[notLast], [%[m]]\n\t"
+        "EOR	%[ctx], %[ctx], %[ctx]\n\t"
+        /* r[0] * h[0] */
+        /* h[0] in r4 */
+        "UMULL	r4, r5, %[notLast], r4\n\t"
+        /* r[0] * h[2] */
+        /* h[2] in r6 */
+        "UMULL	r6, r7, %[notLast], r6\n\t"
+        /* r[0] * h[4] */
+        /* h[4] in r8 */
+        "MUL	r8, %[notLast], r8\n\t"
+        /* r[0] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r5, r12, %[notLast], %[len]\n\t"
+        /* r[0] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "ADDS	r6, r6, r12\n\t"
+        "ADC	r7, r7, %[ctx]\n\t"
+        "UMLAL	r7, r8, %[notLast], %[len]\n\t"
+        /* r[1] * h[0] */
+        "LDR	%[notLast], [%[m], #4]\n\t"
+        "LDR	%[len], [lr]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r5, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "ADDS	r6, r6, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r6, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[2] */
+        "LDR	%[len], [lr, #8]\n\t"
+        "ADDS	r7, r7, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r7, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "ADDS	r8, r8, r12\n\t"
+        "ADC	r9, %[ctx], %[ctx]\n\t"
+        "UMLAL	r8, r9, %[notLast], %[len]\n\t"
+        /* r[1] * h[4] */
+        "LDR	%[len], [lr, #16]\n\t"
+        "MLA	r9, %[notLast], %[len], r9\n\t"
+        /* r[2] * h[0] */
+        "LDR	%[notLast], [%[m], #8]\n\t"
+        "LDR	%[len], [lr]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r6, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "ADDS	r7, r7, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r7, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[2] */
+        "LDR	%[len], [lr, #8]\n\t"
+        "ADDS	r8, r8, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r8, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "ADDS	r9, r9, r12\n\t"
+        "ADC	r10, %[ctx], %[ctx]\n\t"
+        "UMLAL	r9, r10, %[notLast], %[len]\n\t"
+        /* r[2] * h[4] */
+        "LDR	%[len], [lr, #16]\n\t"
+        "MLA	r10, %[notLast], %[len], r10\n\t"
+        /* r[3] * h[0] */
+        "LDR	%[notLast], [%[m], #12]\n\t"
+        "LDR	%[len], [lr]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r7, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "ADDS	r8, r8, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r8, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[2] */
+        "LDR	%[len], [lr, #8]\n\t"
+        "ADDS	r9, r9, r12\n\t"
+        "ADC	r10, r10, %[ctx]\n\t"
+        "UMLAL	r9, r10, %[notLast], %[len]\n\t"
+        /* r[3] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "MOV	r11, %[ctx]\n\t"
+        "UMLAL	r10, r11, %[notLast], %[len]\n\t"
+        /* r[3] * h[4] */
+        "LDR	%[len], [lr, #16]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "MLA	r11, %[notLast], %[len], r11\n\t"
+#else
+        "LDM	%[m], {%[ctx], %[m], %[len], %[notLast]}\n\t"
+        /* r[0] * h[0] */
+        "UMULL	r10, r11, %[ctx], r4\n\t"
+        /* r[1] * h[0] */
+        "UMULL	r12, r7, %[m], r4\n\t"
+        /* r[0] * h[1] */
+        "UMAAL	r11, r12, %[ctx], r5\n\t"
+        /* r[2] * h[0] */
+        "UMULL	r8, r9, %[len], r4\n\t"
+        /* r[1] * h[1] */
+        "UMAAL	r12, r8, %[m], r5\n\t"
+        /* r[0] * h[2] */
+        "UMAAL	r12, r7, %[ctx], r6\n\t"
+        /* r[3] * h[0] */
+        "UMAAL	r8, r9, %[notLast], r4\n\t"
+        "STM	sp, {r10, r11, r12}\n\t"
+        /* r[2] * h[1] */
+        "UMAAL	r7, r8, %[len], r5\n\t"
+        /* Replace h[0] with h[3] */
+        "LDR	r4, [lr, #12]\n\t"
+        /* r[1] * h[2] */
+        "UMULL	r10, r11, %[m], r6\n\t"
+        /* r[2] * h[2] */
+        "UMAAL	r8, r9, %[len], r6\n\t"
+        /* r[0] * h[3] */
+        "UMAAL	r7, r10, %[ctx], r4\n\t"
+        /* r[3] * h[1] */
+        "UMAAL	r8, r11, %[notLast], r5\n\t"
+        /* r[1] * h[3] */
+        "UMAAL	r8, r10, %[m], r4\n\t"
+        /* r[3] * h[2] */
+        "UMAAL	r9, r11, %[notLast], r6\n\t"
+        /* r[2] * h[3] */
+        "UMAAL	r9, r10, %[len], r4\n\t"
+        /* Replace h[1] with h[4] */
+        "LDR	r5, [lr, #16]\n\t"
+        /* r[3] * h[3] */
+        "UMAAL	r10, r11, %[notLast], r4\n\t"
+        "MOV	r12, #0x0\n\t"
+        /* r[0] * h[4] */
+        "UMAAL	r8, r12, %[ctx], r5\n\t"
+        /* r[1] * h[4] */
+        "UMAAL	r9, r12, %[m], r5\n\t"
+        /* r[2] * h[4] */
+        "UMAAL	r10, r12, %[len], r5\n\t"
+        /* r[3] * h[4] */
+        "UMAAL	r11, r12, %[notLast], r5\n\t"
+        /* DONE */
+        "LDM	sp, {r4, r5, r6}\n\t"
+#endif /* WOLFSSL_SP_NO_UMAAL */
+        /* r12 will be zero because r is masked. */
+        /* Load length */
+        "LDR	%[len], [sp, #20]\n\t"
+        /* Reduce mod 2^130 - 5 */
+        "BIC	%[notLast], r8, #0x3\n\t"
+        "AND	r8, r8, #0x3\n\t"
+        "ADDS	r4, r4, %[notLast]\n\t"
+        "LSR	%[notLast], %[notLast], #2\n\t"
+        "ADCS	r5, r5, r9\n\t"
+        "ORR	%[notLast], %[notLast], r9, LSL #30\n\t"
+        "ADCS	r6, r6, r10\n\t"
+        "LSR	r9, r9, #2\n\t"
+        "ADCS	r7, r7, r11\n\t"
+        "ORR	r9, r9, r10, LSL #30\n\t"
+        "ADC	r8, r8, r12\n\t"
+        "LSR	r10, r10, #2\n\t"
+        "ADDS	r4, r4, %[notLast]\n\t"
+        "ORR	r10, r10, r11, LSL #30\n\t"
+        "ADCS	r5, r5, r9\n\t"
+        "LSR	r11, r11, #2\n\t"
+        "ADCS	r6, r6, r10\n\t"
+        "ADCS	r7, r7, r11\n\t"
+        "ADC	r8, r8, r12\n\t"
+        /* Sub 16 from length. */
+        "SUBS	%[len], %[len], #0x10\n\t"
+        /* Store length. */
+        "STR	%[len], [sp, #20]\n\t"
+        /* Loop again if more message to do. */
+#if defined(__GNUC__)
+        "BGT	L_poly1305_thumb2_16_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_poly1305_thumb2_16_loop\n\t"
+#else
+        "BGT.N	L_poly1305_thumb2_16_loop_%=\n\t"
+#endif
+        "STM	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_poly1305_thumb2_16_done:\n\t"
+#else
+    "L_poly1305_thumb2_16_done_%=:\n\t"
+#endif
+        "ADD	sp, sp, #0x1c\n\t"
+        : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len), [notLast] "+r" (notLast)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+    );
+}
+
+XALIGNED(16) static const uint32_t L_poly1305_thumb2_clamp[] = {
+    0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_set_key(Poly1305* ctx_p, const byte* key_p)
+#else
+void poly1305_set_key(Poly1305* ctx, const byte* key)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p;
+    register const byte* key __asm__ ("r1") = (const byte*)key_p;
+    register uint32_t* L_poly1305_thumb2_clamp_c __asm__ ("r2") = (uint32_t*)&L_poly1305_thumb2_clamp;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        /* Load mask. */
+        "MOV	r10, %[L_poly1305_thumb2_clamp]\n\t"
+        "LDM	r10, {r6, r7, r8, r9}\n\t"
+        /* Load and cache padding. */
+        "LDR	r2, [%[key], #16]\n\t"
+        "LDR	r3, [%[key], #20]\n\t"
+        "LDR	r4, [%[key], #24]\n\t"
+        "LDR	r5, [%[key], #28]\n\t"
+        "ADD	r10, %[ctx], #0x24\n\t"
+        "STM	r10, {r2, r3, r4, r5}\n\t"
+        /* Load, mask and store r. */
+        "LDR	r2, [%[key]]\n\t"
+        "LDR	r3, [%[key], #4]\n\t"
+        "LDR	r4, [%[key], #8]\n\t"
+        "LDR	r5, [%[key], #12]\n\t"
+        "AND	r2, r2, r6\n\t"
+        "AND	r3, r3, r7\n\t"
+        "AND	r4, r4, r8\n\t"
+        "AND	r5, r5, r9\n\t"
+        "ADD	r10, %[ctx], #0x0\n\t"
+        "STM	r10, {r2, r3, r4, r5}\n\t"
+        /* h (accumulator) = 0 */
+        "EOR	r6, r6, r6\n\t"
+        "EOR	r7, r7, r7\n\t"
+        "EOR	r8, r8, r8\n\t"
+        "EOR	r9, r9, r9\n\t"
+        "ADD	r10, %[ctx], #0x10\n\t"
+        "EOR	r5, r5, r5\n\t"
+        "STM	r10, {r5, r6, r7, r8, r9}\n\t"
+        /* Zero leftover */
+        "STR	r5, [%[ctx], #52]\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ctx] "+r" (ctx), [key] "+r" (key),
+          [L_poly1305_thumb2_clamp] "+r" (L_poly1305_thumb2_clamp_c)
+        :
+        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+#else
+        : [ctx] "+r" (ctx), [key] "+r" (key)
+        : [L_poly1305_thumb2_clamp] "r" (L_poly1305_thumb2_clamp)
+        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_final(Poly1305* ctx_p, byte* mac_p)
+#else
+void poly1305_final(Poly1305* ctx, byte* mac)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p;
+    register byte* mac __asm__ ("r1") = (byte*)mac_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "ADD	r11, %[ctx], #0x10\n\t"
+        "LDM	r11, {r2, r3, r4, r5, r6}\n\t"
+        /* Add 5 and check for h larger than p. */
+        "ADDS	r7, r2, #0x5\n\t"
+        "ADCS	r7, r3, #0x0\n\t"
+        "ADCS	r7, r4, #0x0\n\t"
+        "ADCS	r7, r5, #0x0\n\t"
+        "ADC	r7, r6, #0x0\n\t"
+        "SUB	r7, r7, #0x4\n\t"
+        "LSR	r7, r7, #31\n\t"
+        "SUB	r7, r7, #0x1\n\t"
+        "AND	r7, r7, #0x5\n\t"
+        /* Add 0/5 to h. */
+        "ADDS	r2, r2, r7\n\t"
+        "ADCS	r3, r3, #0x0\n\t"
+        "ADCS	r4, r4, #0x0\n\t"
+        "ADC	r5, r5, #0x0\n\t"
+        /* Add padding */
+        "ADD	r11, %[ctx], #0x24\n\t"
+        "LDM	r11, {r7, r8, r9, r10}\n\t"
+        "ADDS	r2, r2, r7\n\t"
+        "ADCS	r3, r3, r8\n\t"
+        "ADCS	r4, r4, r9\n\t"
+        "ADC	r5, r5, r10\n\t"
+        /* Store MAC */
+        "STR	r2, [%[mac]]\n\t"
+        "STR	r3, [%[mac], #4]\n\t"
+        "STR	r4, [%[mac], #8]\n\t"
+        "STR	r5, [%[mac], #12]\n\t"
+        /* Zero out h. */
+        "EOR	r2, r2, r2\n\t"
+        "EOR	r3, r3, r3\n\t"
+        "EOR	r4, r4, r4\n\t"
+        "EOR	r5, r5, r5\n\t"
+        "EOR	r6, r6, r6\n\t"
+        "ADD	r11, %[ctx], #0x10\n\t"
+        "STM	r11, {r2, r3, r4, r5, r6}\n\t"
+        /* Zero out r. */
+        "ADD	r11, %[ctx], #0x0\n\t"
+        "STM	r11, {r2, r3, r4, r5}\n\t"
+        /* Zero out padding. */
+        "ADD	r11, %[ctx], #0x24\n\t"
+        "STM	r11, {r2, r3, r4, r5}\n\t"
+        : [ctx] "+r" (ctx), [mac] "+r" (mac)
+        :
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+    );
+}
+
+#endif /* HAVE_POLY1305 */
+#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305.c b/wolfcrypt/src/port/arm/thumb2-poly1305.c
new file mode 100644
index 0000000000..0091a3283b
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305.c
@@ -0,0 +1,142 @@
+/* armv8-poly1305.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef __thumb__
+
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+#ifdef CHACHA_AEAD_TEST
+    #include <stdio.h>
+#endif
+
+/* Process 16 bytes of message at a time.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ * @param [in] bytes  Length of message in bytes.
+ */
+void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char* m,
+    size_t bytes)
+{
+    poly1305_blocks_thumb2_16(ctx, m, bytes, 1);
+}
+
+/* Process 16 bytes of message.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ */
+void poly1305_block_thumb2(Poly1305* ctx, const unsigned char* m)
+{
+    poly1305_blocks_thumb2_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+
+/* Set the key for the Poly1305 operation.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] key    Key data to use.
+ * @param [in] keySz  Size of key in bytes. Must be 32.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or key is NULL or keySz is not 32.
+ */
+int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
+{
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    word32 k;
+    printf("Poly key used:\n");
+    if (key != NULL) {
+        for (k = 0; k < keySz; k++) {
+            printf("%02x", key[k]);
+            if ((k+1) % 8 == 0)
+                printf("\n");
+        }
+    }
+    printf("\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL) || (keySz != 32)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        poly1305_set_key(ctx, key);
+    }
+
+    return ret;
+}
+
+/* Finalize the Poly1305 operation calculating the MAC.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] mac    Buffer to hold the MAC. Myst be at least 16 bytes long.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or mac is NULL.
+ */
+int wc_Poly1305Final(Poly1305* ctx, byte* mac)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (mac == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Process the remaining partial block - last block. */
+    if (ret == 0) {
+        if (ctx->leftover) {
+             size_t i = ctx->leftover;
+             ctx->buffer[i++] = 1;
+             for (; i < POLY1305_BLOCK_SIZE; i++) {
+                 ctx->buffer[i] = 0;
+             }
+             poly1305_blocks_thumb2_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE,
+                 0);
+        }
+
+        poly1305_final(ctx, mac);
+    }
+
+    return ret;
+}
+
+#endif /* HAVE_POLY1305 */
+#endif /* __aarch64__ */
+#endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
index 30d8dc76b5..4809afbc7d 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-sha256-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -925,7 +925,7 @@ L_SHA256_transform_len_start:
 	STR	r9, [sp, #60]
 	ADD	r3, r3, #0x40
 	SUBS	r12, r12, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_SHA256_transform_len_start
 #else
 	BNE.W	L_SHA256_transform_len_start
@@ -1470,7 +1470,7 @@ L_SHA256_transform_len_start:
 	SUBS	r2, r2, #0x40
 	SUB	r3, r3, #0xc0
 	ADD	r1, r1, #0x40
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_SHA256_transform_len_begin
 #else
 	BNE.W	L_SHA256_transform_len_begin
diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
index ed496b0b5a..903b58e3d0 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-sha256-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -94,7 +94,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
         "STRD	r10, r11, [sp, #88]\n\t"
         /* Start of loop processing a block */
         "\n"
-    "L_SHA256_transform_len_begin%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_SHA256_transform_len_begin:\n\t"
+#else
+    "L_SHA256_transform_len_begin_%=:\n\t"
+#endif
         /* Load, Reverse and Store W - 64 bytes */
         "LDR	r4, [%[data]]\n\t"
         "LDR	r5, [%[data], #4]\n\t"
@@ -142,7 +146,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
         "MOV	r12, #0x3\n\t"
         /* Start of 16 rounds */
         "\n"
-    "L_SHA256_transform_len_start%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_SHA256_transform_len_start:\n\t"
+#else
+    "L_SHA256_transform_len_start_%=:\n\t"
+#endif
         /* Round 0 */
         "LDR	r5, [%[sha256], #16]\n\t"
         "LDR	r6, [%[sha256], #20]\n\t"
@@ -897,10 +905,12 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
         "STR	r9, [sp, #60]\n\t"
         "ADD	r3, r3, #0x40\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_SHA256_transform_len_start%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_SHA256_transform_len_start_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_SHA256_transform_len_start\n\t"
 #else
-        "BNE.W	L_SHA256_transform_len_start%=\n\t"
+        "BNE.W	L_SHA256_transform_len_start_%=\n\t"
 #endif
         /* Round 0 */
         "LDR	r5, [%[sha256], #16]\n\t"
@@ -1442,10 +1452,12 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
         "SUBS	%[len], %[len], #0x40\n\t"
         "SUB	r3, r3, #0xc0\n\t"
         "ADD	%[data], %[data], #0x40\n\t"
-#ifdef __GNUC__
-        "BNE	L_SHA256_transform_len_begin%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_SHA256_transform_len_begin_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_SHA256_transform_len_begin\n\t"
 #else
-        "BNE.W	L_SHA256_transform_len_begin%=\n\t"
+        "BNE.W	L_SHA256_transform_len_begin_%=\n\t"
 #endif
         "ADD	sp, sp, #0xc0\n\t"
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
index 1069055949..de12f723c0 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-sha3-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1157,7 +1157,7 @@ L_sha3_thumb2_begin:
 	STR	lr, [r0, #164]
 	LDR	r2, [sp, #200]
 	SUBS	r2, r2, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_sha3_thumb2_begin
 #else
 	BNE.W	L_sha3_thumb2_begin
diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
index 53fa09646c..a22b9acc56 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-sha3-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -77,7 +77,11 @@ void BlockSha3(word64* state)
         "MOV	r1, %[L_sha3_thumb2_rt]\n\t"
         "MOV	r2, #0xc\n\t"
         "\n"
-    "L_sha3_thumb2_begin%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sha3_thumb2_begin:\n\t"
+#else
+    "L_sha3_thumb2_begin_%=:\n\t"
+#endif
         "STR	r2, [sp, #200]\n\t"
         /* Round even */
         /* Calc b[4] */
@@ -1137,10 +1141,12 @@ void BlockSha3(word64* state)
         "STR	lr, [%[state], #164]\n\t"
         "LDR	r2, [sp, #200]\n\t"
         "SUBS	r2, r2, #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_sha3_thumb2_begin%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sha3_thumb2_begin_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_sha3_thumb2_begin\n\t"
 #else
-        "BNE.W	L_sha3_thumb2_begin%=\n\t"
+        "BNE.W	L_sha3_thumb2_begin_%=\n\t"
 #endif
         "ADD	sp, sp, #0xcc\n\t"
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
index 4723ad6ac6..9170e9457f 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -2319,7 +2319,7 @@ L_SHA512_transform_len_start:
 	STRD	r4, r5, [sp, #120]
 	ADD	r3, r3, #0x80
 	SUBS	r12, r12, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_SHA512_transform_len_start
 #else
 	BNE.W	L_SHA512_transform_len_start
@@ -3656,7 +3656,7 @@ L_SHA512_transform_len_start:
 	SUBS	r2, r2, #0x80
 	SUB	r3, r3, #0x200
 	ADD	r1, r1, #0x80
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_SHA512_transform_len_begin
 #else
 	BNE.W	L_SHA512_transform_len_begin
diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
index 35363ba3aa..bd998025ad 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -126,7 +126,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
         "STRD	r10, r11, [sp, #184]\n\t"
         /* Start of loop processing a block */
         "\n"
-    "L_SHA512_transform_len_begin%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_SHA512_transform_len_begin:\n\t"
+#else
+    "L_SHA512_transform_len_begin_%=:\n\t"
+#endif
         /* Load, Reverse and Store W */
         "LDR	r4, [%[data]]\n\t"
         "LDR	r5, [%[data], #4]\n\t"
@@ -232,7 +236,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
         "MOV	r12, #0x4\n\t"
         /* Start of 16 rounds */
         "\n"
-    "L_SHA512_transform_len_start%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_SHA512_transform_len_start:\n\t"
+#else
+    "L_SHA512_transform_len_start_%=:\n\t"
+#endif
         /* Round 0 */
         "LDRD	r4, r5, [%[sha512], #32]\n\t"
         "LSRS	r6, r4, #14\n\t"
@@ -2219,10 +2227,12 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
         "STRD	r4, r5, [sp, #120]\n\t"
         "ADD	r3, r3, #0x80\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_SHA512_transform_len_start%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_SHA512_transform_len_start_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_SHA512_transform_len_start\n\t"
 #else
-        "BNE.W	L_SHA512_transform_len_start%=\n\t"
+        "BNE.W	L_SHA512_transform_len_start_%=\n\t"
 #endif
         /* Round 0 */
         "LDRD	r4, r5, [%[sha512], #32]\n\t"
@@ -3556,10 +3566,12 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
         "SUBS	%[len], %[len], #0x80\n\t"
         "SUB	r3, r3, #0x200\n\t"
         "ADD	%[data], %[data], #0x80\n\t"
-#ifdef __GNUC__
-        "BNE	L_SHA512_transform_len_begin%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_SHA512_transform_len_begin_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_SHA512_transform_len_begin\n\t"
 #else
-        "BNE.W	L_SHA512_transform_len_begin%=\n\t"
+        "BNE.W	L_SHA512_transform_len_begin_%=\n\t"
 #endif
         "EOR	r0, r0, r0\n\t"
         "ADD	sp, sp, #0xc0\n\t"
diff --git a/wolfcrypt/src/port/atmel/README.md b/wolfcrypt/src/port/atmel/README.md
index 1a76643948..01b11a040d 100644
--- a/wolfcrypt/src/port/atmel/README.md
+++ b/wolfcrypt/src/port/atmel/README.md
@@ -24,7 +24,7 @@ Requires the Microchip CryptoAuthLib library. The examples in `wolfcrypt/src/por
 * `WOLFSSL_ATECC_TFLXTLS`: Enable support for Microchip TrustFLEX with custom PKI module configuration
 * `WOLFSSL_ATECC_DEBUG`: Enable wolfSSL ATECC debug messages.
 * `WOLFSSL_ATMEL`: Enables ASF hooks seeding random data using the `atmel_get_random_number` function.
-* `WOLFSSL_ATMEL_TIME`: Enables the built-in `atmel_get_curr_time_and_date` function get getting time from ASF RTC. 
+* `WOLFSSL_ATMEL_TIME`: Enables the built-in `atmel_get_curr_time_and_date` function get getting time from ASF RTC.
 * `ATECC_GET_ENC_KEY`: Macro to define your own function for getting the encryption key.
 * `ATECC_SLOT_I2C_ENC`: Macro for the default encryption key slot. Can also get via the slot callback with `ATMEL_SLOT_ENCKEY`.
 * `ATECC_MAX_SLOT`: Macro for the maximum dynamically allocated slots.
@@ -35,7 +35,7 @@ Requires the Microchip CryptoAuthLib library. The examples in `wolfcrypt/src/por
 `#define HAVE_PK_CALLBACKS`
 `#define WOLFSSL_ATECC_PKCB`
 
-or 
+or
 
 `./configure CFLAGS="-DWOLFSSL_ATECC608A"`
 `#define WOLFSSL_ATECC608A`
diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c
index b3c6b7906c..31ad98fb45 100644
--- a/wolfcrypt/src/port/atmel/atmel.c
+++ b/wolfcrypt/src/port/atmel/atmel.c
@@ -1,6 +1,6 @@
 /* atmel.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/autosar/README.md b/wolfcrypt/src/port/autosar/README.md
index 004989ae91..39fd501fab 100644
--- a/wolfcrypt/src/port/autosar/README.md
+++ b/wolfcrypt/src/port/autosar/README.md
@@ -31,15 +31,15 @@ There is an example test case located at wolfcrypt/src/port/autsar/example.c. Af
 
 ## 4.0 API Implemented
 
-- Std_ReturnType Csm_Decrypt(uint32 jobId,                            
-         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength, 
-         uint8* resultPtr, uint32* resultLengthPtr);                             
-- Std_ReturnType Csm_Encrypt(uint32 jobId,                            
-         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength, 
-         uint8* resultPtr, uint32* resultLengthPtr);                             
-- Std_ReturnType Csm_KeyElementSet(uint32 keyId, uint32 keyElementId, 
-         const uint8* keyPtr, uint32 keyLength);                                 
-- Std_ReturnType Csm_RandomGenerate( uint32 jobId, uint8* resultPtr,  
+- Std_ReturnType Csm_Decrypt(uint32 jobId,
+         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength,
+         uint8* resultPtr, uint32* resultLengthPtr);
+- Std_ReturnType Csm_Encrypt(uint32 jobId,
+         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength,
+         uint8* resultPtr, uint32* resultLengthPtr);
+- Std_ReturnType Csm_KeyElementSet(uint32 keyId, uint32 keyElementId,
+         const uint8* keyPtr, uint32 keyLength);
+- Std_ReturnType Csm_RandomGenerate( uint32 jobId, uint8* resultPtr,
          uint32* resultLengthPtr);
 
-Along with the structures necessary for these API.
\ No newline at end of file
+Along with the structures necessary for these API.
diff --git a/wolfcrypt/src/port/autosar/cryif.c b/wolfcrypt/src/port/autosar/cryif.c
index 0bd767b4b2..6fd9cc1a22 100644
--- a/wolfcrypt/src/port/autosar/cryif.c
+++ b/wolfcrypt/src/port/autosar/cryif.c
@@ -28,13 +28,15 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_AUTOSAR
+#ifndef NO_WOLFSSL_AUTOSAR_CRYIF
+
 #include <wolfssl/version.h>
 #include <wolfssl/wolfcrypt/port/autosar/Csm.h>
 #include <wolfssl/wolfcrypt/port/autosar/CryIf.h>
 #include <wolfssl/wolfcrypt/port/autosar/Crypto.h>
 
-#ifdef WOLFSSL_AUTOSAR
-#ifndef NO_WOLFSSL_AUTOSAR_CRYIF
 
 #include <wolfssl/wolfcrypt/logging.h>
 
diff --git a/wolfcrypt/src/port/autosar/crypto.c b/wolfcrypt/src/port/autosar/crypto.c
index f7812f190c..d5a7509f6b 100644
--- a/wolfcrypt/src/port/autosar/crypto.c
+++ b/wolfcrypt/src/port/autosar/crypto.c
@@ -25,12 +25,12 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/port/autosar/Csm.h>
-#include <wolfssl/wolfcrypt/port/autosar/Crypto.h>
 
 #ifdef WOLFSSL_AUTOSAR
 #ifndef NO_WOLFSSL_AUTOSAR_CRYPTO
 
+#include <wolfssl/wolfcrypt/port/autosar/Csm.h>
+#include <wolfssl/wolfcrypt/port/autosar/Crypto.h>
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/random.h>
diff --git a/wolfcrypt/src/port/autosar/csm.c b/wolfcrypt/src/port/autosar/csm.c
index f5df124b9a..8fa6063a71 100644
--- a/wolfcrypt/src/port/autosar/csm.c
+++ b/wolfcrypt/src/port/autosar/csm.c
@@ -25,14 +25,15 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_AUTOSAR
+#ifndef NO_WOLFSSL_AUTOSAR_CSM
+
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/version.h>
 #include <wolfssl/wolfcrypt/port/autosar/Csm.h>
 #include <wolfssl/wolfcrypt/port/autosar/CryIf.h>
 
-#ifdef WOLFSSL_AUTOSAR
-#ifndef NO_WOLFSSL_AUTOSAR_CSM
-
 
 /* AutoSAR 4.4 */
 /* basic shim layer to plug in wolfSSL crypto */
diff --git a/wolfcrypt/src/port/autosar/test.c b/wolfcrypt/src/port/autosar/test.c
index 4c311f189f..29cd8fc3e2 100644
--- a/wolfcrypt/src/port/autosar/test.c
+++ b/wolfcrypt/src/port/autosar/test.c
@@ -24,6 +24,9 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_AUTOSAR
+
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/autosar/Csm.h>
 #define BLOCK_SIZE 16
@@ -428,3 +431,5 @@ int main(int argc, char* argv[])
 #endif /* REDIRECTION_CONFIG */
     return ret;
 }
+
+#endif /* WOLFSSL_AUTOSAR */
diff --git a/wolfcrypt/src/port/caam/caam_aes.c b/wolfcrypt/src/port/caam/caam_aes.c
index 56efdacf10..b744c12447 100644
--- a/wolfcrypt/src/port/caam/caam_aes.c
+++ b/wolfcrypt/src/port/caam/caam_aes.c
@@ -1,6 +1,6 @@
 /* caam_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/caam_driver.c b/wolfcrypt/src/port/caam/caam_driver.c
index e0007c9cb7..d98574f688 100644
--- a/wolfcrypt/src/port/caam/caam_driver.c
+++ b/wolfcrypt/src/port/caam/caam_driver.c
@@ -1,6 +1,6 @@
 /* caam_driver.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #if (defined(__INTEGRITY) || defined(INTEGRITY)) || \
     (defined(__QNX__) || defined(__QNXNTO__))
 
diff --git a/wolfcrypt/src/port/caam/caam_error.c b/wolfcrypt/src/port/caam/caam_error.c
index 00830520f3..ba52aa5778 100644
--- a/wolfcrypt/src/port/caam/caam_error.c
+++ b/wolfcrypt/src/port/caam/caam_error.c
@@ -1,6 +1,6 @@
 /* caam_error.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #if (defined(__INTEGRITY) || defined(INTEGRITY)) || \
     (defined(__QNX__) || defined(__QNXNTO__))
 
diff --git a/wolfcrypt/src/port/caam/caam_integrity.c b/wolfcrypt/src/port/caam/caam_integrity.c
index b520d61464..bbe4dcef9f 100644
--- a/wolfcrypt/src/port/caam/caam_integrity.c
+++ b/wolfcrypt/src/port/caam/caam_integrity.c
@@ -1,6 +1,6 @@
 /* caam_integrity.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/caam_qnx.c b/wolfcrypt/src/port/caam/caam_qnx.c
index 0c2525743a..0c5e407a6a 100644
--- a/wolfcrypt/src/port/caam/caam_qnx.c
+++ b/wolfcrypt/src/port/caam/caam_qnx.c
@@ -1,6 +1,6 @@
 /* caam_qnx.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/caam_sha.c b/wolfcrypt/src/port/caam/caam_sha.c
index 03ef6e0c5e..6964a3c4cb 100644
--- a/wolfcrypt/src/port/caam/caam_sha.c
+++ b/wolfcrypt/src/port/caam/caam_sha.c
@@ -1,6 +1,6 @@
 /* caam_sha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_aes.c b/wolfcrypt/src/port/caam/wolfcaam_aes.c
index 73b82426d2..02930c64bd 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_aes.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_aes.c
@@ -1,6 +1,6 @@
 /* wolfcaam_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_cmac.c b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
index 737f19da01..28a7e9821b 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_cmac.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
@@ -1,6 +1,6 @@
 /* wolfcaam_cmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
index c84b0807af..e9f55f21e7 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
@@ -1,6 +1,6 @@
 /* wolfcaam_ecdsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
index 848d682598..b0bf50d72c 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
@@ -1,6 +1,6 @@
 /* wolfcaam_fsl_nxp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -160,9 +160,7 @@ static int wc_CAAM_CommonHash(caam_handle_t* hndl, caam_hash_ctx_t *ctx,
         }
 
         status = CAAM_HASH_Update(ctx, alignedIn, inSz);
-        if (tmpIn != NULL) {
-            XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (status != kStatus_Success) {
             return WC_HW_E;
         }
@@ -339,9 +337,7 @@ static int DoAesCTR(unsigned int args[4], CAAM_BUFFER *buf, int sz)
         XMEMCPY((byte*)buf[3].TheAddress, alignedOut, buf[3].Length);
         XFREE(tmpOut, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (tmpIn != NULL) {
-        XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (status != kStatus_Success) {
         return -1;
     }
@@ -491,9 +487,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
 
     status = CAAM_ECC_Sign(CAAM, &hndl, k, kSz, alignedIn, inlen, r, rSz, s,
         sSz, ecdsel, enc);
-    if (tmpIn != NULL) {
-        XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (status != kStatus_Success) {
         ret = -1;
@@ -604,9 +598,7 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
 
     status = CAAM_ECC_Verify(CAAM, &hndl, qxy, qxLen+qyLen, rbuf,
         keySz, sbuf, keySz, alignedIn, hashlen, ecdsel);
-    if (tmpIn != NULL) {
-        XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     *res = 0;
     if (status == kStatus_Success) {
         *res = 1;
diff --git a/wolfcrypt/src/port/caam/wolfcaam_hash.c b/wolfcrypt/src/port/caam/wolfcaam_hash.c
index f64a29d9ef..c05b40b99d 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_hash.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_hash.c
@@ -1,6 +1,6 @@
 /* wolfcaam_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_hmac.c b/wolfcrypt/src/port/caam/wolfcaam_hmac.c
index 947a742956..95d6a04eae 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_hmac.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_hmac.c
@@ -1,6 +1,6 @@
 /* wolfcaam_hmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_init.c b/wolfcrypt/src/port/caam/wolfcaam_init.c
index 94f2aea732..3abb4d9226 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_init.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_qnx.c b/wolfcrypt/src/port/caam/wolfcaam_qnx.c
index 23db33c965..a6bebbc6e2 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_qnx.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_qnx.c
@@ -1,6 +1,6 @@
 /* wolfcaam_qnx.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_rsa.c b/wolfcrypt/src/port/caam/wolfcaam_rsa.c
index f035a0b70b..ac824ecec2 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_rsa.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_rsa.c
@@ -1,6 +1,6 @@
 /* wolfcaam_rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_seco.c b/wolfcrypt/src/port/caam/wolfcaam_seco.c
index 8326f308f2..d7abc55da3 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_seco.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_seco.c
@@ -1,6 +1,6 @@
 /* wolfcaam_seco.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1215,9 +1215,7 @@ word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv,
         }
     }
 
-    if (wrappedKey != NULL) {
-        XFREE(wrappedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(wrappedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (wc_TranslateHSMError(0, err) != Success) {
         return 0;
diff --git a/wolfcrypt/src/port/caam/wolfcaam_x25519.c b/wolfcrypt/src/port/caam/wolfcaam_x25519.c
index 6147380250..9ead7b4092 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_x25519.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_x25519.c
@@ -1,6 +1,6 @@
 /* wolfcaam_x25519.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/cavium/cavium_octeon_sync.c b/wolfcrypt/src/port/cavium/cavium_octeon_sync.c
index d498022a65..d16768796c 100644
--- a/wolfcrypt/src/port/cavium/cavium_octeon_sync.c
+++ b/wolfcrypt/src/port/cavium/cavium_octeon_sync.c
@@ -1,6 +1,6 @@
 /* cavium_octeon_sync.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/cuda/aes-cuda.cu b/wolfcrypt/src/port/cuda/aes-cuda.cu
index 0fec5d35c4..1fc462188c 100644
--- a/wolfcrypt/src/port/cuda/aes-cuda.cu
+++ b/wolfcrypt/src/port/cuda/aes-cuda.cu
@@ -1,6 +1,6 @@
 /* aes.cu
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/cypress/psoc6_crypto.c b/wolfcrypt/src/port/cypress/psoc6_crypto.c
index 15f3d207cc..d9fc620305 100644
--- a/wolfcrypt/src/port/cypress/psoc6_crypto.c
+++ b/wolfcrypt/src/port/cypress/psoc6_crypto.c
@@ -1,6 +1,6 @@
 /* psoc6_crypto.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
index 18f5cd7a34..ba12d2583b 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
@@ -1,6 +1,6 @@
 /* devcrypto_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c
index 7a8c1d174e..b2c07a2ddb 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c
@@ -1,6 +1,6 @@
 /* devcrypto_ecdsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_hash.c b/wolfcrypt/src/port/devcrypto/devcrypto_hash.c
index e3268a5e6e..6b8f5a86fa 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_hash.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_hash.c
@@ -1,6 +1,6 @@
 /* devcrypto_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c b/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c
index 70d428a969..e1044372ec 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c
@@ -1,6 +1,6 @@
 /* devcrypto_hmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c
index d7221ee69a..0949c74a0b 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c
@@ -1,6 +1,6 @@
 /* devcrypto_rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -244,20 +244,13 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out,
         }
     }
 
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (q != NULL)
-        XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (dp != NULL)
-        XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (dq != NULL)
-        XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (u != NULL)
-        XFREE(u,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (n != NULL)
-        XFREE(n,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     wc_DevCryptoFree(dev);
     return ret;
@@ -311,10 +304,8 @@ static int _PublicOperation(const byte* in, word32 inlen, byte* out,
     }
     wc_DevCryptoFree(&key->ctx);
 
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (e != NULL)
-        XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -556,21 +547,13 @@ int wc_DevCrypto_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     #endif
     }
 
-    if (p != NULL)
-        XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (q != NULL)
-        XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (dp != NULL)
-        XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (dq != NULL)
-        XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (c != NULL)
-        XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (n != NULL)
-        XFREE(n, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (d != NULL) {
-        XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(n, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     (void)rng;
     return ret;
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c b/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c
index 66e3bdc398..3e2a525642 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c
@@ -1,6 +1,6 @@
 /* devcrypto_x25519.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/wc_devcrypto.c b/wolfcrypt/src/port/devcrypto/wc_devcrypto.c
index 0b3eedbf73..950e6c26c4 100644
--- a/wolfcrypt/src/port/devcrypto/wc_devcrypto.c
+++ b/wolfcrypt/src/port/devcrypto/wc_devcrypto.c
@@ -1,6 +1,6 @@
 /* wc_devcrypto.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/intel/quickassist_sync.c b/wolfcrypt/src/port/intel/quickassist_sync.c
index 1a6a33e5b6..e92dde6323 100644
--- a/wolfcrypt/src/port/intel/quickassist_sync.c
+++ b/wolfcrypt/src/port/intel/quickassist_sync.c
@@ -1,6 +1,6 @@
 /* quickassist_sync.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -359,21 +359,15 @@ void IntelQaHardwareStop(void)
                 status);
     }
 
-    if (g_cyInstMap) {
-        XFREE(g_cyInstMap, NULL, DYNAMIC_TYPE_ASYNC);
-        g_cyInstMap = NULL;
-    }
+    XFREE(g_cyInstMap, NULL, DYNAMIC_TYPE_ASYNC);
+    g_cyInstMap = NULL;
 
-    if (g_cyInstanceInfo) {
-        XFREE(g_cyInstanceInfo, NULL, DYNAMIC_TYPE_ASYNC);
-        g_cyInstanceInfo = NULL;
-    }
+    XFREE(g_cyInstanceInfo, NULL, DYNAMIC_TYPE_ASYNC);
+    g_cyInstanceInfo = NULL;
 
 #ifdef QAT_USE_POLLING_CHECK
-    if (g_cyPolling) {
-        XFREE(g_cyPolling, NULL, DYNAMIC_TYPE_ASYNC);
-        g_cyPolling = NULL;
-    }
+    XFREE(g_cyPolling, NULL, DYNAMIC_TYPE_ASYNC);
+    g_cyPolling = NULL;
     if (g_PollLock) {
         for (i=0; i<g_numInstances; i++) {
             pthread_mutex_destroy(&g_PollLock[i]);
@@ -881,31 +875,20 @@ static void IntelQaSymCipherFree(IntelQaDev* dev)
     CpaBufferList* pDstBuffer = &dev->op.cipher.bufferList;
 
     if (opData) {
-        if (opData->pAdditionalAuthData) {
-            XFREE(opData->pAdditionalAuthData, dev->heap,
-                    DYNAMIC_TYPE_ASYNC_NUMA);
-            opData->pAdditionalAuthData = NULL;
-        }
-        if (opData->pIv) {
-            XFREE(opData->pIv, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
-            opData->pIv = NULL;
-        }
+        XFREE(opData->pAdditionalAuthData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
+        opData->pAdditionalAuthData = NULL;
+        XFREE(opData->pIv, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
+        opData->pIv = NULL;
         XMEMSET(opData, 0, sizeof(CpaCySymOpData));
     }
     if (pDstBuffer) {
         if (pDstBuffer->pBuffers) {
-            if (pDstBuffer->pBuffers->pData) {
-                XFREE(pDstBuffer->pBuffers->pData, dev->heap,
-                        DYNAMIC_TYPE_ASYNC_NUMA);
-                pDstBuffer->pBuffers->pData = NULL;
-            }
+            XFREE(pDstBuffer->pBuffers->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
+            pDstBuffer->pBuffers->pData = NULL;
             XMEMSET(pDstBuffer->pBuffers, 0, sizeof(CpaFlatBuffer));
         }
-        if (pDstBuffer->pPrivateMetaData) {
-            XFREE(pDstBuffer->pPrivateMetaData, dev->heap,
-                    DYNAMIC_TYPE_ASYNC_NUMA);
-            pDstBuffer->pPrivateMetaData = NULL;
-        }
+        XFREE(pDstBuffer->pPrivateMetaData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
+        pDstBuffer->pPrivateMetaData = NULL;
         XMEMSET(pDstBuffer, 0, sizeof(CpaBufferList));
     }
 
diff --git a/wolfcrypt/src/port/iotsafe/iotsafe.c b/wolfcrypt/src/port/iotsafe/iotsafe.c
index 0e7537a1a6..19879cff47 100644
--- a/wolfcrypt/src/port/iotsafe/iotsafe.c
+++ b/wolfcrypt/src/port/iotsafe/iotsafe.c
@@ -1,6 +1,6 @@
 /* iotsafe.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/kcapi/README.md b/wolfcrypt/src/port/kcapi/README.md
index 459b0ec879..a325fe37ba 100644
--- a/wolfcrypt/src/port/kcapi/README.md
+++ b/wolfcrypt/src/port/kcapi/README.md
@@ -27,7 +27,7 @@ cd libkcapi
 
 autoreconf -i
 
-./configure	--enable-kcapi-test \
+./configure --enable-kcapi-test \
     --enable-kcapi-speed \
     --enable-kcapi-hasher \
     --enable-kcapi-rngapp \
diff --git a/wolfcrypt/src/port/kcapi/kcapi_aes.c b/wolfcrypt/src/port/kcapi/kcapi_aes.c
index 1f1aa03f4c..4ed6f9e3bd 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_aes.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_aes.c
@@ -1,6 +1,6 @@
 /* kcapi_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/kcapi/kcapi_dh.c b/wolfcrypt/src/port/kcapi/kcapi_dh.c
index 7989e5f55e..9b69abc193 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_dh.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_dh.c
@@ -1,6 +1,6 @@
 /* kcapi_dh.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -70,9 +70,7 @@ static int KcapiDh_SetParams(DhKey* key)
         }
     }
 
-    if (pkcs3 != NULL) {
-        XFREE(pkcs3, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(pkcs3, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/kcapi/kcapi_ecc.c b/wolfcrypt/src/port/kcapi/kcapi_ecc.c
index 1f66b5222a..3be5b76bbf 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_ecc.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_ecc.c
@@ -1,6 +1,6 @@
 /* kcapi_ecc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/kcapi/kcapi_hash.c b/wolfcrypt/src/port/kcapi/kcapi_hash.c
index f4a3b43c09..c6fca932aa 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_hash.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_hash.c
@@ -1,6 +1,6 @@
 /* kcapi_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -51,10 +51,8 @@ void KcapiHashFree(wolfssl_KCAPI_Hash* hash)
         }
 
     #if defined(WOLFSSL_KCAPI_HASH_KEEP)
-        if (hash->msg != NULL) {
-            XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            hash->msg = NULL;
-        }
+        XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        hash->msg = NULL;
     #endif
     }
 }
diff --git a/wolfcrypt/src/port/kcapi/kcapi_hmac.c b/wolfcrypt/src/port/kcapi/kcapi_hmac.c
index 0a5d467515..7cdba82541 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_hmac.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_hmac.c
@@ -1,6 +1,6 @@
 /* kcapi_hmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/kcapi/kcapi_rsa.c b/wolfcrypt/src/port/kcapi/kcapi_rsa.c
index cafca14e70..a989141354 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_rsa.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_rsa.c
@@ -1,6 +1,6 @@
 /* kcapi_rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -76,9 +76,7 @@ static int KcapiRsa_SetPrivKey(RsaKey* key)
         }
     }
 
-    if (priv != NULL) {
-        XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -167,9 +165,7 @@ static int KcapiRsa_SetPubKey(RsaKey* key)
         }
     }
 
-    if (pub != NULL) {
-        XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/liboqs/liboqs.c b/wolfcrypt/src/port/liboqs/liboqs.c
index 19b32cdce7..2b2de87731 100644
--- a/wolfcrypt/src/port/liboqs/liboqs.c
+++ b/wolfcrypt/src/port/liboqs/liboqs.c
@@ -1,6 +1,6 @@
 /* liboqs.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/maxim/README.md b/wolfcrypt/src/port/maxim/README.md
index 55cb2a04c6..3919ffd0f9 100644
--- a/wolfcrypt/src/port/maxim/README.md
+++ b/wolfcrypt/src/port/maxim/README.md
@@ -1,14 +1,144 @@
-wolfSSL using Analog Devices MAXQ1065 or MAX1080
+wolfSSL using Analog Devices MAXQ1065, MAX1080, MAX32665 or MAX32666
 ================================================
 
 ## Overview
 
 wolfSSL can be configured to use the MAXQ1065 or MAX1080 cryptographic
-controllers. Product datasheets, user guides and other resources can be found at
+controllers. wolfSSL can also be configure to utilize the TPU
+(crypto accelerator), MAA (math accelerator), and TRNG available on select
+MAX32665 and MAX32666 microcontroller.
+
+Product datasheets, user guides and other resources can be found at
 Analog Devices website:
 
 https://www.analog.com
 
+# MAX32665/MAX32666
+## Build and Usage
+
+wolfSSL supports the [Maxim SDK](https://github.com/analogdevicesinc/msdk), to
+utilize the TPU and MAA located on the devices.
+
+Building is supported by adding `#define WOLFSSL_MAX3266X` to `user_settings.h`.
+wolfSSL supports the usage of the older style API Maxim provides with the
+`#define WOLFSSL_MAX3266X_OLD` to `user_settings.h`.
+
+When using `WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD` you will also need to
+add `#define WOLFSSL_SP_MATH_ALL` to `user_settings.h`.
+
+If you want to be more specific on what hardware acceleration you want to use,
+this can be done by adding any combination of these defines:
+```
+#define MAX3266X_RNG    - Allows usage of TRNG device
+#define MAX3266X_AES    - Allows usage of TPU for AES Acceleration
+#define MAX3266X_SHA    - Allows usage of TPU for Hash Acceleration
+#define MAX3266X_MATH   - Allows usage of MAA for MOD based Math Acceleration
+```
+For this you will still need to use `#define WOLFSSL_MAX3266X` or `#define WOLFSSL_MAX3266X_OLD`.
+When you use a specific hardware define like `#define MAX3266X_RNG` this will
+mean only the TRNG device is being used, and all other operations will use the
+default software implementations.
+
+The other prerequisite is that a change needs to be made to the Maxim SDK. This
+is to use the MAA Math Accelerator, this change only needs to be made if you are
+using `#define WOLFSSL_MAX3266X` or `define WOLFSSL_MAX3266X_OLD` by themselves
+or you are specifying `#define MAX3266X_MATH`. This is only needed if you are
+not using the latest Maxim SDK.
+
+In the SDK you will need to find the underlying function that
+`MXC_TPU_MAA_Compute()` from `tpu.h` compute calls in the newer SDK. In the
+older SDK this function is called `MAA_Compute()` in `maa.h`. In the underlying
+function you will need to this:
+
+```
+MXC_SETFIELD(tpu->maa_ctrl, MXC_F_TPU_REVA_MAA_CTRL_CLC, clc);
+```
+to
+```
+MXC_SETFIELD(tpu->maa_ctrl, MXC_F_TPU_REVA_MAA_CTRL_CLC,
+                clc << MXC_F_TPU_REVA_MAA_CTRL_CLC_POS);
+```
+
+This bug has been reported to Analog Devices and a PR has been made
+[here](https://github.com/analogdevicesinc/msdk/pull/1104)
+if you want to know more details on the issue, or use a patch.
+
+
+## Supported Algos
+Using these defines will replace software implementations with a call to the
+hardware.
+
+`#define MAX3266X_RNG`
+- Uses entropy from TRNG to seed HASHDRBG
+
+`#define MAX3266X_AES`:
+
+- AES-CBC: 128, 192, 256
+- AES-ECB: 128, 192, 256
+
+`#define MAX3266X_SHA`:
+
+- SHA-1
+- SHA-224
+- SHA-256
+- SHA-384
+- SHA-512
+
+Please note that when using `MAX3266X_SHA` there will be a limitation when
+attempting to do a larger sized hash as the SDK for the hardware currently
+expects a the whole msg buffer to be given.
+
+`#define MAX3266X_MATH` (Replaces math operation calls for algos
+like RSA and ECC key generation):
+
+- mod:      `a mod m = r`
+- addmod:   `(a+b)mod m = r`
+- submod:   `(a-b)mod m = r`
+- mulmod:   `(a*b)mod m = r`
+- sqrmod:   `(b^2)mod m = r`
+- exptmod:  `(b^e)mod m = r`
+
+## Crypto Callback Support
+This port also supports using the Crypto Callback functionality in wolfSSL.
+When `WOLF_CRYPTO_CB` is defined in `user_settings.h` along with
+`WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD` it will build the library to allow
+the ability to switch between hardware and software implementations.
+
+Crypto Callbacks only support using the hardware for these Algorithms:
+
+- AES ECB: 128, 192, 256
+- AES CBC: 128, 192, 256
+- SHA-1
+- SHA-256
+- SHA-384
+- SHA-512
+
+When using `WOLF_CRYPTO_CB` and `WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD`,
+`MAX3266X_MATH` is turned off and is is currently not supported to use with
+`WOLF_CRYPTO_CB`.
+
+The Hardware of the port will be used by default when no devId is set.
+To use software versions of the support Callback Algorithms the devId will need
+to be set to `INVALID_DEVID`.
+
+For more information about Crypto Callbacks and how to use them please refer to
+the [wolfSSL manual](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter06.html).
+
+## Extra Information
+For more Verbose info you can use `#define DEBUG_WOLFSSL` in combination with
+`#define MAX3266X_VERBOSE` to see if errors are occurring during the hardware
+setup/
+
+To reproduce benchmark numbers you can use `#define MAX3266X_RTC`.
+Do note that this will only work with `#define WOLFSSL_MAX3266X` and not
+`#define WOLFSSL_MAX3266X_OLD`. This is only meant for benchmark reproduction
+and not for any other application. Please implement your own rtc/time code for
+anything else.
+
+For more information about the TPU, MAA, and TRNG please refer to the
+[MAX32665/MAX32666 User Guide: UG6971](https://www.analog.com/media/en/technical-documentation/user-guides/max32665max32666-user-guide.pdf)
+
+# MAXQ1065/MAX1080
 ## Build and Usage
 
 Please use the appropriate SDK or Evkit to build wolfSSL.
diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c
new file mode 100644
index 0000000000..6dc324df0e
--- /dev/null
+++ b/wolfcrypt/src/port/maxim/max3266x.c
@@ -0,0 +1,1552 @@
+/* max3266x.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+
+#include <stdint.h>
+#include <stdarg.h>
+
+#include <wolfssl/wolfcrypt/wolfmath.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+
+#if defined(USE_FAST_MATH) || defined(USE_INTEGER_HEAP_MATH)
+    #error  MXC Not Compatible with Fast Math or Heap Math
+    #include <wolfssl/wolfcrypt/tfm.h>
+    #define MXC_WORD_SIZE               DIGIT_BIT
+#elif defined(WOLFSSL_SP_MATH_ALL)
+    #include <wolfssl/wolfcrypt/sp_int.h>
+    #define MXC_WORD_SIZE               SP_WORD_SIZE
+#else
+    #error MXC HW port needs #define WOLFSSL_SP_MATH_ALL
+#endif
+
+/* Max size MAA can handle */
+#define MXC_MAA_MAX_SIZE (2048 / MXC_WORD_SIZE)
+
+int wc_MXC_TPU_Init(void)
+{
+    /* Initialize the TPU device */
+    if (MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) {
+        MAX3266X_MSG("Device did not initialize");
+        return RNG_FAILURE_E;
+    }
+    return 0;
+}
+
+int wc_MXC_TPU_Shutdown(void)
+{
+    /* Shutdown the TPU device */
+#if defined(WOLFSSL_MAX3266X_OLD)
+    MXC_TPU_Shutdown(); /* Is a void return in older SDK */
+#else
+    if (MXC_TPU_Shutdown(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) {
+        MAX3266X_MSG("Device did not shutdown");
+        return RNG_FAILURE_E;
+    }
+#endif
+    MAX3266X_MSG("TPU Hardware Shutdown");
+    return 0;
+}
+
+
+#ifdef WOLF_CRYPTO_CB
+int wc_MxcAesCryptoCb(wc_CryptoInfo* info)
+{
+    switch (info->cipher.type) {
+#ifdef HAVE_AES_CBC
+        case WC_CIPHER_AES_CBC:
+            if (info->cipher.enc == 1) {
+                return wc_MxcCb_AesCbcEncrypt(info->cipher.aescbc.aes,
+                                                info->cipher.aescbc.out,
+                                                info->cipher.aescbc.in,
+                                                info->cipher.aescbc.sz);
+            }
+            #ifdef HAVE_AES_DECRYPT
+            else if (info->cipher.enc == 0) {
+                return wc_MxcCb_AesCbcDecrypt(info->cipher.aescbc.aes,
+                                                info->cipher.aescbc.out,
+                                                info->cipher.aescbc.in,
+                                                info->cipher.aescbc.sz);
+                }
+            #endif
+            break; /* Break out and return error */
+#endif
+#ifdef HAVE_AES_ECB
+        case WC_CIPHER_AES_ECB:
+            if (info->cipher.enc == 1) {
+                return wc_MxcCb_AesEcbEncrypt(info->cipher.aesecb.aes,
+                                                info->cipher.aesecb.out,
+                                                info->cipher.aesecb.in,
+                                                info->cipher.aesecb.sz);
+            }
+            #ifdef HAVE_AES_DECRYPT
+            else if (info->cipher.enc == 0) {
+                return wc_MxcCb_AesEcbDecrypt(info->cipher.aesecb.aes,
+                                                info->cipher.aesecb.out,
+                                                info->cipher.aesecb.in,
+                                                info->cipher.aesecb.sz);
+                }
+            #endif
+            break; /* Break out and return error */
+#endif
+        default:
+            /* Is not ECB/CBC/GCM */
+            return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+    /* Just in case code breaks of switch statement return error */
+    return BAD_FUNC_ARG;
+}
+
+#ifdef MAX3266X_SHA_CB
+
+int wc_MxcShaCryptoCb(wc_CryptoInfo* info)
+{
+    switch (info->hash.type) {
+    #ifndef NO_SHA
+        case WC_HASH_TYPE_SHA:
+            MAX3266X_MSG("SHA-1 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha1->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 1 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha1->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA1);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA224
+        case WC_HASH_TYPE_SHA224:
+            MAX3266X_MSG("SHA-224 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha224->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 256 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha224->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA224);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifndef NO_SHA256
+        case WC_HASH_TYPE_SHA256:
+            MAX3266X_MSG("SHA-256 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha256->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 256 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha256->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA256);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA384
+        case WC_HASH_TYPE_SHA384:
+            MAX3266X_MSG("SHA-384 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha384->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 384 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha384->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA384);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA512
+        case WC_HASH_TYPE_SHA512:
+            MAX3266X_MSG("SHA-512 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha512->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 512 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha512->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA512);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+        default:
+            /* Hash type not supported */
+            return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+    if (info->hash.inSz == 0) {
+        return 0; /* Dont need to Update when Size is Zero */
+    }
+    return BAD_FUNC_ARG;
+}
+#endif /* MAX3266X_SHA_CB */
+
+/* Determines AES Type for Callback */
+/* General Callback Function to determine ALGO Type */
+int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
+{
+    int ret;
+    (void)ctx;
+
+    if (info == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef DEBUG_CRYPTOCB
+    wc_CryptoCb_InfoString(info);
+#endif
+
+    switch (info->algo_type) {
+        case WC_ALGO_TYPE_CIPHER:
+            MAX3266X_MSG("Using MXC AES HW Callback:");
+            ret = wc_MxcAesCryptoCb(info); /* Determine AES HW or SW */
+            break;
+#ifdef MAX3266X_SHA_CB
+        case WC_ALGO_TYPE_HASH:
+            MAX3266X_MSG("Using MXC SHA HW Callback:");
+            ret = wc_MxcShaCryptoCb(info); /* Determine SHA HW or SW */
+            break;
+#endif /* MAX3266X_SHA_CB */
+        default:
+            MAX3266X_MSG("Callback not support with MXC, using SW");
+            /* return this to bypass HW and use SW */
+            ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+
+    return ret;
+}
+#endif
+
+/* Convert Error Codes Correctly and Report HW error when */
+/* using #define MAX3266X_VERBOSE */
+int wc_MXC_error(int *ret)
+{
+    if (ret == NULL) {
+        /* In case somehow pointer to the return code is NULL */
+        return BAD_FUNC_ARG;
+    }
+    switch (*ret) {
+        case E_SUCCESS:
+            return 0;
+
+        case E_INVALID: /* Process Failed */
+            MAX3266X_MSG("HW Reported: E_INVALID Error");
+            *ret = WC_HW_E;
+            break;
+
+        case E_NULL_PTR:
+            MAX3266X_MSG("HW Reported: E_NULL_PTR Error");
+            *ret = BAD_FUNC_ARG;
+            break;
+
+        case E_BAD_PARAM:
+            MAX3266X_MSG("HW Reported: E_BAD_PARAM Error");
+            *ret = BAD_FUNC_ARG;
+            break;
+
+        case E_BAD_STATE:
+            MAX3266X_MSG("HW Reported: E_BAD_STATE Error");
+            *ret = WC_HW_E;
+            break;
+
+        default:
+            MAX3266X_MSG("HW Reported an Unknown Error");
+            *ret = WC_HW_E; /* If something else return HW Error */
+            break;
+    }
+    return *ret;
+}
+
+
+#if defined(MAX3266X_RNG)
+/* Simple call to SDK's TRNG HW */
+int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz)
+{
+    int status;
+    if (output == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwRngMutexLock(); /* Lock Mutex needed since */
+                                         /* calling TPU init */
+    if (status != 0) {
+        return status;
+    }
+    status = MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG);
+    if (status == 0) {
+        /* void return function */
+        MXC_TPU_TRNG_Read(MXC_TRNG, output, sz);
+        MAX3266X_MSG("TRNG Hardware Used");
+    }
+    else {
+        MAX3266X_MSG("TRNG Device did not initialize");
+        status = RNG_FAILURE_E;
+    }
+    wolfSSL_HwRngMutexUnLock(); /* Unlock Mutex no matter status value */
+    return status;
+}
+#endif /* MAX3266X_RNG */
+
+#if defined(MAX3266X_AES)
+/* Generic call to the SDK's AES 1 shot Encrypt based on inputs given */
+int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv,
+                            const unsigned char* enc_key,
+                            MXC_TPU_MODE_TYPE mode, unsigned int data_size,
+                            unsigned char* out, unsigned int keySize)
+{
+    int status;
+    if (in == NULL || iv == NULL || enc_key == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwAesMutexLock();
+    MAX3266X_MSG("AES HW Encryption");
+    if (status != 0) {
+        MAX3266X_MSG("Hardware Mutex Failure");
+        return status;
+    }
+    switch (keySize) {
+        case MXC_AES_KEY_128_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 128 Bit");
+            break;
+        case MXC_AES_KEY_192_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 192 Bit");
+            break;
+        case MXC_AES_KEY_256_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 256 Bit");
+            break;
+        default:
+            MAX3266X_MSG("AES HW ERROR: Length Not Supported");
+            wolfSSL_HwAesMutexUnLock();
+            return BAD_FUNC_ARG;
+    }
+    wolfSSL_HwAesMutexUnLock();
+    if (status != 0) {
+        MAX3266X_MSG("AES HW Acceleration Error Occurred");
+        return WC_HW_E;
+    }
+    return status;
+}
+
+
+/* Encrypt AES Crypto Callbacks*/
+#if defined(WOLF_CRYPTO_CB)
+
+#ifdef HAVE_AES_ECB
+int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->devKey,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef HAVE_AES_CBC
+int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 keySize;
+    int status;
+    byte *iv;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Always enforce a length check */
+    if (sz % AES_BLOCK_SIZE) {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        return BAD_LENGTH_E;
+    #else
+        return BAD_FUNC_ARG;
+    #endif
+    }
+    if (sz == 0) {
+        return 0;
+    }
+
+    iv = (byte*)aes->reg;
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->devKey,
+                                    MXC_TPU_MODE_CBC, sz, out,
+                                    (unsigned int)keySize);
+    /* store iv for next call */
+    if (status == 0) {
+        XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    }
+    return (status == 0) ? 0 : -1;
+}
+#endif /* HAVE_AES_CBC */
+#endif /* WOLF_CRYPTO_CB */
+
+#ifdef HAVE_AES_DECRYPT
+/* Generic call to the SDK's AES 1 shot decrypt based on inputs given */
+int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv,
+                            const unsigned char* dec_key,
+                            MXC_TPU_MODE_TYPE mode, unsigned int data_size,
+                            unsigned char* out, unsigned int keySize)
+{
+    int status;
+    if (in == NULL || iv == NULL || dec_key == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwAesMutexLock();
+    if (status != 0) {
+        return status;
+    }
+    switch (keySize) {
+        case MXC_AES_KEY_128_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 128 Bit");
+            break;
+        case MXC_AES_KEY_192_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 192 Bit");
+            break;
+        case MXC_AES_KEY_256_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 256 Bit");
+            break;
+        default:
+            MAX3266X_MSG("AES HW ERROR: Length Not Supported");
+            wolfSSL_HwAesMutexUnLock();
+            return BAD_FUNC_ARG;
+    }
+    wolfSSL_HwAesMutexUnLock();
+    if (status != 0) {
+        MAX3266X_MSG("AES HW Acceleration Error Occurred");
+        return WC_HW_E;
+    }
+    return status;
+}
+
+/* Decrypt Aes Crypto Callbacks*/
+#if defined(WOLF_CRYPTO_CB)
+
+#ifdef HAVE_AES_ECB
+int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->devKey,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef HAVE_AES_CBC
+int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 keySize;
+    int status;
+    byte *iv;
+    byte temp_block[AES_BLOCK_SIZE];
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Always enforce a length check */
+    if (sz % AES_BLOCK_SIZE) {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        return BAD_LENGTH_E;
+    #else
+        return BAD_FUNC_ARG;
+    #endif
+    }
+    if (sz == 0) {
+        return 0;
+    }
+
+    iv = (byte*)aes->reg;
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    /* get IV for next call */
+    XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->devKey,
+                                    MXC_TPU_MODE_CBC, sz, out,
+                                    keySize);
+
+    /* store iv for next call */
+    if (status == 0) {
+        XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
+    }
+    return (status == 0) ? 0 : -1;
+}
+#endif /* HAVE_AES_CBC */
+#endif /* WOLF_CRYPTO_CB */
+#endif /* HAVE_AES_DECRYPT */
+#endif /* MAX3266X_AES */
+
+#if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+
+int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash)
+{
+    if (hash == NULL) {
+        return BAD_FUNC_ARG; /* Appropriate error handling for null argument */
+    }
+    hash->msg = NULL;
+    hash->used = 0;
+    hash->size = 0;
+    return 0;
+}
+
+/* Used to update the msg. Currently the SDK only supports 1 shots, so the */
+/* hash->msg buffer needs to be updated and resized. hash->msg will keep the */
+/* unhashed msg and produce a digest when wc_MXC_TPU_SHA_Final or */
+/* wc_MXC_TPU_SHA_GetHash is called */
+int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, const unsigned char* data,
+                            unsigned int size)
+{
+    void *p;
+    /* Only update if size is not 0 */
+    if (size == 0) {
+        return 0;
+    }
+    /* Check for NULL pointers After Size Check */
+    if (hash == NULL || data == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (hash->size < hash->used+size) {
+        if (hash->msg == NULL) {
+            p = XMALLOC(hash->used+size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+        else {
+            #ifdef WOLFSSL_NO_REALLOC
+            p = XMALLOC(hash->used + size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (p != NULL) {
+                XMEMCPY(p, hash->msg, hash->used);
+                XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            }
+            #else
+            p = XREALLOC(hash->msg, hash->used+size, NULL,
+                            DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
+        }
+        if (p == NULL) {
+            return MEMORY_E;
+        }
+        hash->msg = p;
+        hash->size = hash->used+size;
+    }
+    XMEMCPY(hash->msg+hash->used, data, size);
+    hash->used += size;
+    if (hash->msg == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+
+int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest,
+                                MXC_TPU_HASH_TYPE algo)
+{
+    int status;
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wc_MXC_TPU_SHA_GetDigest(hash, digest, algo);
+    /* True Case that msg is an empty string */
+    if (status == 1) {
+        /* Hardware cannot handle the case of an empty string */
+        /* so in the case of this we will provide the hash via software */
+        return 0;
+    }
+    /* False Case where msg needs to be processed */
+    else if (status == 0) {
+        status = wolfSSL_HwHashMutexLock(); /* Set Mutex */
+        if (status != 0) { /* Mutex Call Check */
+            return status;
+        }
+        MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TPU);
+        MXC_TPU_Hash_Config(algo);
+        status = MXC_TPU_Hash_SHA((const char *)hash->msg, algo, hash->size,
+                                         (char *)digest);
+        MAX3266X_MSG("SHA HW Acceleration Used");
+        wolfSSL_HwHashMutexUnLock(); /* Release Mutex */
+        if (wc_MXC_error(&status) != 0) {
+            MAX3266X_MSG("SHA HW Error Occurred");
+            return status;
+        }
+    }
+    /* Error Occurred */
+    return status;
+}
+
+/* Calls GetHash to determine the digest and then reinitialize the hash */
+/* struct */
+int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash, unsigned char* digest,
+                                    MXC_TPU_HASH_TYPE algo)
+{
+    int status;
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wc_MXC_TPU_SHA_GetHash(hash, digest, algo);
+    /* Free hash->msg no matter result */
+    XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (status != 0) {
+        return status;
+    }
+    status = wc_MXC_TPU_SHA_Init(hash);
+    if (status != 0) {
+        return status;
+    }
+    return status;
+}
+
+/* Copies Struct values from SRC struct to DST struct */
+int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst)
+{
+    if (src == NULL || dst == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    dst->used = src->used;
+    dst->size = src->size;
+    if (dst->msg == src->msg && src->msg != 0) {
+        /* Allocate new memory for dst->msg if it points to the same location */
+        /* as src->msg */
+        dst->msg = (unsigned char*)XMALLOC(src->size, NULL,
+                                            DYNAMIC_TYPE_TMP_BUFFER);
+        if (dst->msg == NULL) {
+            return MEMORY_E; /* Handle memory allocation failure */
+        }
+    }
+    XMEMCPY(dst->msg, src->msg, src->size);
+    return 0;
+}
+
+/* Free the given struct's msg buffer and then reinitialize the struct to 0 */
+/* returns void to match other wc_Sha*Free api */
+void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash)
+{
+    if (hash == NULL) {
+        return; /* Hash Struct is Null already, dont edit potentially */
+                /* undefined memory */
+    }
+    XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    wc_MXC_TPU_SHA_Init(hash); /* sets hash->msg to null + zero's attributes */
+    return;
+}
+
+/* Acts as a True/False if true it will provide the stored digest */
+/* for the edge case of an empty string */
+int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest,
+                                        MXC_TPU_HASH_TYPE algo)
+{
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (hash->msg == 0 && hash->size == 0) {
+        switch (algo) {
+            #ifndef NO_SHA
+            case MXC_TPU_HASH_SHA1:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA1, WC_SHA_DIGEST_SIZE);
+                break;
+            #endif /* NO_SHA */
+            #ifdef WOLFSSL_SHA224
+            case MXC_TPU_HASH_SHA224:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA224, WC_SHA224_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA224 */
+            #ifndef NO_SHA256
+            case MXC_TPU_HASH_SHA256:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA256, WC_SHA256_DIGEST_SIZE);
+                break;
+            #endif /* NO_SHA256 */
+            #ifdef WOLFSSL_SHA384
+            case MXC_TPU_HASH_SHA384:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA384, WC_SHA384_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA384 */
+            #ifdef WOLFSSL_SHA512
+            case MXC_TPU_HASH_SHA512:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA512, WC_SHA512_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA512 */
+            default:
+                return BAD_FUNC_ARG;
+        }
+        return 1; /* True */
+    }
+    return 0; /* False */
+}
+
+#ifndef MAX3266X_SHA_CB
+#if !defined(NO_SHA)
+
+WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
+{
+    if (sha == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha);
+}
+
+WOLFSSL_API int wc_ShaUpdate(wc_Sha* sha, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(sha, data, len);
+}
+
+WOLFSSL_API int wc_ShaFinal(wc_Sha* sha, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha, hash,
+                                        MXC_TPU_HASH_SHA1);
+}
+
+WOLFSSL_API int wc_ShaGetHash(wc_Sha* sha, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha, hash,
+                                        MXC_TPU_HASH_SHA1);
+}
+
+WOLFSSL_API int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
+{
+    return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst);
+}
+
+WOLFSSL_API void wc_ShaFree(wc_Sha* sha)
+{
+    wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha);
+    return;
+}
+
+#endif /* NO_SHA */
+
+#if defined(WOLFSSL_SHA224)
+
+WOLFSSL_API int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
+{
+    if (sha224 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha224);
+}
+
+WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224)
+{
+    return wc_InitSha224_ex(sha224, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha224Update(wc_Sha224* sha224, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(sha224, data, len);
+}
+
+WOLFSSL_API int wc_Sha224Final(wc_Sha224* sha224, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha224, hash,
+                                        MXC_TPU_HASH_SHA224);
+}
+
+WOLFSSL_API int wc_Sha224GetHash(wc_Sha224* sha224, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha224, hash,
+                                        MXC_TPU_HASH_SHA224);
+}
+
+WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
+{
+    return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst);
+}
+
+WOLFSSL_API void wc_Sha224Free(wc_Sha224* sha224)
+{
+    wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha224);
+    return;
+}
+
+#endif /* WOLFSSL_SHA224 */
+
+#if !defined(NO_SHA256)
+
+WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
+{
+    if (sha256 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha256);
+}
+
+WOLFSSL_API int wc_InitSha256(wc_Sha256* sha256)
+{
+    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha256, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(sha256, data, len);
+}
+
+WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha256, hash,
+                                        MXC_TPU_HASH_SHA256);
+}
+
+WOLFSSL_API int wc_Sha256GetHash(wc_Sha256* sha256, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha256, hash,
+                                        MXC_TPU_HASH_SHA256);
+}
+
+WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
+{
+    return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst);
+}
+
+WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256)
+{
+    wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha256);
+    return;
+}
+
+#endif /* NO_SHA256 */
+
+#if defined(WOLFSSL_SHA384)
+
+WOLFSSL_API int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
+{
+    if (sha384 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha384);
+}
+
+WOLFSSL_API int wc_InitSha384(wc_Sha384* sha384)
+{
+    return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha384Update(wc_Sha384* sha384, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(sha384, data, len);
+}
+
+WOLFSSL_API int wc_Sha384Final(wc_Sha384* sha384, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha384, hash,
+                                        MXC_TPU_HASH_SHA384);
+}
+
+WOLFSSL_API int wc_Sha384GetHash(wc_Sha384* sha384, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha384, hash,
+                                        MXC_TPU_HASH_SHA384);
+}
+
+WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
+{
+    return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst);
+}
+
+WOLFSSL_API void wc_Sha384Free(wc_Sha384* sha384)
+{
+    wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha384);
+    return;
+}
+
+#endif /* WOLFSSL_SHA384 */
+
+#if defined(WOLFSSL_SHA512)
+
+WOLFSSL_API int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    if (sha512 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha512);
+}
+
+WOLFSSL_API int wc_InitSha512(wc_Sha512* sha512)
+{
+    return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha512, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(sha512, data, len);
+}
+
+WOLFSSL_API int wc_Sha512Final(wc_Sha512* sha512, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha512, hash,
+                                        MXC_TPU_HASH_SHA512);
+}
+
+WOLFSSL_API int wc_Sha512GetHash(wc_Sha512* sha512, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha512, hash,
+                                        MXC_TPU_HASH_SHA512);
+}
+
+WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst);
+}
+
+WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha512)
+{
+    wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha512);
+    return;
+}
+
+#endif /* WOLFSSL_SHA512 */
+#endif /* !MAX3266X_SHA_CB*/
+#endif /* MAX3266X_SHA || MAX3266X_SHA_CB */
+
+#if defined(MAX3266X_MATH)
+
+/* Sets mutex and initializes hardware according to needed operation size */
+int wc_MXC_MAA_init(unsigned int len)
+{
+    int status;
+    MAX3266X_MSG("Setting Hardware Mutex and Starting MAA");
+    status = wolfSSL_HwPkMutexLock();
+    if (status == 0) {
+        status = MXC_TPU_MAA_Init(len);
+    }
+    return wc_MXC_error(&status); /* Return Status of Init */
+}
+
+/* Unlocks mutex and preforms graceful shutdown of hardware */
+int wc_MXC_MAA_Shutdown(void)
+{
+    int status;
+    MAX3266X_MSG("Unlocking Hardware Mutex and Shutting Down MAA");
+    status = MXC_TPU_MAA_Shutdown();
+    if (status == E_BAD_PARAM) { /* Miss leading, Send WC_HW_ERROR */
+                                /* This is returned when MAA cannot stop */
+        status = WC_HW_E;
+    }
+    wolfSSL_HwPkMutexUnLock(); /* Always call Unlock in shutdown */
+    return wc_MXC_error(&status);
+}
+
+/* Update used number for mp_int struct for results */
+int wc_MXC_MAA_adjustUsed(unsigned int *array, unsigned int length)
+{
+    int i, lastNonZeroIndex;
+    lastNonZeroIndex = -1; /* Track the last non-zero index */
+    for (i = 0; i < length; i++) {
+        if (array[i] != 0) {
+            lastNonZeroIndex = i;
+        }
+    }
+    return (lastNonZeroIndex + 1);
+}
+
+/* Determines the size of operation that needs to happen */
+unsigned int wc_MXC_MAA_Largest(unsigned int count, ...)
+{
+    va_list args;
+    int i;
+    unsigned int largest, num;
+    va_start(args, count);
+    largest = va_arg(args, unsigned int);
+    for (i = 1; i < count; i++) {
+        num = va_arg(args, unsigned int);
+        if (num > largest) {
+            largest = num;
+        }
+    }
+    va_end(args);
+    return largest;
+}
+
+/* Determines if we need to fallback to Software */
+int wc_MXC_MAA_Fallback(unsigned int count, ...)
+{
+    va_list args;
+    int num, i;
+    va_start(args, count);
+    for (i = 0; i < count; i++) {
+        num = va_arg(args, unsigned int);
+        if (num > MXC_MAA_MAX_SIZE) {
+            MAX3266X_MSG("HW Falling Back to Software");
+            return 1;
+        }
+    }
+    va_end(args);
+    MAX3266X_MSG("HW Can Handle Input");
+    return 0;
+}
+
+/* Have to zero pad the entire data array up to 256 bytes(2048 bits) */
+/* If length > 256 bytes then error */
+int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand,
+                            mp_int* exp, mp_int* mod, mp_int* result,
+                            MXC_TPU_MAA_TYPE clc, unsigned int length)
+{
+    mp_digit* zero_tmp;
+    MAX3266X_MSG("Zero Padding Buffers for Hardware");
+    if (length > MXC_MAA_MAX_SIZE) {
+        MAX3266X_MSG("Hardware cannot exceed 2048 bit input");
+        return BAD_FUNC_ARG;
+    }
+    if ((result == NULL) || (multiplier == NULL) || (multiplicand == NULL) ||
+            ((exp == NULL) && (clc == MXC_TPU_MAA_EXP)) || (mod == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Create an array to compare values to to check edge for error edge case */
+    zero_tmp = (mp_digit*)XMALLOC(multiplier->size*sizeof(mp_digit), NULL,
+                                    DYNAMIC_TYPE_TMP_BUFFER);
+    if (zero_tmp == NULL) {
+        MAX3266X_MSG("NULL pointer found after XMALLOC call");
+        return MEMORY_E;
+    }
+    XMEMSET(zero_tmp, 0x00, multiplier->size*sizeof(mp_digit));
+
+    /* Check for invalid arguments befor padding */
+    switch ((char)clc) {
+        case MXC_TPU_MAA_EXP:
+            /* Cannot be 0 for a^e mod m operation */
+            if (XMEMCMP(zero_tmp, exp, (exp->used*sizeof(mp_digit))) == 0) {
+                XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                MAX3266X_MSG("Cannot use Value 0 for Exp");
+                return BAD_FUNC_ARG;
+            }
+
+            /* Pad out rest of data if used != length to ensure no */
+            /* garbage is used in calculation */
+            if ((exp != NULL) && (clc == MXC_TPU_MAA_EXP)) {
+                if ((exp->dp != NULL) && (exp->used < length)) {
+                    MAX3266X_MSG("Zero Padding Exp Buffer");
+                    XMEMSET(exp->dp + exp->used, 0x00,
+                            sizeof(int) *(length - exp->used));
+                }
+            }
+
+        /* Fall through to check mod is not 0 */
+        case MXC_TPU_MAA_SQ:
+        case MXC_TPU_MAA_MUL:
+        case MXC_TPU_MAA_SQMUL:
+        case MXC_TPU_MAA_ADD:
+        case MXC_TPU_MAA_SUB:
+            /* Cannot be 0 for mod m value */
+            if (XMEMCMP(zero_tmp, mod, (exp->used*sizeof(mp_digit))) == 0) {
+                XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                MAX3266X_MSG("Cannot use Value 0 for Exp");
+                return BAD_FUNC_ARG;
+            }
+
+            /* Pad out rest of data if used != length to ensure no */
+            /* garbage is used in calculation */
+            if ((multiplier->dp != NULL) && (multiplier->used < length)) {
+                MAX3266X_MSG("Zero Padding Multiplier Buffer");
+                XMEMSET(multiplier->dp + multiplier->used, 0x00,
+                    sizeof(int) * (length - multiplier->used));
+            }
+            if ((multiplicand->dp != NULL) && (multiplicand->used < length)) {
+                MAX3266X_MSG("Zero Padding Multiplicand Buffer");
+                XMEMSET(multiplicand->dp + multiplicand->used, 0x00,
+                    sizeof(int) * (length - multiplicand->used));
+            }
+            if ((mod->dp != NULL) && (mod->used < length)) {
+                MAX3266X_MSG("Zero Padding Mod Buffer");
+                XMEMSET(mod->dp + mod->used, 0x00,
+                            sizeof(int) *(length - mod->used));
+            }
+            break;
+        default:
+            /* Free the zero array used to check values */
+            XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return BAD_FUNC_ARG; /* Invalid clc given */
+    }
+    /* Free the zero array used to check values */
+    XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    /* Make sure result is 0 padded */
+    if (result->dp != NULL) {
+        ForceZero(result->dp, sizeof(int)*(length));
+        result->used = length;
+    }
+    else if (result == NULL) {
+        return BAD_FUNC_ARG; /* Cannot be null */
+    }
+    return 0;
+}
+
+
+
+/* General Control Over MAA Hardware to handle all needed Cases */
+int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp,
+                                mp_int* mod, mp_int* result,
+                                MXC_TPU_MAA_TYPE clc)
+{
+    int ret;
+    int length;
+    mp_int* result_tmp_ptr;
+    mp_int result_tmp;
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            (exp == NULL && clc == MXC_TPU_MAA_EXP) || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Check if result shares struct pointer */
+    if ((multiplier == result) || (multiplicand == result) || (exp == result) ||
+            (mod == result)) {
+            MAX3266X_MSG("Creating Temp Result Buffer for Hardware");
+            result_tmp_ptr = &result_tmp; /* Assign point to temp struct */
+    }
+    else {
+        result_tmp_ptr = result; /* No Shared Point to directly assign */
+    }
+    if (result_tmp_ptr == NULL) {
+        MAX3266X_MSG("tmp ptr is null");
+        return MP_VAL;
+    }
+
+    if (clc == MXC_TPU_MAA_EXP) {
+        length = wc_MXC_MAA_Largest(5, multiplier->used, multiplicand->used,
+                                           exp->used, mod->used, result->used);
+    }
+    else {
+        length = wc_MXC_MAA_Largest(4, multiplier->used, multiplicand->used,
+                                        mod->used, result->used);
+    }
+
+    /* Zero Pad everything if needed */
+    ret = wc_MXC_MAA_zeroPad(multiplier, multiplicand, exp, mod, result_tmp_ptr,
+                                clc, length);
+    if (ret != 0) {
+        MAX3266X_MSG("Zero Padding Failed");
+        return ret;
+    }
+
+    /* Init MAA HW */
+    ret = wc_MXC_MAA_init(length*sizeof(mp_digit)*8);
+    if (ret != 0) {
+        MAX3266X_MSG("HW Init Failed");
+        wolfSSL_HwPkMutexUnLock();
+        return ret;
+    }
+
+    /* Start Math And Cast to expect types for SDK */
+    MAX3266X_MSG("Starting Computation in MAA");
+    ret = MXC_TPU_MAA_Compute(clc, (char *)(multiplier->dp),
+                                    (char *)(multiplicand->dp),
+                                    (char *)(exp->dp), (char *)(mod->dp),
+                                    (int *)(result_tmp_ptr->dp),
+                                    (length*sizeof(mp_digit)));
+    MAX3266X_MSG("MAA Finished Computation");
+    if (wc_MXC_error(&ret) != 0) {
+        MAX3266X_MSG("HW Computation Error");
+        wolfSSL_HwPkMutexUnLock();
+        return ret;
+    }
+
+    ret = wc_MXC_MAA_Shutdown();
+    if (ret != 0) {
+        MAX3266X_MSG("HW Shutdown Failure");
+        /* Shutdown will always call wolfSSL_HwPkMutexUnLock(); */
+        /* before returning */
+        return ret;
+    }
+
+    /* Copy tmp result if needed */
+    if ((multiplier == result) || (multiplicand == result) || (exp == result) ||
+            (mod == result)) {
+        mp_copy(result_tmp_ptr, result);
+        ForceZero(result_tmp_ptr, sizeof(result_tmp_ptr)); /* force zero */
+    }
+
+    result->used = wc_MXC_MAA_adjustUsed(result->dp, length);
+    return ret;
+}
+
+
+
+int wc_MXC_MAA_expmod(mp_int* base, mp_int* exp, mp_int* mod,
+                            mp_int* result)
+{
+    mp_int multiplicand;
+    if (base == NULL || exp == NULL || mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    XMEMSET(&multiplicand, 0, sizeof(mp_int));
+    multiplicand.dp[0] = 0x01;
+    multiplicand.used = mod->used;
+    MAX3266X_MSG("Preparing exptmod MAA HW Call");
+    return wc_MXC_MAA_math(base, &multiplicand, exp, mod, result,
+                            MXC_TPU_MAA_EXP);
+}
+
+int wc_MXC_MAA_sqrmod(mp_int* multiplier, mp_int* mod, mp_int* result)
+{
+    mp_int multiplicand;
+    if (multiplier == NULL || mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    XMEMSET(&multiplicand, 0, sizeof(mp_int));
+    multiplicand.dp[0] = 0x01;
+    multiplicand.used = mod->used;
+    MAX3266X_MSG("Preparing sqrmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, &multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_SQ);
+}
+
+int wc_MXC_MAA_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing mulmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_MUL);
+}
+
+int wc_MXC_MAA_sqrmulmod(mp_int* multiplier, mp_int* multiplicand,
+                            mp_int* exp, mp_int* mod, mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || exp == NULL ||
+            mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing sqrmulmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_SQMUL);
+}
+
+int wc_MXC_MAA_addmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing addmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_ADD);
+}
+
+int wc_MXC_MAA_submod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing submod MAA HW Call");
+    if ((mod->used < multiplier->used) || (mod->used < multiplicand->used)) {
+            MAX3266X_MSG("HW Limitation: Defaulting back to software");
+            return mxc_submod(multiplier, multiplicand, mod, result);
+    }
+    else {
+        return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                             MXC_TPU_MAA_SUB);
+    }
+}
+
+/* General Function to call hardware control */
+int hw_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                    mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return MP_VAL;
+    }
+    if ((multiplier->used == 0) || (multiplicand->used == 0)) {
+        mp_zero(result);
+        return 0;
+    }
+    else {
+        if (wc_MXC_MAA_Fallback(3, multiplier->used, mod->used,
+                                multiplicand->used) != 0) {
+                return mxc_mulmod(multiplier, multiplicand, mod, result);
+        }
+        else {
+            return wc_MXC_MAA_mulmod(multiplier, multiplicand, mod, result);
+        }
+    }
+}
+
+int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((a == NULL) || (b == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if (wc_MXC_MAA_Fallback(3, a->used, b->used, mod->used) != 0) {
+            err = mxc_addmod(a, b, mod, result);
+        }
+        else {
+            err = wc_MXC_MAA_addmod(a, b, mod, result);
+        }
+    }
+    return err;
+}
+
+
+int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((a == NULL) || (b == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if (wc_MXC_MAA_Fallback(3, a->used, b->used, mod->used) != 0) {
+            err = mxc_submod(a, b, mod, result);
+        }
+        else{
+            err = wc_MXC_MAA_submod(a, b, mod, result);
+        }
+    }
+    return err;
+}
+
+int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((base == NULL) || (exp == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if ((mod->used < exp->used) || (mod->used < base->used)) {
+            err = mxc_exptmod(base, exp, mod, result);
+        }
+        else if (wc_MXC_MAA_Fallback(3, base->used, exp->used, mod->used)
+                    != 0) {
+            return mxc_exptmod(base, exp, mod, result);
+        }
+        else{
+            err = wc_MXC_MAA_expmod(base, exp, mod, result);
+        }
+    }
+    return err;
+}
+
+
+/* No mod function available with hardware, however preform a submod    */
+/* (a - 0) mod m will essentially preform the same operation as a mod m */
+int hw_mod(mp_int* a, mp_int* mod, mp_int* result)
+{
+    mp_int b;
+    if (a == NULL || mod == NULL || result == NULL) {
+        return MP_VAL;
+    }
+    if (wc_MXC_MAA_Fallback(2, a->used, mod->used) != 0) {
+        return mxc_mod(a, mod, result);
+    }
+    XMEMSET(&b, 0, sizeof(mp_int));
+    b.used = mod->used; /* assume mod is determining size */
+    return hw_submod(a, &b, mod, result);
+}
+
+int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result)
+{
+    if (base == NULL || mod == NULL || result == NULL) {
+        return MP_VAL;
+    }
+    if (base->used == 0) {
+        mp_zero(result);
+        return 0;
+    }
+    return wc_MXC_MAA_sqrmod(base, mod, result);
+}
+
+#endif /* MAX3266X_MATH */
+
+#if defined(MAX3266X_RTC)
+/* Initialize the RTC */
+int wc_MXC_RTC_Init(void)
+{
+    /* RTC Init for benchmark */
+    if (MXC_RTC_Init(0, 0) != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    /* Disable the Interrupt */
+    if (MXC_RTC_DisableInt(MXC_RTC_INT_EN_LONG) == E_BUSY) {
+        return WC_HW_E;
+    }
+    /* Start Clock for RTC */
+    if (MXC_RTC_SquareWaveStart(MXC_RTC_F_512HZ) == E_BUSY) {
+        return E_BUSY;
+    }
+    /* Begin RTC count */
+    if (MXC_RTC_Start() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    return 0;
+}
+
+/* Reset the RTC */
+int wc_MXC_RTC_Reset(void)
+{
+    /* Stops Counts */
+    if (MXC_RTC_Stop() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    /* Restart RTC via Init */
+    if (wc_MXC_RTC_Init() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    return 0;
+}
+
+/* Function to handle RTC read retries */
+void wc_MXC_RTC_GetRTCValue(int32_t (*rtcGetFunction)(uint32_t*),
+                                uint32_t* outValue, int32_t* err)
+{
+    *err = rtcGetFunction(outValue);  /* Initial attempt to get the value */
+    while (*err != E_NO_ERROR) {
+        *err = rtcGetFunction(outValue);  /* Retry if the error persists */
+    }
+}
+
+/* Function to provide the current time as a double */
+/* Returns seconds and millisecond */
+double wc_MXC_RTC_Time(void)
+{
+    int32_t err;
+    uint32_t rtc_seconds, rtc_subseconds;
+
+    /* Retrieve sub-seconds from RTC */
+    wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSubSeconds,
+                                    &rtc_subseconds, &err);
+    if (err != E_NO_ERROR) {
+        return (double)err;
+    }
+    /* Retrieve seconds from RTC */
+    wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSeconds,
+                                &rtc_seconds, &err);
+    if (err != E_NO_ERROR) {
+        return (double)err;
+    }
+    /* Per the device documentation, subsecond register holds up to 1 second */
+    /* subsecond register is size 2^12, so divide by 4096 to get milliseconds */
+    return ((double)rtc_seconds + ((double)rtc_subseconds / 4096));
+}
+
+#endif /* MAX3266X_RTC */
+
+#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */
diff --git a/wolfcrypt/src/port/maxim/maxq10xx.c b/wolfcrypt/src/port/maxim/maxq10xx.c
index 47393d07c8..370a170a8d 100644
--- a/wolfcrypt/src/port/maxim/maxq10xx.c
+++ b/wolfcrypt/src/port/maxim/maxq10xx.c
@@ -1,6 +1,6 @@
 /* maxq10xx.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,7 +41,11 @@
 #include <wolfssl/wolfcrypt/cryptocb.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
+#ifdef USS_API
+#include <MXQ_API.h>
+#else
 #include <wolfssl/wolfcrypt/port/maxim/MXQ_API.h>
+#endif
 
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
@@ -72,9 +76,17 @@ void dbg_dumphex(const char *identifier, const uint8_t* pdata, uint32_t plen);
 #endif
 
 #define PUBKEY_IMPORT_OBJID    0x1000
+
+#if defined (TEST_SETUP)
+#define ROOT_CA_CERT_OBJ_ID    0x1006
+#define DEVICE_CERT_OBJ_ID     0x1005
+#define DEVICE_KEY_PAIR_OBJ_ID 0x1007
+#else
 #define ROOT_CA_CERT_OBJ_ID    0x1003
 #define DEVICE_CERT_OBJ_ID     0x1002
 #define DEVICE_KEY_PAIR_OBJ_ID 0x1004
+#endif
+
 #define PSK_OBJ_ID             0x1236
 #define K_CHUNKSIZE            2032
 #define K_CIPHER_BLOCKSIZE     16
@@ -120,7 +132,7 @@ static int tls13_server_key_len           = -1;
 
 /* Please define MAXQ10XX_PRODUCTION_KEY in your build scripts once you have a
  * production key. */
-#if defined(MAXQ10XX_PRODUCTION_KEY) || !defined(DEBUG_WOLFSSL)
+#if defined(MAXQ10XX_PRODUCTION_KEY)
 #include "maxq10xx_key.h"
 #else
 /* TEST KEY. This must be changed for production environments!! */
@@ -568,12 +580,14 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
         return BAD_FUNC_ARG;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
     rc = maxq_CryptHwMutexTryLock();
     if (rc != 0) {
         WOLFSSL_ERROR_MSG("MAXQ: aes_set_key() lock could not be acquired");
         rc = NOT_COMPILED_IN;
         return rc;
     }
+    #endif
 
     if (aes->maxq_ctx.key_obj_id) {
         wc_MAXQ10XX_AesFree(aes);
@@ -694,12 +708,14 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
         objtype = MXQ_OBJTYPE_KEYPAIR;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
     rc = maxq_CryptHwMutexTryLock();
     if (rc != 0) {
         WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
         rc = NOT_COMPILED_IN;
         return rc;
     }
+    #endif
 
     if (key->maxq_ctx.key_obj_id) {
         wc_MAXQ10XX_EccFree(key);
@@ -1074,24 +1090,20 @@ static int maxq10xx_ecc_verify_local(
 #endif /* MAXQ_ECC */
 
 #ifdef MAXQ_RNG
-static int maxq10xx_random(byte* output, unsigned short sz)
+int maxq10xx_random(byte* output, unsigned short sz)
 {
-#if defined(WOLFSSL_MAXQ108X)
-    if (!tls13active) {
-        return NOT_COMPILED_IN;
-    }
-#endif
-
     if (output == NULL) {
         return BUFFER_E;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
     int ret = maxq_CryptHwMutexTryLock();
     if (ret != 0) {
         WOLFSSL_ERROR_MSG("MAXQ: maxq10xx_random() lock could not be acquired");
         ret = NOT_COMPILED_IN;
         return ret;
     }
+    #endif
 
     if (MXQ_Get_Random_Ext(output, sz, 0)) {
         WOLFSSL_ERROR_MSG("MAXQ: MXQ_Get_Random_Ext() failed");
@@ -1222,6 +1234,7 @@ static int do_sha256(wc_CryptoInfo* info)
         return WC_HW_E;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
     if (info->hash.sha256->maxq_ctx.hash_running == 0) {
         rc = maxq_CryptHwMutexTryLock();
         if (rc != 0) {
@@ -1229,6 +1242,7 @@ static int do_sha256(wc_CryptoInfo* info)
             return CRYPTOCB_UNAVAILABLE;
         }
     }
+    #endif
 
     if (info->hash.in != NULL) {
         /* wc_Sha256Update */
@@ -1981,12 +1995,14 @@ int maxq10xx_port_init(void)
     }
     #endif
 
+    #if defined(MAXQ10XX_MUTEX)
     ret = maxq_CryptHwMutexTryLock();
     if (ret) {
         WOLFSSL_ERROR_MSG("MAXQ: maxq10xx_port_init() -> device is busy "
                     "(switching to soft mode)");
         return 0;
     }
+    #endif
 
     mxq_rc = MXQ_Module_Init();
     if (mxq_rc) {
@@ -3290,7 +3306,7 @@ static int maxq10xx_perform_tls13_record_processing(WOLFSSL* ssl,
 {
     int rc;
     mxq_err_t mxq_rc;
-    mxq_u2 key_id;
+    mxq_u2 key_id = 0xFFFF;
 
     if (!tls13active) {
         return NOT_COMPILED_IN;
diff --git a/wolfcrypt/src/port/mynewt/mynewt_port.c b/wolfcrypt/src/port/mynewt/mynewt_port.c
index 0467773c4b..736098df6f 100644
--- a/wolfcrypt/src/port/mynewt/mynewt_port.c
+++ b/wolfcrypt/src/port/mynewt/mynewt_port.c
@@ -1,6 +1,6 @@
 /* mynewt_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,8 +19,14 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#if defined(WOLFSSL_APACHE_MYNEWT)
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifdef WOLFSSL_APACHE_MYNEWT
+
 #ifndef NO_FILESYSTEM
+
 #include "fs/fs.h"
 #define FILE struct fs_file
 
@@ -142,5 +148,5 @@ int mynewt_fclose(FILE *stream)
     return 0;
 }
 
-#endif /* NO_FILESYSTEM*/
-#endif /* if defined(WOLFSSL_APACHE_MYNEWT) */
+#endif /* !NO_FILESYSTEM */
+#endif /* WOLFSSL_APACHE_MYNEWT */
diff --git a/wolfcrypt/src/port/nrf51.c b/wolfcrypt/src/port/nrf51.c
index 1ab5b7dfe9..04da175584 100644
--- a/wolfcrypt/src/port/nrf51.c
+++ b/wolfcrypt/src/port/nrf51.c
@@ -1,6 +1,6 @@
 /* nrf51.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/nxp/dcp_port.c b/wolfcrypt/src/port/nxp/dcp_port.c
index f78f1d697c..ac4554ff7c 100644
--- a/wolfcrypt/src/port/nxp/dcp_port.c
+++ b/wolfcrypt/src/port/nxp/dcp_port.c
@@ -1,6 +1,6 @@
 /* dcp_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/nxp/ksdk_port.c b/wolfcrypt/src/port/nxp/ksdk_port.c
index b63864b0bd..f8460488da 100644
--- a/wolfcrypt/src/port/nxp/ksdk_port.c
+++ b/wolfcrypt/src/port/nxp/ksdk_port.c
@@ -1,6 +1,6 @@
 /* ksdk_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -186,18 +186,10 @@ int mp_mul(mp_int *A, mp_int *B, mp_int *C)
             }
         }
 
-        if (ptrA) {
-            XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrB) {
-            XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrN) {
-            XFREE(ptrN, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrC) {
-            XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrN, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #ifdef WOLFSSL_SP_MATH
@@ -280,15 +272,9 @@ int mp_mod(mp_int *a, mp_int *b, mp_int *c)
             res = MP_MEM;
         }
 
-        if (ptrA) {
-            XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrB) {
-            XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrC) {
-            XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
@@ -372,15 +358,9 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c)
             res = MP_MEM;
         }
 
-        if (ptrA) {
-            XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrB) {
-            XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrC) {
-            XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
@@ -491,18 +471,10 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
             res = MP_MEM;
         }
 
-        if (ptrA) {
-            XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrB) {
-            XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrC) {
-            XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrD) {
-            XFREE(ptrD, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrD, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
@@ -591,18 +563,10 @@ int ltc_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int useConstTime)
             res = MP_MEM;
         }
 
-        if (ptrY) {
-            XFREE(ptrY, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrP) {
-            XFREE(ptrP, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrX) {
-            XFREE(ptrX, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrG) {
-            XFREE(ptrG, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrY, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrP, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrX, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrG, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
@@ -687,12 +651,8 @@ int mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng)
             }
         }
 
-        if (ptrB) {
-            XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrA) {
-            XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c
index ad526778a5..1fff41d7eb 100644
--- a/wolfcrypt/src/port/nxp/se050_port.c
+++ b/wolfcrypt/src/port/nxp/se050_port.c
@@ -1,6 +1,6 @@
 /* se050_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -633,7 +633,7 @@ int wc_se050_get_binary_object(word32 keyId, byte* out, word32* outSz)
         else {
             if (out == NULL) {
                 *outSz = ret;
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
             if ((word32)ret > *outSz) {
                 WOLFSSL_MSG("Output buffer not large enough for object");
@@ -738,9 +738,7 @@ int se050_rsa_use_key_id(struct RsaKey* key, word32 keyId)
             status = kStatus_SSS_Fail;
         }
     }
-    if (derBuf != NULL) {
-        XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (status == kStatus_SSS_Success) {
         key->keyId = keyId;
@@ -884,9 +882,7 @@ int se050_rsa_create_key(struct RsaKey* key, int size, long e)
             status = kStatus_SSS_Fail;
         }
     }
-    if (derBuf != NULL) {
-        XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (status == kStatus_SSS_Success) {
         key->keyId = keyId;
@@ -1228,9 +1224,7 @@ int se050_rsa_sign(const byte* in, word32 inLen, byte* out,
                                                derSz, (keySz * 8), NULL, 0);
             }
 
-            if (derBuf != NULL) {
-                XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            }
+            XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         }
         else {
             status = sss_key_object_get_handle(&newKey, keyId);
@@ -1392,9 +1386,7 @@ int se050_rsa_verify(const byte* in, word32 inLen, byte* out, word32 outLen,
                                                derSz, (keySz * 8), NULL, 0);
             }
 
-            if (derBuf != NULL) {
-                XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            }
+            XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         }
         else {
             status = sss_key_object_get_handle(&newKey, keyId);
@@ -1579,9 +1571,7 @@ int se050_rsa_public_encrypt(const byte* in, word32 inLen, byte* out,
             status = sss_key_object_get_handle(&newKey, keyId);
         }
 
-        if (derBuf != NULL) {
-            XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     if (status == kStatus_SSS_Success) {
@@ -1746,9 +1736,7 @@ int se050_rsa_private_decrypt(const byte* in, word32 inLen, byte* out,
             status = sss_key_object_get_handle(&newKey, keyId);
         }
 
-        if (derBuf != NULL) {
-            XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     if (status == kStatus_SSS_Success) {
diff --git a/wolfcrypt/src/port/pic32/pic32mz-crypt.c b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
index 171fe0aac2..b9cdb7c551 100644
--- a/wolfcrypt/src/port/pic32/pic32mz-crypt.c
+++ b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
@@ -1,6 +1,6 @@
 /* pic32mz-crypt.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/psa/psa.c b/wolfcrypt/src/port/psa/psa.c
index 860f5c4891..737083f6af 100644
--- a/wolfcrypt/src/port/psa/psa.c
+++ b/wolfcrypt/src/port/psa/psa.c
@@ -1,6 +1,6 @@
 /* psa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/psa/psa_aes.c b/wolfcrypt/src/port/psa/psa_aes.c
index a0881d4516..37f9952e80 100644
--- a/wolfcrypt/src/port/psa/psa_aes.c
+++ b/wolfcrypt/src/port/psa/psa_aes.c
@@ -1,6 +1,6 @@
 /* psa_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/psa/psa_hash.c b/wolfcrypt/src/port/psa/psa_hash.c
index 7de9776fba..c45ccda284 100644
--- a/wolfcrypt/src/port/psa/psa_hash.c
+++ b/wolfcrypt/src/port/psa/psa_hash.c
@@ -1,6 +1,6 @@
 /* psa_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/psa/psa_pkcbs.c b/wolfcrypt/src/port/psa/psa_pkcbs.c
index 6a7452cb39..a634b52a01 100644
--- a/wolfcrypt/src/port/psa/psa_pkcbs.c
+++ b/wolfcrypt/src/port/psa/psa_pkcbs.c
@@ -1,6 +1,6 @@
 /* psa_pkcbs.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/riscv/riscv-64-aes.c b/wolfcrypt/src/port/riscv/riscv-64-aes.c
index 3a8a2bc742..292c854d18 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-aes.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-aes.c
@@ -56,24 +56,8 @@ static WC_INLINE void memcpy16(byte* out, const byte* in)
     out64[1] = in64[1];
 }
 
-#ifdef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
-
-/* Reverse bytes in 64-bit register. */
-#define REV8(rd, rs)                                        \
-    ASM_WORD((0b011010111000 << 20) | (0b101 << 12) |       \
-             (0b0010011 << 0) |                             \
-             (rs << 15) | (rd << 7))
-
-#endif /* WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
-
 #ifdef WOLFSSL_RISCV_BIT_MANIPULATION
 
-/* rd = rs1[0..31] | rs2[0..31]. */
-#define PACK(rd, rs1, rs2)                                  \
-    ASM_WORD((0b0000100 << 25) | (0b100 << 12) |            \
-             (0b0110011 << 0) |                             \
-             (rs2 << 20) | (rs1 << 15) | (rd << 7))
-
 /* Reverse bits in each byte of 64-bit register. */
 #define BREV8(rd, rs)                                       \
     ASM_WORD(0b01101000011100000101000000010011 |           \
@@ -90,66 +74,6 @@ static WC_INLINE void memcpy16(byte* out, const byte* in)
              (vs2 << 20) | (vd << 7))
 #endif
 
-/* vd = vs2 + [i,] */
-#define VADD_VI(vd, vs2, i)                         \
-    ASM_WORD((0b000000 << 26) | (0b1 << 25) |       \
-             (0b011 << 12) | (0b1010111 << 0) |     \
-             (vd << 7) | (i << 15) | (vs2 << 20))
-/* vd = vs1 + vs2 */
-#define VADD_VV(vd, vs1, vs2)                       \
-    ASM_WORD((0b000000 << 26) | (0b1 << 25) |       \
-             (0b000 << 12) | (0b1010111 << 0) |     \
-             (vs2 << 20) | (vs1 << 15) | (vd << 7))
-/* vd = vs1 ^ vs2 */
-#define VXOR_VV(vd, vs1, vs2)                       \
-    ASM_WORD((0b001011 << 26) | (0b1 << 25) |       \
-             (0b000 << 12) | (0b1010111 << 0) |     \
-             (vd << 7) | (vs1 << 15) | (vs2 << 20))
-/* vd = vs1 & vs2 */
-#define VAND_VV(vd, vs1, vs2)                       \
-    ASM_WORD((0b001001 << 26) | (0b1 << 25) |       \
-             (0b000 << 12) | (0b1010111 << 0) |     \
-             (vd << 7) | (vs1 << 15) | (vs2 << 20))
-/* vd = vs1 | vs2 */
-#define VOR_VV(vd, vs1, vs2)                        \
-    ASM_WORD((0b001010 << 26) | (0b1 << 25) |       \
-             (0b000 << 12) | (0b1010111 << 0) |     \
-             (vd << 7) | (vs1 << 15) | (vs2 << 20))
-
-/* vd = vs2 << uimm */
-#define VSLL_VI(vd, vs2, uimm)                      \
-    ASM_WORD((0b100101 << 26) | (0b1 << 25) |       \
-             (0b011 << 12) | (0b1010111 << 0) |     \
-             (vd << 7) | (uimm << 15) | (vs2 << 20))
-/* vd = vs2 >> uimm */
-#define VSRL_VI(vd, vs2, uimm)                      \
-    ASM_WORD((0b101000 << 26) | (0b1 << 25) |       \
-             (0b011 << 12) | (0b1010111 << 0) |     \
-             (vd << 7) | (uimm << 15) | (vs2 << 20))
-
-/* vd[shift..max] = vs2[0..max-shift] */
-#define VSLIDEUP_VI(vd, vs2, shift)                 \
-    ASM_WORD((0b001110 << 26) | (0b1 << 25) |       \
-             (0b011 << 12) | (0b1010111 << 0) |     \
-             (vd << 7) | (shift << 15) | (vs2 << 20))
-
-/* vd[0..max-shift] = vs2[shift..max] */
-#define VSLIDEDOWN_VI(vd, vs2, shift)               \
-    ASM_WORD((0b001111 << 26) | (0b1 << 25) |       \
-             (0b011 << 12) | (0b1010111 << 0) |     \
-             (vd << 7) | (shift << 15) | (vs2 << 20))
-
-/* vd[i] = vs1[vs2[i] */
-#define VRGATHER_VV(vd, vs1, vs2)                   \
-    ASM_WORD((0b001100 << 26) | (0b1 << 25) |       \
-             (0b000 << 12) | (0b1010111 << 0) |     \
-             (vd << 7) | (vs1 << 15) | (vs2 << 20))
-
-/* Reverse order of bytes in words of vector regsiter. */
-#define VREV8(vd, vs2) \
-    ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b01001<< 15) | \
-             (0b010 << 12) | (0b1010111 << 0) | \
-             (vs2 << 20) | (vd << 7))
 
 /* Vector register set if equal: vd[i] = vs1[i] == vs2[i] ? 1 : 0 */
 #define VMSEQ_VV(vd, vs1, vs2)                      \
@@ -169,60 +93,6 @@ static WC_INLINE void memcpy16(byte* out, const byte* in)
              (0b010 << 12) | (0b1010111 << 0) |     \
              (vs2 << 20) | (rd << 7))
 
-/* 64-bit width when loading. */
-#define WIDTH_64  0b111
-/* 32-bit width when loading. */
-#define WIDTH_32  0b110
-
-/* Load n Vector registers with width-bit components. */
-#define VLRE_V(vd, rs1, cnt, width)                             \
-    ASM_WORD(0b0000111 | (width << 12) | (0b00101000 << 20) |   \
-        (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15))
-/* Load 1 Vector register with 64-bit components. */
-#define VL1RE64_V(vd, rs1)  VLRE_V(vd, rs1, 1, WIDTH_64)
-/* Load 1 Vector register with 32-bit components. */
-#define VL1RE32_V(vd, rs1)  VLRE_V(vd, rs1, 1, WIDTH_32)
-/* Load 2 Vector register with 32-bit components. */
-#define VL2RE32_V(vd, rs1)  VLRE_V(vd, rs1, 2, WIDTH_32)
-/* Load 4 Vector register with 32-bit components. */
-#define VL4RE32_V(vd, rs1)  VLRE_V(vd, rs1, 4, WIDTH_32)
-/* Load 8 Vector register with 32-bit components. */
-#define VL8RE32_V(vd, rs1)  VLRE_V(vd, rs1, 8, WIDTH_32)
-
-/* Store n Vector register. */
-#define VSR_V(vs3, rs1, cnt)                                    \
-    ASM_WORD(0b0100111 | (0b00101000 << 20) | (0 << 28) |       \
-        ((cnt-1) << 29) | (vs3 << 7) | (rs1 << 15))
-/* Store 1 Vector register. */
-#define VS1R_V(vs3, rs1)    VSR_V(vs3, rs1, 1)
-/* Store 2 Vector register. */
-#define VS2R_V(vs3, rs1)    VSR_V(vs3, rs1, 2)
-/* Store 4 Vector register. */
-#define VS4R_V(vs3, rs1)    VSR_V(vs3, rs1, 4)
-/* Store 8 Vector register. */
-#define VS8R_V(vs3, rs1)    VSR_V(vs3, rs1, 8)
-
-/* Move from vector register to vector registor. */
-#define VMV_V_V(vd, vs1)                                        \
-    ASM_WORD((0b1010111 << 0) | (0b000 << 12) | (0b1 << 25) |   \
-        (0b010111 << 26) | (vd << 7) | (vs1 << 15))
-/* Splat register to each component of the vector registor. */
-#define VMV_V_X(vd, rs1)                                        \
-    ASM_WORD((0b1010111 << 0) | (0b100 << 12) | (0b1 << 25) |   \
-        (0b010111 << 26) | (vd << 7) | (rs1 << 15))
-/* Move n vector registers to vector registers. */
-#define VMVR_V(vd, vs2, n)                                      \
-    ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) |   \
-        (0b100111 << 26) | (vd << 7) | ((n-1) << 15) |          \
-        (vs2 << 20))
-
-/* Set the options of vector instructions. */
-#define VSETIVLI(rd, n, vma, vta, vsew, vlmul) \
-    ASM_WORD((0b11 << 30) | (0b111 << 12) | (0b1010111 << 0) |  \
-             (rd << 7) | (n << 15) | (vma << 27) |              \
-             (vta << 26) | (vsew << 23) | (vlmul << 20))
-
-
 #if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM)
 
 /*
diff --git a/wolfcrypt/src/port/riscv/riscv-64-chacha.c b/wolfcrypt/src/port/riscv/riscv-64-chacha.c
new file mode 100644
index 0000000000..a1195713d1
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-chacha.c
@@ -0,0 +1,2374 @@
+/* riscv-64-chacha.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* The paper NEON crypto by Daniel J. Bernstein and Peter Schwabe was used to
+ * optimize for ARM:
+ *   https://cryptojedi.org/papers/veccrypto-20120320.pdf
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#ifdef WOLFSSL_RISCV_ASM
+#ifdef HAVE_CHACHA
+
+#include <wolfssl/wolfcrypt/chacha.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef CHACHA_AEAD_TEST
+    #include <stdio.h>
+#endif
+
+#ifdef CHACHA_TEST
+    #include <stdio.h>
+#endif
+
+/* Number of rounds */
+#define ROUNDS  20
+
+#define U32C(v) (v##U)
+#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
+#define U8TO32_LITTLE(p) (((word32*)(p))[0])
+
+#define PLUS(v,w)   (U32V((v) + (w)))
+#define PLUSONE(v)  (PLUS((v),1))
+
+#define ARM_SIMD_LEN_BYTES 16
+
+/**
+ * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
+ * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
+ */
+int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
+{
+    word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */
+
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    XMEMCPY(temp, inIv, CHACHA_IV_BYTES);
+
+    ctx->left = 0;
+    ctx->X[CHACHA_IV_BYTES+0] = counter;           /* block counter */
+    ctx->X[CHACHA_IV_BYTES+1] = temp[0]; /* fixed variable from nonce */
+    ctx->X[CHACHA_IV_BYTES+2] = temp[1]; /* counter from nonce */
+    ctx->X[CHACHA_IV_BYTES+3] = temp[2]; /* counter from nonce */
+
+    return 0;
+}
+
+/* "expand 32-byte k" as unsigned 32 byte */
+static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};
+/* "expand 16-byte k" as unsigned 16 byte */
+static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574};
+
+/**
+ * Key setup. 8 word iv (nonce)
+ */
+int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
+{
+    const word32* constants;
+    const byte*   k;
+
+#ifdef XSTREAM_ALIGN
+    word32 alignKey[8];
+#endif
+
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    if (keySz != (CHACHA_MAX_KEY_SZ/2) && keySz != CHACHA_MAX_KEY_SZ)
+        return BAD_FUNC_ARG;
+
+#ifdef XSTREAM_ALIGN
+    if ((wc_ptr_t)key % 4) {
+        WOLFSSL_MSG("wc_ChachaSetKey unaligned key");
+        XMEMCPY(alignKey, key, keySz);
+        k = (byte*)alignKey;
+    }
+    else {
+        k = key;
+    }
+#else
+    k = key;
+#endif /* XSTREAM_ALIGN */
+
+    ctx->X[4] = U8TO32_LITTLE(k +  0);
+    ctx->X[5] = U8TO32_LITTLE(k +  4);
+    ctx->X[6] = U8TO32_LITTLE(k +  8);
+    ctx->X[7] = U8TO32_LITTLE(k + 12);
+    if (keySz == CHACHA_MAX_KEY_SZ) {
+        k += 16;
+        constants = sigma;
+    }
+    else {
+        constants = tau;
+    }
+    ctx->X[ 8] = U8TO32_LITTLE(k +  0);
+    ctx->X[ 9] = U8TO32_LITTLE(k +  4);
+    ctx->X[10] = U8TO32_LITTLE(k +  8);
+    ctx->X[11] = U8TO32_LITTLE(k + 12);
+    ctx->X[ 0] = constants[0];
+    ctx->X[ 1] = constants[1];
+    ctx->X[ 2] = constants[2];
+    ctx->X[ 3] = constants[3];
+    ctx->left = 0;
+
+    return 0;
+}
+
+
+#define CC_A0   "a4"
+#define CC_A1   "a5"
+#define CC_A2   "a6"
+#define CC_A3   "a7"
+#define CC_B0   "t3"
+#define CC_B1   "t4"
+#define CC_B2   "t5"
+#define CC_B3   "t6"
+#define CC_C0   "s2"
+#define CC_C1   "s3"
+#define CC_C2   "s4"
+#define CC_C3   "s5"
+#define CC_D0   "s6"
+#define CC_D1   "s7"
+#define CC_D2   "s8"
+#define CC_D3   "s9"
+#define CC_T0   "t0"
+#define CC_T1   "t1"
+#define CC_T2   "t2"
+#define CC_T3   "s1"
+
+#if defined(WOLFSSL_RISCV_VECTOR)
+
+static const word32 L_chacha20_vec_inc_first_word[] = {
+    0x1,
+    0x0,
+    0x0,
+    0x0,
+};
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define PART_ROUND_ODD_ABD_5(s, sr)                     \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        VSLL_VI(REG_V20, REG_V3, s)                     \
+        "slli   " CC_T0 ", " CC_D0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V21, REG_V7, s)                     \
+        "slli   " CC_T1 ", " CC_D1 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V11, s)                    \
+        "slli   " CC_T2 ", " CC_D2 ", " #s "\n\t"       \
+        VSLL_VI(REG_V23, REG_V15, s)                    \
+        "slli   " CC_T3 ", " CC_D3 ", " #s "\n\t"       \
+        VSLL_VI(REG_V24, REG_V19, s)                    \
+        VSRL_VI(REG_V3, REG_V3, sr)                     \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V7, REG_V7, sr)                     \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V11, REG_V11, sr)                   \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V15, REG_V15, sr)                   \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V19, REG_V19, sr)                   \
+        VOR_VV(REG_V3, REG_V3, REG_V20)                 \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t"    \
+        VOR_VV(REG_V7, REG_V7, REG_V21)                 \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t"    \
+        VOR_VV(REG_V11, REG_V11, REG_V22)               \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t"    \
+        VOR_VV(REG_V15, REG_V15, REG_V23)               \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t"    \
+        VOR_VV(REG_V19, REG_V19, REG_V24)
+
+#define PART_ROUND_ODD_CDB_5(s, sr)                     \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        VSLL_VI(REG_V20, REG_V1, s)                     \
+        "slli   " CC_T0 ", " CC_B0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V21, REG_V5, s)                     \
+        "slli   " CC_T1 ", " CC_B1 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V9, s)                     \
+        "slli   " CC_T2 ", " CC_B2 ", " #s "\n\t"       \
+        VSLL_VI(REG_V23, REG_V13, s)                    \
+        "slli   " CC_T3 ", " CC_B3 ", " #s "\n\t"       \
+        VSLL_VI(REG_V24, REG_V17, s)                    \
+        VSRL_VI(REG_V1, REG_V1, sr)                     \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V5, REG_V5, sr)                     \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V9, REG_V9, sr)                     \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V13, REG_V13, sr)                   \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V17, REG_V17, sr)                   \
+        VOR_VV(REG_V1, REG_V1, REG_V20)                 \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t"    \
+        VOR_VV(REG_V5, REG_V5, REG_V21)                 \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t"    \
+        VOR_VV(REG_V9, REG_V9, REG_V22)                 \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t"    \
+        VOR_VV(REG_V13, REG_V13, REG_V23)               \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t"    \
+        VOR_VV(REG_V17, REG_V17, REG_V24)
+
+#define PART_ROUND_EVEN_ABD_5(s, sr)                    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        VSLL_VI(REG_V20, REG_V3, s)                     \
+        "slli   " CC_T0 ", " CC_D3 ", " #s "\n\t"       \
+        VSLL_VI(REG_V21, REG_V7, s)                     \
+        "slli   " CC_T1 ", " CC_D0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V11, s)                    \
+        "slli   " CC_T2 ", " CC_D1 ", " #s "\n\t"       \
+        VSLL_VI(REG_V23, REG_V15, s)                    \
+        "slli   " CC_T3 ", " CC_D2 ", " #s "\n\t"       \
+        VSLL_VI(REG_V24, REG_V19, s)                    \
+        VSRL_VI(REG_V3, REG_V3, sr)                     \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V7, REG_V7, sr)                     \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V11, REG_V11, sr)                   \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V15, REG_V15, sr)                   \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V19, REG_V19, sr)                   \
+        VOR_VV(REG_V3, REG_V3, REG_V20)                 \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t"    \
+        VOR_VV(REG_V7, REG_V7, REG_V21)                 \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t"    \
+        VOR_VV(REG_V11, REG_V11, REG_V22)               \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t"    \
+        VOR_VV(REG_V15, REG_V15, REG_V23)               \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t"    \
+        VOR_VV(REG_V19, REG_V19, REG_V24)
+
+#define PART_ROUND_EVEN_CDB_5(s, sr)                    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        VSLL_VI(REG_V20, REG_V1, s)                     \
+        "slli   " CC_T0 ", " CC_B1 ", " #s "\n\t"       \
+        VSLL_VI(REG_V21, REG_V5, s)                     \
+        "slli   " CC_T1 ", " CC_B2 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V9, s)                     \
+        "slli   " CC_T2 ", " CC_B3 ", " #s "\n\t"       \
+        VSLL_VI(REG_V23, REG_V13, s)                    \
+        "slli   " CC_T3 ", " CC_B0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V24, REG_V17, s)                    \
+        VSRL_VI(REG_V1, REG_V1, sr)                     \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V5, REG_V5, sr)                     \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V9, REG_V9, sr)                     \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V13, REG_V13, sr)                   \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V17, REG_V17, sr)                   \
+        VOR_VV(REG_V1, REG_V1, REG_V20)                 \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t"    \
+        VOR_VV(REG_V5, REG_V5, REG_V21)                 \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t"    \
+        VOR_VV(REG_V9, REG_V9, REG_V22)                 \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t"    \
+        VOR_VV(REG_V13, REG_V13, REG_V23)               \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t"    \
+        VOR_VV(REG_V17, REG_V17, REG_V24)
+
+#elif !defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION )
+
+#define PART_ROUND_ODD_ABD_5(s, sr)                     \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "slli   " CC_T0 ", " CC_D0 ", " #s "\n\t"       \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        "slli   " CC_T1 ", " CC_D1 ", " #s "\n\t"       \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "slli   " CC_T2 ", " CC_D2 ", " #s "\n\t"       \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        "slli   " CC_T3 ", " CC_D3 ", " #s "\n\t"       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VROR_VI(REG_V15, sr, REG_V15)                   \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        VROR_VI(REG_V19, sr, REG_V19)                   \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t"    \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_ODD_CDB_5(s, sr)                     \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "slli   " CC_T0 ", " CC_B0 ", " #s "\n\t"       \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        "slli   " CC_T1 ", " CC_B1 ", " #s "\n\t"       \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "slli   " CC_T2 ", " CC_B2 ", " #s "\n\t"       \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        "slli   " CC_T3 ", " CC_B3 ", " #s "\n\t"       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        VROR_VI(REG_V13, sr, REG_V13)                   \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VROR_VI(REG_V17, sr, REG_V17)                   \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t"    \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_ABD_5(s, sr)                    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "slli   " CC_T0 ", " CC_D3 ", " #s "\n\t"       \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        "slli   " CC_T1 ", " CC_D0 ", " #s "\n\t"       \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "slli   " CC_T2 ", " CC_D1 ", " #s "\n\t"       \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        "slli   " CC_T3 ", " CC_D2 ", " #s "\n\t"       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        VROR_VI(REG_V15, sr, REG_V15)                   \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VROR_VI(REG_V19, sr, REG_V19)                   \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t"    \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_CDB_5(s, sr)                    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "slli   " CC_T0 ", " CC_B1 ", " #s "\n\t"       \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        "slli   " CC_T1 ", " CC_B2 ", " #s "\n\t"       \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "slli   " CC_T2 ", " CC_B3 ", " #s "\n\t"       \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        "slli   " CC_T3 ", " CC_B0 ", " #s "\n\t"       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VROR_VI(REG_V13, sr, REG_V13)                   \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        VROR_VI(REG_V17, sr, REG_V17)                   \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t"    \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t"
+
+#else
+
+#define PART_ROUND_ODD_ABD_5(s, sr)                     \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        RORIW(REG_S8, REG_S8, sr)                       \
+        VROR_VI(REG_V15, sr, REG_V15)                   \
+        RORIW(REG_S9, REG_S9, sr)                       \
+        VROR_VI(REG_V19, sr, REG_V19)
+
+#define PART_ROUND_ODD_CDB_5(s, sr)                     \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        RORIW(REG_T3, REG_T3, sr)                       \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        VROR_VI(REG_V13, sr, REG_V13)                   \
+        RORIW(REG_T6, REG_T6, sr)                       \
+        VROR_VI(REG_V17, sr, REG_V17)
+
+#define PART_ROUND_EVEN_ABD_5(s, sr)                    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        RORIW(REG_S9, REG_S9, sr)                       \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        VROR_VI(REG_V15, sr, REG_V15)                   \
+        RORIW(REG_S8, REG_S8, sr)                       \
+        VROR_VI(REG_V19, sr, REG_V19)
+
+#define PART_ROUND_EVEN_CDB_5(s, sr)                    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        RORIW(REG_T6, REG_T6, sr)                       \
+        VROR_VI(REG_V13, sr, REG_V13)                   \
+        RORIW(REG_T3, REG_T3, sr)                       \
+        VROR_VI(REG_V17, sr, REG_V17)
+
+#endif
+
+#define QUARTER_ROUND_ODD_5()               \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_ODD_ABD_5(16, 16)        \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_ODD_CDB_5(12, 20)        \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_ODD_ABD_5( 8, 24)        \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_ODD_CDB_5( 7, 25)
+
+#define QUARTER_ROUND_EVEN_5()              \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_EVEN_ABD_5(16, 16)       \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_EVEN_CDB_5(12, 20)       \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_EVEN_ABD_5( 8, 24)       \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_EVEN_CDB_5( 7, 25)
+
+#define SHUFFLE_5(r, t, i)                  \
+        VRGATHER_VV(t + 0, i, r + 0)        \
+        VRGATHER_VV(t + 1, i, r + 4)        \
+        VRGATHER_VV(t + 2, i, r + 8)        \
+        VRGATHER_VV(t + 3, i, r + 12)       \
+        VRGATHER_VV(t + 4, i, r + 16)       \
+        VMV_V_V(r + 0, t + 0)               \
+        VMV_V_V(r + 4, t + 1)               \
+        VMV_V_V(r + 8, t + 2)               \
+        VMV_V_V(r + 12, t + 3)              \
+        VMV_V_V(r + 16, t + 4)
+
+#define ODD_SHUFFLE_5()                                                 \
+        /*    a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15          \
+         * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */       \
+        SHUFFLE_5(REG_V3, REG_V20, REG_V27)                             \
+        SHUFFLE_5(REG_V1, REG_V20, REG_V25)                             \
+        SHUFFLE_5(REG_V2, REG_V20, REG_V26)
+
+#define EVEN_SHUFFLE_5()                                                \
+        /*    a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14          \
+         * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */       \
+        SHUFFLE_5(REG_V3, REG_V20, REG_V25)                             \
+        SHUFFLE_5(REG_V1, REG_V20, REG_V27)                             \
+        SHUFFLE_5(REG_V2, REG_V20, REG_V26)
+
+static WC_INLINE void wc_chacha_encrypt_384(const word32* input, const byte* m,
+    byte* c, word32 bytes)
+{
+    word64 bytes64 = (word64)bytes;
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        /* The layout of used vector registers is:
+         * v0-v3 - first block
+         * v4-v7 - second block
+         * v8-v11 - third block
+         * v12-v15 - fourth block
+         * v16-v19 - fifth block
+         * v20-v24 - temp/message
+         * v25-v27 - indeces for rotating words in vector
+         * v28-v31 - input
+         *
+         * v0  0  1  2  3
+         * v1  4  5  6  7
+         * v2  8  9 10 11
+         * v3 12 13 14 15
+         * load CHACHA state with indices placed as shown above
+         */
+
+        /* Load state to encrypt */
+        "mv     t2, %[input]\n\t"
+        VL4RE32_V(REG_V28, REG_T2)
+        VID_V(REG_V20)
+        VSLIDEDOWN_VI(REG_V25, REG_V20, 1)
+        VSLIDEUP_VI(REG_V25, REG_V20, 3)
+        VSLIDEDOWN_VI(REG_V26, REG_V20, 2)
+        VSLIDEUP_VI(REG_V26, REG_V20, 2)
+        VSLIDEDOWN_VI(REG_V27, REG_V20, 3)
+        VSLIDEUP_VI(REG_V27, REG_V20, 1)
+        "\n"
+    "L_chacha20_riscv_384_outer:\n\t"
+        /* Move state into regular registers */
+        "ld     a4,  0(%[input])\n\t"
+        "ld     a6,  8(%[input])\n\t"
+        "ld     t3, 16(%[input])\n\t"
+        "ld     t5, 24(%[input])\n\t"
+        "ld     s2, 32(%[input])\n\t"
+        "ld     s4, 40(%[input])\n\t"
+        "lw     s7, 52(%[input])\n\t"
+        "ld     s8, 56(%[input])\n\t"
+        "srli   a5, a4, 32\n\t"
+        "srli   a7, a6, 32\n\t"
+        "srli   t4, t3, 32\n\t"
+        "srli   t6, t5, 32\n\t"
+        "srli   s3, s2, 32\n\t"
+        "srli   s5, s4, 32\n\t"
+        "srli   s9, s8, 32\n\t"
+        VMV_X_S(REG_S6, REG_V31)
+        /* Move state into vector registers */
+        VMVR_V(REG_V0, REG_V28, 4)
+        VMVR_V(REG_V4, REG_V28, 4)
+        VMVR_V(REG_V8, REG_V28, 4)
+        VMVR_V(REG_V12, REG_V28, 4)
+        VMVR_V(REG_V16, REG_V28, 4)
+        /* Set counter word */
+        "addi   t1, s6, 1\n\t"
+        VMV_S_X(REG_V7, REG_T1)
+        "addi   t1, s6, 2\n\t"
+        VMV_S_X(REG_V11, REG_T1)
+        "addi   t1, s6, 3\n\t"
+        VMV_S_X(REG_V15, REG_T1)
+        "addi   t1, s6, 4\n\t"
+        VMV_S_X(REG_V19, REG_T1)
+        "addi   s6, s6, 5\n\t"
+        /* Set number of odd+even rounds to perform */
+        "li     a3, 10\n\t"
+        "\n"
+    "L_chacha20_riscv_384_loop:\n\t"
+        /* Odd Round */
+        QUARTER_ROUND_ODD_5()
+        ODD_SHUFFLE_5()
+        /* Even Round */
+        QUARTER_ROUND_EVEN_5()
+        EVEN_SHUFFLE_5()
+        "addi   a3, a3, -1\n\t"
+        "bnez   a3, L_chacha20_riscv_384_loop\n\t"
+        /* Load message */
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        /* Add back state, XOR in message and store (load next block) */
+        /* BLOCK 1 */
+        VADD_VV(REG_V0, REG_V0, REG_V28)
+        VADD_VV(REG_V1, REG_V1, REG_V29)
+        VADD_VV(REG_V2, REG_V2, REG_V30)
+        VADD_VV(REG_V3, REG_V3, REG_V31)
+        VXOR_VV(REG_V0, REG_V0, REG_V20)
+        VXOR_VV(REG_V1, REG_V1, REG_V21)
+        VXOR_VV(REG_V2, REG_V2, REG_V22)
+        VXOR_VV(REG_V3, REG_V3, REG_V23)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        VMV_X_S(REG_T0, REG_V31)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V0, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 2 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V31, REG_T0)
+        VADD_VV(REG_V4, REG_V4, REG_V28)
+        VADD_VV(REG_V5, REG_V5, REG_V29)
+        VADD_VV(REG_V6, REG_V6, REG_V30)
+        VADD_VV(REG_V7, REG_V7, REG_V31)
+        VXOR_VV(REG_V4, REG_V4, REG_V20)
+        VXOR_VV(REG_V5, REG_V5, REG_V21)
+        VXOR_VV(REG_V6, REG_V6, REG_V22)
+        VXOR_VV(REG_V7, REG_V7, REG_V23)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V4, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 3 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V31, REG_T0)
+        VADD_VV(REG_V8, REG_V8, REG_V28)
+        VADD_VV(REG_V9, REG_V9, REG_V29)
+        VADD_VV(REG_V10, REG_V10, REG_V30)
+        VADD_VV(REG_V11, REG_V11, REG_V31)
+        VXOR_VV(REG_V8, REG_V8, REG_V20)
+        VXOR_VV(REG_V9, REG_V9, REG_V21)
+        VXOR_VV(REG_V10, REG_V10, REG_V22)
+        VXOR_VV(REG_V11, REG_V11, REG_V23)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V8, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 4 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V31, REG_T0)
+        VADD_VV(REG_V12, REG_V12, REG_V28)
+        VADD_VV(REG_V13, REG_V13, REG_V29)
+        VADD_VV(REG_V14, REG_V14, REG_V30)
+        VADD_VV(REG_V15, REG_V15, REG_V31)
+        VXOR_VV(REG_V12, REG_V12, REG_V20)
+        VXOR_VV(REG_V13, REG_V13, REG_V21)
+        VXOR_VV(REG_V14, REG_V14, REG_V22)
+        VXOR_VV(REG_V15, REG_V15, REG_V23)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V12, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 5 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V31, REG_T0)
+        VADD_VV(REG_V16, REG_V16, REG_V28)
+        VADD_VV(REG_V17, REG_V17, REG_V29)
+        VADD_VV(REG_V18, REG_V18, REG_V30)
+        VADD_VV(REG_V19, REG_V19, REG_V31)
+        VXOR_VV(REG_V16, REG_V16, REG_V20)
+        VXOR_VV(REG_V17, REG_V17, REG_V21)
+        VXOR_VV(REG_V18, REG_V18, REG_V22)
+        VXOR_VV(REG_V19, REG_V19, REG_V23)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V16, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 6 */
+        /* Move regular registers into vector registers for adding and xor */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V0, REG_A4)
+        VMV_S_X(REG_V1, REG_T3)
+        VMV_S_X(REG_V2, REG_S2)
+        VMV_S_X(REG_V3, REG_S6)
+        VMV_S_X(REG_V4, REG_A5)
+        VMV_S_X(REG_V5, REG_T4)
+        VMV_S_X(REG_V6, REG_S3)
+        VMV_S_X(REG_V7, REG_S7)
+        VSLIDEUP_VI(REG_V0, REG_V4, 1)
+        VSLIDEUP_VI(REG_V1, REG_V5, 1)
+        VSLIDEUP_VI(REG_V2, REG_V6, 1)
+        VSLIDEUP_VI(REG_V3, REG_V7, 1)
+        VMV_S_X(REG_V4, REG_A6)
+        VMV_S_X(REG_V5, REG_T5)
+        VMV_S_X(REG_V6, REG_S4)
+        VMV_S_X(REG_V7, REG_S8)
+        VSLIDEUP_VI(REG_V0, REG_V4, 2)
+        VSLIDEUP_VI(REG_V1, REG_V5, 2)
+        VSLIDEUP_VI(REG_V2, REG_V6, 2)
+        VSLIDEUP_VI(REG_V3, REG_V7, 2)
+        VMV_S_X(REG_V4, REG_A7)
+        VMV_S_X(REG_V5, REG_T6)
+        VMV_S_X(REG_V6, REG_S5)
+        VMV_S_X(REG_V7, REG_S9)
+        VSLIDEUP_VI(REG_V0, REG_V4, 3)
+        VSLIDEUP_VI(REG_V1, REG_V5, 3)
+        VSLIDEUP_VI(REG_V2, REG_V6, 3)
+        VSLIDEUP_VI(REG_V3, REG_V7, 3)
+        VMV_S_X(REG_V31, REG_T0)
+        /* Add back state, XOR in message and store */
+        VADD_VV(REG_V0, REG_V0, REG_V28)
+        VADD_VV(REG_V1, REG_V1, REG_V29)
+        VADD_VV(REG_V2, REG_V2, REG_V30)
+        VADD_VV(REG_V3, REG_V3, REG_V31)
+        VXOR_VV(REG_V0, REG_V0, REG_V20)
+        VXOR_VV(REG_V1, REG_V1, REG_V21)
+        VXOR_VV(REG_V2, REG_V2, REG_V22)
+        VXOR_VV(REG_V3, REG_V3, REG_V23)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V0, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        "addi   %[bytes], %[bytes], -384\n\t"
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V31, REG_T0)
+        "bnez   %[bytes], L_chacha20_riscv_384_outer\n\t"
+        : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64)
+        : [input] "r" (input)
+        : "memory", "t0", "t1", "t2", "s1", "a3",
+          "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7",
+          "s2", "s3", "s4", "s5",
+          "s6", "s7", "s8", "s9"
+    );
+}
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define PART_ROUND_ODD_ABD(s, sr)                       \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VSLL_VI(REG_V20, REG_V3, s)                     \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VSLL_VI(REG_V21, REG_V7, s)                     \
+        "slli   " CC_T0 ", " CC_D0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V11, s)                    \
+        "slli   " CC_T1 ", " CC_D1 ", " #s "\n\t"       \
+        VSRL_VI(REG_V3, REG_V3, sr)                     \
+        "slli   " CC_T2 ", " CC_D2 ", " #s "\n\t"       \
+        VSRL_VI(REG_V7, REG_V7, sr)                     \
+        "slli   " CC_T3 ", " CC_D3 ", " #s "\n\t"       \
+        VSRL_VI(REG_V11, REG_V11, sr)                   \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VOR_VV(REG_V3, REG_V3, REG_V20)                 \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        VOR_VV(REG_V7, REG_V7, REG_V21)                 \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        VOR_VV(REG_V11, REG_V11, REG_V22)               \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t"    \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_ODD_CDB(s, sr)                       \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VSLL_VI(REG_V20, REG_V1, s)                     \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VSLL_VI(REG_V21, REG_V5, s)                     \
+        "slli   " CC_T0 ", " CC_B0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V9, s)                     \
+        "slli   " CC_T1 ", " CC_B1 ", " #s "\n\t"       \
+        VSRL_VI(REG_V1, REG_V1, sr)                     \
+        "slli   " CC_T2 ", " CC_B2 ", " #s "\n\t"       \
+        VSRL_VI(REG_V5, REG_V5, sr)                     \
+        "slli   " CC_T3 ", " CC_B3 ", " #s "\n\t"       \
+        VSRL_VI(REG_V9, REG_V9, sr)                     \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        VOR_VV(REG_V1, REG_V1, REG_V20)                 \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VOR_VV(REG_V5, REG_V5, REG_V21)                 \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        VOR_VV(REG_V9, REG_V9, REG_V22)                 \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t"    \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_ABD(s, sr)                      \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VSLL_VI(REG_V20, REG_V3, s)                     \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VSLL_VI(REG_V21, REG_V7, s)                     \
+        "slli   " CC_T0 ", " CC_D3 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V11, s)                    \
+        "slli   " CC_T1 ", " CC_D0 ", " #s "\n\t"       \
+        VSRL_VI(REG_V3, REG_V3, sr)                     \
+        "slli   " CC_T2 ", " CC_D1 ", " #s "\n\t"       \
+        VSRL_VI(REG_V7, REG_V7, sr)                     \
+        "slli   " CC_T3 ", " CC_D2 ", " #s "\n\t"       \
+        VSRL_VI(REG_V11, REG_V11, sr)                   \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        VOR_VV(REG_V3, REG_V3, REG_V20)                 \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VOR_VV(REG_V7, REG_V7, REG_V21)                 \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        VOR_VV(REG_V11, REG_V11, REG_V22)               \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t"    \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_CDB(s, sr)                      \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VSLL_VI(REG_V20, REG_V1, s)                     \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VSLL_VI(REG_V21, REG_V5, s)                     \
+        "slli   " CC_T0 ", " CC_B1 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V9, s)                     \
+        "slli   " CC_T1 ", " CC_B2 ", " #s "\n\t"       \
+        VSRL_VI(REG_V1, REG_V1, sr)                     \
+        "slli   " CC_T2 ", " CC_B3 ", " #s "\n\t"       \
+        VSRL_VI(REG_V5, REG_V5, sr)                     \
+        "slli   " CC_T3 ", " CC_B0 ", " #s "\n\t"       \
+        VSRL_VI(REG_V9, REG_V9, sr)                     \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VOR_VV(REG_V1, REG_V1, REG_V20)                 \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        VOR_VV(REG_V5, REG_V5, REG_V21)                 \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        VOR_VV(REG_V9, REG_V9, REG_V22)                 \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t"    \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t"
+
+#elif !defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION )
+
+#define PART_ROUND_ODD_ABD(s, sr)                       \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        "slli   " CC_T0 ", " CC_D0 ", " #s "\n\t"       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        "slli   " CC_T1 ", " CC_D1 ", " #s "\n\t"       \
+        "slli   " CC_T2 ", " CC_D2 ", " #s "\n\t"       \
+        "slli   " CC_T3 ", " CC_D3 ", " #s "\n\t"       \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t"    \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_ODD_CDB(s, sr)                       \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        "slli   " CC_T0 ", " CC_B0 ", " #s "\n\t"       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        "slli   " CC_T1 ", " CC_B1 ", " #s "\n\t"       \
+        "slli   " CC_T2 ", " CC_B2 ", " #s "\n\t"       \
+        "slli   " CC_T3 ", " CC_B3 ", " #s "\n\t"       \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t"    \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_ABD(s, sr)                      \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        "slli   " CC_T0 ", " CC_D3 ", " #s "\n\t"       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        "slli   " CC_T1 ", " CC_D0 ", " #s "\n\t"       \
+        "slli   " CC_T2 ", " CC_D1 ", " #s "\n\t"       \
+        "slli   " CC_T3 ", " CC_D2 ", " #s "\n\t"       \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t"    \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_CDB(s, sr)                      \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        "slli   " CC_T0 ", " CC_B1 ", " #s "\n\t"       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        "slli   " CC_T1 ", " CC_B2 ", " #s "\n\t"       \
+        "slli   " CC_T2 ", " CC_B3 ", " #s "\n\t"       \
+        "slli   " CC_T3 ", " CC_B0 ", " #s "\n\t"       \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t"    \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t"
+
+#else
+
+#define PART_ROUND_ODD_ABD(s, sr)                       \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        RORIW(REG_S8, REG_S8, sr)                       \
+        RORIW(REG_S9, REG_S9, sr)
+
+#define PART_ROUND_ODD_CDB(s, sr)                       \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        RORIW(REG_T3, REG_T3, sr)                       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        RORIW(REG_T6, REG_T6, sr)
+
+#define PART_ROUND_EVEN_ABD(s, sr)                      \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        RORIW(REG_S9, REG_S9, sr)                       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        RORIW(REG_S8, REG_S8, sr)
+
+#define PART_ROUND_EVEN_CDB(s, sr)                      \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        "slli   " CC_T0 ", " CC_B1 ", " #s "\n\t"       \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        RORIW(REG_T6, REG_T6, sr)                       \
+        RORIW(REG_T3, REG_T3, sr)
+
+#endif
+
+#define QUARTER_ROUND_ODD_4()               \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_ODD_ABD(16, 16)          \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_ODD_CDB(12, 20)          \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_ODD_ABD( 8, 24)          \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_ODD_CDB( 7, 25)
+
+#define QUARTER_ROUND_EVEN_4()              \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_EVEN_ABD(16, 16)         \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_EVEN_CDB(12, 20)         \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_EVEN_ABD( 8, 24)         \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_EVEN_CDB( 7, 25)
+
+#define SHUFFLE_4(r, t, i)                  \
+        VRGATHER_VV(t + 0, i, r + 0)        \
+        VRGATHER_VV(t + 1, i, r + 4)        \
+        VRGATHER_VV(t + 2, i, r + 8)        \
+        VMV_V_V(r + 0, t + 0)               \
+        VMV_V_V(r + 4, t + 1)               \
+        VMV_V_V(r + 8, t + 2)
+
+#define ODD_SHUFFLE_4()                                                 \
+        /*    a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15          \
+         * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */       \
+        SHUFFLE_4(REG_V3, REG_V20, REG_V25)                             \
+        SHUFFLE_4(REG_V1, REG_V20, REG_V23)                             \
+        SHUFFLE_4(REG_V2, REG_V20, REG_V24)
+
+#define EVEN_SHUFFLE_4()                                                \
+        /*    a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14          \
+         * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */       \
+        SHUFFLE_4(REG_V3, REG_V20, REG_V23)                             \
+        SHUFFLE_4(REG_V1, REG_V20, REG_V25)                             \
+        SHUFFLE_4(REG_V2, REG_V20, REG_V24)
+
+/**
+  * Converts word into bytes with rotations having been done.
+  */
+static WC_INLINE int wc_chacha_encrypt_256(const word32* input, const byte* m,
+    byte* c)
+{
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        /* The layout of used vector registers is:
+         * v0-v3 - first block
+         * v4-v7 - second block
+         * v8-v11 - third block
+         * v12-v15 - message
+         * v16-v19 - input
+         * v20-v22 - temp
+         * v23-v25 - indeces for rotating words in vector
+         *
+         * v0  0  1  2  3
+         * v1  4  5  6  7
+         * v2  8  9 10 11
+         * v3 12 13 14 15
+         * load CHACHA state with indices placed as shown above
+         */
+
+        /* Load state to encrypt */
+        "mv     t2, %[input]\n\t"
+        VL4RE32_V(REG_V16, REG_T2)
+        VID_V(REG_V20)
+        VSLIDEDOWN_VI(REG_V23, REG_V20, 1)
+        VSLIDEUP_VI(REG_V23, REG_V20, 3)
+        VSLIDEDOWN_VI(REG_V24, REG_V20, 2)
+        VSLIDEUP_VI(REG_V24, REG_V20, 2)
+        VSLIDEDOWN_VI(REG_V25, REG_V20, 3)
+        VSLIDEUP_VI(REG_V25, REG_V20, 1)
+        /* Move state into regular registers */
+        "ld     a4,  0(%[input])\n\t"
+        "ld     a6,  8(%[input])\n\t"
+        "ld     t3, 16(%[input])\n\t"
+        "ld     t5, 24(%[input])\n\t"
+        "ld     s2, 32(%[input])\n\t"
+        "ld     s4, 40(%[input])\n\t"
+        "ld     s6, 48(%[input])\n\t"
+        "ld     s8, 56(%[input])\n\t"
+        "srli   a5, a4, 32\n\t"
+        "srli   a7, a6, 32\n\t"
+        "srli   t4, t3, 32\n\t"
+        "srli   t6, t5, 32\n\t"
+        "srli   s3, s2, 32\n\t"
+        "srli   s5, s4, 32\n\t"
+        "srli   s7, s6, 32\n\t"
+        "srli   s9, s8, 32\n\t"
+        /* Move state into vector registers */
+        VMVR_V(REG_V0, REG_V16, 4)
+        "addi   t0, s6, 1\n\t"
+        VMVR_V(REG_V4, REG_V16, 4)
+        "addi   t1, s6, 2\n\t"
+        VMVR_V(REG_V8, REG_V16, 4)
+        "addi   s6, s6, 3\n\t"
+        /* Set counter word */
+        VMV_S_X(REG_V7, REG_T0)
+        VMV_S_X(REG_V11, REG_T1)
+        /* Set number of odd+even rounds to perform */
+        "li     a3, 10\n\t"
+        "\n"
+    "L_chacha20_riscv_256_loop:\n\t"
+        /* Odd Round */
+        QUARTER_ROUND_ODD_4()
+        ODD_SHUFFLE_4()
+        "addi   a3, a3, -1\n\t"
+        /* Even Round */
+        QUARTER_ROUND_EVEN_4()
+        EVEN_SHUFFLE_4()
+        "bnez   a3, L_chacha20_riscv_256_loop\n\t"
+        /* Load message */
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        /* Add back state, XOR in message and store (load next block) */
+        /* BLOCK 1 */
+        VADD_VV(REG_V0, REG_V0, REG_V16)
+        VADD_VV(REG_V1, REG_V1, REG_V17)
+        VADD_VV(REG_V2, REG_V2, REG_V18)
+        VADD_VV(REG_V3, REG_V3, REG_V19)
+        VXOR_VV(REG_V0, REG_V0, REG_V12)
+        VXOR_VV(REG_V1, REG_V1, REG_V13)
+        VXOR_VV(REG_V2, REG_V2, REG_V14)
+        VXOR_VV(REG_V3, REG_V3, REG_V15)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        VMV_X_S(REG_T0, REG_V19)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V0, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 2 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V19, REG_T0)
+        VADD_VV(REG_V4, REG_V4, REG_V16)
+        VADD_VV(REG_V5, REG_V5, REG_V17)
+        VADD_VV(REG_V6, REG_V6, REG_V18)
+        VADD_VV(REG_V7, REG_V7, REG_V19)
+        VXOR_VV(REG_V4, REG_V4, REG_V12)
+        VXOR_VV(REG_V5, REG_V5, REG_V13)
+        VXOR_VV(REG_V6, REG_V6, REG_V14)
+        VXOR_VV(REG_V7, REG_V7, REG_V15)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V4, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 3 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V19, REG_T0)
+        VADD_VV(REG_V8, REG_V8, REG_V16)
+        VADD_VV(REG_V9, REG_V9, REG_V17)
+        VADD_VV(REG_V10, REG_V10, REG_V18)
+        VADD_VV(REG_V11, REG_V11, REG_V19)
+        VXOR_VV(REG_V8, REG_V8, REG_V12)
+        VXOR_VV(REG_V9, REG_V9, REG_V13)
+        VXOR_VV(REG_V10, REG_V10, REG_V14)
+        VXOR_VV(REG_V11, REG_V11, REG_V15)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V8, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 4 */
+        /* Move regular registers into vector registers for adding and xor */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V0, REG_A4)
+        VMV_S_X(REG_V1, REG_T3)
+        VMV_S_X(REG_V2, REG_S2)
+        VMV_S_X(REG_V3, REG_S6)
+        VMV_S_X(REG_V4, REG_A5)
+        VMV_S_X(REG_V5, REG_T4)
+        VMV_S_X(REG_V6, REG_S3)
+        VMV_S_X(REG_V7, REG_S7)
+        VSLIDEUP_VI(REG_V0, REG_V4, 1)
+        VSLIDEUP_VI(REG_V1, REG_V5, 1)
+        VSLIDEUP_VI(REG_V2, REG_V6, 1)
+        VSLIDEUP_VI(REG_V3, REG_V7, 1)
+        VMV_S_X(REG_V4, REG_A6)
+        VMV_S_X(REG_V5, REG_T5)
+        VMV_S_X(REG_V6, REG_S4)
+        VMV_S_X(REG_V7, REG_S8)
+        VSLIDEUP_VI(REG_V0, REG_V4, 2)
+        VSLIDEUP_VI(REG_V1, REG_V5, 2)
+        VSLIDEUP_VI(REG_V2, REG_V6, 2)
+        VSLIDEUP_VI(REG_V3, REG_V7, 2)
+        VMV_S_X(REG_V4, REG_A7)
+        VMV_S_X(REG_V5, REG_T6)
+        VMV_S_X(REG_V6, REG_S5)
+        VMV_S_X(REG_V7, REG_S9)
+        VSLIDEUP_VI(REG_V0, REG_V4, 3)
+        VSLIDEUP_VI(REG_V1, REG_V5, 3)
+        VSLIDEUP_VI(REG_V2, REG_V6, 3)
+        VSLIDEUP_VI(REG_V3, REG_V7, 3)
+        VMV_S_X(REG_V19, REG_T0)
+        /* Add back state, XOR in message and store */
+        VADD_VV(REG_V0, REG_V0, REG_V16)
+        VADD_VV(REG_V1, REG_V1, REG_V17)
+        VADD_VV(REG_V2, REG_V2, REG_V18)
+        VADD_VV(REG_V3, REG_V3, REG_V19)
+        VXOR_VV(REG_V0, REG_V0, REG_V12)
+        VXOR_VV(REG_V1, REG_V1, REG_V13)
+        VXOR_VV(REG_V2, REG_V2, REG_V14)
+        VXOR_VV(REG_V3, REG_V3, REG_V15)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V0, REG_T2)
+        : [m] "+r" (m), [c] "+r" (c)
+        : [input] "r" (input)
+        : "memory", "t0", "t1", "t2", "s1", "a3",
+          "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7",
+          "s2", "s3", "s4", "s5",
+          "s6", "s7", "s8", "s9"
+    );
+    return CHACHA_CHUNK_BYTES * 4;
+}
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, sl, sr)    \
+        VADD_VV(a, a, b)                                    \
+        VADD_VV(a2, a2, b2)                                 \
+        VXOR_VV(d, d, a)                                    \
+        VXOR_VV(d2, d2, a2)                                 \
+        VSLL_VI(t, d, sl)                                   \
+        VSLL_VI(t2, d2, sl)                                 \
+        VSRL_VI(d, d, sr)                                   \
+        VSRL_VI(d2, d2, sr)                                 \
+        VOR_VV(d, d, t)                                     \
+        VOR_VV(d2, d2, t2)
+
+#else
+
+#define PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, sl, sr)    \
+        VADD_VV(a, a, b)                                    \
+        VADD_VV(a2, a2, b2)                                 \
+        VXOR_VV(d, d, a)                                    \
+        VXOR_VV(d2, d2, a2)                                 \
+        VROR_VI(d, sr, d)                                   \
+        VROR_VI(d2, sr, d2)
+
+#endif
+
+#define QUARTER_ROUND_2(a, b, c, d, t, a2, b2, c2, d2, t2)  \
+        /* a += b; d ^= a; d <<<= 16; */                    \
+        PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, 16, 16)    \
+        /* c += d; b ^= c; b <<<= 12; */                    \
+        PART_ROUND_2(c, d, b, t, c2, d2, b2, t2, 12, 20)    \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_2(a, b, d, t, a2, b2, d2, t2,  8, 24)    \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_2(c, d, b, t, c2, d2, b2, t2,  7, 25)
+
+#define ODD_SHUFFLE_2(b, c, d, t, b2, c2, d2, t2)                       \
+        /*    a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15          \
+         * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */       \
+        VRGATHER_VV(t, REG_V25, d)                                      \
+        VRGATHER_VV(t2, REG_V25, d2)                                    \
+        VMV_V_V(d, t)                                                   \
+        VMV_V_V(d2, t2)                                                 \
+        VRGATHER_VV(t, REG_V23, b)                                      \
+        VRGATHER_VV(t2, REG_V23, b2)                                    \
+        VMV_V_V(b, t)                                                   \
+        VMV_V_V(b2, t2)                                                 \
+        VRGATHER_VV(t, REG_V24, c)                                      \
+        VRGATHER_VV(t2, REG_V24, c2)                                    \
+        VMV_V_V(c, t)                                                   \
+        VMV_V_V(c2, t2)
+
+#define EVEN_SHUFFLE_2(b, c, d, t, b2, c2, d2, t2)                      \
+        /*    a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14          \
+         * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */       \
+        VRGATHER_VV(t, REG_V23, d)                                      \
+        VRGATHER_VV(t2, REG_V23, d2)                                    \
+        VMV_V_V(d, t)                                                   \
+        VMV_V_V(d2, t2)                                                 \
+        VRGATHER_VV(t, REG_V25, b)                                      \
+        VRGATHER_VV(t2, REG_V25, b2)                                    \
+        VMV_V_V(b, t)                                                   \
+        VMV_V_V(b2, t2)                                                 \
+        VRGATHER_VV(t, REG_V24, c)                                      \
+        VRGATHER_VV(t2, REG_V24, c2)                                    \
+        VMV_V_V(c, t)                                                   \
+        VMV_V_V(c2, t2)
+
+
+static WC_INLINE int wc_chacha_encrypt_128(const word32* input, const byte* m,
+     byte* c)
+{
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        /* The layout of used vector registers is:
+         * v0-v3 - first block
+         * v4-v7 - second block
+         * v12-v15 - message
+         * v16-v19 - input
+         * v20-v22 - temp
+         * v23-v25 - indeces for rotating words in vector
+         *
+         * v0  0  1  2  3
+         * v1  4  5  6  7
+         * v2  8  9 10 11
+         * v3 12 13 14 15
+         * load CHACHA state with indices placed as shown above
+         */
+
+        /* Load incrementer register to modify counter */
+        "mv     t2, %[L_chacha20_vec_inc_first_word]\n\t"
+        VL1RE32_V(REG_V22, REG_T2)
+        VID_V(REG_V20)
+        VSLIDEDOWN_VI(REG_V23, REG_V20, 1)
+        VSLIDEUP_VI(REG_V23, REG_V20, 3)
+        VSLIDEDOWN_VI(REG_V24, REG_V20, 2)
+        VSLIDEUP_VI(REG_V24, REG_V20, 2)
+        VSLIDEDOWN_VI(REG_V25, REG_V20, 3)
+        VSLIDEUP_VI(REG_V25, REG_V20, 1)
+        /* Load state to encrypt */
+        "mv     t2, %[input]\n\t"
+        VL4RE32_V(REG_V16, REG_T2)
+        /* Load message */
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        /* Move state into vector registers */
+        VMVR_V(REG_V0, REG_V16, 4)
+        VMVR_V(REG_V4, REG_V16, 4)
+        /* Add counter word */
+        VADD_VV(REG_V7, REG_V7, REG_V22)
+        /* Set number of odd+even rounds to perform */
+        "li     t0, 10\n\t"
+        "\n"
+    "L_chacha20_riscv_128_loop:\n\t"
+        QUARTER_ROUND_2(REG_V0, REG_V1, REG_V2, REG_V3, REG_V20,
+                        REG_V4, REG_V5, REG_V6, REG_V7, REG_V21)
+        ODD_SHUFFLE_2(REG_V1, REG_V2, REG_V3, REG_V20,
+                      REG_V5, REG_V6, REG_V7, REG_V21)
+        QUARTER_ROUND_2(REG_V0, REG_V1, REG_V2, REG_V3, REG_V20,
+                        REG_V4, REG_V5, REG_V6, REG_V7, REG_V21)
+        EVEN_SHUFFLE_2(REG_V1, REG_V2, REG_V3, REG_V20,
+                       REG_V5, REG_V6, REG_V7, REG_V21)
+        "addi   t0, t0, -1\n\t"
+        "bnez   t0, L_chacha20_riscv_128_loop\n\t"
+        /* Add back state, XOR in message and store (load next block) */
+        VADD_VV(REG_V0, REG_V0, REG_V16)
+        VADD_VV(REG_V1, REG_V1, REG_V17)
+        VADD_VV(REG_V2, REG_V2, REG_V18)
+        VADD_VV(REG_V3, REG_V3, REG_V19)
+        VXOR_VV(REG_V0, REG_V0, REG_V12)
+        VXOR_VV(REG_V1, REG_V1, REG_V13)
+        VXOR_VV(REG_V2, REG_V2, REG_V14)
+        VXOR_VV(REG_V3, REG_V3, REG_V15)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V0, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        VADD_VV(REG_V19, REG_V19, REG_V22)
+        VADD_VV(REG_V4, REG_V4, REG_V16)
+        VADD_VV(REG_V5, REG_V5, REG_V17)
+        VADD_VV(REG_V6, REG_V6, REG_V18)
+        VADD_VV(REG_V7, REG_V7, REG_V19)
+        VXOR_VV(REG_V4, REG_V4, REG_V12)
+        VXOR_VV(REG_V5, REG_V5, REG_V13)
+        VXOR_VV(REG_V6, REG_V6, REG_V14)
+        VXOR_VV(REG_V7, REG_V7, REG_V15)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V4, REG_T2)
+        : [m] "+r" (m), [c] "+r" (c)
+        : [input] "r" (input),
+          [L_chacha20_vec_inc_first_word] "r" (L_chacha20_vec_inc_first_word)
+        : "memory", "t0", "t1", "t2"
+    );
+    return CHACHA_CHUNK_BYTES * 2;
+}
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define PART_ROUND(a, b, d, t, sl, sr)      \
+        VADD_VV(a, a, b)                    \
+        VXOR_VV(d, d, a)                    \
+        VSLL_VI(t, d, sl)                   \
+        VSRL_VI(d, d, sr)                   \
+        VOR_VV(d, d, t)
+
+#else
+
+#define PART_ROUND(a, b, d, t, sl, sr)      \
+        VADD_VV(a, a, b)                    \
+        VXOR_VV(d, d, a)                    \
+        VROR_VI(d, sr, d)
+
+#endif
+
+#define QUARTER_ROUND(a, b, c, d, t)        \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND(a, b, d, t, 16, 16)      \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND(c, d, b, t, 12, 20)      \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND(a, b, d, t,  8, 24)      \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND(c, d, b, t,  7, 25)
+
+#define ODD_SHUFFLE(b, c, d, t)                                         \
+        /*    a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15          \
+         * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */       \
+        VSLIDEDOWN_VI(t, d, 3)                                          \
+        VSLIDEUP_VI(t, d, 1)                                            \
+        VMV_V_V(d, t)                                                   \
+        VSLIDEDOWN_VI(t, b, 1)                                          \
+        VSLIDEUP_VI(t, b, 3)                                            \
+        VMV_V_V(b, t)                                                   \
+        VSLIDEDOWN_VI(t, c, 2)                                          \
+        VSLIDEUP_VI(t, c, 2)                                            \
+        VMV_V_V(c, t)
+
+#define EVEN_SHUFFLE(b, c, d, t)                                        \
+        /*    a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14          \
+         * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */       \
+        VSLIDEDOWN_VI(t, d, 1)                                          \
+        VSLIDEUP_VI(t, d, 3)                                            \
+        VMV_V_V(d, t)                                                   \
+        VSLIDEDOWN_VI(t, b, 3)                                          \
+        VSLIDEUP_VI(t, b, 1)                                            \
+        VMV_V_V(b, t)                                                   \
+        VSLIDEDOWN_VI(t, c, 2)                                          \
+        VSLIDEUP_VI(t, c, 2)                                            \
+        VMV_V_V(c, t)
+
+#define EIGHT_QUARTER_ROUNDS(a, b, c, d, t) \
+        /* Odd Round */                     \
+        QUARTER_ROUND(a, b, c, d, t)        \
+        ODD_SHUFFLE(b, c, d, t)             \
+        /* Even Round */                    \
+        QUARTER_ROUND(a, b, c, d, t)        \
+        EVEN_SHUFFLE(b, c, d, t)
+
+static WC_INLINE void wc_chacha_encrypt_64(const word32* input, const byte* m,
+    byte* c, word32 bytes, byte* over)
+{
+    word64 bytes64 = (word64)bytes;
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        /* The layout of used vector registers is:
+         * v0-v3 - block
+         * v4-v7 - message
+         * v8-v11 - input
+         * v12 - temp
+         *
+         * v0  0  1  2  3
+         * v1  4  5  6  7
+         * v2  8  9 10 11
+         * v3 12 13 14 15
+         * load CHACHA state with indices placed as shown above
+         */
+
+        /* Load incrementer register to modify counter */
+        "mv     t2, %[L_chacha20_vec_inc_first_word]\n\t"
+        VL1RE32_V(REG_V13, REG_T2)
+        /* Load state to encrypt */
+        "mv     t2, %[input]\n\t"
+        VL4RE32_V(REG_V8, REG_T2)
+        "\n"
+    "L_chacha20_riscv_64_loop:\n\t"
+        /* Move state into vector registers */
+        VMVR_V(REG_V0, REG_V8, 4)
+        /* Add counter word */
+        /* Odd Round */
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        "addi   t1, %[bytes], -64\n\t"
+        /* Add back state */
+        VADD_VV(REG_V0, REG_V0, REG_V8)
+        VADD_VV(REG_V1, REG_V1, REG_V9)
+        VADD_VV(REG_V2, REG_V2, REG_V10)
+        VADD_VV(REG_V3, REG_V3, REG_V11)
+        "bltz   t1, L_chacha20_riscv_64_lt_64\n\t"
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V4, REG_T2)
+        VXOR_VV(REG_V4, REG_V4, REG_V0)
+        VXOR_VV(REG_V5, REG_V5, REG_V1)
+        VXOR_VV(REG_V6, REG_V6, REG_V2)
+        VXOR_VV(REG_V7, REG_V7, REG_V3)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V4, REG_T2)
+        "addi   %[bytes], %[bytes], -64\n\t"
+        "addi   %[c], %[c], 64\n\t"
+        "addi   %[m], %[m], 64\n\t"
+        VADD_VV(REG_V11, REG_V11, REG_V13)
+        "bnez   %[bytes], L_chacha20_riscv_64_loop\n\t"
+        "beqz   %[bytes], L_chacha20_riscv_64_done\n\t"
+        "\n"
+    "L_chacha20_riscv_64_lt_64:\n\t"
+        "mv     t2, %[over]\n\t"
+        "addi   t1, %[bytes], -32\n\t"
+        VS4R_V(REG_V0, REG_T2)
+
+        "bltz   t1, L_chacha20_riscv_64_lt_32\n\t"
+        "mv     t2, %[m]\n\t"
+        VL2RE32_V(REG_V4, REG_T2)
+        VXOR_VV(REG_V4, REG_V4, REG_V0)
+        VXOR_VV(REG_V5, REG_V5, REG_V1)
+        "mv     t2, %[c]\n\t"
+        VS2R_V(REG_V4, REG_T2)
+        "addi   %[bytes], %[bytes], -32\n\t"
+        "addi   %[c], %[c], 32\n\t"
+        "addi   %[m], %[m], 32\n\t"
+        "beqz   %[bytes], L_chacha20_riscv_64_done\n\t"
+        VMVR_V(REG_V0, REG_V2, 2)
+        "\n"
+    "L_chacha20_riscv_64_lt_32:\n\t"
+        "addi   t1, %[bytes], -16\n\t"
+        "bltz   t1, L_chacha20_riscv_64_lt_16\n\t"
+        "mv     t2, %[m]\n\t"
+        VL1RE32_V(REG_V4, REG_T2)
+        VXOR_VV(REG_V4, REG_V4, REG_V0)
+        "mv     t2, %[c]\n\t"
+        VS1R_V(REG_V4, REG_T2)
+        "addi   %[bytes], %[bytes], -16\n\t"
+        "addi   %[c], %[c], 16\n\t"
+        "addi   %[m], %[m], 16\n\t"
+        "beqz   %[bytes], L_chacha20_riscv_64_done\n\t"
+        VMV_V_V(REG_V0, REG_V1)
+        "\n"
+    "L_chacha20_riscv_64_lt_16:\n\t"
+        "addi   t1, %[bytes], -8\n\t"
+        "bltz   t1, L_chacha20_riscv_64_lt_8\n\t"
+        VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000)
+        VMV_X_S(REG_T0, REG_V0)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        "ld     t1, (%[m])\n\t"
+        "xor    t1, t1, t0\n\t"
+        "sd     t1, (%[c])\n\t"
+        "addi   %[bytes], %[bytes], -8\n\t"
+        "addi   %[c], %[c], 8\n\t"
+        "addi   %[m], %[m], 8\n\t"
+        "beqz   %[bytes], L_chacha20_riscv_64_done\n\t"
+        VSLIDEDOWN_VI(REG_V0, REG_V0, 2)
+        "\n"
+    "L_chacha20_riscv_64_lt_8:\n\t"
+        "addi   %[bytes], %[bytes], -1\n\t"
+        VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000)
+        VMV_X_S(REG_T0, REG_V0)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        "\n"
+    "L_chacha20_riscv_64_loop_lt_8:\n\t"
+        "addi   %[bytes], %[bytes], -1\n\t"
+        "lb     t1, (%[m])\n\t"
+        "addi   %[m], %[m], 1\n\t"
+        "xor    t1, t1, t0\n\t"
+        "sb     t1, (%[c])\n\t"
+        "addi   %[c], %[c], 1\n\t"
+        "srli   t0, t0, 8\n\t"
+        "bgez   %[bytes], L_chacha20_riscv_64_loop_lt_8\n\t"
+        "\n"
+    "L_chacha20_riscv_64_done:\n\t"
+        : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64)
+        : [input] "r" (input), [over] "r" (over),
+          [L_chacha20_vec_inc_first_word] "r" (L_chacha20_vec_inc_first_word)
+        : "memory", "t0", "t1", "t2"
+    );
+}
+
+/**
+ * Encrypt a stream of bytes
+ */
+static void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
+    word32 bytes)
+{
+    int    processed;
+
+    if (bytes >= CHACHA_CHUNK_BYTES * 6) {
+        processed = (bytes / (CHACHA_CHUNK_BYTES * 6)) * CHACHA_CHUNK_BYTES * 6;
+        wc_chacha_encrypt_384(ctx->X, m, c, processed);
+
+        bytes -= processed;
+        c += processed;
+        m += processed;
+        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES],
+                                       processed / CHACHA_CHUNK_BYTES);
+    }
+    if (bytes >= CHACHA_CHUNK_BYTES * 4) {
+        processed = wc_chacha_encrypt_256(ctx->X, m, c);
+
+        bytes -= processed;
+        c += processed;
+        m += processed;
+        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES],
+                                       processed / CHACHA_CHUNK_BYTES);
+    }
+    if (bytes >= CHACHA_CHUNK_BYTES * 2) {
+        processed = wc_chacha_encrypt_128(ctx->X, m, c);
+
+        bytes -= processed;
+        c += processed;
+        m += processed;
+        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES],
+                                       processed / CHACHA_CHUNK_BYTES);
+    }
+    if (bytes > 0) {
+        wc_chacha_encrypt_64(ctx->X, m, c, bytes, (byte*)ctx->over);
+        if (bytes > CHACHA_CHUNK_BYTES)
+            ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
+        ctx->left = CHACHA_CHUNK_BYTES - (bytes & (CHACHA_CHUNK_BYTES - 1));
+        ctx->left &= CHACHA_CHUNK_BYTES - 1;
+        ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
+    }
+}
+
+#else
+
+#if !defined(WOLFSSL_RISCV_BIT_MANIPULATION)
+
+#define PART_ROUND_ODD_ABD(sl, sr)                      \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        "slli   " CC_T0 ", " CC_D0 ", " #sl "\n\t"      \
+        "slli   " CC_T1 ", " CC_D1 ", " #sl "\n\t"      \
+        "slli   " CC_T2 ", " CC_D2 ", " #sl "\n\t"      \
+        "slli   " CC_T3 ", " CC_D3 ", " #sl "\n\t"      \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t"    \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_ODD_CDB(sl, sr)                      \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        "slli   " CC_T0 ", " CC_B0 ", " #sl "\n\t"      \
+        "slli   " CC_T1 ", " CC_B1 ", " #sl "\n\t"      \
+        "slli   " CC_T2 ", " CC_B2 ", " #sl "\n\t"      \
+        "slli   " CC_T3 ", " CC_B3 ", " #sl "\n\t"      \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t"    \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_ABD(sl, sr)                     \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        "slli   " CC_T0 ", " CC_D3 ", " #sl "\n\t"      \
+        "slli   " CC_T1 ", " CC_D0 ", " #sl "\n\t"      \
+        "slli   " CC_T2 ", " CC_D1 ", " #sl "\n\t"      \
+        "slli   " CC_T3 ", " CC_D2 ", " #sl "\n\t"      \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t"    \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_CDB(sl, sr)                     \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        "slli   " CC_T0 ", " CC_B1 ", " #sl "\n\t"      \
+        "slli   " CC_T1 ", " CC_B2 ", " #sl "\n\t"      \
+        "slli   " CC_T2 ", " CC_B3 ", " #sl "\n\t"      \
+        "slli   " CC_T3 ", " CC_B0 ", " #sl "\n\t"      \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t"    \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t"
+
+#else
+
+#define PART_ROUND_ODD_ABD(sl, sr)                      \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        RORIW(REG_S8, REG_S8, sr)                       \
+        RORIW(REG_S9, REG_S9, sr)
+
+#define PART_ROUND_ODD_CDB(sl, sr)                      \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        RORIW(REG_T3, REG_T3, sr)                       \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        RORIW(REG_T6, REG_T6, sr)
+
+#define PART_ROUND_EVEN_ABD(sl, sr)                     \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        RORIW(REG_S9, REG_S9, sr)                       \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        RORIW(REG_S8, REG_S8, sr)
+
+#define PART_ROUND_EVEN_CDB(sl, sr)                     \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        RORIW(REG_T6, REG_T6, sr)                       \
+        RORIW(REG_T3, REG_T3, sr)
+
+#endif
+
+#define QUARTER_ROUND_ODD()                 \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_ODD_ABD(16, 16)          \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_ODD_CDB(12, 20)          \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_ODD_ABD( 8, 24)          \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_ODD_CDB( 7, 25)
+
+#define QUARTER_ROUND_EVEN()                \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_EVEN_ABD(16, 16)         \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_EVEN_CDB(12, 20)         \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_EVEN_ABD( 8, 24)         \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_EVEN_CDB( 7, 25)
+
+
+static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
+    byte* c, word32 bytes, word32* over)
+{
+    __asm__ __volatile__ (
+        /* Ensure 64-bit bytes has top bits clear. */
+        "slli   %[bytes], %[bytes], 32\n\t"
+        "srli   %[bytes], %[bytes], 32\n\t"
+
+    "L_chacha20_riscv_outer:\n\t"
+        /* Move state into regular registers */
+        "ld     a4,  0(%[input])\n\t"
+        "ld     a6,  8(%[input])\n\t"
+        "ld     t3, 16(%[input])\n\t"
+        "ld     t5, 24(%[input])\n\t"
+        "ld     s2, 32(%[input])\n\t"
+        "ld     s4, 40(%[input])\n\t"
+        "ld     s6, 48(%[input])\n\t"
+        "ld     s8, 56(%[input])\n\t"
+        "srli   a5, a4, 32\n\t"
+        "srli   a7, a6, 32\n\t"
+        "srli   t4, t3, 32\n\t"
+        "srli   t6, t5, 32\n\t"
+        "srli   s3, s2, 32\n\t"
+        "srli   s5, s4, 32\n\t"
+        "srli   s7, s6, 32\n\t"
+        "srli   s9, s8, 32\n\t"
+
+        /* Set number of odd+even rounds to perform */
+        "li     a3, 10\n\t"
+        "\n"
+    "L_chacha20_riscv_loop:\n\t"
+        /* Odd Round */
+        QUARTER_ROUND_ODD()
+        "addi   a3, a3, -1\n\t"
+        /* Even Round */
+        QUARTER_ROUND_EVEN()
+        "bnez   a3, L_chacha20_riscv_loop\n\t"
+
+        "addi   %[bytes], %[bytes], -64\n\t"
+
+        "ld     t0, 0(%[input])\n\t"
+        "ld     t1, 8(%[input])\n\t"
+        "ld     t2, 16(%[input])\n\t"
+        "ld     s1, 24(%[input])\n\t"
+        "add    a4, a4, t0\n\t"
+        "add    a6, a6, t1\n\t"
+        "add    t3, t3, t2\n\t"
+        "add    t5, t5, s1\n\t"
+        "srli   t0, t0, 32\n\t"
+        "srli   t1, t1, 32\n\t"
+        "srli   t2, t2, 32\n\t"
+        "srli   s1, s1, 32\n\t"
+        "add    a5, a5, t0\n\t"
+        "add    a7, a7, t1\n\t"
+        "add    t4, t4, t2\n\t"
+        "add    t6, t6, s1\n\t"
+        "ld     t0, 32(%[input])\n\t"
+        "ld     t1, 40(%[input])\n\t"
+        "ld     t2, 48(%[input])\n\t"
+        "ld     s1, 56(%[input])\n\t"
+        "add    s2, s2, t0\n\t"
+        "add    s4, s4, t1\n\t"
+        "add    s6, s6, t2\n\t"
+        "addi   t2, t2, 1\n\t"
+        "add    s8, s8, s1\n\t"
+        "srli   t0, t0, 32\n\t"
+        "srli   t1, t1, 32\n\t"
+        "sw     t2, 48(%[input])\n\t"
+        "srli   t2, t2, 32\n\t"
+        "srli   s1, s1, 32\n\t"
+        "add    s3, s3, t0\n\t"
+        "add    s5, s5, t1\n\t"
+        "add    s7, s7, t2\n\t"
+        "add    s9, s9, s1\n\t"
+
+        "bltz   %[bytes], L_chacha20_riscv_over\n\t"
+
+#if !defined(WOLFSSL_RISCV_BIT_MANIPULATION)
+        "ld     t0, 0(%[m])\n\t"
+        "ld     t1, 8(%[m])\n\t"
+        "ld     t2, 16(%[m])\n\t"
+        "ld     s1, 24(%[m])\n\t"
+        "xor    a4, a4, t0\n\t"
+        "xor    a6, a6, t1\n\t"
+        "xor    t3, t3, t2\n\t"
+        "xor    t5, t5, s1\n\t"
+        "srli   t0, t0, 32\n\t"
+        "srli   t1, t1, 32\n\t"
+        "srli   t2, t2, 32\n\t"
+        "srli   s1, s1, 32\n\t"
+        "xor    a5, a5, t0\n\t"
+        "xor    a7, a7, t1\n\t"
+        "xor    t4, t4, t2\n\t"
+        "xor    t6, t6, s1\n\t"
+        "ld     t0, 32(%[m])\n\t"
+        "ld     t1, 40(%[m])\n\t"
+        "ld     t2, 48(%[m])\n\t"
+        "ld     s1, 56(%[m])\n\t"
+        "xor    s2, s2, t0\n\t"
+        "xor    s4, s4, t1\n\t"
+        "xor    s6, s6, t2\n\t"
+        "xor    s8, s8, s1\n\t"
+        "srli   t0, t0, 32\n\t"
+        "srli   t1, t1, 32\n\t"
+        "srli   t2, t2, 32\n\t"
+        "srli   s1, s1, 32\n\t"
+        "xor    s3, s3, t0\n\t"
+        "xor    s5, s5, t1\n\t"
+        "xor    s7, s7, t2\n\t"
+        "xor    s9, s9, s1\n\t"
+        "sw     a4, 0(%[c])\n\t"
+        "sw     a5, 4(%[c])\n\t"
+        "sw     a6, 8(%[c])\n\t"
+        "sw     a7, 12(%[c])\n\t"
+        "sw     t3, 16(%[c])\n\t"
+        "sw     t4, 20(%[c])\n\t"
+        "sw     t5, 24(%[c])\n\t"
+        "sw     t6, 28(%[c])\n\t"
+        "sw     s2, 32(%[c])\n\t"
+        "sw     s3, 36(%[c])\n\t"
+        "sw     s4, 40(%[c])\n\t"
+        "sw     s5, 44(%[c])\n\t"
+        "sw     s6, 48(%[c])\n\t"
+        "sw     s7, 52(%[c])\n\t"
+        "sw     s8, 56(%[c])\n\t"
+        "sw     s9, 60(%[c])\n\t"
+#else
+        PACK(REG_A4, REG_A4, REG_A5)
+        PACK(REG_A6, REG_A6, REG_A7)
+        PACK(REG_T3, REG_T3, REG_T4)
+        PACK(REG_T5, REG_T5, REG_T6)
+        PACK(REG_S2, REG_S2, REG_S3)
+        PACK(REG_S4, REG_S4, REG_S5)
+        PACK(REG_S6, REG_S6, REG_S7)
+        PACK(REG_S8, REG_S8, REG_S9)
+        "ld     a5, 0(%[m])\n\t"
+        "ld     a7, 8(%[m])\n\t"
+        "ld     t4, 16(%[m])\n\t"
+        "ld     t6, 24(%[m])\n\t"
+        "ld     s3, 32(%[m])\n\t"
+        "ld     s5, 40(%[m])\n\t"
+        "ld     s7, 48(%[m])\n\t"
+        "ld     s9, 56(%[m])\n\t"
+        "xor    a4, a4, a5\n\t"
+        "xor    a6, a6, a7\n\t"
+        "xor    t3, t3, t4\n\t"
+        "xor    t5, t5, t6\n\t"
+        "xor    s2, s2, s3\n\t"
+        "xor    s4, s4, s5\n\t"
+        "xor    s6, s6, s7\n\t"
+        "xor    s8, s8, s9\n\t"
+        "sd     a4, 0(%[c])\n\t"
+        "sd     a6, 8(%[c])\n\t"
+        "sd     t3, 16(%[c])\n\t"
+        "sd     t5, 24(%[c])\n\t"
+        "sd     s2, 32(%[c])\n\t"
+        "sd     s4, 40(%[c])\n\t"
+        "sd     s6, 48(%[c])\n\t"
+        "sd     s8, 56(%[c])\n\t"
+#endif
+
+        "addi   %[m], %[m], 64\n\t"
+        "addi   %[c], %[c], 64\n\t"
+
+        "bnez   %[bytes], L_chacha20_riscv_outer\n\t"
+        "beqz   %[bytes], L_chacha20_riscv_done\n\t"
+
+     "L_chacha20_riscv_over:\n\t"
+        "addi   a3, %[bytes], 64\n\t"
+
+        "sw     a4,  0(%[over])\n\t"
+        "sw     a5,  4(%[over])\n\t"
+        "sw     a6,  8(%[over])\n\t"
+        "sw     a7, 12(%[over])\n\t"
+        "sw     t3, 16(%[over])\n\t"
+        "sw     t4, 20(%[over])\n\t"
+        "sw     t5, 24(%[over])\n\t"
+        "sw     t6, 28(%[over])\n\t"
+        "sw     s2, 32(%[over])\n\t"
+        "sw     s3, 36(%[over])\n\t"
+        "sw     s4, 40(%[over])\n\t"
+        "sw     s5, 44(%[over])\n\t"
+        "sw     s6, 48(%[over])\n\t"
+        "sw     s7, 52(%[over])\n\t"
+        "sw     s8, 56(%[over])\n\t"
+        "sw     s9, 60(%[over])\n\t"
+
+        "addi   t0, a3, -8\n\t"
+        "bltz   t0, L_chacha20_riscv_32bit\n\t"
+        "addi   a3, a3, -1\n\t"
+     "L_chacha20_riscv_64bit_loop:\n\t"
+        "ld     t0, (%[m])\n\t"
+        "ld     t1, (%[over])\n\t"
+        "xor    t0, t0, t1\n\t"
+        "sd     t0, (%[c])\n\t"
+        "addi   %[m], %[m], 8\n\t"
+        "addi   %[c], %[c], 8\n\t"
+        "addi   %[over], %[over], 8\n\t"
+        "addi   a3, a3, -8\n\t"
+        "bgez   a3, L_chacha20_riscv_64bit_loop\n\t"
+        "addi   a3, a3, 1\n\t"
+
+     "L_chacha20_riscv_32bit:\n\t"
+        "addi   t0, a3, -4\n\t"
+        "bltz   t0, L_chacha20_riscv_16bit\n\t"
+        "lw     t0, (%[m])\n\t"
+        "lw     t1, (%[over])\n\t"
+        "xor    t0, t0, t1\n\t"
+        "sw     t0, (%[c])\n\t"
+        "addi   %[m], %[m], 4\n\t"
+        "addi   %[c], %[c], 4\n\t"
+        "addi   %[over], %[over], 4\n\t"
+
+     "L_chacha20_riscv_16bit:\n\t"
+        "addi   t0, a3, -2\n\t"
+        "bltz   t0, L_chacha20_riscv_8bit\n\t"
+        "lh     t0, (%[m])\n\t"
+        "lh     t1, (%[over])\n\t"
+        "xor    t0, t0, t1\n\t"
+        "sh     t0, (%[c])\n\t"
+        "addi   %[m], %[m], 2\n\t"
+        "addi   %[c], %[c], 2\n\t"
+        "addi   %[over], %[over], 2\n\t"
+
+     "L_chacha20_riscv_8bit:\n\t"
+        "addi   t0, a3, -1\n\t"
+        "bltz   t0, L_chacha20_riscv_done\n\t\n\t"
+        "lb     t0, (%[m])\n\t"
+        "lb     t1, (%[over])\n\t"
+        "xor    t0, t0, t1\n\t"
+        "sb     t0, (%[c])\n\t"
+        "bltz   %[bytes], L_chacha20_riscv_done\n\t"
+
+     "L_chacha20_riscv_done:\n\t"
+        : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes), [over] "+r" (over)
+        : [input] "r" (input)
+        : "memory", "t0", "t1", "t2", "s1", "a3",
+          "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7",
+          "s2", "s3", "s4", "s5",
+          "s6", "s7", "s8", "s9"
+    );
+}
+
+/**
+ * Encrypt a stream of bytes
+ */
+static WC_INLINE void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m,
+    byte* c, word32 bytes)
+{
+    wc_chacha_encrypt(ctx->X, m, c, bytes, ctx->over);
+    ctx->left = (CHACHA_CHUNK_BYTES - (bytes & (CHACHA_CHUNK_BYTES - 1))) &
+                (CHACHA_CHUNK_BYTES - 1);
+}
+#endif
+
+/**
+ * API to encrypt/decrypt a message of any size.
+ */
+int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
+    word32 msglen)
+{
+    int ret = 0;
+
+    if ((ctx == NULL) || (output == NULL) || (input == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else if (msglen > 0) {
+        if (ctx->left > 0) {
+            word32 processed = min(msglen, ctx->left);
+            byte*  out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left;
+
+            xorbufout(output, input, out, processed);
+
+            ctx->left -= processed;
+            msglen -= processed;
+            output += processed;
+            input += processed;
+        }
+
+        if (msglen > 0) {
+            wc_chacha_encrypt_bytes(ctx, input, output, msglen);
+        }
+    }
+
+    return ret;
+}
+
+#endif /* HAVE_CHACHA */
+#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-poly1305.c b/wolfcrypt/src/port/riscv/riscv-64-poly1305.c
new file mode 100644
index 0000000000..22d6f408ed
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-poly1305.c
@@ -0,0 +1,669 @@
+/* riscv-64-poly1305.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*
+ * Based off the public domain implementations by Andrew Moon
+ * and Daniel J. Bernstein
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#ifdef WOLFSSL_RISCV_ASM
+
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+#ifdef CHACHA_AEAD_TEST
+    #include <stdio.h>
+#endif
+
+
+#ifndef WOLFSSL_RISCV_BIT_MANIPULATION_TERNARY
+
+#define SPLIT_130(r0, r1, r2, a0, a1, a2, t)        \
+        "srli   " #r1 ", " #a0 ", (64-12)\n\t"      \
+        "and    " #r0 ", " #a0 ", a6\n\t"           \
+        "slli   " #t  ", " #a1 ", (2*12)\n\t"       \
+        "slli   " #r2 ", " #a2 ", (2*12)\n\t"       \
+        "srli   " #a1 ", " #a1 ", (64-2*12)\n\t"    \
+        "srli   " #t  ", " #t  ", 12\n\t"           \
+        "or     " #r2 ", " #a1 ", " #r2 "\n\t"      \
+        "or     " #r1 ", " #r1 ", " #t  "\n\t"
+
+#define SPLIT_128(r0, r1, r2, a0, a1, t)            \
+        "slli   " #t  ", " #a1 ", (2*12)\n\t"       \
+        "srli   " #r1 ", " #a0 ", (64-12)\n\t"      \
+        "and    " #r0 ", " #a0 ", a6\n\t"           \
+        "srli   " #t  ", " #t  ", 12\n\t"           \
+        "srli   " #r2 ", " #a1 ", (64-2*12)\n\t"    \
+        "or     " #r1 ", " #r1 ", " #t  "\n\t"
+
+#define REDIST(l, h, t)                     \
+        "srli   " #t ", " #l ", 52\n\t"     \
+        "slli   " #h ", " #h ", 12\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"     \
+        "or     " #h ", " #h ", " #t "\n\t"
+
+#define REDIST_HI(l, h, h2, t)              \
+        "srli   " #h2 ", " #h ", 28\n\t"    \
+        "slli   " #h ", " #h ", 24\n\t"     \
+        "srli   " #t ", " #l ", 40\n\t"     \
+        "slli   " #l ", " #l ", 12\n\t"     \
+        "and    " #h ", " #h ", a6\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"     \
+        "or     " #h ", " #h ", " #t "\n\t"
+
+#define REDIST_HI_26(l, h, t)               \
+        "srli   " #t ", " #l ", 40\n\t"     \
+        "slli   " #l ", " #l ", 12\n\t"     \
+        "slli   " #h ", " #h ", 24\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"     \
+        "or     " #h ", " #h ", " #t "\n\t"
+
+#else
+
+#define SPLIT_130(r0, r1, r2, a0, a1, a2, t)        \
+        "and    " #r0 ", " #a0 ", a6\n\t"           \
+        FSRI(r1, a1, a0, 52)                        \
+        FSRI(r2, a2, a1, 40)                        \
+        "and    " #r1 ", " #r1 ", a6\n\t"           \
+        "and    " #r2 ", " #r2 ", a6\n\t"
+
+#define SPLIT_128(r0, r1, r2, a0, a1, t)            \
+        "srli   " #r2 ", " #a1 ", 40\n\t"           \
+        FSRI(r1, a1, a0, 52)                        \
+        "and    " #r0 ", " #a0 ", a6\n\t"           \
+        "and    " #r1 ", " #r1 ", a6\n\t"
+
+#define REDIST(l, h, t)                     \
+        FSRI(h, h, l, 52)                   \
+        "and    " #l ", " #l ", a4\n\t"
+
+#define REDIST_HI(l, h, h2, t)              \
+        "srli   " #h2 ", " #h ", 28\n\t"    \
+        FSRI(h, h, l, 40)                   \
+        "slli   " #l ", " #l ", 12\n\t"     \
+        "and    " #h ", " #h ", a6\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"
+
+#define REDIST_HI_26(l, h, t)               \
+        FSRI(h, h, l, 40)                   \
+        "slli   " #l ", " #l ", 12\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"
+
+#endif
+
+#define RECALC(l, h, t)                     \
+        "srli   " #t ", " #l ", 52\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"     \
+        "add    " #h ", " #h ", " #t "\n\t"
+
+static WC_INLINE void poly1305_blocks_riscv64_16(Poly1305* ctx,
+    const unsigned char *m, size_t bytes, int notLast)
+{
+    __asm__ __volatile__ (
+        "addi   %[bytes], %[bytes], -16\n\t"
+        "bltz   %[bytes], L_poly1305_riscv64_16_64_done_%=\n\t"
+
+        "li     a4, 0xffffffc000000\n\t"
+        "li     a5, 0x3ffffff\n\t"
+        "li     a6, 0xfffffffffffff\n\t"
+
+        /* Load r and h */
+        "ld     s8, %[ctx_r_0]\n\t"
+        "ld     s9, %[ctx_r_1]\n\t"
+
+        "ld     s3, %[ctx_h_0]\n\t"
+        "ld     s4, %[ctx_h_1]\n\t"
+        "ld     s5, %[ctx_h_2]\n\t"
+
+    "L_poly1305_riscv64_16_64_loop_%=:\n\t"
+        /* Load m */
+        "ld     t0, (%[m])\n\t"
+        "ld     t1, 8(%[m])\n\t"
+        /* Split m into 26, 52, 52 */
+        SPLIT_130(t2, t3, t4, t0, t1, %[notLast], t5)
+
+        "add    s3, s3, t2\n\t"
+        "add    s4, s4, t3\n\t"
+        "add    s5, s5, t4\n\t"
+
+        /* r[0] * h[0] = [0, 1] */
+        "mul    t0, s8, s3\n\t"
+        "mulhu  t1, s8, s3\n\t"
+        REDIST(t0, t1, s6)
+        /* r[0] * h[1] = [1, 2] */
+        "mul    t3, s8, s4\n\t"
+        "mulhu  t2, s8, s4\n\t"
+        REDIST(t3, t2, s6)
+        "add    t1, t1, t3\n\t"
+        /* r[1] * h[0] = [1, 2] */
+        "mul    t4, s9, s3\n\t"
+        "mulhu  t5, s9, s3\n\t"
+        REDIST_HI(t4, t5, t3, s6)
+        "add    t1, t1, t4\n\t"
+        "add    t2, t2, t5\n\t"
+        /* r[0] * h[2] = [2, 3] */
+        "mul    t4, s8, s5\n\t"
+        "mulhu  t5, s8, s5\n\t"
+        REDIST(t4, t5, s6)
+        "add    t2, t2, t4\n\t"
+        "add    t3, t3, t5\n\t"
+        /* r[1] * h[1] = [2, 3] */
+        "mul    t5, s9, s4\n\t"
+        "mulhu  t6, s9, s4\n\t"
+        REDIST_HI(t5, t6, t4, s6)
+        "add    t2, t2, t5\n\t"
+        "add    t3, t3, t6\n\t"
+        /* r[1] * h[2] = [3, 4] */
+        "mul    t5, s9, s5\n\t"
+        "mulhu  t6, s9, s5\n\t"
+        REDIST_HI_26(t5, t6, s6)
+        "add    t3, t3, t5\n\t"
+        "add    t4, t4, t6\n\t"
+
+        RECALC(t1, t2, s6)
+        RECALC(t2, t3, s6)
+        RECALC(t3, t4, s6)
+
+        /* h[0..4] % (2^130 - 5) */
+        "slli   s3, t3, 26\n\t"
+        "slli   s4, t4, 26\n\t"
+        "and    s3, s3, a4\n\t"
+        "and    s4, s4, a4\n\t"
+        "srli   t5, t2, 26\n\t"
+        "and    t2, t2, a5\n\t"
+        "srli   t3, t3, 26\n\t"
+        "srli   t4, t4, 26\n\t"
+        "add    t5, t5, s3\n\t"
+        "add    t3, t3, s4\n\t"
+
+        "slli   s5, t5, 2\n\t"
+        "slli   s3, t3, 2\n\t"
+        "slli   s4, t4, 2\n\t"
+        "add    t5, t5, s5\n\t"
+        "add    t3, t3, s3\n\t"
+        "add    t4, t4, s4\n\t"
+
+        "add    s3, t0, t5\n\t"
+        "add    s4, t1, t3\n\t"
+        "add    s5, t2, t4\n\t"
+
+        /* h[0..2] % (2^130 - 5) */
+        "and    t5, s5, a4\n\t"
+        "and    s5, s5, a5\n\t"
+        "srli   t6, t5, 24\n\t"
+        "srli   t5, t5, 26\n\t"
+        "add    t5, t5, t6\n\t"
+        "add    s3, s3, t5\n\t"
+
+        "addi   %[bytes], %[bytes], -16\n\t"
+        "addi   %[m], %[m], 16\n\t"
+        "bgez   %[bytes], L_poly1305_riscv64_16_64_loop_%=\n\t"
+
+        "sd     s3, %[ctx_h_0]\n\t"
+        "sd     s4, %[ctx_h_1]\n\t"
+        "sd     s5, %[ctx_h_2]\n\t"
+        "\n"
+    "L_poly1305_riscv64_16_64_done_%=:\n\t"
+        : [bytes] "+r" (bytes), [m] "+r" (m)
+        : [ctx_h_0] "m" (ctx->h[0]), [ctx_h_1] "m" (ctx->h[1]),
+          [ctx_h_2] "m" (ctx->h[2]), [ctx_r_0] "m" (ctx->r[0]),
+          [ctx_r_1] "m" (ctx->r[1]), [notLast] "r" ((word64)notLast)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "s6",
+                    "a4", "a5", "a6", /* Constants */
+                    "s3", "s4", "s5", /* h */
+                    "s8", "s9" /* r */
+    );
+}
+
+#ifdef WOLFSSL_RISCV_VECTOR
+
+#define MUL_RES_REDIS(l, h, t)  \
+        VSRL_VX(t, l, REG_A7)   \
+        VSLL_VI(h, h, 12)       \
+        VAND_VX(l, l, REG_A6)   \
+        VOR_VV(h, h, t)
+
+#endif
+
+void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
+    size_t bytes)
+{
+#ifdef WOLFSSL_RISCV_VECTOR
+    __asm__ __volatile__ (
+        "addi   %[bytes], %[bytes], -32\n\t"
+        "bltz   %[bytes], L_poly1305_riscv64_vec_done_%=\n\t"
+
+        VSETIVLI(REG_ZERO, 2, 1, 1, 0b011, 0b000)
+
+        "li     a4, 0xffffffc000000\n\t"
+        "li     a5, 0x3ffffff\n\t"
+        "li     a6, 0xfffffffffffff\n\t"
+        "li     a7, 52\n\t"
+
+        /* Load r and r^2 */
+        "mv     t0, %[r2]\n\t"
+        VL2RE64_V(REG_V2, REG_T0)
+        "addi   t0, %[r2], 32\n\t"
+        VL1RE64_V(REG_V4, REG_T0)
+
+        /* Load h */
+        "ld     t0,  0(%[h])\n\t"
+        "ld     t1,  8(%[h])\n\t"
+        "ld     t2,  16(%[h])\n\t"
+
+        VMV_S_X(REG_V8, REG_T0)
+        VMV_S_X(REG_V9, REG_T1)
+        VMV_S_X(REG_V10, REG_T2)
+
+    "L_poly1305_riscv64_vec_loop_%=:\n\t"
+        /* m0 + nfin */
+        "ld     t0, 0(%[m])\n\t"
+        "ld     t1, 8(%[m])\n\t"
+        "li     t6, 1\n\t"
+        /* Split m into 24, 52, 52 */
+        SPLIT_130(t2, t3, t4, t0, t1, t6, t5)
+        VMV_S_X(REG_V11, REG_T2)
+        VMV_S_X(REG_V12, REG_T3)
+        VMV_S_X(REG_V13, REG_T4)
+        /* m1+ nfin */
+        "ld     t0, 16(%[m])\n\t"
+        "ld     t1, 24(%[m])\n\t"
+        /* Split m into 24, 52, 52 */
+        SPLIT_130(t2, t3, t4, t0, t1, t6, t5)
+        VMV_S_X(REG_V14, REG_T2)
+        VMV_S_X(REG_V15, REG_T3)
+        VMV_S_X(REG_V16, REG_T4)
+        /* h += m0 + nfin */
+        VADD_VV(REG_V8, REG_V8, REG_V11)
+        VADD_VV(REG_V9, REG_V9, REG_V12)
+        VADD_VV(REG_V10, REG_V10, REG_V13)
+        /* h[0]|m1[0], h[1]|m1[1], h[2]|m1[2] */
+        VSLIDEUP_VI(REG_V8, REG_V14, 1)
+        VSLIDEUP_VI(REG_V9, REG_V15, 1)
+        VSLIDEUP_VI(REG_V10, REG_V16, 1)
+
+        /* hm[0] * r2r[0] */
+        VMUL_VV(REG_V11, REG_V8, REG_V2)
+        VMULHU_VV(REG_V12, REG_V8, REG_V2)
+        MUL_RES_REDIS(REG_V11, REG_V12, REG_V18)
+
+        /* + hm[0] * r2r[1] */
+        VMUL_VV(REG_V14, REG_V8, REG_V3)
+        VMULHU_VV(REG_V13, REG_V8, REG_V3)
+        MUL_RES_REDIS(REG_V14, REG_V13, REG_V18)
+        VADD_VV(REG_V12, REG_V12, REG_V14)
+        /* + hm[1] * r2r[0] */
+        VMUL_VV(REG_V14, REG_V9, REG_V2)
+        VMULHU_VV(REG_V15, REG_V9, REG_V2)
+        MUL_RES_REDIS(REG_V14, REG_V15, REG_V18)
+        VADD_VV(REG_V12, REG_V12, REG_V14)
+        VADD_VV(REG_V13, REG_V13, REG_V15)
+
+        /* + hm[0] * r2r[2] */
+        VMUL_VV(REG_V15, REG_V8, REG_V4)
+        VMULHU_VV(REG_V14, REG_V8, REG_V4)
+        MUL_RES_REDIS(REG_V15, REG_V14, REG_V18)
+        VADD_VV(REG_V13, REG_V13, REG_V15)
+        /* + hm[1] * r2r[1] */
+        VMUL_VV(REG_V15, REG_V9, REG_V3)
+        VMULHU_VV(REG_V16, REG_V9, REG_V3)
+        MUL_RES_REDIS(REG_V15, REG_V16, REG_V18)
+        VADD_VV(REG_V13, REG_V13, REG_V15)
+        VADD_VV(REG_V14, REG_V14, REG_V16)
+        /* + hm[2] * r2r[0] */
+        VMUL_VV(REG_V15, REG_V10, REG_V2)
+        VMULHU_VV(REG_V16, REG_V10, REG_V2)
+        MUL_RES_REDIS(REG_V15, REG_V16, REG_V18)
+        VADD_VV(REG_V13, REG_V13, REG_V15)
+        VADD_VV(REG_V14, REG_V14, REG_V16)
+
+        /* + hm[1] * r2r[2] */
+        VMUL_VV(REG_V16, REG_V9, REG_V4)
+        VMULHU_VV(REG_V15, REG_V9, REG_V4)
+        MUL_RES_REDIS(REG_V16, REG_V15, REG_V18)
+        VADD_VV(REG_V14, REG_V14, REG_V16)
+        /* + hm[2] * r2r[1] */
+        VMUL_VV(REG_V16, REG_V10, REG_V3)
+        VMULHU_VV(REG_V17, REG_V10, REG_V3)
+        MUL_RES_REDIS(REG_V16, REG_V17, REG_V18)
+        VADD_VV(REG_V14, REG_V14, REG_V16)
+        VADD_VV(REG_V15, REG_V15, REG_V17)
+
+        /* + hm[2] * r2r[2] */
+        VMUL_VV(REG_V17, REG_V10, REG_V4)
+        VADD_VV(REG_V15, REG_V15, REG_V17)
+
+        /* Get m1 * r down */
+        VSLIDEDOWN_VI(REG_V18, REG_V11, 1)
+        VSLIDEDOWN_VI(REG_V19, REG_V12, 1)
+        VSLIDEDOWN_VI(REG_V20, REG_V13, 1)
+        VSLIDEDOWN_VI(REG_V21, REG_V14, 1)
+        VSLIDEDOWN_VI(REG_V22, REG_V15, 1)
+
+        /* Add (h + m0) * r^2 + m1 * r */
+        VADD_VV(REG_V11, REG_V11, REG_V18)
+        VADD_VV(REG_V12, REG_V12, REG_V19)
+        VADD_VV(REG_V13, REG_V13, REG_V20)
+        VADD_VV(REG_V14, REG_V14, REG_V21)
+        VADD_VV(REG_V15, REG_V15, REG_V22)
+
+        /* h' % 2^130-5 */
+        VSLL_VI(REG_V8, REG_V14, 26)
+        VSLL_VI(REG_V9, REG_V15, 26)
+        VAND_VX(REG_V8, REG_V8, REG_A4)
+        VAND_VX(REG_V9, REG_V9, REG_A4)
+        VSRL_VI(REG_V10, REG_V13, 26)
+        VAND_VX(REG_V13, REG_V13, REG_A5)
+        VSRL_VI(REG_V14, REG_V14, 26)
+        VSRL_VI(REG_V15, REG_V15, 26)
+        VADD_VV(REG_V10, REG_V10, REG_V8)
+        VADD_VV(REG_V14, REG_V14, REG_V9)
+
+        VSLL_VI(REG_V16, REG_V10, 2)
+        VSLL_VI(REG_V17, REG_V14, 2)
+        VSLL_VI(REG_V18, REG_V15, 2)
+        VADD_VV(REG_V10, REG_V10, REG_V16)
+        VADD_VV(REG_V14, REG_V14, REG_V17)
+        VADD_VV(REG_V15, REG_V15, REG_V18)
+
+        VADD_VV(REG_V8, REG_V11, REG_V10)
+        VADD_VV(REG_V9, REG_V12, REG_V14)
+        VADD_VV(REG_V10, REG_V13, REG_V15)
+
+        /* h'' % 2^130-5 */
+        VAND_VX(REG_V11, REG_V10, REG_A4)
+        VAND_VX(REG_V10, REG_V10, REG_A5)
+        VSRL_VI(REG_V12, REG_V11, 24)
+        VSRL_VI(REG_V11, REG_V11, 26)
+        VADD_VV(REG_V11, REG_V11, REG_V12)
+        VADD_VV(REG_V8, REG_V8, REG_V11)
+
+        "addi   %[bytes], %[bytes], -32\n\t"
+        "addi   %[m], %[m], 32\n\t"
+        "bgez   %[bytes], L_poly1305_riscv64_vec_loop_%=\n\t"
+
+        VMV_X_S(REG_S3, REG_V8)
+        VMV_X_S(REG_S4, REG_V9)
+        VMV_X_S(REG_S5, REG_V10)
+
+        "sd     s3, 0(%[h])\n\t"
+        "sd     s4, 8(%[h])\n\t"
+        "sd     s5, 16(%[h])\n\t"
+
+        "\n"
+    "L_poly1305_riscv64_vec_done_%=:\n\t"
+        "addi   %[bytes], %[bytes], 32\n\t"
+        : [bytes] "+r" (bytes), [m] "+r" (m)
+        : [r2] "r" (ctx->r2), [h] "r" (ctx->h)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "s3", "s4", "s5", "a4", "a5", "a6", "a7"
+    );
+#endif
+    poly1305_blocks_riscv64_16(ctx, m, bytes, 1);
+}
+
+void poly1305_block_riscv64(Poly1305* ctx, const unsigned char *m)
+{
+    poly1305_blocks_riscv64_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+
+#if defined(POLY130564)
+static word64 clamp[] = {
+    0x0ffffffc0fffffff,
+    0x0ffffffc0ffffffc,
+};
+#endif /* POLY130564 */
+
+
+int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+
+#ifdef CHACHA_AEAD_TEST
+    word32 k;
+    printf("Poly key used:\n");
+    for (k = 0; k < keySz; k++) {
+        printf("%02x", key[k]);
+        if ((k+1) % 8 == 0)
+            printf("\n");
+    }
+    printf("\n");
+#endif
+
+    if (keySz != 32 || ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    __asm__ __volatile__ (
+        /* Load key material */
+        "ld     t0, 0(%[key])\n\t"
+        "ld     t1, 8(%[key])\n\t"
+        "ld     t2, 16(%[key])\n\t"
+        "ld     t3, 24(%[key])\n\t"
+        /* Load clamp */
+        "ld     t4, 0(%[clamp])\n\t"
+        "ld     t5, 8(%[clamp])\n\t"
+        /* Save pad for later */
+        "sd     t2, 0(%[ctx_pad])\n\t"
+        "sd     t3, 8(%[ctx_pad])\n\t"
+        /* Apply clamp */
+        /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+        "and    t0, t0, t4\n\t"
+        "and    t1, t1, t5\n\t"
+        /* Store r */
+        "sd     t0, 0(%[ctx_r])\n\t"
+        "sd     t1, 8(%[ctx_r])\n\t"
+
+#ifdef WOLFSSL_RISCV_VECTOR
+        "li     a6, 0xfffffffffffff\n\t"
+        /* Split r into parts less than 64 */
+        SPLIT_128(t2, t3, t4, t0, t1, t5)
+        /* Store r */
+        "sd     t2, 8(%[ctx_r2])\n\t"
+        "sd     t3, 24(%[ctx_r2])\n\t"
+        "sd     t4, 40(%[ctx_r2])\n\t"
+
+        /* r * r */
+        /*   r[0] * r[0] - 0, 1 */
+        "mul    t2, t0, t0\n\t"
+        "mulhu  t3, t0, t0\n\t"
+        /* + r[0] * r[1] - 1, 2 */
+        "mul    t5, t1, t0\n\t"
+        "mulhu  t6, t1, t0\n\t"
+        "add    t3, t3, t5\n\t"
+        "sltu   s1, t3, t5\n\t"
+        "add    t4, t6, s1\n\t"
+        /* + r[1] * r[0] - 1, 2 */
+        "add    t3, t3, t5\n\t"
+        "sltu   s1, t3, t5\n\t"
+        "add    t4, t4, s1\n\t"
+        "add    t4, t4, t6\n\t"
+        "sltu   t5, t4, t6\n\t"
+        /* + r[1] * r[1] - 2, 3 */
+        "mul    s1, t1, t1\n\t"
+        "mulhu  t6, t1, t1\n\t"
+        "add    t4, t4, s1\n\t"
+        "sltu   s1, t4, s1\n\t"
+        "add    t5, t5, t6\n\t"
+        "add    t5, t5, s1\n\t"
+        /* (r * r) % (2 ^ 130 - 5) */
+        "andi   t6, t4, -4\n\t"
+        "andi   t4, t4, 3\n\t"
+        /* r[0..129] + r[130-191] * 4 */
+        "add    t2, t2, t6\n\t"
+        "sltu   s1, t2, t6\n\t"
+        "add    t3, t3, s1\n\t"
+        "sltu   s1, t3, s1\n\t"
+        "add    t4, t4, s1\n\t"
+        /* r[0..129] + r[130-193] */
+        "srli   t6, t6, 2\n\t"
+        "slli   s1, t5, 62\n\t"
+        "or     t6, t6, s1\n\t"
+        "add    t2, t2, t6\n\t"
+        "sltu   s1, t2, t6\n\t"
+        "add    t3, t3, s1\n\t"
+        "sltu   s1, t3, s1\n\t"
+        "add    t4, t4, s1\n\t"
+        /* r[64..129] + r[194-253] * 4 */
+        "add    t3, t3, t5\n\t"
+        "sltu   s1, t3, t5\n\t"
+        "add    t4, t4, s1\n\t"
+        /* r[64..129] + r[194-253] */
+        "srli   t5, t5, 2\n\t"
+        "add    t3, t3, t5\n\t"
+        "sltu   s1, t3, t5\n\t"
+        "add    t4, t4, s1\n\t"
+        /* Split r^2 into parts less than 64 */
+        SPLIT_130(t0, t1, t2, t2, t3, t4, t5)
+        /* Store r^2 */
+        "sd     t0, 0(%[ctx_r2])\n\t"
+        "sd     t1, 16(%[ctx_r2])\n\t"
+        "sd     t2, 32(%[ctx_r2])\n\t"
+#endif
+
+        /* h (accumulator) = 0 */
+        "sd     x0, 0(%[ctx_h])\n\t"
+        "sd     x0, 8(%[ctx_h])\n\t"
+        "sd     x0, 16(%[ctx_h])\n\t"
+        /* Zero leftover */
+        "sd     x0, (%[ctx_leftover])\n\t"
+        :
+        : [clamp] "r" (clamp), [key] "r" (key), [ctx_r] "r" (ctx->r),
+#ifdef WOLFSSL_RISCV_VECTOR
+          [ctx_r2] "r" (ctx->r2),
+#endif
+          [ctx_h] "r" (ctx->h), [ctx_pad] "r" (ctx->pad),
+          [ctx_leftover] "r" (&ctx->leftover)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "s1"
+#ifdef WOLFSSL_RISCV_VECTOR
+                  , "a6"
+#endif
+    );
+
+    return 0;
+}
+
+
+int wc_Poly1305Final(Poly1305* ctx, byte* mac)
+{
+
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    /* process the remaining block */
+    if (ctx->leftover) {
+        size_t i = ctx->leftover;
+        ctx->buffer[i++] = 1;
+        for (; i < POLY1305_BLOCK_SIZE; i++)
+            ctx->buffer[i] = 0;
+        poly1305_blocks_riscv64_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE, 0);
+    }
+
+    __asm__ __volatile__ (
+        /* Load raw h and padding. */
+        "ld     t0, %[ctx_h_0]\n\t"
+        "ld     t1, %[ctx_h_1]\n\t"
+        "ld     t2, %[ctx_h_2]\n\t"
+        "ld     t3, %[ctx_pad_0]\n\t"
+        "ld     t4, %[ctx_pad_1]\n\t"
+
+        /* Shrink h to 2,64,64. */
+        "slli   t5, t1, 52\n\t"
+        "slli   t6, t2, 40\n\t"
+        "srli   t1, t1, 12\n\t"
+        "srli   t2, t2, 24\n\t"
+        "add    t1, t1, t6\n\t"
+        "sltu   t6, t1, t6\n\t"
+        "add    t2, t2, t6\n\t"
+        "add    t0, t0, t5\n\t"
+        "sltu   t5, t0, t5\n\t"
+        "add    t1, t1, t5\n\t"
+        "sltu   t5, t1, t5\n\t"
+        "add    t2, t2, t5\n\t"
+
+        /* Add padding to h */
+        "add    t0, t0, t3\n\t"
+        "sltu   t3, t0, t3\n\t"
+        "add    t1, t1, t3\n\t"
+        "sltu   t3, t1, t3\n\t"
+        "add    t2, t2, t3\n\t"
+        "add    t1, t1, t4\n\t"
+        "sltu   t4, t1, t4\n\t"
+        "add    t2, t2, t4\n\t"
+
+        /* Check if h is larger than p */
+        "addi   t3, t0, 5\n\t"
+        "sltiu  t3, t3, 5\n\t"
+        "add    t4, t1, t3\n\t"
+        "sltu   t3, t4, t3\n\t"
+        "add    t4, t2, t3\n\t"
+        /* Check if h+5 is larger than 2^130 */
+        "addi   t4, t4, -4\n\t"
+        "srli   t4, t4, 63\n\t"
+        "addi   t4, t4, -1\n\t"
+        "andi   t4, t4, 5\n\t"
+        "add    t0, t0, t4\n\t"
+        "sltu   t3, t0, t4\n\t"
+        "add    t1, t1, t3\n\t"
+        "sltu   t3, t1, t3\n\t"
+        "add    t2, t2, t3\n\t"
+        "andi   t2, t2, 3\n\t"
+        "sd     t0, 0(%[mac])\n\t"
+        "sd     t1, 8(%[mac])\n\t"
+        /* Zero out h. */
+        "sd     x0, %[ctx_h_0]\n\t"
+        "sd     x0, %[ctx_h_1]\n\t"
+        "sd     x0, %[ctx_h_2]\n\t"
+        /* Zero out r. */
+        "sd     x0, %[ctx_r_0]\n\t"
+        "sd     x0, %[ctx_r_1]\n\t"
+        /* Zero out pad. */
+        "ld     t3, %[ctx_pad_0]\n\t"
+        "ld     t4, %[ctx_pad_1]\n\t"
+        : [mac] "+r" (mac)
+        : [ctx_pad_0] "m" (ctx->pad[0]), [ctx_pad_1] "m" (ctx->pad[1]),
+          [ctx_h_0] "m" (ctx->h[0]), [ctx_h_1] "m" (ctx->h[1]),
+          [ctx_h_2] "m" (ctx->h[2]),
+          [ctx_r_0] "m" (ctx->r[0]), [ctx_r_1] "m" (ctx->r[1])
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6"
+    );
+
+    return 0;
+}
+
+#endif /* HAVE_POLY1305 */
+#endif /* WOLFSSL_RISCV_ASM */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha256.c b/wolfcrypt/src/port/riscv/riscv-64-sha256.c
new file mode 100644
index 0000000000..00fbc1ee5b
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha256.c
@@ -0,0 +1,1417 @@
+/* riscv-sha256.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_RISCV_ASM
+#if !defined(NO_SHA256) || defined(WOLFSSL_SHA224)
+
+#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS)
+    #undef HAVE_FIPS
+#else
+    #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+        #define FIPS_NO_WRAPPERS
+    #endif
+#endif
+
+#include <wolfssl/wolfcrypt/sha256.h>
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_sha256_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000014 };
+    int wolfCrypt_FIPS_SHA256_sanity(void)
+    {
+        return 0;
+    }
+#endif
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+/* Constants to add in each round. */
+static const FLASH_QUALIFIER ALIGN32 word32 K[64] = {
+    0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
+    0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
+    0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
+    0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL,
+    0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L,
+    0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L,
+    0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL,
+    0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L,
+    0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L,
+    0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L,
+    0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL,
+    0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
+    0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
+};
+
+/* Initialze SHA-256 object for hashing.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ */
+static void InitSha256(wc_Sha256* sha256)
+{
+    /* Set initial hash values. */
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha256->digest[0] = 0x6A09E667L;
+    sha256->digest[1] = 0xBB67AE85L;
+    sha256->digest[2] = 0x3C6EF372L;
+    sha256->digest[3] = 0xA54FF53AL;
+    sha256->digest[4] = 0x510E527FL;
+    sha256->digest[5] = 0x9B05688CL;
+    sha256->digest[6] = 0x1F83D9ABL;
+    sha256->digest[7] = 0x5BE0CD19L;
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha256->digest[0] = 0x9B05688CL;
+    sha256->digest[1] = 0x510E527FL;
+    sha256->digest[2] = 0xBB67AE85L;
+    sha256->digest[3] = 0x6A09E667L;
+    sha256->digest[4] = 0x5BE0CD19L;
+    sha256->digest[5] = 0x1F83D9ABL;
+    sha256->digest[6] = 0xA54FF53AL;
+    sha256->digest[7] = 0x3C6EF372L;
+#endif
+
+    /* No hashed data. */
+    sha256->buffLen = 0;
+    /* No data hashed. */
+    sha256->loLen   = 0;
+    sha256->hiLen   = 0;
+
+#ifdef WOLFSSL_HASH_FLAGS
+    sha256->flags = 0;
+#endif
+}
+
+/* More data hashed, add length to 64-bit cumulative total.
+ *
+ * @param [in, out] sha256  SHA-256 object. Assumed not NULL.
+ * @param [in]      len     Length to add.
+ */
+static WC_INLINE void AddLength(wc_Sha256* sha256, word32 len)
+{
+    word32 tmp = sha256->loLen;
+    if ((sha256->loLen += len) < tmp)
+        sha256->hiLen++;                       /* carry low to high */
+}
+
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+
+/* Load a word with bytes reversed. */
+#define LOAD_WORD_REV(r, o, p, t0, t1, t2)  \
+    "lbu    " #t0 ", " #o "(" #p ")\n\t"    \
+    "lbu    " #t1 ", " #o "+1(" #p ")\n\t"  \
+    "lbu    " #t2 ", " #o "+2(" #p ")\n\t"  \
+    "lbu    " #r ", " #o "+3(" #p ")\n\t"   \
+    "slli   " #t0 ", " #t0 ", 24\n\t"       \
+    "slli   " #t1 ", " #t1 ", 16\n\t"       \
+    "slli   " #t2 ", " #t2 ", 8\n\t"        \
+    "or     " #r ", " #r ", " #t0 "\n\t"    \
+    "or     " #r ", " #r ", " #t1 "\n\t"    \
+    "or     " #r ", " #r ", " #t2 "\n\t"
+
+/* Load a word with bytes reversed. */
+#define LOAD_DWORD_REV(r, o, p, t0, t1, t2, t3) \
+    "lbu    " #t0 ", " #o "(" #p ")\n\t"        \
+    "lbu    " #t1 ", " #o "+1(" #p ")\n\t"      \
+    "lbu    " #t2 ", " #o "+2(" #p ")\n\t"      \
+    "lbu    " #r ", " #o "+3(" #p ")\n\t"       \
+    "slli   " #t0 ", " #t0 ", 24\n\t"           \
+    "slli   " #t1 ", " #t1 ", 16\n\t"           \
+    "slli   " #t2 ", " #t2 ", 8\n\t"            \
+    "or     " #r ", " #r ", " #t0 "\n\t"        \
+    "or     " #r ", " #r ", " #t1 "\n\t"        \
+    "or     " #r ", " #r ", " #t2 "\n\t"        \
+    "lbu    " #t0 ", " #o "+4(" #p ")\n\t"      \
+    "lbu    " #t1 ", " #o "+5(" #p ")\n\t"      \
+    "lbu    " #t2 ", " #o "+6(" #p ")\n\t"      \
+    "lbu    " #t3 ", " #o "+7(" #p ")\n\t"      \
+    "slli   " #t0 ", " #t0 ", 56\n\t"           \
+    "slli   " #t1 ", " #t1 ", 48\n\t"           \
+    "slli   " #t2 ", " #t2 ", 40\n\t"           \
+    "slli   " #t3 ", " #t3 ", 32\n\t"           \
+    "or     " #r ", " #r ", " #t0 "\n\t"        \
+    "or     " #r ", " #r ", " #t1 "\n\t"        \
+    "or     " #r ", " #r ", " #t2 "\n\t"        \
+    "or     " #r ", " #r ", " #t3 "\n\t"
+
+#define PACK_BB(rd, rs1, rs2, rrd, rrs1, rrs2)  \
+    "slli   " #rd ", " #rs1 ", 32\n\t"          \
+    "slli   " #rs2 ", " #rs2 ", 32\n\t"         \
+    "srli   " #rd ", " #rs1 ", 32\n\t"          \
+    "or     " #rd ", " #rd ", " #rs2 "\n\t"
+
+#else
+
+#define PACK_BB(rd, rs1, rs2, rrd, rrs1, rrs2)  \
+    PACK(rrd, rrs1, rrs2)
+
+#endif
+
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+
+#ifdef WOLFSSL_RISCV_SCALAR_CRYPTO_ASM
+
+/* SHA-256 SUM0 operation. */
+#define SHA256SUM0(rd, rs1)                                         \
+    ASM_WORD((0b000100000000 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-256 SUM1 operation. */
+#define SHA256SUM1(rd, rs1)                                         \
+    ASM_WORD((0b000100000001 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-256 SIGMA0 operation. */
+#define SHA256SIG0(rd, rs1)                                         \
+    ASM_WORD((0b000100000010 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-256 SIGMA1 operation. */
+#define SHA256SIG1(rd, rs1)                                         \
+    ASM_WORD((0b000100000011 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+
+/* One round of compression. */
+#define RND(a, b, c, d, e, f, g, h, w, k)                       \
+    /* Get e and a */                                           \
+    "mv     a4, " #e "\n\t"                                     \
+    "mv     a5, " #a "\n\t"                                     \
+    /* Sigma1(e) */                                             \
+    SHA256SUM1(REG_A4, REG_A4)                                  \
+    /* Sigma0(a) */                                             \
+    SHA256SUM0(REG_A5, REG_A5)                                  \
+    /* Maj(a, b, c) = t5 */                                     \
+    /* Ch(e, f, g) = t6 */                                      \
+    /* f ^ g */                                                 \
+    "xor    t6, " #f ", " #g "\n\t"                             \
+    /* a ^ b */                                                 \
+    "xor    t4, " #a ", " #b "\n\t"                             \
+    /* b ^ c */                                                 \
+    "xor    t5, " #b ", " #c "\n\t"                             \
+    /* (f ^ g) & e */                                           \
+    "and    t6, t6, " #e "\n\t"                                 \
+    /* h + sigma1 */                                            \
+    "addw   " #h ", " #h ", a4\n\t"                             \
+    /* (a^b) & (b^c) */                                         \
+    "and    t5, t5, t4\n\t"                                     \
+    /* ((f ^ g) & e) ^ g */                                     \
+    "xor    t6, t6, " #g "\n\t"                                 \
+    /* K + W */                                                 \
+    "addw   t4, " #k ", " #w "\n\t"                             \
+    /* ((a^b) & (b^c)) ^ b */                                   \
+    "xor    t5, t5, " #b "\n\t"                                 \
+    /* h + sigma1 + Ch */                                       \
+    "addw   " #h ", " #h ", t6\n\t"                             \
+    /* 't0' = h + sigma1 + Ch + K + W */                        \
+    "addw   " #h ", " #h ", t4\n\t"                             \
+    /* Sigma0(a) + Maj = 't1' */                                \
+    "addw   t5, a5, t5\n\t"                                     \
+    /* d += 't0' */                                             \
+    "addw   " #d ", " #d ", " #h "\n\t"                         \
+    /* 't0' += 't1' */                                          \
+    "addw   " #h ", " #h ", t5\n\t"
+
+/* Two message schedule updates. */
+#define W_UPDATE_2(w0, w1, w4, w5, w7, reg_w0, reg_w1, reg_w7)  \
+    /* W[i-15] = W[1] */                                        \
+    "srli   t4, " #w0 ", 32\n\t"                                \
+    /* W[i-7] = W[9] */                                         \
+    "srli   t6, " #w4 ", 32\n\t"                                \
+    /* Gamma0(W[1]) */                                          \
+    SHA256SIG0(REG_A4, REG_T4)                                  \
+    /* Gamma1(W[i-2]) = Gamma1(W[14]) */                        \
+    SHA256SIG1(REG_A5, reg_w7)                                  \
+    /* Gamma1(W[14]) + W[9] */                                  \
+    "addw   a5, a5, t6\n\t"                                     \
+    /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */          \
+    "addw   " #w0 ", " #w0 ", a4\n\t"                           \
+    /* W[i+1-2] = W[15] */                                      \
+    "srli   t5, " #w7 ", 32\n\t"                                \
+    /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */     \
+    "addw   " #w0 ", a5, " #w0 "\n\t"                           \
+                                                                \
+    /* W[i+1-16] = W[1] = t4 */                                 \
+    /* Gamma0(W[i+1-15]) = Gamma0(W[2]) */                      \
+    SHA256SIG0(REG_A6, reg_w1)                                  \
+    /* Gamma1(W[i+1-2]) = Gamma1(W[15]) */                      \
+    SHA256SIG1(REG_A7, REG_T5)                                  \
+    /* Gamma1(W[15]) + W[i+1-7] = Gamma1(W[15]) + W[10] */      \
+    "addw   a7, a7, " #w5 "\n\t"                                \
+    /* Gamma0(W[2]) + W[i+1-16] = Gamma0(W[2]) + W[1] */        \
+    "addw   t5, a6, t4\n\t"                                     \
+    /* Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16] */   \
+    "addw   a7, a7, t5\n\t"                                     \
+    /* Place in W[i+1-16] = W[1] */                             \
+    PACK_BB(w0, w0, a7, reg_w0, reg_w0, REG_A7)
+
+#else
+
+/* SHA-256 SIGMA1 operation. */
+#define SHA256SIG1(rd, rs1)                                     \
+    "slliw  t6, " #rs1 ", 15\n\t"                               \
+    "srliw  t5, " #rs1 ", 17\n\t"                               \
+    "slliw  t4, " #rs1 ", 13\n\t"                               \
+    "srliw  " #rd ", " #rs1 ", 19\n\t"                          \
+    "or     t6, t6, t5\n\t"                                     \
+    "srliw  t5, " #rs1 ", 10\n\t"                               \
+    "xor    " #rd ", "#rd ", t4\n\t"                            \
+    "xor    t6, t6, t5\n\t"                                     \
+    "xor    " #rd ", " #rd ", t6\n\t"                           \
+
+/* One round of compression. */
+#define RND(a, b, c, d, e, f, g, h, w, k)                       \
+    /* a4 = Sigma1(e) */                                        \
+    "slliw  t5, " #e ", 26\n\t"                                 \
+    "srliw  t4, " #e ", 6\n\t"                                  \
+    "slliw  t6, " #e ", 21\n\t"                                 \
+    "srliw  a4, " #e ", 11\n\t"                                 \
+    "slliw  a5, " #e ", 7\n\t"                                  \
+    "or     t4, t4, t5\n\t"                                     \
+    "xor    a4, a4, t6\n\t"                                     \
+    "srliw  t5, " #e ", 25\n\t"                                 \
+    "xor    t4, t4, a5\n\t"                                     \
+    "xor    a4, a4, t5\n\t"                                     \
+    /* a5 = Sigma0(a) */                                        \
+    "slliw  t5, " #a ", 30\n\t"                                 \
+    "xor    a4, a4, t4\n\t"                                     \
+    "srliw  t4, " #a ", 2\n\t"                                  \
+    "slliw  t6, " #a ", 19\n\t"                                 \
+    /* h + sigma1 */                                            \
+    "addw   " #h ", " #h ", a4\n\t"                             \
+    "srliw  a5, " #a ", 13\n\t"                                 \
+    "slliw  a4, " #a ", 10\n\t"                                 \
+    "or     t4, t4, t5\n\t"                                     \
+    "xor    a5, a5, t6\n\t"                                     \
+    "srliw  t6, " #a ", 22\n\t"                                 \
+    "xor    t4, t4, a4\n\t"                                     \
+    "xor    a5, a5, t6\n\t"                                     \
+    /* Maj(a, b, c) = t5 */                                     \
+    /* Ch(e, f, g) = t6 */                                      \
+    /* f ^ g */                                                 \
+    "xor    t6, " #f ", " #g "\n\t"                             \
+    /* a ^ b */                                                 \
+    "xor    t5, " #a ", " #b "\n\t"                             \
+    /* b ^ c */                                                 \
+    "xor    a4, " #b ", " #c "\n\t"                             \
+    "xor    a5, a5, t4\n\t"                                     \
+    /* (f ^ g) & e */                                           \
+    "and    t6, t6, " #e "\n\t"                                 \
+    /* (a^b) & (b^c) */                                         \
+    "and    t5, t5, a4\n\t"                                     \
+    /* ((f ^ g) & e) ^ g */                                     \
+    "xor    t6, t6, " #g "\n\t"                                 \
+    /* K + W */                                                 \
+    "addw   a4, " #k ", " #w "\n\t"                             \
+    /* h + sigma1 + Ch */                                       \
+    "addw   " #h ", " #h ", t6\n\t"                             \
+    /* ((a^b) & (b^c)) ^ b */                                   \
+    "xor    t5, t5, " #b "\n\t"                                 \
+    /* 't0' = h + sigma1 + Ch + K + W */                        \
+    "addw   " #h ", " #h ", a4\n\t"                             \
+    /* 't1' = Sigma0(a) + Maj */                                \
+    "addw   t5, a5, t5\n\t"                                     \
+    /* d += 't0' */                                             \
+    "addw   " #d ", " #d ", " #h "\n\t"                         \
+    /* h = 't0' + 't1' */                                       \
+    "addw   " #h ", " #h ", t5\n\t"
+
+/* Two message schedule updates. */
+#define W_UPDATE_2(w0, w1, w4, w5, w7, reg_w0, reg_w1, reg_w7)  \
+    /* W[i-15] = W[1] */                                        \
+    "srli   a7, " #w0 ", 32\n\t"                                \
+    /* W[i-7] = W[9] */                                         \
+    "srli   a6, " #w4 ", 32\n\t"                                \
+    /* Gamma0(W[1]) */                                          \
+    "slliw  t4, a7, 25\n\t"                                     \
+    "srliw  t5, a7, 7\n\t"                                      \
+    "slliw  t6, a7, 14\n\t"                                     \
+    "srliw  a4, a7, 18\n\t"                                     \
+    "or     t4, t4, t5\n\t"                                     \
+    "srliw  t5, a7, 3\n\t"                                      \
+    "xor    a4, a4, t6\n\t"                                     \
+    "xor    t4, t4, t5\n\t"                                     \
+    /* Gamma1(W[i-2]) = Gamma1(W[14]) */                        \
+    "slliw  t6, " #w7 ", 15\n\t"                                \
+    "srliw  t5, " #w7 ", 17\n\t"                                \
+    "xor    a4, a4, t4\n\t"                                     \
+    "slliw  t4, " #w7 ", 13\n\t"                                \
+    "srliw  a5, " #w7 ", 19\n\t"                                \
+    "or     t6, t6, t5\n\t"                                     \
+    "srliw  t5, " #w7 ", 10\n\t"                                \
+    "xor    a5, a5, t4\n\t"                                     \
+    "xor    t6, t6, t5\n\t"                                     \
+    "xor    a5, a5, t6\n\t"                                     \
+    /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */          \
+    "addw   " #w0 ", " #w0 ", a4\n\t"                           \
+    /* Gamma1(W[14]) + W[9] */                                  \
+    "addw   a5, a5, a6\n\t"                                     \
+    /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */     \
+    "addw   " #w0 ", a5, " #w0 "\n\t"                           \
+                                                                \
+    /* W[i+1-16] = W[1] = a7 */                                 \
+    /* W[i+1-2] = W[15] */                                      \
+    "srli   a4, " #w7 ", 32\n\t"                                \
+    /* Gamma0(W[i+1-15]) = Gamma0(W[2]) */                      \
+    "slliw  t4, " #w1 ", 25\n\t"                                \
+    "srliw  t5, " #w1 ", 7\n\t"                                 \
+    "slliw  t6, " #w1 ", 14\n\t"                                \
+    "srliw  a6, " #w1 ", 18\n\t"                                \
+    "or     t4, t4, t5\n\t"                                     \
+    "srliw  t5, " #w1 ", 3\n\t"                                 \
+    "xor    a6, a6, t6\n\t"                                     \
+    "xor    t4, t4, t5\n\t"                                     \
+    /* Gamma1(W[i+1-2]) = Gamma1(W[15]) */                      \
+    "slliw  t6, a4, 15\n\t"                                     \
+    "srliw  t5, a4, 17\n\t"                                     \
+    "xor    a6, a6, t4\n\t"                                     \
+    "slliw  t4, a4, 13\n\t"                                     \
+    "srliw  a5, a4, 19\n\t"                                     \
+    "or     t6, t6, t5\n\t"                                     \
+    "srliw  t5, a4, 10\n\t"                                     \
+    "xor    a5, a5, t4\n\t"                                     \
+    "xor    t6, t6, t5\n\t"                                     \
+    "xor    a5, a5, t6\n\t"                                     \
+    /* Gamma0(W[2]) + W[i+1-16] = Gamma0(W[2]) + W[1] */        \
+    "addw   t5, a6, a7\n\t"                                     \
+    /* Gamma1(W[15]) + W[i+1-7] = Gamma1(W[15]) + W[10] */      \
+    "addw   a5, a5, " #w5 "\n\t"                                \
+    /* Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16] */   \
+    "addw   a5, a5, t5\n\t"                                     \
+    /* Place in W[i+1-16] = W[1] */                             \
+    PACK_BB(w0, w0, a5, reg_w0, reg_w0, REG_A5)
+
+#endif /* WOLFSSL_RISCV_SCALAR_CRYPTO_ASM */
+
+/* Two rounds of compression. */
+#define RND2(a, b, c, d, e, f, g, h, w, o)  \
+    /* Get k[i], k[i+1] */                  \
+    "ld     a6, " #o "(%[k])\n\t"           \
+    RND(a, b, c, d, e, f, g, h, w, a6)      \
+    /* Move  k[i+1] down */                 \
+    "srli   a6, a6, 32\n\t"                 \
+    /* Move  W[i] down */                   \
+    "srli   a7, " #w ", 32\n\t"             \
+    RND(h, a, b, c, d, e, f, g, a7, a6)
+
+/* Sixteen rounds of compression with message scheduling. */
+#define RND16()                                             \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11, s0,  0)          \
+    W_UPDATE_2(s0, s1, s4, s5, s7, REG_S0, REG_S1, REG_S7)  \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9, s1,  8)          \
+    W_UPDATE_2(s1, s2, s5, s6, s0, REG_S1, REG_S2, REG_S0)  \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3, s2, 16)          \
+    W_UPDATE_2(s2, s3, s6, s7, s1, REG_S2, REG_S3, REG_S1)  \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1, s3, 24)          \
+    W_UPDATE_2(s3, s4, s7, s0, s2, REG_S3, REG_S4, REG_S2)  \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11, s4, 32)          \
+    W_UPDATE_2(s4, s5, s0, s1, s3, REG_S4, REG_S5, REG_S3)  \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9, s5, 40)          \
+    W_UPDATE_2(s5, s6, s1, s2, s4, REG_S5, REG_S6, REG_S4)  \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3, s6, 48)          \
+    W_UPDATE_2(s6, s7, s2, s3, s5, REG_S6, REG_S7, REG_S5)  \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1, s7, 56)          \
+    W_UPDATE_2(s7, s0, s3, s4, s6, REG_S7, REG_S0, REG_S6)
+
+/* Sixteen rounds of compression only. */
+#define RND16_LAST()                                \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11, s0,  0)  \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9, s1,  8)  \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3, s2, 16)  \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1, s3, 24)  \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11, s4, 32)  \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9, s5, 40)  \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3, s6, 48)  \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1, s7, 56)
+
+/* Transform the message data.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      blocks  Number of blocks of data to hash.
+ */
+static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
+    word32 blocks)
+{
+    word32* k = (word32*)K;
+
+    __asm__ __volatile__ (
+        /* Load digest. */
+        "ld     t0, 0(%[digest])\n\t"
+        "ld     t2, 8(%[digest])\n\t"
+        "ld     s8, 16(%[digest])\n\t"
+        "ld     s10, 24(%[digest])\n\t"
+        "srli   t1, t0, 32\n\t"
+        "srli   t3, t2, 32\n\t"
+        "srli   s9, s8, 32\n\t"
+        "srli   s11, s10, 32\n\t"
+
+        /* 4 rounds of 16 per block. */
+        "slli   %[blocks], %[blocks], 2\n\t"
+
+    "\n1:\n\t"
+        /* beginning of SHA256 block operation */
+        /* Load W */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        LOAD_DWORD_REV(s0,  0, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s1,  8, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s2, 16, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s3, 24, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s4, 32, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s5, 40, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s6, 48, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s7, 56, %[data], a4, a5, a6, a7)
+#else
+        "lwu    a4, 0(%[data])\n\t"
+        "lwu    s0, 4(%[data])\n\t"
+        "lwu    a5, 8(%[data])\n\t"
+        "lwu    s1, 12(%[data])\n\t"
+        "lwu    a6, 16(%[data])\n\t"
+        "lwu    s2, 20(%[data])\n\t"
+        "lwu    a7, 24(%[data])\n\t"
+        "lwu    s3, 28(%[data])\n\t"
+        PACK_BB(s0, s0, a4, REG_S0, REG_S0, REG_A4)
+        PACK_BB(s1, s1, a5, REG_S1, REG_S1, REG_A5)
+        PACK_BB(s2, s2, a6, REG_S2, REG_S2, REG_A6)
+        PACK_BB(s3, s3, a7, REG_S3, REG_S3, REG_A7)
+        REV8(REG_S0, REG_S0)
+        REV8(REG_S1, REG_S1)
+        REV8(REG_S2, REG_S2)
+        REV8(REG_S3, REG_S3)
+        "lwu    a4, 32(%[data])\n\t"
+        "lwu    s4, 36(%[data])\n\t"
+        "lwu    a5, 40(%[data])\n\t"
+        "lwu    s5, 44(%[data])\n\t"
+        "lwu    a6, 48(%[data])\n\t"
+        "lwu    s6, 52(%[data])\n\t"
+        "lwu    a7, 56(%[data])\n\t"
+        "lwu    s7, 60(%[data])\n\t"
+        PACK_BB(s4, s4, a4, REG_S4, REG_S4, REG_A4)
+        PACK_BB(s5, s5, a5, REG_S5, REG_S5, REG_A5)
+        PACK_BB(s6, s6, a6, REG_S6, REG_S6, REG_A6)
+        PACK_BB(s7, s7, a7, REG_S7, REG_S7, REG_A7)
+        REV8(REG_S4, REG_S4)
+        REV8(REG_S5, REG_S5)
+        REV8(REG_S6, REG_S6)
+        REV8(REG_S7, REG_S7)
+#endif
+
+        /* Subtract one as there are only 3 loops. */
+        "addi   %[blocks], %[blocks], -1\n\t"
+    "\n2:\n\t"
+        RND16()
+        "addi   %[blocks], %[blocks], -1\n\t"
+        "add    %[k], %[k], 64\n\t"
+        "andi   a4, %[blocks], 3\n\t"
+        "bnez   a4, 2b \n\t"
+        RND16_LAST()
+        "addi   %[k], %[k], -192\n\t"
+
+        "# Add working vars back into digest state.\n\t"
+        "ld     a4, 0(%[digest])\n\t"
+        "ld     a5, 8(%[digest])\n\t"
+        "ld     a6, 16(%[digest])\n\t"
+        "ld     a7, 24(%[digest])\n\t"
+        "addw   t0, t0, a4\n\t"
+        "addw   t2, t2, a5\n\t"
+        "addw   s8, s8, a6\n\t"
+        "addw   s10, s10, a7\n\t"
+        "srli   a4, a4, 32\n\t"
+        "srli   a5, a5, 32\n\t"
+        "srli   a6, a6, 32\n\t"
+        "srli   a7, a7, 32\n\t"
+        "addw   t1, t1, a4\n\t"
+        "addw   t3, t3, a5\n\t"
+        "addw   s9, s9, a6\n\t"
+        "addw   s11, s11, a7\n\t"
+
+        /* Store digest. */
+        "sw     t0, 0(%[digest])\n\t"
+        "sw     t1, 4(%[digest])\n\t"
+        "sw     t2, 8(%[digest])\n\t"
+        "sw     t3, 12(%[digest])\n\t"
+        "sw     s8, 16(%[digest])\n\t"
+        "sw     s9, 20(%[digest])\n\t"
+        "sw     s10, 24(%[digest])\n\t"
+        "sw     s11, 28(%[digest])\n\t"
+
+        "add    %[data], %[data], 64\n\t"
+        "bnez   %[blocks], 1b \n\t"
+
+        : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k)
+        : [digest] "r" (sha256->digest)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7",
+          "s0", "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10",
+          "s11"
+    );
+}
+
+#else
+
+/* Two rounds of compression using low two 32-bit W values.
+ * Assumes K has been added into W values.
+ */
+#define VSHA2CL_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101111 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+/* Two rounds of compression using upper two 32-bit W values.
+ * Assumes K has been added into W values.
+ */
+#define VSHA2CH_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101110 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+/* Update 4 W values - message scheduling. */
+#define VSHA2MS_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101101 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+#define RND4(w0, w1, w2, w3, k)                     \
+    /* Four rounds of compression. */               \
+    VADD_VV(REG_V7, w0, k)                          \
+    VMV_X_S(REG_T1, w1)                             \
+    VSHA2CL_VV(REG_V5, REG_V7, REG_V4)              \
+    VMV_V_V(REG_V6, w2)                             \
+    VSHA2CH_VV(REG_V4, REG_V7, REG_V5)              \
+    /* Update 4 W values - message schedule. */     \
+    VMV_S_X(REG_V6, REG_T1)                         \
+    VSHA2MS_VV(w0, w3, REG_V6)
+
+#define RND4_LAST(w, k)                             \
+    /* Four rounds of compression. */               \
+    VADD_VV(REG_V7, w, k)                           \
+    VSHA2CL_VV(REG_V5, REG_V7, REG_V4)              \
+    VSHA2CH_VV(REG_V4, REG_V7, REG_V5)
+
+#define RND16(k)                                    \
+    RND4(REG_V0, REG_V1, REG_V2, REG_V3, (k + 0))   \
+    RND4(REG_V1, REG_V2, REG_V3, REG_V0, (k + 1))   \
+    RND4(REG_V2, REG_V3, REG_V0, REG_V1, (k + 2))   \
+    RND4(REG_V3, REG_V0, REG_V1, REG_V2, (k + 3))
+
+#define RND16_LAST(k)           \
+    RND4_LAST(REG_V0, (k + 0))  \
+    RND4_LAST(REG_V1, (k + 1))  \
+    RND4_LAST(REG_V2, (k + 2))  \
+    RND4_LAST(REG_V3, (k + 3))
+
+/* Transform the message data.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      blocks  Number of blocks of data to hash.
+ */
+static void Sha256Transform(wc_Sha256* sha256, const byte* data,
+    word32 blocks)
+{
+    word32* k = (word32*)K;
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000)
+
+        /* Load: a|b|e|f, c|d|g|h
+         *       3 2 1 0  3 2 1 0
+         */
+        "mv     t0, %[digest]\n\t"
+        VL2RE32_V(REG_V4, REG_T0)
+
+        "mv     t0, %[k]\n\t"
+        VL8RE32_V(REG_V8, REG_T0)
+        "addi   t0, %[k], 128\n\t"
+        VL8RE32_V(REG_V16, REG_T0)
+
+    "\n1:\n\t"
+        VMV_V_V(REG_V30, REG_V4)
+        VMV_V_V(REG_V31, REG_V5)
+
+        /* Load 16 W into 4 vectors of 4 32-bit words. */
+        "mv     t0, %[data]\n\t"
+        VL4RE32_V(REG_V0, REG_T0)
+        VREV8(REG_V0, REG_V0)
+        VREV8(REG_V1, REG_V1)
+        VREV8(REG_V2, REG_V2)
+        VREV8(REG_V3, REG_V3)
+
+        RND16(REG_V8)
+        RND16(REG_V12)
+        RND16(REG_V16)
+        RND16_LAST(REG_V20)
+
+        VADD_VV(REG_V4, REG_V4, REG_V30)
+        VADD_VV(REG_V5, REG_V5, REG_V31)
+
+        "addi   %[blocks], %[blocks], -1\n\t"
+        "add    %[data], %[data], 64\n\t"
+        "bnez   %[blocks], 1b \n\t"
+
+        "mv     t0, %[digest]\n\t"
+        VS2R_V(REG_V4, REG_T0)
+
+        : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k)
+        : [digest] "r" (sha256->digest)
+        : "cc", "memory", "t0", "t1"
+    );
+}
+
+#endif /* WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ */
+static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data,
+    word32 len)
+{
+    word32 add;
+    word32 blocks;
+
+    /* only perform actions if a buffer is passed in */
+    if (len > 0) {
+        AddLength(sha256, len);
+
+        if (sha256->buffLen > 0) {
+             /* fill leftover buffer with data */
+             add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+             XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
+             sha256->buffLen += add;
+             data            += add;
+             len             -= add;
+             if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) {
+                 Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+                 sha256->buffLen = 0;
+             }
+        }
+
+        /* number of blocks in a row to complete */
+        blocks = len / WC_SHA256_BLOCK_SIZE;
+
+        if (blocks > 0) {
+            Sha256Transform(sha256, data, blocks);
+            data += blocks * WC_SHA256_BLOCK_SIZE;
+            len  -= blocks * WC_SHA256_BLOCK_SIZE;
+        }
+
+        if (len > 0) {
+            /* copy over any remaining data leftover */
+            XMEMCPY(sha256->buffer, data, len);
+            sha256->buffLen = len;
+        }
+    }
+
+    /* account for possibility of not used if len = 0 */
+    (void)add;
+    (void)blocks;
+
+    return 0;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ */
+static WC_INLINE void Sha256Final(wc_Sha256* sha256, byte* hash)
+{
+    byte* local;
+
+    local = (byte*)sha256->buffer;
+    local[sha256->buffLen++] = 0x80;     /* add 1 */
+
+    /* pad with zeros */
+    if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
+        XMEMSET(&local[sha256->buffLen], 0,
+            WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+        Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+        sha256->buffLen = 0;
+    }
+    XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_PAD_SIZE - sha256->buffLen);
+
+    /* put lengths in bits */
+    sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
+        (sha256->hiLen << 3);
+    sha256->loLen = sha256->loLen << 3;
+
+    XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
+    XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
+        sizeof(word32));
+
+    /* store lengths */
+    __asm__ __volatile__ (
+        /* Reverse byte order of 32-bit words. */
+#if defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION)
+        "ld     t1, 56(%[buff])\n\t"
+        REV8(REG_T1, REG_T1)
+        "srli   t0, t1, 32\n\t"
+        "sw     t0, 56(%[buff])\n\t"
+        "sw     t1, 60(%[buff])\n\t"
+#else
+        LOAD_WORD_REV(t0, 56, %[buff], t2, t3, t4)
+        LOAD_WORD_REV(t1, 60, %[buff], t2, t3, t4)
+        "sw     t0, 56(%[buff])\n\t"
+        "sw     t1, 60(%[buff])\n\t"
+#endif
+        :
+        : [buff] "r" (sha256->buffer)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4"
+    );
+
+    Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+
+    __asm__ __volatile__ (
+        /* Reverse byte order of 32-bit words. */
+#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM)
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000)
+        "mv     t0, %[digest]\n\t"
+        VL2RE32_V(REG_V8, REG_T0)
+        VREV8(REG_V8, REG_V8)
+        VREV8(REG_V9, REG_V9)
+        /* a|b|e|f, c|d|g|h
+         * 3 2 1 0  3 2 1 0 */
+        VSLIDEDOWN_VI(REG_V0, REG_V8, 3) /* a */
+        VSLIDEDOWN_VI(REG_V2, REG_V8, 2) /* b */
+        VSLIDEDOWN_VI(REG_V1, REG_V8, 1) /* e */
+        VSLIDEDOWN_VI(REG_V3, REG_V9, 3) /* c */
+        VSLIDEDOWN_VI(REG_V4, REG_V9, 2) /* d */
+        VSLIDEDOWN_VI(REG_V5, REG_V9, 1) /* g */
+        /* -|-|-|a, -|-|-|e */
+        VSLIDEUP_VI(REG_V0, REG_V2, 1)
+        /* -|-|b|a, -|-|-|e */
+        VSLIDEUP_VI(REG_V0, REG_V3, 2)
+        /* -|c|b|a, -|-|-|e */
+        VSLIDEUP_VI(REG_V0, REG_V4, 3)
+        /* d|c|b|a, -|-|-|e */
+        VSLIDEUP_VI(REG_V1, REG_V8, 1)
+        /* d|c|b|a, -|-|f|e */
+        VSLIDEUP_VI(REG_V1, REG_V5, 2)
+        /* d|c|b|a, -|g|f|e */
+        VSLIDEUP_VI(REG_V1, REG_V9, 3)
+        /* d|c|b|a, h|g|f|e */
+        "mv     t0, %[hash]\n\t"
+        VS2R_V(REG_V0, REG_T0)
+#elif defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION)
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000)
+        "mv     t0, %[digest]\n\t"
+        VL2RE32_V(REG_V0, REG_T0)
+        VREV8(REG_V0, REG_V0)
+        VREV8(REG_V1, REG_V1)
+        "mv     t0, %[hash]\n\t"
+        VS2R_V(REG_V0, REG_T0)
+#elif defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION)
+        "ld     t1, 0(%[digest])\n\t"
+        "ld     t3, 8(%[digest])\n\t"
+        "ld     a5, 16(%[digest])\n\t"
+        "ld     a7, 24(%[digest])\n\t"
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T3, REG_T3)
+        REV8(REG_A5, REG_A5)
+        REV8(REG_A7, REG_A7)
+        "srli   t0, t1, 32\n\t"
+        "srli   t2, t3, 32\n\t"
+        "srli   a4, a5, 32\n\t"
+        "srli   a6, a7, 32\n\t"
+        "sw     t0, 0(%[hash])\n\t"
+        "sw     t1, 4(%[hash])\n\t"
+        "sw     t2, 8(%[hash])\n\t"
+        "sw     t3, 12(%[hash])\n\t"
+        "sw     a4, 16(%[hash])\n\t"
+        "sw     a5, 20(%[hash])\n\t"
+        "sw     a6, 24(%[hash])\n\t"
+        "sw     a7, 28(%[hash])\n\t"
+#else
+        LOAD_WORD_REV(t0, 0, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(t1, 4, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(a4, 8, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(a5, 12, %[digest], t2, t3, t4)
+        "sw     t0, 0(%[hash])\n\t"
+        "sw     t1, 4(%[hash])\n\t"
+        "sw     a4, 8(%[hash])\n\t"
+        "sw     a5, 12(%[hash])\n\t"
+        LOAD_WORD_REV(t0, 16, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(t1, 20, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(a4, 24, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(a5, 28, %[digest], t2, t3, t4)
+        "sw     t0, 16(%[hash])\n\t"
+        "sw     t1, 20(%[hash])\n\t"
+        "sw     a4, 24(%[hash])\n\t"
+        "sw     a5, 28(%[hash])\n\t"
+#endif
+        :
+        : [digest] "r" (sha256->digest), [hash] "r" (hash)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7"
+    );
+}
+
+
+#ifndef NO_SHA256
+
+/* Initialize SHA-256 object for hashing.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      heap    Dynamic memory hint.
+ * @param [in]      devId   Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 is NULL.
+ */
+int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if (sha256 == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        sha256->heap = heap;
+    #ifdef WOLF_CRYPTO_CB
+        sha256->devId = devId;
+    #endif
+        (void)devId;
+
+        InitSha256(sha256);
+    }
+
+    return ret;
+}
+
+/* Initialize SHA-256 object for hashing.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 is NULL.
+ */
+int wc_InitSha256(wc_Sha256* sha256)
+{
+    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+}
+
+/* Free the SHA-256 hash.
+ *
+ * @param [in] sha256  SHA-256 object.
+ */
+void wc_Sha256Free(wc_Sha256* sha256)
+{
+    /* No dynamic memory allocated. */
+    (void)sha256;
+}
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 is NULL.
+ * @return  BAD_FUNC_ARG when data is NULL but len is not 0.
+ */
+int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || ((data == NULL) && (len != 0))) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = Sha256Update(sha256, data, len);
+    }
+
+    return ret;
+}
+
+/* Put the current hash into buffer.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 or hash is NULL.
+ */
+int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+    #ifdef LITTLE_ENDIAN_ORDER
+        word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
+
+        ByteReverseWords((word32*)digest, (word32*)sha256->digest,
+            WC_SHA256_DIGEST_SIZE);
+        XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE);
+    #else
+        XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
+    #endif
+    }
+
+    return ret;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 or hash is NULL.
+ */
+int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Finalize hash. */
+        Sha256Final(sha256, hash);
+        /* Restart SHA-256 object for next hash. */
+        InitSha256(sha256);
+    }
+
+    return ret;
+}
+
+/* Finalize the hash and put into buffer but don't modify state.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 or hash is NULL.
+ */
+int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha256 tmpSha256;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha256Copy(sha256, &tmpSha256);
+        if (ret == 0) {
+            /* Finalize copy. */
+            Sha256Final(&tmpSha256, hash);
+        }
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+/* Set flags of SHA-256 object.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      flags   Flags to set.
+ * @return  0 on success.
+ */
+int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags)
+{
+    /* Check we have an object to use. */
+    if (sha256 != NULL) {
+        sha256->flags = flags;
+    }
+    return 0;
+}
+/* Get flags of SHA-256 object.
+ *
+ * @param [in]  sha256  SHA-256 object.
+ * @param [out] flags   Flags from SHA-256 object.
+ * @return  0 on success.
+ */
+int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags)
+{
+    /* Check we have an object and return parameter to use. */
+    if ((sha256 != NULL) && (flags != NULL)) {
+        *flags = sha256->flags;
+    }
+    return 0;
+}
+#endif
+
+/* Deep copy the SHA-256 object.
+ *
+ * @param [in]  src  SHA-256 object to copy.
+ * @param [out] dst  SHA-256 object to fill.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when src or dst is NULL.
+ */
+int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((src == NULL) || (dst == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        XMEMCPY(dst, src, sizeof(wc_Sha256));
+    }
+
+    return ret;
+}
+
+#ifdef OPENSSL_EXTRA
+/* Update the hash with one block of data.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 or data is NULL.
+ */
+int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || (data == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords(sha256->buffer, (word32*)data, WC_SHA256_BLOCK_SIZE);
+    #else
+        XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE);
+    #endif
+        Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+    }
+
+    return ret;
+}
+#endif
+
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+/* Update the hash with one block of data and optionally get hash.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [out]     hash    Buffer to hold hash. May be NULL.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 or data is NULL.
+ */
+int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
+    unsigned char* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || (data == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Hash block. */
+        Sha256Transform(sha256, data, 1);
+
+        if (hash != NULL) {
+            /* Reverse bytes in digest. */
+        #ifdef LITTLE_ENDIAN_ORDER
+            word32* hash32 = (word32*)hash;
+            word32* digest = (word32*)sha256->digest;
+            hash32[0] = ByteReverseWord32(digest[0]);
+            hash32[1] = ByteReverseWord32(digest[1]);
+            hash32[2] = ByteReverseWord32(digest[2]);
+            hash32[3] = ByteReverseWord32(digest[3]);
+            hash32[4] = ByteReverseWord32(digest[4]);
+            hash32[5] = ByteReverseWord32(digest[5]);
+            hash32[6] = ByteReverseWord32(digest[6]);
+            hash32[7] = ByteReverseWord32(digest[7]);
+        #else
+            XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
+        #endif
+            /* Reset state. */
+        #ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+            sha256->digest[0] = 0x6A09E667L;
+            sha256->digest[1] = 0xBB67AE85L;
+            sha256->digest[2] = 0x3C6EF372L;
+            sha256->digest[3] = 0xA54FF53AL;
+            sha256->digest[4] = 0x510E527FL;
+            sha256->digest[5] = 0x9B05688CL;
+            sha256->digest[6] = 0x1F83D9ABL;
+            sha256->digest[7] = 0x5BE0CD19L;
+        #else
+            /* f, e, b, a, h, g, d, c */
+            sha256->digest[0] = 0x9B05688CL;
+            sha256->digest[1] = 0x510E527FL;
+            sha256->digest[2] = 0xBB67AE85L;
+            sha256->digest[3] = 0x6A09E667L;
+            sha256->digest[4] = 0x5BE0CD19L;
+            sha256->digest[5] = 0x1F83D9ABL;
+            sha256->digest[6] = 0xA54FF53AL;
+            sha256->digest[7] = 0x3C6EF372L;
+        #endif
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */
+
+#endif /* !NO_SHA256 */
+
+
+#ifdef WOLFSSL_SHA224
+
+/* Initialze SHA-224 object for hashing.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ */
+static void InitSha224(wc_Sha224* sha224)
+{
+    /* Set initial hash values. */
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha224->digest[0] = 0xc1059ed8;
+    sha224->digest[1] = 0x367cd507;
+    sha224->digest[2] = 0x3070dd17;
+    sha224->digest[3] = 0xf70e5939;
+    sha224->digest[4] = 0xffc00b31;
+    sha224->digest[5] = 0x68581511;
+    sha224->digest[6] = 0x64f98fa7;
+    sha224->digest[7] = 0xbefa4fa4;
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha224->digest[0] = 0x68581511;
+    sha224->digest[1] = 0xffc00b31;
+    sha224->digest[2] = 0x367cd507;
+    sha224->digest[3] = 0xc1059ed8;
+    sha224->digest[4] = 0xbefa4fa4;
+    sha224->digest[5] = 0x64f98fa7;
+    sha224->digest[6] = 0xf70e5939;
+    sha224->digest[7] = 0x3070dd17;
+#endif
+
+    /* No hashed data. */
+    sha224->buffLen = 0;
+    /* No data hashed. */
+    sha224->loLen   = 0;
+    sha224->hiLen   = 0;
+
+#ifdef WOLFSSL_HASH_FLAGS
+    sha224->flags = 0;
+#endif
+}
+
+/* Initialize SHA-224 object for hashing.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @param [in]      heap    Dynamic memory hint.
+ * @param [in]      devId   Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha224 is NULL.
+ */
+int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if (sha224 == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        sha224->heap = heap;
+        (void)devId;
+
+        InitSha224(sha224);
+    }
+
+    return ret;
+}
+
+/* Initialize SHA-224 object for hashing.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha224 is NULL.
+ */
+int wc_InitSha224(wc_Sha224* sha224)
+{
+    return wc_InitSha224_ex(sha224, NULL, INVALID_DEVID);
+}
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha224 is NULL.
+ * @return  BAD_FUNC_ARG when data is NULL but len is not 0.
+ */
+int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha224 == NULL) || ((data == NULL) && (len > 0))) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = Sha256Update((wc_Sha256 *)sha224, data, len);
+    }
+
+    return ret;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha224 or hash is NULL.
+ */
+int wc_Sha224Final(wc_Sha224* sha224, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha224 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        word32 hashTmp[WC_SHA256_DIGEST_SIZE/sizeof(word32)];
+        /* Finalize hash. */
+        Sha256Final((wc_Sha256*)sha224, (byte*)hashTmp);
+        /* Return only 224 bits. */
+        XMEMCPY(hash, hashTmp, WC_SHA224_DIGEST_SIZE);
+        /* Restart SHA-256 object for next hash. */
+        InitSha224(sha224);
+    }
+
+    return ret;
+}
+
+/* Free the SHA-224 hash.
+ *
+ * @param [in] sha224  SHA-224 object.
+ */
+void wc_Sha224Free(wc_Sha224* sha224)
+{
+    /* No dynamic memory allocated. */
+    (void)sha224;
+}
+
+/* Finalize the hash and put into buffer but don't modify state.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha224 or hash is NULL.
+ */
+int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha224 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha224 tmpSha224;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha224Copy(sha224, &tmpSha224);
+        if (ret == 0) {
+            /* Finalize copy. */
+            ret = wc_Sha224Final(&tmpSha224, hash);
+        }
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+/* Set flags of SHA-224 object.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @param [in]      flags   Flags to set.
+ * @return  0 on success.
+ */
+int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags)
+{
+    /* Check we have an object to use. */
+    if (sha224 != NULL) {
+        sha224->flags = flags;
+    }
+    return 0;
+}
+/* Get flags of SHA-224 object.
+ *
+ * @param [in]  sha224  SHA-224 object.
+ * @param [out] flags   Flags from SHA-224 object.
+ * @return  0 on success.
+ */
+int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags)
+{
+    /* Check we have an object and return parameter to use. */
+    if ((sha224 != NULL) && (flags != NULL)) {
+        *flags = sha224->flags;
+    }
+    return 0;
+}
+#endif
+
+/* Deep copy the SHA-224 object.
+ *
+ * @param [in]  src  SHA-224 object to copy.
+ * @param [out] dst  SHA-224 object to fill.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when src or dst is NULL.
+ */
+int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((src == NULL) || (dst == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        XMEMCPY(dst, src, sizeof(wc_Sha224));
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_SHA224 */
+
+#endif /* !NO_SHA256 || WOLFSSL_SHA224 */
+#endif /* WOLFSSL_RISCV_ASM */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha3.c b/wolfcrypt/src/port/riscv/riscv-64-sha3.c
new file mode 100644
index 0000000000..45722269fd
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha3.c
@@ -0,0 +1,863 @@
+/* riscv-64-sha3.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
+   !defined(WOLFSSL_AFALG_XILINX_SHA3)
+
+#if FIPS_VERSION3_GE(2,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+
+    #ifdef USE_WINDOWS_API
+        #pragma code_seg(".fipsA$n")
+        #pragma const_seg(".fipsB$n")
+    #endif
+#endif
+
+#include <wolfssl/wolfcrypt/sha3.h>
+
+static const word64 hash_keccak_r[24] =
+{
+    0x0000000000000001UL, 0x0000000000008082UL,
+    0x800000000000808aUL, 0x8000000080008000UL,
+    0x000000000000808bUL, 0x0000000080000001UL,
+    0x8000000080008081UL, 0x8000000000008009UL,
+    0x000000000000008aUL, 0x0000000000000088UL,
+    0x0000000080008009UL, 0x000000008000000aUL,
+    0x000000008000808bUL, 0x800000000000008bUL,
+    0x8000000000008089UL, 0x8000000000008003UL,
+    0x8000000000008002UL, 0x8000000000000080UL,
+    0x000000000000800aUL, 0x800000008000000aUL,
+    0x8000000080008081UL, 0x8000000000008080UL,
+    0x0000000080000001UL, 0x8000000080008008UL
+};
+
+#ifndef WOLFSSL_RISCV_VECTOR
+
+#define S0_0     "a1"
+#define S0_1     "a2"
+#define S0_2     "a3"
+#define S0_3     "a4"
+#define S0_4     "a5"
+#define S1_0     "s1"
+#define S1_1     "s2"
+#define S1_2     "s3"
+#define S1_3     "s4"
+#define S1_4     "s5"
+#define S2_0     "s6"
+#define S2_1     "s7"
+#define S2_2     "s8"
+#define S2_3     "s9"
+#define S2_4     "s10"
+#define S3_0     "t0"
+#define S3_1     "t1"
+#define S3_2     "t2"
+#define S3_3     "t3"
+#define S3_4     "t4"
+
+#define T_0      "a6"
+#define T_1      "a7"
+#define T_2      "t5"
+#define T_3      "t6"
+#define T_4      "s11"
+
+#define SR0_0    REG_A1
+#define SR0_1    REG_A2
+#define SR0_2    REG_A3
+#define SR0_3    REG_A4
+#define SR0_4    REG_A5
+#define SR1_0    REG_S1
+#define SR1_1    REG_S2
+#define SR1_2    REG_S3
+#define SR1_3    REG_S4
+#define SR1_4    REG_S5
+#define SR2_0    REG_S6
+#define SR2_1    REG_S7
+#define SR2_2    REG_S8
+#define SR2_3    REG_S9
+#define SR2_4    REG_S10
+#define SR3_0    REG_T0
+#define SR3_1    REG_T1
+#define SR3_2    REG_T2
+#define SR3_3    REG_T3
+#define SR3_4    REG_T4
+
+#define TR_0     REG_A6
+#define TR_1     REG_A7
+#define TR_2     REG_T5
+#define TR_3     REG_T6
+#define TR_4     REG_S11
+
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+
+#define SWAP_ROTL(t0, tr0, t1, s, sr, rr, rl)       \
+        "mv    " t1 ", " s  "\n\t"                  \
+        "srli  " s  ", " t0 ", " #rr "\n\t"         \
+        "slli  " t0 ", " t0 ", " #rl "\n\t"         \
+        "or    " s  ", " s  ", " t0 "\n\t"
+
+#define SWAP_ROTL_MEM(t0, tr0, t1, t2, s, rr, rl)   \
+        "ld    " t1 ", " #s "(%[s])\n\t"            \
+        "srli  " t2 ", " t0 ", " #rr "\n\t"         \
+        "slli  " t0 ", " t0 ", " #rl "\n\t"         \
+        "or    " t0 ", " t0 ", " t2 "\n\t"          \
+        "sd    " t0 ", " #s "(%[s])\n\t"
+
+#else
+
+#define SWAP_ROTL(t0, tr0, t1, s, sr, rr, rl)       \
+        "mv    " t1 ", " s "\n\t"                   \
+        RORI(sr, tr0, rr)
+
+#define SWAP_ROTL_MEM(t0, tr0, t1, t2, s, rr, rl)   \
+        "ld    " t1 ", " #s "(%[s])\n\t"            \
+        RORI(tr0, tr0, rr)                          \
+        "sd    " t0 ", " #s "(%[s])\n\t"
+
+#endif
+
+void BlockSha3(word64* s)
+{
+    const word64* r = hash_keccak_r;
+
+    __asm__ __volatile__ (
+        "addi   sp, sp, -24\n\t"
+        "li     " T_4 ", 24\n\t"
+        "ld     " S0_0 ", 0(%[s])\n\t"
+        "ld     " S0_1 ", 8(%[s])\n\t"
+        "ld     " S0_2 ", 16(%[s])\n\t"
+        "ld     " S0_3 ", 24(%[s])\n\t"
+        "ld     " S0_4 ", 32(%[s])\n\t"
+        "ld     " S1_0 ", 40(%[s])\n\t"
+        "ld     " S1_1 ", 48(%[s])\n\t"
+        "ld     " S1_2 ", 56(%[s])\n\t"
+        "ld     " S1_3 ", 64(%[s])\n\t"
+        "ld     " S1_4 ", 72(%[s])\n\t"
+        "ld     " S2_0 ", 80(%[s])\n\t"
+        "ld     " S2_1 ", 88(%[s])\n\t"
+        "ld     " S2_2 ", 96(%[s])\n\t"
+        "ld     " S2_3 ", 104(%[s])\n\t"
+        "ld     " S2_4 ", 112(%[s])\n\t"
+        "ld     " S3_0 ", 120(%[s])\n\t"
+        "ld     " S3_1 ", 128(%[s])\n\t"
+        "ld     " S3_2 ", 136(%[s])\n\t"
+        "ld     " S3_3 ", 144(%[s])\n\t"
+        "ld     " S3_4 ", 152(%[s])\n\t"
+        "ld     " T_0 ", 160(%[s])\n\t"
+        "ld     " T_1 ", 168(%[s])\n\t"
+        "ld     " T_2 ", 176(%[s])\n\t"
+        "\n"
+    "L_riscv_64_block_sha3_loop:\n\t"
+        "sd     " T_4 ", 16(sp)\n\t"
+
+        /* COLUMN MIX */
+        /* Calc b[0], b[1], b[2], b[3], b[4] */
+        "ld     " T_3 ", 184(%[s])\n\t"
+        "ld     " T_4 ", 192(%[s])\n\t"
+        "xor    " T_0 ", " T_0 ", " S0_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S0_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S0_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S0_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S0_4 "\n\t"
+        "xor    " T_0 ", " T_0 ", " S1_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S1_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S1_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S1_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S1_4 "\n\t"
+        "xor    " T_0 ", " T_0 ", " S2_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S2_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S2_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S2_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S2_4 "\n\t"
+        "xor    " T_0 ", " T_0 ", " S3_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S3_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S3_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S3_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S3_4 "\n\t"
+        "sd     " T_1 ", 0(sp)\n\t"
+        "sd     " T_3 ", 8(sp)\n\t"
+        /* T_0, T_1, T_2, T_3, T_4 */
+
+        /* s[0],s[5],s[10],s[15],s[20] ^= b[4] ^ ROTL(b[1], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_3 ", " T_1 ", 63\n\t"
+        "slli   " T_1 ", " T_1 ", 1\n\t"
+        "or     " T_1 ", " T_1 ", " T_3 "\n\t"
+#else
+        RORI(TR_1, TR_1, 63)
+#endif
+        "ld     " T_3 ", 160(%[s])\n\t"
+        "xor    " T_1 ", " T_1 ", " T_4 "\n\t"
+        "xor    " S0_0 ", " S0_0 ", " T_1 "\n\t"
+        "xor    " S1_0 ", " S1_0 ", " T_1 "\n\t"
+        "xor    " T_3 ", " T_3 ", " T_1 "\n\t"
+        "xor    " S2_0 ", " S2_0 ", " T_1 "\n\t"
+        "xor    " S3_0 ", " S3_0 ", " T_1 "\n\t"
+        "sd     " T_3 ", 160(%[s])\n\t"
+        /* T_0, T_2, T_4 */
+
+        /* s[1],s[6],s[11],s[16],s[21] ^= b[0] ^ ROTL(b[2], 1)*/
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_3 ", " T_2 ", 63\n\t"
+        "slli   " T_1 ", " T_2 ", 1\n\t"
+        "or     " T_1 ", " T_1 ", " T_3 "\n\t"
+#else
+        RORI(TR_1, TR_2, 63)
+#endif
+        "ld     " T_3 ", 168(%[s])\n\t"
+        "xor    " T_1 ", " T_1 ", " T_0 "\n\t"
+        "xor    " S0_1 ", " S0_1 ", " T_1 "\n\t"
+        "xor    " S1_1 ", " S1_1 ", " T_1 "\n\t"
+        "xor    " T_3 ", " T_3 ", " T_1 "\n\t"
+        "xor    " S2_1 ", " S2_1 ", " T_1 "\n\t"
+        "xor    " S3_1 ", " S3_1 ", " T_1 "\n\t"
+        "sd     " T_3 ", 168(%[s])\n\t"
+        /* T_0, T_2, T_4 */
+
+        /* s[3],s[8],s[13],s[18],s[23] ^= b[2] ^ ROTL(b[4], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_3 ", " T_4 ", 63\n\t"
+        "slli   " T_4 ", " T_4 ", 1\n\t"
+        "or     " T_4 ", " T_4 ", " T_3 "\n\t"
+#else
+        RORI(TR_4, TR_4, 63)
+#endif
+        "ld     " T_3 ", 184(%[s])\n\t"
+        "xor    " T_4 ", " T_4 ", " T_2 "\n\t"
+        "xor    " S0_3 ", " S0_3 ", " T_4 "\n\t"
+        "xor    " S1_3 ", " S1_3 ", " T_4 "\n\t"
+        "xor    " T_3 ", " T_3 ", " T_4 "\n\t"
+        "xor    " S2_3 ", " S2_3 ", " T_4 "\n\t"
+        "xor    " S3_3 ", " S3_3 ", " T_4 "\n\t"
+        "sd     " T_3 ", 184(%[s])\n\t"
+        /* T_0, T_2 */
+
+        "ld     " T_3 ", 8(sp)\n\t"
+        /* s[4],s[9],s[14],s[19],s[24] ^= b[3] ^ ROTL(b[0], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_2 ", " T_0 ", 63\n\t"
+        "slli   " T_0 ", " T_0 ", 1\n\t"
+        "or     " T_0 ", " T_0 ", " T_2 "\n\t"
+#else
+        RORI(TR_0, TR_0, 63)
+#endif
+        "ld     " T_4 ", 192(%[s])\n\t"
+        "xor    " T_0 ", " T_0 ", " T_3 "\n\t"
+        "xor    " S0_4 ", " S0_4 ", " T_0 "\n\t"
+        "xor    " S1_4 ", " S1_4 ", " T_0 "\n\t"
+        "xor    " T_4 ", " T_4 ", " T_0 "\n\t"
+        "xor    " S2_4 ", " S2_4 ", " T_0 "\n\t"
+        "xor    " S3_4 ", " S3_4 ", " T_0 "\n\t"
+        /* T_3 */
+
+        "ld     " T_1 ", 0(sp)\n\t"
+        /* s[2],s[7],s[12],s[17],s[22] ^= b[1] ^ ROTL(b[3], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_2 ", " T_3 ", 63\n\t"
+        "slli   " T_3 ", " T_3 ", 1\n\t"
+        "or     " T_3 ", " T_3 ", " T_2 "\n\t"
+#else
+        RORI(TR_3, TR_3, 63)
+#endif
+        "ld     " T_2 ", 176(%[s])\n\t"
+        "xor    " T_3 ", " T_3 ", " T_1 "\n\t"
+        "xor    " S0_2 ", " S0_2 ", " T_3 "\n\t"
+        "xor    " S1_2 ", " S1_2 ", " T_3 "\n\t"
+        "xor    " T_2 ", " T_2 ", " T_3 "\n\t"
+        "xor    " S2_2 ", " S2_2 ", " T_3 "\n\t"
+        "xor    " S3_2 ", " S3_2 ", " T_3 "\n\t"
+
+        /* SWAP ROTL */
+        /* t0 = s[10], s[10] = s[1] >>> 63 */
+        "mv    " T_0 ", " S2_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli  " T_1 ", " S0_1 ", 63\n\t"
+        "slli  " S2_0 ", " S0_1 ", 1\n\t"
+        "or    " S2_0 ", " S2_0 ", " T_1 "\n\t"
+#else
+        RORI(SR2_0, SR0_1, 63)
+#endif
+        /* t1 = s[ 7], s[ 7] = t0 >>> 61 */
+        SWAP_ROTL(T_0, TR_0, T_1, S1_2, SR1_2, 61, 3)
+        /* t0 = s[11], s[11] = t1 >>> 58 */
+        SWAP_ROTL(T_1, TR_1, T_0, S2_1, SR2_1, 58, 6)
+        /* t1 = s[17], s[17] = t0 >>> 54 */
+        SWAP_ROTL(T_0, TR_0, T_1, S3_2, SR3_2, 54, 10)
+        /* t0 = s[18], s[18] = t1 >>> 49 */
+        SWAP_ROTL(T_1, TR_1, T_0, S3_3, SR3_3, 49, 15)
+        /* t1 = s[ 3], s[ 3] = t0 >>> 43 */
+        SWAP_ROTL(T_0, TR_0, T_1, S0_3, SR0_3, 43, 21)
+        /* t0 = s[ 5], s[ 5] = t1 >>> 36 */
+        SWAP_ROTL(T_1, TR_1, T_0, S1_0, SR1_0, 36, 28)
+        /* t1 = s[16], s[16] = t0 >>> 28 */
+        SWAP_ROTL(T_0, TR_0, T_1, S3_1, SR3_1, 28, 36)
+        /* t0 = s[ 8], s[ 8] = t1 >>> 19 */
+        SWAP_ROTL(T_1, TR_1, T_0, S1_3, SR1_3, 19, 45)
+        /* t1 = s[21], s[21] = t0 >>>  9 */
+        SWAP_ROTL_MEM(T_0, TR_0, T_1, T_3, 168,  9, 55)
+        /* t0 = s[24], s[24] = t1 >>> 62 */
+        SWAP_ROTL(T_1, TR_1, T_0, T_4, TR_4, 62,  2)
+        /* t1 = s[ 4], s[ 4] = t0 >>> 50 */
+        SWAP_ROTL(T_0, TR_0, T_1, S0_4, SR0_4, 50, 14)
+        /* t0 = s[15], s[15] = t1 >>> 37 */
+        SWAP_ROTL(T_1, TR_1, T_0, S3_0, SR3_0, 37, 27)
+        /* t1 = s[23], s[23] = t0 >>> 23 */
+        SWAP_ROTL_MEM(T_0, TR_0, T_1, T_3, 184, 23, 41)
+        /* t0 = s[19], s[19] = t1 >>>  8 */
+        SWAP_ROTL(T_1, TR_1, T_0, S3_4, SR3_4,  8, 56)
+        /* t1 = s[13], s[13] = t0 >>> 56 */
+        SWAP_ROTL(T_0, TR_0, T_1, S2_3, SR2_3, 56,  8)
+        /* t0 = s[12], s[12] = t1 >>> 39 */
+        SWAP_ROTL(T_1, TR_1, T_0, S2_2, SR2_2, 39, 25)
+        /* t1 = s[ 2], s[ 2] = t0 >>> 21 */
+        SWAP_ROTL(T_0, TR_0, T_1, S0_2, SR0_2, 21, 43)
+        /* t0 = s[20], s[20] = t1 >>>  2 */
+        SWAP_ROTL_MEM(T_1, TR_1, T_0, T_3, 160,  2, 62)
+        /* t1 = s[14], s[14] = t0 >>> 46 */
+        SWAP_ROTL(T_0, TR_0, T_1, S2_4, SR2_4, 46, 18)
+        /* t0 = s[22], s[22] = t1 >>> 25 */
+        SWAP_ROTL(T_1, TR_1, T_0, T_2, TR_2, 25, 39)
+        /* t1 = s[ 9], s[ 9] = t0 >>> 3 */
+        SWAP_ROTL(T_0, TR_0, T_1, S1_4, SR1_4,  3, 61)
+        /* t0 = s[ 6], s[ 6] = t1 >>> 44 */
+        SWAP_ROTL(T_1, TR_1, T_0, S1_1, SR1_1, 44, 20)
+        /*             s[ 1] = t0 >>> 20 */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli  " S0_1 ", " T_0 ", 20\n\t"
+        "slli  " T_0 ", " T_0 ", 44\n\t"
+        "or    " S0_1 ", " S0_1 ", " T_0 "\n\t"
+#else
+        RORI(SR0_1, TR_0, 20)
+#endif
+
+        /* ROW MIX */
+        /* s[0] */
+        "mv     " T_0 ", " S0_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S0_2 "\n\t"
+#else
+        ANDN(TR_3, SR0_2, SR0_1)
+#endif
+        "xor    " S0_0 ", " S0_0 ", " T_3 "\n\t"
+        /* s[1] */
+        "mv     " T_1 ", " S0_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S0_3 "\n\t"
+#else
+        ANDN(TR_3, SR0_3, SR0_2)
+#endif
+        "xor    " S0_1 ", " S0_1 ", " T_3 "\n\t"
+        /* s[2] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S0_4 "\n\t"
+#else
+        ANDN(TR_3, SR0_4, SR0_3)
+#endif
+        "xor    " S0_2 ", " S0_2 ", " T_3 "\n\t"
+        /* s[3] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR0_4)
+#endif
+        "xor    " S0_3 ", " S0_3 ", " T_3 "\n\t"
+        /* s[4] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S0_4 ", " S0_4 ", " T_3 "\n\t"
+
+        /* s[5] */
+        "mv     " T_0 ", " S1_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S1_2 "\n\t"
+#else
+        ANDN(TR_3, SR1_2, SR1_1)
+#endif
+        "xor    " S1_0 ", " S1_0 ", " T_3 "\n\t"
+        /* s[6] */
+        "mv     " T_1 ", " S1_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S1_3 "\n\t"
+#else
+        ANDN(TR_3, SR1_3, SR1_2)
+#endif
+        "xor    " S1_1 ", " S1_1 ", " T_3 "\n\t"
+        /* s[7] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S1_4 "\n\t"
+#else
+        ANDN(TR_3, SR1_4, SR1_3)
+#endif
+        "xor    " S1_2 ", " S1_2 ", " T_3 "\n\t"
+        /* s[8] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR1_4)
+#endif
+        "xor    " S1_3 ", " S1_3 ", " T_3 "\n\t"
+        /* s[9] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S1_4 ", " S1_4 ", " T_3 "\n\t"
+
+        /* s[10] */
+        "mv     " T_0 ", " S2_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S2_2 "\n\t"
+#else
+        ANDN(TR_3, SR2_2, SR2_1)
+#endif
+        "xor    " S2_0 ", " S2_0 ", " T_3 "\n\t"
+        /* s[11] */
+        "mv     " T_1 ", " S2_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S2_3 "\n\t"
+#else
+        ANDN(TR_3, SR2_3, SR2_2)
+#endif
+        "xor    " S2_1 ", " S2_1 ", " T_3 "\n\t"
+        /* s[12] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S2_4 "\n\t"
+#else
+        ANDN(TR_3, SR2_4, SR2_3)
+#endif
+        "xor    " S2_2 ", " S2_2 ", " T_3 "\n\t"
+        /* s[13] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR2_4)
+#endif
+        "xor    " S2_3 ", " S2_3 ", " T_3 "\n\t"
+        /* s[14] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S2_4 ", " S2_4 ", " T_3 "\n\t"
+
+        /* s[15] */
+        "mv     " T_0 ", " S3_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S3_2 "\n\t"
+#else
+        ANDN(TR_3, SR3_2, SR3_1)
+#endif
+        "xor    " S3_0 ", " S3_0 ", " T_3 "\n\t"
+        /* s[16] */
+        "mv     " T_1 ", " S3_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S3_3 "\n\t"
+#else
+        ANDN(TR_3, SR3_3, SR3_2)
+#endif
+        "xor    " S3_1 ", " S3_1 ", " T_3 "\n\t"
+        /* s[17] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S3_4 "\n\t"
+#else
+        ANDN(TR_3, SR3_4, SR3_3)
+#endif
+        "xor    " S3_2 ", " S3_2 ", " T_3 "\n\t"
+        /* s[18] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR3_4)
+#endif
+        "xor    " S3_3 ", " S3_3 ", " T_3 "\n\t"
+        /* s[19] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S3_4 ", " S3_4 ", " T_3 "\n\t"
+
+        "sd     " S3_0 ", 120(%[s])\n\t"
+        "sd     " S3_1 ", 128(%[s])\n\t"
+        "sd     " S3_2 ", 136(%[s])\n\t"
+        "ld     " T_0 ", 160(%[s])\n\t"
+        "ld     " T_1 ", 168(%[s])\n\t"
+        "ld     " T_3 ", 184(%[s])\n\t"
+
+        /* s[20] */
+        "mv     " S3_0 ", " T_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_1 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " T_2 "\n\t"
+#else
+        ANDN(SR3_2, TR_2, TR_1)
+#endif
+        "xor    " T_0 ", " T_0 ", " S3_2 "\n\t"
+        /* s[21] */
+        "mv     " S3_1 ", " T_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_2 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " T_3 "\n\t"
+#else
+        ANDN(SR3_2, TR_3, TR_2)
+#endif
+        "xor    " T_1 ", " T_1 ", " S3_2 "\n\t"
+        /* s[22] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_3 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " T_4 "\n\t"
+#else
+        ANDN(SR3_2, TR_4, TR_3)
+#endif
+        "xor    " T_2 ", " T_2 ", " S3_2 "\n\t"
+        /* s[23] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_4 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " S3_0 "\n\t"
+#else
+        ANDN(SR3_2, SR3_0, TR_4)
+#endif
+        "xor    " T_3 ", " T_3 ", " S3_2 "\n\t"
+        /* s[24] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " S3_0 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " S3_1 "\n\t"
+#else
+        ANDN(SR3_2, SR3_1, SR3_0)
+#endif
+        "xor    " T_4 ", " T_4 ", " S3_2 "\n\t"
+
+        "ld     " S3_0 ", 120(%[s])\n\t"
+        "ld     " S3_1 ", 128(%[s])\n\t"
+        "ld     " S3_2 ", 136(%[s])\n\t"
+        "sd     " T_0 ", 160(%[s])\n\t"
+        "sd     " T_1 ", 168(%[s])\n\t"
+        "sd     " T_2 ", 176(%[s])\n\t"
+        "sd     " T_3 ", 184(%[s])\n\t"
+        "sd     " T_4 ", 192(%[s])\n\t"
+
+        "ld     " T_4 ", 16(sp)\n\t"
+        "ld     " T_3 ", 0(%[r])\n\t"
+        "addi   %[r], %[r], 8\n\t"
+        "addi   " T_4 ", " T_4 ", -1\n\t"
+        "xor    " S0_0 ", " S0_0 ", " T_3 "\n\t"
+        "bnez   " T_4 ", L_riscv_64_block_sha3_loop\n\t"
+
+        "sd     " S0_0 ", 0(%[s])\n\t"
+        "sd     " S0_1 ", 8(%[s])\n\t"
+        "sd     " S0_2 ", 16(%[s])\n\t"
+        "sd     " S0_3 ", 24(%[s])\n\t"
+        "sd     " S0_4 ", 32(%[s])\n\t"
+        "sd     " S1_0 ", 40(%[s])\n\t"
+        "sd     " S1_1 ", 48(%[s])\n\t"
+        "sd     " S1_2 ", 56(%[s])\n\t"
+        "sd     " S1_3 ", 64(%[s])\n\t"
+        "sd     " S1_4 ", 72(%[s])\n\t"
+        "sd     " S2_0 ", 80(%[s])\n\t"
+        "sd     " S2_1 ", 88(%[s])\n\t"
+        "sd     " S2_2 ", 96(%[s])\n\t"
+        "sd     " S2_3 ", 104(%[s])\n\t"
+        "sd     " S2_4 ", 112(%[s])\n\t"
+        "sd     " S3_0 ", 120(%[s])\n\t"
+        "sd     " S3_1 ", 128(%[s])\n\t"
+        "sd     " S3_2 ", 136(%[s])\n\t"
+        "sd     " S3_3 ", 144(%[s])\n\t"
+        "sd     " S3_4 ", 152(%[s])\n\t"
+
+        "addi   sp, sp, 24\n\t"
+
+        : [r] "+r" (r)
+        : [s] "r" (s)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+           "a1", "a2", "a3", "a4", "a5", "a6", "a7",
+           "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10", "s11"
+    );
+}
+
+#else
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define COL_MIX(r, b1, b4)                      \
+        VSLL_VI(REG_V31, b1, 1)                 \
+        VSRL_VX(REG_V30, b1, REG_T1)            \
+        VXOR_VV(REG_V31, REG_V31, b4)           \
+        VXOR_VV(REG_V31, REG_V31, REG_V30)      \
+        VXOR_VV((r +  0), (r +  0), REG_V31)    \
+        VXOR_VV((r +  5), (r +  5), REG_V31)    \
+        VXOR_VV((r + 10), (r + 10), REG_V31)    \
+        VXOR_VV((r + 15), (r + 15), REG_V31)    \
+        VXOR_VV((r + 20), (r + 20), REG_V31)
+
+#define SWAP_ROTL_LO(vr, vt0, vt1, sl)          \
+        VMV_V_V(vt0, vr)                        \
+        "li     t1, 64 - " #sl "\n\t"           \
+        VSLL_VI(vr, vt1, sl)                    \
+        VSRL_VX(vt1, vt1, REG_T1)               \
+        VOR_VV(vr, vr, vt1)
+
+#define SWAP_ROTL_HI(vr, vt0, vt1, sl)          \
+        VMV_V_V(vt0, vr)                        \
+        "li     t1, " #sl "\n\t"                \
+        VSRL_VI(vr, vt1, (64 - sl))             \
+        VSLL_VX(vt1, vt1, REG_T1)               \
+        VOR_VV(vr, vr, vt1)
+
+#define ROW_MIX(r)                              \
+        VMV_V_V(REG_V25, (r + 0))               \
+        VMV_V_V(REG_V26, (r + 1))               \
+        VNOT_V(REG_V30, (r + 1))                \
+        VNOT_V(REG_V31, (r + 2))                \
+        VAND_VV(REG_V30, REG_V30, (r + 2))      \
+        VAND_VV(REG_V31, REG_V31, (r + 3))      \
+        VXOR_VV((r + 0), REG_V30, (r + 0))      \
+        VXOR_VV((r + 1), REG_V31, (r + 1))      \
+        VNOT_V(REG_V30, (r + 3))                \
+        VNOT_V(REG_V31, (r + 4))                \
+        VAND_VV(REG_V30, REG_V30, (r + 4))      \
+        VAND_VV(REG_V31, REG_V31, REG_V25)      \
+        VNOT_V(REG_V25, REG_V25)                \
+        VXOR_VV((r + 2), REG_V30, (r + 2))      \
+        VAND_VV(REG_V25, REG_V25, REG_V26)      \
+        VXOR_VV((r + 3), REG_V31, (r + 3))      \
+        VXOR_VV((r + 4), REG_V25, (r + 4))
+
+#else
+
+#define COL_MIX(r, t)                           \
+        VXOR_VV((r +  0), (r +  0), t)          \
+        VXOR_VV((r +  5), (r +  5), t)          \
+        VXOR_VV((r + 10), (r + 10), t)          \
+        VXOR_VV((r + 15), (r + 15), t)          \
+        VXOR_VV((r + 20), (r + 20), t)
+
+#define SWAP_ROTL(vr, vt0, vt1, sl)             \
+        VMV_V_V(vt0, vr)                        \
+        VROR_VI(vr, (64 - sl), vt1)
+
+#define SWAP_ROTL_LO    SWAP_ROTL
+#define SWAP_ROTL_HI    SWAP_ROTL
+
+#define ROW_MIX(r)                              \
+        VMV_V_V(REG_V25, (r + 0))               \
+        VMV_V_V(REG_V26, (r + 1))               \
+        VANDN_VV(REG_V30, (r + 1), (r + 2))     \
+        VANDN_VV(REG_V31, (r + 2), (r + 3))     \
+        VXOR_VV((r + 0), REG_V30, (r + 0))      \
+        VXOR_VV((r + 1), REG_V31, (r + 1))      \
+        VANDN_VV(REG_V30, (r + 3), (r + 4))     \
+        VANDN_VV(REG_V31, (r + 4), REG_V25)     \
+        VANDN_VV(REG_V25, REG_V25, REG_V26)     \
+        VXOR_VV((r + 2), REG_V30, (r + 2))      \
+        VXOR_VV((r + 3), REG_V31, (r + 3))      \
+        VXOR_VV((r + 4), REG_V25, (r + 4))
+
+#endif
+
+
+void BlockSha3(word64* s)
+{
+    __asm__ __volatile__ (
+        /* 1 x 64-bit */
+        VSETIVLI(REG_X0, 1, 0, 1, 0b011, 0b000)
+
+        "li     t2, 24\n\t"
+        "mv     t0, %[r]\n\t"
+        "mv     t1, %[s]\n\t"
+        VLSEG8E64_V(REG_V0, REG_T1)
+        "addi   t1, %[s], 64\n\t"
+        VLSEG8E64_V(REG_V8, REG_T1)
+        "addi   t1, %[s], 128\n\t"
+        VLSEG8E64_V(REG_V16, REG_T1)
+        "addi   t1, %[s], 192\n\t"
+        VLSEG1E64_V(REG_V24, REG_T1)
+
+        "\n"
+    "L_riscv_64_block_sha3_loop:\n\t"
+
+        /* COLUMN MIX */
+        VXOR_VV(REG_V25, REG_V0, REG_V5)
+        VXOR_VV(REG_V26, REG_V1, REG_V6)
+        VXOR_VV(REG_V27, REG_V2, REG_V7)
+        VXOR_VV(REG_V28, REG_V3, REG_V8)
+        VXOR_VV(REG_V29, REG_V4, REG_V9)
+        VXOR_VV(REG_V25, REG_V25, REG_V10)
+        VXOR_VV(REG_V26, REG_V26, REG_V11)
+        VXOR_VV(REG_V27, REG_V27, REG_V12)
+        VXOR_VV(REG_V28, REG_V28, REG_V13)
+        VXOR_VV(REG_V29, REG_V29, REG_V14)
+        VXOR_VV(REG_V25, REG_V25, REG_V15)
+        VXOR_VV(REG_V26, REG_V26, REG_V16)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        VXOR_VV(REG_V28, REG_V28, REG_V18)
+        VXOR_VV(REG_V29, REG_V29, REG_V19)
+        VXOR_VV(REG_V25, REG_V25, REG_V20)
+        VXOR_VV(REG_V26, REG_V26, REG_V21)
+        VXOR_VV(REG_V27, REG_V27, REG_V22)
+        VXOR_VV(REG_V28, REG_V28, REG_V23)
+        VXOR_VV(REG_V29, REG_V29, REG_V24)
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        "li     t1, 63\n\t"
+        COL_MIX(REG_V0, REG_V26, REG_V29)
+        COL_MIX(REG_V1, REG_V27, REG_V25)
+        COL_MIX(REG_V2, REG_V28, REG_V26)
+        COL_MIX(REG_V3, REG_V29, REG_V27)
+        COL_MIX(REG_V4, REG_V25, REG_V28)
+#else
+        VROR_VI(REG_V30, 63, REG_V26)
+        VROR_VI(REG_V31, 63, REG_V27)
+        VXOR_VV(REG_V30, REG_V30, REG_V29)
+        VXOR_VV(REG_V31, REG_V31, REG_V25)
+        COL_MIX(REG_V0, REG_V30)
+        COL_MIX(REG_V1, REG_V31)
+
+        VROR_VI(REG_V30, 63, REG_V28)
+        VROR_VI(REG_V31, 63, REG_V29)
+        VROR_VI(REG_V25, 63, REG_V25)
+        VXOR_VV(REG_V30, REG_V30, REG_V26)
+        VXOR_VV(REG_V31, REG_V31, REG_V27)
+        VXOR_VV(REG_V25, REG_V25, REG_V28)
+        COL_MIX(REG_V2, REG_V30)
+        COL_MIX(REG_V3, REG_V31)
+        COL_MIX(REG_V4, REG_V25)
+#endif
+        /* SWAP ROTL */
+        /* t1 = s[ 1]                   */
+        VMV_V_V(REG_V26, REG_V1)
+        /* t0 = s[10], s[10] = t1 <<< 1 */
+        SWAP_ROTL_LO(REG_V10, REG_V25, REG_V26, 1)
+        /* t1 = s[ 7], s[ 7] = t0 <<< 3 */
+        SWAP_ROTL_LO(REG_V7 , REG_V26, REG_V25, 3)
+        /* t0 = s[11], s[11] = t1 <<< 6 */
+        SWAP_ROTL_LO(REG_V11, REG_V25, REG_V26, 6)
+        /* t1 = s[17], s[17] = t0 <<< 10 */
+        SWAP_ROTL_LO(REG_V17, REG_V26, REG_V25, 10)
+        /* t0 = s[18], s[18] = t1 <<< 15 */
+        SWAP_ROTL_LO(REG_V18, REG_V25, REG_V26, 15)
+        /* t1 = s[ 3], s[ 3] = t0 <<< 21 */
+        SWAP_ROTL_LO(REG_V3 , REG_V26, REG_V25, 21)
+        /* t0 = s[ 5], s[ 5] = t1 <<< 28 */
+        SWAP_ROTL_LO(REG_V5 , REG_V25, REG_V26, 28)
+        /* t1 = s[16], s[16] = t0 <<< 36 */
+        SWAP_ROTL_HI(REG_V16, REG_V26, REG_V25, 36)
+        /* t0 = s[ 8], s[ 8] = t1 <<< 45 */
+        SWAP_ROTL_HI(REG_V8 , REG_V25, REG_V26, 45)
+        /* t1 = s[21], s[21] = t0 <<< 55 */
+        SWAP_ROTL_HI(REG_V21, REG_V26, REG_V25, 55)
+        /* t0 = s[24], s[24] = t1 <<< 2 */
+        SWAP_ROTL_LO(REG_V24, REG_V25, REG_V26,  2)
+        /* t1 = s[ 4], s[ 4] = t0 <<< 14 */
+        SWAP_ROTL_LO(REG_V4 , REG_V26, REG_V25, 14)
+        /* t0 = s[15], s[15] = t1 <<< 27 */
+        SWAP_ROTL_LO(REG_V15, REG_V25, REG_V26, 27)
+        /* t1 = s[23], s[23] = t0 <<< 41 */
+        SWAP_ROTL_HI(REG_V23, REG_V26, REG_V25, 41)
+        /* t0 = s[19], s[19] = t1 <<< 56 */
+        SWAP_ROTL_HI(REG_V19, REG_V25, REG_V26, 56)
+        /* t1 = s[13], s[13] = t0 <<< 8 */
+        SWAP_ROTL_LO(REG_V13, REG_V26, REG_V25,  8)
+        /* t0 = s[12], s[12] = t1 <<< 25 */
+        SWAP_ROTL_LO(REG_V12, REG_V25, REG_V26, 25)
+        /* t1 = s[ 2], s[ 2] = t0 <<< 43 */
+        SWAP_ROTL_HI(REG_V2 , REG_V26, REG_V25, 43)
+        /* t0 = s[20], s[20] = t1 <<< 62 */
+        SWAP_ROTL_HI(REG_V20, REG_V25, REG_V26, 62)
+        /* t1 = s[14], s[14] = t0 <<< 18 */
+        SWAP_ROTL_LO(REG_V14, REG_V26, REG_V25, 18)
+        /* t0 = s[22], s[22] = t1 <<< 39 */
+        SWAP_ROTL_HI(REG_V22, REG_V25, REG_V26, 39)
+        /* t1 = s[ 9], s[ 9] = t0 <<< 61 */
+        SWAP_ROTL_HI(REG_V9 , REG_V26, REG_V25, 61)
+        /* t0 = s[ 6], s[ 6] = t1 <<< 20 */
+        SWAP_ROTL_LO(REG_V6 , REG_V25, REG_V26, 20)
+        /*             s[ 1] = t0 <<< 44 */
+        "li     t1, 44\n\t"
+        VSRL_VI(REG_V1, REG_V25, (64 - 44))
+        VSLL_VX(REG_V25, REG_V25, REG_T1)
+        VOR_VV(REG_V1, REG_V1, REG_V25)
+
+        /* ROW MIX */
+        ROW_MIX(REG_V0)
+        ROW_MIX(REG_V5)
+        ROW_MIX(REG_V10)
+        ROW_MIX(REG_V15)
+        ROW_MIX(REG_V20)
+
+        VL1RE64_V(REG_V25, REG_T0)
+        "addi   t0, t0, 8\n\t"
+        "addi   t2, t2, -1\n\t"
+        VXOR_VV(REG_V0, REG_V0, REG_V25)
+        "bnez   t2, L_riscv_64_block_sha3_loop\n\t"
+
+        "mv     t1, %[s]\n\t"
+        VSSEG8E64_V(REG_V0, REG_T1)
+        "addi   t1, %[s], 64\n\t"
+        VSSEG8E64_V(REG_V8, REG_T1)
+        "addi   t1, %[s], 128\n\t"
+        VSSEG8E64_V(REG_V16, REG_T1)
+        "addi   t1, %[s], 192\n\t"
+        VSSEG1E64_V(REG_V24, REG_T1)
+
+        :
+        : [s] "r" (s), [r] "r" (hash_keccak_r)
+        : "memory", "t0", "t1", "t2"
+    );
+}
+
+#endif
+
+#endif
+
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha512.c b/wolfcrypt/src/port/riscv/riscv-64-sha512.c
new file mode 100644
index 0000000000..143dcc4a69
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha512.c
@@ -0,0 +1,1724 @@
+/* riscv-sha512.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_RISCV_ASM
+#if !defined(NO_SHA512) || defined(WOLFSSL_SHA384)
+
+#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS)
+    #undef HAVE_FIPS
+#else
+    #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+        #define FIPS_NO_WRAPPERS
+    #endif
+#endif
+
+#include <wolfssl/wolfcrypt/sha512.h>
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_sha512_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000014 };
+    int wolfCrypt_FIPS_SHA512_sanity(void)
+    {
+        return 0;
+    }
+#endif
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+/* Constants to add in each round. */
+static const word64 K512[80] = {
+    W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd),
+    W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc),
+    W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019),
+    W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118),
+    W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe),
+    W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2),
+    W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1),
+    W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694),
+    W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3),
+    W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65),
+    W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483),
+    W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5),
+    W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210),
+    W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4),
+    W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725),
+    W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70),
+    W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926),
+    W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df),
+    W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8),
+    W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b),
+    W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001),
+    W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30),
+    W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910),
+    W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8),
+    W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53),
+    W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8),
+    W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb),
+    W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3),
+    W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60),
+    W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec),
+    W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9),
+    W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b),
+    W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207),
+    W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178),
+    W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6),
+    W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b),
+    W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493),
+    W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c),
+    W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a),
+    W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817)
+};
+
+static int InitSha512(wc_Sha512* sha512, void* heap, int devId)
+{
+   int ret = 0;
+
+    if (sha512 == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        sha512->heap = heap;
+    #ifdef WOLF_CRYPTO_CB
+        sha512->devId = devId;
+    #endif
+        (void)devId;
+    #ifdef WOLFSSL_SMALL_STACK_CACHE
+        sha512->W = NULL;
+    #endif
+
+    #ifdef WOLFSSL_HASH_FLAGS
+        sha512->flags = 0;
+    #endif
+    }
+
+    return ret;
+}
+
+/* Initialze SHA-512 object for hashing.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ */
+static void InitSha512_State(wc_Sha512* sha512)
+{
+    /* Set initial hash values. */
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha512->digest[0] = W64LIT(0x6a09e667f3bcc908);
+    sha512->digest[1] = W64LIT(0xbb67ae8584caa73b);
+    sha512->digest[2] = W64LIT(0x3c6ef372fe94f82b);
+    sha512->digest[3] = W64LIT(0xa54ff53a5f1d36f1);
+    sha512->digest[4] = W64LIT(0x510e527fade682d1);
+    sha512->digest[5] = W64LIT(0x9b05688c2b3e6c1f);
+    sha512->digest[6] = W64LIT(0x1f83d9abfb41bd6b);
+    sha512->digest[7] = W64LIT(0x5be0cd19137e2179);
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha512->digest[0] = W64LIT(0x9b05688c2b3e6c1f);
+    sha512->digest[1] = W64LIT(0x510e527fade682d1);
+    sha512->digest[2] = W64LIT(0xbb67ae8584caa73b);
+    sha512->digest[3] = W64LIT(0x6a09e667f3bcc908);
+    sha512->digest[4] = W64LIT(0x5be0cd19137e2179);
+    sha512->digest[5] = W64LIT(0x1f83d9abfb41bd6b);
+    sha512->digest[6] = W64LIT(0xa54ff53a5f1d36f1);
+    sha512->digest[7] = W64LIT(0x3c6ef372fe94f82b);
+#endif
+
+    /* No hashed data. */
+    sha512->buffLen = 0;
+    /* No data hashed. */
+    sha512->loLen   = 0;
+    sha512->hiLen   = 0;
+}
+
+#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+#if !defined(WOLFSSL_NOSHA512_224)
+/**
+ * Initialize given wc_Sha512 structure with value specific to sha512/224.
+ * Note that sha512/224 has different initial hash value from sha512.
+ * The initial hash value consists of eight 64bit words. They are given
+ * in FIPS180-4.
+ */
+static void InitSha512_224_State(wc_Sha512* sha512)
+{
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha512->digest[0] = W64LIT(0x8c3d37c819544da2);
+    sha512->digest[1] = W64LIT(0x73e1996689dcd4d6);
+    sha512->digest[2] = W64LIT(0x1dfab7ae32ff9c82);
+    sha512->digest[3] = W64LIT(0x679dd514582f9fcf);
+    sha512->digest[4] = W64LIT(0x0f6d2b697bd44da8);
+    sha512->digest[5] = W64LIT(0x77e36f7304c48942);
+    sha512->digest[6] = W64LIT(0x3f9d85a86a1d36c8);
+    sha512->digest[7] = W64LIT(0x1112e6ad91d692a1);
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha512->digest[0] = W64LIT(0x77e36f7304c48942);
+    sha512->digest[1] = W64LIT(0x0f6d2b697bd44da8);
+    sha512->digest[2] = W64LIT(0x73e1996689dcd4d6);
+    sha512->digest[3] = W64LIT(0x8c3d37c819544da2);
+    sha512->digest[4] = W64LIT(0x1112e6ad91d692a1);
+    sha512->digest[5] = W64LIT(0x3f9d85a86a1d36c8);
+    sha512->digest[6] = W64LIT(0x679dd514582f9fcf);
+    sha512->digest[7] = W64LIT(0x1dfab7ae32ff9c82);
+#endif
+
+    /* No hashed data. */
+    sha512->buffLen = 0;
+    /* No data hashed. */
+    sha512->loLen   = 0;
+    sha512->hiLen   = 0;
+}
+#endif /* !WOLFSSL_NOSHA512_224 */
+#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
+
+#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+#if !defined(WOLFSSL_NOSHA512_256)
+/**
+ * Initialize given wc_Sha512 structure with value specific to sha512/256.
+ * Note that sha512/256 has different initial hash value from sha512.
+ * The initial hash value consists of eight 64bit words. They are given
+ * in FIPS180-4.
+ */
+static void InitSha512_256_State(wc_Sha512* sha512)
+{
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha512->digest[0] = W64LIT(0x22312194fc2bf72c);
+    sha512->digest[1] = W64LIT(0x9f555fa3c84c64c2);
+    sha512->digest[2] = W64LIT(0x2393b86b6f53b151);
+    sha512->digest[3] = W64LIT(0x963877195940eabd);
+    sha512->digest[4] = W64LIT(0x96283ee2a88effe3);
+    sha512->digest[5] = W64LIT(0xbe5e1e2553863992);
+    sha512->digest[6] = W64LIT(0x2b0199fc2c85b8aa);
+    sha512->digest[7] = W64LIT(0x0eb72ddc81c52ca2);
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha512->digest[0] = W64LIT(0xbe5e1e2553863992);
+    sha512->digest[1] = W64LIT(0x96283ee2a88effe3);
+    sha512->digest[2] = W64LIT(0x9f555fa3c84c64c2);
+    sha512->digest[3] = W64LIT(0x22312194fc2bf72c);
+    sha512->digest[4] = W64LIT(0x0eb72ddc81c52ca2);
+    sha512->digest[5] = W64LIT(0x2b0199fc2c85b8aa);
+    sha512->digest[6] = W64LIT(0x963877195940eabd);
+    sha512->digest[7] = W64LIT(0x2393b86b6f53b151);
+#endif
+
+    /* No hashed data. */
+    sha512->buffLen = 0;
+    /* No data hashed. */
+    sha512->loLen   = 0;
+    sha512->hiLen   = 0;
+}
+#endif /* !WOLFSSL_NOSHA512_256 */
+#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
+
+/* More data hashed, add length to 64-bit cumulative total.
+ *
+ * @param [in, out] sha512  SHA-512 object. Assumed not NULL.
+ * @param [in]      len     Length to add.
+ */
+static WC_INLINE void AddLength(wc_Sha512* sha512, word32 len)
+{
+    word32 tmp = sha512->loLen;
+    if ((sha512->loLen += len) < tmp)
+        sha512->hiLen++;                       /* carry low to high */
+}
+
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+
+/* Load a word with bytes reversed. */
+#define LOAD_DWORD_REV(r, o, p, t0, t1, t2, t3) \
+    "lbu    " #t0 ", " #o "+4(" #p ")\n\t"      \
+    "lbu    " #t1 ", " #o "+5(" #p ")\n\t"      \
+    "lbu    " #t2 ", " #o "+6(" #p ")\n\t"      \
+    "lbu    " #r ", " #o "+7(" #p ")\n\t"       \
+    "slli   " #t0 ", " #t0 ", 24\n\t"           \
+    "slli   " #t1 ", " #t1 ", 16\n\t"           \
+    "slli   " #t2 ", " #t2 ", 8\n\t"            \
+    "or     " #r ", " #r ", " #t0 "\n\t"        \
+    "or     " #r ", " #r ", " #t1 "\n\t"        \
+    "or     " #r ", " #r ", " #t2 "\n\t"        \
+    "lbu    " #t0 ", " #o "+0(" #p ")\n\t"      \
+    "lbu    " #t1 ", " #o "+1(" #p ")\n\t"      \
+    "lbu    " #t2 ", " #o "+2(" #p ")\n\t"      \
+    "lbu    " #t3 ", " #o "+3(" #p ")\n\t"      \
+    "slli   " #t0 ", " #t0 ", 56\n\t"           \
+    "slli   " #t1 ", " #t1 ", 48\n\t"           \
+    "slli   " #t2 ", " #t2 ", 40\n\t"           \
+    "slli   " #t3 ", " #t3 ", 32\n\t"           \
+    "or     " #r ", " #r ", " #t0 "\n\t"        \
+    "or     " #r ", " #r ", " #t1 "\n\t"        \
+    "or     " #r ", " #r ", " #t2 "\n\t"        \
+    "or     " #r ", " #r ", " #t3 "\n\t"
+
+#endif
+
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+
+#ifdef WOLFSSL_RISCV_SCALAR_CRYPTO_ASM
+
+/* SHA-512 SUM0 operation. */
+#define SHA512SUM0(rd, rs1)                                         \
+    ASM_WORD((0b000100000100 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-512 SUM1 operation. */
+#define SHA512SUM1(rd, rs1)                                         \
+    ASM_WORD((0b000100000101 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-512 SIGMA0 operation. */
+#define SHA512SIG0(rd, rs1)                                         \
+    ASM_WORD((0b000100000110 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-512 SIGMA1 operation. */
+#define SHA512SIG1(rd, rs1)                                         \
+    ASM_WORD((0b000100000111 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+
+/* One round of compression. */
+#define RND(a, b, c, d, e, f, g, h, w, k)                       \
+    /* Get e and a */                                           \
+    "mv     a4, " #e "\n\t"                                     \
+    "mv     a5, " #a "\n\t"                                     \
+    /* Sigma1(e) */                                             \
+    SHA512SUM1(REG_A4, REG_A4)                                  \
+    /* Sigma0(a) */                                             \
+    SHA512SUM0(REG_A5, REG_A5)                                  \
+    /* Maj(a, b, c) = t5 */                                     \
+    /* Ch(e, f, g) = t6 */                                      \
+    /* a ^ b */                                                 \
+    "xor    t4, " #a ", " #b "\n\t"                             \
+    /* f ^ g */                                                 \
+    "xor    t6, " #f ", " #g "\n\t"                             \
+    /* b ^ c */                                                 \
+    "xor    t5, " #b ", " #c "\n\t"                             \
+    /* (f ^ g) & e */                                           \
+    "and    t6, t6, " #e "\n\t"                                 \
+    /* (a^b) & (b^c) */                                         \
+    "and    t5, t5, t4\n\t"                                     \
+    /* ((f ^ g) & e) ^ g */                                     \
+    "xor    t6, t6, " #g "\n\t"                                 \
+    /* ((a^b) & (b^c)) ^ b */                                   \
+    "xor    t5, t5, " #b "\n\t"                                 \
+    /* sigma1 + Ch */                                           \
+    "add    t4, a4, t6\n\t"                                     \
+    /* K + W */                                                 \
+    "add    t6, " #k ", " #w "\n\t"                             \
+    /* sigma1 + Ch + K + W = 't0'-h */                          \
+    "add    t4, t4, t6\n\t"                                     \
+    /* h + sigma1 + Ch + K + W = 't0' = h */                    \
+    "add    " #h ", " #h ", t4\n\t"                             \
+    /* Sigma0(a) + Maj = 't1' */                                \
+    "add    t5, a5, t5\n\t"                                     \
+    /* d += 't0' */                                             \
+    "add    " #d ", " #d ", " #h "\n\t"                         \
+    /* h += 't1' */                                             \
+    "add    " #h ", " #h ", t5\n\t"
+
+#define W_UPDATE(w0, w1, w9, w14, reg_w0, reg_w1, reg_w9, reg_w14)  \
+    /* Gamma0(W[1]) */                                              \
+    SHA512SIG0(REG_A4, reg_w1)                                      \
+    /* Gamma1(W[i-2]) = Gamma1(W[14]) */                            \
+    SHA512SIG1(REG_A5, reg_w14)                                     \
+    /* Gamma1(W[14]) + W[9] */                                      \
+    "add    a5, a5, " #w9 "\n\t"                                    \
+    /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */              \
+    "add    " #w0 ", " #w0 ", a4\n\t"                               \
+    /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */         \
+    "add    " #w0 ", a5, " #w0 "\n\t"
+
+#else
+
+/* SHA-512 SUM0 operation. */
+#define SHA512SUM0(rd, rs1)                                     \
+    "slli   t5, " #rs1 ", 36\n\t"                               \
+    "srli   t4, " #rs1 ", 28\n\t"                               \
+    "slli   t6, " #rs1 ", 30\n\t"                               \
+    "or     t4, t4, t5\n\t"                                     \
+    "srli   t5, " #rs1 ", 34\n\t"                               \
+    "xor    t4, t4, t6\n\t"                                     \
+    "slli   t6, " #rs1 ", 25\n\t"                               \
+    "xor    t4, t4, t5\n\t"                                     \
+    "srli   " #rd ", " #rs1 ", 39\n\t"                          \
+    "xor    t4, t4, t6\n\t"                                     \
+    "xor    " #rd ", " #rd ", t4\n\t"
+
+/* SHA-512 SUM1 operation. */
+#define SHA512SUM1(rd, rs1)                                     \
+    "slli   t5, " #rs1 ", 50\n\t"                               \
+    "srli   t4, " #rs1 ", 14\n\t"                               \
+    "slli   t6, " #rs1 ", 46\n\t"                               \
+    "or     t4, t4, t5\n\t"                                     \
+    "srli   t5, " #rs1 ", 18\n\t"                               \
+    "xor    t4, t4, t6\n\t"                                     \
+    "slli   t6, " #rs1 ", 23\n\t"                               \
+    "xor    t4, t4, t5\n\t"                                     \
+    "srli   " #rd ", " #rs1 ", 41\n\t"                          \
+    "xor    t4, t4, t6\n\t"                                     \
+    "xor    " #rd ", " #rd ", t4\n\t"
+
+/* SHA-512 SIGMA0 operation. */
+#define SHA512SIG0(rd, rs1)                                     \
+    "slli   t5, " #rs1 ", 63\n\t"                               \
+    "srli   t6, " #rs1 ", 1\n\t"                                \
+    "slli   t4, " #rs1 ", 56\n\t"                               \
+    "or     t6, t6, t5\n\t"                                     \
+    "srli   t5, " #rs1 ", 8\n\t"                                \
+    "xor    t6, t6, t4\n\t"                                     \
+    "srli   " #rd ", " #rs1 ", 7\n\t"                           \
+    "xor    t6, t6, t5\n\t"                                     \
+    "xor    " #rd ", " #rd ", t6\n\t"
+
+/* SHA-512 SIGMA1 operation. */
+#define SHA512SIG1(rd, rs1)                                     \
+    "slli   t5, " #rs1 ", 45\n\t"                               \
+    "srli   t6, " #rs1 ", 19\n\t"                               \
+    "slli   t4, " #rs1 ", 3\n\t"                                \
+    "or     t6, t6, t5\n\t"                                     \
+    "srli   t5, " #rs1 ", 61\n\t"                               \
+    "xor    t6, t6, t4\n\t"                                     \
+    "srli   " #rd ", " #rs1 ", 6\n\t"                           \
+    "xor    t6, t6, t5\n\t"                                     \
+    "xor    " #rd ", " #rd ", t6\n\t"
+
+/* One round of compression. */
+#define RND(a, b, c, d, e, f, g, h, w, k)                       \
+    /* Sigma1(e) */                                             \
+    SHA512SUM1(a4, e)                                           \
+    /* Sigma0(a) */                                             \
+    SHA512SUM0(a5, a)                                           \
+    /* Maj(a, b, c) = t5 */                                     \
+    /* Ch(e, f, g) = t6 */                                      \
+    /* a ^ b */                                                 \
+    "xor    t4, " #a ", " #b "\n\t"                             \
+    /* f ^ g */                                                 \
+    "xor    t6, " #f ", " #g "\n\t"                             \
+    /* b ^ c */                                                 \
+    "xor    t5, " #b ", " #c "\n\t"                             \
+    /* (f ^ g) & e */                                           \
+    "and    t6, t6, " #e "\n\t"                                 \
+    /* (a^b) & (b^c) */                                         \
+    "and    t5, t5, t4\n\t"                                     \
+    /* ((f ^ g) & e) ^ g */                                     \
+    "xor    t6, t6, " #g "\n\t"                                 \
+    /* ((a^b) & (b^c)) ^ b */                                   \
+    "xor    t5, t5, " #b "\n\t"                                 \
+    /* sigma1 + Ch */                                           \
+    "add    t4, a4, t6\n\t"                                     \
+    /* K + W */                                                 \
+    "add    t6, " #k ", " #w "\n\t"                             \
+    /* sigma1 + Ch + K + W = 't0'-h */                          \
+    "add    t4, t4, t6\n\t"                                     \
+    /* h + sigma1 + Ch + K + W = 't0' = h */                    \
+    "add    " #h ", " #h ", t4\n\t"                             \
+    /* Sigma0(a) + Maj = 't1' */                                \
+    "add    t5, a5, t5\n\t"                                     \
+    /* d += 't0' */                                             \
+    "add    " #d ", " #d ", " #h "\n\t"                         \
+    /* h += 't1' */                                             \
+    "add    " #h ", " #h ", t5\n\t"
+
+/* Two message schedule updates. */
+#define W_UPDATE(w0, w1, w9, w14, reg_w0, reg_w1, reg_w9, reg_14)   \
+    /* Gamma0(W[1]) */                                              \
+    SHA512SIG0(a4, w1)                                              \
+    /* Gamma1(W[i-2]) = Gamma1(W[14]) */                            \
+    SHA512SIG1(a5, w14)                                             \
+    /* Gamma1(W[14]) + W[9] */                                      \
+    "add    a5, a5, " #w9 "\n\t"                                    \
+    /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */              \
+    "add    " #w0 ", " #w0 ", a4\n\t"                               \
+    /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */         \
+    "add    " #w0 ", a5, " #w0 "\n\t"
+
+
+#endif /* WOLFSSL_RISCV_SCALAR_CRYPTO_ASM */
+
+#define RND2_W(a, b, c, d, e, f, g, h, o, w2o, w9o, w10o)       \
+    /* Get k[i] */                                              \
+    "ld     a6, " #o "(%[k])\n\t"                               \
+    /* Get k[i+1] */                                            \
+    "ld     a7, " #o "+8(%[k])\n\t"                             \
+    RND(a, b, c, d, e, f, g, h, s1, a6)                         \
+    /* Get W[1] */                                              \
+    "ld     s2, " #o "+8(sp)\n\t"                               \
+    /* Get W[9] */                                              \
+    "ld     s3, " #w9o "(sp)\n\t"                               \
+    W_UPDATE(s1, s2, s3, s4, REG_S1, REG_S2, REG_S3, REG_S4)    \
+    RND(h, a, b, c, d, e, f, g, s2, a7)                         \
+    "mv     s4, s1\n\t"                                         \
+    /* Get W[2] */                                              \
+    "ld     s1, " #w2o "(sp)\n\t"                               \
+    /* Get W[10] */                                             \
+    "ld     s3, " #w10o "(sp)\n\t"                              \
+    W_UPDATE(s2, s1, s3, s5, REG_S2, REG_S1, REG_S3, REG_S5)    \
+    "sd     s4, " #o "(sp)\n\t"                                 \
+    "mv     s5, s2\n\t"                                         \
+    "sd     s2, " #o "+8(sp)\n\t"
+
+/* Sixteen rounds of compression with message scheduling. */
+#define RND16()                                                     \
+    RND2_W(t0, t1, t2, t3, s8, s9, s10, s11,   0,  16,  72,  80)    \
+    RND2_W(s10, s11, t0, t1, t2, t3, s8, s9,  16,  32,  88,  96)    \
+    RND2_W(s8, s9, s10, s11, t0, t1, t2, t3,  32,  48, 104, 112)    \
+    RND2_W(t2, t3, s8, s9, s10, s11, t0, t1,  48,  64, 120,   0)    \
+    RND2_W(t0, t1, t2, t3, s8, s9, s10, s11,  64,  80,   8,  16)    \
+    RND2_W(s10, s11, t0, t1, t2, t3, s8, s9,  80,  96,  24,  32)    \
+    RND2_W(s8, s9, s10, s11, t0, t1, t2, t3,  96, 112,  40,  48)    \
+    RND2_W(t2, t3, s8, s9, s10, s11, t0, t1, 112,   0,  56,  64)
+
+#define RND2(a, b, c, d, e, f, g, h, o)     \
+    /* Get k[i] */                          \
+    "ld     a6, " #o "(%[k])\n\t"           \
+    /* Get W[0] */                          \
+    "ld     s1, " #o "(sp)\n\t"             \
+    RND(a, b, c, d, e, f, g, h, s1, a6)     \
+    /* Get k[i] */                          \
+    "ld     a6, " #o "+8(%[k])\n\t"         \
+    /* Get W[1] */                          \
+    "ld     s1, " #o "+8(sp)\n\t"           \
+    RND(h, a, b, c, d, e, f, g, s1, a6)
+
+/* Sixteen rounds of compression only. */
+#define RND16_LAST()                               \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11,   0)    \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9,  16)    \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3,  32)    \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1,  48)    \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11,  64)    \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9,  80)    \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3,  96)    \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1, 112)
+
+/* Transform the message data.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      blocks  Number of blocks of data to hash.
+ */
+static WC_INLINE void Sha512Transform(wc_Sha512* sha512, const byte* data,
+    word32 blocks)
+{
+    word64* k = (word64*)K512;
+
+    __asm__ __volatile__ (
+        "addi   sp, sp, -128\n\t"
+
+        /* Load digest. */
+        "ld     t0, 0(%[digest])\n\t"
+        "ld     t1, 8(%[digest])\n\t"
+        "ld     t2, 16(%[digest])\n\t"
+        "ld     t3, 24(%[digest])\n\t"
+        "ld     s8, 32(%[digest])\n\t"
+        "ld     s9, 40(%[digest])\n\t"
+        "ld     s10, 48(%[digest])\n\t"
+        "ld     s11, 56(%[digest])\n\t"
+
+        /* 5 rounds of 16 per block - 4 loops of 16 and 1 final 16. */
+        "slli   %[blocks], %[blocks], 2\n\t"
+
+    "\n1:\n\t"
+        /* beginning of SHA512 block operation */
+        /* Load W */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        LOAD_DWORD_REV(t4,  0, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s1,  8, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s2, 16, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s3, 24, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s4, 32, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s5, 40, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s6, 48, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s7, 56, %[data], a4, a5, a6, a7)
+#else
+        "ld     t4,  0(%[data])\n\t"
+        "ld     s1,  8(%[data])\n\t"
+        "ld     s2, 16(%[data])\n\t"
+        "ld     s3, 24(%[data])\n\t"
+        "ld     s4, 32(%[data])\n\t"
+        "ld     s5, 40(%[data])\n\t"
+        "ld     s6, 48(%[data])\n\t"
+        "ld     s7, 56(%[data])\n\t"
+        REV8(REG_T4, REG_T4)
+        REV8(REG_S1, REG_S1)
+        REV8(REG_S2, REG_S2)
+        REV8(REG_S3, REG_S3)
+        REV8(REG_S4, REG_S4)
+        REV8(REG_S5, REG_S5)
+        REV8(REG_S6, REG_S6)
+        REV8(REG_S7, REG_S7)
+#endif
+        "sd    t4,  0(sp)\n\t"
+        "sd    s1,  8(sp)\n\t"
+        "sd    s2, 16(sp)\n\t"
+        "sd    s3, 24(sp)\n\t"
+        "sd    s4, 32(sp)\n\t"
+        "sd    s5, 40(sp)\n\t"
+        "sd    s6, 48(sp)\n\t"
+        "sd    s7, 56(sp)\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        LOAD_DWORD_REV(t4,  64, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s1,  72, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s2,  80, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s3,  88, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s4,  96, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s5, 104, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s6, 112, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s7, 120, %[data], a4, a5, a6, a7)
+#else
+        "ld    t4,  64(%[data])\n\t"
+        "ld    s1,  72(%[data])\n\t"
+        "ld    s2,  80(%[data])\n\t"
+        "ld    s3,  88(%[data])\n\t"
+        "ld    s4,  96(%[data])\n\t"
+        "ld    s5, 104(%[data])\n\t"
+        "ld    s6, 112(%[data])\n\t"
+        "ld    s7, 120(%[data])\n\t"
+        REV8(REG_T4, REG_T4)
+        REV8(REG_S1, REG_S1)
+        REV8(REG_S2, REG_S2)
+        REV8(REG_S3, REG_S3)
+        REV8(REG_S4, REG_S4)
+        REV8(REG_S5, REG_S5)
+        REV8(REG_S6, REG_S6)
+        REV8(REG_S7, REG_S7)
+#endif
+        "sd    t4,  64(sp)\n\t"
+        "sd    s1,  72(sp)\n\t"
+        "sd    s2,  80(sp)\n\t"
+        "sd    s3,  88(sp)\n\t"
+        "sd    s4,  96(sp)\n\t"
+        "sd    s5, 104(sp)\n\t"
+        "sd    s6, 112(sp)\n\t"
+        "sd    s7, 120(sp)\n\t"
+
+    "\n2:\n\t"
+        /* Get W[0] */
+        "ld     s1, 0(sp)\n\t"
+        /* Get W[14] */
+        "ld     s4, 112(sp)\n\t"
+        /* Get W[15] */
+        "ld     s5, 120(sp)\n\t"
+        "addi   %[blocks], %[blocks], -1\n\t"
+        RND16()
+        "andi   a4, %[blocks], 3\n\t"
+        "add    %[k], %[k], 128\n\t"
+        "bnez   a4, 2b \n\t"
+        RND16_LAST()
+        "addi   %[k], %[k], -512\n\t"
+
+        "# Add working vars back into digest state.\n\t"
+        "ld     t4, 0(%[digest])\n\t"
+        "ld     s1, 8(%[digest])\n\t"
+        "ld     s2, 16(%[digest])\n\t"
+        "ld     s3, 24(%[digest])\n\t"
+        "ld     s4, 32(%[digest])\n\t"
+        "ld     s5, 40(%[digest])\n\t"
+        "ld     s6, 48(%[digest])\n\t"
+        "ld     s7, 56(%[digest])\n\t"
+        "add    t0, t0, t4\n\t"
+        "add    t1, t1, s1\n\t"
+        "add    t2, t2, s2\n\t"
+        "add    t3, t3, s3\n\t"
+        "add    s8, s8, s4\n\t"
+        "add    s9, s9, s5\n\t"
+        "add    s10, s10, s6\n\t"
+        "add    s11, s11, s7\n\t"
+
+        /* Store digest. */
+        "sd     t0, 0(%[digest])\n\t"
+        "sd     t1, 8(%[digest])\n\t"
+        "sd     t2, 16(%[digest])\n\t"
+        "sd     t3, 24(%[digest])\n\t"
+        "sd     s8, 32(%[digest])\n\t"
+        "sd     s9, 40(%[digest])\n\t"
+        "sd     s10, 48(%[digest])\n\t"
+        "sd     s11, 56(%[digest])\n\t"
+
+        "add    %[data], %[data], 128\n\t"
+        "bnez   %[blocks], 1b \n\t"
+
+        "addi   sp, sp, 128\n\t"
+
+        : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k)
+        : [digest] "r" (sha512->digest)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7",
+          "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10",
+          "s11"
+    );
+}
+
+#else
+
+/* Two rounds of compression using low two W values.
+ * Assumes K has been added into W values.
+ */
+#define VSHA2CL_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101111 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+/* Two rounds of compression using upper two W values.
+ * Assumes K has been added into W values.
+ */
+#define VSHA2CH_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101110 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+/* Update 4 W values - message scheduling. */
+#define VSHA2MS_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101101 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+#define RND4(w0, w2, w4, w6, k)                     \
+    /* Four rounds of compression. */               \
+    VADD_VV(REG_V14, w0, k)                         \
+    VMV_X_S(REG_T1, w2)                             \
+    VSHA2CL_VV(REG_V10, REG_V14, REG_V8)            \
+    VMV_V_V(REG_V12, w4)                            \
+    VSHA2CH_VV(REG_V8, REG_V14, REG_V10)            \
+    /* Update 4 W values - message schedule. */     \
+    VMV_S_X(REG_V12, REG_T1)                        \
+    VSHA2MS_VV(w0, w6, REG_V12)
+
+#define RND4_LAST(w, k)                             \
+    /* Four rounds of compression. */               \
+    VADD_VV(REG_V14, w, k)                          \
+    VSHA2CL_VV(REG_V10, REG_V14, REG_V8)            \
+    VSHA2CH_VV(REG_V8, REG_V14, REG_V10)
+
+#define RND16(k)                                    \
+    RND4(REG_V0, REG_V2, REG_V4, REG_V6, (k + 0))   \
+    RND4(REG_V2, REG_V4, REG_V6, REG_V0, (k + 2))   \
+    RND4(REG_V4, REG_V6, REG_V0, REG_V2, (k + 4))   \
+    RND4(REG_V6, REG_V0, REG_V2, REG_V4, (k + 6))
+
+#define RND16_LAST(k)           \
+    RND4_LAST(REG_V0, (k + 0))  \
+    RND4_LAST(REG_V2, (k + 2))  \
+    RND4_LAST(REG_V4, (k + 4))  \
+    RND4_LAST(REG_V6, (k + 6))
+
+/* Transform the message data.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      blocks  Number of blocks of data to hash.
+ */
+static void Sha512Transform(wc_Sha512* sha512, const byte* data,
+    word32 blocks)
+{
+    word64* k = (word64*)K512;
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001)
+
+        /* Load: a|b|e|f, c|d|g|h
+         *       3 2 1 0  3 2 1 0
+         */
+        "mv     t0, %[digest]\n\t"
+        VL4RE64_V(REG_V8, REG_T0)
+
+    "\n1:\n\t"
+        VMVR_V(REG_V28, REG_V8, 4)
+
+        /* Load 16 W into 8 vectors of 2 64-bit words. */
+        "mv     t0, %[data]\n\t"
+        VL8RE64_V(REG_V0, REG_T0)
+        VREV8(REG_V0, REG_V0)
+        VREV8(REG_V2, REG_V2)
+        VREV8(REG_V4, REG_V4)
+        VREV8(REG_V6, REG_V6)
+
+        "mv     t0, %[k]\n\t"
+        VL8RE64_V(REG_V16, REG_T0)
+        RND16(REG_V16)
+        "addi   t0, %[k], 128\n\t"
+        VL8RE64_V(REG_V16, REG_T0)
+        RND16(REG_V16)
+        "addi   t0, %[k], 256\n\t"
+        VL8RE64_V(REG_V16, REG_T0)
+        RND16(REG_V16)
+        "addi   t0, %[k], 384\n\t"
+        VL8RE64_V(REG_V16, REG_T0)
+        RND16(REG_V16)
+        "addi   t0, %[k], 512\n\t"
+        VL8RE64_V(REG_V16, REG_T0)
+        RND16_LAST(REG_V16)
+
+        VADD_VV(REG_V8, REG_V8, REG_V28)
+        VADD_VV(REG_V10, REG_V10, REG_V30)
+
+        "addi   %[blocks], %[blocks], -1\n\t"
+        "add    %[data], %[data], 128\n\t"
+        "bnez   %[blocks], 1b \n\t"
+
+        "mv     t0, %[digest]\n\t"
+        VS4R_V(REG_V8, REG_T0)
+
+        : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k)
+        : [digest] "r" (sha512->digest)
+        : "cc", "memory", "t0", "t1"
+    );
+}
+
+#endif /* WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ */
+static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data,
+    word32 len)
+{
+    word32 add;
+    word32 blocks;
+
+    /* only perform actions if a buffer is passed in */
+    if (len > 0) {
+        AddLength(sha512, len);
+
+        if (sha512->buffLen > 0) {
+             /* fill leftover buffer with data */
+             add = min(len, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
+             XMEMCPY((byte*)(sha512->buffer) + sha512->buffLen, data, add);
+             sha512->buffLen += add;
+             data            += add;
+             len             -= add;
+             if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) {
+                 Sha512Transform(sha512, (byte*)sha512->buffer, 1);
+                 sha512->buffLen = 0;
+             }
+        }
+
+        /* number of blocks in a row to complete */
+        blocks = len / WC_SHA512_BLOCK_SIZE;
+
+        if (blocks > 0) {
+            Sha512Transform(sha512, data, blocks);
+            data += blocks * WC_SHA512_BLOCK_SIZE;
+            len  -= blocks * WC_SHA512_BLOCK_SIZE;
+        }
+
+        if (len > 0) {
+            /* copy over any remaining data leftover */
+            XMEMCPY(sha512->buffer, data, len);
+            sha512->buffLen = len;
+        }
+    }
+
+    /* account for possibility of not used if len = 0 */
+    (void)add;
+    (void)blocks;
+
+    return 0;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha512   SHA-512 object.
+ * @param [out]     hash     Buffer to hold hash result.
+ * @param [in]      hashLen  Length of hash to write out.
+ */
+static WC_INLINE void Sha512Final(wc_Sha512* sha512, byte* hash, int hashLen)
+{
+    byte* local;
+    byte hashBuf[WC_SHA512_DIGEST_SIZE];
+    byte* hashRes = hash;
+
+    if (hashLen < WC_SHA512_DIGEST_SIZE) {
+        hashRes = hashBuf;
+    }
+
+    local = (byte*)sha512->buffer;
+    local[sha512->buffLen++] = 0x80;     /* add 1 */
+
+    /* pad with zeros */
+    if (sha512->buffLen > WC_SHA512_PAD_SIZE) {
+        XMEMSET(&local[sha512->buffLen], 0,
+            WC_SHA512_BLOCK_SIZE - sha512->buffLen);
+        Sha512Transform(sha512, (byte*)sha512->buffer, 1);
+        sha512->buffLen = 0;
+    }
+    XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_PAD_SIZE - sha512->buffLen);
+
+    /* put lengths in bits */
+    sha512->hiLen = (sha512->loLen >> (8*sizeof(sha512->loLen) - 3)) +
+        (sha512->hiLen << 3);
+    sha512->loLen = sha512->loLen << 3;
+
+    sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2] = sha512->hiLen;
+    sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen;
+
+    /* store lengths */
+    __asm__ __volatile__ (
+        /* Reverse byte order of 64-bit words. */
+#if defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION)
+        "ld     t0, 112(%[buff])\n\t"
+        "ld     t1, 120(%[buff])\n\t"
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+#else
+        LOAD_DWORD_REV(t0, 112, %[buff], t2, t3, t4, t5)
+        LOAD_DWORD_REV(t1, 120, %[buff], t2, t3, t4, t5)
+#endif
+        "sd     t0, 112(%[buff])\n\t"
+        "sd     t1, 120(%[buff])\n\t"
+        :
+        : [buff] "r" (sha512->buffer)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5"
+    );
+
+    Sha512Transform(sha512, (byte*)sha512->buffer, 1);
+
+    __asm__ __volatile__ (
+        /* Reverse byte order of 64-bit words. */
+#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM)
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001)
+        "mv     t0, %[digest]\n\t"
+        VL4RE64_V(REG_V4, REG_T0)
+        VREV8(REG_V4, REG_V4)
+        VREV8(REG_V6, REG_V6)
+        VSETIVLI(REG_ZERO, 2, 1, 1, 0b011, 0b000)
+        /* e|f, a|b, g|h, c|d
+         * 1 0  1 0  1 0  1 0 */
+        VSLIDEDOWN_VI(REG_V0, REG_V5, 1) /* a */
+        VSLIDEDOWN_VI(REG_V1, REG_V7, 1) /* c */
+        VSLIDEDOWN_VI(REG_V2, REG_V4, 1) /* e */
+        VSLIDEDOWN_VI(REG_V3, REG_V6, 1) /* g */
+        VSLIDEUP_VI(REG_V0, REG_V5, 1)
+        VSLIDEUP_VI(REG_V1, REG_V7, 1)
+        VSLIDEUP_VI(REG_V2, REG_V4, 1)
+        VSLIDEUP_VI(REG_V3, REG_V6, 1)
+        "mv     t0, %[hash]\n\t"
+        VS4R_V(REG_V0, REG_T0)
+#elif defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION)
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001)
+        "mv     t0, %[digest]\n\t"
+        VL4RE64_V(REG_V0, REG_T0)
+        VREV8(REG_V0, REG_V0)
+        VREV8(REG_V2, REG_V2)
+        "mv     t0, %[hash]\n\t"
+        VS4R_V(REG_V0, REG_T0)
+#elif defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION)
+        "ld     t0, 0(%[digest])\n\t"
+        "ld     t1, 8(%[digest])\n\t"
+        "ld     t2, 16(%[digest])\n\t"
+        "ld     t3, 24(%[digest])\n\t"
+        "ld     s8, 32(%[digest])\n\t"
+        "ld     s9, 40(%[digest])\n\t"
+        "ld     s10, 48(%[digest])\n\t"
+        "ld     s11, 56(%[digest])\n\t"
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T2, REG_T2)
+        REV8(REG_T3, REG_T3)
+        REV8(REG_S8, REG_S8)
+        REV8(REG_S9, REG_S9)
+        REV8(REG_S10, REG_S10)
+        REV8(REG_S11, REG_S11)
+        "sd     t0, 0(%[hash])\n\t"
+        "sd     t1, 8(%[hash])\n\t"
+        "sd     t2, 16(%[hash])\n\t"
+        "sd     t3, 24(%[hash])\n\t"
+        "sd     s8, 32(%[hash])\n\t"
+        "sd     s9, 40(%[hash])\n\t"
+        "sd     s10, 48(%[hash])\n\t"
+        "sd     s11, 56(%[hash])\n\t"
+#else
+        LOAD_DWORD_REV(t0,  0, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(t1,  8, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(t2,  16, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(t3,  24, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s8,  32, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s9,  40, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s10,  48, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s11,  56, %[digest], a4, a5, a6, a7)
+        "sd     t0, 0(%[hash])\n\t"
+        "sd     t1, 8(%[hash])\n\t"
+        "sd     t2, 16(%[hash])\n\t"
+        "sd     t3, 24(%[hash])\n\t"
+        "sd     s8, 32(%[hash])\n\t"
+        "sd     s9, 40(%[hash])\n\t"
+        "sd     s10, 48(%[hash])\n\t"
+        "sd     s11, 56(%[hash])\n\t"
+#endif
+        :
+        : [digest] "r" (sha512->digest), [hash] "r" (hashRes)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "s8", "s9", "s10", "s11", "a4", "a5", "a6", "a7"
+    );
+
+    if (hashRes == hashBuf) {
+        XMEMCPY(hash, hashBuf, hashLen);
+    }
+}
+
+
+#ifndef NO_SHA512
+
+/* Initialize SHA-512 object for hashing.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      heap    Dynamic memory hint.
+ * @param [in]      devId   Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 is NULL.
+ */
+int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    int ret = InitSha512(sha512, heap, devId);
+    if (ret == 0) {
+        InitSha512_State(sha512);
+    }
+    return ret;
+}
+
+/* Initialize SHA-512 object for hashing.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 is NULL.
+ */
+int wc_InitSha512(wc_Sha512* sha512)
+{
+    return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
+}
+
+/* Free the SHA-512 hash.
+ *
+ * @param [in] sha512  SHA-512 object.
+ */
+void wc_Sha512Free(wc_Sha512* sha512)
+{
+    /* No dynamic memory allocated. */
+    (void)sha512;
+}
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 is NULL.
+ * @return  BAD_FUNC_ARG when data is NULL but len is not 0.
+ */
+int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || ((data == NULL) && (len != 0))) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = Sha512Update(sha512, data, len);
+    }
+
+    return ret;
+}
+
+/* Put the current hash into buffer.
+ *
+ * @param [in, out] sha512   SHA-512 object.
+ * @param [out]     hash     Buffer to hold hash result.
+ * @param [in]      hashLen  Length of hash to write out.
+ */
+static void Sha512FinalRaw(wc_Sha512* sha512, byte* hash, int hashLen)
+{
+    word32 digest[WC_SHA512_DIGEST_SIZE / sizeof(word32)];
+
+    ByteReverseWords64((word64*)digest, (word64*)sha512->digest,
+        WC_SHA512_DIGEST_SIZE);
+    XMEMCPY(hash, digest, hashLen);
+}
+
+/* Put the current hash into buffer.
+ *
+ * @param [in, out] sha512   SHA-512 object.
+ * @param [out]     hash     Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 or hash is NULL.
+ */
+int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE);
+    }
+
+    return ret;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 or hash is NULL.
+ */
+int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Finalize hash. */
+        Sha512Final(sha512, hash, WC_SHA512_DIGEST_SIZE);
+        /* Restart SHA-512 object for next hash. */
+        InitSha512_State(sha512);
+    }
+
+    return ret;
+}
+
+/* Finalize the hash and put into buffer but don't modify state.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 or hash is NULL.
+ */
+int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha512 tmpSha512;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha512Copy(sha512, &tmpSha512);
+        if (ret == 0) {
+            /* Finalize copy. */
+            Sha512Final(&tmpSha512, hash, WC_SHA512_DIGEST_SIZE);
+            wc_Sha512Free(&tmpSha512);
+        }
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+/* Set flags of SHA-512 object.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      flags   Flags to set.
+ * @return  0 on success.
+ */
+int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags)
+{
+    /* Check we have an object to use. */
+    if (sha512 != NULL) {
+        sha512->flags = flags;
+    }
+    return 0;
+}
+/* Get flags of SHA-512 object.
+ *
+ * @param [in]  sha512  SHA-512 object.
+ * @param [out] flags   Flags from SHA-512 object.
+ * @return  0 on success.
+ */
+int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags)
+{
+    /* Check we have an object and return parameter to use. */
+    if ((sha512 != NULL) && (flags != NULL)) {
+        *flags = sha512->flags;
+    }
+    return 0;
+}
+#endif
+
+/* Deep copy the SHA-512 object.
+ *
+ * @param [in]  src  SHA-512 object to copy.
+ * @param [out] dst  SHA-512 object to fill.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when src or dst is NULL.
+ */
+int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((src == NULL) || (dst == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        XMEMCPY(dst, src, sizeof(wc_Sha512));
+    }
+
+    return ret;
+}
+
+#ifdef OPENSSL_EXTRA
+/* Update the hash with one block of data.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 or data is NULL.
+ */
+int wc_Sha512Transform(wc_Sha512* sha512, const unsigned char* data)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (data == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ByteReverseWords((word32*)sha512->buffer, (word32*)data, WC_SHA512_BLOCK_SIZE);
+        Sha512Transform(sha512, (byte*)sha512->buffer, 1);
+    }
+
+    return ret;
+}
+#endif
+
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+/* Update the hash with one block of data and optionally get hash.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [out]     hash    Buffer to hold hash. May be NULL.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 or data is NULL.
+ */
+int wc_Sha512HashBlock(wc_Sha512* sha512, const unsigned char* data,
+    unsigned char* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (data == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Hash block. */
+        Sha512Transform(sha512, data, 1);
+
+        if (hash != NULL) {
+            /* Reverse bytes in digest. */
+            word32* hash32 = (word32*)hash;
+            word32* digest = (word32*)sha512->digest;
+            hash32[0] = ByteReverseWord32(digest[0]);
+            hash32[1] = ByteReverseWord32(digest[1]);
+            hash32[2] = ByteReverseWord32(digest[2]);
+            hash32[3] = ByteReverseWord32(digest[3]);
+            hash32[4] = ByteReverseWord32(digest[4]);
+            hash32[5] = ByteReverseWord32(digest[5]);
+            hash32[6] = ByteReverseWord32(digest[6]);
+            hash32[7] = ByteReverseWord32(digest[7]);
+            /* Reset state. */
+        #ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+            sha512->digest[0] = 0x6A09E667L;
+            sha512->digest[1] = 0xBB67AE85L;
+            sha512->digest[2] = 0x3C6EF372L;
+            sha512->digest[3] = 0xA54FF53AL;
+            sha512->digest[4] = 0x510E527FL;
+            sha512->digest[5] = 0x9B05688CL;
+            sha512->digest[6] = 0x1F83D9ABL;
+            sha512->digest[7] = 0x5BE0CD19L;
+        #else
+            /* f, e, b, a, h, g, d, c */
+            sha512->digest[0] = 0x9B05688CL;
+            sha512->digest[1] = 0x510E527FL;
+            sha512->digest[2] = 0xBB67AE85L;
+            sha512->digest[3] = 0x6A09E667L;
+            sha512->digest[4] = 0x5BE0CD19L;
+            sha512->digest[5] = 0x1F83D9ABL;
+            sha512->digest[6] = 0xA54FF53AL;
+            sha512->digest[7] = 0x3C6EF372L;
+        #endif
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */
+
+#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+
+#if !defined(WOLFSSL_NOSHA512_224)
+
+int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    int ret = InitSha512(sha512, heap, devId);
+    if (ret == 0) {
+        InitSha512_224_State(sha512);
+    }
+    return ret;
+}
+int wc_InitSha512_224(wc_Sha512* sha512)
+{
+    return wc_InitSha512_224_ex(sha512, NULL, INVALID_DEVID);
+}
+int wc_Sha512_224Update(wc_Sha512* sha512, const byte* data, word32 len)
+{
+    return wc_Sha512Update(sha512, data, len);
+}
+int wc_Sha512_224FinalRaw(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        Sha512FinalRaw(sha512, hash, WC_SHA512_224_DIGEST_SIZE);
+    }
+
+    return ret;
+}
+int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Finalize hash. */
+        Sha512Final(sha512, hash, WC_SHA512_224_DIGEST_SIZE);
+        /* Restart SHA-512 object for next hash. */
+        InitSha512_224_State(sha512);
+    }
+
+    return ret;
+}
+void wc_Sha512_224Free(wc_Sha512* sha512)
+{
+    wc_Sha512Free(sha512);
+}
+int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha512 tmpSha512;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha512Copy(sha512, &tmpSha512);
+        if (ret == 0) {
+            /* Finalize copy. */
+            Sha512Final(&tmpSha512, hash, WC_SHA512_224_DIGEST_SIZE);
+            wc_Sha512Free(&tmpSha512);
+        }
+    }
+
+    return ret;
+}
+int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return wc_Sha512Copy(src, dst);
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags)
+{
+    return wc_Sha512SetFlags(sha512, flags);
+}
+int wc_Sha512_224GetFlags(wc_Sha512* sha512, word32* flags)
+{
+    return wc_Sha512GetFlags(sha512, flags);
+}
+#endif /* WOLFSSL_HASH_FLAGS */
+
+#if defined(OPENSSL_EXTRA)
+int wc_Sha512_224Transform(wc_Sha512* sha512, const unsigned char* data)
+{
+    return wc_Sha512Transform(sha512, data);
+}
+#endif /* OPENSSL_EXTRA */
+
+#endif /* !WOLFSSL_NOSHA512_224 */
+
+#if !defined(WOLFSSL_NOSHA512_256)
+
+int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    int ret = InitSha512(sha512, heap, devId);
+    if (ret == 0) {
+        InitSha512_256_State(sha512);
+    }
+    return ret;
+}
+int wc_InitSha512_256(wc_Sha512* sha512)
+{
+    return wc_InitSha512_256_ex(sha512, NULL, INVALID_DEVID);
+}
+int wc_Sha512_256Update(wc_Sha512* sha512, const byte* data, word32 len)
+{
+    return wc_Sha512Update(sha512, data, len);
+}
+int wc_Sha512_256FinalRaw(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        Sha512FinalRaw(sha512, hash, WC_SHA512_256_DIGEST_SIZE);
+    }
+
+    return ret;
+}
+int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Finalize hash. */
+        Sha512Final(sha512, hash, WC_SHA512_256_DIGEST_SIZE);
+        /* Restart SHA-512 object for next hash. */
+        InitSha512_256_State(sha512);
+    }
+
+    return ret;
+}
+void wc_Sha512_256Free(wc_Sha512* sha512)
+{
+    wc_Sha512Free(sha512);
+}
+int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha512 tmpSha512;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha512Copy(sha512, &tmpSha512);
+        if (ret == 0) {
+            /* Finalize copy. */
+            Sha512Final(&tmpSha512, hash, WC_SHA512_256_DIGEST_SIZE);
+            wc_Sha512Free(&tmpSha512);
+        }
+    }
+
+    return ret;
+}
+int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return wc_Sha512Copy(src, dst);
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags)
+{
+    return wc_Sha512SetFlags(sha512, flags);
+}
+int wc_Sha512_256GetFlags(wc_Sha512* sha512, word32* flags)
+{
+    return wc_Sha512GetFlags(sha512, flags);
+}
+#endif /* WOLFSSL_HASH_FLAGS */
+
+#if defined(OPENSSL_EXTRA)
+int wc_Sha512_256Transform(wc_Sha512* sha512, const unsigned char* data)
+{
+    return wc_Sha512Transform(sha512, data);
+}
+#endif /* OPENSSL_EXTRA */
+
+#endif /* !WOLFSSL_NOSHA512_224 */
+
+#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
+
+#endif /* !NO_SHA512 */
+
+
+#ifdef WOLFSSL_SHA384
+
+/* Initialze SHA-384 object for hashing.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ */
+static void InitSha384(wc_Sha384* sha384)
+{
+    /* Set initial hash values. */
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
+    sha384->digest[1] = W64LIT(0x629a292a367cd507);
+    sha384->digest[2] = W64LIT(0x9159015a3070dd17);
+    sha384->digest[3] = W64LIT(0x152fecd8f70e5939);
+    sha384->digest[4] = W64LIT(0x67332667ffc00b31);
+    sha384->digest[5] = W64LIT(0x8eb44a8768581511);
+    sha384->digest[6] = W64LIT(0xdb0c2e0d64f98fa7);
+    sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4);
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha384->digest[0] = W64LIT(0x8eb44a8768581511);
+    sha384->digest[1] = W64LIT(0x67332667ffc00b31);
+    sha384->digest[2] = W64LIT(0x629a292a367cd507);
+    sha384->digest[3] = W64LIT(0xcbbb9d5dc1059ed8);
+    sha384->digest[4] = W64LIT(0x47b5481dbefa4fa4);
+    sha384->digest[5] = W64LIT(0xdb0c2e0d64f98fa7);
+    sha384->digest[6] = W64LIT(0x152fecd8f70e5939);
+    sha384->digest[7] = W64LIT(0x9159015a3070dd17);
+#endif
+
+    /* No hashed data. */
+    sha384->buffLen = 0;
+    /* No data hashed. */
+    sha384->loLen   = 0;
+    sha384->hiLen   = 0;
+}
+
+/* Initialize SHA-384 object for hashing.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @param [in]      heap    Dynamic memory hint.
+ * @param [in]      devId   Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 is NULL.
+ */
+int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
+{
+    int ret = InitSha512(sha384, heap, devId);
+    if (ret == 0) {
+        InitSha384(sha384);
+    }
+    return ret;
+}
+
+/* Initialize SHA-384 object for hashing.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 is NULL.
+ */
+int wc_InitSha384(wc_Sha384* sha384)
+{
+    return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
+}
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 is NULL.
+ * @return  BAD_FUNC_ARG when data is NULL but len is not 0.
+ */
+int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha384 == NULL) || ((data == NULL) && (len > 0))) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = Sha512Update((wc_Sha512 *)sha384, data, len);
+    }
+
+    return ret;
+}
+
+/* Put the current hash into buffer.
+ *
+ * @param [in, out] sha384   SHA-384 object.
+ * @param [out]     hash     Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 or hash is NULL.
+ */
+int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
+{
+    word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)];
+
+    if (sha384 == NULL || hash == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    ByteReverseWords64((word64*)digest, (word64*)sha384->digest,
+        WC_SHA384_DIGEST_SIZE);
+    XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE);
+
+    return 0;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 or hash is NULL.
+ */
+int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha384 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Finalize hash. */
+        Sha512Final((wc_Sha512*)sha384, hash, WC_SHA384_DIGEST_SIZE);
+        /* Restart SHA-384 object for next hash. */
+        InitSha384(sha384);
+    }
+
+    return ret;
+}
+
+/* Free the SHA-384 hash.
+ *
+ * @param [in] sha384  SHA-384 object.
+ */
+void wc_Sha384Free(wc_Sha384* sha384)
+{
+    /* No dynamic memory allocated. */
+    (void)sha384;
+}
+
+/* Finalize the hash and put into buffer but don't modify state.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 or hash is NULL.
+ */
+int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha384 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha384 tmpSha384;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha384Copy(sha384, &tmpSha384);
+        if (ret == 0) {
+            /* Finalize copy. */
+            ret = wc_Sha384Final(&tmpSha384, hash);
+        }
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+/* Set flags of SHA-384 object.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @param [in]      flags   Flags to set.
+ * @return  0 on success.
+ */
+int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags)
+{
+    /* Check we have an object to use. */
+    if (sha384 != NULL) {
+        sha384->flags = flags;
+    }
+    return 0;
+}
+/* Get flags of SHA-384 object.
+ *
+ * @param [in]  sha384  SHA-384 object.
+ * @param [out] flags   Flags from SHA-384 object.
+ * @return  0 on success.
+ */
+int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags)
+{
+    /* Check we have an object and return parameter to use. */
+    if ((sha384 != NULL) && (flags != NULL)) {
+        *flags = sha384->flags;
+    }
+    return 0;
+}
+#endif
+
+/* Deep copy the SHA-384 object.
+ *
+ * @param [in]  src  SHA-384 object to copy.
+ * @param [out] dst  SHA-384 object to fill.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when src or dst is NULL.
+ */
+int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((src == NULL) || (dst == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        XMEMCPY(dst, src, sizeof(wc_Sha384));
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_SHA384 */
+
+#endif /* !NO_SHA512 || WOLFSSL_SHA384 */
+#endif /* WOLFSSL_RISCV_ASM */
diff --git a/wolfcrypt/src/port/silabs/silabs_aes.c b/wolfcrypt/src/port/silabs/silabs_aes.c
index 63e633d73f..db4f0701eb 100644
--- a/wolfcrypt/src/port/silabs/silabs_aes.c
+++ b/wolfcrypt/src/port/silabs/silabs_aes.c
@@ -1,6 +1,6 @@
 /* silabs_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/silabs/silabs_ecc.c b/wolfcrypt/src/port/silabs/silabs_ecc.c
index 6dbb28589e..2c59137ceb 100644
--- a/wolfcrypt/src/port/silabs/silabs_ecc.c
+++ b/wolfcrypt/src/port/silabs/silabs_ecc.c
@@ -1,6 +1,6 @@
 /* silabs_ecc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/silabs/silabs_hash.c b/wolfcrypt/src/port/silabs/silabs_hash.c
index f0bb1110a1..093bae9bbb 100644
--- a/wolfcrypt/src/port/silabs/silabs_hash.c
+++ b/wolfcrypt/src/port/silabs/silabs_hash.c
@@ -1,6 +1,6 @@
 /* silabs_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/silabs/silabs_random.c b/wolfcrypt/src/port/silabs/silabs_random.c
index c66ef67c39..26bfad6e72 100644
--- a/wolfcrypt/src/port/silabs/silabs_random.c
+++ b/wolfcrypt/src/port/silabs/silabs_random.c
@@ -1,6 +1,6 @@
 /* silabs_random.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/st/README.md b/wolfcrypt/src/port/st/README.md
index af7c8b66a9..8bdb8c9e06 100644
--- a/wolfcrypt/src/port/st/README.md
+++ b/wolfcrypt/src/port/st/README.md
@@ -73,7 +73,7 @@ At the wolfCrypt level we also support ECC native API's for `wc_ecc_*` using the
 
 `./configure --enable-pkcallbacks CFLAGS="-DWOLFSSL_STSAFEA100"`
 
-or 
+or
 
 `#define HAVE_PK_CALLBACKS`
 `#define WOLFSSL_STSAFEA100`
diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c
index 83497af2cc..343e3a7f35 100644
--- a/wolfcrypt/src/port/st/stm32.c
+++ b/wolfcrypt/src/port/st/stm32.c
@@ -1,6 +1,6 @@
 /* stm32.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -303,12 +303,11 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo,
     int ret = 0;
     byte* local = (byte*)stmCtx->buffer;
     int wroteToFifo = 0;
-    const word32 fifoSz = (STM32_HASH_FIFO_SIZE * STM32_HASH_REG_SIZE);
     word32 chunkSz;
 
 #ifdef DEBUG_STM32_HASH
-    printf("STM Hash Update: algo %x, len %d, blockSz %d\n",
-        algo, len, blockSize);
+    printf("STM Hash Update: algo %x, len %d, buffLen %d, fifoBytes %d\n",
+        algo, len, stmCtx->buffLen, stmCtx->fifoBytes);
 #endif
     (void)blockSize;
 
@@ -323,40 +322,27 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo,
     /* restore hash context or init as new hash */
     wc_Stm32_Hash_RestoreContext(stmCtx, algo);
 
-    chunkSz = fifoSz;
-#ifdef STM32_HASH_FIFO_WORKAROUND
-    /* if FIFO already has bytes written then fill remainder first */
-    if (stmCtx->fifoBytes > 0) {
-        chunkSz -= stmCtx->fifoBytes;
-        stmCtx->fifoBytes = 0;
-    }
-#endif
-
     /* write blocks to FIFO */
     while (len) {
-        word32 add = min(len, chunkSz - stmCtx->buffLen);
+        word32 add;
+
+        /* fill the FIFO plus one additional to flush the block */
+        chunkSz = ((STM32_HASH_FIFO_SIZE + 1) * STM32_HASH_REG_SIZE);
+        /* account for extra bytes in the FIFO (use mask 0x3F to get remain) */
+        chunkSz -= (stmCtx->fifoBytes &
+            ((STM32_HASH_FIFO_SIZE * STM32_HASH_REG_SIZE)-1));
+
+        add = min(len, chunkSz - stmCtx->buffLen);
         XMEMCPY(&local[stmCtx->buffLen], data, add);
 
         stmCtx->buffLen += add;
         data            += add;
         len             -= add;
 
-    #ifdef STM32_HASH_FIFO_WORKAROUND
-        /* We cannot leave the FIFO full and do save/restore
-         * the last must be large enough to flush block from FIFO */
-        if (stmCtx->buffLen + len <= fifoSz * 2) {
-            chunkSz = fifoSz + STM32_HASH_REG_SIZE;
-        }
-    #endif
-
         if (stmCtx->buffLen == chunkSz) {
             wc_Stm32_Hash_Data(stmCtx, stmCtx->buffLen);
             wroteToFifo = 1;
-        #ifdef STM32_HASH_FIFO_WORKAROUND
-            if (chunkSz > fifoSz)
-                stmCtx->fifoBytes = chunkSz - fifoSz;
-            chunkSz = fifoSz;
-        #endif
+            stmCtx->fifoBytes += chunkSz;
         }
     }
 
@@ -380,7 +366,8 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
     int ret = 0;
 
 #ifdef DEBUG_STM32_HASH
-    printf("STM Hash Final: algo %x, digestSz %d\n", algo, digestSize);
+    printf("STM Hash Final: algo %x, digestSz %d, buffLen %d, fifoBytes %d\n",
+        algo, digestSize, stmCtx->buffLen, stmCtx->fifoBytes);
 #endif
 
     /* turn on hash clock */
diff --git a/wolfcrypt/src/port/st/stsafe.c b/wolfcrypt/src/port/st/stsafe.c
index 518943b208..be291f0363 100644
--- a/wolfcrypt/src/port/st/stsafe.c
+++ b/wolfcrypt/src/port/st/stsafe.c
@@ -1,6 +1,6 @@
 /* stsafe.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/port/st/stsafe.h>
 #include <wolfssl/wolfcrypt/logging.h>
diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
index 5f764508e8..8dcd10abce 100644
--- a/wolfcrypt/src/port/ti/ti-aes.c
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -1,6 +1,6 @@
 /* port/ti/ti-aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -545,9 +545,9 @@ static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 
 exit:
-    if (in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -645,9 +645,9 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 
 exit:
-    if (in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c
index 1b4a26590c..a8692e86f4 100644
--- a/wolfcrypt/src/port/ti/ti-ccm.c
+++ b/wolfcrypt/src/port/ti/ti-ccm.c
@@ -1,6 +1,6 @@
 /* port/ti/ti_ccm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/ti/ti-des3.c b/wolfcrypt/src/port/ti/ti-des3.c
index 47ef04a4b1..de343ebce1 100644
--- a/wolfcrypt/src/port/ti/ti-des3.c
+++ b/wolfcrypt/src/port/ti/ti-des3.c
@@ -1,6 +1,6 @@
 /* port/ti/ti-des.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index 48270f15a8..16be736384 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -1,6 +1,6 @@
 /* port/ti/ti-hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/xilinx/xil-aesgcm.c b/wolfcrypt/src/port/xilinx/xil-aesgcm.c
index d92a2cd415..6fdea35459 100644
--- a/wolfcrypt/src/port/xilinx/xil-aesgcm.c
+++ b/wolfcrypt/src/port/xilinx/xil-aesgcm.c
@@ -1,6 +1,6 @@
 /* xil-aesgcm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/xilinx/xil-sha3.c b/wolfcrypt/src/port/xilinx/xil-sha3.c
index 0d440916b2..8c9bbb921f 100644
--- a/wolfcrypt/src/port/xilinx/xil-sha3.c
+++ b/wolfcrypt/src/port/xilinx/xil-sha3.c
@@ -1,6 +1,6 @@
 /* xil-sha3.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/xilinx/xil-versal-glue.c b/wolfcrypt/src/port/xilinx/xil-versal-glue.c
index f40c86a077..3ee87e1749 100644
--- a/wolfcrypt/src/port/xilinx/xil-versal-glue.c
+++ b/wolfcrypt/src/port/xilinx/xil-versal-glue.c
@@ -1,6 +1,6 @@
 /* xil-versal-glue.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/xilinx/xil-versal-trng.c b/wolfcrypt/src/port/xilinx/xil-versal-trng.c
index 5f546f116b..9aac5bcd81 100644
--- a/wolfcrypt/src/port/xilinx/xil-versal-trng.c
+++ b/wolfcrypt/src/port/xilinx/xil-versal-trng.c
@@ -1,6 +1,6 @@
 /* xil-versal-trng.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index 1aef716bca..fb06dcef6e 100644
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -1,6 +1,6 @@
 /* pwdbased.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -218,7 +218,7 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,
      * length", ensure the returned bits for the derived master key are at a
      * minimum 14-bytes or 112-bits after stretching and strengthening
      * (iterations) */
-    if (kLen < HMAC_FIPS_MIN_KEY/8)
+    if (kLen < HMAC_FIPS_MIN_KEY)
         return BAD_LENGTH_E;
 #endif
 
@@ -588,16 +588,11 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
 #ifdef WOLFSSL_SMALL_STACK
   out:
 
-    if (Ai != NULL)
-        XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (B != NULL)
-        XFREE(B,  heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (B1 != NULL)
-        XFREE(B1, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (i1 != NULL)
-        XFREE(i1, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (res != NULL)
-        XFREE(res, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(B1, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(i1, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(res, heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     if (dynamic)
@@ -859,12 +854,9 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
     ret = wc_PBKDF2(output, passwd, passLen, blocks, (int)blocksSz, 1, dkLen,
                     WC_SHA256);
 end:
-    if (blocks != NULL)
-        XFREE(blocks, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (v != NULL)
-        XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (y != NULL)
-        XFREE(y, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(blocks, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(y, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 89c7411c9e..d6c32f6923 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1,6 +1,6 @@
 /* random.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -110,7 +110,7 @@ This library contains implementation for the random number generator.
     #include <basictypes.h>
     #include <random.h>
 #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL)
-#include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h"
+    #include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h"
 #elif defined(NO_DEV_RANDOM)
 #elif defined(CUSTOM_RAND_GENERATE)
 #elif defined(CUSTOM_RAND_GENERATE_BLOCK)
@@ -126,6 +126,9 @@ This library contains implementation for the random number generator.
 #elif defined(WOLFSSL_PB)
 #elif defined(WOLFSSL_ZEPHYR)
 #elif defined(WOLFSSL_TELIT_M2MB)
+#elif defined(WOLFSSL_RENESAS_TSIP)
+    /* for wc_tsip_GenerateRandBlock */
+    #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
 #elif defined(WOLFSSL_IMXRT1170_CAAM)
 #elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL)
@@ -133,6 +136,8 @@ This library contains implementation for the random number generator.
 #elif defined(WOLFSSL_GETRANDOM)
     #include <errno.h>
     #include <sys/random.h>
+#elif defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
 #else
     /* include headers that may be needed to get good seed */
     #include <fcntl.h>
@@ -591,7 +596,7 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen
 
         dIdx = (int)dLen - 1;
         for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) {
-            carry += (word16)(d[dIdx] + s[sIdx]);
+            carry += (word16)((word16)d[dIdx] + (word16)s[sIdx]);
             d[dIdx] = (byte)carry;
             carry >>= 8;
             dIdx--;
@@ -3652,6 +3657,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return 0;
     }
 
+#elif defined(WOLFSSL_RENESAS_TSIP)
+
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        (void)os;
+        return wc_tsip_GenerateRandBlock(output, sz);
+    }
+
 
 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
     #include "hal_data.h"
@@ -3823,6 +3836,38 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
         return maxq10xx_random(output, sz);
     }
+#elif defined(MAX3266X_RNG)
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        #ifdef WOLFSSL_MAX3266X
+        int status;
+        #endif /* WOLFSSL_MAX3266X */
+        static int initDone = 0;
+        (void)os;
+        if (initDone == 0) {
+            #ifdef WOLFSSL_MAX3266X
+            status = wolfSSL_HwRngMutexLock();
+            if (status != 0) {
+                return status;
+            }
+            #endif /* WOLFSSL_MAX3266X */
+            if(MXC_TRNG_HealthTest() != 0) {
+                #ifdef DEBUG_WOLFSSL
+                WOLFSSL_MSG("TRNG HW Health Test Failed");
+                #endif /* DEBUG_WOLFSSL */
+                #ifdef WOLFSSL_MAX3266X
+                wolfSSL_HwRngMutexUnLock();
+                #endif /* WOLFSSL_MAX3266X */
+                return WC_HW_E;
+            }
+            #ifdef WOLFSSL_MAX3266X
+            wolfSSL_HwRngMutexUnLock();
+            #endif /* WOLFSSL_MAX3266X */
+            initDone = 1;
+        }
+        return wc_MXC_TRNG_Random(output, sz);
+    }
+
 #elif defined(WOLFSSL_GETRANDOM)
 
     /* getrandom() was added to the Linux kernel in version 3.17.
@@ -4044,7 +4089,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     {
         word32 i;
         for (i = 0; i < sz; i++ )
-            output[i] = i;
+            output[i] = (byte)i;
 
         (void)os;
 
diff --git a/wolfcrypt/src/rc2.c b/wolfcrypt/src/rc2.c
index 3839d4941e..67dc7d68f3 100644
--- a/wolfcrypt/src/rc2.c
+++ b/wolfcrypt/src/rc2.c
@@ -1,6 +1,6 @@
 /* rc2.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/ripemd.c b/wolfcrypt/src/ripemd.c
index 9402c70bea..36cca1b3e6 100644
--- a/wolfcrypt/src/ripemd.c
+++ b/wolfcrypt/src/ripemd.c
@@ -1,6 +1,6 @@
 /* ripemd.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 587e47c4b4..1cb01bb476 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -1,6 +1,6 @@
 /* rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -373,9 +373,7 @@ int wc_InitRsaHw(RsaKey* key)
     }
 
     /* check for existing mod buffer to avoid memory leak */
-    if (key->mod != NULL) {
-        XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY);
-    }
+    XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY);
 
     key->pubExp = e;
     key->mod    = m;
@@ -2144,9 +2142,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
 #endif
             }
 
-            if (d != NULL) {
-                XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-            }
+            XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY);
         }
     #endif
         break;
@@ -2396,7 +2392,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 1024) &&
-                                             (mp_count_bits(&key->q) == 1024)) {
+                    (mp_count_bits(&key->q) == 1024) &&
+                    (mp_count_bits(&key->dP) > 0) &&
+                    (mp_count_bits(&key->dQ) > 0) &&
+                    (mp_count_bits(&key->u) > 0)) {
                 return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2427,7 +2426,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 1536) &&
-                                             (mp_count_bits(&key->q) == 1536)) {
+                    (mp_count_bits(&key->q) == 1536) &&
+                    (mp_count_bits(&key->dP) > 0) &&
+                    (mp_count_bits(&key->dQ) > 0) &&
+                    (mp_count_bits(&key->u) > 0)) {
                 return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2458,7 +2460,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 2048) &&
-                                             (mp_count_bits(&key->q) == 2048)) {
+                    (mp_count_bits(&key->q) == 2048) &&
+                    (mp_count_bits(&key->dP) > 0) &&
+                    (mp_count_bits(&key->dQ) > 0) &&
+                    (mp_count_bits(&key->u) > 0)) {
                 return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2555,7 +2560,13 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng)
         }
     }
 #else
-    if (ret == 0) {
+    if (ret == 0 && (mp_iszero(&key->p) || mp_iszero(&key->q) ||
+            mp_iszero(&key->dP) || mp_iszero(&key->dQ))) {
+        if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) {
+            ret = MP_EXPTMOD_E;
+        }
+    }
+    else if (ret == 0) {
         mp_int* tmpa = tmp;
 #if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG)
         mp_int* tmpb = rnd;
@@ -2915,7 +2926,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
 
     if (out == NULL) {
         *outSz = inLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     switch (key->state) {
@@ -2952,7 +2963,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
     }
 
     /* if async pending then skip cleanup*/
-    if (ret == WC_PENDING_E
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         || ret == FP_WOULDBLOCK
     #endif
@@ -3116,6 +3127,9 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
     int ret = 0;
     (void)rng;
     (void)checkSmallCt;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    RsaPadding padding;
+#endif
 
     if (key == NULL || in == NULL || inLen == 0 || out == NULL ||
             outLen == NULL || *outLen == 0 || type == RSA_TYPE_UNKNOWN) {
@@ -3127,7 +3141,18 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
     if (key->devId != INVALID_DEVID)
     #endif
     {
+    #if defined(WOLF_CRYPTO_CB_RSA_PAD)
+        /* If we are here, either the RSA PAD callback was already called
+         * and returned that it could not implement for that padding scheme,
+         * or this is a public verify operation. Either way indicate to the
+         * callback that this should be a raw RSA operation with no padding.*/
+        XMEMSET(&padding, 0, sizeof(RsaPadding));
+        padding.pad_type = WC_RSA_NO_PAD;
+        ret = wc_CryptoCb_RsaPad(in, inLen, out,
+                            outLen, type, key, rng, &padding);
+    #else
         ret = wc_CryptoCb_Rsa(in, inLen, out, outLen, type, key, rng);
+    #endif
         #ifndef WOLF_CRYPTO_CB_ONLY_RSA
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
@@ -3181,7 +3206,7 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
     RESTORE_VECTOR_REGISTERS();
 
     /* handle error */
-    if (ret < 0 && ret != WC_PENDING_E
+    if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         && ret != FP_WOULDBLOCK
     #endif
@@ -3235,6 +3260,9 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
     int ret = 0;
     int sz;
     int state;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    RsaPadding padding;
+#endif
 
     if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
         return BAD_FUNC_ARG;
@@ -3331,6 +3359,29 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
        #endif
     #endif /* WOLFSSL_SE050 */
 
+    #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+        if (key->devId != INVALID_DEVID) {
+            XMEMSET(&padding, 0, sizeof(RsaPadding));
+            padding.pad_value = pad_value;
+            padding.pad_type = pad_type;
+            padding.hash = hash;
+            padding.mgf = mgf;
+            padding.label = label;
+            padding.labelSz = labelSz;
+            padding.saltLen = saltLen;
+            ret = wc_CryptoCb_RsaPad(in, inLen, out, &outLen, rsa_type, key, rng,
+                                     &padding);
+
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+                if (ret < 0) {
+                    break;
+                }
+
+                ret = outLen;
+                break;
+            }
+        }
+    #endif
         key->state = RSA_STATE_ENCRYPT_PAD;
         ret = wc_RsaPad_ex(in, inLen, out, (word32)sz, pad_value, rng, pad_type,
                            hash, mgf, label, labelSz, saltLen,
@@ -3367,7 +3418,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
     }
 
     /* if async pending then return and skip done cleanup below */
-    if (ret == WC_PENDING_E
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         || ret == FP_WOULDBLOCK
     #endif
@@ -3410,6 +3461,9 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
 {
     int ret = WC_NO_ERR_TRACE(RSA_WRONG_TYPE_E);
     byte* pad = NULL;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    RsaPadding padding;
+#endif
 
     if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
         return BAD_FUNC_ARG;
@@ -3520,6 +3574,25 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
         FALL_THROUGH;
 
     case RSA_STATE_DECRYPT_EXPTMOD:
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    if ((key->devId != INVALID_DEVID) && (rsa_type != RSA_PUBLIC_DECRYPT)) {
+        /* Everything except verify goes to crypto cb if
+         * WOLF_CRYPTO_CB_RSA_PAD defined */
+        XMEMSET(&padding, 0, sizeof(RsaPadding));
+        padding.pad_value = pad_value;
+        padding.pad_type = pad_type;
+        padding.hash = hash;
+        padding.mgf = mgf;
+        padding.label = label;
+        padding.labelSz = labelSz;
+        padding.saltLen = saltLen;
+        ret = wc_CryptoCb_RsaPad(in, inLen, out,
+                            &outLen, rsa_type, key, rng, &padding);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            break;
+        }
+    }
+#endif
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
     !defined(WOLFSSL_NO_MALLOC)
         ret = wc_RsaFunction_ex(key->data, inLen, key->data, &key->dataLen,
@@ -3583,9 +3656,11 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
             }
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
-            ret = ctMaskSelInt(ctMaskLTE(ret, (int)outLen), ret, RSA_BUFFER_E);
+            ret = ctMaskSelInt(ctMaskLTE(ret, (int)outLen), ret,
+                               WC_NO_ERR_TRACE(RSA_BUFFER_E));
     #ifndef WOLFSSL_RSA_DECRYPT_TO_0_LEN
-            ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret, RSA_BUFFER_E);
+            ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret,
+                               WC_NO_ERR_TRACE(RSA_BUFFER_E));
     #endif
 #else
             if (outLen < (word32)ret)
@@ -3620,7 +3695,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
     }
 
     /* if async pending then return and skip done cleanup below */
-    if (ret == WC_PENDING_E
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         || ret == FP_WOULDBLOCK
     #endif
@@ -5085,16 +5160,13 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 
 #if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
 #ifdef WOLFSSL_SMALL_STACK
-    if (p)
+    if (key != NULL) {
         XFREE(p, key->heap, DYNAMIC_TYPE_RSA);
-    if (q)
         XFREE(q, key->heap, DYNAMIC_TYPE_RSA);
-    if (tmp1)
         XFREE(tmp1, key->heap, DYNAMIC_TYPE_RSA);
-    if (tmp2)
         XFREE(tmp2, key->heap, DYNAMIC_TYPE_RSA);
-    if (tmp3)
         XFREE(tmp3, key->heap, DYNAMIC_TYPE_RSA);
+    }
 #elif defined(WOLFSSL_CHECK_MEM_ZERO)
     mp_memzero_check(p);
     mp_memzero_check(q);
@@ -5250,7 +5322,7 @@ int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz,
     if (err == MP_OKAY) {
         key->type = RSA_PRIVATE;
     }
-    else {
+    else if (key != NULL) {
         mp_clear(&key->n);
         mp_clear(&key->e);
         mp_clear(&key->d);
diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c
index c87963acc7..962299f340 100644
--- a/wolfcrypt/src/sakke.c
+++ b/wolfcrypt/src/sakke.c
@@ -1,6 +1,6 @@
 /* sakke.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -622,7 +622,7 @@ int wc_ExportSakkeKey(SakkeKey* key, byte* data, word32* sz)
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)(3 * key->ecc.dp->size);
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err >= 0) && (*sz < (word32)(3 * key->ecc.dp->size))) {
         err = BUFFER_E;
@@ -731,7 +731,7 @@ int wc_ExportSakkePrivateKey(SakkeKey* key, byte* data, word32* sz)
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)key->ecc.dp->size;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err >= 0) && (*sz < (word32)key->ecc.dp->size)) {
         err = BUFFER_E;
@@ -848,7 +848,7 @@ static int sakke_encode_point(ecc_point* point, word32 size, byte* data,
 
     if (data == NULL) {
         *sz = size * 2 + !raw;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < size * 2 + !raw)) {
         err = BUFFER_E;
@@ -1419,7 +1419,7 @@ int wc_GenerateSakkeRskTable(const SakkeKey* key, const ecc_point* rsk,
     }
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -6421,7 +6421,7 @@ int wc_GetSakkePointI(SakkeKey* key, byte* data, word32* sz)
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)(key->ecc.dp->size * 2);
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < (word32)key->ecc.dp->size * 2)) {
         err = BUFFER_E;
@@ -6531,7 +6531,7 @@ int wc_GenerateSakkePointITable(SakkeKey* key, byte* table, word32* len)
 #else
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         *len = 0;
@@ -6729,7 +6729,7 @@ int wc_MakeSakkeEncapsulatedSSV(SakkeKey* key, enum wc_HashType hashType,
         *authSz = outSz;
 
         if (auth == NULL) {
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
     }
 
@@ -6824,7 +6824,7 @@ int wc_GenerateSakkeSSV(SakkeKey* key, WC_RNG* rng, byte* ssv, word16* ssvSz)
         /* Return length only if an output buffer is NULL. */
         if (ssv == NULL) {
             *ssvSz = (word16) (n / 8);
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else {
             n = *ssvSz;
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 1892de4e44..78ce918e26 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -1,6 +1,6 @@
 /* sha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -308,6 +308,10 @@
     !defined(WOLFSSL_QNX_CAAM)
     /* wolfcrypt/src/port/caam/caam_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Already brought in by sha.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
+
 #elif defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) || \
       defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW)
 
@@ -441,7 +445,7 @@ static WC_INLINE void AddLength(wc_Sha* sha, word32 len)
     #define f3(x,y,z) (((x)&(y))|((z)&((x)|(y))))
     #define f4(x,y,z) ((x)^(y)^(z))
 
-    #ifdef WOLFSSL_NUCLEUS_1_2
+    #if defined(WOLFSSL_NUCLEUS_1_2) || defined(NUCLEUS_PLUS_2_3)
         /* nucleus.h also defines R1-R4 */
         #undef R1
         #undef R2
@@ -560,6 +564,13 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
     sha->devCtx = NULL;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
     if (sha->ctx.mode != ESP32_SHA_INIT) {
         /* it may be interesting to see old values during debugging */
@@ -1035,6 +1046,8 @@ int wc_InitSha(wc_Sha* sha)
 
 #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
 
+#ifndef MAX3266X_SHA
+
 void wc_ShaFree(wc_Sha* sha)
 {
     if (sha == NULL)
@@ -1051,6 +1064,9 @@ void wc_ShaFree(wc_Sha* sha)
 #ifdef WOLFSSL_PIC32MZ_HASH
     wc_ShaPic32Free(sha);
 #endif
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha->mxcCtx));
+#endif
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     se050_hash_free(&sha->se050Ctx);
 #endif
@@ -1058,16 +1074,15 @@ void wc_ShaFree(wc_Sha* sha)
      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) || \
     defined(WOLFSSL_RENESAS_RX64_HASH)
-    if (sha->msg != NULL) {
-        XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        sha->msg = NULL;
-    }
+    XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    sha->msg = NULL;
 #endif
 #ifdef WOLFSSL_IMXRT_DCP
     DCPShaFree(sha);
 #endif
 }
 
+#endif /* !MAX3266X_SHA */
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
 #endif /* !WOLFSSL_TI_HASH */
 
@@ -1082,6 +1097,8 @@ void wc_ShaFree(wc_Sha* sha)
 
 #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
 
+#ifndef MAX3266X_SHA
+
 /* wc_ShaGetHash get hash value */
 int wc_ShaGetHash(wc_Sha* sha, byte* hash)
 {
@@ -1146,12 +1163,20 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
     esp_sha_ctx_copy(src, dst);
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_HASH_FLAGS
     dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
     return ret;
 }
 #endif /* WOLFSSL_RENESAS_RX64_HASH */
+#endif /* !MAX3266X_SHA */
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
 #endif /* !defined(WOLFSSL_RENESAS_TSIP_TLS) && \
           !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) ||
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index f955dff4f7..c9c3b100bb 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -1,6 +1,6 @@
 /* sha256.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -63,8 +63,8 @@ on the specific device platform.
 #endif
 
 
-#if !defined(NO_SHA256) && (!defined(WOLFSSL_ARMASM) && \
-    !defined(WOLFSSL_ARMASM_NO_NEON))
+#if !defined(NO_SHA256) && !(defined(WOLFSSL_ARMASM) || \
+    defined(WOLFSSL_ARMASM_NO_NEON)) && !defined(WOLFSSL_RISCV_ASM)
 
 #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
@@ -122,7 +122,9 @@ on the specific device platform.
 
 #elif defined(WOLFSSL_PSOC6_CRYPTO)
 
-
+#elif defined(MAX3266X_SHA)
+    /* Already brought in by sha256.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
 #else
 
 #include <wolfssl/wolfcrypt/logging.h>
@@ -277,10 +279,6 @@ static int InitSha256(wc_Sha256* sha256)
 #endif
 #endif
 
-#ifdef WOLF_CRYPTO_CB
-    sha256->devId = wc_CryptoCb_DefaultDevID();
-#endif
-
 #ifdef WOLFSSL_MAXQ10XX_CRYPTO
     XMEMSET(&sha256->maxq_ctx, 0, sizeof(sha256->maxq_ctx));
 #endif
@@ -408,6 +406,10 @@ static int InitSha256(wc_Sha256* sha256)
                        SHA256_SSE2, SHA256_C };
 
 #ifndef WC_C_DYNAMIC_FALLBACK
+    /* note that all write access to this static variable must be idempotent,
+     * as arranged by Sha256_SetTransform(), else it will be susceptible to
+     * data races.
+     */
     static enum sha_methods sha_method = SHA256_UNSET;
 #endif
 
@@ -1090,6 +1092,12 @@ static int InitSha256(wc_Sha256* sha256)
         sha256->devId = devId;
         sha256->devCtx = NULL;
     #endif
+    #ifdef MAX3266X_SHA_CB
+        ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+        if (ret != 0) {
+            return ret;
+        }
+    #endif
     #ifdef WOLFSSL_SMALL_STACK_CACHE
         sha256->W = NULL;
     #endif
@@ -1251,6 +1259,9 @@ static int InitSha256(wc_Sha256* sha256)
     {
         word32 S[8], t0, t1;
         int i;
+    #ifdef USE_SLOW_SHA256
+        int j;
+    #endif
         word32 W[WC_SHA256_BLOCK_SIZE/sizeof(word32)];
 
         /* Copy digest to working vars */
@@ -1264,6 +1275,16 @@ static int InitSha256(wc_Sha256* sha256)
         S[7] = sha256->digest[7];
 
         i = 0;
+    #ifdef USE_SLOW_SHA256
+        for (j = 0; j < 16; j++) {
+            RND1(j);
+        }
+        for (i = 16; i < 64; i += 16) {
+            for (j = 0; j < 16; j++) {
+                RNDN(j);
+            }
+        }
+    #else
         RND1( 0); RND1( 1); RND1( 2); RND1( 3);
         RND1( 4); RND1( 5); RND1( 6); RND1( 7);
         RND1( 8); RND1( 9); RND1(10); RND1(11);
@@ -1275,6 +1296,7 @@ static int InitSha256(wc_Sha256* sha256)
             RNDN( 8); RNDN( 9); RNDN(10); RNDN(11);
             RNDN(12); RNDN(13); RNDN(14); RNDN(15);
         }
+    #endif
 
         /* Add the working vars back into digest */
         sha256->digest[0] += S[0];
@@ -1945,6 +1967,9 @@ static int InitSha256(wc_Sha256* sha256)
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 
+#elif defined(MAX3266X_SHA)
+    /* implemented in wolfcrypt/src/port/maxim/max3266x.c */
+
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)
 
 /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */
@@ -2223,6 +2248,10 @@ void wc_Sha256Free(wc_Sha256* sha256)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+#endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
     wolfAsync_DevCtxFree(&sha256->asyncDev, WOLFSSL_ASYNC_MARKER_SHA256);
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -2335,6 +2364,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 
+#elif defined(MAX3266X_SHA)
+    /* implemented in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
     int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
@@ -2469,7 +2501,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)
     /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */
-
+#elif defined(MAX3266X_SHA)
+    /* Implemented in wolfcrypt/src/port/maxim/max3266x.c */
 #else
 
 int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
@@ -2496,7 +2529,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
     ret = wc_Sha256Copy(sha256, tmpSha256);
     if (ret == 0) {
         ret = wc_Sha256Final(tmpSha256, hash);
-        wc_Sha256Free(tmpSha256); /* TODO move outside brackets? */
+        wc_Sha256Free(tmpSha256);
     }
 
 
@@ -2520,6 +2553,13 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
     wc_MAXQ10XX_Sha256Copy(src);
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     dst->W = NULL;
 #endif
diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c
index 99f739b029..2bba29bcef 100644
--- a/wolfcrypt/src/sha3.c
+++ b/wolfcrypt/src/sha3.c
@@ -1,6 +1,6 @@
 /* sha3.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -62,8 +62,8 @@
     }
 #endif
 
-#if !defined(WOLFSSL_ARMASM) || (!defined(__arm__) && \
-    !defined(WOLFSSL_ARMASM_CRYPTO_SHA3))
+#if (!defined(WOLFSSL_ARMASM) || (!defined(__arm__) && \
+     !defined(WOLFSSL_ARMASM_CRYPTO_SHA3))) && !defined(WOLFSSL_RISCV_ASM)
 
 #ifdef USE_INTEL_SPEEDUP
     #include <wolfssl/wolfcrypt/cpuid.h>
@@ -250,7 +250,7 @@ while (0)
 #ifndef USE_INTEL_SPEEDUP
 static
 #endif
-void BlockSha3(word64 *s)
+void BlockSha3(word64* s)
 {
     byte i, x, y;
     word64 t0, t1;
@@ -541,7 +541,7 @@ while (0)
 #ifndef USE_INTEL_SPEEDUP
 static
 #endif
-void BlockSha3(word64 *s)
+void BlockSha3(word64* s)
 {
     word64 n[25];
     word64 b[5];
@@ -563,7 +563,7 @@ void BlockSha3(word64 *s)
     }
 }
 #endif /* WOLFSSL_SHA3_SMALL */
-#endif /* !WOLFSSL_ARMASM */
+#endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
 
 static WC_INLINE word64 Load64Unaligned(const unsigned char *a)
 {
diff --git a/wolfcrypt/src/sha3_asm.S b/wolfcrypt/src/sha3_asm.S
index 07a0b140bf..a67002073e 100644
--- a/wolfcrypt/src/sha3_asm.S
+++ b/wolfcrypt/src/sha3_asm.S
@@ -1,6 +1,6 @@
 /* sha3_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index 88c38f0625..7f3e745c60 100644
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -1,6 +1,6 @@
 /* sha512.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,7 +28,7 @@
 
 #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \
     (!defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)) && \
-    !defined(WOLFSSL_PSOC6_CRYPTO)
+    !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_RISCV_ASM)
 
 /* determine if we are using Espressif SHA hardware acceleration */
 #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
@@ -96,6 +96,11 @@
     #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
 #endif
 
+#if defined(MAX3266X_SHA)
+    /* Already brought in by sha512.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
+#endif
+
 #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
     #if defined(__GNUC__) && ((__GNUC__ < 4) || \
                               (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
@@ -149,6 +154,9 @@
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     int wc_InitSha512(wc_Sha512* sha512)
     {
@@ -489,6 +497,10 @@ static int InitSha512_256(wc_Sha512* sha512)
                        SHA512_AVX1_RORX, SHA512_AVX2_RORX, SHA512_C };
 
 #ifndef WC_C_DYNAMIC_FALLBACK
+    /* note that all write access to this static variable must be idempotent,
+     * as arranged by Sha512_SetTransform(), else it will be susceptible to
+     * data races.
+     */
     static enum sha_methods sha_method = SHA512_UNSET;
 #endif
 
@@ -761,6 +773,12 @@ int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
     sha512->ctx.mode = ESP32_SHA_INIT;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0){
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     return InitSha512_Family(sha512, heap, devId, InitSha512);
 }
 
@@ -1154,6 +1172,9 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
     /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 static WC_INLINE int Sha512Final(wc_Sha512* sha512)
@@ -1314,6 +1335,9 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz)
@@ -1390,6 +1414,10 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
 
 #endif /* WOLFSSL_KCAPI_HASH */
 
+#if defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
+#else
 #if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH)
 int wc_InitSha512(wc_Sha512* sha512)
 {
@@ -1432,12 +1460,18 @@ void wc_Sha512Free(wc_Sha512* sha512)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+#endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
     wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     ForceZero(sha512, sizeof(*sha512));
 }
+#endif
+
 #if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) \
     && !defined(WOLFSSL_KCAPI_HASH)
 /* Apply SHA512 transformation to the data                */
@@ -1556,6 +1590,9 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 static int InitSha384(wc_Sha384* sha384)
@@ -1732,6 +1769,13 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
     sha384->ctx.mode = ESP32_SHA_INIT;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     ret = InitSha384(sha384);
     if (ret != 0) {
         return ret;
@@ -1751,6 +1795,10 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 
 #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 || WOLFSSL_KCAPI_HASH */
 
+#if defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
+#else
 int wc_InitSha384(wc_Sha384* sha384)
 {
     int devId = INVALID_DEVID;
@@ -1806,9 +1854,14 @@ void wc_Sha384Free(wc_Sha384* sha384)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
+#endif
+
     ForceZero(sha384, sizeof(*sha384));
 }
 
+#endif
 #endif /* WOLFSSL_SHA384 */
 
 #ifdef WOLFSSL_SHA512
@@ -1820,6 +1873,9 @@ void wc_Sha384Free(wc_Sha384* sha384)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
@@ -1923,6 +1979,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
@@ -2111,6 +2174,8 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
 #elif defined(WOLFSSL_RENESAS_RSIP) && \
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
 #else
 
 int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
@@ -2210,6 +2275,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/sha512_asm.S b/wolfcrypt/src/sha512_asm.S
index 47789e83aa..2c6a06b976 100644
--- a/wolfcrypt/src/sha512_asm.S
+++ b/wolfcrypt/src/sha512_asm.S
@@ -1,6 +1,6 @@
 /* sha512_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c
index 33cec70309..09ae526b61 100644
--- a/wolfcrypt/src/signature.c
+++ b/wolfcrypt/src/signature.c
@@ -1,6 +1,6 @@
 /* signature.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -80,7 +80,7 @@ static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data,
 int wc_SignatureGetSize(enum wc_SignatureType sig_type,
     const void* key, word32 key_len)
 {
-    int sig_len = BAD_FUNC_ARG;
+    int sig_len = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     /* Suppress possible unused args if all signature types are disabled */
     (void)key;
diff --git a/wolfcrypt/src/siphash.c b/wolfcrypt/src/siphash.c
index 173b914824..54c02f6a58 100644
--- a/wolfcrypt/src/siphash.c
+++ b/wolfcrypt/src/siphash.c
@@ -1,6 +1,6 @@
 /* siphash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -805,29 +805,29 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
 #else
 
 #define SipRoundV(v0, v1, v2, v3)   \
-    v0 += v1;                       \
-    v2 += v3;                       \
-    v1 = rotlFixed64(v1, 13);       \
-    v3 = rotlFixed64(v3, 16);       \
-    v1 ^= v0;                       \
-    v3 ^= v2;                       \
-    v0 = rotlFixed64(v0, 32);       \
-    v2 += v1;                       \
-    v0 += v3;                       \
-    v1 = rotlFixed64(v1, 17);       \
-    v3 = rotlFixed64(v3, 21);       \
-    v1 ^= v2;                       \
-    v3 ^= v0;                       \
-    v2 = rotlFixed64(v2, 32);
+    (v0) += (v1);                   \
+    (v2) += (v3);                   \
+    (v1) = rotlFixed64(v1, 13);     \
+    (v3) = rotlFixed64(v3, 16);     \
+    (v1) ^= (v0);                   \
+    (v3) ^= (v2);                   \
+    (v0) = rotlFixed64(v0, 32);     \
+    (v2) += (v1);                   \
+    (v0) += (v3);                   \
+    (v1) = rotlFixed64(v1, 17);     \
+    (v3) = rotlFixed64(v3, 21);     \
+    (v1) ^= (v2);                   \
+    (v3) ^= (v0);                   \
+    (v2) = rotlFixed64(v2, 32);
 
 #define SipHashCompressV(v0, v1, v2, v3, m)             \
     do {                                                \
         int i;                                          \
-        v3 ^= m;                                        \
+        (v3) ^= (m);                                    \
         for (i = 0; i < WOLFSSL_SIPHASH_CROUNDS; i++) { \
             SipRoundV(v0, v1, v2, v3);                  \
         }                                               \
-        v0 ^= m;                                        \
+        (v0) ^= (m);                                    \
     }                                                   \
     while (0)
 
@@ -839,7 +839,7 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
         for (i = 0; i < WOLFSSL_SIPHASH_DROUNDS; i++) { \
             SipRoundV(v0, v1, v2, v3);                  \
         }                                               \
-        n = v0 ^ v1 ^ v2 ^ v3;                          \
+        n = (v0) ^ (v1) ^ (v2) ^ (v3);                  \
         SET_U64(out, n);                                \
     }                                                   \
     while (0)
diff --git a/wolfcrypt/src/sm2.c b/wolfcrypt/src/sm2.c
index 829d5e5b28..24b8df96f8 100644
--- a/wolfcrypt/src/sm2.c
+++ b/wolfcrypt/src/sm2.c
@@ -1,6 +1,6 @@
 /* sm2.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sm3.c b/wolfcrypt/src/sm3.c
index 1339037b75..dfbef2ec9e 100644
--- a/wolfcrypt/src/sm3.c
+++ b/wolfcrypt/src/sm3.c
@@ -1,6 +1,6 @@
 /* sm3.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sm3_asm.S b/wolfcrypt/src/sm3_asm.S
index 2c368f1ff3..7c53a6fa68 100644
--- a/wolfcrypt/src/sm3_asm.S
+++ b/wolfcrypt/src/sm3_asm.S
@@ -1,6 +1,6 @@
 /* sm3_asm.S
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sm4.c b/wolfcrypt/src/sm4.c
index 1e4f31760c..c29cc2bd29 100644
--- a/wolfcrypt/src/sm4.c
+++ b/wolfcrypt/src/sm4.c
@@ -1,6 +1,6 @@
 /* sm4.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c
index 8529e41926..c8ecf47ece 100644
--- a/wolfcrypt/src/sp_arm32.c
+++ b/wolfcrypt/src/sp_arm32.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -12022,13 +12022,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12191,13 +12190,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16783,13 +16781,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16935,13 +16932,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17104,8 +17100,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -18117,13 +18112,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -37399,13 +37393,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -37568,13 +37561,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -44030,13 +44022,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -44182,13 +44173,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -44351,8 +44341,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -45612,13 +45601,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -59449,13 +59437,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -59601,13 +59588,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -59770,8 +59756,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -61279,13 +61264,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -72479,7 +72463,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_8(r->x, p256_mod);
-    sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->x);
 
     /* y /= z^3 */
@@ -72488,7 +72472,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_8(r->y, p256_mod);
-    sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -73104,8 +73088,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
         sp_256_mont_sub_8(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73122,7 +73106,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73296,8 +73280,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73314,7 +73298,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -73369,7 +73353,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
     r->z[6] = 0;
     r->z[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -73563,15 +73547,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_256));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_256));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -73767,8 +73751,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
         sp_256_mont_sub_8(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73785,7 +73769,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73875,8 +73859,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -73913,7 +73896,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -74040,10 +74023,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74299,8 +74280,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74337,7 +74317,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -74464,10 +74444,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74685,10 +74663,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74765,10 +74741,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76235,10 +76209,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76313,10 +76285,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76399,6 +76369,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -76415,6 +76386,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -76493,12 +76469,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76656,10 +76629,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -78976,10 +78947,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79186,8 +79155,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79226,8 +79194,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79335,10 +79302,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79417,10 +79382,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79485,10 +79448,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79549,10 +79510,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79618,8 +79577,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79684,8 +79642,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -88861,23 +88818,22 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = t[0];
-        r[1] = t[1];
-        r[2] = t[2];
-        r[3] = t[3];
-        r[4] = t[4];
-        r[5] = t[5];
-        r[6] = t[6];
-        r[7] = t[7];
-        r[8] = t[8];
-        r[9] = t[9];
-        r[10] = t[10];
-        r[11] = t[11];
+        r[0] = (sp_digit)t[0];
+        r[1] = (sp_digit)t[1];
+        r[2] = (sp_digit)t[2];
+        r[3] = (sp_digit)t[3];
+        r[4] = (sp_digit)t[4];
+        r[5] = (sp_digit)t[5];
+        r[6] = (sp_digit)t[6];
+        r[7] = (sp_digit)t[7];
+        r[8] = (sp_digit)t[8];
+        r[9] = (sp_digit)t[9];
+        r[10] = (sp_digit)t[10];
+        r[11] = (sp_digit)t[11];
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90180,7 +90136,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_12(r->x, p384_mod);
-    sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->x);
 
     /* y /= z^3 */
@@ -90189,7 +90145,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_12(r->y, p384_mod);
-    sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -90833,8 +90789,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
         sp_384_mont_sub_12(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -90851,7 +90807,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -91025,8 +90981,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -91043,7 +90999,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -91110,7 +91066,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
     r->z[10] = 0;
     r->z[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -91316,15 +91272,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_384));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_384));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -91520,8 +91476,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
         sp_384_mont_sub_12(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -91538,7 +91494,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -91628,8 +91584,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -91674,7 +91629,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -91809,10 +91764,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92068,8 +92021,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92114,7 +92066,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -92249,10 +92201,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92470,10 +92420,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92550,10 +92498,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94020,10 +93966,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94098,10 +94042,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94190,6 +94132,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -94206,6 +94149,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -94284,12 +94232,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94447,10 +94392,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97060,10 +97003,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97270,8 +97211,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97310,8 +97250,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97419,10 +97358,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97501,10 +97438,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97569,10 +97504,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97633,10 +97566,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97732,8 +97663,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97798,8 +97728,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -117229,7 +117158,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_17(r->x, p521_mod);
-    sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->x);
 
     /* y /= z^3 */
@@ -117238,7 +117167,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_17(r->y, p521_mod);
-    sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -117982,8 +117911,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
         sp_521_mont_sub_17(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -118000,7 +117929,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -118174,8 +118103,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -118192,7 +118121,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -118274,7 +118203,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table,
     r->z[15] = 0;
     r->z[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -118499,15 +118428,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_521));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_521));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -118703,8 +118632,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
         sp_521_mont_sub_17(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -118721,7 +118650,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -118811,8 +118740,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118867,7 +118795,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -119012,10 +118940,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119271,8 +119197,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119327,7 +119252,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -119472,10 +119397,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119693,10 +119616,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119773,10 +119694,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121787,10 +121706,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121865,10 +121782,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121966,6 +121881,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -121983,6 +121899,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -122061,12 +121982,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -122226,10 +122144,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126015,10 +125931,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126228,8 +126142,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126268,8 +126181,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126377,10 +126289,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126459,10 +126369,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126527,10 +126435,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126591,10 +126497,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126644,8 +126548,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126710,8 +126613,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -144661,16 +144563,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -146490,7 +146392,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_32(r->x, p1024_mod);
-    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->x);
 
     /* y /= z^3 */
@@ -146499,7 +146401,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_32(r->y, p1024_mod);
-    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -147945,8 +147847,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -147963,7 +147865,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -148137,8 +148039,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -148155,7 +148057,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -148496,8 +148398,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -148514,7 +148416,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -148604,8 +148506,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -148704,10 +148605,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -148963,8 +148862,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -149063,10 +148961,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -149284,10 +149180,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -152922,10 +152816,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -153000,10 +152892,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -153037,7 +152927,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -153068,10 +152958,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -153097,7 +152985,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -153164,10 +153052,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -153314,9 +153200,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -155212,9 +155096,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -155582,9 +155464,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -156009,9 +155889,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -156041,7 +155919,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -156270,7 +156148,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -156377,9 +156255,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(neg, 1, NULL);
     sp_1024_point_free_32(c, 1, NULL);
@@ -156572,9 +156448,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -156667,7 +156541,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_32(t1, p1024_mod);
-        sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
+        sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31));
         sp_1024_norm_32(t1);
         if (!sp_1024_iszero_32(t1)) {
             err = MP_VAL;
@@ -156675,8 +156549,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -156715,8 +156588,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -156824,10 +156696,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c
index ea3ce39218..0a465f4f09 100644
--- a/wolfcrypt/src/sp_arm64.c
+++ b/wolfcrypt/src/sp_arm64.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 63) / 64) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 63) / 64) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -4164,13 +4164,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16U);
         sp_2048_mont_reduce_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_16(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4333,13 +4332,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16U);
         sp_2048_mont_reduce_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_16(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5790,13 +5788,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5992,13 +5989,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6161,8 +6157,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -6837,13 +6832,12 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13355,13 +13349,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24U);
         sp_3072_mont_reduce_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_24(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13524,13 +13517,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24U);
         sp_3072_mont_reduce_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_24(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15347,13 +15339,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15499,13 +15490,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15668,8 +15658,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -16440,13 +16429,12 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20458,13 +20446,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20610,13 +20597,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20779,8 +20765,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -21647,13 +21632,12 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -22119,14 +22103,14 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
 
     (void)m;
 
-    a32[0] = a[0] & 0xffffffff;
-    a32[1] = a[0] >> 32;
-    a32[2] = a[1] & 0xffffffff;
-    a32[3] = a[1] >> 32;
-    a32[4] = a[2] & 0xffffffff;
-    a32[5] = a[2] >> 32;
-    a32[6] = a[3] & 0xffffffff;
-    a32[7] = a[3] >> 32;
+    a32[0] = (int64_t)(a[0] & 0xffffffff);
+    a32[1] = (int64_t)(a[0] >> 32);
+    a32[2] = (int64_t)(a[1] & 0xffffffff);
+    a32[3] = (int64_t)(a[1] >> 32);
+    a32[4] = (int64_t)(a[2] & 0xffffffff);
+    a32[5] = (int64_t)(a[2] >> 32);
+    a32[6] = (int64_t)(a[3] & 0xffffffff);
+    a32[7] = (int64_t)(a[3] >> 32);
 
     /*  1  1  0 -1 -1 -1 -1  0 */
     t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6];
@@ -22176,10 +22160,10 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
     t[5] += t[4] >> 32; t[4] &= 0xffffffff;
     t[6] += t[5] >> 32; t[5] &= 0xffffffff;
     t[7] += t[6] >> 32; t[6] &= 0xffffffff;
-    r[0] = (t[1] << 32) | t[0];
-    r[1] = (t[3] << 32) | t[2];
-    r[2] = (t[5] << 32) | t[4];
-    r[3] = (t[7] << 32) | t[6];
+    r[0] = (sp_digit)((t[1] << 32) | t[0]);
+    r[1] = (sp_digit)((t[3] << 32) | t[2]);
+    r[2] = (sp_digit)((t[5] << 32) | t[4]);
+    r[3] = (sp_digit)((t[7] << 32) | t[6]);
 
     return MP_OKAY;
 }
@@ -23060,7 +23044,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_4(r->x, p256_mod);
-    sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->x);
 
     /* y /= z^3 */
@@ -23069,7 +23053,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_4(r->y, p256_mod);
-    sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -24255,7 +24239,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -24486,10 +24470,8 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24731,8 +24713,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24902,10 +24883,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25164,8 +25143,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25335,10 +25313,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25557,10 +25533,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25637,10 +25611,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27350,7 +27322,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<37; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -39494,8 +39466,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -39562,10 +39533,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -39640,10 +39609,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -39796,6 +39763,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -39812,6 +39780,11 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -39890,12 +39863,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40059,10 +40029,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41930,10 +41898,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42184,8 +42150,7 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42224,8 +42189,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42333,10 +42297,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42415,10 +42377,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42483,10 +42443,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42547,10 +42505,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42616,8 +42572,7 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42682,8 +42637,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43390,18 +43344,18 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
     if (err == MP_OKAY) {
         a32 = t + 12;
 
-        a32[0] = a[0] & 0xffffffff;
-        a32[1] = a[0] >> 32;
-        a32[2] = a[1] & 0xffffffff;
-        a32[3] = a[1] >> 32;
-        a32[4] = a[2] & 0xffffffff;
-        a32[5] = a[2] >> 32;
-        a32[6] = a[3] & 0xffffffff;
-        a32[7] = a[3] >> 32;
-        a32[8] = a[4] & 0xffffffff;
-        a32[9] = a[4] >> 32;
-        a32[10] = a[5] & 0xffffffff;
-        a32[11] = a[5] >> 32;
+        a32[0] = (int64_t)(a[0] & 0xffffffff);
+        a32[1] = (int64_t)(a[0] >> 32);
+        a32[2] = (int64_t)(a[1] & 0xffffffff);
+        a32[3] = (int64_t)(a[1] >> 32);
+        a32[4] = (int64_t)(a[2] & 0xffffffff);
+        a32[5] = (int64_t)(a[2] >> 32);
+        a32[6] = (int64_t)(a[3] & 0xffffffff);
+        a32[7] = (int64_t)(a[3] >> 32);
+        a32[8] = (int64_t)(a[4] & 0xffffffff);
+        a32[9] = (int64_t)(a[4] >> 32);
+        a32[10] = (int64_t)(a[5] & 0xffffffff);
+        a32[11] = (int64_t)(a[5] >> 32);
 
         /*  1  0  0  0  0  0  0  0  1  1  0 -1 */
         t[0] = 0 + a32[0] + a32[8] + a32[9] - a32[11];
@@ -43456,17 +43410,16 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = (t[1] << 32) | t[0];
-        r[1] = (t[3] << 32) | t[2];
-        r[2] = (t[5] << 32) | t[4];
-        r[3] = (t[7] << 32) | t[6];
-        r[4] = (t[9] << 32) | t[8];
-        r[5] = (t[11] << 32) | t[10];
+        r[0] = (sp_digit)((t[1] << 32) | t[0]);
+        r[1] = (sp_digit)((t[3] << 32) | t[2]);
+        r[2] = (sp_digit)((t[5] << 32) | t[4]);
+        r[3] = (sp_digit)((t[7] << 32) | t[6]);
+        r[4] = (sp_digit)((t[9] << 32) | t[8]);
+        r[5] = (sp_digit)((t[11] << 32) | t[10]);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -44245,7 +44198,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_6(r->x, p384_mod);
-    sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->x);
 
     /* y /= z^3 */
@@ -44254,7 +44207,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_6(r->y, p384_mod);
-    sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -44824,8 +44777,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
         sp_384_mont_sub_6(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -44842,7 +44795,7 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45016,8 +44969,8 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45034,7 +44987,7 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -45248,7 +45201,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -45483,10 +45436,8 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -45556,8 +45507,8 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
         sp_384_mont_sub_6(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45574,7 +45525,7 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45688,8 +45639,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -45859,10 +45809,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46121,8 +46069,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46292,10 +46239,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46514,10 +46459,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46594,10 +46537,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48307,7 +48248,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<55; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -66265,8 +66206,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -66333,10 +66273,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -66411,10 +66349,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -66571,6 +66507,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -66587,6 +66524,11 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -66665,12 +66607,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -66834,10 +66773,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68062,10 +67999,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68272,8 +68207,7 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68312,8 +68246,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68421,10 +68354,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68503,10 +68434,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68571,10 +68500,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68635,10 +68562,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68734,8 +68659,7 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68800,8 +68724,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -72454,7 +72377,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -72463,7 +72386,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -73211,8 +73134,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
         sp_521_mont_sub_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73229,7 +73152,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73403,8 +73326,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73421,7 +73344,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -73635,7 +73558,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -73897,10 +73820,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -73970,8 +73891,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
         sp_521_mont_sub_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73988,7 +73909,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -74102,8 +74023,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74291,10 +74211,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74553,8 +74471,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74742,10 +74659,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74964,10 +74879,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -75044,10 +74957,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -77393,7 +77304,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<75; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -111429,8 +111340,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -111497,10 +111407,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -111575,10 +111483,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -111743,6 +111649,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -111760,6 +111667,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -111838,12 +111750,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -112009,10 +111918,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113011,10 +112918,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113224,8 +113129,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113264,8 +113168,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113373,10 +113276,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113455,10 +113356,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113523,10 +113422,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113587,10 +113484,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113640,8 +113535,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113706,8 +113600,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -115642,16 +115535,16 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -116275,7 +116168,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_16(r->x, p1024_mod);
-    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->x);
 
     /* y /= z^3 */
@@ -116284,7 +116177,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_16(r->y, p1024_mod);
-    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -117320,8 +117213,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -117338,7 +117231,7 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -117512,8 +117405,8 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -117530,7 +117423,7 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -117752,7 +117645,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -117918,10 +117811,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -117993,8 +117884,8 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -118011,7 +117902,7 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -118122,8 +118013,7 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118222,10 +118112,8 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118442,10 +118330,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121843,10 +121729,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121921,10 +121805,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121958,7 +121840,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -121989,10 +121871,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -122018,7 +121898,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -122085,10 +121965,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -122235,9 +122113,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -123877,9 +123753,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -124247,9 +124121,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -124674,9 +124546,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -124706,7 +124576,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -124935,7 +124805,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -125042,9 +124912,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(neg, 1, NULL);
     sp_1024_point_free_16(c, 1, NULL);
@@ -125237,9 +125105,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -125407,7 +125273,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_16(t1, p1024_mod);
-        sp_1024_cond_sub_16(t1, t1, p1024_mod, ~(n >> 63));
+        sp_1024_cond_sub_16(t1, t1, p1024_mod, (sp_digit)~(n >> 63));
         sp_1024_norm_16(t1);
         if (!sp_1024_iszero_16(t1)) {
             err = MP_VAL;
@@ -125415,8 +125281,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -125455,8 +125320,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -125564,10 +125428,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c
index c7cb418c26..56c7931149 100644
--- a/wolfcrypt/src/sp_armthumb.c
+++ b/wolfcrypt/src/sp_armthumb.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -24134,13 +24134,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -24303,13 +24302,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -27715,13 +27713,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -27867,13 +27864,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -28036,8 +28032,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -30132,13 +30127,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -75596,13 +75590,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -75765,13 +75758,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -80008,13 +80000,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -80160,13 +80151,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -80329,8 +80319,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -83223,13 +83212,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -92557,13 +92545,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -92709,13 +92696,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -92878,8 +92864,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -96565,13 +96550,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -99151,7 +99135,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_8(r->x, p256_mod);
-    sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->x);
 
     /* y /= z^3 */
@@ -99160,7 +99144,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_8(r->y, p256_mod);
-    sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -100606,8 +100590,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
         sp_256_mont_sub_8(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -100624,7 +100608,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -100798,8 +100782,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -100816,7 +100800,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -100871,7 +100855,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
     r->z[6] = 0;
     r->z[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -101065,15 +101049,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_256));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_256));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -101269,8 +101253,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
         sp_256_mont_sub_8(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -101287,7 +101271,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -101377,8 +101361,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -101415,7 +101398,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -101542,10 +101525,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -101801,8 +101782,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -101839,7 +101819,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -101966,10 +101946,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -102187,10 +102165,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -102267,10 +102243,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -103737,10 +103711,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -103815,10 +103787,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -103959,6 +103929,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -103975,6 +103946,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -104053,12 +104029,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -104216,10 +104189,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -107521,10 +107492,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -107731,8 +107700,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -107771,8 +107739,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -107880,10 +107847,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -107962,10 +107927,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -108030,10 +107993,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -108094,10 +108055,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -108163,8 +108122,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -108229,8 +108187,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -109271,23 +109228,22 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = t[0];
-        r[1] = t[1];
-        r[2] = t[2];
-        r[3] = t[3];
-        r[4] = t[4];
-        r[5] = t[5];
-        r[6] = t[6];
-        r[7] = t[7];
-        r[8] = t[8];
-        r[9] = t[9];
-        r[10] = t[10];
-        r[11] = t[11];
+        r[0] = (sp_digit)t[0];
+        r[1] = (sp_digit)t[1];
+        r[2] = (sp_digit)t[2];
+        r[3] = (sp_digit)t[3];
+        r[4] = (sp_digit)t[4];
+        r[5] = (sp_digit)t[5];
+        r[6] = (sp_digit)t[6];
+        r[7] = (sp_digit)t[7];
+        r[8] = (sp_digit)t[8];
+        r[9] = (sp_digit)t[9];
+        r[10] = (sp_digit)t[10];
+        r[11] = (sp_digit)t[11];
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -110560,7 +110516,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_12(r->x, p384_mod);
-    sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->x);
 
     /* y /= z^3 */
@@ -110569,7 +110525,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_12(r->y, p384_mod);
-    sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -111442,8 +111398,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
         sp_384_mont_sub_12(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -111460,7 +111416,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -111634,8 +111590,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -111652,7 +111608,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -111719,7 +111675,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
     r->z[10] = 0;
     r->z[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -111925,15 +111881,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_384));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_384));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -112129,8 +112085,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
         sp_384_mont_sub_12(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -112147,7 +112103,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -112237,8 +112193,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -112283,7 +112238,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -112418,10 +112373,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -112677,8 +112630,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -112723,7 +112675,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -112858,10 +112810,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113079,10 +113029,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113159,10 +113107,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -114629,10 +114575,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -114707,10 +114651,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -114887,6 +114829,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -114903,6 +114846,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -114981,12 +114929,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -115144,10 +115089,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118725,10 +118668,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118935,8 +118876,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118975,8 +118915,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119084,10 +119023,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119166,10 +119103,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119234,10 +119169,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119298,10 +119231,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119397,8 +119328,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119463,8 +119393,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -122849,7 +122778,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_17(r->x, p521_mod);
-    sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->x);
 
     /* y /= z^3 */
@@ -122858,7 +122787,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_17(r->y, p521_mod);
-    sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -125039,8 +124968,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
         sp_521_mont_sub_17(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -125057,7 +124986,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -125231,8 +125160,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -125249,7 +125178,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -125331,7 +125260,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table,
     r->z[15] = 0;
     r->z[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -125556,15 +125485,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_521));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_521));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -125760,8 +125689,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
         sp_521_mont_sub_17(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -125778,7 +125707,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -125868,8 +125797,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -125924,7 +125852,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -126069,10 +125997,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126328,8 +126254,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126384,7 +126309,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -126529,10 +126454,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126750,10 +126673,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126830,10 +126751,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -128844,10 +128763,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -128922,10 +128839,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -129147,6 +129062,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -129164,6 +129080,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -129242,12 +129163,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -129407,10 +129325,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -135672,10 +135588,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -135885,8 +135799,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -135925,8 +135838,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136034,10 +135946,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136116,10 +136026,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136184,10 +136092,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136248,10 +136154,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136301,8 +136205,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136367,8 +136270,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -202512,16 +202414,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -203932,7 +203834,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_32(r->x, p1024_mod);
-    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->x);
 
     /* y /= z^3 */
@@ -203941,7 +203843,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_32(r->y, p1024_mod);
-    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -209936,8 +209838,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -209954,7 +209856,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -210128,8 +210030,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -210146,7 +210048,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -210487,8 +210389,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -210505,7 +210407,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -210595,8 +210497,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -210695,10 +210596,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -210954,8 +210853,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -211054,10 +210952,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -211275,10 +211171,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -214913,10 +214807,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -214991,10 +214883,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -215028,7 +214918,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -215059,10 +214949,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -215088,7 +214976,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -215155,10 +215043,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -215305,9 +215191,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -217203,9 +217087,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -217573,9 +217455,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -218000,9 +217880,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -218032,7 +217910,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -218261,7 +218139,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -218368,9 +218246,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(neg, 1, NULL);
     sp_1024_point_free_32(c, 1, NULL);
@@ -218563,9 +218439,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -218658,7 +218532,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_32(t1, p1024_mod);
-        sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
+        sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31));
         sp_1024_norm_32(t1);
         if (!sp_1024_iszero_32(t1)) {
             err = MP_VAL;
@@ -218666,8 +218540,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -218706,8 +218579,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -218815,10 +218687,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c
index 21a9e0efa6..a6db0646aa 100644
--- a/wolfcrypt/src/sp_c32.c
+++ b/wolfcrypt/src/sp_c32.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -71,13 +71,13 @@
 #define SP_PRINT_NUM(var, name, total, words, bits)   \
     do {                                              \
         int ii;                                       \
-        byte nb[(bits + 7) / 8];                      \
+        byte nb[((bits) + 7) / 8];                    \
         sp_digit _s[words];                           \
         XMEMCPY(_s, var, sizeof(_s));                 \
         sp_##total##_norm_##words(_s);                \
         sp_##total##_to_bin_##words(_s, nb);          \
         fprintf(stderr, name "=0x");                  \
-        for (ii=0; ii<(bits + 7) / 8; ii++)           \
+        for (ii=0; ii<((bits) + 7) / 8; ii++)         \
             fprintf(stderr, "%02x", nb[ii]);          \
         fprintf(stderr, "\n");                        \
     } while (0)
@@ -2105,8 +2105,7 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2218,14 +2217,13 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2309,13 +2307,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2455,13 +2452,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(rt, m, mp);
         n = sp_2048_cmp_36(rt, m);
-        sp_2048_cond_sub_36(rt, rt, m, ~(n >> 31));
+        sp_2048_cond_sub_36(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 72);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -3167,8 +3163,7 @@ static int sp_2048_div_72(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -3283,14 +3278,13 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_72(t[0], m, mp);
         n = sp_2048_cmp_72(t[0], m);
-        sp_2048_cond_sub_72(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_72(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 72 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -3374,13 +3368,12 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_72(t[0], m, mp);
         n = sp_2048_cmp_72(t[0], m);
-        sp_2048_cond_sub_72(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_72(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 72 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -3503,13 +3496,12 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_72(rt, m, mp);
         n = sp_2048_cmp_72(rt, m);
-        sp_2048_cond_sub_72(rt, rt, m, ~(n >> 31));
+        sp_2048_cond_sub_72(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 144);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -3630,8 +3622,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -3742,8 +3733,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -4113,7 +4103,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 36 * 13);
@@ -4611,12 +4601,11 @@ static int sp_2048_mod_exp_2_72(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_2048_mont_reduce_72(r, m, mp);
         n = sp_2048_cmp_72(r, m);
-        sp_2048_cond_sub_72(r, r, m, ~(n >> 31));
+        sp_2048_cond_sub_72(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5790,8 +5779,7 @@ static int sp_3072_div_53(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5903,14 +5891,13 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_53(t[0], m, mp);
         n = sp_3072_cmp_53(t[0], m);
-        sp_3072_cond_sub_53(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_53(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 53 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5994,13 +5981,12 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_53(t[0], m, mp);
         n = sp_3072_cmp_53(t[0], m);
-        sp_3072_cond_sub_53(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_53(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 53 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6140,13 +6126,12 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_53(rt, m, mp);
         n = sp_3072_cmp_53(rt, m);
-        sp_3072_cond_sub_53(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_53(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 106);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6629,8 +6614,7 @@ static int sp_3072_div_106(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6743,14 +6727,13 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_106(t[0], m, mp);
         n = sp_3072_cmp_106(t[0], m);
-        sp_3072_cond_sub_106(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_106(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 106 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6834,13 +6817,12 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_106(t[0], m, mp);
         n = sp_3072_cmp_106(t[0], m);
-        sp_3072_cond_sub_106(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_106(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 106 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6963,13 +6945,12 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_106(rt, m, mp);
         n = sp_3072_cmp_106(rt, m);
-        sp_3072_cond_sub_106(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_106(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 212);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -7088,8 +7069,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -7200,8 +7180,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -7571,7 +7550,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 53 * 13);
@@ -7919,12 +7898,11 @@ static int sp_3072_mod_exp_2_106(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_106(r, m, mp);
         n = sp_3072_cmp_106(r, m);
-        sp_3072_cond_sub_106(r, r, m, ~(n >> 31));
+        sp_3072_cond_sub_106(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -9824,8 +9802,7 @@ static int sp_3072_div_56(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -9937,14 +9914,13 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_56(t[0], m, mp);
         n = sp_3072_cmp_56(t[0], m);
-        sp_3072_cond_sub_56(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_56(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 56 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10028,13 +10004,12 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_56(t[0], m, mp);
         n = sp_3072_cmp_56(t[0], m);
-        sp_3072_cond_sub_56(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_56(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 56 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10174,13 +10149,12 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_56(rt, m, mp);
         n = sp_3072_cmp_56(rt, m);
-        sp_3072_cond_sub_56(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_56(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 112);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10743,8 +10717,7 @@ static int sp_3072_div_112(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10859,14 +10832,13 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_112(t[0], m, mp);
         n = sp_3072_cmp_112(t[0], m);
-        sp_3072_cond_sub_112(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_112(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 112 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10950,13 +10922,12 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_112(t[0], m, mp);
         n = sp_3072_cmp_112(t[0], m);
-        sp_3072_cond_sub_112(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_112(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 112 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11079,13 +11050,12 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_112(rt, m, mp);
         n = sp_3072_cmp_112(rt, m);
-        sp_3072_cond_sub_112(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_112(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 224);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11206,8 +11176,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -11318,8 +11287,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -11689,7 +11657,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 56 * 13);
@@ -12258,12 +12226,11 @@ static int sp_3072_mod_exp_2_112(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_112(r, m, mp);
         n = sp_3072_cmp_112(r, m);
-        sp_3072_cond_sub_112(r, r, m, ~(n >> 31));
+        sp_3072_cond_sub_112(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13447,8 +13414,7 @@ static int sp_4096_div_71(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13560,14 +13526,13 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_71(t[0], m, mp);
         n = sp_4096_cmp_71(t[0], m);
-        sp_4096_cond_sub_71(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_71(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 71 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13651,13 +13616,12 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_71(t[0], m, mp);
         n = sp_4096_cmp_71(t[0], m);
-        sp_4096_cond_sub_71(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_71(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 71 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13797,13 +13761,12 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_71(rt, m, mp);
         n = sp_4096_cmp_71(rt, m);
-        sp_4096_cond_sub_71(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_71(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 142);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14287,8 +14250,7 @@ static int sp_4096_div_142(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14401,14 +14363,13 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_142(t[0], m, mp);
         n = sp_4096_cmp_142(t[0], m);
-        sp_4096_cond_sub_142(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_142(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 142 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14492,13 +14453,12 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_142(t[0], m, mp);
         n = sp_4096_cmp_142(t[0], m);
-        sp_4096_cond_sub_142(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_142(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 142 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14621,13 +14581,12 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_142(rt, m, mp);
         n = sp_4096_cmp_142(rt, m);
-        sp_4096_cond_sub_142(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_142(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 284);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14746,8 +14705,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -14858,8 +14816,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -15229,7 +15186,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 71 * 13);
@@ -15577,12 +15534,11 @@ static int sp_4096_mod_exp_2_142(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_142(r, m, mp);
         n = sp_4096_cmp_142(r, m);
-        sp_4096_cond_sub_142(r, r, m, ~(n >> 31));
+        sp_4096_cond_sub_142(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17362,8 +17318,7 @@ static int sp_4096_div_81(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17475,14 +17430,13 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_81(t[0], m, mp);
         n = sp_4096_cmp_81(t[0], m);
-        sp_4096_cond_sub_81(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_81(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 81 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17566,13 +17520,12 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_81(t[0], m, mp);
         n = sp_4096_cmp_81(t[0], m);
-        sp_4096_cond_sub_81(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_81(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 81 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17712,13 +17665,12 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_81(rt, m, mp);
         n = sp_4096_cmp_81(rt, m);
-        sp_4096_cond_sub_81(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_81(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 162);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18268,8 +18220,7 @@ static int sp_4096_div_162(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18384,14 +18335,13 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_162(t[0], m, mp);
         n = sp_4096_cmp_162(t[0], m);
-        sp_4096_cond_sub_162(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_162(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 162 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18475,13 +18425,12 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_162(t[0], m, mp);
         n = sp_4096_cmp_162(t[0], m);
-        sp_4096_cond_sub_162(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_162(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 162 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18604,13 +18553,12 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_162(rt, m, mp);
         n = sp_4096_cmp_162(rt, m);
-        sp_4096_cond_sub_162(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_162(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 324);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18731,8 +18679,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -18843,8 +18790,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -19214,7 +19160,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 81 * 13);
@@ -19883,12 +19829,11 @@ static int sp_4096_mod_exp_2_162(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_162(r, m, mp);
         n = sp_4096_cmp_162(r, m);
-        sp_4096_cond_sub_162(r, r, m, ~(n >> 31));
+        sp_4096_cond_sub_162(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -21099,7 +21044,7 @@ static void sp_256_map_9(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_9(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_9(r->x, p256_mod);
-    sp_256_cond_sub_9(r->x, r->x, p256_mod, ~(n >> 28));
+    sp_256_cond_sub_9(r->x, r->x, p256_mod, (sp_digit)~(n >> 28));
     sp_256_norm_9(r->x);
 
     /* y /= z^3 */
@@ -21108,7 +21053,7 @@ static void sp_256_map_9(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_9(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_9(r->y, p256_mod);
-    sp_256_cond_sub_9(r->y, r->y, p256_mod, ~(n >> 28));
+    sp_256_cond_sub_9(r->y, r->y, p256_mod, (sp_digit)~(n >> 28));
     sp_256_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -21563,8 +21508,8 @@ static void sp_256_proj_point_add_9(sp_point_256* r,
         sp_256_mont_sub_9(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -21581,7 +21526,7 @@ static void sp_256_proj_point_add_9(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -21755,8 +21700,8 @@ static int sp_256_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -21773,7 +21718,7 @@ static int sp_256_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -21907,8 +21852,7 @@ static int sp_256_mod_mul_norm_9(sp_digit* r, const sp_digit* a, const sp_digit*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -22483,7 +22427,7 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 29) {
             y &= 0x3f;
             n >>= 6;
@@ -22550,7 +22494,7 @@ static void sp_256_get_point_33_9(sp_point_256* r, const sp_point_256* table,
     r->z[7] = 0;
     r->z[8] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -22717,10 +22661,8 @@ static int sp_256_ecc_mulmod_win_add_sub_9(sp_point_256* r, const sp_point_256*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -22786,8 +22728,8 @@ static void sp_256_proj_point_add_qz1_9(sp_point_256* r,
         sp_256_mont_sub_9(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -22804,7 +22746,7 @@ static void sp_256_proj_point_add_qz1_9(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -22915,8 +22857,7 @@ static int sp_256_gen_stripe_table_9(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -22955,7 +22896,7 @@ static void sp_256_get_entry_256_9(sp_point_256* r,
     r->y[7] = 0;
     r->y[8] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -23084,10 +23025,8 @@ static int sp_256_ecc_mulmod_stripe_9(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -23305,10 +23244,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -23385,10 +23322,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24774,10 +24709,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24852,10 +24785,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24919,6 +24850,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -24935,6 +24867,11 @@ static int sp_256_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -25013,12 +24950,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25201,10 +25135,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25449,8 +25381,7 @@ static int sp_256_div_9(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -26175,8 +26106,7 @@ static int sp_256_mod_inv_9(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 9);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26384,10 +26314,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26594,8 +26522,7 @@ static int sp_256_ecc_is_point_9(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26634,8 +26561,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26743,10 +26669,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26825,10 +26749,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26893,10 +26815,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26957,10 +26877,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27026,8 +26944,7 @@ static int sp_256_mont_sqrt_9(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27092,8 +27009,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -28527,7 +28443,7 @@ static void sp_384_map_15(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_15(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_15(r->x, p384_mod);
-    sp_384_cond_sub_15(r->x, r->x, p384_mod, ~(n >> 25));
+    sp_384_cond_sub_15(r->x, r->x, p384_mod, (sp_digit)~(n >> 25));
     sp_384_norm_15(r->x);
 
     /* y /= z^3 */
@@ -28536,7 +28452,7 @@ static void sp_384_map_15(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_15(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_15(r->y, p384_mod);
-    sp_384_cond_sub_15(r->y, r->y, p384_mod, ~(n >> 25));
+    sp_384_cond_sub_15(r->y, r->y, p384_mod, (sp_digit)~(n >> 25));
     sp_384_norm_15(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -29005,8 +28921,8 @@ static void sp_384_proj_point_add_15(sp_point_384* r,
         sp_384_mont_sub_15(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29023,7 +28939,7 @@ static void sp_384_proj_point_add_15(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -29197,8 +29113,8 @@ static int sp_384_proj_point_add_15_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29215,7 +29131,7 @@ static int sp_384_proj_point_add_15_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -29393,8 +29309,7 @@ static int sp_384_mod_mul_norm_15(sp_digit* r, const sp_digit* a, const sp_digit
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -29981,7 +29896,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 26) {
             y &= 0x3f;
             n >>= 6;
@@ -30066,7 +29981,7 @@ static void sp_384_get_point_33_15(sp_point_384* r, const sp_point_384* table,
     r->z[13] = 0;
     r->z[14] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30251,10 +30166,8 @@ static int sp_384_ecc_mulmod_win_add_sub_15(sp_point_384* r, const sp_point_384*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30320,8 +30233,8 @@ static void sp_384_proj_point_add_qz1_15(sp_point_384* r,
         sp_384_mont_sub_15(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -30338,7 +30251,7 @@ static void sp_384_proj_point_add_qz1_15(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30449,8 +30362,7 @@ static int sp_384_gen_stripe_table_15(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30501,7 +30413,7 @@ static void sp_384_get_entry_256_15(sp_point_384* r,
     r->y[13] = 0;
     r->y[14] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30642,10 +30554,8 @@ static int sp_384_ecc_mulmod_stripe_15(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30863,10 +30773,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30943,10 +30851,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -32844,10 +32750,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -32922,10 +32826,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -32989,6 +32891,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_15(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -33005,6 +32908,11 @@ static int sp_384_ecc_gen_k_15(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -33083,12 +32991,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33271,10 +33176,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33561,8 +33464,7 @@ static int sp_384_div_15(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -34254,8 +34156,7 @@ static int sp_384_mod_inv_15(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 15);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34469,10 +34370,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34679,8 +34578,7 @@ static int sp_384_ecc_is_point_15(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34719,8 +34617,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34828,10 +34725,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34910,10 +34805,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34978,10 +34871,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35042,10 +34933,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35141,8 +35030,7 @@ static int sp_384_mont_sqrt_15(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35207,8 +35095,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -36201,7 +36088,7 @@ static void sp_521_map_21(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_21(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_21(r->x, p521_mod);
-    sp_521_cond_sub_21(r->x, r->x, p521_mod, ~(n >> 24));
+    sp_521_cond_sub_21(r->x, r->x, p521_mod, (sp_digit)~(n >> 24));
     sp_521_norm_21(r->x);
 
     /* y /= z^3 */
@@ -36210,7 +36097,7 @@ static void sp_521_map_21(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_21(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_21(r->y, p521_mod);
-    sp_521_cond_sub_21(r->y, r->y, p521_mod, ~(n >> 24));
+    sp_521_cond_sub_21(r->y, r->y, p521_mod, (sp_digit)~(n >> 24));
     sp_521_norm_21(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -36690,8 +36577,8 @@ static void sp_521_proj_point_add_21(sp_point_521* r,
         sp_521_mont_sub_21(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36708,7 +36595,7 @@ static void sp_521_proj_point_add_21(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -36882,8 +36769,8 @@ static int sp_521_proj_point_add_21_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36900,7 +36787,7 @@ static int sp_521_proj_point_add_21_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -37528,7 +37415,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 25) {
             y &= 0x3f;
             n >>= 6;
@@ -37631,7 +37518,7 @@ static void sp_521_get_point_33_21(sp_point_521* r, const sp_point_521* table,
     r->z[19] = 0;
     r->z[20] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -37834,10 +37721,8 @@ static int sp_521_ecc_mulmod_win_add_sub_21(sp_point_521* r, const sp_point_521*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -37903,8 +37788,8 @@ static void sp_521_proj_point_add_qz1_21(sp_point_521* r,
         sp_521_mont_sub_21(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -37921,7 +37806,7 @@ static void sp_521_proj_point_add_qz1_21(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -38032,8 +37917,7 @@ static int sp_521_gen_stripe_table_21(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38096,7 +37980,7 @@ static void sp_521_get_entry_256_21(sp_point_521* r,
     r->y[19] = 0;
     r->y[20] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -38249,10 +38133,8 @@ static int sp_521_ecc_mulmod_stripe_21(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38470,10 +38352,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38550,10 +38430,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40961,10 +40839,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41039,10 +40915,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41106,6 +40980,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_21(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -41123,6 +40998,11 @@ static int sp_521_ecc_gen_k_21(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -41201,12 +41081,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41389,10 +41266,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41699,8 +41574,7 @@ static int sp_521_div_21(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -42417,8 +42291,7 @@ static int sp_521_mod_inv_21(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 21);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42643,10 +42516,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42857,8 +42728,7 @@ static int sp_521_ecc_is_point_21(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42897,8 +42767,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43006,10 +42875,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43088,10 +42955,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43156,10 +43021,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43220,10 +43083,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43273,8 +43134,7 @@ static int sp_521_mont_sqrt_21(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43339,8 +43199,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -44382,8 +44241,7 @@ static int sp_1024_div_42(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -44462,16 +44320,16 @@ static void sp_1024_point_free_42(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -45036,7 +44894,7 @@ static void sp_1024_map_42(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_42(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_42(r->x, p1024_mod);
-    sp_1024_cond_sub_42(r->x, r->x, p1024_mod, ~(n >> 24));
+    sp_1024_cond_sub_42(r->x, r->x, p1024_mod, (sp_digit)~(n >> 24));
     sp_1024_norm_42(r->x);
 
     /* y /= z^3 */
@@ -45045,7 +44903,7 @@ static void sp_1024_map_42(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_42(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_42(r->y, p1024_mod);
-    sp_1024_cond_sub_42(r->y, r->y, p1024_mod, ~(n >> 24));
+    sp_1024_cond_sub_42(r->y, r->y, p1024_mod, (sp_digit)~(n >> 24));
     sp_1024_norm_42(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -45504,8 +45362,8 @@ static void sp_1024_proj_point_add_42(sp_point_1024* r,
         sp_1024_mont_sub_42(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45522,7 +45380,7 @@ static void sp_1024_proj_point_add_42(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45696,8 +45554,8 @@ static int sp_1024_proj_point_add_42_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45714,7 +45572,7 @@ static int sp_1024_proj_point_add_42_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -46374,7 +46232,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 7 < 25) {
             y &= 0x7f;
             n >>= 7;
@@ -46540,10 +46398,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_42(sp_point_1024* r, const sp_point_10
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46609,8 +46465,8 @@ static void sp_1024_proj_point_add_qz1_42(sp_point_1024* r,
         sp_1024_mont_sub_42(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -46627,7 +46483,7 @@ static void sp_1024_proj_point_add_qz1_42(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -46738,8 +46594,7 @@ static int sp_1024_gen_stripe_table_42(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46838,10 +46693,8 @@ static int sp_1024_ecc_mulmod_stripe_42(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -47059,10 +46912,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51004,10 +50855,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51082,10 +50931,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51119,7 +50966,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -51150,10 +50997,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51179,7 +51024,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -51246,10 +51091,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51396,9 +51239,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -53294,9 +53135,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -53664,9 +53503,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_42(c, 1, NULL);
     sp_1024_point_free_42(q, 1, NULL);
@@ -54091,9 +53928,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_42(c, 1, NULL);
     sp_1024_point_free_42(q, 1, NULL);
@@ -54123,7 +53958,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -54352,7 +54187,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -54459,9 +54294,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_42(neg, 1, NULL);
     sp_1024_point_free_42(c, 1, NULL);
@@ -54654,9 +54487,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_42(c, 1, NULL);
     sp_1024_point_free_42(q, 1, NULL);
@@ -54746,7 +54577,7 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_42(t1, p1024_mod);
-        sp_1024_cond_sub_42(t1, t1, p1024_mod, ~(n >> 24));
+        sp_1024_cond_sub_42(t1, t1, p1024_mod, (sp_digit)~(n >> 24));
         sp_1024_norm_42(t1);
         if (!sp_1024_iszero_42(t1)) {
             err = MP_VAL;
@@ -54754,8 +54585,7 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -54794,8 +54624,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -54903,10 +54732,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c
index 93fd140ba8..136cae4c7e 100644
--- a/wolfcrypt/src/sp_c64.c
+++ b/wolfcrypt/src/sp_c64.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -71,13 +71,13 @@
 #define SP_PRINT_NUM(var, name, total, words, bits)   \
     do {                                              \
         int ii;                                       \
-        byte nb[(bits + 7) / 8];                      \
+        byte nb[((bits) + 7) / 8];                    \
         sp_digit _s[words];                           \
         XMEMCPY(_s, var, sizeof(_s));                 \
         sp_##total##_norm_##words(_s);                \
         sp_##total##_to_bin_##words(_s, nb);          \
         fprintf(stderr, name "=0x");                  \
-        for (ii=0; ii<(bits + 7) / 8; ii++)           \
+        for (ii=0; ii<((bits) + 7) / 8; ii++)         \
             fprintf(stderr, "%02x", nb[ii]);          \
         fprintf(stderr, "\n");                        \
     } while (0)
@@ -1017,8 +1017,7 @@ static int sp_2048_div_17(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1130,14 +1129,13 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_17(t[0], m, mp);
         n = sp_2048_cmp_17(t[0], m);
-        sp_2048_cond_sub_17(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_17(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 17 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1221,13 +1219,12 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_17(t[0], m, mp);
         n = sp_2048_cmp_17(t[0], m);
-        sp_2048_cond_sub_17(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_17(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 17 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1367,13 +1364,12 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_17(rt, m, mp);
         n = sp_2048_cmp_17(rt, m);
-        sp_2048_cond_sub_17(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_17(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 34);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1842,8 +1838,7 @@ static int sp_2048_div_34(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1956,14 +1951,13 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_34(t[0], m, mp);
         n = sp_2048_cmp_34(t[0], m);
-        sp_2048_cond_sub_34(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_34(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 34 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2047,13 +2041,12 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_34(t[0], m, mp);
         n = sp_2048_cmp_34(t[0], m);
-        sp_2048_cond_sub_34(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_34(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 34 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2176,13 +2169,12 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_34(rt, m, mp);
         n = sp_2048_cmp_34(rt, m);
-        sp_2048_cond_sub_34(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_34(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 68);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2301,8 +2293,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -2413,8 +2404,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -2784,7 +2774,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 17 * 13);
@@ -3133,12 +3123,11 @@ static int sp_2048_mod_exp_2_34(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_2048_mont_reduce_34(r, m, mp);
         n = sp_2048_cmp_34(r, m);
-        sp_2048_cond_sub_34(r, r, m, ~(n >> 63));
+        sp_2048_cond_sub_34(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4552,8 +4541,7 @@ static int sp_2048_div_18(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4665,14 +4653,13 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_18(t[0], m, mp);
         n = sp_2048_cmp_18(t[0], m);
-        sp_2048_cond_sub_18(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_18(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 18 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4756,13 +4743,12 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_18(t[0], m, mp);
         n = sp_2048_cmp_18(t[0], m);
-        sp_2048_cond_sub_18(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_18(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 18 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4902,13 +4888,12 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_18(rt, m, mp);
         n = sp_2048_cmp_18(rt, m);
-        sp_2048_cond_sub_18(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_18(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 36);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5438,8 +5423,7 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5554,14 +5538,13 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5645,13 +5628,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5774,13 +5756,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(rt, m, mp);
         n = sp_2048_cmp_36(rt, m);
-        sp_2048_cond_sub_36(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_36(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 72);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5901,8 +5882,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -6013,8 +5993,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -6384,7 +6363,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 18 * 13);
@@ -6802,12 +6781,11 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_2048_mont_reduce_36(r, m, mp);
         n = sp_2048_cmp_36(r, m);
-        sp_2048_cond_sub_36(r, r, m, ~(n >> 63));
+        sp_2048_cond_sub_36(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -7894,8 +7872,7 @@ static int sp_3072_div_26(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8007,14 +7984,13 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_26(t[0], m, mp);
         n = sp_3072_cmp_26(t[0], m);
-        sp_3072_cond_sub_26(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_26(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 26 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8098,13 +8074,12 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_26(t[0], m, mp);
         n = sp_3072_cmp_26(t[0], m);
-        sp_3072_cond_sub_26(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_26(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 26 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8244,13 +8219,12 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_26(rt, m, mp);
         n = sp_3072_cmp_26(rt, m);
-        sp_3072_cond_sub_26(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_26(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 52);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8725,8 +8699,7 @@ static int sp_3072_div_52(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8839,14 +8812,13 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_52(t[0], m, mp);
         n = sp_3072_cmp_52(t[0], m);
-        sp_3072_cond_sub_52(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_52(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 52 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8930,13 +8902,12 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_52(t[0], m, mp);
         n = sp_3072_cmp_52(t[0], m);
-        sp_3072_cond_sub_52(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_52(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 52 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -9059,13 +9030,12 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_52(rt, m, mp);
         n = sp_3072_cmp_52(rt, m);
-        sp_3072_cond_sub_52(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_52(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 104);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -9184,8 +9154,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -9296,8 +9265,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -9667,7 +9635,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 26 * 13);
@@ -10016,12 +9984,11 @@ static int sp_3072_mod_exp_2_52(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_52(r, m, mp);
         n = sp_3072_cmp_52(r, m);
-        sp_3072_cond_sub_52(r, r, m, ~(n >> 63));
+        sp_3072_cond_sub_52(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11573,8 +11540,7 @@ static int sp_3072_div_27(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11686,14 +11652,13 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_27(t[0], m, mp);
         n = sp_3072_cmp_27(t[0], m);
-        sp_3072_cond_sub_27(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_27(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 27 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11777,13 +11742,12 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_27(t[0], m, mp);
         n = sp_3072_cmp_27(t[0], m);
-        sp_3072_cond_sub_27(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_27(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 27 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11923,13 +11887,12 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_27(rt, m, mp);
         n = sp_3072_cmp_27(rt, m);
-        sp_3072_cond_sub_27(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_27(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 54);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12470,8 +12433,7 @@ static int sp_3072_div_54(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12586,14 +12548,13 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_54(t[0], m, mp);
         n = sp_3072_cmp_54(t[0], m);
-        sp_3072_cond_sub_54(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_54(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 54 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12677,13 +12638,12 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_54(t[0], m, mp);
         n = sp_3072_cmp_54(t[0], m);
-        sp_3072_cond_sub_54(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_54(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 54 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12806,13 +12766,12 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_54(rt, m, mp);
         n = sp_3072_cmp_54(rt, m);
-        sp_3072_cond_sub_54(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_54(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 108);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12933,8 +12892,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -13045,8 +13003,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -13416,7 +13373,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 27 * 13);
@@ -13870,12 +13827,11 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_54(r, m, mp);
         n = sp_3072_cmp_54(r, m);
-        sp_3072_cond_sub_54(r, r, m, ~(n >> 63));
+        sp_3072_cond_sub_54(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14968,8 +14924,7 @@ static int sp_4096_div_35(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15081,14 +15036,13 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_35(t[0], m, mp);
         n = sp_4096_cmp_35(t[0], m);
-        sp_4096_cond_sub_35(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_35(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 35 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15172,13 +15126,12 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_35(t[0], m, mp);
         n = sp_4096_cmp_35(t[0], m);
-        sp_4096_cond_sub_35(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_35(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 35 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15318,13 +15271,12 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_35(rt, m, mp);
         n = sp_4096_cmp_35(rt, m);
-        sp_4096_cond_sub_35(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_35(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 70);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15794,8 +15746,7 @@ static int sp_4096_div_70(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15908,14 +15859,13 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_70(t[0], m, mp);
         n = sp_4096_cmp_70(t[0], m);
-        sp_4096_cond_sub_70(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_70(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 70 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15999,13 +15949,12 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_70(t[0], m, mp);
         n = sp_4096_cmp_70(t[0], m);
-        sp_4096_cond_sub_70(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_70(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 70 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16128,13 +16077,12 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_70(rt, m, mp);
         n = sp_4096_cmp_70(rt, m);
-        sp_4096_cond_sub_70(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_70(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 140);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16253,8 +16201,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -16365,8 +16312,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -16736,7 +16682,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 35 * 13);
@@ -17085,12 +17031,11 @@ static int sp_4096_mod_exp_2_70(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_70(r, m, mp);
         n = sp_4096_cmp_70(r, m);
-        sp_4096_cond_sub_70(r, r, m, ~(n >> 63));
+        sp_4096_cond_sub_70(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18697,8 +18642,7 @@ static int sp_4096_div_39(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18810,14 +18754,13 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_39(t[0], m, mp);
         n = sp_4096_cmp_39(t[0], m);
-        sp_4096_cond_sub_39(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_39(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 39 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18901,13 +18844,12 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_39(t[0], m, mp);
         n = sp_4096_cmp_39(t[0], m);
-        sp_4096_cond_sub_39(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_39(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 39 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -19047,13 +18989,12 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_39(rt, m, mp);
         n = sp_4096_cmp_39(rt, m);
-        sp_4096_cond_sub_39(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_39(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 78);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -19595,8 +19536,7 @@ static int sp_4096_div_78(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -19711,14 +19651,13 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_78(t[0], m, mp);
         n = sp_4096_cmp_78(t[0], m);
-        sp_4096_cond_sub_78(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_78(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 78 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -19802,13 +19741,12 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_78(t[0], m, mp);
         n = sp_4096_cmp_78(t[0], m);
-        sp_4096_cond_sub_78(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_78(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 78 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -19931,13 +19869,12 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_78(rt, m, mp);
         n = sp_4096_cmp_78(rt, m);
-        sp_4096_cond_sub_78(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_78(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 156);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20058,8 +19995,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -20170,8 +20106,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -20541,7 +20476,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 39 * 13);
@@ -21043,12 +20978,11 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_78(r, m, mp);
         n = sp_4096_cmp_78(r, m);
-        sp_4096_cond_sub_78(r, r, m, ~(n >> 63));
+        sp_4096_cond_sub_78(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -22079,7 +22013,7 @@ static void sp_256_map_5(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_5(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_5(r->x, p256_mod);
-    sp_256_cond_sub_5(r->x, r->x, p256_mod, ~(n >> 51));
+    sp_256_cond_sub_5(r->x, r->x, p256_mod, (sp_digit)~(n >> 51));
     sp_256_norm_5(r->x);
 
     /* y /= z^3 */
@@ -22088,7 +22022,7 @@ static void sp_256_map_5(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_5(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_5(r->y, p256_mod);
-    sp_256_cond_sub_5(r->y, r->y, p256_mod, ~(n >> 51));
+    sp_256_cond_sub_5(r->y, r->y, p256_mod, (sp_digit)~(n >> 51));
     sp_256_norm_5(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -22533,8 +22467,8 @@ static void sp_256_proj_point_add_5(sp_point_256* r,
         sp_256_mont_sub_5(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -22551,7 +22485,7 @@ static void sp_256_proj_point_add_5(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -22725,8 +22659,8 @@ static int sp_256_proj_point_add_5_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -22743,7 +22677,7 @@ static int sp_256_proj_point_add_5_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -22862,8 +22796,7 @@ static int sp_256_mod_mul_norm_5(sp_digit* r, const sp_digit* a, const sp_digit*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -23430,7 +23363,7 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 52) {
             y &= 0x3f;
             n >>= 6;
@@ -23485,7 +23418,7 @@ static void sp_256_get_point_33_5(sp_point_256* r, const sp_point_256* table,
     r->z[3] = 0;
     r->z[4] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -23640,10 +23573,8 @@ static int sp_256_ecc_mulmod_win_add_sub_5(sp_point_256* r, const sp_point_256*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -23709,8 +23640,8 @@ static void sp_256_proj_point_add_qz1_5(sp_point_256* r,
         sp_256_mont_sub_5(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -23727,7 +23658,7 @@ static void sp_256_proj_point_add_qz1_5(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -23838,8 +23769,7 @@ static int sp_256_gen_stripe_table_5(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -23870,7 +23800,7 @@ static void sp_256_get_entry_256_5(sp_point_256* r,
     r->y[3] = 0;
     r->y[4] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -23991,10 +23921,8 @@ static int sp_256_ecc_mulmod_stripe_5(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24212,10 +24140,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24292,10 +24218,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25681,10 +25605,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25759,10 +25681,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25826,6 +25746,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_5(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -25842,6 +25763,11 @@ static int sp_256_ecc_gen_k_5(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -25920,12 +25846,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26108,10 +26031,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26342,8 +26263,7 @@ static int sp_256_div_5(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -27073,8 +26993,7 @@ static int sp_256_mod_inv_5(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 5);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27278,10 +27197,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27488,8 +27405,7 @@ static int sp_256_ecc_is_point_5(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27528,8 +27444,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27637,10 +27552,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27719,10 +27632,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27787,10 +27698,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27851,10 +27760,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27920,8 +27827,7 @@ static int sp_256_mont_sqrt_5(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27986,8 +27892,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -29003,7 +28908,7 @@ static void sp_384_map_7(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_7(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_7(r->x, p384_mod);
-    sp_384_cond_sub_7(r->x, r->x, p384_mod, ~(n >> 54));
+    sp_384_cond_sub_7(r->x, r->x, p384_mod, (sp_digit)~(n >> 54));
     sp_384_norm_7(r->x);
 
     /* y /= z^3 */
@@ -29012,7 +28917,7 @@ static void sp_384_map_7(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_7(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_7(r->y, p384_mod);
-    sp_384_cond_sub_7(r->y, r->y, p384_mod, ~(n >> 54));
+    sp_384_cond_sub_7(r->y, r->y, p384_mod, (sp_digit)~(n >> 54));
     sp_384_norm_7(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -29462,8 +29367,8 @@ static void sp_384_proj_point_add_7(sp_point_384* r,
         sp_384_mont_sub_7(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29480,7 +29385,7 @@ static void sp_384_proj_point_add_7(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -29654,8 +29559,8 @@ static int sp_384_proj_point_add_7_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29672,7 +29577,7 @@ static int sp_384_proj_point_add_7_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -29823,8 +29728,7 @@ static int sp_384_mod_mul_norm_7(sp_digit* r, const sp_digit* a, const sp_digit*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30395,7 +30299,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 55) {
             y &= 0x3f;
             n >>= 6;
@@ -30456,7 +30360,7 @@ static void sp_384_get_point_33_7(sp_point_384* r, const sp_point_384* table,
     r->z[5] = 0;
     r->z[6] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30617,10 +30521,8 @@ static int sp_384_ecc_mulmod_win_add_sub_7(sp_point_384* r, const sp_point_384*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30686,8 +30588,8 @@ static void sp_384_proj_point_add_qz1_7(sp_point_384* r,
         sp_384_mont_sub_7(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -30704,7 +30606,7 @@ static void sp_384_proj_point_add_qz1_7(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30815,8 +30717,7 @@ static int sp_384_gen_stripe_table_7(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30851,7 +30752,7 @@ static void sp_384_get_entry_256_7(sp_point_384* r,
     r->y[5] = 0;
     r->y[6] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30976,10 +30877,8 @@ static int sp_384_ecc_mulmod_stripe_7(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -31197,10 +31096,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -31277,10 +31174,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33176,10 +33071,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33254,10 +33147,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33321,6 +33212,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_7(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -33337,6 +33229,11 @@ static int sp_384_ecc_gen_k_7(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -33415,12 +33312,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33603,10 +33497,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33845,8 +33737,7 @@ static int sp_384_div_7(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -34543,8 +34434,7 @@ static int sp_384_mod_inv_7(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 7);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34750,10 +34640,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34960,8 +34848,7 @@ static int sp_384_ecc_is_point_7(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35000,8 +34887,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35109,10 +34995,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35191,10 +35075,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35259,10 +35141,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35323,10 +35203,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35422,8 +35300,7 @@ static int sp_384_mont_sqrt_7(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35488,8 +35365,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -36542,7 +36418,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 57));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 57));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -36551,7 +36427,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 57));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 57));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -37006,8 +36882,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
         sp_521_mont_sub_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -37024,7 +36900,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -37198,8 +37074,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -37216,7 +37092,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -37820,7 +37696,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 58) {
             y &= 0x3f;
             n >>= 6;
@@ -37887,7 +37763,7 @@ static void sp_521_get_point_33_9(sp_point_521* r, const sp_point_521* table,
     r->z[7] = 0;
     r->z[8] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -38054,10 +37930,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38123,8 +37997,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
         sp_521_mont_sub_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -38141,7 +38015,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -38252,8 +38126,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38292,7 +38165,7 @@ static void sp_521_get_entry_256_9(sp_point_521* r,
     r->y[7] = 0;
     r->y[8] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -38421,10 +38294,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38642,10 +38513,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38722,10 +38591,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40621,10 +40488,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40699,10 +40564,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40766,6 +40629,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -40783,6 +40647,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -40861,12 +40730,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41049,10 +40915,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41297,8 +41161,7 @@ static int sp_521_div_9(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -42020,8 +41883,7 @@ static int sp_521_mod_inv_9(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 9);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42234,10 +42096,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42448,8 +42308,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42488,8 +42347,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42597,10 +42455,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42679,10 +42535,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42747,10 +42601,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42811,10 +42663,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42864,8 +42714,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42930,8 +42779,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43847,8 +43695,7 @@ static int sp_1024_div_18(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -43927,16 +43774,16 @@ static void sp_1024_point_free_18(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -44473,7 +44320,7 @@ static void sp_1024_map_18(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_18(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_18(r->x, p1024_mod);
-    sp_1024_cond_sub_18(r->x, r->x, p1024_mod, ~(n >> 56));
+    sp_1024_cond_sub_18(r->x, r->x, p1024_mod, (sp_digit)~(n >> 56));
     sp_1024_norm_18(r->x);
 
     /* y /= z^3 */
@@ -44482,7 +44329,7 @@ static void sp_1024_map_18(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_18(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_18(r->y, p1024_mod);
-    sp_1024_cond_sub_18(r->y, r->y, p1024_mod, ~(n >> 56));
+    sp_1024_cond_sub_18(r->y, r->y, p1024_mod, (sp_digit)~(n >> 56));
     sp_1024_norm_18(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -44906,8 +44753,8 @@ static void sp_1024_proj_point_add_18(sp_point_1024* r,
         sp_1024_mont_sub_18(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -44924,7 +44771,7 @@ static void sp_1024_proj_point_add_18(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45098,8 +44945,8 @@ static int sp_1024_proj_point_add_18_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45116,7 +44963,7 @@ static int sp_1024_proj_point_add_18_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -45728,7 +45575,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 7 < 57) {
             y &= 0x7f;
             n >>= 7;
@@ -45894,10 +45741,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_18(sp_point_1024* r, const sp_point_10
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -45963,8 +45808,8 @@ static void sp_1024_proj_point_add_qz1_18(sp_point_1024* r,
         sp_1024_mont_sub_18(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45981,7 +45826,7 @@ static void sp_1024_proj_point_add_qz1_18(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -46092,8 +45937,7 @@ static int sp_1024_gen_stripe_table_18(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46192,10 +46036,8 @@ static int sp_1024_ecc_mulmod_stripe_18(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46413,10 +46255,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49844,10 +49684,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49922,10 +49760,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49959,7 +49795,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -49990,10 +49826,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50019,7 +49853,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -50086,10 +49920,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50236,9 +50068,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -51878,9 +51708,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -52248,9 +52076,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_18(c, 1, NULL);
     sp_1024_point_free_18(q, 1, NULL);
@@ -52675,9 +52501,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_18(c, 1, NULL);
     sp_1024_point_free_18(q, 1, NULL);
@@ -52707,7 +52531,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -52936,7 +52760,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -53043,9 +52867,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_18(neg, 1, NULL);
     sp_1024_point_free_18(c, 1, NULL);
@@ -53238,9 +53060,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_18(c, 1, NULL);
     sp_1024_point_free_18(q, 1, NULL);
@@ -53330,7 +53150,7 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_18(t1, p1024_mod);
-        sp_1024_cond_sub_18(t1, t1, p1024_mod, ~(n >> 56));
+        sp_1024_cond_sub_18(t1, t1, p1024_mod, (sp_digit)~(n >> 56));
         sp_1024_norm_18(t1);
         if (!sp_1024_iszero_18(t1)) {
             err = MP_VAL;
@@ -53338,8 +53158,7 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -53378,8 +53197,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -53487,10 +53305,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c
index 8ef1a13c92..343f69d690 100644
--- a/wolfcrypt/src/sp_cortexm.c
+++ b/wolfcrypt/src/sp_cortexm.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -2211,7 +2211,11 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x100\n\t"
         "\n"
-    "L_sp_2048_add_64_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_add_64_word:\n\t"
+#else
+    "L_sp_2048_add_64_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -2223,10 +2227,12 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_2048_add_64_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_2048_add_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_2048_add_64_word\n\t"
 #else
-        "BNE.N	L_sp_2048_add_64_word%=\n\t"
+        "BNE.N	L_sp_2048_add_64_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -2258,7 +2264,11 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x100\n\t"
         "\n"
-    "L_sp_2048_sub_in_pkace_64_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sub_in_pkace_64_word:\n\t"
+#else
+    "L_sp_2048_sub_in_pkace_64_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -2269,10 +2279,12 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_2048_sub_in_pkace_64_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_2048_sub_in_pkace_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_2048_sub_in_pkace_64_word\n\t"
 #else
-        "BNE.N	L_sp_2048_sub_in_pkace_64_word%=\n\t"
+        "BNE.N	L_sp_2048_sub_in_pkace_64_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
@@ -2312,13 +2324,21 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_2048_mul_64_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mul_64_outer:\n\t"
+#else
+    "L_sp_2048_mul_64_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0xfc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_2048_mul_64_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mul_64_inner:\n\t"
+#else
+    "L_sp_2048_mul_64_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -2334,15 +2354,19 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_mul_64_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_mul_64_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_2048_mul_64_inner_done\n\t"
 #else
-        "BGT.N	L_sp_2048_mul_64_inner_done%=\n\t"
+        "BGT.N	L_sp_2048_mul_64_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mul_64_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mul_64_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mul_64_inner\n\t"
 #else
-        "BLT.N	L_sp_2048_mul_64_inner%=\n\t"
+        "BLT.N	L_sp_2048_mul_64_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -2351,17 +2375,23 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_2048_mul_64_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mul_64_inner_done:\n\t"
+#else
+    "L_sp_2048_mul_64_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x1f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_2048_mul_64_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_2048_mul_64_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_2048_mul_64_outer\n\t"
 #else
-        "BLE.N	L_sp_2048_mul_64_outer%=\n\t"
+        "BLE.N	L_sp_2048_mul_64_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #252]\n\t"
         "LDR	r11, [%[b], #252]\n\t"
@@ -2370,14 +2400,20 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_2048_mul_64_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mul_64_store:\n\t"
+#else
+    "L_sp_2048_mul_64_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_mul_64_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_mul_64_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_2048_mul_64_store\n\t"
 #else
-        "BGT.N	L_sp_2048_mul_64_store%=\n\t"
+        "BGT.N	L_sp_2048_mul_64_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -2410,13 +2446,21 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_2048_sqr_64_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sqr_64_outer:\n\t"
+#else
+    "L_sp_2048_sqr_64_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0xfc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_2048_sqr_64_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sqr_64_inner:\n\t"
+#else
+    "L_sp_2048_sqr_64_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -2429,15 +2473,19 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_sqr_64_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_sqr_64_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_2048_sqr_64_inner_done\n\t"
 #else
-        "BGT.N	L_sp_2048_sqr_64_inner_done%=\n\t"
+        "BGT.N	L_sp_2048_sqr_64_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_sqr_64_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_sqr_64_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_sqr_64_inner\n\t"
 #else
-        "BLT.N	L_sp_2048_sqr_64_inner%=\n\t"
+        "BLT.N	L_sp_2048_sqr_64_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -2445,17 +2493,23 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_2048_sqr_64_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sqr_64_inner_done:\n\t"
+#else
+    "L_sp_2048_sqr_64_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x1f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_2048_sqr_64_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_2048_sqr_64_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_2048_sqr_64_outer\n\t"
 #else
-        "BLE.N	L_sp_2048_sqr_64_outer%=\n\t"
+        "BLE.N	L_sp_2048_sqr_64_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #252]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -2463,14 +2517,20 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_2048_sqr_64_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sqr_64_store:\n\t"
+#else
+    "L_sp_2048_sqr_64_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_sqr_64_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_sqr_64_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_2048_sqr_64_store\n\t"
 #else
-        "BGT.N	L_sp_2048_sqr_64_store%=\n\t"
+        "BGT.N	L_sp_2048_sqr_64_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -2520,7 +2580,11 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x80\n\t"
         "\n"
-    "L_sp_2048_add_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_add_32_word:\n\t"
+#else
+    "L_sp_2048_add_32_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -2532,10 +2596,12 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_2048_add_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_2048_add_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_2048_add_32_word\n\t"
 #else
-        "BNE.N	L_sp_2048_add_32_word%=\n\t"
+        "BNE.N	L_sp_2048_add_32_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -2567,7 +2633,11 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x80\n\t"
         "\n"
-    "L_sp_2048_sub_in_pkace_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sub_in_pkace_32_word:\n\t"
+#else
+    "L_sp_2048_sub_in_pkace_32_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -2578,10 +2648,12 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_2048_sub_in_pkace_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_2048_sub_in_pkace_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_2048_sub_in_pkace_32_word\n\t"
 #else
-        "BNE.N	L_sp_2048_sub_in_pkace_32_word%=\n\t"
+        "BNE.N	L_sp_2048_sub_in_pkace_32_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
@@ -2621,13 +2693,21 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_2048_mul_32_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mul_32_outer:\n\t"
+#else
+    "L_sp_2048_mul_32_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x7c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_2048_mul_32_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mul_32_inner:\n\t"
+#else
+    "L_sp_2048_mul_32_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -2643,15 +2723,19 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_mul_32_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_mul_32_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_2048_mul_32_inner_done\n\t"
 #else
-        "BGT.N	L_sp_2048_mul_32_inner_done%=\n\t"
+        "BGT.N	L_sp_2048_mul_32_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mul_32_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mul_32_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mul_32_inner\n\t"
 #else
-        "BLT.N	L_sp_2048_mul_32_inner%=\n\t"
+        "BLT.N	L_sp_2048_mul_32_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -2660,17 +2744,23 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_2048_mul_32_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mul_32_inner_done:\n\t"
+#else
+    "L_sp_2048_mul_32_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0xf4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_2048_mul_32_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_2048_mul_32_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_2048_mul_32_outer\n\t"
 #else
-        "BLE.N	L_sp_2048_mul_32_outer%=\n\t"
+        "BLE.N	L_sp_2048_mul_32_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #124]\n\t"
         "LDR	r11, [%[b], #124]\n\t"
@@ -2679,14 +2769,20 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_2048_mul_32_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mul_32_store:\n\t"
+#else
+    "L_sp_2048_mul_32_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_mul_32_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_mul_32_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_2048_mul_32_store\n\t"
 #else
-        "BGT.N	L_sp_2048_mul_32_store%=\n\t"
+        "BGT.N	L_sp_2048_mul_32_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -2719,13 +2815,21 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_2048_sqr_32_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sqr_32_outer:\n\t"
+#else
+    "L_sp_2048_sqr_32_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x7c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_2048_sqr_32_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sqr_32_inner:\n\t"
+#else
+    "L_sp_2048_sqr_32_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -2738,15 +2842,19 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_sqr_32_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_sqr_32_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_2048_sqr_32_inner_done\n\t"
 #else
-        "BGT.N	L_sp_2048_sqr_32_inner_done%=\n\t"
+        "BGT.N	L_sp_2048_sqr_32_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_sqr_32_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_sqr_32_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_sqr_32_inner\n\t"
 #else
-        "BLT.N	L_sp_2048_sqr_32_inner%=\n\t"
+        "BLT.N	L_sp_2048_sqr_32_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -2754,17 +2862,23 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_2048_sqr_32_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sqr_32_inner_done:\n\t"
+#else
+    "L_sp_2048_sqr_32_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0xf4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_2048_sqr_32_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_2048_sqr_32_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_2048_sqr_32_outer\n\t"
 #else
-        "BLE.N	L_sp_2048_sqr_32_outer%=\n\t"
+        "BLE.N	L_sp_2048_sqr_32_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #124]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -2772,14 +2886,20 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_2048_sqr_32_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sqr_32_store:\n\t"
+#else
+    "L_sp_2048_sqr_32_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_sqr_32_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_sqr_32_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_2048_sqr_32_store\n\t"
 #else
-        "BGT.N	L_sp_2048_sqr_32_store%=\n\t"
+        "BGT.N	L_sp_2048_sqr_32_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -2838,7 +2958,11 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
-    "L_sp_2048_mul_d_64_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mul_d_64_word:\n\t"
+#else
+    "L_sp_2048_mul_d_64_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -2851,10 +2975,12 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mul_d_64_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mul_d_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mul_d_64_word\n\t"
 #else
-        "BLT.N	L_sp_2048_mul_d_64_word%=\n\t"
+        "BLT.N	L_sp_2048_mul_d_64_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #256]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -3252,7 +3378,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
-    "L_sp_2048_cond_sub_32_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_cond_sub_32_words:\n\t"
+#else
+    "L_sp_2048_cond_sub_32_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -3262,10 +3392,12 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_cond_sub_32_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_cond_sub_32_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_cond_sub_32_words\n\t"
 #else
-        "BLT.N	L_sp_2048_cond_sub_32_words%=\n\t"
+        "BLT.N	L_sp_2048_cond_sub_32_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -3448,7 +3580,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -3710,10 +3846,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x80\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_2048_mont_reduce_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_2048_mont_reduce_32_word\n\t"
 #else
-        "BLT.W	L_sp_2048_mont_reduce_32_word%=\n\t"
+        "BLT.W	L_sp_2048_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -3752,7 +3890,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -3760,7 +3902,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_32_mul%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_32_mul:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -3802,10 +3948,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_32_mul%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mont_reduce_32_mul\n\t"
 #else
-        "BLT.N	L_sp_2048_mont_reduce_32_mul%=\n\t"
+        "BLT.N	L_sp_2048_mont_reduce_32_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #128]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -3818,10 +3966,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mont_reduce_32_word\n\t"
 #else
-        "BLT.N	L_sp_2048_mont_reduce_32_word%=\n\t"
+        "BLT.N	L_sp_2048_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -3863,7 +4013,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -4030,10 +4184,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x80\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_2048_mont_reduce_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_2048_mont_reduce_32_word\n\t"
 #else
-        "BLT.W	L_sp_2048_mont_reduce_32_word%=\n\t"
+        "BLT.W	L_sp_2048_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -4075,7 +4231,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -4083,7 +4243,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_32_mul%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_32_mul:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -4113,10 +4277,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_32_mul%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mont_reduce_32_mul\n\t"
 #else
-        "BLT.N	L_sp_2048_mont_reduce_32_mul%=\n\t"
+        "BLT.N	L_sp_2048_mont_reduce_32_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #128]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -4129,10 +4295,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mont_reduce_32_word\n\t"
 #else
-        "BLT.N	L_sp_2048_mont_reduce_32_word%=\n\t"
+        "BLT.N	L_sp_2048_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -4203,7 +4371,11 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
-    "L_sp_2048_mul_d_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mul_d_32_word:\n\t"
+#else
+    "L_sp_2048_mul_d_32_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -4216,10 +4388,12 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mul_d_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mul_d_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mul_d_32_word\n\t"
 #else
-        "BLT.N	L_sp_2048_mul_d_32_word%=\n\t"
+        "BLT.N	L_sp_2048_mul_d_32_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #128]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -4517,7 +4691,11 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
-    "L_div_2048_word_32_bit%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_div_2048_word_32_bit:\n\t"
+#else
+    "L_div_2048_word_32_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -4527,7 +4705,13 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_2048_word_32_bit%=\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_2048_word_32_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_2048_word_32_bit\n\t"
+#else
+        "BPL.N	L_div_2048_word_32_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -4579,7 +4763,11 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x7c\n\t"
         "\n"
-    "L_sp_2048_cmp_32_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_cmp_32_words:\n\t"
+#else
+    "L_sp_2048_cmp_32_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -4592,7 +4780,11 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
-        "bcs	L_sp_2048_cmp_32_words%=\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "bcs	L_sp_2048_cmp_32_words\n\t"
+#else
+        "bcs	L_sp_2048_cmp_32_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #124]\n\t"
@@ -5153,13 +5345,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5322,13 +5513,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5380,7 +5570,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
-    "L_sp_2048_cond_sub_64_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_cond_sub_64_words:\n\t"
+#else
+    "L_sp_2048_cond_sub_64_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -5390,10 +5584,12 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_cond_sub_64_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_cond_sub_64_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_cond_sub_64_words\n\t"
 #else
-        "BLT.N	L_sp_2048_cond_sub_64_words%=\n\t"
+        "BLT.N	L_sp_2048_cond_sub_64_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -5688,7 +5884,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_64_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_64_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -6206,10 +6406,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x100\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_2048_mont_reduce_64_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_2048_mont_reduce_64_word\n\t"
 #else
-        "BLT.W	L_sp_2048_mont_reduce_64_word%=\n\t"
+        "BLT.W	L_sp_2048_mont_reduce_64_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -6248,7 +6450,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_64_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_64_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -6256,7 +6462,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_64_mul%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_64_mul:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -6298,10 +6508,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_64_mul%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mont_reduce_64_mul\n\t"
 #else
-        "BLT.N	L_sp_2048_mont_reduce_64_mul%=\n\t"
+        "BLT.N	L_sp_2048_mont_reduce_64_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #256]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -6314,10 +6526,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_64_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mont_reduce_64_word\n\t"
 #else
-        "BLT.N	L_sp_2048_mont_reduce_64_word%=\n\t"
+        "BLT.N	L_sp_2048_mont_reduce_64_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -6359,7 +6573,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_64_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_64_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -6686,10 +6904,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x100\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_2048_mont_reduce_64_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_2048_mont_reduce_64_word\n\t"
 #else
-        "BLT.W	L_sp_2048_mont_reduce_64_word%=\n\t"
+        "BLT.W	L_sp_2048_mont_reduce_64_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -6731,7 +6951,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_64_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_64_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -6739,7 +6963,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_2048_mont_reduce_64_mul%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_mont_reduce_64_mul:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -6769,10 +6997,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_64_mul%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mont_reduce_64_mul\n\t"
 #else
-        "BLT.N	L_sp_2048_mont_reduce_64_mul%=\n\t"
+        "BLT.N	L_sp_2048_mont_reduce_64_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #256]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -6785,10 +7015,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_64_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_mont_reduce_64_word\n\t"
 #else
-        "BLT.N	L_sp_2048_mont_reduce_64_word%=\n\t"
+        "BLT.N	L_sp_2048_mont_reduce_64_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -6854,7 +7086,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x100\n\t"
         "\n"
-    "L_sp_2048_sub_64_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_sub_64_word:\n\t"
+#else
+    "L_sp_2048_sub_64_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -6865,10 +7101,12 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_2048_sub_64_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_2048_sub_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_2048_sub_64_word\n\t"
 #else
-        "BNE.N	L_sp_2048_sub_64_word%=\n\t"
+        "BNE.N	L_sp_2048_sub_64_word_%=\n\t"
 #endif
         "MOV	%[r], r11\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -7121,7 +7359,11 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
-    "L_div_2048_word_64_bit%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_div_2048_word_64_bit:\n\t"
+#else
+    "L_div_2048_word_64_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -7131,7 +7373,13 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_2048_word_64_bit%=\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_2048_word_64_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_2048_word_64_bit\n\t"
+#else
+        "BPL.N	L_div_2048_word_64_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -7286,7 +7534,11 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0xfc\n\t"
         "\n"
-    "L_sp_2048_cmp_64_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_cmp_64_words:\n\t"
+#else
+    "L_sp_2048_cmp_64_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -7299,7 +7551,11 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
-        "bcs	L_sp_2048_cmp_64_words%=\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "bcs	L_sp_2048_cmp_64_words\n\t"
+#else
+        "bcs	L_sp_2048_cmp_64_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #252]\n\t"
@@ -8206,13 +8462,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8358,13 +8613,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8527,8 +8781,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -8562,7 +8815,11 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r8, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_2048_cond_add_32_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_2048_cond_add_32_words:\n\t"
+#else
+    "L_sp_2048_cond_add_32_words_%=:\n\t"
+#endif
         "ADDS	r5, r5, #0xffffffff\n\t"
         "LDR	r6, [%[a], r4]\n\t"
         "LDR	r7, [%[b], r4]\n\t"
@@ -8572,10 +8829,12 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r4]\n\t"
         "ADD	r4, r4, #0x4\n\t"
         "CMP	r4, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_cond_add_32_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_cond_add_32_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_2048_cond_add_32_words\n\t"
 #else
-        "BLT.N	L_sp_2048_cond_add_32_words%=\n\t"
+        "BLT.N	L_sp_2048_cond_add_32_words_%=\n\t"
 #endif
         "MOV	%[r], r5\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -9562,13 +9821,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12948,7 +13206,11 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x180\n\t"
         "\n"
-    "L_sp_3072_add_96_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_add_96_word:\n\t"
+#else
+    "L_sp_3072_add_96_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -12960,10 +13222,12 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_3072_add_96_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_3072_add_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_3072_add_96_word\n\t"
 #else
-        "BNE.N	L_sp_3072_add_96_word%=\n\t"
+        "BNE.N	L_sp_3072_add_96_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -12995,7 +13259,11 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x180\n\t"
         "\n"
-    "L_sp_3072_sub_in_pkace_96_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sub_in_pkace_96_word:\n\t"
+#else
+    "L_sp_3072_sub_in_pkace_96_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -13006,10 +13274,12 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_3072_sub_in_pkace_96_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_3072_sub_in_pkace_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_3072_sub_in_pkace_96_word\n\t"
 #else
-        "BNE.N	L_sp_3072_sub_in_pkace_96_word%=\n\t"
+        "BNE.N	L_sp_3072_sub_in_pkace_96_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
@@ -13049,13 +13319,21 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_3072_mul_96_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mul_96_outer:\n\t"
+#else
+    "L_sp_3072_mul_96_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x17c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_3072_mul_96_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mul_96_inner:\n\t"
+#else
+    "L_sp_3072_mul_96_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -13071,15 +13349,19 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_mul_96_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_mul_96_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_3072_mul_96_inner_done\n\t"
 #else
-        "BGT.N	L_sp_3072_mul_96_inner_done%=\n\t"
+        "BGT.N	L_sp_3072_mul_96_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mul_96_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mul_96_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mul_96_inner\n\t"
 #else
-        "BLT.N	L_sp_3072_mul_96_inner%=\n\t"
+        "BLT.N	L_sp_3072_mul_96_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -13088,17 +13370,23 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_3072_mul_96_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mul_96_inner_done:\n\t"
+#else
+    "L_sp_3072_mul_96_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x2f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_3072_mul_96_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_3072_mul_96_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_3072_mul_96_outer\n\t"
 #else
-        "BLE.N	L_sp_3072_mul_96_outer%=\n\t"
+        "BLE.N	L_sp_3072_mul_96_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #380]\n\t"
         "LDR	r11, [%[b], #380]\n\t"
@@ -13107,14 +13395,20 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_3072_mul_96_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mul_96_store:\n\t"
+#else
+    "L_sp_3072_mul_96_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_mul_96_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_mul_96_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_3072_mul_96_store\n\t"
 #else
-        "BGT.N	L_sp_3072_mul_96_store%=\n\t"
+        "BGT.N	L_sp_3072_mul_96_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -13147,13 +13441,21 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_3072_sqr_96_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sqr_96_outer:\n\t"
+#else
+    "L_sp_3072_sqr_96_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x17c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_3072_sqr_96_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sqr_96_inner:\n\t"
+#else
+    "L_sp_3072_sqr_96_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -13166,15 +13468,19 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_sqr_96_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_sqr_96_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_3072_sqr_96_inner_done\n\t"
 #else
-        "BGT.N	L_sp_3072_sqr_96_inner_done%=\n\t"
+        "BGT.N	L_sp_3072_sqr_96_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_sqr_96_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_sqr_96_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_sqr_96_inner\n\t"
 #else
-        "BLT.N	L_sp_3072_sqr_96_inner%=\n\t"
+        "BLT.N	L_sp_3072_sqr_96_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -13182,17 +13488,23 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_3072_sqr_96_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sqr_96_inner_done:\n\t"
+#else
+    "L_sp_3072_sqr_96_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x2f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_3072_sqr_96_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_3072_sqr_96_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_3072_sqr_96_outer\n\t"
 #else
-        "BLE.N	L_sp_3072_sqr_96_outer%=\n\t"
+        "BLE.N	L_sp_3072_sqr_96_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #380]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -13200,14 +13512,20 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_3072_sqr_96_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sqr_96_store:\n\t"
+#else
+    "L_sp_3072_sqr_96_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_sqr_96_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_sqr_96_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_3072_sqr_96_store\n\t"
 #else
-        "BGT.N	L_sp_3072_sqr_96_store%=\n\t"
+        "BGT.N	L_sp_3072_sqr_96_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -13257,7 +13575,11 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0xc0\n\t"
         "\n"
-    "L_sp_3072_add_48_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_add_48_word:\n\t"
+#else
+    "L_sp_3072_add_48_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -13269,10 +13591,12 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_3072_add_48_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_3072_add_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_3072_add_48_word\n\t"
 #else
-        "BNE.N	L_sp_3072_add_48_word%=\n\t"
+        "BNE.N	L_sp_3072_add_48_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -13304,7 +13628,11 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0xc0\n\t"
         "\n"
-    "L_sp_3072_sub_in_pkace_48_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sub_in_pkace_48_word:\n\t"
+#else
+    "L_sp_3072_sub_in_pkace_48_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -13315,10 +13643,12 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_3072_sub_in_pkace_48_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_3072_sub_in_pkace_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_3072_sub_in_pkace_48_word\n\t"
 #else
-        "BNE.N	L_sp_3072_sub_in_pkace_48_word%=\n\t"
+        "BNE.N	L_sp_3072_sub_in_pkace_48_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
@@ -13358,13 +13688,21 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_3072_mul_48_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mul_48_outer:\n\t"
+#else
+    "L_sp_3072_mul_48_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0xbc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_3072_mul_48_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mul_48_inner:\n\t"
+#else
+    "L_sp_3072_mul_48_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -13380,15 +13718,19 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_mul_48_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_mul_48_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_3072_mul_48_inner_done\n\t"
 #else
-        "BGT.N	L_sp_3072_mul_48_inner_done%=\n\t"
+        "BGT.N	L_sp_3072_mul_48_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mul_48_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mul_48_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mul_48_inner\n\t"
 #else
-        "BLT.N	L_sp_3072_mul_48_inner%=\n\t"
+        "BLT.N	L_sp_3072_mul_48_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -13397,17 +13739,23 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_3072_mul_48_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mul_48_inner_done:\n\t"
+#else
+    "L_sp_3072_mul_48_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x174\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_3072_mul_48_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_3072_mul_48_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_3072_mul_48_outer\n\t"
 #else
-        "BLE.N	L_sp_3072_mul_48_outer%=\n\t"
+        "BLE.N	L_sp_3072_mul_48_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #188]\n\t"
         "LDR	r11, [%[b], #188]\n\t"
@@ -13416,14 +13764,20 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_3072_mul_48_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mul_48_store:\n\t"
+#else
+    "L_sp_3072_mul_48_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_mul_48_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_mul_48_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_3072_mul_48_store\n\t"
 #else
-        "BGT.N	L_sp_3072_mul_48_store%=\n\t"
+        "BGT.N	L_sp_3072_mul_48_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -13456,13 +13810,21 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_3072_sqr_48_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sqr_48_outer:\n\t"
+#else
+    "L_sp_3072_sqr_48_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0xbc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_3072_sqr_48_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sqr_48_inner:\n\t"
+#else
+    "L_sp_3072_sqr_48_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -13475,15 +13837,19 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_sqr_48_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_sqr_48_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_3072_sqr_48_inner_done\n\t"
 #else
-        "BGT.N	L_sp_3072_sqr_48_inner_done%=\n\t"
+        "BGT.N	L_sp_3072_sqr_48_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_sqr_48_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_sqr_48_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_sqr_48_inner\n\t"
 #else
-        "BLT.N	L_sp_3072_sqr_48_inner%=\n\t"
+        "BLT.N	L_sp_3072_sqr_48_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -13491,17 +13857,23 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_3072_sqr_48_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sqr_48_inner_done:\n\t"
+#else
+    "L_sp_3072_sqr_48_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x174\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_3072_sqr_48_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_3072_sqr_48_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_3072_sqr_48_outer\n\t"
 #else
-        "BLE.N	L_sp_3072_sqr_48_outer%=\n\t"
+        "BLE.N	L_sp_3072_sqr_48_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #188]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -13509,14 +13881,20 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_3072_sqr_48_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sqr_48_store:\n\t"
+#else
+    "L_sp_3072_sqr_48_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_sqr_48_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_sqr_48_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_3072_sqr_48_store\n\t"
 #else
-        "BGT.N	L_sp_3072_sqr_48_store%=\n\t"
+        "BGT.N	L_sp_3072_sqr_48_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -13575,7 +13953,11 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
-    "L_sp_3072_mul_d_96_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mul_d_96_word:\n\t"
+#else
+    "L_sp_3072_mul_d_96_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -13588,10 +13970,12 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mul_d_96_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mul_d_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mul_d_96_word\n\t"
 #else
-        "BLT.N	L_sp_3072_mul_d_96_word%=\n\t"
+        "BLT.N	L_sp_3072_mul_d_96_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #384]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -14149,7 +14533,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
-    "L_sp_3072_cond_sub_48_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_cond_sub_48_words:\n\t"
+#else
+    "L_sp_3072_cond_sub_48_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -14159,10 +14547,12 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_cond_sub_48_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_cond_sub_48_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_cond_sub_48_words\n\t"
 #else
-        "BLT.N	L_sp_3072_cond_sub_48_words%=\n\t"
+        "BLT.N	L_sp_3072_cond_sub_48_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -14401,7 +14791,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_48_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_48_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -14791,10 +15185,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0xc0\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_3072_mont_reduce_48_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_3072_mont_reduce_48_word\n\t"
 #else
-        "BLT.W	L_sp_3072_mont_reduce_48_word%=\n\t"
+        "BLT.W	L_sp_3072_mont_reduce_48_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -14833,7 +15229,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_48_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_48_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -14841,7 +15241,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_48_mul%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_48_mul:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -14883,10 +15287,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_48_mul%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mont_reduce_48_mul\n\t"
 #else
-        "BLT.N	L_sp_3072_mont_reduce_48_mul%=\n\t"
+        "BLT.N	L_sp_3072_mont_reduce_48_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #192]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -14899,10 +15305,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_48_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mont_reduce_48_word\n\t"
 #else
-        "BLT.N	L_sp_3072_mont_reduce_48_word%=\n\t"
+        "BLT.N	L_sp_3072_mont_reduce_48_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -14944,7 +15352,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_48_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_48_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -15191,10 +15603,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0xc0\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_3072_mont_reduce_48_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_3072_mont_reduce_48_word\n\t"
 #else
-        "BLT.W	L_sp_3072_mont_reduce_48_word%=\n\t"
+        "BLT.W	L_sp_3072_mont_reduce_48_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -15236,7 +15650,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_48_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_48_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -15244,7 +15662,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_48_mul%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_48_mul:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -15274,10 +15696,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_48_mul%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mont_reduce_48_mul\n\t"
 #else
-        "BLT.N	L_sp_3072_mont_reduce_48_mul%=\n\t"
+        "BLT.N	L_sp_3072_mont_reduce_48_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #192]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -15290,10 +15714,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_48_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mont_reduce_48_word\n\t"
 #else
-        "BLT.N	L_sp_3072_mont_reduce_48_word%=\n\t"
+        "BLT.N	L_sp_3072_mont_reduce_48_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -15364,7 +15790,11 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
-    "L_sp_3072_mul_d_48_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mul_d_48_word:\n\t"
+#else
+    "L_sp_3072_mul_d_48_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -15377,10 +15807,12 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mul_d_48_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mul_d_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mul_d_48_word\n\t"
 #else
-        "BLT.N	L_sp_3072_mul_d_48_word%=\n\t"
+        "BLT.N	L_sp_3072_mul_d_48_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #192]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -15758,7 +16190,11 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
-    "L_div_3072_word_48_bit%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_div_3072_word_48_bit:\n\t"
+#else
+    "L_div_3072_word_48_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -15768,7 +16204,13 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_3072_word_48_bit%=\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_3072_word_48_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_3072_word_48_bit\n\t"
+#else
+        "BPL.N	L_div_3072_word_48_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -15820,7 +16262,11 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0xbc\n\t"
         "\n"
-    "L_sp_3072_cmp_48_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_cmp_48_words:\n\t"
+#else
+    "L_sp_3072_cmp_48_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -15833,7 +16279,11 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
-        "bcs	L_sp_3072_cmp_48_words%=\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "bcs	L_sp_3072_cmp_48_words\n\t"
+#else
+        "bcs	L_sp_3072_cmp_48_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #188]\n\t"
@@ -16570,13 +17020,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16739,13 +17188,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16797,7 +17245,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
-    "L_sp_3072_cond_sub_96_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_cond_sub_96_words:\n\t"
+#else
+    "L_sp_3072_cond_sub_96_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -16807,10 +17259,12 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_cond_sub_96_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_cond_sub_96_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_cond_sub_96_words\n\t"
 #else
-        "BLT.N	L_sp_3072_cond_sub_96_words%=\n\t"
+        "BLT.N	L_sp_3072_cond_sub_96_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -17217,7 +17671,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_96_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_96_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -17991,10 +18449,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x180\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_3072_mont_reduce_96_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_3072_mont_reduce_96_word\n\t"
 #else
-        "BLT.W	L_sp_3072_mont_reduce_96_word%=\n\t"
+        "BLT.W	L_sp_3072_mont_reduce_96_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -18033,7 +18493,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_96_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_96_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -18041,7 +18505,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_96_mul%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_96_mul:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -18083,10 +18551,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_96_mul%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mont_reduce_96_mul\n\t"
 #else
-        "BLT.N	L_sp_3072_mont_reduce_96_mul%=\n\t"
+        "BLT.N	L_sp_3072_mont_reduce_96_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #384]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -18099,10 +18569,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_96_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mont_reduce_96_word\n\t"
 #else
-        "BLT.N	L_sp_3072_mont_reduce_96_word%=\n\t"
+        "BLT.N	L_sp_3072_mont_reduce_96_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -18144,7 +18616,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_96_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_96_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -18631,10 +19107,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x180\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_3072_mont_reduce_96_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_3072_mont_reduce_96_word\n\t"
 #else
-        "BLT.W	L_sp_3072_mont_reduce_96_word%=\n\t"
+        "BLT.W	L_sp_3072_mont_reduce_96_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -18676,7 +19154,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_96_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_96_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -18684,7 +19166,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_3072_mont_reduce_96_mul%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_mont_reduce_96_mul:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -18714,10 +19200,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_96_mul%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mont_reduce_96_mul\n\t"
 #else
-        "BLT.N	L_sp_3072_mont_reduce_96_mul%=\n\t"
+        "BLT.N	L_sp_3072_mont_reduce_96_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #384]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -18730,10 +19218,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_96_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_mont_reduce_96_word\n\t"
 #else
-        "BLT.N	L_sp_3072_mont_reduce_96_word%=\n\t"
+        "BLT.N	L_sp_3072_mont_reduce_96_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -18799,7 +19289,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x180\n\t"
         "\n"
-    "L_sp_3072_sub_96_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_sub_96_word:\n\t"
+#else
+    "L_sp_3072_sub_96_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -18810,10 +19304,12 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_3072_sub_96_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_3072_sub_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_3072_sub_96_word\n\t"
 #else
-        "BNE.N	L_sp_3072_sub_96_word%=\n\t"
+        "BNE.N	L_sp_3072_sub_96_word_%=\n\t"
 #endif
         "MOV	%[r], r11\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -19122,7 +19618,11 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
-    "L_div_3072_word_96_bit%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_div_3072_word_96_bit:\n\t"
+#else
+    "L_div_3072_word_96_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -19132,7 +19632,13 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_3072_word_96_bit%=\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_3072_word_96_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_3072_word_96_bit\n\t"
+#else
+        "BPL.N	L_div_3072_word_96_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -19287,7 +19793,11 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x17c\n\t"
         "\n"
-    "L_sp_3072_cmp_96_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_cmp_96_words:\n\t"
+#else
+    "L_sp_3072_cmp_96_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -19300,7 +19810,11 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
-        "bcs	L_sp_3072_cmp_96_words%=\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "bcs	L_sp_3072_cmp_96_words\n\t"
+#else
+        "bcs	L_sp_3072_cmp_96_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #380]\n\t"
@@ -20559,13 +21073,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20711,13 +21224,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20880,8 +21392,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -20915,7 +21426,11 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r8, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_3072_cond_add_48_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_3072_cond_add_48_words:\n\t"
+#else
+    "L_sp_3072_cond_add_48_words_%=:\n\t"
+#endif
         "ADDS	r5, r5, #0xffffffff\n\t"
         "LDR	r6, [%[a], r4]\n\t"
         "LDR	r7, [%[b], r4]\n\t"
@@ -20925,10 +21440,12 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r4]\n\t"
         "ADD	r4, r4, #0x4\n\t"
         "CMP	r4, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_cond_add_48_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_cond_add_48_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_3072_cond_add_48_words\n\t"
 #else
-        "BLT.N	L_sp_3072_cond_add_48_words%=\n\t"
+        "BLT.N	L_sp_3072_cond_add_48_words_%=\n\t"
 #endif
         "MOV	%[r], r5\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -22163,13 +22680,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -23059,7 +23575,11 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit*
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x200\n\t"
         "\n"
-    "L_sp_4096_add_128_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_add_128_word:\n\t"
+#else
+    "L_sp_4096_add_128_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -23071,10 +23591,12 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit*
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_4096_add_128_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_4096_add_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_4096_add_128_word\n\t"
 #else
-        "BNE.N	L_sp_4096_add_128_word%=\n\t"
+        "BNE.N	L_sp_4096_add_128_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -23106,7 +23628,11 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x200\n\t"
         "\n"
-    "L_sp_4096_sub_in_pkace_128_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_sub_in_pkace_128_word:\n\t"
+#else
+    "L_sp_4096_sub_in_pkace_128_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -23117,10 +23643,12 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_4096_sub_in_pkace_128_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_4096_sub_in_pkace_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_4096_sub_in_pkace_128_word\n\t"
 #else
-        "BNE.N	L_sp_4096_sub_in_pkace_128_word%=\n\t"
+        "BNE.N	L_sp_4096_sub_in_pkace_128_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
@@ -23160,13 +23688,21 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_4096_mul_128_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mul_128_outer:\n\t"
+#else
+    "L_sp_4096_mul_128_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x1fc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_4096_mul_128_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mul_128_inner:\n\t"
+#else
+    "L_sp_4096_mul_128_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -23182,15 +23718,19 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_4096_mul_128_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_4096_mul_128_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_4096_mul_128_inner_done\n\t"
 #else
-        "BGT.N	L_sp_4096_mul_128_inner_done%=\n\t"
+        "BGT.N	L_sp_4096_mul_128_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mul_128_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mul_128_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_4096_mul_128_inner\n\t"
 #else
-        "BLT.N	L_sp_4096_mul_128_inner%=\n\t"
+        "BLT.N	L_sp_4096_mul_128_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -23199,17 +23739,23 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_4096_mul_128_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mul_128_inner_done:\n\t"
+#else
+    "L_sp_4096_mul_128_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x3f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_4096_mul_128_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_4096_mul_128_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_4096_mul_128_outer\n\t"
 #else
-        "BLE.N	L_sp_4096_mul_128_outer%=\n\t"
+        "BLE.N	L_sp_4096_mul_128_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #508]\n\t"
         "LDR	r11, [%[b], #508]\n\t"
@@ -23218,14 +23764,20 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_4096_mul_128_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mul_128_store:\n\t"
+#else
+    "L_sp_4096_mul_128_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_4096_mul_128_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_4096_mul_128_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_4096_mul_128_store\n\t"
 #else
-        "BGT.N	L_sp_4096_mul_128_store%=\n\t"
+        "BGT.N	L_sp_4096_mul_128_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -23258,13 +23810,21 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_4096_sqr_128_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_sqr_128_outer:\n\t"
+#else
+    "L_sp_4096_sqr_128_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x1fc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_4096_sqr_128_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_sqr_128_inner:\n\t"
+#else
+    "L_sp_4096_sqr_128_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -23277,15 +23837,19 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_4096_sqr_128_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_4096_sqr_128_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_4096_sqr_128_inner_done\n\t"
 #else
-        "BGT.N	L_sp_4096_sqr_128_inner_done%=\n\t"
+        "BGT.N	L_sp_4096_sqr_128_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_sqr_128_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_sqr_128_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_4096_sqr_128_inner\n\t"
 #else
-        "BLT.N	L_sp_4096_sqr_128_inner%=\n\t"
+        "BLT.N	L_sp_4096_sqr_128_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -23293,17 +23857,23 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_4096_sqr_128_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_sqr_128_inner_done:\n\t"
+#else
+    "L_sp_4096_sqr_128_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x3f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_4096_sqr_128_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_4096_sqr_128_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_4096_sqr_128_outer\n\t"
 #else
-        "BLE.N	L_sp_4096_sqr_128_outer%=\n\t"
+        "BLE.N	L_sp_4096_sqr_128_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #508]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -23311,14 +23881,20 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_4096_sqr_128_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_sqr_128_store:\n\t"
+#else
+    "L_sp_4096_sqr_128_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_4096_sqr_128_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_4096_sqr_128_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_4096_sqr_128_store\n\t"
 #else
-        "BGT.N	L_sp_4096_sqr_128_store%=\n\t"
+        "BGT.N	L_sp_4096_sqr_128_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -23375,7 +23951,11 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
-    "L_sp_4096_mul_d_128_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mul_d_128_word:\n\t"
+#else
+    "L_sp_4096_mul_d_128_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -23388,10 +23968,12 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mul_d_128_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mul_d_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_4096_mul_d_128_word\n\t"
 #else
-        "BLT.N	L_sp_4096_mul_d_128_word%=\n\t"
+        "BLT.N	L_sp_4096_mul_d_128_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #512]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -24110,7 +24692,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
-    "L_sp_4096_cond_sub_128_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_cond_sub_128_words:\n\t"
+#else
+    "L_sp_4096_cond_sub_128_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -24120,10 +24706,12 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_cond_sub_128_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_cond_sub_128_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_4096_cond_sub_128_words\n\t"
 #else
-        "BLT.N	L_sp_4096_cond_sub_128_words%=\n\t"
+        "BLT.N	L_sp_4096_cond_sub_128_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -24642,7 +25230,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
-    "L_sp_4096_mont_reduce_128_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mont_reduce_128_word:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -25672,10 +26264,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x200\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_4096_mont_reduce_128_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_4096_mont_reduce_128_word\n\t"
 #else
-        "BLT.W	L_sp_4096_mont_reduce_128_word%=\n\t"
+        "BLT.W	L_sp_4096_mont_reduce_128_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -25714,7 +26308,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
-    "L_sp_4096_mont_reduce_128_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mont_reduce_128_word:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -25722,7 +26320,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_4096_mont_reduce_128_mul%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mont_reduce_128_mul:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -25764,10 +26366,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mont_reduce_128_mul%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_4096_mont_reduce_128_mul\n\t"
 #else
-        "BLT.N	L_sp_4096_mont_reduce_128_mul%=\n\t"
+        "BLT.N	L_sp_4096_mont_reduce_128_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #512]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -25780,10 +26384,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mont_reduce_128_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_4096_mont_reduce_128_word\n\t"
 #else
-        "BLT.N	L_sp_4096_mont_reduce_128_word%=\n\t"
+        "BLT.N	L_sp_4096_mont_reduce_128_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -25825,7 +26431,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
-    "L_sp_4096_mont_reduce_128_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mont_reduce_128_word:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -26472,10 +27082,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x200\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_4096_mont_reduce_128_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_4096_mont_reduce_128_word\n\t"
 #else
-        "BLT.W	L_sp_4096_mont_reduce_128_word%=\n\t"
+        "BLT.W	L_sp_4096_mont_reduce_128_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -26517,7 +27129,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
-    "L_sp_4096_mont_reduce_128_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mont_reduce_128_word:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -26525,7 +27141,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_4096_mont_reduce_128_mul%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_mont_reduce_128_mul:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -26555,10 +27175,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mont_reduce_128_mul%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_4096_mont_reduce_128_mul\n\t"
 #else
-        "BLT.N	L_sp_4096_mont_reduce_128_mul%=\n\t"
+        "BLT.N	L_sp_4096_mont_reduce_128_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #512]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -26571,10 +27193,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mont_reduce_128_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_4096_mont_reduce_128_word\n\t"
 #else
-        "BLT.N	L_sp_4096_mont_reduce_128_word%=\n\t"
+        "BLT.N	L_sp_4096_mont_reduce_128_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -26640,7 +27264,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit*
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x200\n\t"
         "\n"
-    "L_sp_4096_sub_128_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_sub_128_word:\n\t"
+#else
+    "L_sp_4096_sub_128_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -26651,10 +27279,12 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit*
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_4096_sub_128_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_4096_sub_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_4096_sub_128_word\n\t"
 #else
-        "BNE.N	L_sp_4096_sub_128_word%=\n\t"
+        "BNE.N	L_sp_4096_sub_128_word_%=\n\t"
 #endif
         "MOV	%[r], r11\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -27019,7 +27649,11 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
-    "L_div_4096_word_128_bit%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_div_4096_word_128_bit:\n\t"
+#else
+    "L_div_4096_word_128_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -27029,7 +27663,13 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_4096_word_128_bit%=\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_4096_word_128_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_4096_word_128_bit\n\t"
+#else
+        "BPL.N	L_div_4096_word_128_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -27184,7 +27824,11 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x1fc\n\t"
         "\n"
-    "L_sp_4096_cmp_128_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_cmp_128_words:\n\t"
+#else
+    "L_sp_4096_cmp_128_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -27197,7 +27841,11 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
-        "bcs	L_sp_4096_cmp_128_words%=\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "bcs	L_sp_4096_cmp_128_words\n\t"
+#else
+        "bcs	L_sp_4096_cmp_128_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #508]\n\t"
@@ -28808,13 +29456,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -28960,13 +29607,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -29129,8 +29775,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -29164,7 +29809,11 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r8, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_4096_cond_add_64_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_4096_cond_add_64_words:\n\t"
+#else
+    "L_sp_4096_cond_add_64_words_%=:\n\t"
+#endif
         "ADDS	r5, r5, #0xffffffff\n\t"
         "LDR	r6, [%[a], r4]\n\t"
         "LDR	r7, [%[b], r4]\n\t"
@@ -29174,10 +29823,12 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r4]\n\t"
         "ADD	r4, r4, #0x4\n\t"
         "CMP	r4, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_cond_add_64_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_cond_add_64_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_4096_cond_add_64_words\n\t"
 #else
-        "BLT.N	L_sp_4096_cond_add_64_words%=\n\t"
+        "BLT.N	L_sp_4096_cond_add_64_words_%=\n\t"
 #endif
         "MOV	%[r], r5\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -30660,13 +31311,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -30857,13 +31507,21 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_256_mul_8_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_mul_8_outer:\n\t"
+#else
+    "L_sp_256_mul_8_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x1c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_256_mul_8_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_mul_8_inner:\n\t"
+#else
+    "L_sp_256_mul_8_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -30879,15 +31537,19 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_256_mul_8_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_256_mul_8_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_256_mul_8_inner_done\n\t"
 #else
-        "BGT.N	L_sp_256_mul_8_inner_done%=\n\t"
+        "BGT.N	L_sp_256_mul_8_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_256_mul_8_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mul_8_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_256_mul_8_inner\n\t"
 #else
-        "BLT.N	L_sp_256_mul_8_inner%=\n\t"
+        "BLT.N	L_sp_256_mul_8_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -30896,17 +31558,23 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_256_mul_8_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_mul_8_inner_done:\n\t"
+#else
+    "L_sp_256_mul_8_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x34\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_256_mul_8_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_256_mul_8_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_256_mul_8_outer\n\t"
 #else
-        "BLE.N	L_sp_256_mul_8_outer%=\n\t"
+        "BLE.N	L_sp_256_mul_8_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #28]\n\t"
         "LDR	r11, [%[b], #28]\n\t"
@@ -30915,14 +31583,20 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_256_mul_8_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_mul_8_store:\n\t"
+#else
+    "L_sp_256_mul_8_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_256_mul_8_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_256_mul_8_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_256_mul_8_store\n\t"
 #else
-        "BGT.N	L_sp_256_mul_8_store%=\n\t"
+        "BGT.N	L_sp_256_mul_8_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -31455,13 +32129,21 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_256_sqr_8_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_sqr_8_outer:\n\t"
+#else
+    "L_sp_256_sqr_8_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x1c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_256_sqr_8_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_sqr_8_inner:\n\t"
+#else
+    "L_sp_256_sqr_8_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -31474,15 +32156,19 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_256_sqr_8_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_256_sqr_8_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_256_sqr_8_inner_done\n\t"
 #else
-        "BGT.N	L_sp_256_sqr_8_inner_done%=\n\t"
+        "BGT.N	L_sp_256_sqr_8_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_256_sqr_8_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_256_sqr_8_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_256_sqr_8_inner\n\t"
 #else
-        "BLT.N	L_sp_256_sqr_8_inner%=\n\t"
+        "BLT.N	L_sp_256_sqr_8_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -31490,17 +32176,23 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_256_sqr_8_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_sqr_8_inner_done:\n\t"
+#else
+    "L_sp_256_sqr_8_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x34\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_256_sqr_8_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_256_sqr_8_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_256_sqr_8_outer\n\t"
 #else
-        "BLE.N	L_sp_256_sqr_8_outer%=\n\t"
+        "BLE.N	L_sp_256_sqr_8_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #28]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -31508,14 +32200,20 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_256_sqr_8_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_sqr_8_store:\n\t"
+#else
+    "L_sp_256_sqr_8_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_256_sqr_8_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_256_sqr_8_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_256_sqr_8_store\n\t"
 #else
-        "BGT.N	L_sp_256_sqr_8_store%=\n\t"
+        "BGT.N	L_sp_256_sqr_8_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -31915,7 +32613,11 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x20\n\t"
         "\n"
-    "L_sp_256_add_8_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_add_8_word:\n\t"
+#else
+    "L_sp_256_add_8_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -31927,10 +32629,12 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_256_add_8_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_256_add_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_256_add_8_word\n\t"
 #else
-        "BNE.N	L_sp_256_add_8_word%=\n\t"
+        "BNE.N	L_sp_256_add_8_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -33938,7 +34642,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x1c\n\t"
         "\n"
-    "L_sp_256_cmp_8_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_cmp_8_words:\n\t"
+#else
+    "L_sp_256_cmp_8_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -33951,7 +34659,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
-        "bcs	L_sp_256_cmp_8_words%=\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "bcs	L_sp_256_cmp_8_words\n\t"
+#else
+        "bcs	L_sp_256_cmp_8_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #28]\n\t"
@@ -34085,7 +34797,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
-    "L_sp_256_cond_sub_8_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_cond_sub_8_words:\n\t"
+#else
+    "L_sp_256_cond_sub_8_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -34095,10 +34811,12 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_256_cond_sub_8_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_256_cond_sub_8_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_256_cond_sub_8_words\n\t"
 #else
-        "BLT.N	L_sp_256_cond_sub_8_words%=\n\t"
+        "BLT.N	L_sp_256_cond_sub_8_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -34199,7 +34917,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
-    "L_sp_256_mont_reduce_8_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_mont_reduce_8_word:\n\t"
+#else
+    "L_sp_256_mont_reduce_8_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -34269,10 +34991,12 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x20\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_256_mont_reduce_8_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mont_reduce_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_256_mont_reduce_8_word\n\t"
 #else
-        "BLT.W	L_sp_256_mont_reduce_8_word%=\n\t"
+        "BLT.W	L_sp_256_mont_reduce_8_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -34314,7 +35038,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
-    "L_sp_256_mont_reduce_8_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_mont_reduce_8_word:\n\t"
+#else
+    "L_sp_256_mont_reduce_8_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -34361,10 +35089,12 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x20\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_256_mont_reduce_8_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mont_reduce_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_256_mont_reduce_8_word\n\t"
 #else
-        "BLT.W	L_sp_256_mont_reduce_8_word%=\n\t"
+        "BLT.W	L_sp_256_mont_reduce_8_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -34573,7 +35303,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit*
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
-    "L_sp_256_mont_reduce_order_8_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_mont_reduce_order_8_word:\n\t"
+#else
+    "L_sp_256_mont_reduce_order_8_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -34643,10 +35377,12 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit*
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x20\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_256_mont_reduce_order_8_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mont_reduce_order_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_256_mont_reduce_order_8_word\n\t"
 #else
-        "BLT.W	L_sp_256_mont_reduce_order_8_word%=\n\t"
+        "BLT.W	L_sp_256_mont_reduce_order_8_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -34688,7 +35424,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit*
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
-    "L_sp_256_mont_reduce_order_8_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_mont_reduce_order_8_word:\n\t"
+#else
+    "L_sp_256_mont_reduce_order_8_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -34735,10 +35475,12 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit*
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x20\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_256_mont_reduce_order_8_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mont_reduce_order_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_256_mont_reduce_order_8_word\n\t"
 #else
-        "BLT.W	L_sp_256_mont_reduce_order_8_word%=\n\t"
+        "BLT.W	L_sp_256_mont_reduce_order_8_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -34780,7 +35522,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_8(r->x, p256_mod);
-    sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->x);
 
     /* y /= z^3 */
@@ -34789,7 +35531,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_8(r->y, p256_mod);
-    sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -35431,8 +36173,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
         sp_256_mont_sub_8(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -35449,7 +36191,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -35623,8 +36365,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -35641,7 +36383,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -35696,7 +36438,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
     r->z[6] = 0;
     r->z[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -35890,15 +36632,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_256));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_256));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -36094,8 +36836,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
         sp_256_mont_sub_8(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36112,7 +36854,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -36202,8 +36944,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -36240,7 +36981,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -36367,10 +37108,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -36626,8 +37365,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -36664,7 +37402,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -36791,10 +37529,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -37012,10 +37748,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -37092,10 +37826,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38562,10 +39294,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38640,10 +39370,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38732,6 +39460,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -38748,6 +39477,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -38826,12 +39560,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38989,10 +39720,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -39075,7 +39804,11 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x20\n\t"
         "\n"
-    "L_sp_256_sub_in_pkace_8_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_sub_in_pkace_8_word:\n\t"
+#else
+    "L_sp_256_sub_in_pkace_8_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -39086,10 +39819,12 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_256_sub_in_pkace_8_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_256_sub_in_pkace_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_256_sub_in_pkace_8_word\n\t"
 #else
-        "BNE.N	L_sp_256_sub_in_pkace_8_word%=\n\t"
+        "BNE.N	L_sp_256_sub_in_pkace_8_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
@@ -39168,7 +39903,11 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
-    "L_sp_256_mul_d_8_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_mul_d_8_word:\n\t"
+#else
+    "L_sp_256_mul_d_8_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -39181,10 +39920,12 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_256_mul_d_8_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mul_d_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_256_mul_d_8_word\n\t"
 #else
-        "BLT.N	L_sp_256_mul_d_8_word%=\n\t"
+        "BLT.N	L_sp_256_mul_d_8_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #32]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -39362,7 +40103,11 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
-    "L_div_256_word_8_bit%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_div_256_word_8_bit:\n\t"
+#else
+    "L_div_256_word_8_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -39372,7 +40117,13 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_256_word_8_bit%=\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_256_word_8_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_256_word_8_bit\n\t"
+#else
+        "BPL.N	L_div_256_word_8_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -40066,7 +40817,11 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x20\n\t"
         "\n"
-    "L_sp_256_sub_8_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_sub_8_word:\n\t"
+#else
+    "L_sp_256_sub_8_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -40077,10 +40832,12 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_256_sub_8_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_256_sub_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_256_sub_8_word\n\t"
 #else
-        "BNE.N	L_sp_256_sub_8_word%=\n\t"
+        "BNE.N	L_sp_256_sub_8_word_%=\n\t"
 #endif
         "MOV	%[r], r11\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -40199,10 +40956,12 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
         "MOV	r12, #0x0\n\t"
         "LDM	%[a]!, {r4}\n\t"
         "ANDS	r3, r4, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_div2_mod_8_even%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_div2_mod_8_even_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_256_div2_mod_8_even\n\t"
 #else
-        "BEQ.N	L_sp_256_div2_mod_8_even%=\n\t"
+        "BEQ.N	L_sp_256_div2_mod_8_even_%=\n\t"
 #endif
         "LDM	%[a]!, {r5, r6, r7}\n\t"
         "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
@@ -40218,17 +40977,27 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
         "ADCS	r6, r6, r10\n\t"
         "ADCS	r7, r7, r11\n\t"
         "ADC	r3, r12, r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_div2_mod_8_div2%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_256_div2_mod_8_div2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_256_div2_mod_8_div2\n\t"
 #else
-        "B.N	L_sp_256_div2_mod_8_div2%=\n\t"
+        "B.N	L_sp_256_div2_mod_8_div2_%=\n\t"
 #endif
         "\n"
-    "L_sp_256_div2_mod_8_even%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_div2_mod_8_even:\n\t"
+#else
+    "L_sp_256_div2_mod_8_even_%=:\n\t"
+#endif
         "LDRD	r4, r5, [%[a], #12]\n\t"
         "LDRD	r6, r7, [%[a], #20]\n\t"
         "\n"
-    "L_sp_256_div2_mod_8_div2%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_div2_mod_8_div2:\n\t"
+#else
+    "L_sp_256_div2_mod_8_div2_%=:\n\t"
+#endif
         "LSR	r8, r4, #1\n\t"
         "AND	r4, r4, #0x1\n\t"
         "LSR	r9, r5, #1\n\t"
@@ -40270,129 +41039,189 @@ static int sp_256_num_bits_8(const sp_digit* a)
     __asm__ __volatile__ (
         "LDR	r1, [%[a], #28]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_7%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_256_num_bits_8_7\n\t"
 #else
-        "BEQ.N	L_sp_256_num_bits_8_7%=\n\t"
+        "BEQ.N	L_sp_256_num_bits_8_7_%=\n\t"
 #endif
         "MOV	r2, #0x100\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_256_num_bits_8_9\n\t"
 #else
-        "B.N	L_sp_256_num_bits_8_9%=\n\t"
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
-    "L_sp_256_num_bits_8_7%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_num_bits_8_7:\n\t"
+#else
+    "L_sp_256_num_bits_8_7_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #24]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_6%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_256_num_bits_8_6\n\t"
 #else
-        "BEQ.N	L_sp_256_num_bits_8_6%=\n\t"
+        "BEQ.N	L_sp_256_num_bits_8_6_%=\n\t"
 #endif
         "MOV	r2, #0xe0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_256_num_bits_8_9\n\t"
 #else
-        "B.N	L_sp_256_num_bits_8_9%=\n\t"
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
-    "L_sp_256_num_bits_8_6%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_num_bits_8_6:\n\t"
+#else
+    "L_sp_256_num_bits_8_6_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #20]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_5%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_256_num_bits_8_5\n\t"
 #else
-        "BEQ.N	L_sp_256_num_bits_8_5%=\n\t"
+        "BEQ.N	L_sp_256_num_bits_8_5_%=\n\t"
 #endif
         "MOV	r2, #0xc0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_256_num_bits_8_9\n\t"
 #else
-        "B.N	L_sp_256_num_bits_8_9%=\n\t"
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
-    "L_sp_256_num_bits_8_5%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_num_bits_8_5:\n\t"
+#else
+    "L_sp_256_num_bits_8_5_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #16]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_4%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_256_num_bits_8_4\n\t"
 #else
-        "BEQ.N	L_sp_256_num_bits_8_4%=\n\t"
+        "BEQ.N	L_sp_256_num_bits_8_4_%=\n\t"
 #endif
         "MOV	r2, #0xa0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_256_num_bits_8_9\n\t"
 #else
-        "B.N	L_sp_256_num_bits_8_9%=\n\t"
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
-    "L_sp_256_num_bits_8_4%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_num_bits_8_4:\n\t"
+#else
+    "L_sp_256_num_bits_8_4_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #12]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_3%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_256_num_bits_8_3\n\t"
 #else
-        "BEQ.N	L_sp_256_num_bits_8_3%=\n\t"
+        "BEQ.N	L_sp_256_num_bits_8_3_%=\n\t"
 #endif
         "MOV	r2, #0x80\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_256_num_bits_8_9\n\t"
 #else
-        "B.N	L_sp_256_num_bits_8_9%=\n\t"
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
-    "L_sp_256_num_bits_8_3%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_num_bits_8_3:\n\t"
+#else
+    "L_sp_256_num_bits_8_3_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #8]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_2%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_256_num_bits_8_2\n\t"
 #else
-        "BEQ.N	L_sp_256_num_bits_8_2%=\n\t"
+        "BEQ.N	L_sp_256_num_bits_8_2_%=\n\t"
 #endif
         "MOV	r2, #0x60\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_256_num_bits_8_9\n\t"
 #else
-        "B.N	L_sp_256_num_bits_8_9%=\n\t"
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
-    "L_sp_256_num_bits_8_2%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_num_bits_8_2:\n\t"
+#else
+    "L_sp_256_num_bits_8_2_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #4]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_1%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_256_num_bits_8_1\n\t"
 #else
-        "BEQ.N	L_sp_256_num_bits_8_1%=\n\t"
+        "BEQ.N	L_sp_256_num_bits_8_1_%=\n\t"
 #endif
         "MOV	r2, #0x40\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_256_num_bits_8_9\n\t"
 #else
-        "B.N	L_sp_256_num_bits_8_9%=\n\t"
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
-    "L_sp_256_num_bits_8_1%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_num_bits_8_1:\n\t"
+#else
+    "L_sp_256_num_bits_8_1_%=:\n\t"
+#endif
         "LDR	r1, [%[a]]\n\t"
         "MOV	r2, #0x20\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
         "\n"
-    "L_sp_256_num_bits_8_9%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_256_num_bits_8_9:\n\t"
+#else
+    "L_sp_256_num_bits_8_9_%=:\n\t"
+#endif
         "MOV	%[a], r4\n\t"
         : [a] "+r" (a)
         :
@@ -40684,10 +41513,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40894,8 +41721,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40934,8 +41760,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41043,10 +41868,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41125,10 +41948,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41193,10 +42014,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41257,10 +42076,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41326,8 +42143,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41392,8 +42208,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41515,13 +42330,21 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_384_mul_12_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_mul_12_outer:\n\t"
+#else
+    "L_sp_384_mul_12_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x2c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_384_mul_12_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_mul_12_inner:\n\t"
+#else
+    "L_sp_384_mul_12_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -41537,15 +42360,19 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_384_mul_12_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_384_mul_12_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_384_mul_12_inner_done\n\t"
 #else
-        "BGT.N	L_sp_384_mul_12_inner_done%=\n\t"
+        "BGT.N	L_sp_384_mul_12_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_384_mul_12_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_384_mul_12_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_384_mul_12_inner\n\t"
 #else
-        "BLT.N	L_sp_384_mul_12_inner%=\n\t"
+        "BLT.N	L_sp_384_mul_12_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -41554,17 +42381,23 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_384_mul_12_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_mul_12_inner_done:\n\t"
+#else
+    "L_sp_384_mul_12_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x54\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_384_mul_12_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_384_mul_12_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_384_mul_12_outer\n\t"
 #else
-        "BLE.N	L_sp_384_mul_12_outer%=\n\t"
+        "BLE.N	L_sp_384_mul_12_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #44]\n\t"
         "LDR	r11, [%[b], #44]\n\t"
@@ -41573,14 +42406,20 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_384_mul_12_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_mul_12_store:\n\t"
+#else
+    "L_sp_384_mul_12_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_384_mul_12_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_384_mul_12_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_384_mul_12_store\n\t"
 #else
-        "BGT.N	L_sp_384_mul_12_store%=\n\t"
+        "BGT.N	L_sp_384_mul_12_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -42643,13 +43482,21 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_384_sqr_12_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_sqr_12_outer:\n\t"
+#else
+    "L_sp_384_sqr_12_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x2c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_384_sqr_12_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_sqr_12_inner:\n\t"
+#else
+    "L_sp_384_sqr_12_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -42662,15 +43509,19 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_384_sqr_12_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_384_sqr_12_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_384_sqr_12_inner_done\n\t"
 #else
-        "BGT.N	L_sp_384_sqr_12_inner_done%=\n\t"
+        "BGT.N	L_sp_384_sqr_12_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_384_sqr_12_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_384_sqr_12_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_384_sqr_12_inner\n\t"
 #else
-        "BLT.N	L_sp_384_sqr_12_inner%=\n\t"
+        "BLT.N	L_sp_384_sqr_12_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -42678,17 +43529,23 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_384_sqr_12_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_sqr_12_inner_done:\n\t"
+#else
+    "L_sp_384_sqr_12_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x54\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_384_sqr_12_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_384_sqr_12_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_384_sqr_12_outer\n\t"
 #else
-        "BLE.N	L_sp_384_sqr_12_outer%=\n\t"
+        "BLE.N	L_sp_384_sqr_12_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #44]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -42696,14 +43553,20 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_384_sqr_12_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_sqr_12_store:\n\t"
+#else
+    "L_sp_384_sqr_12_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_384_sqr_12_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_384_sqr_12_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_384_sqr_12_store\n\t"
 #else
-        "BGT.N	L_sp_384_sqr_12_store%=\n\t"
+        "BGT.N	L_sp_384_sqr_12_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -43436,7 +44299,11 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x30\n\t"
         "\n"
-    "L_sp_384_add_12_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_add_12_word:\n\t"
+#else
+    "L_sp_384_add_12_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -43448,10 +44315,12 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_384_add_12_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_384_add_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_384_add_12_word\n\t"
 #else
-        "BNE.N	L_sp_384_add_12_word%=\n\t"
+        "BNE.N	L_sp_384_add_12_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -43592,23 +44461,22 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = t[0];
-        r[1] = t[1];
-        r[2] = t[2];
-        r[3] = t[3];
-        r[4] = t[4];
-        r[5] = t[5];
-        r[6] = t[6];
-        r[7] = t[7];
-        r[8] = t[8];
-        r[9] = t[9];
-        r[10] = t[10];
-        r[11] = t[11];
+        r[0] = (sp_digit)t[0];
+        r[1] = (sp_digit)t[1];
+        r[2] = (sp_digit)t[2];
+        r[3] = (sp_digit)t[3];
+        r[4] = (sp_digit)t[4];
+        r[5] = (sp_digit)t[5];
+        r[6] = (sp_digit)t[6];
+        r[7] = (sp_digit)t[7];
+        r[8] = (sp_digit)t[8];
+        r[9] = (sp_digit)t[9];
+        r[10] = (sp_digit)t[10];
+        r[11] = (sp_digit)t[11];
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43836,7 +44704,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
-    "L_sp_384_cond_sub_12_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_cond_sub_12_words:\n\t"
+#else
+    "L_sp_384_cond_sub_12_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -43846,10 +44718,12 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x30\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_384_cond_sub_12_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_384_cond_sub_12_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_384_cond_sub_12_words\n\t"
 #else
-        "BLT.N	L_sp_384_cond_sub_12_words%=\n\t"
+        "BLT.N	L_sp_384_cond_sub_12_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -43963,7 +44837,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
-    "L_sp_384_mont_reduce_12_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_mont_reduce_12_word:\n\t"
+#else
+    "L_sp_384_mont_reduce_12_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -44065,10 +44943,12 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x30\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_384_mont_reduce_12_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_384_mont_reduce_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_384_mont_reduce_12_word\n\t"
 #else
-        "BLT.W	L_sp_384_mont_reduce_12_word%=\n\t"
+        "BLT.W	L_sp_384_mont_reduce_12_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -44110,7 +44990,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
-    "L_sp_384_mont_reduce_12_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_mont_reduce_12_word:\n\t"
+#else
+    "L_sp_384_mont_reduce_12_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -44177,10 +45061,12 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x30\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_384_mont_reduce_12_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_384_mont_reduce_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_384_mont_reduce_12_word\n\t"
 #else
-        "BLT.W	L_sp_384_mont_reduce_12_word%=\n\t"
+        "BLT.W	L_sp_384_mont_reduce_12_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -44365,7 +45251,11 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x2c\n\t"
         "\n"
-    "L_sp_384_cmp_12_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_cmp_12_words:\n\t"
+#else
+    "L_sp_384_cmp_12_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -44378,7 +45268,11 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
-        "bcs	L_sp_384_cmp_12_words%=\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "bcs	L_sp_384_cmp_12_words\n\t"
+#else
+        "bcs	L_sp_384_cmp_12_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #44]\n\t"
@@ -44553,7 +45447,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_12(r->x, p384_mod);
-    sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->x);
 
     /* y /= z^3 */
@@ -44562,7 +45456,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_12(r->y, p384_mod);
-    sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -44668,7 +45562,11 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x30\n\t"
         "\n"
-    "L_sp_384_sub_12_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_sub_12_word:\n\t"
+#else
+    "L_sp_384_sub_12_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -44679,10 +45577,12 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_384_sub_12_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_384_sub_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_384_sub_12_word\n\t"
 #else
-        "BNE.N	L_sp_384_sub_12_word%=\n\t"
+        "BNE.N	L_sp_384_sub_12_word_%=\n\t"
 #endif
         "MOV	%[r], r11\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -44769,7 +45669,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi
         "MOV	r8, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_384_cond_add_12_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_cond_add_12_words:\n\t"
+#else
+    "L_sp_384_cond_add_12_words_%=:\n\t"
+#endif
         "ADDS	r5, r5, #0xffffffff\n\t"
         "LDR	r6, [%[a], r4]\n\t"
         "LDR	r7, [%[b], r4]\n\t"
@@ -44779,10 +45683,12 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi
         "STR	r6, [%[r], r4]\n\t"
         "ADD	r4, r4, #0x4\n\t"
         "CMP	r4, #0x30\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_384_cond_add_12_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_384_cond_add_12_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_384_cond_add_12_words\n\t"
 #else
-        "BLT.N	L_sp_384_cond_add_12_words%=\n\t"
+        "BLT.N	L_sp_384_cond_add_12_words_%=\n\t"
 #endif
         "MOV	%[r], r5\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -45268,8 +46174,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
         sp_384_mont_sub_12(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45286,7 +46192,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45460,8 +46366,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45478,7 +46384,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -45545,7 +46451,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
     r->z[10] = 0;
     r->z[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -45751,15 +46657,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_384));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_384));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -45955,8 +46861,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
         sp_384_mont_sub_12(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45973,7 +46879,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -46063,8 +46969,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46109,7 +47014,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -46244,10 +47149,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46503,8 +47406,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46549,7 +47451,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -46684,10 +47586,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46905,10 +47805,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46985,10 +47883,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48455,10 +49351,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48533,10 +49427,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48631,6 +49523,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -48647,6 +49540,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -48725,12 +49623,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48888,10 +49783,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48974,7 +49867,11 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x30\n\t"
         "\n"
-    "L_sp_384_sub_in_pkace_12_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_sub_in_pkace_12_word:\n\t"
+#else
+    "L_sp_384_sub_in_pkace_12_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -48985,10 +49882,12 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_384_sub_in_pkace_12_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_384_sub_in_pkace_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_384_sub_in_pkace_12_word\n\t"
 #else
-        "BNE.N	L_sp_384_sub_in_pkace_12_word%=\n\t"
+        "BNE.N	L_sp_384_sub_in_pkace_12_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
@@ -49074,7 +49973,11 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
-    "L_sp_384_mul_d_12_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_mul_d_12_word:\n\t"
+#else
+    "L_sp_384_mul_d_12_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -49087,10 +49990,12 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x30\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_384_mul_d_12_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_384_mul_d_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_384_mul_d_12_word\n\t"
 #else
-        "BLT.N	L_sp_384_mul_d_12_word%=\n\t"
+        "BLT.N	L_sp_384_mul_d_12_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #48]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -49288,7 +50193,11 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
-    "L_div_384_word_12_bit%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_div_384_word_12_bit:\n\t"
+#else
+    "L_div_384_word_12_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -49298,7 +50207,13 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_384_word_12_bit%=\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_384_word_12_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_384_word_12_bit\n\t"
+#else
+        "BPL.N	L_div_384_word_12_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -49961,10 +50876,12 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m
     __asm__ __volatile__ (
         "LDM	%[a]!, {r4}\n\t"
         "ANDS	r3, r4, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_div2_mod_12_even%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_div2_mod_12_even_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_div2_mod_12_even\n\t"
 #else
-        "BEQ.N	L_sp_384_div2_mod_12_even%=\n\t"
+        "BEQ.N	L_sp_384_div2_mod_12_even_%=\n\t"
 #endif
         "MOV	r12, #0x0\n\t"
         "LDM	%[a]!, {r5, r6, r7}\n\t"
@@ -49989,13 +50906,19 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m
         "ADCS	r7, r7, r11\n\t"
         "STM	%[r]!, {r4, r5, r6, r7}\n\t"
         "ADC	r3, r12, r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_div2_mod_12_div2%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_div2_mod_12_div2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_div2_mod_12_div2\n\t"
 #else
-        "B.N	L_sp_384_div2_mod_12_div2%=\n\t"
+        "B.N	L_sp_384_div2_mod_12_div2_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_div2_mod_12_even%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_div2_mod_12_even:\n\t"
+#else
+    "L_sp_384_div2_mod_12_even_%=:\n\t"
+#endif
         "LDM	%[a]!, {r5, r6, r7}\n\t"
         "STM	%[r]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
@@ -50003,7 +50926,11 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "STM	%[r]!, {r4, r5, r6, r7}\n\t"
         "\n"
-    "L_sp_384_div2_mod_12_div2%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_div2_mod_12_div2:\n\t"
+#else
+    "L_sp_384_div2_mod_12_div2_%=:\n\t"
+#endif
         "SUB	%[r], %[r], #0x30\n\t"
         "LDRD	r8, r9, [%[r]]\n\t"
         "LSR	r8, r8, #1\n\t"
@@ -50071,197 +50998,289 @@ static int sp_384_num_bits_12(const sp_digit* a)
     __asm__ __volatile__ (
         "LDR	r1, [%[a], #44]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_11%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_11_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_11\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_11%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_11_%=\n\t"
 #endif
         "MOV	r2, #0x180\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_11%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_11:\n\t"
+#else
+    "L_sp_384_num_bits_12_11_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #40]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_10%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_10_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_10\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_10%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_10_%=\n\t"
 #endif
         "MOV	r2, #0x160\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_10%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_10:\n\t"
+#else
+    "L_sp_384_num_bits_12_10_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #36]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_9%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_9\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_9%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_9_%=\n\t"
 #endif
         "MOV	r2, #0x140\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_9%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_9:\n\t"
+#else
+    "L_sp_384_num_bits_12_9_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #32]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_8%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_8\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_8%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_8_%=\n\t"
 #endif
         "MOV	r2, #0x120\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_8%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_8:\n\t"
+#else
+    "L_sp_384_num_bits_12_8_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #28]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_7%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_7\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_7%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_7_%=\n\t"
 #endif
         "MOV	r2, #0x100\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_7%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_7:\n\t"
+#else
+    "L_sp_384_num_bits_12_7_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #24]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_6%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_6\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_6%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_6_%=\n\t"
 #endif
         "MOV	r2, #0xe0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_6%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_6:\n\t"
+#else
+    "L_sp_384_num_bits_12_6_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #20]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_5%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_5\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_5%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_5_%=\n\t"
 #endif
         "MOV	r2, #0xc0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_5%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_5:\n\t"
+#else
+    "L_sp_384_num_bits_12_5_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #16]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_4%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_4\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_4%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_4_%=\n\t"
 #endif
         "MOV	r2, #0xa0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_4%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_4:\n\t"
+#else
+    "L_sp_384_num_bits_12_4_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #12]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_3%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_3\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_3%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_3_%=\n\t"
 #endif
         "MOV	r2, #0x80\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_3%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_3:\n\t"
+#else
+    "L_sp_384_num_bits_12_3_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #8]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_2%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_2\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_2%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_2_%=\n\t"
 #endif
         "MOV	r2, #0x60\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_2%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_2:\n\t"
+#else
+    "L_sp_384_num_bits_12_2_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #4]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_1%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_384_num_bits_12_1\n\t"
 #else
-        "BEQ.N	L_sp_384_num_bits_12_1%=\n\t"
+        "BEQ.N	L_sp_384_num_bits_12_1_%=\n\t"
 #endif
         "MOV	r2, #0x40\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_384_num_bits_12_13\n\t"
 #else
-        "B.N	L_sp_384_num_bits_12_13%=\n\t"
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
-    "L_sp_384_num_bits_12_1%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_1:\n\t"
+#else
+    "L_sp_384_num_bits_12_1_%=:\n\t"
+#endif
         "LDR	r1, [%[a]]\n\t"
         "MOV	r2, #0x20\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
         "\n"
-    "L_sp_384_num_bits_12_13%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_384_num_bits_12_13:\n\t"
+#else
+    "L_sp_384_num_bits_12_13_%=:\n\t"
+#endif
         "MOV	%[a], r4\n\t"
         : [a] "+r" (a)
         :
@@ -50557,10 +51576,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50767,8 +51784,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50807,8 +51823,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50916,10 +51931,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50998,10 +52011,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51066,10 +52077,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51130,10 +52139,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51229,8 +52236,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51295,8 +52301,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51430,13 +52435,21 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_521_mul_17_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_mul_17_outer:\n\t"
+#else
+    "L_sp_521_mul_17_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x40\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_521_mul_17_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_mul_17_inner:\n\t"
+#else
+    "L_sp_521_mul_17_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -51452,15 +52465,19 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_521_mul_17_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_521_mul_17_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_521_mul_17_inner_done\n\t"
 #else
-        "BGT.N	L_sp_521_mul_17_inner_done%=\n\t"
+        "BGT.N	L_sp_521_mul_17_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_521_mul_17_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_521_mul_17_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_521_mul_17_inner\n\t"
 #else
-        "BLT.N	L_sp_521_mul_17_inner%=\n\t"
+        "BLT.N	L_sp_521_mul_17_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -51469,17 +52486,23 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_521_mul_17_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_mul_17_inner_done:\n\t"
+#else
+    "L_sp_521_mul_17_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x7c\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_521_mul_17_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_521_mul_17_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_521_mul_17_outer\n\t"
 #else
-        "BLE.N	L_sp_521_mul_17_outer%=\n\t"
+        "BLE.N	L_sp_521_mul_17_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #64]\n\t"
         "LDR	r11, [%[b], #64]\n\t"
@@ -51491,14 +52514,20 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "STM	%[r]!, {r6, r7}\n\t"
         "SUB	r5, r5, #0x8\n\t"
         "\n"
-    "L_sp_521_mul_17_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_mul_17_store:\n\t"
+#else
+    "L_sp_521_mul_17_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_521_mul_17_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_521_mul_17_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_521_mul_17_store\n\t"
 #else
-        "BGT.N	L_sp_521_mul_17_store%=\n\t"
+        "BGT.N	L_sp_521_mul_17_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -53575,13 +54604,21 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_521_sqr_17_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_sqr_17_outer:\n\t"
+#else
+    "L_sp_521_sqr_17_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x40\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_521_sqr_17_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_sqr_17_inner:\n\t"
+#else
+    "L_sp_521_sqr_17_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -53594,15 +54631,19 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_521_sqr_17_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_521_sqr_17_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_521_sqr_17_inner_done\n\t"
 #else
-        "BGT.N	L_sp_521_sqr_17_inner_done%=\n\t"
+        "BGT.N	L_sp_521_sqr_17_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_521_sqr_17_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_521_sqr_17_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_521_sqr_17_inner\n\t"
 #else
-        "BLT.N	L_sp_521_sqr_17_inner%=\n\t"
+        "BLT.N	L_sp_521_sqr_17_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -53610,17 +54651,23 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_521_sqr_17_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_sqr_17_inner_done:\n\t"
+#else
+    "L_sp_521_sqr_17_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x7c\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_521_sqr_17_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_521_sqr_17_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_521_sqr_17_outer\n\t"
 #else
-        "BLE.N	L_sp_521_sqr_17_outer%=\n\t"
+        "BLE.N	L_sp_521_sqr_17_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #64]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -53631,14 +54678,20 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a)
         "STM	%[r]!, {r6, r7}\n\t"
         "SUB	r5, r5, #0x8\n\t"
         "\n"
-    "L_sp_521_sqr_17_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_sqr_17_store:\n\t"
+#else
+    "L_sp_521_sqr_17_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_521_sqr_17_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_521_sqr_17_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_521_sqr_17_store\n\t"
 #else
-        "BGT.N	L_sp_521_sqr_17_store%=\n\t"
+        "BGT.N	L_sp_521_sqr_17_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -54955,7 +56008,11 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x40\n\t"
         "\n"
-    "L_sp_521_add_17_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_add_17_word:\n\t"
+#else
+    "L_sp_521_add_17_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -54967,10 +56024,12 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_521_add_17_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_521_add_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_521_add_17_word\n\t"
 #else
-        "BNE.N	L_sp_521_add_17_word%=\n\t"
+        "BNE.N	L_sp_521_add_17_word_%=\n\t"
 #endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a], {r4}\n\t"
@@ -55288,7 +56347,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
-    "L_sp_521_cond_sub_17_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_cond_sub_17_words:\n\t"
+#else
+    "L_sp_521_cond_sub_17_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -55298,10 +56361,12 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x44\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_521_cond_sub_17_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_521_cond_sub_17_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_521_cond_sub_17_words\n\t"
 #else
-        "BLT.N	L_sp_521_cond_sub_17_words%=\n\t"
+        "BLT.N	L_sp_521_cond_sub_17_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -55568,19 +56633,29 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit*
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
-    "L_sp_521_mont_reduce_order_17_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_mont_reduce_order_17_word:\n\t"
+#else
+    "L_sp_521_mont_reduce_order_17_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         "CMP	r11, #0x40\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_521_mont_reduce_order_17_nomask%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_521_mont_reduce_order_17_nomask\n\t"
 #else
-        "BNE.N	L_sp_521_mont_reduce_order_17_nomask%=\n\t"
+        "BNE.N	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
 #endif
         "MOV	r9, #0x1ff\n\t"
         "AND	r10, r10, r9\n\t"
         "\n"
-    "L_sp_521_mont_reduce_order_17_nomask%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_mont_reduce_order_17_nomask:\n\t"
+#else
+    "L_sp_521_mont_reduce_order_17_nomask_%=:\n\t"
+#endif
         /* a[i+0] += m[0] * mu */
         "MOV	r7, #0x0\n\t"
         "UMLAL	r4, r7, r10, lr\n\t"
@@ -55721,10 +56796,12 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit*
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x44\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_521_mont_reduce_order_17_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_521_mont_reduce_order_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_521_mont_reduce_order_17_word\n\t"
 #else
-        "BLT.W	L_sp_521_mont_reduce_order_17_word%=\n\t"
+        "BLT.W	L_sp_521_mont_reduce_order_17_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -55836,19 +56913,29 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit*
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
-    "L_sp_521_mont_reduce_order_17_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_mont_reduce_order_17_word:\n\t"
+#else
+    "L_sp_521_mont_reduce_order_17_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         "CMP	r4, #0x40\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_521_mont_reduce_order_17_nomask%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_521_mont_reduce_order_17_nomask\n\t"
 #else
-        "BNE.N	L_sp_521_mont_reduce_order_17_nomask%=\n\t"
+        "BNE.N	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
 #endif
         "MOV	r12, #0x1ff\n\t"
         "AND	lr, lr, r12\n\t"
         "\n"
-    "L_sp_521_mont_reduce_order_17_nomask%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_mont_reduce_order_17_nomask:\n\t"
+#else
+    "L_sp_521_mont_reduce_order_17_nomask_%=:\n\t"
+#endif
         /* a[i+0] += m[0] * mu */
         "LDR	r12, [%[m]]\n\t"
         "MOV	r3, #0x0\n\t"
@@ -55939,10 +57026,12 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit*
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x44\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_521_mont_reduce_order_17_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_521_mont_reduce_order_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_521_mont_reduce_order_17_word\n\t"
 #else
-        "BLT.W	L_sp_521_mont_reduce_order_17_word%=\n\t"
+        "BLT.W	L_sp_521_mont_reduce_order_17_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -56194,7 +57283,11 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x40\n\t"
         "\n"
-    "L_sp_521_cmp_17_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_cmp_17_words:\n\t"
+#else
+    "L_sp_521_cmp_17_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -56207,7 +57300,11 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
-        "bcs	L_sp_521_cmp_17_words%=\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "bcs	L_sp_521_cmp_17_words\n\t"
+#else
+        "bcs	L_sp_521_cmp_17_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #64]\n\t"
@@ -56437,7 +57534,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_17(r->x, p521_mod);
-    sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->x);
 
     /* y /= z^3 */
@@ -56446,7 +57543,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_17(r->y, p521_mod);
-    sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -57212,8 +58309,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
         sp_521_mont_sub_17(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -57230,7 +58327,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -57404,8 +58501,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -57422,7 +58519,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -57504,7 +58601,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table,
     r->z[15] = 0;
     r->z[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -57729,15 +58826,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_521));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_521));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -57933,8 +59030,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
         sp_521_mont_sub_17(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -57951,7 +59048,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -58041,8 +59138,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -58097,7 +59193,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -58242,10 +59338,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -58501,8 +59595,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -58557,7 +59650,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -58702,10 +59795,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -58923,10 +60014,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -59003,10 +60092,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -61017,10 +62104,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -61095,10 +62180,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -61202,6 +62285,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -61219,6 +62303,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -61297,12 +62386,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -61462,10 +62548,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -61995,7 +63079,11 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x40\n\t"
         "\n"
-    "L_sp_521_sub_in_pkace_17_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_sub_in_pkace_17_word:\n\t"
+#else
+    "L_sp_521_sub_in_pkace_17_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -62006,10 +63094,12 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_521_sub_in_pkace_17_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_521_sub_in_pkace_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_521_sub_in_pkace_17_word\n\t"
 #else
-        "BNE.N	L_sp_521_sub_in_pkace_17_word%=\n\t"
+        "BNE.N	L_sp_521_sub_in_pkace_17_word_%=\n\t"
 #endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2}\n\t"
@@ -62111,7 +63201,11 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
-    "L_sp_521_mul_d_17_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_mul_d_17_word:\n\t"
+#else
+    "L_sp_521_mul_d_17_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -62124,10 +63218,12 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x44\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_521_mul_d_17_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_521_mul_d_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_521_mul_d_17_word\n\t"
 #else
-        "BLT.N	L_sp_521_mul_d_17_word%=\n\t"
+        "BLT.N	L_sp_521_mul_d_17_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #68]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -62350,7 +63446,11 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
-    "L_div_521_word_17_bit%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_div_521_word_17_bit:\n\t"
+#else
+    "L_div_521_word_17_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -62360,7 +63460,13 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_521_word_17_bit%=\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_521_word_17_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_521_word_17_bit\n\t"
+#else
+        "BPL.N	L_div_521_word_17_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -63055,7 +64161,11 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x40\n\t"
         "\n"
-    "L_sp_521_sub_17_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_sub_17_word:\n\t"
+#else
+    "L_sp_521_sub_17_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -63066,10 +64176,12 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_521_sub_17_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_521_sub_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_521_sub_17_word\n\t"
 #else
-        "BNE.N	L_sp_521_sub_17_word%=\n\t"
+        "BNE.N	L_sp_521_sub_17_word_%=\n\t"
 #endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3}\n\t"
@@ -63166,10 +64278,12 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m
     __asm__ __volatile__ (
         "LDM	%[a]!, {r4}\n\t"
         "ANDS	r3, r4, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_div2_mod_17_even%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_div2_mod_17_even_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_div2_mod_17_even\n\t"
 #else
-        "BEQ.N	L_sp_521_div2_mod_17_even%=\n\t"
+        "BEQ.N	L_sp_521_div2_mod_17_even_%=\n\t"
 #endif
         "MOV	r12, #0x0\n\t"
         "LDM	%[a]!, {r5, r6, r7}\n\t"
@@ -63205,13 +64319,19 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m
         "ADCS	r4, r4, r8\n\t"
         "STM	%[r]!, {r4}\n\t"
         "ADC	r3, r12, r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_div2_mod_17_div2%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_div2_mod_17_div2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_div2_mod_17_div2\n\t"
 #else
-        "B.N	L_sp_521_div2_mod_17_div2%=\n\t"
+        "B.N	L_sp_521_div2_mod_17_div2_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_div2_mod_17_even%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_div2_mod_17_even:\n\t"
+#else
+    "L_sp_521_div2_mod_17_even_%=:\n\t"
+#endif
         "LDM	%[a]!, {r5, r6, r7}\n\t"
         "STM	%[r]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
@@ -63223,7 +64343,11 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m
         "LDM	%[a]!, {r4}\n\t"
         "STM	%[r]!, {r4}\n\t"
         "\n"
-    "L_sp_521_div2_mod_17_div2%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_div2_mod_17_div2:\n\t"
+#else
+    "L_sp_521_div2_mod_17_div2_%=:\n\t"
+#endif
         "SUB	%[r], %[r], #0x44\n\t"
         "LDRD	r8, r9, [%[r]]\n\t"
         "LSR	r8, r8, #1\n\t"
@@ -63311,282 +64435,414 @@ static int sp_521_num_bits_17(const sp_digit* a)
     __asm__ __volatile__ (
         "LDR	r1, [%[a], #64]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_16%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_16_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_16\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_16%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_16_%=\n\t"
 #endif
         "MOV	r2, #0x220\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_16%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_16:\n\t"
+#else
+    "L_sp_521_num_bits_17_16_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #60]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_15%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_15_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_15\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_15%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_15_%=\n\t"
 #endif
         "MOV	r2, #0x200\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_15%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_15:\n\t"
+#else
+    "L_sp_521_num_bits_17_15_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #56]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_14%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_14_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_14\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_14%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_14_%=\n\t"
 #endif
         "MOV	r2, #0x1e0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_14%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_14:\n\t"
+#else
+    "L_sp_521_num_bits_17_14_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #52]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_13%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_13\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_13%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_13_%=\n\t"
 #endif
         "MOV	r2, #0x1c0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_13%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_13:\n\t"
+#else
+    "L_sp_521_num_bits_17_13_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #48]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_12%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_12_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_12\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_12%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_12_%=\n\t"
 #endif
         "MOV	r2, #0x1a0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_12%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_12:\n\t"
+#else
+    "L_sp_521_num_bits_17_12_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #44]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_11%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_11_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_11\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_11%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_11_%=\n\t"
 #endif
         "MOV	r2, #0x180\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_11%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_11:\n\t"
+#else
+    "L_sp_521_num_bits_17_11_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #40]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_10%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_10_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_10\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_10%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_10_%=\n\t"
 #endif
         "MOV	r2, #0x160\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_10%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_10:\n\t"
+#else
+    "L_sp_521_num_bits_17_10_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #36]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_9%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_9\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_9%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_9_%=\n\t"
 #endif
         "MOV	r2, #0x140\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_9%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_9:\n\t"
+#else
+    "L_sp_521_num_bits_17_9_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #32]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_8%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_8\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_8%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_8_%=\n\t"
 #endif
         "MOV	r2, #0x120\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_8%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_8:\n\t"
+#else
+    "L_sp_521_num_bits_17_8_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #28]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_7%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_7\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_7%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_7_%=\n\t"
 #endif
         "MOV	r2, #0x100\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_7%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_7:\n\t"
+#else
+    "L_sp_521_num_bits_17_7_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #24]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_6%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_6\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_6%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_6_%=\n\t"
 #endif
         "MOV	r2, #0xe0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_6%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_6:\n\t"
+#else
+    "L_sp_521_num_bits_17_6_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #20]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_5%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_5\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_5%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_5_%=\n\t"
 #endif
         "MOV	r2, #0xc0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_5%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_5:\n\t"
+#else
+    "L_sp_521_num_bits_17_5_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #16]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_4%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_4\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_4%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_4_%=\n\t"
 #endif
         "MOV	r2, #0xa0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_4%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_4:\n\t"
+#else
+    "L_sp_521_num_bits_17_4_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #12]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_3%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_3\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_3%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_3_%=\n\t"
 #endif
         "MOV	r2, #0x80\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_3%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_3:\n\t"
+#else
+    "L_sp_521_num_bits_17_3_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #8]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_2%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_2\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_2%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_2_%=\n\t"
 #endif
         "MOV	r2, #0x60\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_2%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_2:\n\t"
+#else
+    "L_sp_521_num_bits_17_2_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #4]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_1%=\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_sp_521_num_bits_17_1\n\t"
 #else
-        "BEQ.N	L_sp_521_num_bits_17_1%=\n\t"
+        "BEQ.N	L_sp_521_num_bits_17_1_%=\n\t"
 #endif
         "MOV	r2, #0x40\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18%=\n\t"
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_sp_521_num_bits_17_18\n\t"
 #else
-        "B.N	L_sp_521_num_bits_17_18%=\n\t"
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
-    "L_sp_521_num_bits_17_1%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_1:\n\t"
+#else
+    "L_sp_521_num_bits_17_1_%=:\n\t"
+#endif
         "LDR	r1, [%[a]]\n\t"
         "MOV	r2, #0x20\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
         "\n"
-    "L_sp_521_num_bits_17_18%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_521_num_bits_17_18:\n\t"
+#else
+    "L_sp_521_num_bits_17_18_%=:\n\t"
+#endif
         "MOV	%[a], r4\n\t"
         : [a] "+r" (a)
         :
@@ -63891,10 +65147,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64104,8 +65358,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64144,8 +65397,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64253,10 +65505,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64335,10 +65585,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64403,10 +65651,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64467,10 +65713,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64520,8 +65764,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64586,8 +65829,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -67981,13 +69223,21 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_1024_mul_32_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_mul_32_outer:\n\t"
+#else
+    "L_sp_1024_mul_32_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x7c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_1024_mul_32_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_mul_32_inner:\n\t"
+#else
+    "L_sp_1024_mul_32_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -68003,15 +69253,19 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_1024_mul_32_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_1024_mul_32_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_1024_mul_32_inner_done\n\t"
 #else
-        "BGT.N	L_sp_1024_mul_32_inner_done%=\n\t"
+        "BGT.N	L_sp_1024_mul_32_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_1024_mul_32_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_mul_32_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_1024_mul_32_inner\n\t"
 #else
-        "BLT.N	L_sp_1024_mul_32_inner%=\n\t"
+        "BLT.N	L_sp_1024_mul_32_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -68020,17 +69274,23 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_1024_mul_32_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_mul_32_inner_done:\n\t"
+#else
+    "L_sp_1024_mul_32_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0xf4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_1024_mul_32_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_1024_mul_32_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_1024_mul_32_outer\n\t"
 #else
-        "BLE.N	L_sp_1024_mul_32_outer%=\n\t"
+        "BLE.N	L_sp_1024_mul_32_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #124]\n\t"
         "LDR	r11, [%[b], #124]\n\t"
@@ -68039,14 +69299,20 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_1024_mul_32_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_mul_32_store:\n\t"
+#else
+    "L_sp_1024_mul_32_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_1024_mul_32_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_1024_mul_32_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_1024_mul_32_store\n\t"
 #else
-        "BGT.N	L_sp_1024_mul_32_store%=\n\t"
+        "BGT.N	L_sp_1024_mul_32_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -68079,13 +69345,21 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
-    "L_sp_1024_sqr_32_outer%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_sqr_32_outer:\n\t"
+#else
+    "L_sp_1024_sqr_32_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x7c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
-    "L_sp_1024_sqr_32_inner%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_sqr_32_inner:\n\t"
+#else
+    "L_sp_1024_sqr_32_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -68098,15 +69372,19 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_1024_sqr_32_inner_done%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_1024_sqr_32_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_1024_sqr_32_inner_done\n\t"
 #else
-        "BGT.N	L_sp_1024_sqr_32_inner_done%=\n\t"
+        "BGT.N	L_sp_1024_sqr_32_inner_done_%=\n\t"
 #endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_1024_sqr_32_inner%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_sqr_32_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_1024_sqr_32_inner\n\t"
 #else
-        "BLT.N	L_sp_1024_sqr_32_inner%=\n\t"
+        "BLT.N	L_sp_1024_sqr_32_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -68114,17 +69392,23 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
-    "L_sp_1024_sqr_32_inner_done%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_sqr_32_inner_done:\n\t"
+#else
+    "L_sp_1024_sqr_32_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0xf4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_1024_sqr_32_outer%=\n\t"
+#if defined(__GNUC__)
+        "BLE	L_sp_1024_sqr_32_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLE.N	L_sp_1024_sqr_32_outer\n\t"
 #else
-        "BLE.N	L_sp_1024_sqr_32_outer%=\n\t"
+        "BLE.N	L_sp_1024_sqr_32_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #124]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -68132,14 +69416,20 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
-    "L_sp_1024_sqr_32_store%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_sqr_32_store:\n\t"
+#else
+    "L_sp_1024_sqr_32_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_1024_sqr_32_store%=\n\t"
+#if defined(__GNUC__)
+        "BGT	L_sp_1024_sqr_32_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_sp_1024_sqr_32_store\n\t"
 #else
-        "BGT.N	L_sp_1024_sqr_32_store%=\n\t"
+        "BGT.N	L_sp_1024_sqr_32_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -68254,7 +69544,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x80\n\t"
         "\n"
-    "L_sp_1024_sub_in_pkace_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_sub_in_pkace_32_word:\n\t"
+#else
+    "L_sp_1024_sub_in_pkace_32_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -68265,10 +69559,12 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_1024_sub_in_pkace_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_1024_sub_in_pkace_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_1024_sub_in_pkace_32_word\n\t"
 #else
-        "BNE.N	L_sp_1024_sub_in_pkace_32_word%=\n\t"
+        "BNE.N	L_sp_1024_sub_in_pkace_32_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
@@ -68306,7 +69602,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
-    "L_sp_1024_cond_sub_32_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_cond_sub_32_words:\n\t"
+#else
+    "L_sp_1024_cond_sub_32_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -68316,10 +69616,12 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_1024_cond_sub_32_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_cond_sub_32_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_1024_cond_sub_32_words\n\t"
 #else
-        "BLT.N	L_sp_1024_cond_sub_32_words%=\n\t"
+        "BLT.N	L_sp_1024_cond_sub_32_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -68497,7 +69799,11 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x80\n\t"
         "\n"
-    "L_sp_1024_add_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_add_32_word:\n\t"
+#else
+    "L_sp_1024_add_32_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -68509,10 +69815,12 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_1024_add_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sp_1024_add_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_sp_1024_add_32_word\n\t"
 #else
-        "BNE.N	L_sp_1024_add_32_word%=\n\t"
+        "BNE.N	L_sp_1024_add_32_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -68551,7 +69859,11 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
-    "L_sp_1024_mul_d_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_mul_d_32_word:\n\t"
+#else
+    "L_sp_1024_mul_d_32_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -68564,10 +69876,12 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_1024_mul_d_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_mul_d_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_1024_mul_d_32_word\n\t"
 #else
-        "BLT.N	L_sp_1024_mul_d_32_word%=\n\t"
+        "BLT.N	L_sp_1024_mul_d_32_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #128]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -68865,7 +70179,11 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
-    "L_div_1024_word_32_bit%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_div_1024_word_32_bit:\n\t"
+#else
+    "L_div_1024_word_32_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -68875,7 +70193,13 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_1024_word_32_bit%=\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_1024_word_32_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_1024_word_32_bit\n\t"
+#else
+        "BPL.N	L_div_1024_word_32_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -68957,7 +70281,11 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x7c\n\t"
         "\n"
-    "L_sp_1024_cmp_32_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_cmp_32_words:\n\t"
+#else
+    "L_sp_1024_cmp_32_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -68970,7 +70298,11 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
-        "bcs	L_sp_1024_cmp_32_words%=\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "bcs	L_sp_1024_cmp_32_words\n\t"
+#else
+        "bcs	L_sp_1024_cmp_32_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #124]\n\t"
@@ -69451,16 +70783,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -69690,7 +71022,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
-    "L_sp_1024_mont_reduce_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_1024_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -69952,10 +71288,12 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x80\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_1024_mont_reduce_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_1024_mont_reduce_32_word\n\t"
 #else
-        "BLT.W	L_sp_1024_mont_reduce_32_word%=\n\t"
+        "BLT.W	L_sp_1024_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -70002,7 +71340,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
-    "L_sp_1024_mont_reduce_32_word%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_1024_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -70169,10 +71511,12 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x80\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_1024_mont_reduce_32_word%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.W	L_sp_1024_mont_reduce_32_word\n\t"
 #else
-        "BLT.W	L_sp_1024_mont_reduce_32_word%=\n\t"
+        "BLT.W	L_sp_1024_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -70315,7 +71659,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_32(r->x, p1024_mod);
-    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->x);
 
     /* y /= z^3 */
@@ -70324,7 +71668,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_32(r->y, p1024_mod);
-    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -71187,7 +72531,11 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r8, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
-    "L_sp_1024_cond_add_32_words%=:\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sp_1024_cond_add_32_words:\n\t"
+#else
+    "L_sp_1024_cond_add_32_words_%=:\n\t"
+#endif
         "ADDS	r5, r5, #0xffffffff\n\t"
         "LDR	r6, [%[a], r4]\n\t"
         "LDR	r7, [%[b], r4]\n\t"
@@ -71197,10 +72545,12 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r4]\n\t"
         "ADD	r4, r4, #0x4\n\t"
         "CMP	r4, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_1024_cond_add_32_words%=\n\t"
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_cond_add_32_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_sp_1024_cond_add_32_words\n\t"
 #else
-        "BLT.N	L_sp_1024_cond_add_32_words%=\n\t"
+        "BLT.N	L_sp_1024_cond_add_32_words_%=\n\t"
 #endif
         "MOV	%[r], r5\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
@@ -71816,8 +73166,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -71834,7 +73184,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -72008,8 +73358,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -72026,7 +73376,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -72367,8 +73717,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -72385,7 +73735,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -72475,8 +73825,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -72575,10 +73924,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -72834,8 +74181,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -72934,10 +74280,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -73155,10 +74499,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76793,10 +78135,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76871,10 +78211,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76908,7 +78246,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -76939,10 +78277,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76968,7 +78304,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -77035,10 +78371,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -77185,9 +78519,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -79083,9 +80415,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -79453,9 +80783,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -79880,9 +81208,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -79912,7 +81238,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -80141,7 +81467,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -80248,9 +81574,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(neg, 1, NULL);
     sp_1024_point_free_32(c, 1, NULL);
@@ -80443,9 +81767,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -80538,7 +81860,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_32(t1, p1024_mod);
-        sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
+        sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31));
         sp_1024_norm_32(t1);
         if (!sp_1024_iszero_32(t1)) {
             err = MP_VAL;
@@ -80546,8 +81868,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -80586,8 +81907,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -80695,10 +82015,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_dsp32.c b/wolfcrypt/src/sp_dsp32.c
index d3b1745df5..f14e1ab37f 100644
--- a/wolfcrypt/src/sp_dsp32.c
+++ b/wolfcrypt/src/sp_dsp32.c
@@ -1,6 +1,6 @@
 /* sp_cdsp_signed.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -296,9 +296,7 @@ static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -2592,9 +2590,7 @@ static int sp_256_ecc_mulmod_stripe_10(sp_point* r, const sp_point* g,
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (t != NULL) {
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
     sp_ecc_point_free(p, 0, heap);
     sp_ecc_point_free(rt, 0, heap);
@@ -4233,9 +4229,7 @@ static int sp_256_div_10(const sp_digit* a, const sp_digit* d, sp_digit* m,
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4530,8 +4524,7 @@ int wolfSSL_DSP_ECC_Verify_256(remote_handle64 h, int32 *u1, int hashLen, int32*
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (d != NULL)
-        XFREE(d, heap, DYNAMIC_TYPE_ECC);
+    XFREE(d, heap, DYNAMIC_TYPE_ECC);
 #endif
     sp_ecc_point_free(p1, 0, heap);
     sp_ecc_point_free(p2, 0, heap);
@@ -4631,9 +4624,7 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (tmp != NULL) {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
 #endif
     sp_ecc_point_free(q, 0, NULL);
     sp_ecc_point_free(p, 0, NULL);
@@ -4696,9 +4687,7 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (tmp != NULL) {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
 #endif
     sp_ecc_point_free(p, 0, NULL);
 
@@ -4754,9 +4743,7 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (tmp != NULL) {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
 #endif
     sp_ecc_point_free(p, 0, NULL);
 
@@ -4831,9 +4818,7 @@ static int sp_256_mont_sqrt_10(sp_digit* y)
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (d != NULL) {
-        XFREE(d, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(d, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -4906,9 +4891,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (d != NULL) {
-        XFREE(d, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(d, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index 3a6884a337..bb73fea2ab 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -1,6 +1,6 @@
 /* sp_int.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,6 +31,7 @@ This library provides single precision (SP) integer math functions.
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
 
@@ -167,7 +168,7 @@ This library provides single precision (SP) integer math functions.
     do {                                                                       \
         ALLOC_SP_INT(n, s, err, h);                                            \
         if ((err) == MP_OKAY) {                                                \
-            (n)->size = (s);                                                   \
+            (n)->size = (sp_size_t)(s);                                        \
         }                                                                      \
     }                                                                          \
     while (0)
@@ -186,7 +187,7 @@ This library provides single precision (SP) integer math functions.
     do {                                                                       \
         ALLOC_SP_INT(n, s, err, h);                                            \
         if ((err) == MP_OKAY) {                                                \
-            (n)->size = (unsigned int)(s);                                     \
+            (n)->size = (sp_size_t)(s);                                        \
         }                                                                      \
     }                                                                          \
     while (0)
@@ -210,9 +211,10 @@ This library provides single precision (SP) integer math functions.
 
 
 /* Declare a variable that will be assigned a value on XMALLOC. */
-#define DECL_DYN_SP_INT_ARRAY(n, s, c)  \
-    sp_int* n##d = NULL;            \
-    sp_int* (n)[c] = { NULL, }
+#define DECL_DYN_SP_INT_ARRAY(n, s, c)               \
+    sp_int* n##d = NULL;                             \
+    sp_int* (n)[c];                                  \
+    void *n ## _dummy_var = XMEMSET(n, 0, sizeof(n))
 
 /* DECL_SP_INT_ARRAY: Declare array of 'sp_int'. */
 #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
@@ -220,19 +222,17 @@ This library provides single precision (SP) integer math functions.
     /* Declare a variable that will be assigned a value on XMALLOC. */
     #define DECL_SP_INT_ARRAY(n, s, c)  \
         DECL_DYN_SP_INT_ARRAY(n, s, c)
-#else
-    #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
         !defined(WOLFSSL_SP_NO_DYN_STACK)
-        /* Declare a variable on the stack with the required data size. */
-        #define DECL_SP_INT_ARRAY(n, s, c)          \
-            byte    n##d[MP_INT_SIZEOF(s) * (c)];   \
-            sp_int* (n)[c] = { NULL, }
-    #else
-        /* Declare a variable on the stack. */
-        #define DECL_SP_INT_ARRAY(n, s, c)      \
-            sp_int n##d[c];                     \
-            sp_int* (n)[c]
-    #endif
+    /* Declare a variable on the stack with the required data size. */
+    #define DECL_SP_INT_ARRAY(n, s, c)          \
+        byte    n##d[MP_INT_SIZEOF(s) * (c)];   \
+        sp_int* (n)[c] = { NULL, }
+#else
+    /* Declare a variable on the stack. */
+    #define DECL_SP_INT_ARRAY(n, s, c)      \
+        sp_int n##d[c];                     \
+        sp_int* (n)[c]
 #endif
 
 /* Dynamically allocate just enough data to support multiple sp_ints of the
@@ -240,6 +240,7 @@ This library provides single precision (SP) integer math functions.
  */
 #define ALLOC_DYN_SP_INT_ARRAY(n, s, c, err, h)                                \
 do {                                                                           \
+    (void)n ## _dummy_var;                                                     \
     if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                         \
         (err) = MP_VAL;                                                        \
     }                                                                          \
@@ -252,10 +253,10 @@ do {                                                                           \
         else {                                                                 \
             int n##ii;                                                         \
             (n)[0] = n##d;                                                     \
-            (n)[0]->size = (s);                                                \
+            (n)[0]->size = (sp_size_t)(s);                                     \
             for (n##ii = 1; n##ii < (int)(c); n##ii++) {                       \
                 (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                     \
-                (n)[n##ii]->size = (s);                                        \
+                (n)[n##ii]->size = (sp_size_t)(s);                             \
             }                                                                  \
         }                                                                      \
     }                                                                          \
@@ -267,47 +268,45 @@ while (0)
     !defined(WOLFSSL_SP_NO_MALLOC)
     #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \
         ALLOC_DYN_SP_INT_ARRAY(n, s, c, err, h)
-#else
-    #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
         !defined(WOLFSSL_SP_NO_DYN_STACK)
-        /* Data declared on stack that supports multiple sp_ints of the
-         * required size. Use pointers into data to make up array and set sizes.
-         */
-        #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                            \
-        do {                                                                   \
-            if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                 \
-                (err) = MP_VAL;                                                \
-            }                                                                  \
-            if ((err) == MP_OKAY) {                                            \
-                int n##ii;                                                     \
-                (n)[0] = (sp_int*)n##d;                                        \
-                ((sp_int_minimal*)(n)[0])->size = (s);                         \
-                for (n##ii = 1; n##ii < (int)(c); n##ii++) {                   \
-                    (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                 \
-                    ((sp_int_minimal*)(n)[n##ii])->size = (s);                 \
-                }                                                              \
-            }                                                                  \
+    /* Data declared on stack that supports multiple sp_ints of the
+     * required size. Use pointers into data to make up array and set sizes.
+     */
+    #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                                \
+    do {                                                                       \
+        if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                     \
+            (err) = MP_VAL;                                                    \
         }                                                                      \
-        while (0)
-    #else
-        /* Data declared on stack that supports multiple sp_ints of the
-         * required size. Set into array and set sizes.
-         */
-        #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                            \
-        do {                                                                   \
-            if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                 \
-                (err) = MP_VAL;                                                \
+        if ((err) == MP_OKAY) {                                                \
+            int n##ii;                                                         \
+            (n)[0] = (sp_int*)n##d;                                            \
+            ((sp_int_minimal*)(n)[0])->size = (sp_size_t)(s);                  \
+            for (n##ii = 1; n##ii < (int)(c); n##ii++) {                       \
+                (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                     \
+                ((sp_int_minimal*)(n)[n##ii])->size = (sp_size_t)(s);          \
             }                                                                  \
-            if ((err) == MP_OKAY) {                                            \
-                int n##ii;                                                     \
-                for (n##ii = 0; n##ii < (int)(c); n##ii++) {                   \
-                    (n)[n##ii] = &n##d[n##ii];                                 \
-                    (n)[n##ii]->size = (s);                                    \
-                }                                                              \
+        }                                                                      \
+    }                                                                          \
+    while (0)
+#else
+    /* Data declared on stack that supports multiple sp_ints of the
+     * required size. Set into array and set sizes.
+     */
+    #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                                \
+    do {                                                                       \
+        if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                     \
+            (err) = MP_VAL;                                                    \
+        }                                                                      \
+        if ((err) == MP_OKAY) {                                                \
+            int n##ii;                                                         \
+            for (n##ii = 0; n##ii < (int)(c); n##ii++) {                       \
+                (n)[n##ii] = &n##d[n##ii];                                     \
+                (n)[n##ii]->size = (sp_size_t)(s);                             \
             }                                                                  \
         }                                                                      \
-        while (0)
-    #endif
+    }                                                                          \
+    while (0)
 #endif
 
 /* Free data variable that was dynamically allocated. */
@@ -3474,6 +3473,156 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
  * CPU: PPC64
  */
 
+    #ifdef __APPLE__
+
+/* Multiply va by vb and store double size result in: vh | vl */
+#define SP_ASM_MUL(vl, vh, va, vb)                       \
+    __asm__ __volatile__ (                               \
+        "mulld	%[l], %[a], %[b]	\n\t"            \
+        "mulhdu	%[h], %[a], %[b]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "memory"                                       \
+    )
+/* Multiply va by vb and store double size result in: vo | vh | vl */
+#define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mulhdu	%[h], %[a], %[b]	\n\t"            \
+        "mulld	%[l], %[a], %[b]	\n\t"            \
+        "li	%[o], 0			\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        :                                                \
+    )
+/* Multiply va by vb and add double size result into: vo | vh | vl */
+#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result into: vh | vl */
+#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb)                \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl */
+#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl
+ * Assumes first add will not overflow vh | vl
+ */
+#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb)           \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and store double size result in: vh | vl */
+#define SP_ASM_SQR(vl, vh, va)                           \
+    __asm__ __volatile__ (                               \
+        "mulld	%[l], %[a], %[a]	\n\t"            \
+        "mulhdu	%[h], %[a], %[a]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va)                                   \
+        : "memory"                                       \
+    )
+/* Square va and add double size result into: vo | vh | vl */
+#define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[a]		\n\t"            \
+        "mulhdu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and add double size result into: vh | vl */
+#define SP_ASM_SQR_ADD_NO(vl, vh, va)                    \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[a]		\n\t"            \
+        "mulhdu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Add va into: vh | vl */
+#define SP_ASM_ADDC(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "addze	%[h], %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "cc"                                           \
+    )
+/* Sub va from: vh | vl */
+#define SP_ASM_SUBB(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "subfc	%[l], %[a], %[l]	\n\t"            \
+        "li    r16, 0			\n\t"            \
+        "subfe %[h], r16, %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "cc"                                    \
+    )
+/* Add two times vc | vb | va into vo | vh | vl */
+#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc)         \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb), [c] "r" (vc)       \
+        : "cc"                                           \
+    )
+/* Count leading zeros. */
+#define SP_ASM_LZCNT(va, vn)                             \
+    __asm__ __volatile__ (                               \
+        "cntlzd	%[n], %[a]	\n\t"                    \
+        : [n] "=r" (vn)                                  \
+        : [a] "r" (va)                                   \
+        :                                                \
+    )
+
+    #else  /* !defined(__APPLE__) */
+
 /* Multiply va by vb and store double size result in: vh | vl */
 #define SP_ASM_MUL(vl, vh, va, vb)                       \
     __asm__ __volatile__ (                               \
@@ -3620,6 +3769,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         :                                                \
     )
 
+    #endif /* !defined(__APPLE__) */
+
 #define SP_INT_ASM_AVAILABLE
 
     #endif /* WOLFSSL_SP_PPC64 && SP_WORD_SIZE == 64 */
@@ -3629,6 +3780,154 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
  * CPU: PPC 32-bit
  */
 
+    #ifdef __APPLE__
+
+/* Multiply va by vb and store double size result in: vh | vl */
+#define SP_ASM_MUL(vl, vh, va, vb)                       \
+    __asm__ __volatile__ (                               \
+        "mullw	%[l], %[a], %[b]	\n\t"            \
+        "mulhwu	%[h], %[a], %[b]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "memory"                                       \
+    )
+/* Multiply va by vb and store double size result in: vo | vh | vl */
+#define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mulhwu	%[h], %[a], %[b]	\n\t"            \
+        "mullw	%[l], %[a], %[b]	\n\t"            \
+        "li	%[o], 0			\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+    )
+/* Multiply va by vb and add double size result into: vo | vh | vl */
+#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result into: vh | vl */
+#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb)                \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl */
+#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl
+ * Assumes first add will not overflow vh | vl
+ */
+#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb)           \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and store double size result in: vh | vl */
+#define SP_ASM_SQR(vl, vh, va)                           \
+    __asm__ __volatile__ (                               \
+        "mullw	%[l], %[a], %[a]	\n\t"            \
+        "mulhwu	%[h], %[a], %[a]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va)                                   \
+        : "memory"                                       \
+    )
+/* Square va and add double size result into: vo | vh | vl */
+#define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[a]		\n\t"            \
+        "mulhwu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and add double size result into: vh | vl */
+#define SP_ASM_SQR_ADD_NO(vl, vh, va)                    \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[a]		\n\t"            \
+        "mulhwu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Add va into: vh | vl */
+#define SP_ASM_ADDC(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "addze	%[h], %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "cc"                                           \
+    )
+/* Sub va from: vh | vl */
+#define SP_ASM_SUBB(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "subfc	%[l], %[a], %[l]	\n\t"            \
+        "li	r16, 0			\n\t"            \
+        "subfe	%[h], r16, %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "cc"                                    \
+    )
+/* Add two times vc | vb | va into vo | vh | vl */
+#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc)         \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb), [c] "r" (vc)       \
+        : "cc"                                           \
+    )
+/* Count leading zeros. */
+#define SP_ASM_LZCNT(va, vn)                             \
+    __asm__ __volatile__ (                               \
+        "cntlzw	%[n], %[a]	\n\t"                    \
+        : [n] "=r" (vn)                                  \
+        : [a] "r" (va)                                   \
+    )
+
+    #else /* !defined(__APPLE__) */
+
 /* Multiply va by vb and store double size result in: vh | vl */
 #define SP_ASM_MUL(vl, vh, va, vb)                       \
     __asm__ __volatile__ (                               \
@@ -3773,6 +4072,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         : [a] "r" (va)                                   \
     )
 
+    #endif /* !defined(__APPLE__) */
+
 #define SP_INT_ASM_AVAILABLE
 
     #endif /* WOLFSSL_SP_PPC && SP_WORD_SIZE == 64 */
@@ -4859,7 +5160,7 @@ static void _sp_init_size(sp_int* a, unsigned int size)
 #endif
     _sp_zero((sp_int*)am);
 
-    a->size = size;
+    a->size = (sp_size_t)size;
 }
 
 /* Initialize the multi-precision number to be zero with a given max size.
@@ -5214,8 +5515,8 @@ int sp_exch(sp_int* a, sp_int* b)
         ALLOC_SP_INT(t, a->used, err, NULL);
         if (err == MP_OKAY) {
             /* Cache allocated size of a and b. */
-            unsigned int asize = a->size;
-            unsigned int bsize = b->size;
+            sp_size_t asize = a->size;
+            sp_size_t bsize = b->size;
             /* Copy all of SP int: t <- a, a <- b, b <- t. */
             XMEMCPY(t, a, MP_INT_SIZEOF(a->used));
             XMEMCPY(a, b, MP_INT_SIZEOF(b->used));
@@ -5251,9 +5552,9 @@ int sp_cond_swap_ct_ex(sp_int* a, sp_int* b, int cnt, int swap, sp_int* t)
     sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap;
 
     /* XOR other fields in sp_int into temp - mask set when swapping. */
-    t->used = (a->used ^ b->used) & (unsigned int)mask;
+    t->used = (a->used ^ b->used) & (sp_size_t)mask;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    t->sign = (a->sign ^ b->sign) & (unsigned int)mask;
+    t->sign = (a->sign ^ b->sign) & (sp_uint8)mask;
 #endif
 
     /* XOR requested words into temp - mask set when swapping. */
@@ -5719,7 +6020,7 @@ int sp_cnt_lsb(const sp_int* a)
         unsigned int j;
 
         /* Count least significant words that are zero. */
-        for (i = 0; i < a->used && a->dp[i] == 0; i++, bc += SP_WORD_SIZE) {
+        for (i = 0; (i < a->used) && (a->dp[i] == 0); i++, bc += SP_WORD_SIZE) {
         }
 
         /* Use 4-bit table to get count. */
@@ -5790,7 +6091,7 @@ int sp_set_bit(sp_int* a, int i)
 {
     int err = MP_OKAY;
     /* Get index of word to set. */
-    unsigned int w = (unsigned int)(i >> SP_WORD_SHIFT);
+    sp_size_t w = (sp_size_t)(i >> SP_WORD_SHIFT);
 
     /* Check for valid number and and space for bit. */
     if ((a == NULL) || (i < 0) || (w >= a->size)) {
@@ -6326,7 +6627,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o)
         }
     }
     /* Update number of words in result. */
-    r->used = o;
+    r->used = (sp_size_t)o;
     /* In case n is zero. */
     sp_clamp(r);
 
@@ -7057,7 +7358,7 @@ static void _sp_div_2(const sp_int* a, sp_int* r)
     /* Last word only needs to be shifted down. */
     r->dp[i] = a->dp[i] >> 1;
     /* Set used to be all words seen. */
-    r->used = (unsigned int)i + 1;
+    r->used = (sp_size_t)i + 1;
     /* Remove leading zeros. */
     sp_clamp(r);
 #ifdef WOLFSSL_SP_INT_NEGATIVE
@@ -7133,7 +7434,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
     #endif
         /* Mask to apply to modulus. */
         sp_int_digit mask = (sp_int_digit)0 - (a->dp[0] & 1);
-        unsigned int i;
+        sp_size_t i;
 
     #if 0
         sp_print(a, "a");
@@ -7208,7 +7509,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
  */
 static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o)
 {
-    unsigned int i = 0;
+    sp_size_t i = 0;
 #ifndef SQR_MUL_ASM
     sp_int_word t = 0;
 #else
@@ -7329,10 +7630,10 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o)
     /* Put in carry. */
 #ifndef SQR_MUL_ASM
     r->dp[i] = (sp_int_digit)t;
-    r->used += (t != 0);
+    r->used = (sp_size_t)(r->used + (sp_size_t)(t != 0));
 #else
     r->dp[i] = l;
-    r->used += (l != 0);
+    r->used = (sp_size_t)(r->used + (sp_size_t)(l != 0));
 #endif
 
     /* Remove leading zeros. */
@@ -7356,8 +7657,8 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o)
 static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r,
     unsigned int o)
 {
-    unsigned int i = 0;
-    unsigned int j;
+    sp_size_t i = 0;
+    sp_size_t j;
 #ifndef SQR_MUL_ASM
     sp_int_sword t = 0;
 #else
@@ -7372,7 +7673,7 @@ static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r,
         }
     }
     else {
-        i = o;
+        i = (sp_size_t)o;
     }
     /* Index to add at is the offset now. */
 
@@ -7566,7 +7867,7 @@ static int _sp_addmod(const sp_int* a, const sp_int* b, const sp_int* m,
 {
     int err = MP_OKAY;
     /* Calculate used based on digits used in a and b. */
-    unsigned int used = ((a->used >= b->used) ? a->used + 1 : b->used + 1);
+    sp_size_t used = ((a->used >= b->used) ? a->used + 1 : b->used + 1);
     DECL_SP_INT(t, used);
 
     /* Allocate a temporary SP int to hold sum. */
@@ -7687,7 +7988,7 @@ static int _sp_submod(const sp_int* a, const sp_int* b, const sp_int* m,
 
     FREE_SP_INT_ARRAY(t, NULL);
 #else /* WOLFSSL_SP_INT_NEGATIVE */
-    unsigned int used = ((a->used >= b->used) ? a->used + 1 : b->used + 1);
+    sp_size_t used = ((a->used >= b->used) ? a->used + 1 : b->used + 1);
     DECL_SP_INT(t, used);
 
     ALLOC_SP_INT_SIZE(t, used, err, NULL);
@@ -7763,12 +8064,12 @@ int sp_submod(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
 static void sp_clamp_ct(sp_int* a)
 {
     int i;
-    unsigned int used = a->used;
-    unsigned int mask = (unsigned int)-1;
+    sp_size_t used = a->used;
+    sp_size_t mask = (sp_size_t)-1;
 
     for (i = (int)a->used - 1; i >= 0; i--) {
-        used -= ((unsigned int)(a->dp[i] == 0)) & mask;
-        mask &= (unsigned int)0 - (a->dp[i] == 0);
+        used = (sp_size_t)(used - ((a->dp[i] == 0) & mask));
+        mask &= (sp_size_t)(0 - (a->dp[i] == 0));
     }
     a->used = used;
 }
@@ -7804,7 +8105,7 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
     sp_int_digit mask;
     sp_int_digit mask_a = (sp_int_digit)-1;
     sp_int_digit mask_b = (sp_int_digit)-1;
-    unsigned int i;
+    sp_size_t i;
 
     /* Check result is as big as modulus. */
     if (m->used > r->size) {
@@ -8041,7 +8342,7 @@ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
     }
     /* Result will always have digits equal to or less than those in
      * modulus. */
-    r->used = i;
+    r->used = (sp_size_t)i;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
     r->sign = MP_ZPOS;
 #endif /* WOLFSSL_SP_INT_NEGATIVE */
@@ -8150,7 +8451,7 @@ int sp_lshd(sp_int* a, int s)
         /* Back fill with zeros. */
         XMEMSET(a->dp, 0, (size_t)s * SP_WORD_SIZEOF);
         /* Update used. */
-        a->used += (unsigned int)s;
+        a->used += (sp_size_t)s;
         /* Remove leading zeros. */
         sp_clamp(a);
     }
@@ -8179,7 +8480,7 @@ static int sp_lshb(sp_int* a, int n)
 
     if (a->used != 0) {
         /* Calculate number of digits to shift. */
-        unsigned int s = (unsigned int)n >> SP_WORD_SHIFT;
+        sp_size_t s = (sp_size_t)n >> SP_WORD_SHIFT;
 
         /* Ensure number has enough digits for result. */
         if (a->used + s >= a->size) {
@@ -8237,14 +8538,14 @@ void sp_rshd(sp_int* a, int c)
     /* Do shift if we have an SP int. */
     if ((a != NULL) && (c > 0)) {
         /* Make zero if shift removes all digits. */
-        if ((unsigned int)c >= a->used) {
+        if ((sp_size_t)c >= a->used) {
             _sp_zero(a);
         }
         else {
-            unsigned int i;
+            sp_size_t i;
 
             /* Update used digits count. */
-            a->used -= (unsigned int)c;
+            a->used -= (sp_size_t)c;
             /* Move digits down. */
             for (i = 0; i < a->used; i++, c++) {
                 a->dp[i] = a->dp[c];
@@ -8267,7 +8568,7 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
 {
     int err = MP_OKAY;
     /* Number of digits to shift down. */
-    unsigned int i = (unsigned int)(n >> SP_WORD_SHIFT);
+    sp_size_t i = (sp_size_t)(n >> SP_WORD_SHIFT);
 
     if ((a == NULL) || (n < 0)) {
         err = MP_VAL;
@@ -8281,7 +8582,7 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
         err = MP_VAL;
     }
     else if (err == MP_OKAY) {
-        unsigned int j;
+        sp_size_t j;
 
         /* Number of bits to shift in digits. */
         n &= SP_WORD_SIZE - 1;
@@ -8299,12 +8600,12 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
         }
         else {
             /* Move the bits down starting at least significant digit. */
-            for (j = 0; i < a->used-1; i++, j++)
+            for (j = 0; i < a->used - 1; i++, j++)
                 r->dp[j] = (a->dp[i] >> n) | (a->dp[i+1] << (SP_WORD_SIZE - n));
             /* Most significant digit has no higher digit to pull from. */
             r->dp[j] = a->dp[i] >> n;
             /* Set the count of used digits. */
-            r->used = j + (r->dp[j] > 0);
+            r->used = (sp_size_t)(j + (r->dp[j] > 0));
         }
 #ifdef WOLFSSL_SP_INT_NEGATIVE
         if (sp_iszero(r)) {
@@ -8328,7 +8629,7 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
      !defined(WOLFSSL_RSA_PUBLIC_ONLY))
 static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r)
 {
-    unsigned int i;
+    sp_size_t i;
 
     /* Compare top digits of dividend with those of divisor up to last. */
     for (i = d->used - 1; i > 0; i--) {
@@ -8366,12 +8667,12 @@ static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r)
 static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
 #ifdef WOLFSSL_SP_SMALL
     int c;
 #else
-    unsigned int j;
-    unsigned int o;
+    sp_size_t j;
+    sp_size_t o;
     #ifndef SQR_MUL_ASM
     sp_int_sword sw;
     #else
@@ -8384,7 +8685,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
     sp_int_digit dt;
 
     /* Set result size to clear. */
-    r->used = a->used - d->used + 1;
+    r->used = (sp_size_t)(a->used - d->used + 1);
     /* Set all potentially used digits to zero. */
     for (i = 0; i < r->used; i++) {
         r->dp[i] = 0;
@@ -8557,8 +8858,8 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem,
     sp_int* tr = NULL;
     sp_int* trial = NULL;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int signA = MP_ZPOS;
-    unsigned int signD = MP_ZPOS;
+    sp_uint8 signA = MP_ZPOS;
+    sp_uint8 signD = MP_ZPOS;
 #endif /* WOLFSSL_SP_INT_NEGATIVE */
     /* Intermediates will always be less than or equal to dividend. */
     DECL_SP_INT_ARRAY(td, used, 4);
@@ -8652,7 +8953,7 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem,
         tr    = td[3];
 
         _sp_init_size(sa, used);
-        _sp_init_size(tr, a->used - d->used + 2);
+        _sp_init_size(tr, (unsigned int)(a->used - d->used + 2));
     #endif
         sd    = td[0];
         trial = td[1];
@@ -8933,7 +9234,7 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
         t[0] = h;
         h = 0;
         o = 0;
-        for (k = 1; k <= a->used - 1; k++) {
+        for (k = 1; k <= (unsigned int)a->used - 1; k++) {
             j = (int)k;
             dp = a->dp;
             for (; j >= 0; dp++, j--) {
@@ -8944,8 +9245,8 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
             h = o;
             o = 0;
         }
-        for (; k <= (a->used - 1) * 2; k++) {
-            i = k - (b->used - 1);
+        for (; k <= ((unsigned int)a->used - 1) * 2; k++) {
+            i = k - (sp_size_t)(b->used - 1);
             dp = &b->dp[b->used - 1];
             for (; i < a->used; i++, dp--) {
                 SP_ASM_MUL_ADD(l, h, o, a->dp[i], dp[0]);
@@ -8957,14 +9258,12 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
         }
         r->dp[k] = l;
         XMEMCPY(r->dp, t, a->used * sizeof(sp_int_digit));
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         sp_clamp(r);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -8981,9 +9280,9 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
 static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -9011,7 +9310,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
         t[0] = h;
         h = 0;
         o = 0;
-        for (k = 1; k <= b->used - 1; k++) {
+        for (k = 1; k <= (sp_size_t)(b->used - 1); k++) {
             i = 0;
             j = (int)k;
             for (; (i < a->used) && (j >= 0); i++, j--) {
@@ -9022,9 +9321,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
             h = o;
             o = 0;
         }
-        for (; k <= (a->used - 1) + (b->used - 1); k++) {
+        for (; k <= (sp_size_t)((a->used - 1) + (b->used - 1)); k++) {
             j = (int)(b->used - 1);
-            i = k - (unsigned int)j;
+            i = k - (sp_size_t)j;
             for (; (i < a->used) && (j >= 0); i++, j--) {
                 SP_ASM_MUL_ADD(l, h, o, a->dp[i], b->dp[j]);
             }
@@ -9034,15 +9333,13 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
             o = 0;
         }
         t[k] = l;
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
         sp_clamp(r);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -9059,9 +9356,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -9093,9 +9390,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
     #ifdef SP_WORD_OVERFLOW
         o = 0;
     #endif
-        for (k = 1; k <= (a->used - 1) + (b->used - 1); k++) {
-            i = k - (b->used - 1);
-            i &= (((unsigned int)i >> (sizeof(i) * 8 - 1)) - 1U);
+        for (k = 1; (int)k <= ((int)a->used - 1) + ((int)b->used - 1); k++) {
+            i = k - (sp_size_t)(b->used - 1);
+            i &= (sp_size_t)(((unsigned int)i >> (sizeof(i) * 8 - 1)) - 1U);
             j = (int)(k - i);
             for (; (i < a->used) && (j >= 0); i++, j--) {
                 w = (sp_int_word)a->dp[i] * b->dp[j];
@@ -9118,15 +9415,13 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
         #endif
         }
         t[k] = (sp_int_digit)l;
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
         sp_clamp(r);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -9250,9 +9545,7 @@ static int _sp_mul_4(const sp_int* a, const sp_int* b, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (w != NULL) {
-        XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -10249,9 +10542,7 @@ static int _sp_mul_16(const sp_int* a, const sp_int* b, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -11057,9 +11348,7 @@ static int _sp_mul_24(const sp_int* a, const sp_int* b, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -11747,7 +12036,7 @@ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 {
     int err = MP_OKAY;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int sign = MP_ZPOS;
+    sp_uint8 sign = MP_ZPOS;
 #endif
 
     if ((a == NULL) || (b == NULL) || (r == NULL)) {
@@ -12140,7 +12429,7 @@ static int _sp_invmod_div(const sp_int* a, const sp_int* m, sp_int* x,
 
     ALLOC_SP_INT(d, m->used + 1, err, NULL);
     if (err == MP_OKAY) {
-        mp_init(d);
+        sp_init_size(d, m->used + 1);
 
         /* 1. x = m, y = a, b = 1, c = 0 */
         if (a != y) {
@@ -12302,7 +12591,7 @@ static int _sp_invmod(const sp_int* a, const sp_int* m, sp_int* r)
         err = sp_init_size(b, m->used + 1);
     }
     if (err == MP_OKAY) {
-        err = sp_init_size(c, 2 * m->used + 1);
+        err = sp_init_size(c, (sp_size_t)(2 * m->used + 1));
     }
 
     if (err == MP_OKAY) {
@@ -12506,12 +12795,12 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r,
         t = pre[CT_INV_MOD_PRE_CNT + 0];
         e = pre[CT_INV_MOD_PRE_CNT + 1];
         /* Space for sqr and mul result. */
-        _sp_init_size(t, m->used * 2 + 1);
+        _sp_init_size(t, (sp_size_t)(m->used * 2 + 1));
         /* e = mod - 2 */
-        _sp_init_size(e, m->used + 1);
+        _sp_init_size(e, (sp_size_t)(m->used + 1));
 
         /* Create pre-computation results: ((2^(1..8))-1).a. */
-        _sp_init_size(pre[0], m->used * 2 + 1);
+        _sp_init_size(pre[0], (sp_size_t)(m->used * 2 + 1));
         /* 1. pre[0] = 2^0 * a mod m
          *    Start with 1.a = a.
          */
@@ -12522,7 +12811,7 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r,
         for (i = 1; (err == MP_OKAY) && (i < CT_INV_MOD_PRE_CNT); i++) {
             /* 2.1 pre[i-1] = ((pre[i-1] ^ 2) * a) mod m */
             /* Previous value ..1 -> ..10 */
-            _sp_init_size(pre[i], m->used * 2 + 1);
+            _sp_init_size(pre[i], (sp_size_t)(m->used * 2 + 1));
             err = sp_sqr(pre[i-1], pre[i]);
             if (err == MP_OKAY) {
                 err = _sp_mont_red(pre[i], m, mp, 0);
@@ -12748,10 +13037,10 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits,
 #endif
     if (err == MP_OKAY) {
         /* Initialize temporaries. */
-        _sp_init_size(t[0], 2 * m->used + 1);
-        _sp_init_size(t[1], 2 * m->used + 1);
+        _sp_init_size(t[0], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[1], (sp_size_t)(m->used * 2 + 1));
     #ifndef WC_NO_CACHE_RESISTANT
-        _sp_init_size(t[2], 2 * m->used + 1);
+        _sp_init_size(t[2], (sp_size_t)(m->used * 2 + 1));
     #endif
 
         /* 2. t[0] = b mod m
@@ -12979,10 +13268,10 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
     ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, 4, err, NULL);
     if (err == MP_OKAY) {
         /* Initialize temporaries. */
-        _sp_init_size(t[0], m->used * 2 + 1);
-        _sp_init_size(t[1], m->used * 2 + 1);
-        _sp_init_size(t[2], m->used * 2 + 1);
-        _sp_init_size(t[3], m->used * 2 + 1);
+        _sp_init_size(t[0], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[1], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[2], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[3], (sp_size_t)(m->used * 2 + 1));
 
         /* 1. Ensure base is less than modulus. */
         if (_sp_cmp_abs(b, m) != MP_LT) {
@@ -13521,9 +13810,9 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m,
         a  = d[0];
         tr = d[1];
 
-        _sp_init_size(a, m->used * 2 + 1);
+        _sp_init_size(a, (sp_size_t)(m->used * 2 + 1));
     #endif
-        _sp_init_size(tr, m->used * 2 + 1);
+        _sp_init_size(tr, (sp_size_t)(m->used * 2 + 1));
 
     }
 
@@ -13664,7 +13953,7 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m,
 #ifndef WC_NO_HARDEN
     FREE_SP_INT_ARRAY(d, NULL);
 #else
-    FREE_SP_INT(tr, m->used * 2 + 1);
+    FREE_SP_INT(tr, NULL);
 #endif
     return err;
 }
@@ -13983,10 +14272,10 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m,
 
         /* Initialize all allocated  */
         for (i = 0; i < preCnt; i++) {
-            _sp_init_size(t[i], m->used * 2 + 1);
+            _sp_init_size(t[i], (sp_size_t)(m->used * 2 + 1));
         }
-        _sp_init_size(tr, m->used * 2 + 1);
-        _sp_init_size(bm, m->used * 2 + 1);
+        _sp_init_size(tr, (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(bm, (sp_size_t)(m->used * 2 + 1));
 
         /* 1. Ensure base is less than modulus. */
         if (_sp_cmp_abs(b, m) != MP_LT) {
@@ -14441,8 +14730,8 @@ int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem)
             }
             if ((err == MP_OKAY) && (rem != NULL)) {
                 /* Set used and mask off top digit of remainder. */
-                rem->used = ((unsigned int)e + SP_WORD_SIZE - 1) >>
-                    SP_WORD_SHIFT;
+                rem->used = (sp_size_t)((e + SP_WORD_SIZE - 1) >>
+                                        SP_WORD_SHIFT);
                 e &= SP_WORD_MASK;
                 if (e > 0) {
                     rem->dp[rem->used - 1] &= ((sp_int_digit)1 << e) - 1;
@@ -14476,7 +14765,7 @@ int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem)
 int sp_mod_2d(const sp_int* a, int e, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int digits = ((unsigned int)e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT;
+    sp_size_t digits = (sp_size_t)((e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT);
 
     if ((a == NULL) || (r == NULL) || (e < 0)) {
         err = MP_VAL;
@@ -14557,7 +14846,8 @@ int sp_mul_2d(const sp_int* a, int e, sp_int* r)
 
     /* Ensure result has enough allocated digits for result. */
     if ((err == MP_OKAY) &&
-            ((unsigned int)(sp_count_bits(a) + e) > r->size * SP_WORD_SIZE)) {
+            ((unsigned int)(sp_count_bits(a) + e) >
+             (unsigned int)r->size * SP_WORD_SIZE)) {
         err = MP_VAL;
     }
 
@@ -14607,9 +14897,9 @@ int sp_mul_2d(const sp_int* a, int e, sp_int* r)
 static int _sp_sqr(const sp_int* a, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -14649,7 +14939,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
         t[0] = h;
         h = 0;
         o = 0;
-        for (k = 1; k < (a->used + 1) / 2; k++) {
+        for (k = 1; k < (sp_size_t)((a->used + 1) / 2); k++) {
             i = k;
             j = (int)(k - 1);
             for (; (j >= 0); i++, j--) {
@@ -14661,7 +14951,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
             o = 0;
 
             SP_ASM_SQR_ADD(l, h, o, a->dp[k]);
-            i = k + 1;
+            i = (sp_size_t)(k + 1);
             j = (int)(k - 1);
             for (; (j >= 0); i++, j--) {
                 SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
@@ -14683,7 +14973,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
             o = 0;
 
             SP_ASM_SQR_ADD(l, h, o, a->dp[k]);
-            i = k + 1;
+            i = (sp_size_t)(k + 1);
             j = (int)(k - 1);
             for (; (i < a->used); i++, j--) {
                 SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
@@ -14696,7 +14986,8 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
             p = r->dp;
         }
         r->dp[k * 2 - 1] = l;
-        XMEMCPY(r->dp, t, (((a->used + 1) / 2) * 2 + 1) * sizeof(sp_int_digit));
+        XMEMCPY(r->dp, t, (size_t)(((a->used + 1) / 2) * 2 + 1) *
+            sizeof(sp_int_digit));
     }
 
     if (err == MP_OKAY) {
@@ -14705,9 +14996,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -14723,9 +15012,9 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
 static int _sp_sqr(const sp_int* a, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -14763,7 +15052,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
     #ifdef SP_WORD_OVERFLOW
         o = 0;
     #endif
-        for (k = 1; k <= (a->used - 1) * 2; k++) {
+        for (k = 1; k <= (sp_size_t)((a->used - 1) * 2); k++) {
             i = k / 2;
             j = (int)(k - i);
             if (i == (unsigned int)j) {
@@ -14806,15 +15095,13 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
         #endif
         }
         t[k] = (sp_int_digit)l;
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
         sp_clamp(r);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -14926,9 +15213,7 @@ static int _sp_sqr_4(const sp_int* a, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (w != NULL) {
-        XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -15753,9 +16038,7 @@ static int _sp_sqr_16(const sp_int* a, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -16328,9 +16611,7 @@ static int _sp_sqr_24(const sp_int* a, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -17167,7 +17448,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     /* Adding numbers into m->used * 2 digits - zero out unused digits. */
 #ifndef WOLFSSL_NO_CT_OPS
     if (ct) {
-        for (i = 0; i < m->used * 2; i++) {
+        for (i = 0; i < (unsigned int)m->used * 2; i++) {
             a->dp[i] &=
                 (sp_int_digit)
                 (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i);
@@ -17176,7 +17457,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     else
 #endif /* !WOLFSSL_NO_CT_OPS */
     {
-        for (i = a->used; i < m->used * 2; i++) {
+        for (i = a->used; i < (unsigned int)m->used * 2; i++) {
             a->dp[i] = 0;
         }
     }
@@ -17214,7 +17495,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             /* 2.1. mu = (mp * DigitMask(a, i)) & WORD_MASK */
             mu = mp * a->dp[i];
             /* 2.2. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */
-            if ((i == m->used - 1) && (mask != 0)) {
+            if ((i == (unsigned int)m->used - 1) && (mask != 0)) {
                 mu &= mask;
             }
 
@@ -17224,7 +17505,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             a->dp[i] = (sp_int_digit)w;
             w >>= SP_WORD_SIZE;
             /* 2.4. For j = 1 up to NumDigits(m)-2 */
-            for (j = 1; j < m->used - 1; j++) {
+            for (j = 1; j < (unsigned int)m->used - 1; j++) {
                 /* 2.4.1 a += mu * DigitMask(m, j) */
                 w += a->dp[i + j];
                 w += (sp_int_word)mu * m->dp[j];
@@ -17246,7 +17527,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         a->dp[m->used * 2 - 1] = (sp_int_digit)o;
         o >>= SP_WORD_SIZE;
         a->dp[m->used * 2] = (sp_int_digit)o;
-        a->used = m->used * 2 + 1;
+        a->used = (sp_size_t)(m->used * 2 + 1);
     }
 
     if (!ct) {
@@ -17295,7 +17576,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
 
 #ifndef WOLFSSL_NO_CT_OPS
     if (ct) {
-        for (i = 0; i < m->used * 2; i++) {
+        for (i = 0; i < (unsigned int)m->used * 2; i++) {
             a->dp[i] &=
                 (sp_int_digit)
                 (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i);
@@ -17304,7 +17585,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     else
 #endif
     {
-        for (i = a->used; i < m->used * 2; i++) {
+        for (i = a->used; i < (unsigned int)m->used * 2; i++) {
             a->dp[i] = 0;
         }
     }
@@ -17325,7 +17606,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         SP_ASM_ADDC(l, h, a->dp[1]);
         a->dp[1] = l;
         a->dp[2] = h;
-        a->used = m->used * 2 + 1;
+        a->used = (sp_size_t)(m->used * 2 + 1);
         /* mp is SP_WORD_SIZE */
         bits = SP_WORD_SIZE;
     }
@@ -17475,7 +17756,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             h = 0;
             SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
             l = h;
-            for (j = 1; j + 1 < m->used - 1; j += 2) {
+            for (j = 1; j + 1 < (unsigned int)m->used - 1; j += 2) {
                 h = 0;
                 SP_ASM_ADDC(l, h, ad[j]);
                 SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
@@ -17485,7 +17766,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
                 SP_ASM_MUL_ADD_NO(h, l, mu, *(md++));
                 ad[j] = h;
             }
-            for (; j < m->used - 1; j++) {
+            for (; j < (unsigned int)m->used - 1; j++) {
                 h = 0;
                 SP_ASM_ADDC(l, h, ad[j]);
                 SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
@@ -17536,7 +17817,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             /* 2.1. mu = (mp * DigitMask(a, i)) & WORD_MASK */
             mu = mp * ad[0];
             /* 2.2. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */
-            if ((i == m->used - 1) && (mask != 0)) {
+            if ((i == (unsigned int)m->used - 1) && (mask != 0)) {
                 mu &= mask;
             }
 
@@ -17547,7 +17828,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             ad[0] = l;
             l = h;
             /* 2.4. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */
-            for (j = 1; j + 1 < m->used - 1; j += 2) {
+            for (j = 1; j + 1 < (unsigned int)m->used - 1; j += 2) {
                 h = 0;
                 /* 2.4.1. a += mu * DigitMask(m, j) */
                 SP_ASM_ADDC(l, h, ad[j + 0]);
@@ -17559,7 +17840,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
                 SP_ASM_MUL_ADD_NO(h, l, mu, *(md++));
                 ad[j + 1] = h;
             }
-            for (; j < m->used - 1; j++) {
+            for (; j < (unsigned int)m->used - 1; j++) {
                 h = 0;
                 /* 2.4.1. a += mu * DigitMask(m, j) */
                 SP_ASM_ADDC(l, h, ad[j]);
@@ -17582,7 +17863,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]);
         a->dp[m->used * 2 - 1] = l;
         a->dp[m->used * 2] = h;
-        a->used = m->used * 2 + 1;
+        a->used = (sp_size_t)(m->used * 2 + 1);
     }
 
     if (!ct) {
@@ -17653,7 +17934,7 @@ int sp_mont_red_ex(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
  *
  * Used when performing Montgomery Reduction.
  * m must be odd.
- * Jeffrey Hurchalla’s method.
+ * Jeffrey Hurchalla's method.
  *   https://arxiv.org/pdf/2204.04342.pdf
  *
  * @param  [in]   m   SP integer that is the modulus.
@@ -17734,7 +18015,7 @@ int sp_mont_norm(sp_int* norm, const sp_int* m)
     if (err == MP_OKAY) {
         /* Find top bit and ensure norm has enough space. */
         bits = (unsigned int)sp_count_bits(m);
-        if (bits >= norm->size * SP_WORD_SIZE) {
+        if (bits >= (unsigned int)norm->size * SP_WORD_SIZE) {
             err = MP_VAL;
         }
     }
@@ -17821,7 +18102,7 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
         int i;
         int j = 0;
 
-        a->used = (inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF;
+        a->used = (sp_size_t)((inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF);
 
     #if defined(BIG_ENDIAN_ORDER) && !defined(WOLFSSL_SP_INT_DIGIT_ALIGN)
         /* Data endian matches representation of number.
@@ -17949,7 +18230,7 @@ int sp_to_unsigned_bin_len(const sp_int* a, byte* out, int outSz)
                     d >>= 8;
                     /* Stop if the output buffer is filled. */
                     if (j < 0) {
-                        if ((i < a->used - 1) || (d > 0)) {
+                        if ((i < (unsigned int)a->used - 1) || (d > 0)) {
                             err = MP_VAL;
                         }
                         break;
@@ -18023,7 +18304,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz)
                 out[j--] = (byte)(d & mask);
                 d >>= 8;
             }
-            mask &= (sp_int_digit)0 - (i < a->used - 1);
+            mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1);
             i += (unsigned int)(1 & mask);
         }
     }
@@ -18039,7 +18320,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz)
         i = 0;
         for (j = outSz - 1; j >= 0; j--) {
             out[j] = a->dp[i] & mask;
-            mask &= (sp_int_digit)0 - (i < a->used - 1);
+            mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1);
             i += (unsigned int)(1 & mask);
         }
     }
@@ -18095,7 +18376,7 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
     int err = MP_OKAY;
     int i;
     unsigned int s = 0;
-    unsigned int j = 0;
+    sp_size_t j = 0;
     sp_int_digit d;
     /* Skip whitespace at end of line */
     int eol_done = 0;
@@ -18225,7 +18506,7 @@ int sp_read_radix(sp_int* a, const char* in, int radix)
 {
     int err = MP_OKAY;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int sign = MP_ZPOS;
+    sp_uint8 sign = MP_ZPOS;
 #endif
 
     if ((a == NULL) || (in == NULL)) {
@@ -18702,7 +18983,7 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
         r->sign = MP_ZPOS;
     #endif /* WOLFSSL_SP_INT_NEGATIVE */
         /* Set number of digits that will be used. */
-        r->used = digits;
+        r->used = (sp_size_t)digits;
     #if defined(WOLFSSL_SP_MATH_ALL) || defined(BIG_ENDIAN_ORDER)
         /* Calculate number of bits in last digit. */
         bits = (len * 8) & SP_WORD_MASK;
@@ -19039,7 +19320,7 @@ static int _sp_prime_trials(const sp_int* a, int trials, int* result)
 
         _sp_init_size(n1, a->used + 1);
         _sp_init_size(r, a->used + 1);
-        _sp_init_size(b, a->used * 2 + 1);
+        _sp_init_size(b, (sp_size_t)(a->used * 2 + 1));
 
         /* Do requested number of trials of Miller-Rabin test. */
         for (i = 0; i < trials; i++) {
@@ -19163,8 +19444,8 @@ static int _sp_prime_random_trials(const sp_int* a, int trials, int* result,
 
         _sp_init_size(c , a->used + 1);
         _sp_init_size(n1, a->used + 1);
-        _sp_init_size(b , a->used * 2 + 1);
-        _sp_init_size(r , a->used * 2 + 1);
+        _sp_init_size(b , (sp_size_t)(a->used * 2 + 1));
+        _sp_init_size(r , (sp_size_t)(a->used * 2 + 1));
 
         _sp_sub_d(a, 2, c);
 
diff --git a/wolfcrypt/src/sp_sm2_arm32.c b/wolfcrypt/src/sp_sm2_arm32.c
index 211b143920..4dc5377509 100644
--- a/wolfcrypt/src/sp_sm2_arm32.c
+++ b/wolfcrypt/src/sp_sm2_arm32.c
@@ -1,6 +1,6 @@
 /* sp_sm2_arm32.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_arm64.c b/wolfcrypt/src/sp_sm2_arm64.c
index 5c84948a01..8f87711903 100644
--- a/wolfcrypt/src/sp_sm2_arm64.c
+++ b/wolfcrypt/src/sp_sm2_arm64.c
@@ -1,6 +1,6 @@
 /* sp_sm2_arm64.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_armthumb.c b/wolfcrypt/src/sp_sm2_armthumb.c
index 5d26e27be9..0be6685723 100644
--- a/wolfcrypt/src/sp_sm2_armthumb.c
+++ b/wolfcrypt/src/sp_sm2_armthumb.c
@@ -1,6 +1,6 @@
 /* sp_sm2_armthumb.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_c32.c b/wolfcrypt/src/sp_sm2_c32.c
index 41c40d1ef3..754b80a563 100644
--- a/wolfcrypt/src/sp_sm2_c32.c
+++ b/wolfcrypt/src/sp_sm2_c32.c
@@ -1,6 +1,6 @@
 /* sp_sm2_c32.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_c64.c b/wolfcrypt/src/sp_sm2_c64.c
index ee38016544..861bfe3ed4 100644
--- a/wolfcrypt/src/sp_sm2_c64.c
+++ b/wolfcrypt/src/sp_sm2_c64.c
@@ -1,6 +1,6 @@
 /* sp_sm2_c64.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_cortexm.c b/wolfcrypt/src/sp_sm2_cortexm.c
index 3bda85f026..4b1083fc80 100644
--- a/wolfcrypt/src/sp_sm2_cortexm.c
+++ b/wolfcrypt/src/sp_sm2_cortexm.c
@@ -1,6 +1,6 @@
 /* sp_sm2_cortexm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_x86_64.c b/wolfcrypt/src/sp_sm2_x86_64.c
index f73e408344..24a5b9e581 100644
--- a/wolfcrypt/src/sp_sm2_x86_64.c
+++ b/wolfcrypt/src/sp_sm2_x86_64.c
@@ -1,6 +1,6 @@
 /* sp_sm2_x86_64.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_x86_64_asm.S b/wolfcrypt/src/sp_sm2_x86_64_asm.S
index 6ddc3c77ec..a725c8ef8a 100644
--- a/wolfcrypt/src/sp_sm2_x86_64_asm.S
+++ b/wolfcrypt/src/sp_sm2_x86_64_asm.S
@@ -1,6 +1,6 @@
 /* sp_sm2_x86_64_asm.S
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c
index b57f5a3a30..2529432279 100644
--- a/wolfcrypt/src/sp_x86_64.c
+++ b/wolfcrypt/src/sp_x86_64.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 63) / 64) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 63) / 64) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -492,8 +492,8 @@ static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -575,7 +575,7 @@ static WC_INLINE int sp_2048_div_16(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_2048_cond_sub_16(&t1[16], &t1[16], d, (sp_digit)0 - r1);
     for (i = 15; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[16 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[16 + i] == div);
         sp_digit hi = t1[16 + i] + mask;
         r1 = div_2048_word_16(hi, t1[16 + i - 1], div);
         r1 |= mask;
@@ -806,13 +806,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16);
         sp_2048_mont_reduce_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_16(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1047,13 +1046,12 @@ static int sp_2048_mod_exp_avx2_16(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16);
         sp_2048_mont_reduce_avx2_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_avx2_16(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1176,8 +1174,8 @@ static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -1352,7 +1350,7 @@ static WC_INLINE int sp_2048_div_32(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_2048_cond_sub_32(&t1[32], &t1[32], d, (sp_digit)0 - r1);
     for (i = 31; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[32 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[32 + i] == div);
         sp_digit hi = t1[32 + i] + mask;
         r1 = div_2048_word_32(hi, t1[32 + i - 1], div);
         r1 |= mask;
@@ -1618,13 +1616,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1894,13 +1891,12 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_avx2_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_avx2_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1965,7 +1961,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
         m = r + 32 * 2;
         ah = a + 32;
 
-        sp_2048_from_bin(ah, 32, in, inLen);
+        sp_2048_from_bin(ah, 32, in, (int)inLen);
 #if DIGIT_BIT >= 64
         e = em->dp[0];
 #else
@@ -1993,7 +1989,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
             if (err == MP_OKAY) {
                 /* r = a ^ 0x10000 => r = a squared 16 times */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i = 15; i >= 0; i--) {
                         sp_2048_mont_sqr_avx2_32(r, r, m, mp);
                     }
@@ -2024,7 +2021,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
         }
         else if (e == 0x3) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 if (err == MP_OKAY) {
                     sp_2048_sqr_avx2_32(r, ah);
                     err = sp_2048_mod_32_cond(r, r, m);
@@ -2066,7 +2064,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
 
                 XMEMCPY(r, a, sizeof(sp_digit) * 32);
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i--; i>=0; i--) {
                         sp_2048_mont_sqr_avx2_32(r, r, m, mp);
                         if (((e >> i) & 1) == 1) {
@@ -2105,8 +2104,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -2187,7 +2185,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
 
         r = a;
 
-        sp_2048_from_bin(a, 32, in, inLen);
+        sp_2048_from_bin(a, 32, in, (int)inLen);
         sp_2048_from_mp(d, 32, dm);
         sp_2048_from_mp(m, 32, mm);
         err = sp_2048_mod_exp_32(r, a, d, 2048, m, 0);
@@ -2305,14 +2303,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
         tmpb = tmpa + 32;
         r = a + 32;
 
-        sp_2048_from_bin(a, 32, in, inLen);
+        sp_2048_from_bin(a, 32, in, (int)inLen);
         sp_2048_from_mp(p, 16, pm);
         sp_2048_from_mp(q, 16, qm);
         sp_2048_from_mp(dp, 16, dpm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_16(tmpa, a, dp, 1024, p, 1);
+        }
         else
 #endif
             err = sp_2048_mod_exp_16(tmpa, a, dp, 1024, p, 1);
@@ -2320,8 +2320,10 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         sp_2048_from_mp(dq, 16, dqm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_16(tmpb, a, dq, 1024, q, 1);
+       }
        else
 #endif
             err = sp_2048_mod_exp_16(tmpb, a, dq, 1024, q, 1);
@@ -2330,7 +2332,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         c = sp_2048_sub_in_place_16(tmpa, tmpb);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             c += sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c);
             sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c);
         }
@@ -2343,7 +2346,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
 
         sp_2048_from_mp(qi, 16, qim);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_16(tmpa, tmpa, qi);
         }
         else
@@ -2356,7 +2360,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
 
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_16(tmpa, q, tmpa);
         }
         else
@@ -2519,8 +2524,10 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_2048_from_mp(m, 32, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_32(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_2048_mod_exp_32(r, b, e, expBits, m, 0);
@@ -2531,14 +2538,12 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 32);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -2682,13 +2687,12 @@ static int sp_2048_mod_exp_2_avx2_32(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_avx2_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_avx2_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2821,13 +2825,12 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2897,27 +2900,31 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
 
     if (err == MP_OKAY) {
         sp_2048_from_mp(b, 32, base);
-        sp_2048_from_bin(e, 32, exp, expLen);
+        sp_2048_from_bin(e, 32, exp, (int)expLen);
         sp_2048_from_mp(m, 32, mod);
 
     #ifdef HAVE_FFDHE_2048
         if (base->used == 1 && base->dp[0] == 2 && m[31] == (sp_digit)-1) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_2048_mod_exp_2_avx2_32(r, e, expLen * 8, m);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_2048_mod_exp_2_avx2_32(r, e, (int)expLen * 8, m);
+            }
             else
 #endif
-                err = sp_2048_mod_exp_2_32(r, e, expLen * 8, m);
+                err = sp_2048_mod_exp_2_32(r, e, (int)expLen * 8, m);
         }
         else
     #endif
         {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_2048_mod_exp_avx2_32(r, b, e, expLen * 8, m, 0);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_2048_mod_exp_avx2_32(r, b, e, (int)expLen * 8, m, 0);
+            }
             else
 #endif
-                err = sp_2048_mod_exp_32(r, b, e, expLen * 8, m, 0);
+                err = sp_2048_mod_exp_32(r, b, e, (int)expLen * 8, m, 0);
         }
     }
 
@@ -2932,14 +2939,12 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 32);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -3010,8 +3015,10 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_2048_from_mp(m, 16, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_16(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_2048_mod_exp_16(r, b, e, expBits, m, 0);
@@ -3023,14 +3030,12 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 16);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -3494,8 +3499,8 @@ static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -3577,7 +3582,7 @@ static WC_INLINE int sp_3072_div_24(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_3072_cond_sub_24(&t1[24], &t1[24], d, (sp_digit)0 - r1);
     for (i = 23; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[24 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[24 + i] == div);
         sp_digit hi = t1[24 + i] + mask;
         r1 = div_3072_word_24(hi, t1[24 + i - 1], div);
         r1 |= mask;
@@ -3808,13 +3813,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24);
         sp_3072_mont_reduce_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_24(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4049,13 +4053,12 @@ static int sp_3072_mod_exp_avx2_24(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24);
         sp_3072_mont_reduce_avx2_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_avx2_24(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4178,8 +4181,8 @@ static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -4354,7 +4357,7 @@ static WC_INLINE int sp_3072_div_48(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_3072_cond_sub_48(&t1[48], &t1[48], d, (sp_digit)0 - r1);
     for (i = 47; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[48 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[48 + i] == div);
         sp_digit hi = t1[48 + i] + mask;
         r1 = div_3072_word_48(hi, t1[48 + i - 1], div);
         r1 |= mask;
@@ -4568,13 +4571,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4792,13 +4794,12 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_avx2_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_avx2_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4863,7 +4864,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
         m = r + 48 * 2;
         ah = a + 48;
 
-        sp_3072_from_bin(ah, 48, in, inLen);
+        sp_3072_from_bin(ah, 48, in, (int)inLen);
 #if DIGIT_BIT >= 64
         e = em->dp[0];
 #else
@@ -4891,7 +4892,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
             if (err == MP_OKAY) {
                 /* r = a ^ 0x10000 => r = a squared 16 times */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i = 15; i >= 0; i--) {
                         sp_3072_mont_sqr_avx2_48(r, r, m, mp);
                     }
@@ -4922,7 +4924,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
         }
         else if (e == 0x3) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 if (err == MP_OKAY) {
                     sp_3072_sqr_avx2_48(r, ah);
                     err = sp_3072_mod_48_cond(r, r, m);
@@ -4964,7 +4967,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
 
                 XMEMCPY(r, a, sizeof(sp_digit) * 48);
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i--; i>=0; i--) {
                         sp_3072_mont_sqr_avx2_48(r, r, m, mp);
                         if (((e >> i) & 1) == 1) {
@@ -5003,8 +5007,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -5085,7 +5088,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
 
         r = a;
 
-        sp_3072_from_bin(a, 48, in, inLen);
+        sp_3072_from_bin(a, 48, in, (int)inLen);
         sp_3072_from_mp(d, 48, dm);
         sp_3072_from_mp(m, 48, mm);
         err = sp_3072_mod_exp_48(r, a, d, 3072, m, 0);
@@ -5203,14 +5206,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
         tmpb = tmpa + 48;
         r = a + 48;
 
-        sp_3072_from_bin(a, 48, in, inLen);
+        sp_3072_from_bin(a, 48, in, (int)inLen);
         sp_3072_from_mp(p, 24, pm);
         sp_3072_from_mp(q, 24, qm);
         sp_3072_from_mp(dp, 24, dpm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_24(tmpa, a, dp, 1536, p, 1);
+        }
         else
 #endif
             err = sp_3072_mod_exp_24(tmpa, a, dp, 1536, p, 1);
@@ -5218,8 +5223,10 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         sp_3072_from_mp(dq, 24, dqm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_24(tmpb, a, dq, 1536, q, 1);
+       }
        else
 #endif
             err = sp_3072_mod_exp_24(tmpb, a, dq, 1536, q, 1);
@@ -5228,7 +5235,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         c = sp_3072_sub_in_place_24(tmpa, tmpb);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             c += sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c);
             sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c);
         }
@@ -5241,7 +5249,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
 
         sp_3072_from_mp(qi, 24, qim);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_3072_mul_avx2_24(tmpa, tmpa, qi);
         }
         else
@@ -5254,7 +5263,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
 
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_3072_mul_avx2_24(tmpa, q, tmpa);
         }
         else
@@ -5417,8 +5427,10 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_3072_from_mp(m, 48, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_48(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_3072_mod_exp_48(r, b, e, expBits, m, 0);
@@ -5429,14 +5441,12 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 48);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -5580,13 +5590,12 @@ static int sp_3072_mod_exp_2_avx2_48(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_avx2_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_avx2_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5719,13 +5728,12 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5795,27 +5803,31 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
 
     if (err == MP_OKAY) {
         sp_3072_from_mp(b, 48, base);
-        sp_3072_from_bin(e, 48, exp, expLen);
+        sp_3072_from_bin(e, 48, exp, (int)expLen);
         sp_3072_from_mp(m, 48, mod);
 
     #ifdef HAVE_FFDHE_3072
         if (base->used == 1 && base->dp[0] == 2 && m[47] == (sp_digit)-1) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_3072_mod_exp_2_avx2_48(r, e, expLen * 8, m);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_3072_mod_exp_2_avx2_48(r, e, (int)expLen * 8, m);
+            }
             else
 #endif
-                err = sp_3072_mod_exp_2_48(r, e, expLen * 8, m);
+                err = sp_3072_mod_exp_2_48(r, e, (int)expLen * 8, m);
         }
         else
     #endif
         {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_3072_mod_exp_avx2_48(r, b, e, expLen * 8, m, 0);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_3072_mod_exp_avx2_48(r, b, e, (int)expLen * 8, m, 0);
+            }
             else
 #endif
-                err = sp_3072_mod_exp_48(r, b, e, expLen * 8, m, 0);
+                err = sp_3072_mod_exp_48(r, b, e, (int)expLen * 8, m, 0);
         }
     }
 
@@ -5830,14 +5842,12 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 48);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -5908,8 +5918,10 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_3072_from_mp(m, 24, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_24(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_3072_mod_exp_24(r, b, e, expBits, m, 0);
@@ -5921,14 +5933,12 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 24);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -6302,8 +6312,8 @@ static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -6478,7 +6488,7 @@ static WC_INLINE int sp_4096_div_64(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_4096_cond_sub_64(&t1[64], &t1[64], d, (sp_digit)0 - r1);
     for (i = 63; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[64 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[64 + i] == div);
         sp_digit hi = t1[64 + i] + mask;
         r1 = div_4096_word_64(hi, t1[64 + i - 1], div);
         r1 |= mask;
@@ -6692,13 +6702,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6916,13 +6925,12 @@ static int sp_4096_mod_exp_avx2_64(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_avx2_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_avx2_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6987,7 +6995,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
         m = r + 64 * 2;
         ah = a + 64;
 
-        sp_4096_from_bin(ah, 64, in, inLen);
+        sp_4096_from_bin(ah, 64, in, (int)inLen);
 #if DIGIT_BIT >= 64
         e = em->dp[0];
 #else
@@ -7015,7 +7023,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
             if (err == MP_OKAY) {
                 /* r = a ^ 0x10000 => r = a squared 16 times */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i = 15; i >= 0; i--) {
                         sp_4096_mont_sqr_avx2_64(r, r, m, mp);
                     }
@@ -7046,7 +7055,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
         }
         else if (e == 0x3) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 if (err == MP_OKAY) {
                     sp_4096_sqr_avx2_64(r, ah);
                     err = sp_4096_mod_64_cond(r, r, m);
@@ -7088,7 +7098,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
 
                 XMEMCPY(r, a, sizeof(sp_digit) * 64);
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i--; i>=0; i--) {
                         sp_4096_mont_sqr_avx2_64(r, r, m, mp);
                         if (((e >> i) & 1) == 1) {
@@ -7127,8 +7138,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -7209,7 +7219,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
 
         r = a;
 
-        sp_4096_from_bin(a, 64, in, inLen);
+        sp_4096_from_bin(a, 64, in, (int)inLen);
         sp_4096_from_mp(d, 64, dm);
         sp_4096_from_mp(m, 64, mm);
         err = sp_4096_mod_exp_64(r, a, d, 4096, m, 0);
@@ -7327,14 +7337,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
         tmpb = tmpa + 64;
         r = a + 64;
 
-        sp_4096_from_bin(a, 64, in, inLen);
+        sp_4096_from_bin(a, 64, in, (int)inLen);
         sp_4096_from_mp(p, 32, pm);
         sp_4096_from_mp(q, 32, qm);
         sp_4096_from_mp(dp, 32, dpm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_32(tmpa, a, dp, 2048, p, 1);
+        }
         else
 #endif
             err = sp_2048_mod_exp_32(tmpa, a, dp, 2048, p, 1);
@@ -7342,8 +7354,10 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         sp_4096_from_mp(dq, 32, dqm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_32(tmpb, a, dq, 2048, q, 1);
+       }
        else
 #endif
             err = sp_2048_mod_exp_32(tmpb, a, dq, 2048, q, 1);
@@ -7352,7 +7366,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         c = sp_2048_sub_in_place_32(tmpa, tmpb);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             c += sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c);
             sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c);
         }
@@ -7365,7 +7380,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
 
         sp_2048_from_mp(qi, 32, qim);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_32(tmpa, tmpa, qi);
         }
         else
@@ -7378,7 +7394,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
 
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_32(tmpa, q, tmpa);
         }
         else
@@ -7541,8 +7558,10 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_4096_from_mp(m, 64, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_4096_mod_exp_avx2_64(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_4096_mod_exp_64(r, b, e, expBits, m, 0);
@@ -7553,14 +7572,12 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 64);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -7704,13 +7721,12 @@ static int sp_4096_mod_exp_2_avx2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_avx2_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_avx2_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -7843,13 +7859,12 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -7919,27 +7934,31 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
 
     if (err == MP_OKAY) {
         sp_4096_from_mp(b, 64, base);
-        sp_4096_from_bin(e, 64, exp, expLen);
+        sp_4096_from_bin(e, 64, exp, (int)expLen);
         sp_4096_from_mp(m, 64, mod);
 
     #ifdef HAVE_FFDHE_4096
         if (base->used == 1 && base->dp[0] == 2 && m[63] == (sp_digit)-1) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_4096_mod_exp_2_avx2_64(r, e, expLen * 8, m);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_4096_mod_exp_2_avx2_64(r, e, (int)expLen * 8, m);
+            }
             else
 #endif
-                err = sp_4096_mod_exp_2_64(r, e, expLen * 8, m);
+                err = sp_4096_mod_exp_2_64(r, e, (int)expLen * 8, m);
         }
         else
     #endif
         {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_4096_mod_exp_avx2_64(r, b, e, expLen * 8, m, 0);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_4096_mod_exp_avx2_64(r, b, e, (int)expLen * 8, m, 0);
+            }
             else
 #endif
-                err = sp_4096_mod_exp_64(r, b, e, expLen * 8, m, 0);
+                err = sp_4096_mod_exp_64(r, b, e, (int)expLen * 8, m, 0);
         }
     }
 
@@ -7954,14 +7973,12 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 64);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -8119,14 +8136,14 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
 
     (void)m;
 
-    a32[0] = a[0] & 0xffffffff;
-    a32[1] = a[0] >> 32;
-    a32[2] = a[1] & 0xffffffff;
-    a32[3] = a[1] >> 32;
-    a32[4] = a[2] & 0xffffffff;
-    a32[5] = a[2] >> 32;
-    a32[6] = a[3] & 0xffffffff;
-    a32[7] = a[3] >> 32;
+    a32[0] = (int64_t)(a[0] & 0xffffffff);
+    a32[1] = (int64_t)(a[0] >> 32);
+    a32[2] = (int64_t)(a[1] & 0xffffffff);
+    a32[3] = (int64_t)(a[1] >> 32);
+    a32[4] = (int64_t)(a[2] & 0xffffffff);
+    a32[5] = (int64_t)(a[2] >> 32);
+    a32[6] = (int64_t)(a[3] & 0xffffffff);
+    a32[7] = (int64_t)(a[3] >> 32);
 
     /*  1  1  0 -1 -1 -1 -1  0 */
     t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6];
@@ -8176,10 +8193,10 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
     t[5] += t[4] >> 32; t[4] &= 0xffffffff;
     t[6] += t[5] >> 32; t[5] &= 0xffffffff;
     t[7] += t[6] >> 32; t[6] &= 0xffffffff;
-    r[0] = (t[1] << 32) | t[0];
-    r[1] = (t[3] << 32) | t[2];
-    r[2] = (t[5] << 32) | t[4];
-    r[3] = (t[7] << 32) | t[6];
+    r[0] = (sp_digit)((t[1] << 32) | t[0]);
+    r[1] = (sp_digit)((t[3] << 32) | t[2]);
+    r[2] = (sp_digit)((t[5] << 32) | t[4]);
+    r[3] = (sp_digit)((t[7] << 32) | t[6]);
 
     return MP_OKAY;
 }
@@ -8554,7 +8571,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_4(r->x, p256_mod);
-    sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->x);
 
     /* y /= z^3 */
@@ -8563,7 +8580,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_4(r->y, p256_mod);
-    sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -8980,8 +8997,8 @@ static void sp_256_proj_point_add_4(sp_point_256* r,
         sp_256_mont_sub_4(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -8998,7 +9015,7 @@ static void sp_256_proj_point_add_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -9170,8 +9187,8 @@ static int sp_256_proj_point_add_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -9188,7 +9205,7 @@ static int sp_256_proj_point_add_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -9399,7 +9416,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -9575,10 +9592,8 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -9728,7 +9743,7 @@ static void sp_256_map_avx2_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_avx2_4(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_4(r->x, p256_mod);
-    sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->x);
 
     /* y /= z^3 */
@@ -9737,7 +9752,7 @@ static void sp_256_map_avx2_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_avx2_4(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_4(r->y, p256_mod);
-    sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -10100,8 +10115,8 @@ static void sp_256_proj_point_add_avx2_4(sp_point_256* r,
         sp_256_mont_sub_avx2_4(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -10118,7 +10133,7 @@ static void sp_256_proj_point_add_avx2_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -10290,8 +10305,8 @@ static int sp_256_proj_point_add_avx2_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -10308,7 +10323,7 @@ static int sp_256_proj_point_add_avx2_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -10610,10 +10625,8 @@ static int sp_256_ecc_mulmod_win_add_sub_avx2_4(sp_point_256* r, const sp_point_
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -10683,8 +10696,8 @@ static void sp_256_proj_point_add_qz1_4(sp_point_256* r,
         sp_256_mont_sub_4(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -10701,7 +10714,7 @@ static void sp_256_proj_point_add_qz1_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -10812,8 +10825,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -10942,10 +10954,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -11175,8 +11185,8 @@ static void sp_256_proj_point_add_qz1_avx2_4(sp_point_256* r,
         sp_256_mont_sub_avx2_4(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -11193,7 +11203,7 @@ static void sp_256_proj_point_add_qz1_avx2_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -11304,8 +11314,7 @@ static int sp_256_gen_stripe_table_avx2_4(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -11420,10 +11429,8 @@ static int sp_256_ecc_mulmod_stripe_avx2_4(sp_point_256* r, const sp_point_256*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -11544,8 +11551,10 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_256_point_from_ecc_point_4(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(point, point, k, map, 1, heap);
@@ -11555,10 +11564,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -11626,24 +11633,30 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(point, point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(point, point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_add_avx2_4(point, point, addP, tmp);
+        }
         else
 #endif
             sp_256_proj_point_add_4(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_256_map_avx2_4(point, point, tmp);
+            }
             else
 #endif
                 sp_256_map_4(point, point, tmp);
@@ -11653,10 +11666,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -12080,7 +12091,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<37; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -24183,8 +24194,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24317,8 +24327,7 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24383,8 +24392,10 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_256_from_mp(k, 4, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_base_4(point, k, map, 1, heap);
@@ -24394,10 +24405,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24463,24 +24472,30 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_base_4(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_add_avx2_4(point, point, addP, tmp);
+        }
         else
 #endif
             sp_256_proj_point_add_4(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_256_map_avx2_4(point, point, tmp);
+            }
             else
 #endif
                 sp_256_map_4(point, point, tmp);
@@ -24490,10 +24505,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24554,6 +24567,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -24570,6 +24584,11 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -24630,8 +24649,10 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(point, k, 1, 1, NULL);
+       }
         else
 #endif
             err = sp_256_ecc_mulmod_base_4(point, k, 1, 1, NULL);
@@ -24640,7 +24661,8 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(infinity, point, p256_order, 1, 1,
                                                                           NULL);
         }
@@ -24663,12 +24685,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24838,8 +24857,10 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
         sp_256_from_mp(k, 4, priv);
         sp_256_point_from_ecc_point_4(point, pub);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(point, point, k, 1, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(point, point, k, 1, 1, heap);
@@ -24850,10 +24871,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24972,8 +24991,8 @@ static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -25040,7 +25059,7 @@ static WC_INLINE int sp_256_div_4(const sp_digit* a, const sp_digit* d, sp_digit
 #endif
         sp_256_cond_sub_4(&t1[4], &t1[4], d, (sp_digit)0 - r1);
     for (i = 3; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[4 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[4 + i] == div);
         sp_digit hi = t1[4 + i] + mask;
         r1 = div_256_word_4(hi, t1[4 + i - 1], div);
         r1 |= mask;
@@ -25586,8 +25605,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
     /* Conv k to Montgomery form (mod order) */
 #ifdef HAVE_INTEL_AVX2
-     if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_256_mul_avx2_4(k, k, p256_norm_order);
+    }
     else
 #endif
         sp_256_mul_4(k, k, p256_norm_order);
@@ -25597,8 +25618,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* kInv = 1/k mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_inv_order_avx2_4(kInv, k, tmp);
+        }
         else
 #endif
             sp_256_mont_inv_order_4(kInv, k, tmp);
@@ -25606,8 +25629,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = r * x + e */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mul_avx2_4(x, x, r);
+        }
         else
 #endif
             sp_256_mul_4(x, x, r);
@@ -25625,8 +25650,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = s * k^-1 mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_mul_order_avx2_4(s, s, kInv);
+        }
         else
 #endif
             sp_256_mont_mul_order_4(s, s, kInv);
@@ -25714,8 +25741,10 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
         }
         if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_256_ecc_mulmod_base_avx2_4(point, k, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_256_ecc_mulmod_base_4(point, k, 1, 1, heap);
@@ -25977,7 +26006,8 @@ static void sp_256_add_points_4(sp_point_256* p1, const sp_point_256* p2,
 #endif
 
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_256_proj_point_add_avx2_4(p1, p1, p2, tmp);
     }
     else
@@ -25986,7 +26016,8 @@ static void sp_256_add_points_4(sp_point_256* p1, const sp_point_256* p2,
     if (sp_256_iszero_4(p1->z)) {
         if (sp_256_iszero_4(p1->x) && sp_256_iszero_4(p1->y)) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_256_proj_point_dbl_avx2_4(p1, p2, tmp);
             }
             else
@@ -26024,7 +26055,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
 
 #ifndef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_256_mod_inv_avx2_4(s, s, p256_order);
     }
     else
@@ -26035,7 +26067,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
 #endif /* !WOLFSSL_SP_SMALL */
     {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mul_avx2_4(s, s, p256_norm_order);
         }
         else
@@ -26049,7 +26082,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
         sp_256_norm_4(s);
 #ifdef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_inv_order_avx2_4(s, s, tmp);
             sp_256_mont_mul_order_avx2_4(u1, u1, s);
             sp_256_mont_mul_order_avx2_4(u2, u2, s);
@@ -26063,7 +26097,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
         }
 #else
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_mul_order_avx2_4(u1, u1, s);
             sp_256_mont_mul_order_avx2_4(u2, u2, s);
         }
@@ -26075,7 +26110,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
         }
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(p1, u1, 0, 0, heap);
         }
         else
@@ -26089,8 +26125,10 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(p2, p2, u2, 0, 0, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(p2, p2, u2, 0, 0, heap);
@@ -26192,14 +26230,18 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     if (err == MP_OKAY) {
         /* u1 = r.z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_sqr_avx2_4(p1->z, p1->z, p256_mod, p256_mp_mod);
+        }
         else
 #endif
             sp_256_mont_sqr_4(p1->z, p1->z, p256_mod, p256_mp_mod);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_mul_avx2_4(u1, u2, p1->z, p256_mod, p256_mp_mod);
+        }
         else
 #endif
             sp_256_mont_mul_4(u1, u2, p1->z, p256_mod, p256_mp_mod);
@@ -26222,7 +26264,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
             if (err == MP_OKAY) {
                 /* u1 = (r + 1*order).z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     sp_256_mont_mul_avx2_4(u1, u2, p1->z, p256_mod,
                         p256_mp_mod);
                 }
@@ -26237,10 +26280,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26447,8 +26488,7 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26487,8 +26527,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26578,8 +26617,10 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(p, pub, p256_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(p, pub, p256_order, 1, 1, heap);
@@ -26594,8 +26635,10 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_256_ecc_mulmod_base_avx2_4(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_256_ecc_mulmod_base_4(p, priv, 1, 1, heap);
@@ -26609,10 +26652,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26681,8 +26722,10 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_256_iszero_4(q->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_add_avx2_4(p, p, q, tmp);
+        }
         else
 #endif
             sp_256_proj_point_add_4(p, p, q, tmp);
@@ -26699,10 +26742,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26757,8 +26798,10 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_256_iszero_4(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_dbl_avx2_4(p, p, tmp);
+        }
         else
 #endif
             sp_256_proj_point_dbl_4(p, p, tmp);
@@ -26775,10 +26818,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26829,8 +26870,10 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
                       sp_256_iszero_4(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_map_avx2_4(p, p, tmp);
+        }
         else
 #endif
             sp_256_map_4(p, p, tmp);
@@ -26847,10 +26890,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26886,7 +26927,8 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
         t2 = t1 + 2 * 4;
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             /* t2 = y ^ 0x2 */
             sp_256_mont_sqr_avx2_4(t2, y, p256_mod, p256_mp_mod);
             /* t1 = y ^ 0x3 */
@@ -26953,8 +26995,7 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26996,7 +27037,8 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     if (err == MP_OKAY) {
         /* y = x^3 */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_sqr_avx2_4(y, x, p256_mod, p256_mp_mod);
             sp_256_mont_mul_avx2_4(y, y, x, p256_mod, p256_mp_mod);
         }
@@ -27029,8 +27071,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27197,18 +27238,18 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
     if (err == MP_OKAY) {
         a32 = t + 12;
 
-        a32[0] = a[0] & 0xffffffff;
-        a32[1] = a[0] >> 32;
-        a32[2] = a[1] & 0xffffffff;
-        a32[3] = a[1] >> 32;
-        a32[4] = a[2] & 0xffffffff;
-        a32[5] = a[2] >> 32;
-        a32[6] = a[3] & 0xffffffff;
-        a32[7] = a[3] >> 32;
-        a32[8] = a[4] & 0xffffffff;
-        a32[9] = a[4] >> 32;
-        a32[10] = a[5] & 0xffffffff;
-        a32[11] = a[5] >> 32;
+        a32[0] = (int64_t)(a[0] & 0xffffffff);
+        a32[1] = (int64_t)(a[0] >> 32);
+        a32[2] = (int64_t)(a[1] & 0xffffffff);
+        a32[3] = (int64_t)(a[1] >> 32);
+        a32[4] = (int64_t)(a[2] & 0xffffffff);
+        a32[5] = (int64_t)(a[2] >> 32);
+        a32[6] = (int64_t)(a[3] & 0xffffffff);
+        a32[7] = (int64_t)(a[3] >> 32);
+        a32[8] = (int64_t)(a[4] & 0xffffffff);
+        a32[9] = (int64_t)(a[4] >> 32);
+        a32[10] = (int64_t)(a[5] & 0xffffffff);
+        a32[11] = (int64_t)(a[5] >> 32);
 
         /*  1  0  0  0  0  0  0  0  1  1  0 -1 */
         t[0] = 0 + a32[0] + a32[8] + a32[9] - a32[11];
@@ -27263,17 +27304,16 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = (t[1] << 32) | t[0];
-        r[1] = (t[3] << 32) | t[2];
-        r[2] = (t[5] << 32) | t[4];
-        r[3] = (t[7] << 32) | t[6];
-        r[4] = (t[9] << 32) | t[8];
-        r[5] = (t[11] << 32) | t[10];
+        r[0] = (sp_digit)((t[1] << 32) | t[0]);
+        r[1] = (sp_digit)((t[3] << 32) | t[2]);
+        r[2] = (sp_digit)((t[5] << 32) | t[4]);
+        r[3] = (sp_digit)((t[7] << 32) | t[6]);
+        r[4] = (sp_digit)((t[9] << 32) | t[8]);
+        r[5] = (sp_digit)((t[11] << 32) | t[10]);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27681,7 +27721,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_6(r->x, p384_mod);
-    sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->x);
 
     /* y /= z^3 */
@@ -27690,7 +27730,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_6(r->y, p384_mod);
-    sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -28113,8 +28153,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
         sp_384_mont_sub_6(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -28131,7 +28171,7 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -28305,8 +28345,8 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -28323,7 +28363,7 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -28537,7 +28577,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -28713,10 +28753,8 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -28902,7 +28940,7 @@ static void sp_384_map_avx2_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_avx2_6(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_6(r->x, p384_mod);
-    sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->x);
 
     /* y /= z^3 */
@@ -28911,7 +28949,7 @@ static void sp_384_map_avx2_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_avx2_6(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_6(r->y, p384_mod);
-    sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -29286,8 +29324,8 @@ static void sp_384_proj_point_add_avx2_6(sp_point_384* r,
         sp_384_mont_sub_avx2_6(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29304,7 +29342,7 @@ static void sp_384_proj_point_add_avx2_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -29478,8 +29516,8 @@ static int sp_384_proj_point_add_avx2_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29496,7 +29534,7 @@ static int sp_384_proj_point_add_avx2_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -29801,10 +29839,8 @@ static int sp_384_ecc_mulmod_win_add_sub_avx2_6(sp_point_384* r, const sp_point_
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -29877,8 +29913,8 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
         sp_384_mont_sub_6(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29895,7 +29931,7 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30006,8 +30042,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30136,10 +30171,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30372,8 +30405,8 @@ static void sp_384_proj_point_add_qz1_avx2_6(sp_point_384* r,
         sp_384_mont_sub_avx2_6(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -30390,7 +30423,7 @@ static void sp_384_proj_point_add_qz1_avx2_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30501,8 +30534,7 @@ static int sp_384_gen_stripe_table_avx2_6(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30617,10 +30649,8 @@ static int sp_384_ecc_mulmod_stripe_avx2_6(sp_point_384* r, const sp_point_384*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30741,8 +30771,10 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_384_point_from_ecc_point_6(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(point, point, k, map, 1, heap);
@@ -30752,10 +30784,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30823,24 +30853,30 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(point, point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(point, point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_add_avx2_6(point, point, addP, tmp);
+        }
         else
 #endif
             sp_384_proj_point_add_6(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_384_map_avx2_6(point, point, tmp);
+            }
             else
 #endif
                 sp_384_map_6(point, point, tmp);
@@ -30850,10 +30886,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -31277,7 +31311,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<55; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -49194,8 +49228,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49328,8 +49361,7 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49394,8 +49426,10 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_384_from_mp(k, 6, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_base_6(point, k, map, 1, heap);
@@ -49405,10 +49439,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49474,24 +49506,30 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_base_6(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_add_avx2_6(point, point, addP, tmp);
+        }
         else
 #endif
             sp_384_proj_point_add_6(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_384_map_avx2_6(point, point, tmp);
+            }
             else
 #endif
                 sp_384_map_6(point, point, tmp);
@@ -49501,10 +49539,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49565,6 +49601,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -49581,6 +49618,11 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -49641,8 +49683,10 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(point, k, 1, 1, NULL);
+       }
         else
 #endif
             err = sp_384_ecc_mulmod_base_6(point, k, 1, 1, NULL);
@@ -49651,7 +49695,8 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(infinity, point, p384_order, 1, 1,
                                                                           NULL);
         }
@@ -49674,12 +49719,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49849,8 +49891,10 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
         sp_384_from_mp(k, 6, priv);
         sp_384_point_from_ecc_point_6(point, pub);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(point, point, k, 1, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(point, point, k, 1, 1, heap);
@@ -49861,10 +49905,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49983,8 +50025,8 @@ static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -50053,7 +50095,7 @@ static WC_INLINE int sp_384_div_6(const sp_digit* a, const sp_digit* d, sp_digit
 #endif
         sp_384_cond_sub_6(&t1[6], &t1[6], d, (sp_digit)0 - r1);
     for (i = 5; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[6 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[6 + i] == div);
         sp_digit hi = t1[6 + i] + mask;
         r1 = div_384_word_6(hi, t1[6 + i - 1], div);
         r1 |= mask;
@@ -50455,8 +50497,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
     /* Conv k to Montgomery form (mod order) */
 #ifdef HAVE_INTEL_AVX2
-     if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_384_mul_avx2_6(k, k, p384_norm_order);
+    }
     else
 #endif
         sp_384_mul_6(k, k, p384_norm_order);
@@ -50466,8 +50510,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* kInv = 1/k mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_inv_order_avx2_6(kInv, k, tmp);
+        }
         else
 #endif
             sp_384_mont_inv_order_6(kInv, k, tmp);
@@ -50475,8 +50521,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = r * x + e */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mul_avx2_6(x, x, r);
+        }
         else
 #endif
             sp_384_mul_6(x, x, r);
@@ -50494,8 +50542,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = s * k^-1 mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_mul_order_avx2_6(s, s, kInv);
+        }
         else
 #endif
             sp_384_mont_mul_order_6(s, s, kInv);
@@ -50583,8 +50633,10 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
         }
         if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_384_ecc_mulmod_base_avx2_6(point, k, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_384_ecc_mulmod_base_6(point, k, 1, 1, heap);
@@ -50935,7 +50987,8 @@ static void sp_384_add_points_6(sp_point_384* p1, const sp_point_384* p2,
 #endif
 
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_384_proj_point_add_avx2_6(p1, p1, p2, tmp);
     }
     else
@@ -50944,7 +50997,8 @@ static void sp_384_add_points_6(sp_point_384* p1, const sp_point_384* p2,
     if (sp_384_iszero_6(p1->z)) {
         if (sp_384_iszero_6(p1->x) && sp_384_iszero_6(p1->y)) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_384_proj_point_dbl_avx2_6(p1, p2, tmp);
             }
             else
@@ -50988,7 +51042,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
 #endif /* !WOLFSSL_SP_SMALL */
     {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mul_avx2_6(s, s, p384_norm_order);
         }
         else
@@ -51002,7 +51057,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
         sp_384_norm_6(s);
 #ifdef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_inv_order_avx2_6(s, s, tmp);
             sp_384_mont_mul_order_avx2_6(u1, u1, s);
             sp_384_mont_mul_order_avx2_6(u2, u2, s);
@@ -51016,7 +51072,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
         }
 #else
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_mul_order_avx2_6(u1, u1, s);
             sp_384_mont_mul_order_avx2_6(u2, u2, s);
         }
@@ -51028,7 +51085,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
         }
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(p1, u1, 0, 0, heap);
         }
         else
@@ -51042,8 +51100,10 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(p2, p2, u2, 0, 0, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(p2, p2, u2, 0, 0, heap);
@@ -51145,14 +51205,18 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     if (err == MP_OKAY) {
         /* u1 = r.z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_sqr_avx2_6(p1->z, p1->z, p384_mod, p384_mp_mod);
+        }
         else
 #endif
             sp_384_mont_sqr_6(p1->z, p1->z, p384_mod, p384_mp_mod);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_mul_avx2_6(u1, u2, p1->z, p384_mod, p384_mp_mod);
+        }
         else
 #endif
             sp_384_mont_mul_6(u1, u2, p1->z, p384_mod, p384_mp_mod);
@@ -51175,7 +51239,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
             if (err == MP_OKAY) {
                 /* u1 = (r + 1*order).z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     sp_384_mont_mul_avx2_6(u1, u2, p1->z, p384_mod,
                         p384_mp_mod);
                 }
@@ -51190,10 +51255,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51400,8 +51463,7 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51440,8 +51502,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51531,8 +51592,10 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(p, pub, p384_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(p, pub, p384_order, 1, 1, heap);
@@ -51547,8 +51610,10 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_384_ecc_mulmod_base_avx2_6(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_384_ecc_mulmod_base_6(p, priv, 1, 1, heap);
@@ -51562,10 +51627,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51634,8 +51697,10 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_384_iszero_6(q->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_add_avx2_6(p, p, q, tmp);
+        }
         else
 #endif
             sp_384_proj_point_add_6(p, p, q, tmp);
@@ -51652,10 +51717,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51710,8 +51773,10 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_384_iszero_6(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_dbl_avx2_6(p, p, tmp);
+        }
         else
 #endif
             sp_384_proj_point_dbl_6(p, p, tmp);
@@ -51728,10 +51793,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51782,8 +51845,10 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
                       sp_384_iszero_6(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_map_avx2_6(p, p, tmp);
+        }
         else
 #endif
             sp_384_map_6(p, p, tmp);
@@ -51800,10 +51865,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51844,7 +51907,8 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
         t5 = t1 + 8 * 6;
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             /* t2 = y ^ 0x2 */
             sp_384_mont_sqr_avx2_6(t2, y, p384_mod, p384_mp_mod);
             /* t1 = y ^ 0x3 */
@@ -51961,8 +52025,7 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -52004,7 +52067,8 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     if (err == MP_OKAY) {
         /* y = x^3 */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_sqr_avx2_6(y, x, p384_mod, p384_mp_mod);
             sp_384_mont_mul_avx2_6(y, y, x, p384_mod, p384_mp_mod);
         }
@@ -52037,8 +52101,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -52586,7 +52649,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -52595,7 +52658,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -53020,8 +53083,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
         sp_521_mont_sub_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -53038,7 +53101,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -53212,8 +53275,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -53230,7 +53293,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -53444,7 +53507,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -53620,10 +53683,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -53786,7 +53847,7 @@ static void sp_521_map_avx2_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_avx2_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -53795,7 +53856,7 @@ static void sp_521_map_avx2_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_avx2_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -54170,8 +54231,8 @@ static void sp_521_proj_point_add_avx2_9(sp_point_521* r,
         sp_521_mont_sub_avx2_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -54188,7 +54249,7 @@ static void sp_521_proj_point_add_avx2_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -54362,8 +54423,8 @@ static int sp_521_proj_point_add_avx2_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -54380,7 +54441,7 @@ static int sp_521_proj_point_add_avx2_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -54685,10 +54746,8 @@ static int sp_521_ecc_mulmod_win_add_sub_avx2_9(sp_point_521* r, const sp_point_
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -54761,8 +54820,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
         sp_521_mont_sub_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -54779,7 +54838,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -54890,8 +54949,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -55020,10 +55078,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -55256,8 +55312,8 @@ static void sp_521_proj_point_add_qz1_avx2_9(sp_point_521* r,
         sp_521_mont_sub_avx2_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -55274,7 +55330,7 @@ static void sp_521_proj_point_add_qz1_avx2_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -55385,8 +55441,7 @@ static int sp_521_gen_stripe_table_avx2_9(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -55501,10 +55556,8 @@ static int sp_521_ecc_mulmod_stripe_avx2_9(sp_point_521* r, const sp_point_521*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -55625,8 +55678,10 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_521_point_from_ecc_point_9(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(point, point, k, map, 1, heap);
@@ -55636,10 +55691,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -55707,24 +55760,30 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(point, point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(point, point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_add_avx2_9(point, point, addP, tmp);
+        }
         else
 #endif
             sp_521_proj_point_add_9(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_521_map_avx2_9(point, point, tmp);
+            }
             else
 #endif
                 sp_521_map_9(point, point, tmp);
@@ -55734,10 +55793,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -56287,7 +56344,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<75; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -90264,8 +90321,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90398,8 +90454,7 @@ static int sp_521_ecc_mulmod_add_only_avx2_9(sp_point_521* r, const sp_point_521
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90464,8 +90519,10 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_521_from_mp(k, 9, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_base_9(point, k, map, 1, heap);
@@ -90475,10 +90532,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90544,24 +90599,30 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_base_9(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_add_avx2_9(point, point, addP, tmp);
+        }
         else
 #endif
             sp_521_proj_point_add_9(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_521_map_avx2_9(point, point, tmp);
+            }
             else
 #endif
                 sp_521_map_9(point, point, tmp);
@@ -90571,10 +90632,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90635,6 +90694,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -90652,6 +90712,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -90712,8 +90777,10 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(point, k, 1, 1, NULL);
+       }
         else
 #endif
             err = sp_521_ecc_mulmod_base_9(point, k, 1, 1, NULL);
@@ -90722,7 +90789,8 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(infinity, point, p521_order, 1, 1,
                                                                           NULL);
         }
@@ -90745,12 +90813,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90920,8 +90985,10 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
         sp_521_from_mp(k, 9, priv);
         sp_521_point_from_ecc_point_9(point, pub);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(point, point, k, 1, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(point, point, k, 1, 1, heap);
@@ -90932,10 +90999,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -91075,8 +91140,8 @@ static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -91581,8 +91646,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
     /* Conv k to Montgomery form (mod order) */
 #ifdef HAVE_INTEL_AVX2
-     if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_521_mul_avx2_9(k, k, p521_norm_order);
+    }
     else
 #endif
         sp_521_mul_9(k, k, p521_norm_order);
@@ -91592,8 +91659,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* kInv = 1/k mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_inv_order_avx2_9(kInv, k, tmp);
+        }
         else
 #endif
             sp_521_mont_inv_order_9(kInv, k, tmp);
@@ -91601,8 +91670,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = r * x + e */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mul_avx2_9(x, x, r);
+        }
         else
 #endif
             sp_521_mul_9(x, x, r);
@@ -91620,8 +91691,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = s * k^-1 mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_mul_order_avx2_9(s, s, kInv);
+        }
         else
 #endif
             sp_521_mont_mul_order_9(s, s, kInv);
@@ -91709,8 +91782,10 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
         }
         if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_521_ecc_mulmod_base_avx2_9(point, k, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_521_ecc_mulmod_base_9(point, k, 1, 1, heap);
@@ -92069,7 +92144,8 @@ static void sp_521_add_points_9(sp_point_521* p1, const sp_point_521* p2,
 #endif
 
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_521_proj_point_add_avx2_9(p1, p1, p2, tmp);
     }
     else
@@ -92078,7 +92154,8 @@ static void sp_521_add_points_9(sp_point_521* p1, const sp_point_521* p2,
     if (sp_521_iszero_9(p1->z)) {
         if (sp_521_iszero_9(p1->x) && sp_521_iszero_9(p1->y)) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_521_proj_point_dbl_avx2_9(p1, p2, tmp);
             }
             else
@@ -92125,7 +92202,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
 #endif /* !WOLFSSL_SP_SMALL */
     {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mul_avx2_9(s, s, p521_norm_order);
         }
         else
@@ -92139,7 +92217,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
         sp_521_norm_9(s);
 #ifdef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_inv_order_avx2_9(s, s, tmp);
             sp_521_mont_mul_order_avx2_9(u1, u1, s);
             sp_521_mont_mul_order_avx2_9(u2, u2, s);
@@ -92153,7 +92232,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
         }
 #else
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_mul_order_avx2_9(u1, u1, s);
             sp_521_mont_mul_order_avx2_9(u2, u2, s);
         }
@@ -92165,7 +92245,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
         }
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(p1, u1, 0, 0, heap);
         }
         else
@@ -92179,8 +92260,10 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(p2, p2, u2, 0, 0, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(p2, p2, u2, 0, 0, heap);
@@ -92286,14 +92369,18 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     if (err == MP_OKAY) {
         /* u1 = r.z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_sqr_avx2_9(p1->z, p1->z, p521_mod, p521_mp_mod);
+        }
         else
 #endif
             sp_521_mont_sqr_9(p1->z, p1->z, p521_mod, p521_mp_mod);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_mul_avx2_9(u1, u2, p1->z, p521_mod, p521_mp_mod);
+        }
         else
 #endif
             sp_521_mont_mul_9(u1, u2, p1->z, p521_mod, p521_mp_mod);
@@ -92316,7 +92403,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
             if (err == MP_OKAY) {
                 /* u1 = (r + 1*order).z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     sp_521_mont_mul_avx2_9(u1, u2, p1->z, p521_mod,
                         p521_mp_mod);
                 }
@@ -92331,10 +92419,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92544,8 +92630,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92584,8 +92669,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92675,8 +92759,10 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(p, pub, p521_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(p, pub, p521_order, 1, 1, heap);
@@ -92691,8 +92777,10 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_521_ecc_mulmod_base_avx2_9(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_521_ecc_mulmod_base_9(p, priv, 1, 1, heap);
@@ -92706,10 +92794,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92778,8 +92864,10 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_521_iszero_9(q->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_add_avx2_9(p, p, q, tmp);
+        }
         else
 #endif
             sp_521_proj_point_add_9(p, p, q, tmp);
@@ -92796,10 +92884,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92854,8 +92940,10 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_521_iszero_9(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_dbl_avx2_9(p, p, tmp);
+        }
         else
 #endif
             sp_521_proj_point_dbl_9(p, p, tmp);
@@ -92872,10 +92960,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92926,8 +93012,10 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
                       sp_521_iszero_9(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_map_avx2_9(p, p, tmp);
+        }
         else
 #endif
             sp_521_map_9(p, p, tmp);
@@ -92944,10 +93032,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92987,7 +93073,8 @@ static int sp_521_mont_sqrt_9(sp_digit* y)
     if (err == MP_OKAY) {
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             int i;
 
             XMEMCPY(t, y, sizeof(sp_digit) * 9);
@@ -93014,8 +93101,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -93057,7 +93143,8 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     if (err == MP_OKAY) {
         /* y = x^3 */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_sqr_avx2_9(y, x, p521_mod, p521_mp_mod);
             sp_521_mont_mul_avx2_9(y, y, x, p521_mod, p521_mp_mod);
         }
@@ -93090,8 +93177,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -93297,8 +93383,8 @@ static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -93380,7 +93466,7 @@ static WC_INLINE int sp_1024_div_16(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_1024_cond_sub_16(&t1[16], &t1[16], d, (sp_digit)0 - r1);
     for (i = 15; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[16 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[16 + i] == div);
         sp_digit hi = t1[16 + i] + mask;
         r1 = div_1024_word_16(hi, t1[16 + i - 1], div);
         r1 |= mask;
@@ -93499,16 +93585,16 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -93846,7 +93932,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_16(r->x, p1024_mod);
-    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->x);
 
     /* y /= z^3 */
@@ -93855,7 +93941,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_16(r->y, p1024_mod);
-    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -94283,8 +94369,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -94301,7 +94387,7 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -94475,8 +94561,8 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -94493,7 +94579,7 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -94715,7 +94801,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (uint8_t)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -94881,10 +94967,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94995,7 +95079,7 @@ static void sp_1024_map_avx2_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_avx2_16(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_16(r->x, p1024_mod);
-    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->x);
 
     /* y /= z^3 */
@@ -95004,7 +95088,7 @@ static void sp_1024_map_avx2_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_avx2_16(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_16(r->y, p1024_mod);
-    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -95403,8 +95487,8 @@ static void sp_1024_proj_point_add_avx2_16(sp_point_1024* r,
         sp_1024_mont_sub_avx2_16(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -95421,7 +95505,7 @@ static void sp_1024_proj_point_add_avx2_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -95595,8 +95679,8 @@ static int sp_1024_proj_point_add_avx2_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -95613,7 +95697,7 @@ static int sp_1024_proj_point_add_avx2_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -95922,10 +96006,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_avx2_16(sp_point_1024* r, const sp_poi
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -95998,8 +96080,8 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -96016,7 +96098,7 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -96127,8 +96209,7 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -96227,10 +96308,8 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -96462,8 +96541,8 @@ static void sp_1024_proj_point_add_qz1_avx2_16(sp_point_1024* r,
         sp_1024_mont_sub_avx2_16(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -96480,7 +96559,7 @@ static void sp_1024_proj_point_add_qz1_avx2_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -96591,8 +96670,7 @@ static int sp_1024_gen_stripe_table_avx2_16(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -96691,10 +96769,8 @@ static int sp_1024_ecc_mulmod_stripe_avx2_16(sp_point_1024* r, const sp_point_10
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -96814,8 +96890,10 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_1024_point_from_ecc_point_16(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_avx2_16(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_16(point, point, k, map, 1, heap);
@@ -96825,10 +96903,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -100247,8 +100323,10 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_1024_from_mp(k, 16, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_base_avx2_16(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_base_16(point, k, map, 1, heap);
@@ -100258,10 +100336,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -100327,24 +100403,30 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_base_avx2_16(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_base_16(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_1024_proj_point_add_avx2_16(point, point, addP, tmp);
+        }
         else
 #endif
             sp_1024_proj_point_add_16(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_1024_map_avx2_16(point, point, tmp);
+            }
             else
 #endif
                 sp_1024_map_16(point, point, tmp);
@@ -100354,10 +100436,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -100394,7 +100474,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -100418,9 +100498,11 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     if (err == MP_OKAY) {
         sp_1024_point_from_ecc_point_16(point, gm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_gen_stripe_table_avx2_16(point,
                 (sp_table_entry_1024*)table, t, heap);
+        }
         else
 #endif
             err = sp_1024_gen_stripe_table_16(point,
@@ -100431,10 +100513,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -100460,7 +100540,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -100519,9 +100599,11 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
 
 #ifndef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_stripe_avx2_16(point, point,
                 (const sp_table_entry_1024*)table, k, map, 0, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_stripe_16(point, point,
@@ -100536,10 +100618,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -100686,9 +100766,7 @@ static int sp_ModExp_Fp_star_x64_1024(const mp_int* base, mp_int* exp, mp_int* r
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -102328,9 +102406,7 @@ static int sp_ModExp_Fp_star_x64_1024(const mp_int* base, mp_int* exp, mp_int* r
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -102478,9 +102554,7 @@ static int sp_ModExp_Fp_star_avx2_1024(const mp_int* base, mp_int* exp, mp_int*
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -102577,9 +102651,7 @@ static int sp_ModExp_Fp_star_avx2_1024(const mp_int* base, mp_int* exp, mp_int*
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -102978,9 +103050,7 @@ static int sp_Pairing_x64_1024(const ecc_point* pm, const ecc_point* qm, mp_int*
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -103405,9 +103475,7 @@ static int sp_Pairing_x64_1024(const ecc_point* pm, const ecc_point* qm, mp_int*
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -103779,9 +103847,7 @@ static int sp_Pairing_avx2_1024(const ecc_point* pm, const ecc_point* qm, mp_int
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -104179,9 +104245,7 @@ static int sp_Pairing_avx2_1024(const ecc_point* pm, const ecc_point* qm, mp_int
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -104247,7 +104311,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -104476,7 +104540,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -104583,9 +104647,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(neg, 1, NULL);
     sp_1024_point_free_16(c, 1, NULL);
@@ -104778,9 +104840,7 @@ static int sp_Pairing_precomp_x64_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -104811,7 +104871,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -105013,7 +105073,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -105120,9 +105180,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(neg, 1, NULL);
     sp_1024_point_free_16(c, 1, NULL);
@@ -105315,9 +105373,7 @@ static int sp_Pairing_precomp_avx2_1024(const ecc_point* pm, const ecc_point* qm
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -105477,7 +105533,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_16(t1, p1024_mod);
-        sp_1024_cond_sub_16(t1, t1, p1024_mod, ~(n >> 63));
+        sp_1024_cond_sub_16(t1, t1, p1024_mod, (sp_digit)~(n >> 63));
         sp_1024_norm_16(t1);
         if (!sp_1024_iszero_16(t1)) {
             err = MP_VAL;
@@ -105485,8 +105541,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -105525,8 +105580,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -105616,8 +105670,10 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_avx2_16(p, pub, p1024_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_16(p, pub, p1024_order, 1, 1, heap);
@@ -105632,8 +105688,10 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_1024_ecc_mulmod_base_avx2_16(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_1024_ecc_mulmod_base_16(p, priv, 1, 1, heap);
@@ -105647,10 +105705,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sphincs.c b/wolfcrypt/src/sphincs.c
index 05ba27feeb..5fc054d882 100644
--- a/wolfcrypt/src/sphincs.c
+++ b/wolfcrypt/src/sphincs.c
@@ -1,6 +1,6 @@
 /* sphincs.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index b914f5811b..b06f62a808 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -1,6 +1,6 @@
 /* srp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -656,7 +656,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
     byte digest[SRP_MAX_DIGEST_SIZE];
     word32 i, j, digestSz = SrpHashSize(srp->type);
     byte counter[4];
-    int r = BAD_FUNC_ARG;
+    int r = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
 
@@ -903,10 +903,8 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (hash)
-        XFREE(hash, srp->heap, DYNAMIC_TYPE_SRP);
-    if (digest)
-        XFREE(digest, srp->heap, DYNAMIC_TYPE_SRP);
+    XFREE(hash, srp->heap, DYNAMIC_TYPE_SRP);
+    XFREE(digest, srp->heap, DYNAMIC_TYPE_SRP);
     if (u) {
         if (r != WC_NO_ERR_TRACE(MP_INIT_E))
             mp_clear(u);
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 07cd1fedc1..50952f9591 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -1,6 +1,6 @@
 /* tfm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -321,7 +321,7 @@ int fp_mul(fp_int *A, fp_int *B, fp_int *C)
                 goto clean; /* success */
                 break;
 
-            case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+            case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
             case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
             case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
                 /* fall back to software, below */
@@ -2430,7 +2430,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   fp_int  *res;
   fp_digit buf, mp;
   int      err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   fp_int  *M;
 #else
   fp_int   M[(1 << 6) + 1];
@@ -2455,7 +2455,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
      return err;
   }
 
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   /* only allocate space for what's needed for window plus res */
   M = (fp_int*)XMALLOC(sizeof(fp_int)*((1 << winsize) + 1), NULL,
                                                            DYNAMIC_TYPE_BIGINT);
@@ -2482,7 +2482,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   /* now we need R mod m */
   err = fp_montgomery_calc_normalization (res, P);
   if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
@@ -2493,7 +2493,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
      /* G > P so we reduce it first */
      err = fp_mod(G, P, &M[1]);
      if (err != FP_OKAY) {
-     #ifndef WOLFSSL_NO_MALLOC
+     #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
      #endif
         return err;
@@ -2503,7 +2503,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   }
   err = fp_mulmod (&M[1], res, P, &M[1]);
   if (err != FP_OKAY) {
-  #ifndef WOLFSSL_NO_MALLOC
+  #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
      XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
   #endif
      return err;
@@ -2516,14 +2516,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
     err = fp_sqr (&M[(word32)(1 << (winsize - 1))],
                   &M[(word32)(1 << (winsize - 1))]);
     if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
       XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
       return err;
     }
     err = fp_montgomery_reduce_ex(&M[(word32)(1 << (winsize - 1))], P, mp, 0);
     if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
       XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
       return err;
@@ -2534,14 +2534,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) {
     err = fp_mul(&M[x - 1], &M[1], &M[x]);
     if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
       XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
       return err;
     }
     err = fp_montgomery_reduce_ex(&M[x], P, mp, 0);
     if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
       XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
       return err;
@@ -2585,14 +2585,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
     if (mode == 1 && y == 0) {
       err = fp_sqr(res, res);
       if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
       }
       err = fp_montgomery_reduce_ex(res, P, mp, 0);
       if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
@@ -2610,14 +2610,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
       for (x = 0; x < winsize; x++) {
         err = fp_sqr(res, res);
         if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
           XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
           return err;
         }
         err = fp_montgomery_reduce_ex(res, P, mp, 0);
         if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
           XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
           return err;
@@ -2627,14 +2627,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
       /* then multiply */
       err = fp_mul(res, &M[bitbuf], res);
       if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
       }
       err = fp_montgomery_reduce_ex(res, P, mp, 0);
       if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
@@ -2653,14 +2653,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
     for (x = 0; x < bitcpy; x++) {
       err = fp_sqr(res, res);
       if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
       }
       err = fp_montgomery_reduce_ex(res, P, mp, 0);
       if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
@@ -2672,14 +2672,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
         /* then multiply */
         err = fp_mul(res, &M[1], res);
         if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
           XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
           return err;
         }
         err = fp_montgomery_reduce_ex(res, P, mp, 0);
         if (err != FP_OKAY) {
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
           XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
           return err;
@@ -2699,7 +2699,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   /* swap res with Y */
   fp_copy (res, Y);
 
-#ifndef WOLFSSL_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
   return err;
@@ -3125,9 +3125,9 @@ int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
             return retHW;
             break;
 
-         case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+         case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
          case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
-         case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
+         case WC_NO_ERR_TRACE(MP_HW_VALIDATION_ACTIVE): /* use SW to compare to HW */
             /* use software calc */
             break;
 
@@ -3227,7 +3227,7 @@ int fp_exptmod_ex(fp_int * G, fp_int * X, int digits, fp_int * P, fp_int * Y)
          return retHW;
          break;
 
-      case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+      case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
       case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
       case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
          /* use software calc */
@@ -3328,7 +3328,7 @@ int fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
          return retHW;
          break;
 
-      case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+      case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
       case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
       case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
          /* use software calc */
@@ -3440,7 +3440,7 @@ int fp_sqr(fp_int *A, fp_int *B)
                 goto clean; /* success */
                 break;
 
-            case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+            case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
             case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
             case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
                 /* fall back to software, below */
@@ -4698,7 +4698,7 @@ int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
          /* successfully computed in HW */
          break;
 
-      case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+      case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
       case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
       case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
          /* use software calc */
@@ -5685,9 +5685,9 @@ int mp_rand_prime(mp_int* a, int len, WC_RNG* rng, void* heap)
 
     err = fp_randprime(a, len, rng, heap);
     switch(err) {
-        case FP_VAL:
+        case WC_NO_ERR_TRACE(MP_VAL):
             return MP_VAL;
-        case FP_MEM:
+        case WC_NO_ERR_TRACE(MP_MEM):
             return MP_MEM;
         default:
             break;
diff --git a/wolfcrypt/src/wc_dsp.c b/wolfcrypt/src/wc_dsp.c
index c31c62b15c..c6c76c28c1 100644
--- a/wolfcrypt/src/wc_dsp.c
+++ b/wolfcrypt/src/wc_dsp.c
@@ -1,6 +1,6 @@
 /* wc_dsp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c
index 3b6d87ddac..9393a6974c 100644
--- a/wolfcrypt/src/wc_encrypt.c
+++ b/wolfcrypt/src/wc_encrypt.c
@@ -1,6 +1,6 @@
 /* wc_encrypt.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/wc_kyber.c b/wolfcrypt/src/wc_kyber.c
index ffa37d84c1..8e56bcc0e0 100644
--- a/wolfcrypt/src/wc_kyber.c
+++ b/wolfcrypt/src/wc_kyber.c
@@ -47,9 +47,9 @@
 /******************************************************************************/
 
 /* Use SHA3-256 to generate 32-bytes of hash. */
-#define KYBER_HASH_H            wc_Sha3_256Hash
+#define KYBER_HASH_H            kyber_hash256
 /* Use SHA3-512 to generate 64-bytes of hash. */
-#define KYBER_HASH_G            wc_Sha3_512Hash
+#define KYBER_HASH_G            kyber_hash512
 /* Use SHAKE-256 as a key derivation function (KDF). */
 #ifdef USE_INTEL_SPEEDUP
 #define KYBER_KDF               kyber_kdf
@@ -123,6 +123,10 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
         key->devId = devId;
     #endif
 
+        /* Initialize the hash algorithm object. */
+        ret = kyber_hash_new(&key->hash, heap, devId);
+    }
+    if (ret == 0) {
         /* Initialize the PRF algorithm object. */
         ret = kyber_prf_new(&key->prf, heap, devId);
     }
@@ -145,6 +149,8 @@ void wc_KyberKey_Free(KyberKey* key)
     if (key != NULL) {
         /* Dispose of PRF object. */
         kyber_prf_free(&key->prf);
+        /* Dispose of hash object. */
+        kyber_hash_free(&key->hash);
         /* Ensure all private data is zeroed. */
         ForceZero(key, sizeof(*key));
     }
@@ -254,18 +260,28 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
         }
     }
     if (ret == 0) {
+        const byte* d = rand;
+
         /* Error vector allocated at end of a. */
         e = a + (kp * kp * KYBER_N);
 
-        /* Expand 16 bytes of random to 32. */
-        ret = KYBER_HASH_G(rand, KYBER_SYM_SZ, buf);
+#ifdef WOLFSSL_KYBER_ORIGINAL
+        /* Expand 32 bytes of random to 32. */
+        ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf);
+#else
+        buf[0] = kp;
+        /* Expand 33 bytes of random to 32. */
+        ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf);
+#endif
     }
     if (ret == 0) {
+        const byte* z = rand + KYBER_SYM_SZ;
+
         /* Cache the public seed for use in encapsulation and encoding public
          * key. */
         XMEMCPY(key->pubSeed, pubSeed, KYBER_SYM_SZ);
         /* Cache the z value for decapsulation and encoding private key. */
-        XMEMCPY(key->z, rand + KYBER_SYM_SZ, sizeof(key->z));
+        XMEMCPY(key->z, z, sizeof(key->z));
 
         /* Generate the matrix A. */
         ret = kyber_gen_matrix(&key->prf, a, kp, pubSeed, 0);
@@ -286,7 +302,9 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
     }
 
     /* Free dynamic memory allocated in function. */
-    XFREE(a, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (key != NULL) {
+        XFREE(a, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
 
     return ret;
 }
@@ -375,11 +393,7 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins,
     sword16* epp = NULL;
     unsigned int kp = 0;
     unsigned int compVecSz = 0;
-#ifndef USE_INTEL_SPEEDUP
     sword16* at = NULL;
-#else
-    sword16 at[((KYBER_MAX_K + 3) * KYBER_MAX_K + 3) * KYBER_N];
-#endif
 
     /* Establish parameters based on key type. */
     switch (key->type) {
@@ -407,7 +421,6 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins,
         break;
     }
 
-#ifndef USE_INTEL_SPEEDUP
     if (ret == 0) {
         /* Allocate dynamic memory for all matrices, vectors and polynomials. */
         at = (sword16*)XMALLOC(((kp + 3) * kp + 3) * KYBER_N * sizeof(sword16),
@@ -416,7 +429,6 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins,
             ret = MEMORY_E;
         }
     }
-#endif
 
     if (ret == 0) {
         /* Assign allocated dynamic memory to pointers.
@@ -470,10 +482,8 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins,
     #endif
     }
 
-#ifndef USE_INTEL_SPEEDUP
     /* Dispose of dynamic memory allocated in function. */
     XFREE(at, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
 
     return ret;
 }
@@ -530,10 +540,12 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
 int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
     unsigned char* ss, const unsigned char* rand, int len)
 {
-    byte msg[2 * KYBER_SYM_SZ];
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    byte msg[KYBER_SYM_SZ];
+#endif
     byte kr[2 * KYBER_SYM_SZ + 1];
     int ret = 0;
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
     unsigned int ctSz = 0;
 #endif
 
@@ -545,7 +557,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
         ret = BUFFER_E;
     }
 
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
     if (ret == 0) {
         /* Establish parameters based on key type. */
         switch (key->type) {
@@ -599,31 +611,32 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
         ret = BAD_STATE_E;
     }
 
+#ifdef WOLFSSL_KYBER_ORIGINAL
     if (ret == 0) {
-#ifndef WOLFSSL_ML_KEM
         /* Hash random to anonymize as seed data. */
-        ret = KYBER_HASH_H(rand, KYBER_SYM_SZ, msg);
-#else
-        XMEMCPY(msg, rand, KYBER_SYM_SZ);
-#endif
+        ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg);
     }
+#endif
     if (ret == 0) {
-        /* Copy the hash of the public key into msg. */
-        XMEMCPY(msg + KYBER_SYM_SZ, key->h, KYBER_SYM_SZ);
-
         /* Hash message into seed buffer. */
-        ret = KYBER_HASH_G(msg, 2 * KYBER_SYM_SZ, kr);
+#ifdef WOLFSSL_KYBER_ORIGINAL
+        ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ,
+            kr);
+#else
+        ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ,
+            kr);
+#endif
     }
 
     if (ret == 0) {
         /* Encapsulate the message using the key and the seed (coins). */
-        ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct);
+        ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct);
     }
 
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
     if (ret == 0) {
         /* Hash the cipher text after the seed. */
-        ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ);
+        ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ);
     }
     if (ret == 0) {
         /* Derive the secret from the seed and hash of cipher text. */
@@ -739,7 +752,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key,
     return ret;
 }
 
-#ifdef WOLFSSL_ML_KEM
+#ifndef WOLFSSL_KYBER_ORIGINAL
 /* Derive the secret from z and cipher text.
  *
  * @param [in]  z     Implicit rejection value.
@@ -790,7 +803,7 @@ static int kyber_derive_secret(const byte* z, const byte* ct, word32 ctSz,
 int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
     const unsigned char* ct, word32 len)
 {
-    byte msg[2 * KYBER_SYM_SZ];
+    byte msg[KYBER_SYM_SZ];
     byte kr[2 * KYBER_SYM_SZ + 1];
     int ret = 0;
     unsigned int ctSz = 0;
@@ -852,10 +865,9 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
         ret = kyberkey_decapsulate(key, msg, ct);
     }
     if (ret == 0) {
-        /* Copy public hash over after the seed. */
-        XMEMCPY(msg + KYBER_SYM_SZ, key->h, KYBER_SYM_SZ);
         /* Hash message into seed buffer. */
-        ret = KYBER_HASH_G(msg, 2 * KYBER_SYM_SZ, kr);
+        ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ,
+            kr);
     }
     if (ret == 0) {
         /* Encapsulate the message. */
@@ -865,9 +877,9 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
         /* Compare generated cipher text with that passed in. */
         fail = kyber_cmp(ct, cmp, ctSz);
 
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
         /* Hash the cipher text after the seed. */
-        ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ);
+        ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ);
     }
     if (ret == 0) {
         /* Change seed to z on comparison failure. */
@@ -890,7 +902,9 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
 
 #ifndef USE_INTEL_SPEEDUP
     /* Dispose of dynamic memory allocated in function. */
-    XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (key != NULL) {
+        XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
 #endif
 
     return ret;
@@ -1052,7 +1066,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in,
             key->pubSeed[i] = p[i];
         }
         /* Calculate public hash. */
-        ret = KYBER_HASH_H(in, len, key->h);
+        ret = KYBER_HASH_H(&key->hash, in, len, key->h);
     }
     if (ret == 0) {
         /* Record public key and public hash set. */
@@ -1230,7 +1244,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
     }
     /* Ensure hash of public key is available. */
     if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
-        ret = KYBER_HASH_H(p - pubLen, pubLen, key->h);
+        ret = KYBER_HASH_H(&key->hash, p - pubLen, pubLen, key->h);
     }
     if (ret == 0) {
         /* Public hash is available. */
@@ -1317,7 +1331,7 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
 
         /* Make sure public hash is set. */
         if ((key->flags & KYBER_FLAG_H_SET) == 0) {
-            ret = KYBER_HASH_H(out, len, key->h);
+            ret = KYBER_HASH_H(&key->hash, out, len, key->h);
         }
     }
     if (ret == 0) {
diff --git a/wolfcrypt/src/wc_kyber_asm.S b/wolfcrypt/src/wc_kyber_asm.S
index 9dff0f7bd1..59eb8333b9 100644
--- a/wolfcrypt/src/wc_kyber_asm.S
+++ b/wolfcrypt/src/wc_kyber_asm.S
@@ -1581,7 +1581,7 @@ _kyber_keygen_avx2:
 #endif /* __APPLE__ */
         vmovdqu	kyber_q(%rip), %ymm14
         vmovdqu	kyber_v(%rip), %ymm15
-        movq	%r8, %r9
+        movslq	%r8d, %r9
         movq	%rdi, %r10
 L_kyber_keygen_avx2_priv:
         # ntt
@@ -2242,11 +2242,11 @@ L_kyber_keygen_avx2_priv:
         subq	$0x01, %r9
         jg	L_kyber_keygen_avx2_priv
         vmovdqu	kyber_qinv(%rip), %ymm13
-        movq	%r8, %rax
+        movslq	%r8d, %rax
         movq	%rsi, %r10
 L_kyber_keygen_avx2_acc:
         # Pointwise acc mont
-        movq	%r8, %r9
+        movslq	%r8d, %r9
         # Base mul mont
         leaq	L_kyber_avx2_zetas_basemul(%rip), %r11
         vmovdqu	(%rcx), %ymm2
@@ -3417,16 +3417,16 @@ L_pointwise_acc_mont_end_keygen:
         vmovdqu	%ymm1, 480(%r10)
         addq	$0x200, %rcx
         addq	$0x200, %rdi
-        movq	%r8, %r9
+        movslq	%r8d, %r9
         shl	$9, %r9d
         subq	%r9, %rdi
         addq	$0x200, %r10
         subq	$0x01, %rax
         jg	L_kyber_keygen_avx2_acc
-        movq	%r8, %rax
+        movslq	%r8d, %rax
         vmovdqu	kyber_f(%rip), %ymm12
         vmovdqu	kyber_f_qinv(%rip), %ymm13
-        movq	%r8, %rax
+        movslq	%r8d, %rax
         movq	%rsi, %r10
 L_kyber_keygen_avx2_to_mont:
         # To Mont
@@ -3529,7 +3529,7 @@ L_kyber_keygen_avx2_to_mont:
         addq	$0x200, %r10
         subq	$0x01, %rax
         jg	L_kyber_keygen_avx2_to_mont
-        movq	%r8, %rax
+        movslq	%r8d, %rax
 L_kyber_keygen_avx2_to_mont_ntt_err:
         # ntt
         leaq	L_kyber_avx2_zetas(%rip), %r11
@@ -4281,7 +4281,7 @@ _kyber_encapsulate_avx2:
         subq	$48, %rsp
         vmovdqu	kyber_q(%rip), %ymm14
         vmovdqu	kyber_v(%rip), %ymm15
-        movq	%r11, %r13
+        movslq	%r11d, %r13
         movq	%r8, %r14
 L_kyber_encapsulate_avx2_trans:
         # ntt
@@ -4877,11 +4877,11 @@ L_kyber_encapsulate_avx2_trans:
         addq	$0x200, %r14
         subq	$0x01, %r13
         jg	L_kyber_encapsulate_avx2_trans
-        movq	%r11, %r12
+        movslq	%r11d, %r12
 L_kyber_encapsulate_avx2_calc:
         vmovdqu	kyber_qinv(%rip), %ymm12
         # Pointwise acc mont
-        movq	%r11, %r13
+        movslq	%r11d, %r13
         # Base mul mont
         leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
         vmovdqu	(%rcx), %ymm2
@@ -6052,7 +6052,7 @@ L_pointwise_acc_mont_end_encap_bp:
         vmovdqu	%ymm1, 480(%rsi)
         addq	$0x200, %rcx
         addq	$0x200, %r8
-        movq	%r11, %r13
+        movslq	%r11d, %r13
         shl	$9, %r13d
         subq	%r13, %r8
         # invntt
@@ -6911,7 +6911,7 @@ L_pointwise_acc_mont_end_encap_bp:
         jg	L_kyber_encapsulate_avx2_calc
         vmovdqu	kyber_qinv(%rip), %ymm12
         # Pointwise acc mont
-        movq	%r11, %r13
+        movslq	%r11d, %r13
         # Base mul mont
         leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
         vmovdqu	(%rdi), %ymm2
@@ -8082,7 +8082,7 @@ L_pointwise_acc_mont_end_encap_v:
         vmovdqu	%ymm1, 480(%rdx)
         addq	$0x200, %rdi
         addq	$0x200, %r8
-        movq	%r11, %r13
+        movslq	%r11d, %r13
         shl	$9, %r13d
         subq	%r13, %r8
         # invntt
@@ -9024,7 +9024,7 @@ _kyber_decapsulate_avx2:
 #endif /* __APPLE__ */
         vmovdqu	kyber_q(%rip), %ymm14
         vmovdqu	kyber_v(%rip), %ymm15
-        movq	%r8, %rax
+        movslq	%r8d, %rax
         movq	%rdx, %r9
 L_kyber_decapsulate_avx2_trans:
         # ntt
@@ -9686,7 +9686,7 @@ L_kyber_decapsulate_avx2_trans:
         jg	L_kyber_decapsulate_avx2_trans
         vmovdqu	kyber_qinv(%rip), %ymm12
         # Pointwise acc mont
-        movq	%r8, %rax
+        movslq	%r8d, %rax
         # Base mul mont
         leaq	L_kyber_avx2_zetas_basemul(%rip), %r10
         vmovdqu	(%rdi), %ymm2
@@ -10857,7 +10857,7 @@ L_pointwise_acc_mont_end_decap:
         vmovdqu	%ymm1, 480(%rsi)
         addq	$0x200, %rdi
         addq	$0x200, %rdx
-        movq	%r8, %rax
+        movslq	%r8d, %rax
         shl	$9, %eax
         subq	%rax, %rdx
         # invntt
diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c
index aed437c29f..cf8a5b03e5 100644
--- a/wolfcrypt/src/wc_kyber_poly.c
+++ b/wolfcrypt/src/wc_kyber_poly.c
@@ -57,6 +57,10 @@
  *   some platforms and is smaller in code size.
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <wolfssl/wolfcrypt/wc_kyber.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -1607,6 +1611,55 @@ static int kyber_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks)
     return wc_Shake128_SqueezeBlocks(shake128, out, blocks);
 }
 
+/* New/Initialize SHA-3 object.
+ *
+ * @param  [in, out]  hash    SHA-3 object.
+ * @param  [in]       heap    Dynamic memory allocator hint.
+ * @param  [in]       devId   Device id.
+ * @return  0 on success always.
+ */
+int kyber_hash_new(wc_Sha3* hash, void* heap, int devId)
+{
+    return wc_InitSha3_256(hash, heap, devId);
+}
+
+/* Free SHA-3 object.
+ *
+ * @param  [in, out]  hash  SHA-3 object.
+ */
+void kyber_hash_free(wc_Sha3* hash)
+{
+    wc_Sha3_256_Free(hash);
+}
+
+int kyber_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out)
+{
+    int ret;
+
+    ret = wc_Sha3_256_Update(hash, data, dataLen);
+    if (ret == 0) {
+        ret = wc_Sha3_256_Final(hash, out);
+    }
+
+    return ret;
+}
+
+int kyber_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len,
+    const byte* data2, word32 data2Len, byte* out)
+{
+    int ret;
+
+    ret = wc_Sha3_512_Update(hash, data1, data1Len);
+    if ((ret == 0) && (data2Len > 0)) {
+        ret = wc_Sha3_512_Update(hash, data2, data2Len);
+    }
+    if (ret == 0) {
+        ret = wc_Sha3_512_Final(hash, out);
+    }
+
+    return ret;
+}
+
 /* Initialize SHAKE-256 object.
  *
  * @param  [in, out]  shake256  SHAKE-256 object.
diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c
index 0ef0b59a24..cbe9d1f7b2 100644
--- a/wolfcrypt/src/wc_lms.c
+++ b/wolfcrypt/src/wc_lms.c
@@ -629,7 +629,7 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
         const LmsParams* params = key->params;
 
         /* Allocate memory for the private key data. */
-        key->priv_data = XMALLOC(LMS_PRIV_DATA_LEN(params->levels,
+        key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels,
             params->height, params->p, params->rootLevels, params->cacheBits),
             key->heap, DYNAMIC_TYPE_LMS);
         /* Check pointer is valid. */
@@ -728,7 +728,7 @@ int wc_LmsKey_Reload(LmsKey* key)
         const LmsParams* params = key->params;
 
         /* Allocate memory for the private key data. */
-        key->priv_data = XMALLOC(LMS_PRIV_DATA_LEN(params->levels,
+        key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels,
             params->height, params->p, params->rootLevels, params->cacheBits),
             key->heap, DYNAMIC_TYPE_LMS);
         /* Check pointer is valid. */
diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c
index 3f48420b4a..86037d4646 100644
--- a/wolfcrypt/src/wc_lms_impl.c
+++ b/wolfcrypt/src/wc_lms_impl.c
@@ -37,6 +37,10 @@
  *   Enable when memory is limited.
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <wolfssl/wolfcrypt/wc_lms.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c
index 8de82c18a3..4a3b28adb1 100644
--- a/wolfcrypt/src/wc_pkcs11.c
+++ b/wolfcrypt/src/wc_pkcs11.c
@@ -1,6 +1,6 @@
 /* wc_pkcs11.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -552,16 +552,14 @@ static int Pkcs11Slot_FindByTokenName(Pkcs11Dev* dev,
             PKCS11_RV("C_GetTokenInfo", rv);
             if (rv == CKR_OK &&
                 XMEMCMP(tinfo.label, tokenName, tokenNameSz) == 0) {
-                ret =  slot[index];
+                ret =  (int)slot[index];
                 break;
             }
         }
     }
 
 out:
-    if (slot != NULL) {
-        XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -629,9 +627,7 @@ static int Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
         token->userPinLogin = 0;
     }
 
-    if (slot != NULL) {
-        XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -661,7 +657,7 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
         tokenNameSz = XSTRLEN(tokenName);
     }
     ret = Pkcs11Token_Init(token, dev, slotId, tokenName, tokenNameSz);
-    if (ret == 0) {
+    if (ret == 0 && userPin != NULL) {
         token->userPin = (CK_UTF8CHAR_PTR)userPin;
         token->userPinSz = (CK_ULONG)userPinSz;
         token->userPinLogin = 1;
@@ -712,7 +708,7 @@ int wc_Pkcs11Token_InitName(Pkcs11Token* token, Pkcs11Dev* dev,
     const unsigned char* userPin, int userPinSz)
 {
     int ret = Pkcs11Token_Init(token, dev, -1, tokenName, (size_t)tokenNameSz);
-    if (ret == 0) {
+    if (ret == 0 && userPin != NULL) {
         token->userPin = (CK_UTF8CHAR_PTR)userPin;
         token->userPinSz = (CK_ULONG)userPinSz;
         token->userPinLogin = 1;
@@ -1154,8 +1150,7 @@ static int Pkcs11CreateEccPublicKey(CK_OBJECT_HANDLE* publicKey,
         }
     }
 
-    if (ecPoint != NULL)
-        XFREE(ecPoint, public_key->heap, DYNAMIC_TYPE_ECC);
+    XFREE(ecPoint, public_key->heap, DYNAMIC_TYPE_ECC);
 
     return ret;
 }
@@ -1418,7 +1413,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
     #ifdef HAVE_ECC
             case PKCS11_KEY_TYPE_EC: {
                 ecc_key* eccKey = (ecc_key*)key;
-                int      ret2 = NOT_COMPILED_IN;
+                int      ret2 = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
         #ifndef NO_PKCS11_ECDH
                 if ((eccKey->flags & WC_ECC_FLAG_DEC_SIGN) == 0) {
@@ -1732,10 +1727,8 @@ static int Pkcs11GetRsaPublicKey(RsaKey* key, Pkcs11Session* session,
     if (ret == 0)
         ret = wc_RsaPublicKeyDecodeRaw(mod, modSz, exp, expSz, key);
 
-    if (exp != NULL)
-        XFREE(exp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (mod != NULL)
-        XFREE(mod, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(exp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(mod, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -1816,6 +1809,84 @@ static int Pkcs11RsaPrivateKey(Pkcs11Session* session, RsaKey* rsaKey,
     return ret;
 }
 
+/**
+ * Get the hash length associated with the WolfCrypt hash type.
+ *
+ * @param  [in]   hType   Hash Type.
+ * @return  -1 if hash type not recognized.
+ * @return  hash length on success.
+ */
+int wc_hash2sz(int hType)
+{
+    switch(hType) {
+    case WC_HASH_TYPE_SHA:
+        return 20;
+    case WC_HASH_TYPE_SHA224:
+        return 24;
+    case WC_HASH_TYPE_SHA256:
+        return 32;
+    case WC_HASH_TYPE_SHA384:
+        return 48;
+    case WC_HASH_TYPE_SHA512:
+        return 64;
+    default:
+        /* unsupported WC_HASH_TYPE_XXXX */
+        return -1;
+    }
+}
+
+/**
+ * Get PKCS11 hash mechanism associated with the WolfCrypt hash type.
+ *
+ * @param  [in]   hType   Hash Type.
+ * @return  0 if hash type not recognized.
+ * @return  PKCS11 mechanism on success.
+ */
+CK_MECHANISM_TYPE wc_hash2ckm(int hType)
+{
+    switch(hType) {
+    case WC_HASH_TYPE_SHA:
+        return CKM_SHA_1;
+    case WC_HASH_TYPE_SHA224:
+        return CKM_SHA224;
+    case WC_HASH_TYPE_SHA256:
+        return CKM_SHA256;
+    case WC_HASH_TYPE_SHA384:
+        return CKM_SHA384;
+    case WC_HASH_TYPE_SHA512:
+        return CKM_SHA512;
+    default:
+        /* unsupported WC_HASH_TYPE_XXXX */
+        return 0UL;
+    }
+}
+
+/**
+ * Get PKCS11 MGF hash mechanism associated with the WolfCrypt MGF hash type.
+ *
+ * @param  [in]   mgf   MGF Type.
+ * @return  0 if MGF type not recognized.
+ * @return  PKCS11 MGF hash mechanism on success.
+ */
+CK_MECHANISM_TYPE wc_mgf2ckm(int mgf)
+{
+    switch(mgf) {
+    case WC_MGF1SHA1:
+        return CKG_MGF1_SHA1;
+    case WC_MGF1SHA224:
+        return CKG_MGF1_SHA224;
+    case WC_MGF1SHA256:
+        return CKG_MGF1_SHA256;
+    case WC_MGF1SHA384:
+        return CKG_MGF1_SHA384;
+    case WC_MGF1SHA512:
+        return CKG_MGF1_SHA512;
+    default:
+        /* unsupported WC_MGF1XXXX */
+        return 0x0UL;
+    }
+}
+
 /**
  * Exponentiate the input with the public part of the RSA key.
  * Used in public encrypt and decrypt.
@@ -1829,9 +1900,13 @@ static int Pkcs11RsaEncrypt(Pkcs11Session* session, wc_CryptoInfo* info,
                             CK_OBJECT_HANDLE key)
 {
     int              ret = 0;
+    CK_MECHANISM_TYPE mechanism = 0x0UL;
     CK_RV            rv;
     CK_MECHANISM     mech;
     CK_ULONG         outLen;
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    CK_RSA_PKCS_OAEP_PARAMS oaepParams;
+#endif
 
     WOLFSSL_MSG("PKCS#11: RSA Public Key Operation");
 
@@ -1839,12 +1914,37 @@ static int Pkcs11RsaEncrypt(Pkcs11Session* session, wc_CryptoInfo* info,
         ret = BAD_FUNC_ARG;
     }
 
+    switch(info->pk.type) {
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_OAEP:
+        mechanism = CKM_RSA_PKCS_OAEP;
+        break;
+#endif
+    case WC_PK_TYPE_RSA:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     if (ret == 0) {
         /* Raw RSA encrypt/decrypt operation. */
-        mech.mechanism      = CKM_RSA_X_509;
+        mech.mechanism      = mechanism;
         mech.ulParameterLen = 0;
         mech.pParameter     = NULL;
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+        if (mechanism == CKM_RSA_PKCS_OAEP) {
+            XMEMSET(&oaepParams, 0, sizeof(oaepParams));
+            mech.ulParameterLen = sizeof(CK_RSA_PKCS_OAEP_PARAMS);
+            mech.pParameter = &oaepParams;
+            oaepParams.source = CKZ_DATA_SPECIFIED;
+            oaepParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash);
+            oaepParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf);
+        }
+#endif
+
         rv = session->func->C_EncryptInit(session->handle, &mech, key);
         PKCS11_RV("C_EncryptInit", rv);
         if (rv != CKR_OK) {
@@ -1882,9 +1982,13 @@ static int Pkcs11RsaDecrypt(Pkcs11Session* session, wc_CryptoInfo* info,
                             CK_OBJECT_HANDLE key)
 {
     int              ret = 0;
+    CK_MECHANISM_TYPE mechanism = 0x0UL;
     CK_RV            rv;
     CK_MECHANISM     mech;
     CK_ULONG         outLen;
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    CK_RSA_PKCS_OAEP_PARAMS oaepParams;
+#endif
 
     WOLFSSL_MSG("PKCS#11: RSA Private Key Operation");
 
@@ -1892,12 +1996,37 @@ static int Pkcs11RsaDecrypt(Pkcs11Session* session, wc_CryptoInfo* info,
         ret = BAD_FUNC_ARG;
     }
 
+    switch(info->pk.type) {
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_OAEP:
+        mechanism = CKM_RSA_PKCS_OAEP;
+        break;
+#endif
+    case WC_PK_TYPE_RSA:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     if (ret == 0) {
         /* Raw RSA encrypt/decrypt operation. */
-        mech.mechanism      = CKM_RSA_X_509;
+        mech.mechanism      = mechanism;
         mech.ulParameterLen = 0;
         mech.pParameter     = NULL;
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+        if (mechanism == CKM_RSA_PKCS_OAEP) {
+            XMEMSET(&oaepParams, 0, sizeof(oaepParams));
+            mech.ulParameterLen = sizeof(CK_RSA_PKCS_OAEP_PARAMS);
+            mech.pParameter = &oaepParams;
+            oaepParams.source = CKZ_DATA_SPECIFIED;
+            oaepParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash);
+            oaepParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf);
+        }
+#endif
+
         rv = session->func->C_DecryptInit(session->handle, &mech, key);
         PKCS11_RV("C_DecryptInit", rv);
         if (rv != CKR_OK) {
@@ -1940,6 +2069,12 @@ static int Pkcs11RsaSign(Pkcs11Session* session, wc_CryptoInfo* info,
     CK_RV            rv;
     CK_MECHANISM     mech;
     CK_ULONG         outLen;
+    CK_MECHANISM_TYPE      mechanism;
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    CK_RSA_PKCS_PSS_PARAMS pssParams;
+    int hLen;
+    int saltLen;
+#endif
 
     WOLFSSL_MSG("PKCS#11: RSA Private Key Operation");
 
@@ -1947,12 +2082,67 @@ static int Pkcs11RsaSign(Pkcs11Session* session, wc_CryptoInfo* info,
         ret = BAD_FUNC_ARG;
     }
 
+    switch(info->pk.type) {
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_PSS:
+        mechanism = CKM_RSA_PKCS_PSS;
+        break;
+#endif /* WOLF_CRYPTO_CB_RSA_PAD */
+    default:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     if (ret == 0) {
         /* Raw RSA encrypt/decrypt operation. */
-        mech.mechanism      = CKM_RSA_X_509;
+        mech.mechanism      = mechanism;
         mech.ulParameterLen = 0;
         mech.pParameter     = NULL;
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+        if (mechanism == CKM_RSA_PKCS_PSS) {
+            mech.ulParameterLen = sizeof(CK_RSA_PKCS_PSS_PARAMS);
+            mech.pParameter = &pssParams;
+            pssParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash);
+            pssParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf);
+
+            saltLen = info->pk.rsa.padding->saltLen;
+            hLen = wc_hash2sz(info->pk.rsa.padding->hash);
+
+            /* Same salt length code as rsa.c */
+            if (saltLen == RSA_PSS_SALT_LEN_DEFAULT)
+                saltLen = hLen;
+#ifndef WOLFSSL_PSS_LONG_SALT
+            else if (saltLen > hLen) {
+                return PSS_SALTLEN_E;
+            }
+#endif
+#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
+            else if (saltLen < RSA_PSS_SALT_LEN_DEFAULT) {
+                return PSS_SALTLEN_E;
+            }
+#else
+            else if (saltLen == RSA_PSS_SALT_LEN_DISCOVER) {
+                saltLen = *(info->pk.rsa.outLen) - hLen - 2;
+                if (saltLen < 0) {
+                    return PSS_SALTLEN_E;
+                }
+            }
+            else if (saltLen < RSA_PSS_SALT_LEN_DISCOVER) {
+                return PSS_SALTLEN_E;
+            }
+#endif
+            if (*(info->pk.rsa.outLen) - hLen < (word32)(saltLen + 2)) {
+                return PSS_SALTLEN_E;
+            }
+
+            pssParams.sLen = saltLen;
+        }
+#endif /* WOLF_CRYPTO_CB_RSA_PAD */
+
         rv = session->func->C_SignInit(session->handle, &mech, key);
         PKCS11_RV("C_SignInit", rv);
         if (rv != CKR_OK) {
@@ -1991,13 +2181,31 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
     int               ret = 0;
     CK_RV             rv;
     CK_MECHANISM_INFO mechInfo;
+    CK_MECHANISM_TYPE mechanism = 0x0UL;
     int               sessionKey = 0;
     CK_OBJECT_HANDLE  key;
     RsaKey*           rsaKey = info->pk.rsa.key;
     int               type = info->pk.rsa.type;
 
+    switch(info->pk.type) {
+#ifndef NO_PKCS11_RSA_PKCS
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_PSS:
+        mechanism = CKM_RSA_PKCS_PSS;
+        break;
+    case WC_PK_TYPE_RSA_OAEP:
+        mechanism = CKM_RSA_PKCS_OAEP;
+        break;
+#endif /* NO_PKCS11_RSA_PKCS */
+    case WC_PK_TYPE_RSA:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     /* Check operation is supported. */
-    rv = session->func->C_GetMechanismInfo(session->slotId, CKM_RSA_X_509,
+    rv = session->func->C_GetMechanismInfo(session->slotId, mechanism,
                                                                      &mechInfo);
     PKCS11_RV("C_GetMechanismInfo", rv);
     if (rv != CKR_OK) {
@@ -2030,7 +2238,7 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
         }
         else if (type == RSA_PUBLIC_DECRYPT) {
             WOLFSSL_MSG("PKCS#11: Public Decrypt");
-            if ((mechInfo.flags & CKF_DECRYPT) != 0) {
+            if ((mechInfo.flags & CKF_ENCRYPT) != 0) {
                 ret = Pkcs11RsaEncrypt(session, info, key);
             }
             else {
@@ -2238,8 +2446,7 @@ static int Pkcs11FindEccKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
         }
     }
 
-    if (ecPoint != NULL)
-        XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC);
+    XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC);
 
     return ret;
 }
@@ -2322,8 +2529,7 @@ static int Pkcs11GetEccPublicKey(ecc_key* key, Pkcs11Session* session,
         key->type = ECC_PUBLICKEY;
     }
 
-    if (point != NULL)
-        XFREE(point, key->heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, key->heap, DYNAMIC_TYPE_ECC);
 
     return ret;
 }
@@ -3008,9 +3214,7 @@ static int wc_Pkcs11CheckPrivKey_Rsa(RsaKey* priv,
         wc_FreeRsaKey(pub);
     }
     #ifdef WOLFSSL_SMALL_STACK
-        if (pub != NULL) {
-            XFREE(pub, NULL, DYNAMIC_TYPE_RSA);
-        }
+        XFREE(pub, NULL, DYNAMIC_TYPE_RSA);
     #endif
 
     return ret;
@@ -3155,9 +3359,7 @@ static int wc_Pkcs11CheckPrivKey_Ecc(ecc_key* priv,
         wc_ecc_free(pub);
     }
     #ifdef WOLFSSL_SMALL_STACK
-        if (pub != NULL) {
-            XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
-        }
+        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
     #endif
 
     return ret;
@@ -3796,6 +3998,11 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
             switch (info->pk.type) {
     #ifndef NO_RSA
                 case WC_PK_TYPE_RSA:
+        #ifdef WOLF_CRYPTO_CB_RSA_PAD
+                case WC_PK_TYPE_RSA_PKCS:
+                case WC_PK_TYPE_RSA_PSS:
+                case WC_PK_TYPE_RSA_OAEP:
+        #endif
                     ret = Pkcs11OpenSession(token, &session, readWrite);
                     if (ret == 0) {
                         ret = Pkcs11Rsa(&session, info);
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index 4a435ad6bf..772231ba0d 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -1,6 +1,6 @@
 /* port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,10 @@
     #include <config.h>
 #endif
 
+#ifdef __APPLE__
+    #include <AvailabilityMacros.h>
+#endif
+
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -40,6 +44,13 @@
     #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+#endif
+
 #ifdef WOLFSSL_PSOC6_CRYPTO
     #include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
 #endif
@@ -247,6 +258,22 @@ int wolfCrypt_Init(void)
         }
     #endif
 
+    /* Crypto Callbacks only works on AES for MAX32666/5 HW */
+    #if defined(MAX3266X_AES) && defined(WOLF_CRYPTO_CB)
+        ret = wc_CryptoCb_RegisterDevice(WOLFSSL_MAX3266X_DEVID, wc_MxcCryptoCb,
+                                            NULL);
+        if(ret != 0) {
+            return ret;
+        }
+    #endif
+    #if defined(MAX3266X_RTC)
+        ret = wc_MXC_RTC_Init();
+        if (ret != 0) {
+            WOLFSSL_MSG("MXC RTC Init Failed");
+            return WC_HW_E;
+        }
+    #endif
+
     #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
         defined(WOLFSSL_ATECC608A)
         ret = atmel_init();
@@ -1177,6 +1204,23 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n)
 }
 #endif /* USE_WOLF_STRNCASECMP */
 
+#ifdef USE_WOLF_STRDUP
+char* wc_strdup_ex(const char *src, int memType) {
+    char *ret = NULL;
+    word32 len = 0;
+
+    if (src) {
+        len = (word32)XSTRLEN(src) + 1; /* Add one for null terminator */
+        ret = (char*)XMALLOC(len, NULL, memType);
+        if (ret != NULL) {
+            XMEMCPY(ret, src, len);
+        }
+    }
+
+    return ret;
+}
+#endif
+
 #ifdef WOLFSSL_ATOMIC_OPS
 
 #ifdef HAVE_C___ATOMIC
@@ -1329,6 +1373,196 @@ int wolfSSL_CryptHwMutexUnLock(void)
 #endif /* WOLFSSL_CRYPT_HW_MUTEX */
 
 
+#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX)
+/* Mutex for protection of cryptography hardware */
+#ifndef NO_RNG_MUTEX
+static wolfSSL_Mutex wcCryptHwRngMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwRngMutex);
+#endif /* NO_RNG_MUTEX */
+#ifndef NO_AES_MUTEX
+static wolfSSL_Mutex wcCryptHwAesMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwAesMutex);
+#endif /* NO_AES_MUTEX */
+#ifndef NO_HASH_MUTEX
+static wolfSSL_Mutex wcCryptHwHashMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwHashMutex);
+#endif /* NO_HASH_MUTEX */
+#ifndef NO_PK_MUTEX
+static wolfSSL_Mutex wcCryptHwPkMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwPkMutex);
+#endif /* NO_PK_MUTEX */
+
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+#ifndef NO_RNG_MUTEX
+static int wcCryptHwRngMutexInit = 0;
+#endif /* NO_RNG_MUTEX */
+#ifndef NO_AES_MUTEX
+static int wcCryptHwAesMutexInit = 0;
+#endif /* NO_AES_MUTEX */
+#ifndef NO_HASH_MUTEX
+static int wcCryptHwHashMutexInit = 0;
+#endif /* NO_HASH_MUTEX */
+#ifndef NO_PK_MUTEX
+static int wcCryptHwPkMutexInit = 0;
+#endif /* NO_PK_MUTEX */
+#endif /* WOLFSSL_MUTEX_INITIALIZER */
+
+
+/* Allows ability to switch to different mutex based on enum type */
+/* hw_mutex_algo, expects the dereferenced Ptrs to be set to NULL */
+static int hwAlgoPtrSet(hw_mutex_algo hwAlgo, wolfSSL_Mutex** wcHwAlgoMutexPtr,
+                                int** wcHwAlgoInitPtr)
+{
+    if (*wcHwAlgoMutexPtr != NULL || *wcHwAlgoInitPtr != NULL) {
+        return BAD_FUNC_ARG;
+    }
+    switch (hwAlgo) {
+        #ifndef NO_RNG_MUTEX
+        case rng_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwRngMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwRngMutexInit;
+            break;
+        #endif
+        #ifndef NO_AES_MUTEX
+        case aes_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwAesMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwAesMutexInit;
+            break;
+        #endif
+        #ifndef NO_HASH_MUTEX
+        case hash_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwHashMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwHashMutexInit;
+            break;
+        #endif
+        #ifndef NO_PK_MUTEX
+        case pk_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwPkMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwPkMutexInit;
+            break;
+        #endif
+        default:
+            return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+
+static int hwAlgoMutexInit(hw_mutex_algo hwAlgo)
+{
+    int ret = 0;
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr);
+    if (ret != 0) {
+        return ret;
+    }
+    if (*wcHwAlgoInitPtr == 0) {
+        ret = wc_InitMutex(wcHwAlgoMutexPtr);
+        if (ret == 0) {
+            *wcHwAlgoInitPtr = 1;
+        }
+    }
+#endif
+    return ret;
+}
+
+static int hwAlgoMutexLock(hw_mutex_algo hwAlgo)
+{
+    /* Make sure HW Mutex has been initialized */
+    int ret = 0;
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr);
+    if (ret != 0) {
+        return ret;
+    }
+    ret = hwAlgoMutexInit(hwAlgo);
+    if (ret == 0) {
+        ret = wc_LockMutex(wcHwAlgoMutexPtr);
+    }
+    return ret;
+}
+
+static int hwAlgoMutexUnLock(hw_mutex_algo hwAlgo)
+{
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    if (hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr) != 0) {
+        return BAD_FUNC_ARG;
+    }
+    if (*wcHwAlgoInitPtr) {
+        return wc_UnLockMutex(wcHwAlgoMutexPtr);
+    }
+    else {
+        return BAD_MUTEX_E;
+    }
+}
+
+/* Wrap around generic hwAlgo* functions and use correct */
+/* global mutex to determine if it can be unlocked/locked */
+#ifndef NO_RNG_MUTEX
+int wolfSSL_HwRngMutexInit(void)
+{
+    return hwAlgoMutexInit(rng_mutex);
+}
+int wolfSSL_HwRngMutexLock(void)
+{
+    return hwAlgoMutexLock(rng_mutex);
+}
+int wolfSSL_HwRngMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(rng_mutex);
+}
+#endif /* NO_RNG_MUTEX */
+
+#ifndef NO_AES_MUTEX
+int wolfSSL_HwAesMutexInit(void)
+{
+    return hwAlgoMutexInit(aes_mutex);
+}
+int wolfSSL_HwAesMutexLock(void)
+{
+    return hwAlgoMutexLock(aes_mutex);
+}
+int wolfSSL_HwAesMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(aes_mutex);
+}
+#endif /* NO_AES_MUTEX */
+
+#ifndef NO_HASH_MUTEX
+int wolfSSL_HwHashMutexInit(void)
+{
+    return hwAlgoMutexInit(hash_mutex);
+}
+int wolfSSL_HwHashMutexLock(void)
+{
+    return hwAlgoMutexLock(hash_mutex);
+}
+int wolfSSL_HwHashMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(hash_mutex);
+}
+#endif /* NO_HASH_MUTEX */
+
+#ifndef NO_PK_MUTEX
+int wolfSSL_HwPkMutexInit(void)
+{
+    return hwAlgoMutexInit(pk_mutex);
+}
+int wolfSSL_HwPkMutexLock(void)
+{
+    return hwAlgoMutexLock(pk_mutex);
+}
+int wolfSSL_HwPkMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(pk_mutex);
+}
+#endif /* NO_PK_MUTEX */
+
+#endif /* WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
 /* ---------------------------------------------------------------------------*/
 /* Mutex Ports */
 /* ---------------------------------------------------------------------------*/
@@ -3128,6 +3362,9 @@ time_t mqx_time(time_t* timer)
 
 #endif /* FREESCALE_MQX || FREESCALE_KSDK_MQX */
 
+#if defined(MAX3266X_RTC)
+    #define XTIME wc_MXC_RTC_Time
+#endif
 
 #if defined(WOLFSSL_TIRTOS) && defined(USER_TIME)
 
@@ -3376,6 +3613,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 }
 #endif
 
+
 /* custom memory wrappers */
 #ifdef WOLFSSL_NUCLEUS_1_2
 
@@ -3797,20 +4035,25 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
     }
 
 #ifdef WOLFSSL_COND
-    #ifndef __MACH__
-    /* Generic POSIX conditional */
+    #if defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 \
+        && !defined(__ppc__)
+    /* Apple style dispatch semaphore */
     int wolfSSL_CondInit(COND_TYPE* cond)
     {
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        if (pthread_mutex_init(&cond->mutex, NULL) != 0)
+        /* dispatch_release() fails hard, with Trace/BPT trap signal, if the
+         * sem's internal count is less than the value passed in with
+         * dispatch_semaphore_create().  work around this by initing
+         * with 0, then incrementing it afterwards.
+         */
+        cond->cond = dispatch_semaphore_create(0);
+        if (cond->cond == NULL)
             return MEMORY_E;
 
-        if (pthread_cond_init(&cond->cond, NULL) != 0) {
-            /* Keep compilers happy that we are using the return code */
-            if (pthread_mutex_destroy(&cond->mutex) != 0)
-                return MEMORY_E;
+        if (wc_InitMutex(&cond->mutex) != 0) {
+            dispatch_release(cond->cond);
             return MEMORY_E;
         }
 
@@ -3819,18 +4062,17 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 
     int wolfSSL_CondFree(COND_TYPE* cond)
     {
-        int ret = 0;
-
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        if (pthread_mutex_destroy(&cond->mutex) != 0)
-            ret = MEMORY_E;
+        dispatch_release(cond->cond);
+        cond->cond = NULL;
 
-        if (pthread_cond_destroy(&cond->cond) != 0)
-            ret = MEMORY_E;
+        if (wc_FreeMutex(&cond->mutex) != 0) {
+            return MEMORY_E;
+        }
 
-        return ret;
+        return 0;
     }
 
     int wolfSSL_CondStart(COND_TYPE* cond)
@@ -3838,7 +4080,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        if (pthread_mutex_lock(&cond->mutex) != 0)
+        if (wc_LockMutex(&cond->mutex) != 0)
             return BAD_MUTEX_E;
 
         return 0;
@@ -3849,8 +4091,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        if (pthread_cond_signal(&cond->cond) != 0)
-            return MEMORY_E;
+        if (wc_UnLockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+
+        dispatch_semaphore_signal(cond->cond);
+
+        if (wc_LockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
 
         return 0;
     }
@@ -3860,8 +4107,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0)
-            return MEMORY_E;
+        if (wc_UnLockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+
+        dispatch_semaphore_wait(cond->cond, DISPATCH_TIME_FOREVER);
+
+        if (wc_LockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
 
         return 0;
     }
@@ -3871,29 +4123,26 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        if (pthread_mutex_unlock(&cond->mutex) != 0)
+        if (wc_UnLockMutex(&cond->mutex) != 0)
             return BAD_MUTEX_E;
 
         return 0;
     }
-    #else /* __MACH__ */
-    /* Apple style dispatch semaphore */
+
+    #else /* Generic POSIX conditional */
+
     int wolfSSL_CondInit(COND_TYPE* cond)
     {
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        /* dispatch_release() fails hard, with Trace/BPT trap signal, if the
-         * sem's internal count is less than the value passed in with
-         * dispatch_semaphore_create().  work around this by initing
-         * with 0, then incrementing it afterwards.
-         */
-        cond->cond = dispatch_semaphore_create(0);
-        if (cond->cond == NULL)
+        if (pthread_mutex_init(&cond->mutex, NULL) != 0)
             return MEMORY_E;
 
-        if (wc_InitMutex(&cond->mutex) != 0) {
-            dispatch_release(cond->cond);
+        if (pthread_cond_init(&cond->cond, NULL) != 0) {
+            /* Keep compilers happy that we are using the return code */
+            if (pthread_mutex_destroy(&cond->mutex) != 0)
+                return MEMORY_E;
             return MEMORY_E;
         }
 
@@ -3902,17 +4151,18 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 
     int wolfSSL_CondFree(COND_TYPE* cond)
     {
+        int ret = 0;
+
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        dispatch_release(cond->cond);
-        cond->cond = NULL;
+        if (pthread_mutex_destroy(&cond->mutex) != 0)
+            ret = MEMORY_E;
 
-        if (wc_FreeMutex(&cond->mutex) != 0) {
-            return MEMORY_E;
-        }
+        if (pthread_cond_destroy(&cond->cond) != 0)
+            ret = MEMORY_E;
 
-        return 0;
+        return ret;
     }
 
     int wolfSSL_CondStart(COND_TYPE* cond)
@@ -3920,7 +4170,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        if (wc_LockMutex(&cond->mutex) != 0)
+        if (pthread_mutex_lock(&cond->mutex) != 0)
             return BAD_MUTEX_E;
 
         return 0;
@@ -3931,13 +4181,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        if (wc_UnLockMutex(&cond->mutex) != 0)
-            return BAD_MUTEX_E;
-
-        dispatch_semaphore_signal(cond->cond);
-
-        if (wc_LockMutex(&cond->mutex) != 0)
-            return BAD_MUTEX_E;
+        if (pthread_cond_signal(&cond->cond) != 0)
+            return MEMORY_E;
 
         return 0;
     }
@@ -3947,13 +4192,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        if (wc_UnLockMutex(&cond->mutex) != 0)
-            return BAD_MUTEX_E;
-
-        dispatch_semaphore_wait(cond->cond, DISPATCH_TIME_FOREVER);
-
-        if (wc_LockMutex(&cond->mutex) != 0)
-            return BAD_MUTEX_E;
+        if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0)
+            return MEMORY_E;
 
         return 0;
     }
@@ -3963,11 +4203,12 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         if (cond == NULL)
             return BAD_FUNC_ARG;
 
-        if (wc_UnLockMutex(&cond->mutex) != 0)
+        if (pthread_mutex_unlock(&cond->mutex) != 0)
             return BAD_MUTEX_E;
 
         return 0;
     }
+
     #endif /* __MACH__ */
 #endif /* WOLFSSL_COND */
 
diff --git a/wolfcrypt/src/wc_xmss.c b/wolfcrypt/src/wc_xmss.c
index 0e63722247..5c016dbac2 100644
--- a/wolfcrypt/src/wc_xmss.c
+++ b/wolfcrypt/src/wc_xmss.c
@@ -1,6 +1,6 @@
 /* wc_xmss.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/wc_xmss_impl.c b/wolfcrypt/src/wc_xmss_impl.c
index b45bc59ead..80ca9672e5 100644
--- a/wolfcrypt/src/wc_xmss_impl.c
+++ b/wolfcrypt/src/wc_xmss_impl.c
@@ -1,6 +1,6 @@
 /* wc_xmss_impl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/wolfevent.c b/wolfcrypt/src/wolfevent.c
index 4ed7b8f69d..bf155c1293 100644
--- a/wolfcrypt/src/wolfevent.c
+++ b/wolfcrypt/src/wolfevent.c
@@ -1,6 +1,6 @@
 /* wolfevent.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c
index df5f0f85ff..ce36b602cd 100644
--- a/wolfcrypt/src/wolfmath.c
+++ b/wolfcrypt/src/wolfmath.c
@@ -1,6 +1,6 @@
 /* wolfmath.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -149,10 +149,10 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b)
         for (; i < b->used; i++) {
             b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
         }
-        b->used ^= (a->used ^ b->used) & (unsigned int)mask;
+        b->used ^= (a->used ^ b->used) & (mp_size_t)mask;
 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
     defined(WOLFSSL_SP_INT_NEGATIVE)
-        b->sign ^= (a->sign ^ b->sign) & (unsigned int)mask;
+        b->sign ^= (mp_sign_t)(a->sign ^ b->sign) & (mp_sign_t)mask;
 #endif
     }
 
@@ -196,7 +196,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng)
         ret = BAD_FUNC_ARG;
     }
     if (ret == MP_OKAY) {
-        a->used = (word32)digits;
+        a->used = (mp_size_t)digits;
     }
 #endif
     /* fill the data with random bytes */
@@ -358,9 +358,7 @@ void wc_bigint_zero(WC_BIGINT* a)
 void wc_bigint_free(WC_BIGINT* a)
 {
     if (a) {
-        if (a->buf) {
-          XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT);
-        }
+        XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT);
         a->buf = NULL;
         a->len = 0;
     }
diff --git a/wolfcrypt/test/README.md b/wolfcrypt/test/README.md
index bcf877f9ac..1675566442 100644
--- a/wolfcrypt/test/README.md
+++ b/wolfcrypt/test/README.md
@@ -53,7 +53,7 @@ Test complete
 
 ## Windows Visual Studio
 
-For building wolfCrypt test project in Visual Studio open the `test.sln`. For newer Visual Studio version it may prompt for a one-way upgrade. Then you may have to right-click on the solution and choose `Retarget solution` to update the project files for your Visual Studio version. 
+For building wolfCrypt test project in Visual Studio open the `test.sln`. For newer Visual Studio version it may prompt for a one-way upgrade. Then you may have to right-click on the solution and choose `Retarget solution` to update the project files for your Visual Studio version.
 
 If you see an error about `rc.exe` then you'll need to update the "Target Platform Version". You can do this by right-clicking on the test project -> General -> "Target Platform Version" and changing to 8.1 (needs to match the wolfssl library project).
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index ab27178757..ca8094ea13 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -37,6 +37,10 @@
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+    #define WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS
+#endif
+
 #ifndef NO_CRYPT_TEST
 
 #include <wolfssl/version.h>
@@ -310,7 +314,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #ifdef WOLFSSL_WC_KYBER
     #include <wolfssl/wolfcrypt/wc_kyber.h>
 #endif
-#if defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
+#if defined(HAVE_LIBOQS)
     #include <wolfssl/wolfcrypt/ext_kyber.h>
 #endif
 #endif
@@ -386,6 +390,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     #ifdef HAVE_RENESAS_SYNC
         #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
     #endif
+    #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+        #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    #endif
 #endif
 
 #ifdef _MSC_VER
@@ -711,9 +718,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void);
 #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void);
 #endif
-#if defined(ASN_BER_TO_DER) && \
-    (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
-     defined(OPENSSL_EXTRA_X509_SMALL))
+#ifdef ASN_BER_TO_DER
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void);
 #endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void);
@@ -737,7 +742,7 @@ void printOutput(const char *strName, unsigned char *data, unsigned int dataSz);
 WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID);
 #endif
 
-#ifdef WOLF_CRYPTO_CB
+#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void);
 #endif
 #ifdef WOLFSSL_CERT_PIV
@@ -808,10 +813,16 @@ static void render_error_message(const char* msg, wc_test_ret_t es)
 #ifdef NO_ERROR_STRINGS
         err_sys_printf("%s error L=%d code=%d\n", msg,
                        WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es));
+#elif defined(WOLFCRYPT_ONLY) || !defined(WOLFSSL_TYPES_DEFINED)
+        err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
+                       WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
+                       wc_GetErrorString(-WC_TEST_RET_DEC_I(es))
+            );
 #else
         err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
                        WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
-                       wc_GetErrorString(-WC_TEST_RET_DEC_I(es)));
+                       wolfSSL_ERR_reason_error_string(-WC_TEST_RET_DEC_I(es))
+            );
 #endif
         break;
     case WC_TEST_RET_TAG_ERRNO:
@@ -893,7 +904,7 @@ static void myFipsCb(int ok, int err, const char* hash)
     printf("message = %s\n", wc_GetErrorString(err));
     printf("hash = %s\n", hash);
 
-    if (err == IN_CORE_FIPS_E) {
+    if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
         printf("In core integrity hash check failure, copy above hash\n");
         printf("into verifyCore[] in fips_test.c and rebuild\n");
     }
@@ -938,7 +949,7 @@ static int wolfssl_pb_print(const char* msg, ...)
 /* Enable support for RNG with crypto callback */
 static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx)
 {
-    int rc = CRYPTOCB_UNAVAILABLE;
+    int rc = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     if (info->algo_type == WC_ALGO_TYPE_RNG) {
         rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz);
     }
@@ -1265,11 +1276,11 @@ static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
     /* negative tests */
     ret = wc_KDA_KDF_onestep(NULL, 0, (byte*)"fixed_info",
         sizeof("fixed_info"), 16, WC_HASH_TYPE_SHA256, output, 16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_NC;
     ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 1, 16,
         WC_HASH_TYPE_SHA256, output, 16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_NC;
 
     /* allow empty FixedInfo */
@@ -1767,10 +1778,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
+    PRIVATE_KEY_UNLOCK();
     if ( (ret = hpke_test()) != 0)
         TEST_FAIL("HPKE     test failed!\n", ret);
     else
         TEST_PASS("HPKE     test passed!\n");
+    PRIVATE_KEY_LOCK();
 #endif
 
 #if defined(WC_SRTP_KDF)
@@ -2321,7 +2334,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("blob     test passed!\n");
 #endif
 
-#if defined(WOLF_CRYPTO_CB) && \
+#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) && \
     !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
       defined(WOLFSSL_QNX_CAAM) || defined(HAVE_RENESAS_SYNC))
     if ( (ret = cryptocb_test()) != 0)
@@ -2559,7 +2572,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
             return WC_TEST_RET_ENC(calling_line, 2, WC_TEST_RET_TAG_I);
         }
     #ifndef WOLFSSL_NO_MALLOC
-        pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        pem = (byte*)XMALLOC((word32)pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         if (pem == NULL) {
             return WC_TEST_RET_ENC(calling_line, 3, WC_TEST_RET_TAG_I);
         }
@@ -2568,7 +2581,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
             return BAD_FUNC_ARG;
     #endif
         /* Convert to PEM */
-        pemSz = wc_DerToPem(der, (word32)derSz, pem, pemSz, pemType);
+        pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType);
         if (pemSz < 0) {
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I);
@@ -2613,8 +2626,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
      * The string is that error strings are not available.
      */
     WOLFSSL_ENTER("error_test NO_ERROR_STRINGS");
-    errStr = wc_GetErrorString(OPEN_RAN_E);
-    wc_ErrorString(OPEN_RAN_E, out);
+    errStr = wc_GetErrorString(WC_NO_ERR_TRACE(OPEN_RAN_E));
+    wc_ErrorString(WC_NO_ERR_TRACE(OPEN_RAN_E), out);
     if (XSTRCMP(errStr, unknownStr) != 0)
         return WC_TEST_RET_ENC_NC;
     if (XSTRCMP(out, unknownStr) != 0)
@@ -2623,40 +2636,53 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
     int i;
     int j = 0;
     /* Values that are not or no longer error codes. */
-    int missing[] = { -124, -166, -167, -168, -169,   0 };
+    static const struct {
+        int first;
+        int last;
+    } missing[] = {
+        { -124, -124 },
+        { -166, -169 }
+    };
 
     /* Check that all errors have a string and it's the same through the two
      * APIs. Check that the values that are not errors map to the unknown
      * string.
      */
-    for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
+    for (i = WC_FIRST_E; i >= WC_LAST_E; i--) {
+        int this_missing = 0;
+        for (j = 0; j < (int)XELEM_CNT(missing); ++j) {
+            if ((i <= missing[j].first) && (i >= missing[j].last)) {
+                this_missing = 1;
+                break;
+            }
+        }
         errStr = wc_GetErrorString(i);
         wc_ErrorString(i, out);
 
-        if (i != missing[j]) {
+        if (! this_missing) {
             if (XSTRCMP(errStr, unknownStr) == 0) {
                 WOLFSSL_MSG("errStr unknown");
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             }
             if (XSTRCMP(out, unknownStr) == 0) {
                 WOLFSSL_MSG("out unknown");
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             }
             if (XSTRCMP(errStr, out) != 0) {
                 WOLFSSL_MSG("errStr does not match output");
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             }
             if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) {
                 WOLFSSL_MSG("errStr too long");
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             }
         }
         else {
             j++;
             if (XSTRCMP(errStr, unknownStr) != 0)
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             if (XSTRCMP(out, unknownStr) != 0)
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
         }
     }
 
@@ -2724,25 +2750,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
     /* Bad parameters. */
     outLen = 1;
     ret = Base64_Decode(good, sizeof(good), out, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     outLen = sizeof(out);
     ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
-    if (ret != ASN_INPUT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
-    if (ret != ASN_INPUT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
         return WC_TEST_RET_ENC_EC(ret);
     /* Bad character at each offset 0-3. */
     for (i = 0; i < 4; i++) {
         outLen = sizeof(out);
         ret = Base64_Decode(badSmall + i, 4, out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
         ret = Base64_Decode(badLarge + i, 4, out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
     /* Invalid character less than 0x2b */
@@ -2750,7 +2776,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         outLen = sizeof(out);
         charTest[0] = (byte)i;
         ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
     /* Bad characters in range 0x2b - 0x7a. */
@@ -2758,7 +2784,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         outLen = sizeof(out);
         charTest[0] = badChar[i];
         ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
     /* Invalid character greater than 0x7a */
@@ -2766,7 +2792,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         outLen = sizeof(out);
         charTest[0] = (byte)i;
         ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -2779,7 +2805,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_Encode(data, dataLen, NULL, &outLen);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_Encode(data, dataLen, out, &outLen);
@@ -2787,11 +2813,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         return WC_TEST_RET_ENC_EC(ret);
     outLen = 7;
     ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
@@ -2886,9 +2912,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
 
 #ifndef NO_ASN_TIME
     /* Parameter Validation tests. */
-    if ((ret = wc_GetTime(NULL, sizeof(now))) != BAD_FUNC_ARG)
+    if ((ret = wc_GetTime(NULL, sizeof(now))) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
-    if ((ret = wc_GetTime(&now, 0)) != BUFFER_E)
+    if ((ret = wc_GetTime(&now, 0)) != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     now = 0;
@@ -3829,23 +3855,26 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
 #endif /* NO_LARGE_HASH_TEST */
 
 #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
-    unsigned char data_hb[WC_SHA256_BLOCK_SIZE] = {
-        0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18
-    };
+    {
+        WOLFSSL_SMALL_STACK_STATIC const unsigned char
+            data_hb[WC_SHA256_BLOCK_SIZE] = {
+            0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18
+        };
 
-    ret = wc_Sha256HashBlock(&sha, data_hb, hash);
-    if (ret != 0) {
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
-    }
-    if (XMEMCMP(hash, b.output, WC_SHA256_DIGEST_SIZE) != 0) {
-        ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+        ret = wc_Sha256HashBlock(&sha, data_hb, hash);
+        if (ret != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
+        }
+        if (XMEMCMP(hash, b.output, WC_SHA256_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+        }
     }
 #endif
 
@@ -5333,8 +5362,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void)
     wc_Shake128_Free(&sha);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (large_input != NULL)
-        XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -5672,8 +5700,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void)
     wc_Shake256_Free(&sha);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (large_input != NULL)
-        XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -5906,37 +5933,37 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
     /* Parameter Validation testing. */
     ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Try invalid hash algorithms. */
     for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
         ret = wc_HashInit(&hash, typesBad[i]);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_I(i);
         ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_I(i);
         ret = wc_HashFinal(&hash, typesBad[i], out);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_I(i);
         wc_HashFree(&hash, typesBad[i]);
     }
@@ -5968,7 +5995,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
         if (exp_ret == 0) {
             ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
                                                                   digestSz - 1);
-            if (ret != BUFFER_E)
+            if (ret != WC_NO_ERR_TRACE(BUFFER_E))
                 return WC_TEST_RET_ENC_I(i);
         }
         ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, (word32)digestSz);
@@ -5985,9 +6012,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
 #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
         ret = wc_HashGetOID(typesGood[i]);
-        if (ret == BAD_FUNC_ARG ||
-                (exp_ret == 0 && ret == HASH_TYPE_E) ||
-                (exp_ret != 0 && ret != HASH_TYPE_E)) {
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG) ||
+                (exp_ret == 0 && ret == WC_NO_ERR_TRACE(HASH_TYPE_E)) ||
+                (exp_ret != 0 && ret != WC_NO_ERR_TRACE(HASH_TYPE_E))) {
             return WC_TEST_RET_ENC_I(i);
         }
 
@@ -5999,17 +6026,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
     for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
         ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
-        if ((ret != BAD_FUNC_ARG) && (ret != BUFFER_E) && (ret != HASH_TYPE_E))
+        if ((ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) &&
+            (ret != WC_NO_ERR_TRACE(BUFFER_E)) &&
+            (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)))
+        {
             return WC_TEST_RET_ENC_I(i);
+        }
     }
 
 #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
     ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
 #ifdef WOLFSSL_MD2
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     hashType = wc_OidGetHash(646); /* Md2h */
@@ -6023,17 +6057,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
     ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
 #ifndef NO_MD5
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     hashType = wc_OidGetHash(0);
@@ -6043,68 +6080,89 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
 #ifdef WOLFSSL_MD2
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
 #ifdef WOLFSSL_MD2
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
 #ifndef NO_MD4
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
 #ifndef NO_MD4
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
 #if !defined(NO_MD5) && !defined(NO_SHA)
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
 #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
 #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if !defined(NO_CERTS) && !defined(NO_ASN)
@@ -6327,7 +6385,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
             (word32)XSTRLEN(keys[i]));
 #if FIPS_VERSION3_GE(6,0,0)
         if (i == 1) {
-            if (ret != HMAC_MIN_KEYLEN_E)
+            if (ret != WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E))
                 return WC_TEST_RET_ENC_EC(ret);
             /* Now use the ex and allow short keys with FIPS option */
             ret = wc_HmacSetKey_ex(&hmac, WC_SHA, (byte*) keys[i],
@@ -6575,9 +6633,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
     if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE)
         return WC_TEST_RET_ENC_EC(ret);
 #if FIPS_VERSION3_GE(6,0,0)
-    if ((ret = wc_HmacSizeByType(21)) != HMAC_KAT_FIPS_E)
+    if ((ret = wc_HmacSizeByType(21)) != WC_NO_ERR_TRACE(HMAC_KAT_FIPS_E))
 #else
-    if ((ret = wc_HmacSizeByType(21)) != BAD_FUNC_ARG)
+    if ((ret = wc_HmacSizeByType(21)) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
     {
         return WC_TEST_RET_ENC_EC(ret);
@@ -7784,10 +7842,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
             return WC_TEST_RET_ENC_EC(ret);
 
         if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
-            return WC_TEST_RET_ENC_NC;
+            return WC_TEST_RET_ENC_I(i);
 
         if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
-            return WC_TEST_RET_ENC_NC;
+            return WC_TEST_RET_ENC_I(i);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -7808,8 +7866,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
     byte     tag[16];
     Poly1305 enc;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {
         0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
         0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
         0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
@@ -7817,22 +7874,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0x75,0x70
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {
         0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
         0x6c,0x64,0x21
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg4[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
         0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
         0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
         0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
@@ -7850,14 +7904,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0x61,0x16
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg5[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg5[] = {
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg6[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg6[] = {
         0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
         0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
         0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
@@ -7879,54 +7931,57 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
         0x61,0x16
     };
+    WOLFSSL_SMALL_STACK_STATIC const byte msg7[] = {
+        0xe8,0x8c,0x85,0x03,0x43,0xaf,0xa7,0x85,
+        0x21,0x6b,0xc3,0x45,0xc4,0x53,0x98,0xf8,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+    };
 
-    byte additional[] =
-    {
+    byte additional[] = {
         0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
         0xc4,0xc5,0xc6,0xc7
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct0[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct0[] = {
         0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
         0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct1[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct1[] = {
         0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
         0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct2[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct2[] = {
         0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
         0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct3[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct3[] = {
         0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
         0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct4[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct4[] = {
         0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
         0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct5[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct5[] = {
         0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct6[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct6[] = {
         0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
         0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
     };
+    WOLFSSL_SMALL_STACK_STATIC const byte correct7[] = {
+        0x14,0x00,0x00,0x88,0x5c,0x00,0x00,0x88,
+        0x5c,0x00,0x00,0x88,0x5c,0x00,0x00,0x88
+    };
+
 
     WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
         0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
@@ -7956,17 +8011,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
     };
 
-    const byte* msgs[]  = {NULL, msg1, msg2, msg3, msg5, msg6};
+    WOLFSSL_SMALL_STACK_STATIC const byte key7[] = {
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+    };
+
+    const byte* msgs[]  = {NULL, msg1, msg2, msg3, msg5, msg6, msg7};
     word32      szm[]   = {0, sizeof(msg1), sizeof(msg2),
-                           sizeof(msg3), sizeof(msg5), sizeof(msg6)};
-    const byte* keys[]  = {key, key, key2, key2, key5, key};
+                           sizeof(msg3), sizeof(msg5), sizeof(msg6),
+                           sizeof(msg7)};
+    const byte* keys[]  = {key, key, key2, key2, key5, key, key7};
     const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
-                           correct6};
+                           correct6, correct7};
     int i;
     wc_test_ret_t ret = 0;
     WOLFSSL_ENTER("poly1305_test");
 
-    for (i = 0; i < 6; i++) {
+    for (i = 0; i < 7; i++) {
         ret = wc_Poly1305SetKey(&enc, keys[i], 32);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
@@ -8204,53 +8267,53 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     /* Encrypt */
     err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
             sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
             plaintext1, sizeof(plaintext1), generatedCiphertext,
             generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
             sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
             sizeof(plaintext1), NULL, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
             sizeof(plaintext1), generatedCiphertext, NULL);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
             sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     /* Decrypt */
     err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), NULL, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), authTag2, NULL);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
 
 
@@ -8322,39 +8385,39 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     /* AEAD init/update/final - bad argument tests */
     err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
         CHACHA20_POLY1305_AEAD_DECRYPT);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
         CHACHA20_POLY1305_AEAD_DECRYPT);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
         CHACHA20_POLY1305_AEAD_DECRYPT);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
         generatedPlaintext, sizeof(plaintext1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
         sizeof(plaintext1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
         sizeof(plaintext1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Final(&aead, NULL);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
 
     /* AEAD init/update/final - bad state tests */
@@ -8365,24 +8428,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     XMEMSET(&aead, 0, sizeof(aead));
     aead.state = CHACHA20_POLY1305_STATE_INIT;
     err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_DATA;
     err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_INIT;
     err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
         generatedPlaintext, sizeof(plaintext1));
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_INIT;
     err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_READY;
     err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
 
     XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
@@ -8568,6 +8631,31 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
         0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
     };
 
+    #ifdef WOLFSSL_DES_ECB
+
+    /* "Stay strong and move on!"" */
+    WOLFSSL_SMALL_STACK_STATIC const byte vector_ecb[] =
+    {
+        0x53,0x74,0x61,0x79,0x20,0x73,0x74,0x72,
+        0x6F,0x6E,0x67,0x20,0x61,0x6E,0x64,0x20,
+        0x6D,0x6F,0x76,0x65,0x20,0x6F,0x6E,0x21
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb[] =
+    {
+        0x70,0x4F,0x20,0xF6,0x72,0xB4,0xD0,0x2A,
+        0xB5,0xA9,0x94,0x9F,0x11,0xCF,0x87,0xED,
+        0x13,0x33,0x82,0xCB,0x8B,0xF1,0x82,0x56
+    };
+
+    /* "Lemmings" */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_ecb[] =
+    {
+        0x4C,0x65,0x6D,0x6D,0x69,0x6E,0x67,0x73
+    };
+
+    #endif /* WOLFSSL_DES_ECB */
+
     wc_test_ret_t ret;
     WOLFSSL_ENTER("des_test");
 
@@ -8597,6 +8685,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
+    /* Test basic ECB Process for DES*/
+#ifdef WOLFSSL_DES_ECB
+    ret = wc_Des_SetKey(&enc, key_ecb, iv, DES_ENCRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des_EcbEncrypt(&enc, cipher, vector_ecb, sizeof(vector));
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des_SetKey(&dec, key_ecb, iv, DES_DECRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des_EcbDecrypt(&dec, plain, cipher, sizeof(cipher));
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    if (XMEMCMP(plain, vector_ecb, sizeof(plain)))
+        return WC_TEST_RET_ENC_NC;
+
+    if (XMEMCMP(cipher, verify_ecb, sizeof(cipher)))
+        return WC_TEST_RET_ENC_NC;
+
+#endif /* WOLFSSL_DES_ECB */
+
 #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
     {
         EncryptedInfo info;
@@ -8614,7 +8728,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
         /* Test invalid info ptr */
         ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
                 sizeof(key), WC_HASH_TYPE_SHA);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_EC(ret);
 
     #ifndef NO_PWDBASED
@@ -8668,6 +8782,33 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
         0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
     };
 
+    #ifdef WOLFSSL_DES_ECB
+
+    /* Stay strong and move on! */
+    WOLFSSL_SMALL_STACK_STATIC const byte vector_ecb[] =
+    {
+        0x53,0x74,0x61,0x79,0x20,0x73,0x74,0x72,
+        0x6F,0x6E,0x67,0x20,0x61,0x6E,0x64,0x20,
+        0x6D,0x6F,0x76,0x65,0x20,0x6F,0x6E,0x21
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte verify3_ecb[] =
+    {
+        0x45,0x7E,0xFA,0xA1,0x05,0xDD,0x48,0x86,
+        0x4D,0xB2,0xAB,0xE4,0xF9,0x63,0xD6,0x54,
+        0x7C,0x5A,0xB3,0x67,0x32,0x25,0x67,0x3D
+    };
+
+    /* "Life is what you make it" */
+    WOLFSSL_SMALL_STACK_STATIC const byte key3_ecb[] =
+    {
+        0x4C,0x69,0x66,0x65,0x20,0x69,0x73,0x20,
+        0x77,0x68,0x61,0x74,0x20,0x79,0x6F,0x75,
+        0x20,0x6D,0x61,0x6B,0x65,0x20,0x69,0x74
+    };
+
+    #endif /* WOLFSSL_DES_ECB */
+
     wc_test_ret_t ret;
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
     size_t i;
@@ -8706,6 +8847,42 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
     if (XMEMCMP(cipher, verify3, sizeof(cipher)))
         return WC_TEST_RET_ENC_NC;
 
+/* Test basic ECB Process for DES3*/
+#ifdef WOLFSSL_DES_ECB
+    ret = wc_Des3Init(&enc, HEAP_HINT, devId);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3Init(&dec, HEAP_HINT, devId);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des3_SetKey(&enc, key3_ecb, NULL, DES_ENCRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3_SetKey(&dec, key3_ecb, NULL, DES_DECRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3_EcbEncrypt(&enc, cipher, vector_ecb, sizeof(vector_ecb));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3_EcbDecrypt(&dec, plain, cipher, sizeof(cipher));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    if (XMEMCMP(plain, vector_ecb, sizeof(plain)))
+        return WC_TEST_RET_ENC_NC;
+
+    if (XMEMCMP(cipher, verify3_ecb, sizeof(cipher)))
+        return WC_TEST_RET_ENC_NC;
+
+#endif /* WOLFSSL_DES_ECB */
+
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
     /* test the same vectors with using compatibility layer */
     for (i = 0; i < sizeof(vector); i += DES_BLOCK_SIZE){
@@ -8868,8 +9045,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
     }
 
 EVP_TEST_END:
-    if (cipher)
-        XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     (void)cipherSz;
 
     if (ctx_inited) {
@@ -9254,11 +9430,9 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         wc_AesFree(dec);
 #endif
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
 #ifdef HAVE_AES_DECRYPT
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 #endif
 
@@ -9587,11 +9761,9 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
 #ifdef HAVE_AES_DECRYPT
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 #endif
 
@@ -9852,11 +10024,9 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
 #ifdef HAVE_AES_DECRYPT
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 #endif
 
@@ -10067,11 +10237,9 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
 #ifdef HAVE_AES_DECRYPT
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 #endif
 
@@ -10115,7 +10283,7 @@ static wc_test_ret_t aes_key_size_test(void)
     /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
      * supported with that FIPS version */
     ret = wc_AesInit(NULL, HEAP_HINT, devId);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
@@ -10127,17 +10295,17 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifndef HAVE_FIPS
     /* Parameter Validation testing. */
     ret = wc_AesGetKeySize(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesGetKeySize(aes, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesGetKeySize(NULL, &keySize);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     /* Crashes in FIPS */
     ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
     /* NULL IV indicates to use all zeros IV. */
@@ -10145,11 +10313,11 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_128
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 /* CryptoCell handles rounds internally */
 #if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
@@ -10158,7 +10326,7 @@ static wc_test_ret_t aes_key_size_test(void)
     /* Force invalid rounds */
     aes->rounds = 16;
     ret = wc_AesGetKeySize(aes, &keySize);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 #endif
@@ -10167,7 +10335,7 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_128
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
@@ -10181,7 +10349,7 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_192
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
@@ -10194,7 +10362,7 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_256
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
@@ -10393,7 +10561,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -10447,7 +10615,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -10498,7 +10666,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(cipher, 0, sizeof(cipher));
     ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -10550,7 +10718,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -10603,7 +10771,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -10907,16 +11075,14 @@ static wc_test_ret_t aes_xts_128_test(void)
     #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
         !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
         !defined(WOLFSSL_NO_MALLOC)
-    if (large_input)
-        XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
 
     if (aes_inited)
         wc_AesXtsFree(aes);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (aes)
-        XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -11095,7 +11261,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -11149,7 +11315,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -11200,7 +11366,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(cipher, 0, sizeof(cipher));
     ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -11252,7 +11418,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -11305,7 +11471,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -11609,16 +11775,14 @@ static wc_test_ret_t aes_xts_192_test(void)
     #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
         !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
         !defined(WOLFSSL_NO_MALLOC)
-    if (large_input)
-        XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
 
     if (aes_inited)
         wc_AesXtsFree(aes);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (aes)
-        XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -12066,16 +12230,14 @@ static wc_test_ret_t aes_xts_256_test(void)
     #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
         !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
         !defined(WOLFSSL_NO_MALLOC)
-    if (large_input)
-        XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
 
     if (aes_inited)
         wc_AesXtsFree(aes);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (aes)
-        XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -12379,8 +12541,7 @@ static wc_test_ret_t aes_xts_sector_test(void)
         wc_AesXtsFree(aes);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (aes)
-        XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -12489,8 +12650,7 @@ static wc_test_ret_t aes_xts_args_test(void)
         wc_AesXtsFree(aes);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (aes)
-        XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -12517,11 +12677,11 @@ static wc_test_ret_t aes_cbc_test(void)
 
     /* Parameter Validation testing. */
     ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef HAVE_AES_DECRYPT
     ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -12608,12 +12768,12 @@ static wc_test_ret_t aesecb_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
         XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0)
@@ -12630,7 +12790,7 @@ static wc_test_ret_t aesecb_test(void)
 
         XMEMSET(cipher, 0, AES_BLOCK_SIZE);
         ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0)
@@ -12651,12 +12811,12 @@ static wc_test_ret_t aesecb_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
         XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0)
@@ -12675,7 +12835,7 @@ static wc_test_ret_t aesecb_test(void)
         ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0)
@@ -13331,13 +13491,13 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
             }
         }
 
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0) {
@@ -13356,7 +13516,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
 
     for (i = 0; i < AES_CTR_TEST_LEN; i++) {
         if (testVec[i].key != NULL) {
-            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
             ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
                 testVec[i].iv, AES_ENCRYPTION);
             WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -13364,7 +13524,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
                 ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
             }
             /* Ctr only uses encrypt, even on key setup */
-            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
             ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
                 testVec[i].iv, AES_ENCRYPTION);
             WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -13660,8 +13820,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
 
         if ((bigCipher == NULL) ||
             (bigPlain == NULL)) {
-            if (bigCipher != NULL)
-                XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
 #else
@@ -13719,7 +13878,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
         /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
          * message by AES_BLOCK_SIZE for each size of AES key. */
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         for (keySz = 16; keySz <= 32; keySz += 8) {
             for (msgSz = AES_BLOCK_SIZE;
                  msgSz <= sizeof(bigMsg);
@@ -14289,7 +14448,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
 #endif
 
     XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -14299,7 +14458,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
     XMEMSET(plain, 0, AES_BLOCK_SIZE);
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -14316,13 +14475,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
@@ -14448,7 +14607,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
                                      resultT, tagSz, aad, aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -14483,7 +14642,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
                    iv, ivSz, resultT, tagSz, aad, aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -15447,20 +15606,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 
 #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
     !defined(WOLFSSL_NO_MALLOC)
-    if (large_input)
-        XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (large_output)
-        XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (large_outdec)
-        XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -15576,7 +15730,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
                     badT, sizeof(badT));
-        if (ret != AES_GCM_AUTH_E)
+        if (ret != WC_NO_ERR_TRACE(AES_GCM_AUTH_E))
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
                     t2, sizeof(t2));
@@ -15911,23 +16065,23 @@ static wc_test_ret_t aesccm_128_test(void)
     ret = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2),
                               a, sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2),
                               a, sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
     ret = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
                               sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
                               sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
@@ -15937,7 +16091,7 @@ static wc_test_ret_t aesccm_128_test(void)
     ret = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2),
                               a, sizeof(a));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
@@ -17281,12 +17435,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (chacha)
-        XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
-    if (buf1)
-        XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (buf2)
-        XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
+    XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -17377,10 +17528,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (buf1 != NULL)
-        XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (buf2 != NULL)
-        XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -17388,7 +17537,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
 #endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
 
 #ifndef WC_NO_RNG
-static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
+static wc_test_ret_t _rng_test(WC_RNG* rng)
 {
     byte block[32];
     wc_test_ret_t ret;
@@ -17398,8 +17547,7 @@ static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
 
     ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
     if (ret != 0) {
-        ret = 1;
-        goto exit;
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
     /* Check for 0's */
@@ -17410,49 +17558,36 @@ static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
     }
     /* All zeros count check */
     if (ret >= (int)sizeof(block)) {
-        ret = 2;
-        goto exit;
+        return WC_TEST_RET_ENC_NC;
     }
 
     ret = wc_RNG_GenerateByte(rng, block);
     if (ret != 0) {
-        ret = 3;
-        goto exit;
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
     /* Parameter validation testing. */
     ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
-    if (ret != BAD_FUNC_ARG) {
-        ret = 4;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
     ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
-    if (ret != BAD_FUNC_ARG) {
-        ret = 5;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
     ret = wc_RNG_GenerateByte(NULL, block);
-    if (ret != BAD_FUNC_ARG) {
-        ret = 6;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
     ret = wc_RNG_GenerateByte(rng, NULL);
-    if (ret != BAD_FUNC_ARG) {
-        ret = 7;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
-    ret = 0;
-
-exit:
-    if (ret != 0)
-        ret = errorOffset - (ret * 1000000);
-
-    return ret;
+    return 0;
 }
 
-
 static wc_test_ret_t random_rng_test(void)
 {
     WC_RNG localRng;
@@ -17469,7 +17604,7 @@ static wc_test_ret_t random_rng_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
+    ret = _rng_test(rng);
 
     /* Make sure and free RNG */
     wc_FreeRng(rng);
@@ -17486,7 +17621,7 @@ static wc_test_ret_t random_rng_test(void)
         if (rng == NULL)
             return WC_TEST_RET_ENC_ERRNO;
 
-        ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
+        ret = _rng_test(rng);
         wc_rng_free(rng);
         rng = NULL;
 
@@ -17499,7 +17634,7 @@ static wc_test_ret_t random_rng_test(void)
         if (ret != 0)
             return WC_TEST_RET_ENC_EC(ret);
 
-        ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
+        ret = _rng_test(rng);
         wc_rng_free(rng);
 
         if (ret != 0)
@@ -17915,8 +18050,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
                 b = c;
         }
         #endif
-        if (b)
-            XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         if (b == NULL
         #ifndef WOLFSSL_NO_REALLOC
                 || c == NULL
@@ -18073,7 +18207,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #endif
     static const char* certBadOid =
             CERT_ROOT "test" CERT_PATH_SEP "cert-bad-oid.der";
-#ifndef WOLFSSL_NO_ASN_STRICT
+#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT)
     static const char* certBadUtf8 =
             CERT_ROOT "test" CERT_PATH_SEP "cert-bad-utf8.der";
 #endif
@@ -18313,7 +18447,7 @@ static wc_test_ret_t cert_asn1_test(void)
     InitDecodedCert(&cert, badCert, len[0], 0);
     ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
     FreeDecodedCert(&cert);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
     XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -18321,8 +18455,7 @@ static wc_test_ret_t cert_asn1_test(void)
     ret = 0;
 
 done:
-    if (badCert != NULL)
-        XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -18378,7 +18511,7 @@ static wc_test_ret_t cert_bad_asn1_test(void)
         /* Subject name OID: 55 04 f4. Last byte with top bit set invalid. */
         ret = cert_load_bad(certBadOid, tmp, ASN_PARSE_E);
     }
-#ifndef WOLFSSL_NO_ASN_STRICT
+#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT)
     if (ret == 0) {
         /* Issuer name UTF8STRING: df 52 4e 44. Top bit of second byte not set.
          */
@@ -18451,7 +18584,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #else
-    if (ret != ASN_CRIT_EXT_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
     ret = 0;
@@ -18530,11 +18663,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 
     /* check the SKID from a RSA certificate */
-    if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
+    if ((sizeof(skid_rsa) - 1 != cert.extSubjKeyIdSz) ||
+        (XMEMCMP(skid_rsa, cert.extSubjKeyId, cert.extSubjKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the AKID from an RSA certificate */
-    if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
+    if ((sizeof(akid_rsa) - 1 != cert.extAuthKeyIdSz) ||
+            (XMEMCMP(akid_rsa, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the Key Usage from an RSA certificate */
@@ -18581,7 +18716,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
     /* check the SKID from a ECC certificate - generated dynamically */
 
     /* check the AKID from an ECC certificate */
-    if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
+    if ((sizeof(akid_ecc) - 1 != cert.extAuthKeyIdSz) ||
+            (XMEMCMP(akid_ecc, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the Key Usage from an ECC certificate */
@@ -18629,11 +18765,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 
     /* check the SKID from a CA certificate */
-    if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
+    if ((sizeof(kid_ca) - 1 != cert.extSubjKeyIdSz) ||
+            (XMEMCMP(kid_ca, cert.extSubjKeyId, cert.extSubjKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the AKID from an CA certificate */
-    if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
+    if ((sizeof(kid_ca) - 1 != cert.extAuthKeyIdSz) ||
+            (XMEMCMP(kid_ca, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the Key Usage from CA certificate */
@@ -18711,7 +18849,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetSubjectBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18725,7 +18863,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetSubjectRaw(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18739,7 +18877,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetIssuerBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18753,7 +18891,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetIssuerRaw(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18768,7 +18906,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetAltNamesBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18782,7 +18920,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetDatesBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18797,7 +18935,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetAuthKeyIdFromCert(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_NC;
@@ -18830,23 +18968,23 @@ static wc_test_ret_t rsa_flatten_test(RsaKey* key)
 
     /* Parameter Validation testing. */
     ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
@@ -18855,13 +18993,13 @@ static wc_test_ret_t rsa_flatten_test(RsaKey* key)
 
     eSz = 0;
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     eSz = sizeof(e);
     nSz = 0;
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     return 0;
@@ -18886,54 +19024,54 @@ static wc_test_ret_t rsa_export_key_test(RsaKey* key)
     word32 zero = 0;
 
     ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
 
@@ -18972,36 +19110,36 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG
 
     /* Parameter Validation testing. */
     ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     sigSz = (word32)modLen;
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
                                inLen, out, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                0, out, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, NULL, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, NULL, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, NULL, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, 0, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, keyLen, NULL);
@@ -19011,56 +19149,56 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG
 #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
     /* async may not require RNG */
     #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
-    if (ret != NO_VALID_DEVID)
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID))
     #else
-    if (ret != 0 && ret != MISSING_RNG_E)
+    if (ret != 0 && ret != WC_NO_ERR_TRACE(MISSING_RNG_E))
     #endif
 #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
     /* FIPS140 implementation does not do blinding */
     if (ret != 0)
 #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
-    if (ret != SIG_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E))
 #elif defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SE050)
     /* RNG is handled by hardware */
     if (ret != 0)
 #else
-    if (ret != MISSING_RNG_E)
+    if (ret != WC_NO_ERR_TRACE(MISSING_RNG_E))
 #endif
         return WC_TEST_RET_ENC_EC(ret);
     sigSz = 0;
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
                              inLen, out, (word32)modLen, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              0, out, (word32)modLen, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, NULL, (word32)modLen, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, out, 0, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, out, (word32)modLen, NULL, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, out, (word32)modLen, key, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
 #ifndef HAVE_ECC
     ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
-    if (ret != SIG_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
@@ -19279,17 +19417,17 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 
     /* Parameter Validation testing. */
     ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -19297,7 +19435,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 #if defined(USE_INTEGER_HEAP_MATH)
     if (ret != 0)
 #else
-    if (ret != ASN_GETINT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_GETINT_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -19311,7 +19449,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 #if defined(USE_INTEGER_HEAP_MATH)
     if (ret != 0)
 #else
-    if (ret != ASN_GETINT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_GETINT_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -19336,17 +19474,17 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     /* Parameter Validation testing. */
     inSz = sizeof(good);
     ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -19355,14 +19493,14 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inOutIdx = 2;
     inSz = sizeof(good) - inOutIdx;
     ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inOutIdx = 2;
     inSz = sizeof(goodAlgId) - inOutIdx;
     ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -19370,9 +19508,9 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inSz = sizeof(goodAlgId);
     ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
 #ifndef WOLFSSL_NO_DECODE_EXTRA
-    if (ret != ASN_PARSE_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
 #else
-    if (ret != ASN_RSA_KEY_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -19382,49 +19520,55 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inSz = sizeof(badAlgIdNull);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_EXPECT_0_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNotBitString);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_BITSTR_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_BITSTR_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badBitStringLen);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNoSeq);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNoObj);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badIntN);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNotIntE);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -19435,7 +19579,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 #ifndef WOLFSSL_ASN_TEMPLATE
     if (ret != 0)
 #else
-    if (ret != ASN_PARSE_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -19450,7 +19594,9 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inSz = sizeof(badBitStrNoZero);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -19600,7 +19746,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                     ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
                         hash[j], mgf[i], -1, key, rng);
                 }
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret <= 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
             outSz = (word32)ret;
@@ -19618,7 +19764,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                     ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
                         mgf[i], -1, key);
                 }
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret <= 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
             plainSz = (word32)ret;
@@ -19655,7 +19801,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
                                 (byte**)&plain, hash[l], mgf[k], -1, key);
                         }
-                    } while (ret == WC_PENDING_E);
+                    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
                     if (ret >= 0)
                         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
                 }
@@ -19680,7 +19826,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
                 mgf[0], 0, key, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     outSz = (word32)ret;
@@ -19695,7 +19841,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
                 0, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     plainSz = (word32)ret;
@@ -19719,7 +19865,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                 hash[0], 0, 0, HEAP_HINT);
 #endif
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 
@@ -19734,7 +19880,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
                 0, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     plainSz = (word32)ret;
@@ -19771,8 +19917,8 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
                 mgf[0], len, key, rng);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 
     do {
@@ -19784,8 +19930,8 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
                 mgf[0], digestSz + 1, key, rng);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     TEST_SLEEP();
 
@@ -19798,8 +19944,8 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
                 mgf[0], -2, key);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     TEST_SLEEP();
 
@@ -19812,8 +19958,8 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
                 digestSz + 1, key);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     TEST_SLEEP();
 
@@ -19833,7 +19979,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
                                     len, 0, HEAP_HINT);
 #endif
-    if (ret != PSS_SALTLEN_E)
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #ifndef WOLFSSL_PSS_LONG_SALT
     len = (int)(digestSz + 1);
@@ -19844,17 +19990,17 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
             ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
                                          hash[0], len);
-    if (ret != PSS_SALTLEN_E)
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
             ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
                                          hash[0], len, 0);
-    if (ret != BAD_PADDING_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_PADDING_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #else
     ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
                                     len, 0, HEAP_HINT);
-    if (ret != PSS_SALTLEN_E)
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #endif
 
@@ -19982,7 +20128,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
             ret = wc_RsaDirect(tmp, inLen, out, &outSz, key,
                     RSA_PRIVATE_ENCRYPT, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -20002,7 +20148,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
             ret = wc_RsaDirect(out, outSz, plain, &plainSz, key,
                     RSA_PUBLIC_DECRYPT, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -20015,7 +20161,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
 
 #ifdef WC_RSA_BLINDING
     ret = wc_RsaSetRNG(NULL, &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
@@ -20035,7 +20181,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
             ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, outSz, key, &rng,
                 WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -20051,7 +20197,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
             ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, plainSz, key,
                 WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -20065,25 +20211,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
     /* test some bad arguments */
     ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
             &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
     ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
             &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
     ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
             &rng);
-    if (ret != LENGTH_ONLY_E || plainSz != inLen) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) || plainSz != inLen) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
     ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
             RSA_PUBLIC_DECRYPT, &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
@@ -20222,12 +20368,17 @@ static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
     outSz   = wc_RsaEncryptSize(key);
     XMEMSET(tmp, 7, plainSz);
     ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(MP_INVMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 
     ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 #endif
@@ -20242,14 +20393,19 @@ static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
     /* test encrypt and decrypt using WC_RSA_NO_PAD */
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
     ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 #endif /* WOLFSSL_RSA_VERIFY_ONLY */
 
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
     ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(MP_INVMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -20390,7 +20546,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
         if (ret >= 0) {
             ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     }
@@ -20551,7 +20707,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
             ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
                       caKey, NULL, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     certSz = (int)ret;
@@ -20580,8 +20736,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
         XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #ifdef WOLFSSL_TEST_CERT
-    if (decode != NULL)
-        XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #else
     wc_FreeRsaKey(caKey);
@@ -20780,7 +20935,7 @@ static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
             ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
                               FOURK_BUF, caKey, NULL, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     certSz = (int)ret;
@@ -20817,8 +20972,7 @@ static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
         XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #ifdef WOLFSSL_TEST_CERT
-    if (decode != NULL)
-        XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #else
     wc_FreeRsaKey(caKey);
@@ -20849,13 +21003,14 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
 #ifndef WOLFSSL_NO_MALLOC
     byte*  der = NULL;
 #else
-    byte der[1024];
+    byte der[1280];
 #endif
 #ifndef WOLFSSL_CRYPTOCELL
     word32 idx = 0;
 #endif
     int    derSz = 0;
-#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
+#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int    keySz = 1024;
 #else
     int    keySz = 2048;
@@ -20880,7 +21035,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
         ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
 #ifdef HAVE_FIPS
-        if (ret == PRIME_GEN_E)
+        if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E))
             continue;
         break;
     }
@@ -20900,8 +21055,11 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
     if (der == NULL) {
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
     }
+    derSz = FOURK_BUF;
+#else
+    derSz = sizeof(der);
 #endif
-    derSz = wc_RsaKeyToDer(genKey, der, FOURK_BUF);
+    derSz = wc_RsaKeyToDer(genKey, der, derSz);
     if (derSz < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
     }
@@ -20937,10 +21095,8 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
 #endif
 
 #ifndef WOLFSSL_NO_MALLOC
-    if (der != NULL) {
-        XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        der = NULL;
-    }
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    der = NULL;
 #endif
 
     return ret;
@@ -20987,7 +21143,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                        WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21002,7 +21158,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                        WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21023,7 +21179,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21038,7 +21194,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21057,7 +21213,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
                 WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     if (ret != (int)inLen) {
@@ -21079,7 +21235,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21098,7 +21254,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret > 0) { /* in this case decrypt should fail */
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
     }
@@ -21116,7 +21272,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21131,7 +21287,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21152,7 +21308,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                 ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                     WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
         TEST_SLEEP();
@@ -21170,7 +21326,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                     WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
                     in, inLen);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret > 0) { /* should fail */
             ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
         }
@@ -21195,7 +21351,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                 ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
         TEST_SLEEP();
@@ -21210,7 +21366,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                 ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21232,7 +21388,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21247,7 +21403,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                   WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21476,7 +21632,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21499,7 +21655,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21515,7 +21671,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaPrivateDecryptInline(out, idx, &res, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     if (ret != (int)inLen) {
@@ -21533,7 +21689,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21614,7 +21770,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
             }
 #endif
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21858,7 +22014,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
                 ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
                           key, NULL, &rng);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
         derSz = (int)ret;
@@ -21922,8 +22078,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     }
     #endif
     #ifdef WOLFSSL_TEST_CERT
-    if (cert != NULL)
-        XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
      XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
      XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -22068,22 +22223,22 @@ static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng)
 
     /* Parameter Validation testing. */
     ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
 
     ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
@@ -22137,7 +22292,7 @@ static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng)
     /* Taint the public key so the check fails. */
     pub[0]++;
     ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
-    if (ret != MP_CMP_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_CMP_E)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
 
@@ -22215,28 +22370,28 @@ static wc_test_ret_t dh_generate_test(WC_RNG *rng)
 
     /* Parameter Validation testing. */
     ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     wc_FreeDhKey(NULL);
 
     ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, NULL, sizeof(p), g, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, 0, g, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, sizeof(p), NULL, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, sizeof(p), g, 0);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, sizeof(p), g, sizeof(g));
@@ -22298,8 +22453,7 @@ static wc_test_ret_t dh_generate_test(WC_RNG *rng)
         wc_FreeDhKey(smallKey);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (smallKey != NULL)
-        XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -22355,7 +22509,7 @@ static wc_test_ret_t dh_test_check_pubvalue(void)
     for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
         ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
                                                          dh_pubval_fail[i].len);
-        if (ret != MP_VAL)
+        if (ret != WC_NO_ERR_TRACE(MP_VAL))
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -22510,7 +22664,9 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 
@@ -22518,14 +22674,20 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(ASYNC_OP_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 
 #ifndef HAVE_SELFTEST
     ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_CMP_E &&
-            ret != ASYNC_OP_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(MP_CMP_E) &&
+        ret != WC_NO_ERR_TRACE(ASYNC_OP_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 #endif
@@ -22538,18 +22700,12 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \
     !defined(WC_NO_RNG)
-    if (priv)
-        XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (pub)
-        XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (priv2)
-        XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (pub2)
-        XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (agree)
-        XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (agree2)
-        XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (key) {
         wc_FreeDhKey(key);
         XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -22761,11 +22917,43 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
     if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
+
+#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \
+            !defined(HAVE_SELFTEST)
+    agreeSz = DH_TEST_BUF_SIZE;
+    agreeSz2 = DH_TEST_BUF_SIZE;
+
+    ret = wc_DhAgree_ct(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+    ret = wc_DhAgree_ct(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+#ifdef WOLFSSL_PUBLIC_MP
+    if (agreeSz != (word32)mp_unsigned_bin_size(&key->p))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+#endif
+
+    if (agreeSz != agreeSz2)
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+
+    if (XMEMCMP(agree, agree2, agreeSz) != 0)
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+#endif /* (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && !HAVE_SELFTEST */
+
 #endif /* !WC_NO_RNG */
 
 #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     ret = wc_DhCheckPrivKey(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_DhCheckPrivKey(key, priv, privSz);
@@ -22773,12 +22961,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     {
         word32 pSz, qSz, gSz;
         ret = wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz);
-        if (ret != LENGTH_ONLY_E)
+        if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 #endif
@@ -22972,20 +23160,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
             wc_FreeDhKey(key2);
         XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (tmp)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (priv)
-        XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (pub)
-        XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (priv2)
-        XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (pub2)
-        XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (agree)
-        XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (agree2)
-        XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     if (keyInit)
         wc_FreeDhKey(key);
@@ -23162,13 +23343,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
   out:
 
 #ifdef WOLFSSL_KEY_GEN
-    if (der)
-        XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (tmp)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (key) {
         if (key_inited)
             wc_FreeDsaKey(key);
@@ -23359,14 +23538,10 @@ static wc_test_ret_t srp_test_digest(SrpType dgstType)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   out:
 
-    if (cli)
-        XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (srv)
-        XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (clientProof)
-        XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (serverProof)
-        XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return r;
@@ -25501,11 +25676,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
                 (unsigned char*)key, (unsigned char*)iv) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
+        if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             return WC_TEST_RET_ENC_NC;
+        }
 
-        if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
+        if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             return WC_TEST_RET_ENC_NC;
+        }
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
@@ -25517,13 +25698,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
                 (unsigned char*)key, (unsigned char*)iv) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
+        if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             return WC_TEST_RET_ENC_NC;
+        }
 
-        if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
+        if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             return WC_TEST_RET_ENC_NC;
+        }
 
-        if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
+        if (EVP_CIPHER_CTX_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WC_TEST_RET_ENC_NC;
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
@@ -25534,7 +25721,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG)
+        if (EVP_CIPHER_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WC_TEST_RET_ENC_NC;
 
         if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
@@ -25551,7 +25738,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         if (en->flags != 42)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG)
+        if (EVP_CIPHER_CTX_set_padding(NULL, 0) !=
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WC_TEST_RET_ENC_NC;
         if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
@@ -26082,12 +26270,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (cipher != NULL)
-        XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (plain != NULL)
-        XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #endif
 
@@ -26373,7 +26558,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
     /* Test case with parallel overflowing */
     ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608,
                     sizeof(verify1));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Don't run these test on embedded, since they use large mallocs */
@@ -26598,7 +26783,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
     }
 
     ret = wc_i2d_PKCS12(pkcs12, NULL, &pkcs12derSz);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         if (ret == 0)
             ret = WC_TEST_RET_ENC_NC;
         else
@@ -27033,7 +27218,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void)
             (const byte*)label, (word32)XSTRLEN(label), seed, seedSz,
             1, sha256_mac, NULL, INVALID_DEVID);
     if (ret != 0) {
-        if (ret == FIPS_PRIVATE_KEY_LOCKED_E) {
+        if (ret == WC_NO_ERR_TRACE(FIPS_PRIVATE_KEY_LOCKED_E)) {
             printf("    wc_PRF_TLSv12: Private key locked.\n");
         }
         return WC_TEST_RET_ENC_NC;
@@ -27618,7 +27803,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void)
         XMEMSET(zeroes, 0, sizeof zeroes);
 
         hashAlgSz = wc_HashGetDigestSize(tv->hashAlg);
-        if (hashAlgSz == BAD_FUNC_ARG) break;
+        if (hashAlgSz == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) break;
         ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, (word32)hashAlgSz);
         if (ret != 0) break;
 
@@ -27977,7 +28162,7 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
     /* Negative test case with NULL argument */
     if (ret == 0) {
         ret = wc_HpkeGenerateKeyPair(NULL, &receiverKey, rng);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = WC_TEST_RET_ENC_EC(ret);
         else
             ret = 0;
@@ -27985,7 +28170,7 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
 
     if (ret == 0) {
         ret = wc_HpkeGenerateKeyPair(hpke, NULL, rng);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = WC_TEST_RET_ENC_EC(ret);
         else
             ret = 0;
@@ -27993,7 +28178,7 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
 
     if (ret == 0) {
         ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, NULL);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = WC_TEST_RET_ENC_EC(ret);
         else
             ret = 0;
@@ -28006,8 +28191,7 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
         wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (pubKey != NULL)
-        XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     if (rngRet == 0)
@@ -28090,13 +28274,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
         HPKE_AES_256_GCM, NULL);
 
     /* HPKE does not support X448 yet, so expect failure */
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = hpke_test_single(hpke);
 
     /* HPKE does not support X448 yet, so expect failure */
-    if (WC_TEST_RET_DEC_EC(ret) != BAD_FUNC_ARG)
+    if (WC_TEST_RET_DEC_EC(ret) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return ret;
     ret = 0; /* reset error code */
 #endif
@@ -28480,78 +28664,78 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
     ret = wc_SRTP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
             tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
             keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         25, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         25, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         -2, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         -2, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
@@ -28684,12 +28868,10 @@ typedef struct eccVector {
     const char* curveName;
     word32 msgLen;
     word32 keySize;
-#ifndef NO_ASN
     const byte* r;
     word32      rSz;
     const byte* s;
     word32      sSz;
-#endif
 } eccVector;
 
 #if !defined(WOLF_CRYPTO_CB_ONLY_ECC)
@@ -28734,26 +28916,27 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
 
     ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
                                                   vector->d, vector->curveName);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
+#if !defined(NO_ASN)
     XMEMSET(sig, 0, ECC_SIG_SIZE);
     sigSz = ECC_SIG_SIZE;
     ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
     if (ret != 0)
         goto done;
 
-#if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
+#if !defined(HAVE_SELFTEST)
     XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
     sigRawSz = ECC_SIG_SIZE;
     ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
                                                              sigRaw, &sigRawSz);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto done;
@@ -28761,13 +28944,23 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
 
     ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
         sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto done;
     }
-#endif
+#endif /* !HAVE_SELFTEST */
+#else
+    /* Signature will be R+S directly */
+    /* Make sure and zero pad if r or s is less than key size */
+    XMEMSET(sig, 0, ECC_SIG_SIZE);
+    sigSz = vector->keySize * 2;
+    XMEMCPY(sig + (vector->keySize - vector->rSz),
+        vector->r, vector->rSz);
+    XMEMCPY(sig + vector->keySize + (vector->keySize - vector->sSz),
+        vector->s, vector->sSz);
+#endif /* !NO_ASN */
 
 #ifdef HAVE_ECC_VERIFY
     do {
@@ -28777,9 +28970,9 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
         if (ret == 0)
             ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
                                                vector->msgLen, &verify, userA);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     if (verify != 1)
@@ -28855,14 +29048,12 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         vec.R   = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
         vec.S   = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
         vec.curveName = "SECP192R1";
-    #ifndef NO_ASN
         vec.r   = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
                          "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
         vec.rSz = 24;
         vec.s   = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
                          "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
         vec.sSz = 24;
-    #endif
         break;
 #endif /* HAVE_ECC192 */
 
@@ -28891,7 +29082,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         vec.R   = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
         vec.S   = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
         vec.curveName = "SECP224R1";
-    #ifndef NO_ASN
         vec.r   = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
                          "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
                          "\xbc\x16\x71\xa7";
@@ -28900,7 +29090,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
                          "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
                          "\x6a\xf3\xad\x5b";
         vec.sSz = 28;
-    #endif
         break;
 #endif /* HAVE_ECC224 */
 
@@ -28933,7 +29122,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         vec.d   = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
         vec.R   = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
         vec.S   = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
-    #ifndef NO_ASN
         vec.r   = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
                          "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
                          "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
@@ -28942,7 +29130,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
                          "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
                          "\x5a\x21\x48\xae\x32\xe3\xa2\x48";
         vec.sSz = 32;
-    #endif
         vec.curveName = "SECP256R1";
         break;
 #endif /* !NO_ECC256 */
@@ -28977,7 +29164,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         vec.R   = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
         vec.S   = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
         vec.curveName = "SECP384R1";
-    #ifndef NO_ASN
         vec.r   = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
                          "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
                          "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
@@ -28988,7 +29174,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
                          "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
                          "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
         vec.sSz = 48;
-    #endif
         break;
 #endif /* HAVE_ECC384 */
 
@@ -29022,7 +29207,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         vec.R   = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
         vec.S   = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
         vec.curveName = "SECP521R1";
-    #ifndef NO_ASN
         vec.r   = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
                          "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
                          "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
@@ -29037,11 +29221,12 @@ static wc_test_ret_t ecc_test_vector(int keySize)
                          "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
                          "\x3d\x22\xf2\x48\x0c";
         vec.sSz = 65;
-    #endif
         break;
 #endif /* HAVE_ECC521 */
     default:
-        return NOT_COMPILED_IN; /* Invalid key size / Not supported */
+        return WC_TEST_RET_ENC_EC(NOT_COMPILED_IN); /* Invalid key size /
+                                                     * Not supported
+                                                     */
     }; /* Switch */
 
     ret = ecc_test_vector_item(&vec);
@@ -29053,10 +29238,71 @@ static wc_test_ret_t ecc_test_vector(int keySize)
 }
 #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
 
-#if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
-                               defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
-    && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
-#if defined(HAVE_ECC256)
+#if defined(HAVE_ECC_SIGN) && \
+    (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
+     defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
+#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
+
+static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key,
+    enum wc_HashType hashType, const char* msg, WC_RNG* rng, const byte* expSig,
+    size_t expSigSz)
+{
+    wc_test_ret_t ret;
+    int verify;
+    byte sig[ECC_MAX_SIG_SIZE];
+    word32 sigSz;
+    unsigned char hash[WC_MAX_DIGEST_SIZE];
+
+    ret = wc_Hash(hashType,
+        (byte*)msg, (word32)XSTRLEN(msg),
+        hash, sizeof(hash));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+    /* Sign test */
+    sigSz = sizeof(sig);
+    do {
+    #if defined(WOLFSSL_ASYNC_CRYPT)
+        ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
+    #endif
+        if (ret == 0)
+            ret = wc_ecc_sign_hash(hash, wc_HashGetDigestSize(hashType),
+                sig, &sigSz, rng, key);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    TEST_SLEEP();
+
+    /* Compare test vector */
+    if (sigSz != expSigSz) {
+        ret = WC_TEST_RET_ENC_NC;
+        goto done;
+    }
+    if (XMEMCMP(sig, expSig, sigSz) != 0) {
+        ret = WC_TEST_RET_ENC_NC;
+        goto done;
+    }
+
+    /* Verificiation */
+    verify = 0;
+    do {
+    #if defined(WOLFSSL_ASYNC_CRYPT)
+        ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
+    #endif
+        if (ret == 0)
+            ret = wc_ecc_verify_hash(sig, sigSz,
+                hash, wc_HashGetDigestSize(hashType), &verify, key);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    if (verify != 1) {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+done:
+    return ret;
+}
+
 static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
 {
     wc_test_ret_t ret;
@@ -29066,27 +29312,61 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
     ecc_key key[1];
 #endif
     int key_inited = 0;
-    byte sig[72];
-    word32 sigSz;
-    WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
-    unsigned char hash[32];
+    WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample";
     WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
         "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721";
     WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
         "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6";
     WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
         "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299";
-    WOLFSSL_SMALL_STACK_STATIC const byte expSig[] = {
-        0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B,
-        0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD,
-        0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87,
-        0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D, 0x0E,
-        0xA8, 0x4E, 0xAF, 0x37, 0x16, 0x02, 0x21, 0x00,
-        0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41,
-        0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65,
-        0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06,
-        0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8
+#ifndef NO_SHA256
+    WOLFSSL_SMALL_STACK_STATIC const byte expSig256[] = {
+        0x30, 0x46, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
+            0x02, 0x21,  /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
+                0x00, 0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8,
+                0xFD, 0x11, 0x40, 0xDD, 0x9C, 0xD4, 0x5E, 0x81,
+                0xD6, 0x9D, 0x2C, 0x87, 0x7B, 0x56, 0xAA, 0xF9,
+                0x91, 0xC3, 0x4D, 0x0E, 0xA8, 0x4E, 0xAF, 0x37,
+                0x16,
+            0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */
+                0x00, 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C,
+                0x41, 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F,
+                0x65, 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4,
+                0x06, 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD,
+                0xA8
+    };
+#endif
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const byte expSig384[] = {
+        0x30, 0x44, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
+            0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
+                0x0e, 0xaf, 0xea, 0x03, 0x9b, 0x20, 0xe9, 0xb4,
+                0x23, 0x09, 0xfb, 0x1d, 0x89, 0xe2, 0x13, 0x05,
+                0x7c, 0xbf, 0x97, 0x3d, 0xc0, 0xcf, 0xc8, 0xf1,
+                0x29, 0xed, 0xdd, 0xc8, 0x00, 0xef, 0x77, 0x19,
+            0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */
+                0x48, 0x61, 0xf0, 0x49, 0x1e, 0x69, 0x98, 0xb9,
+                0x45, 0x51, 0x93, 0xe3, 0x4e, 0x7b, 0x0d, 0x28,
+                0x4d, 0xdd, 0x71, 0x49, 0xa7, 0x4b, 0x95, 0xb9,
+                0x26, 0x1f, 0x13, 0xab, 0xde, 0x94, 0x09, 0x54
+    };
+#endif
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const byte expSig512[] = {
+        0x30, 0x45, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
+            0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
+                0x00, 0x84, 0x96, 0xa6, 0x0b, 0x5e, 0x9b, 0x47,
+                0xc8, 0x25, 0x48, 0x88, 0x27, 0xe0, 0x49, 0x5b,
+                0x0e, 0x3f, 0xa1, 0x09, 0xec, 0x45, 0x68, 0xfd,
+                0x3f, 0x8d, 0x10, 0x97, 0x67, 0x8e, 0xb9, 0x7f,
+                0x00,
+            0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */
+                0x23, 0x62, 0xab, 0x1a, 0xdb, 0xe2, 0xb8, 0xad,
+                0xf9, 0xcb, 0x9e, 0xda, 0xb7, 0x40, 0xea, 0x60,
+                0x49, 0xc0, 0x28, 0x11, 0x4f, 0x24, 0x60, 0xf9,
+                0x65, 0x54, 0xf6, 0x1f, 0xae, 0x33, 0x02, 0xfe
     };
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
     key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -29095,60 +29375,40 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
 #endif
 
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
-    if (ret != 0) {
-        goto done;
-    }
-
-    ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
-            (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_set_deterministic(key, 1);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
-    sigSz = sizeof(sig);
-    do {
-    #if defined(WOLFSSL_ASYNC_CRYPT)
-        ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
-    #endif
-        if (ret == 0)
-            ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
-    TEST_SLEEP();
+#ifndef NO_SHA256
+    /* Test for SHA2-256 */
+    ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA256, msg, rng,
+        expSig256, sizeof(expSig256));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+#endif /* !NO_SHA256 */
 
-    if (sigSz != sizeof(expSig)) {
-        ret = WC_TEST_RET_ENC_NC;
-        goto done;
-    }
-    if (XMEMCMP(sig, expSig, sigSz) != 0) {
-        ret = WC_TEST_RET_ENC_NC;
-        goto done;
-    }
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-384 */
+    ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA384, msg, rng,
+        expSig384, sizeof(expSig384));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+#endif /* WOLFSSL_SHA384 */
 
-    sigSz = sizeof(sig);
-    do {
-    #if defined(WOLFSSL_ASYNC_CRYPT)
-        ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
-    #endif
-        if (ret == 0)
-            ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
-    TEST_SLEEP();
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-512 */
+    ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA512, msg, rng,
+        expSig512, sizeof(expSig512));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+#endif /* WOLFSSL_SHA512 */
 
 done:
     if (key_inited)
@@ -29158,10 +29418,56 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
 #endif
    return ret;
 }
-#endif
+#endif /* NO_ECC256 || HAVE_ALL_CURVES */
+
 
 #ifdef WOLFSSL_PUBLIC_MP
-#if defined(HAVE_ECC384)
+
+static wc_test_ret_t ecdsa_test_deterministic_k_rs(ecc_key *key,
+    enum wc_HashType hashType, const char* msg, WC_RNG* rng,
+    mp_int* r, mp_int* s,
+    mp_int* expR, mp_int* expS)
+{
+    wc_test_ret_t ret;
+    unsigned char hash[WC_MAX_DIGEST_SIZE];
+    int verify;
+
+    ret = wc_Hash(hashType,
+        (byte*)msg, (word32)XSTRLEN(msg),
+        hash, sizeof(hash));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+    ret = wc_ecc_sign_hash_ex(hash, wc_HashGetDigestSize(hashType), rng, key,
+        r, s);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    TEST_SLEEP();
+
+    if (mp_cmp(r, expR) != MP_EQ && mp_cmp(s, expS) != MP_EQ) {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+
+    /* Verificiation */
+    verify = 0;
+    ret = wc_ecc_verify_hash_ex(r, s, hash, wc_HashGetDigestSize(hashType),
+        &verify, key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    if (verify != 1) {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+done:
+    return ret;
+}
+
+#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
 /* KAT from RFC6979 */
 static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
 {
@@ -29173,9 +29479,10 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
     ecc_key key[1];
     mp_int r[1], s[1], expR[1], expS[1];
 #endif
-    int key_inited = 0;
-    WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
-    unsigned char hash[32];
+    int key_inited = 0,
+        tmp_mp_ints_inited = 0;
+
+    WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample";
     WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
         "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8"
         "96D5724E4C70A825F872C9EA60D2EDF5";
@@ -29185,12 +29492,30 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
     WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
         "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1"
         "288B231C3AE0D4FE7344FD2533264720";
-    WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
+#ifndef NO_SHA256
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr256 =
        "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33"
        "BDE1E888E63355D92FA2B3C36D8FB2CD";
-    WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr256 =
        "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
        "EFDC63ECCD1AC42EC0CB8668A4FA0AB0";
+#endif
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 =
+        "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C"
+        "81A648152E44ACF96E36DD1E80FABE46";
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr384 =
+        "99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F"
+        "A329C145786E679E7B82C71A38628AC8";
+#endif
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 =
+        "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C"
+        "FE30F35CC900056D7C99CD7882433709";
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr512 =
+        "512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112"
+        "DC7CC3EF3446DEFCEB01A45C2667FDD5";
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
     key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -29205,76 +29530,79 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
         (expR == NULL) ||
         (expS == NULL))
     {
-        ret = MEMORY_E;
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done);
     }
 #endif
 
     ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
-    if (ret != MP_OKAY) {
-        goto done;
-    }
+    if (ret != MP_OKAY)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    tmp_mp_ints_inited = 1;
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
 
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP384R1");
-    if (ret != 0) {
-        goto done;
-    }
-
-    ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
-            (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_set_deterministic(key, 1);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
-    do {
-    #if defined(WOLFSSL_ASYNC_CRYPT)
-        ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
-    #endif
-        if (ret == 0)
-            ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
-    TEST_SLEEP();
+#ifndef NO_SHA256
+    /* Test for SHA2-256 */
+    mp_read_radix(expR, expRstr256, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr256, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* NO_SHA256 */
 
-    mp_read_radix(expR, expRstr, MP_RADIX_HEX);
-    mp_read_radix(expS, expSstr, MP_RADIX_HEX);
-    if (mp_cmp(r, expR) != MP_EQ) {
-        ret = WC_TEST_RET_ENC_NC;
-    }
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-384 */
+    mp_read_radix(expR, expRstr384, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr384, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* WOLFSSL_SHA384 */
+
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-512 */
+    mp_read_radix(expR, expRstr512, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr512, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* WOLFSSL_SHA512 */
 
 done:
     if (key_inited)
         wc_ecc_free(key);
+    if (tmp_mp_ints_inited) {
+        mp_free(r);
+        mp_free(s);
+        mp_free(expR);
+        mp_free(expS);
+    }
 #ifdef WOLFSSL_SMALL_STACK
-    if (key != NULL)
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (r != NULL)
-        XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (s != NULL)
-        XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (expR != NULL)
-        XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (expS != NULL)
-        XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
 }
 #endif /* HAVE_ECC384 */
 
-#if defined(HAVE_ECC521)
+#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
 /* KAT from RFC6979 */
 static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
 {
@@ -29286,10 +29614,9 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
     ecc_key key[1];
     mp_int r[1], s[1], expR[1], expS[1];
 #endif
-    int key_inited = 0;
-    WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
-    unsigned char hash[32];
-
+    int key_inited = 0,
+        tmp_mp_ints_inited = 0;
+    WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample";
     WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
        "0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C"
        "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83"
@@ -29302,14 +29629,36 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
         "0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2"
         "8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF"
         "CF5";
-    WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
+#ifndef NO_SHA256
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr256 =
         "1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659"
         "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E"
         "1A7";
-    WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr256 =
         "04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916"
         "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
         "CFC";
+#endif
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 =
+        "1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4"
+        "B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67"
+        "451";
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr384 =
+        "1F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5"
+        "FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65"
+        "D61";
+#endif
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 =
+        "0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F1"
+        "74E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E37"
+        "7FA";
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr512 =
+        "0617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF2"
+        "82623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A"
+        "67A";
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
     key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -29324,69 +29673,73 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
         (expR == NULL) ||
         (expS == NULL))
     {
-        ret = MEMORY_E;
+        ret = WC_TEST_RET_ENC_EC(MEMORY_E);
         goto done;
     }
 #endif
 
     ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
-    if (ret != MP_OKAY) {
-        goto done;
-    }
+    if (ret != MP_OKAY)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    tmp_mp_ints_inited = 1;
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        return WC_TEST_RET_ENC_EC(ret);
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
 
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP521R1");
-    if (ret != 0) {
-        goto done;
-    }
-
-    ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
-            (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_set_deterministic(key, 1);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
-    do {
-    #if defined(WOLFSSL_ASYNC_CRYPT)
-        ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
-    #endif
-        if (ret == 0)
-            ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
-    TEST_SLEEP();
+#ifndef NO_SHA256
+    /* Test for SHA2-256 */
+    mp_read_radix(expR, expRstr256, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr256, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* NO_SHA256 */
 
-    mp_read_radix(expR, expRstr, MP_RADIX_HEX);
-    mp_read_radix(expS, expSstr, MP_RADIX_HEX);
-    if (mp_cmp(r, expR) != MP_EQ) {
-        ret = WC_TEST_RET_ENC_NC;
-    }
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-384 */
+    mp_read_radix(expR, expRstr384, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr384, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* WOLFSSL_SHA384 */
+
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-512 */
+    mp_read_radix(expR, expRstr512, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr512, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* WOLFSSL_SHA512 */
 
 done:
     if (key_inited)
         wc_ecc_free(key);
+    if (tmp_mp_ints_inited) {
+        mp_free(r);
+        mp_free(s);
+        mp_free(expR);
+        mp_free(expS);
+    }
 #ifdef WOLFSSL_SMALL_STACK
-    if (key != NULL)
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (r != NULL)
-        XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (s != NULL)
-        XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (expR != NULL)
-        XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (expS != NULL)
-        XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -29395,7 +29748,7 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
 #endif /* WOLFSSL_PUBLIC_MP */
 #endif /* HAVE_ECC_SIGN && (WOLFSSL_ECDSA_DETERMINISTIC_K ||
                             WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
-          && (!FIPS_VERSION_GE || FIPS_VERSION_GE(5,3)) */
+          && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */
 
 
 #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
@@ -29434,24 +29787,21 @@ static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
 #endif
 
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
 
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) \
     && (HAVE_FIPS_VERSION > 2)))
     wc_ecc_set_flags(key, WC_ECC_FLAG_DEC_SIGN);
 #endif
 
     ret = wc_ecc_sign_set_k(k, sizeof(k), key);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     sigSz = sizeof(sig);
     do {
@@ -29460,10 +29810,9 @@ static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     if (sigSz != sizeof(expSig)) {
@@ -29482,10 +29831,9 @@ static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
 done:
@@ -29522,7 +29870,7 @@ static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((pub_key == NULL) ||
         (priv_key == NULL)) {
-        ret = MEMORY_E;
+        ret = WC_TEST_RET_ENC_EC(MEMORY_E);
         goto done;
     }
 #endif
@@ -29533,25 +29881,25 @@ static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
     /* setup private and public keys */
     ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
     wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
     ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
     !defined(HAVE_SELFTEST)
     ret = wc_ecc_set_rng(priv_key, rng);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #else
     (void)rng;
 #endif
@@ -29564,17 +29912,16 @@ static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     /* read in expected Z */
     z = sizeof(sharedB);
     ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     /* compare results */
     if (x != z || XMEMCMP(sharedA, sharedB, x)) {
@@ -29630,6 +29977,15 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
 #ifdef HAVE_ECC_VERIFY
     int verify = 0;
 #endif
+#ifdef NO_ASN
+    /* private d for eccKeyDerFile / ecc_key_der_256 */
+    const byte keyPriv[] = {
+        0x45, 0xB6, 0x69, 0x02,  0x73, 0x9C, 0x6C, 0x85,
+        0xA1, 0x38, 0x5B, 0x72,  0xE8, 0xE8, 0xC7, 0xAC,
+        0xC4, 0x03, 0x8D, 0x53,  0x35, 0x04, 0xFA, 0x6C,
+        0x28, 0xDC, 0x34, 0x8D,  0xE1, 0xA8, 0x09, 0x8C
+    };
+#endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((key == NULL) ||
@@ -29684,6 +30040,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
 
+#ifndef NO_ASN
     x = 0;
     ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
     if (ret != 0)
@@ -29709,6 +30066,10 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
     }
 
 #endif /* HAVE_ECC_KEY_EXPORT */
+#else
+    /* Load raw private d directly */
+    ret = wc_ecc_import_private_key(keyPriv, sizeof(keyPriv), NULL, 0, key);
+#endif /* !NO_ASN */
 
     ret = wc_ecc_make_pub(NULL, NULL);
     if (ret == 0) {
@@ -29728,7 +30089,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
 #endif
     if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
-#endif
+#endif /* !WOLFSSL_CRYPTOCELL */
     TEST_SLEEP();
 
 #ifdef HAVE_ECC_KEY_EXPORT
@@ -29764,7 +30125,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
             ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp,
                 &tmpSz, rng, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -29780,7 +30141,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
             ret = wc_ecc_verify_hash(tmp, tmpSz, msg,
                 (word32)XSTRLEN((const char*)msg), &verify, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -29852,7 +30213,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
         if (ret == 0) {
             ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     wc_ecc_free(pub);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
@@ -29871,13 +30232,10 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
         XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
-    if (pub != NULL)
-        XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-    if (exportBuf != NULL)
-        XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     wc_ecc_free(key);
 #endif
@@ -29956,8 +30314,7 @@ static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize)
         wc_ecc_free(eccKey);
         XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (tmpBuf != NULL)
-        XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     wc_ecc_free(eccKey);
 #endif
@@ -30061,8 +30418,7 @@ static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize)
 done:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (der != NULL)
-        XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (userA != NULL) {
         wc_ecc_free(userA);
         XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -30190,12 +30546,12 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
 #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-    if (ret == NO_VALID_DEVID) {
+    if (ret == WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ret = 0;
         goto done; /* no software case */
     }
 #endif
-    if (ret == ECC_CURVE_OID_E)
+    if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E))
         goto done; /* catch case, where curve is not supported */
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
@@ -30247,7 +30603,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -30259,7 +30615,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -30282,7 +30638,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -30294,7 +30650,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -30339,7 +30695,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -30378,7 +30734,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         #endif
             if (ret == 0)
                 ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -30416,7 +30772,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         if (ret == 0)
             ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
                                                                         userA);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -30431,7 +30787,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
             if (ret == 0)
                 ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
                                                                &verify, userA);
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
         if (verify != 1)
@@ -30453,7 +30809,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -30467,7 +30823,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         #endif
             if (ret == 0)
                 ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, userA);
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
         if (verify != 1)
@@ -30549,7 +30905,7 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
     ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, curve_id,
         NULL);
     if (ret < 0) {
-        if (ret == ECC_CURVE_OID_E) {
+        if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
             /* ignore error for curves not found */
             /* some curve sizes are only available with:
                 HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
@@ -30582,7 +30938,7 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
     !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
     ret = ecc_test_key_decode(rng, keySize);
     if (ret < 0) {
-        if (ret == ECC_CURVE_OID_E) {
+        if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
             /* ignore error for curves not found */
         }
         else {
@@ -30595,7 +30951,7 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
 #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
     ret = ecc_test_key_gen(rng, keySize);
     if (ret < 0) {
-        if (ret == ECC_CURVE_OID_E) {
+        if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
             /* ignore error for curves not found */
         }
         else {
@@ -30691,90 +31047,86 @@ static wc_test_ret_t ecc_point_test(void)
     /* Parameter Validation testing. */
     wc_ecc_del_point(NULL);
     ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(-1, point, out, &outLen);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
-    if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) || outLen != sizeof(out)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     outLen = 0;
     ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
-    if (ret != BUFFER_E) {
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_copy_point(NULL, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_copy_point(NULL, point2);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_copy_point(point, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_cmp_point(NULL, NULL);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_cmp_point(NULL, point2);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_cmp_point(point, NULL);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
 
     /* Use API. */
     ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     outLen = sizeof(out);
     ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (outLen != sizeof(der)) {
         ret = WC_TEST_RET_ENC_NC;
         goto done;
@@ -30796,10 +31148,8 @@ static wc_test_ret_t ecc_point_test(void)
     }
 
     ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     ret = wc_ecc_cmp_point(point2, point);
     if (ret != MP_GT) {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -30809,16 +31159,12 @@ static wc_test_ret_t ecc_point_test(void)
 #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
     ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_cmp_point(point3, point4);
     if (ret != MP_EQ) {
@@ -30827,16 +31173,12 @@ static wc_test_ret_t ecc_point_test(void)
     }
 
     ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_cmp_point(point3, point4);
     if (ret != MP_EQ) {
@@ -30941,31 +31283,23 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
 
     privLen = sizeof(priv);
     ret = wc_ecc_export_private_only(key, priv, &privLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     pubLen = sizeof(pub);
     ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     wc_ecc_free(keyImp);
     wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
 
     ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     wc_ecc_free(keyImp);
     wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
@@ -30979,10 +31313,8 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
     /* test import private only */
     ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
                                        curve_id);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     wc_ecc_free(keyImp);
     wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
@@ -30990,18 +31322,14 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
     /* test export public raw */
     pubLenX = pubLenY = 32;
     ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifndef HAVE_SELFTEST
     /* test import of public */
     ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif
 
     wc_ecc_free(keyImp);
@@ -31011,18 +31339,14 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
     pubLenX = pubLenY = privLen = 32;
     ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
         priv, &privLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifndef HAVE_SELFTEST
     /* test import of private and public */
     ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif
 
 done:
@@ -31084,10 +31408,8 @@ static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
     ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
                         wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
                         1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifdef WOLFSSL_PUBLIC_MP
     priv = wc_ecc_key_get_priv(key1);
@@ -31095,10 +31417,8 @@ static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
     ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
                         wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
                         1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (!wc_ecc_point_is_at_infinity(&key3->pubkey)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
@@ -31141,16 +31461,16 @@ static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
 
     /* Parameter Validation testing. */
     ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
@@ -31171,7 +31491,7 @@ static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
@@ -31188,7 +31508,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
 #else
     ecc_key key[1];
 #endif
-#if !defined(NO_ECC_SECP) && \
+#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \
     ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
      (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
     word32 idx = 0;
@@ -31203,15 +31523,13 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
 
     /* Use API */
     ret = wc_ecc_set_flags(NULL, 0);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_set_flags(key, 0);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #ifndef WOLF_CRYPTO_CB_ONLY_ECC
 #ifndef WC_NO_RNG
     ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
@@ -31241,7 +31559,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
     (void)rng;
 #endif /* !WC_NO_RNG */
 
-#if !defined(NO_ECC_SECP) && \
+#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \
     ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
      (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
     /* Use test ECC key - ensure real private "d" exists */
@@ -31295,9 +31613,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
 
     wc_ecc_free(key);
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (key != NULL) {
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -31362,22 +31678,22 @@ static wc_test_ret_t ecc_decode_test(void)
 
     inSz = sizeof(good);
     ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -31386,14 +31702,14 @@ static wc_test_ret_t ecc_decode_test(void)
     inOutIdx = 2;
     inSz = sizeof(good) - inOutIdx;
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inOutIdx = 4;
     inSz = sizeof(good) - inOutIdx;
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -31401,56 +31717,66 @@ static wc_test_ret_t ecc_decode_test(void)
     inSz = sizeof(badNoObjId);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
-    if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badOneObjId);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
-    if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badObjId1Len);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badObj2d1Len);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNotBitStr);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
-    if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_BITSTR_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badBitStrLen);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNoBitStrZero);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
-    if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badPoint);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
-    if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_ECC_KEY_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -31458,10 +31784,8 @@ static wc_test_ret_t ecc_decode_test(void)
     inSz = sizeof(good);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 done:
 
@@ -31592,10 +31916,8 @@ static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng)
 #endif
 
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
@@ -31884,7 +32206,7 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
 
 #ifndef WC_NO_RNG
     ret = wc_ecc_sm2_make_key(rng, userA, WC_ECC_FLAG_NONE);
-    if (ret == ECC_CURVE_OID_E)
+    if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E))
         goto done; /* catch case, where curve is not supported */
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
@@ -32389,7 +32711,7 @@ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
             ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
                               FOURK_BUF, NULL, caEccKey, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     certSz = (int)ret;
@@ -32418,11 +32740,9 @@ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (myCert != NULL)
-        XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef WOLFSSL_TEST_CERT
-    if (decode != NULL)
-        XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     if (caEccKey != NULL) {
         wc_ecc_free(caEccKey);
@@ -32896,9 +33216,7 @@ static wc_test_ret_t ecc_test_nonblock_ecdsa(int curveId, word32 curveSz,
                   sigSz, curveSz, curveId);
     }
 
-    if (sig != NULL) {
-        XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
-    }
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
 
     return ret;
 }
@@ -33175,25 +33493,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
     }
 #endif
 
-#if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
-                               defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
-    && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
-    #ifdef HAVE_ECC256
+#if defined(HAVE_ECC_SIGN) && \
+    (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
+     defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \
+     (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
+
+    #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
     ret = ecc_test_deterministic_k(&rng);
     if (ret != 0) {
         printf("ecc_test_deterministic_k failed!\n");
         goto done;
     }
     #endif
+
     #ifdef WOLFSSL_PUBLIC_MP
-    #if defined(HAVE_ECC384)
+    #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
+        ECC_MIN_KEY_SZ <= 384
     ret = ecc384_test_deterministic_k(&rng);
     if (ret != 0) {
         printf("ecc384_test_deterministic_k failed!\n");
         goto done;
     }
     #endif
-    #if defined(HAVE_ECC521)
+    #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
+        ECC_MIN_KEY_SZ <= 521
     ret = ecc521_test_deterministic_k(&rng);
     if (ret != 0) {
         printf("ecc512_test_deterministic_k failed!\n");
@@ -33612,13 +33935,9 @@ static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng)
         wc_ecc_free(userA);
 #endif
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (userB != NULL) {
-        XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef WOLFSSL_ECIES_OLD
-    if (userA != NULL) {
-        XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #endif
 
@@ -34168,10 +34487,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
-TEST_SLEEP();
+    TEST_SLEEP();
 
     XMEMSET(plain, 0, sizeof(plain));
 
@@ -34182,7 +34501,7 @@ TEST_SLEEP();
         if (ret == 0)
             ret = wc_ecc_verify_hash(out, x, in, inLen, &verify,
                 cliKey);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (verify != 1)
@@ -34442,19 +34761,19 @@ static wc_test_ret_t curve25519_check_public_test(void)
     /* Parameter checks */
     /* NULL pointer */
     ret = wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         return WC_TEST_RET_ENC_EC(ret);
     }
     ret = wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         return WC_TEST_RET_ENC_EC(ret);
     }
     /* Length of 0 treated differently to other invalid lengths for TLS */
     ret = wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Length not CURVE25519_KEYSIZE */
@@ -34462,11 +34781,11 @@ static wc_test_ret_t curve25519_check_public_test(void)
         if (i == CURVE25519_KEYSIZE)
             continue;
         if (wc_curve25519_check_public(good, (word32)i, EC25519_LITTLE_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
         if (wc_curve25519_check_public(good, (word32)i, EC25519_BIG_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
     }
@@ -34894,8 +35213,7 @@ static wc_test_ret_t ed25519_test_cert(void)
 #endif /* HAVE_ED25519_VERIFY */
 
 done:
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef HAVE_ED25519_VERIFY
     wc_ed25519_free(pubKey);
 #endif /* HAVE_ED25519_VERIFY */
@@ -34968,8 +35286,7 @@ static wc_test_ret_t ed25519_test_make_cert(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 done:
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     wc_ed25519_free(privKey);
     wc_FreeRng(&rng);
     return ret;
@@ -35023,14 +35340,14 @@ static wc_test_ret_t ed25519_test_check_key(void)
 
     /* Load bad public key only and perform checks. */
     ret = wc_ed25519_import_public(key_bad_y, ED25519_PUB_KEY_SIZE + 1, &key);
-    if (ret != PUBLIC_KEY_E) {
+    if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
         res = WC_TEST_RET_ENC_NC;
     }
     if (res == 0) {
         /* Load bad public key only and perform checks. */
         ret = wc_ed25519_import_public(key_bad_y_max, ED25519_PUB_KEY_SIZE + 1,
             &key);
-        if (ret != PUBLIC_KEY_E) {
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
             res = WC_TEST_RET_ENC_NC;
         }
     }
@@ -35038,7 +35355,7 @@ static wc_test_ret_t ed25519_test_check_key(void)
         /* Load bad public key only and perform checks. */
         ret = wc_ed25519_import_public(key_bad_y_is_p, ED25519_PUB_KEY_SIZE + 1,
             &key);
-        if (ret != PUBLIC_KEY_E) {
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
             res = WC_TEST_RET_ENC_NC;
         }
     }
@@ -35861,22 +36178,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
 
         ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0],
                 &verify, &key);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return ret;
 
         ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0],
                 &verify, &key);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return ret;
 
         ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0],
                 &verify, &key);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return ret;
 
         ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0],
                 &verify, &key);
-        if (ret != SIG_VERIFY_E)
+        if (ret != WC_NO_ERR_TRACE(SIG_VERIFY_E))
             return ret;
     }
 
@@ -35902,7 +36219,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
         return WC_TEST_RET_ENC_NC;
 
     ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* try with a buffer size that is too large */
@@ -36049,17 +36366,17 @@ static wc_test_ret_t curve448_check_public_test(void)
     /* Parameter checks */
     /* NULL pointer */
     ret = wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* Length of 0 treated differently to other invalid lengths for TLS */
     ret = wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Length not CURVE448_KEY_SIZE */
@@ -36067,11 +36384,11 @@ static wc_test_ret_t curve448_check_public_test(void)
         if (i == CURVE448_KEY_SIZE)
             continue;
         if (wc_curve448_check_public(good, (word32)i, EC448_LITTLE_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
         if (wc_curve448_check_public(good, (word32)i, EC448_BIG_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
     }
@@ -36410,8 +36727,7 @@ static wc_test_ret_t ed448_test_cert(void)
 #endif /* HAVE_ED448_VERIFY */
 
 done:
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef HAVE_ED448_VERIFY
     wc_ed448_free(pubKey);
 #endif /* HAVE_ED448_VERIFY */
@@ -36484,8 +36800,7 @@ static wc_test_ret_t ed448_test_make_cert(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 done:
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     wc_ed448_free(privKey);
     wc_FreeRng(&rng);
     return ret;
@@ -36555,14 +36870,14 @@ static wc_test_ret_t ed448_test_check_key(void)
 
     /* Load bad public key only and perform checks. */
     ret = wc_ed448_import_public(key_bad_y, ED448_PUB_KEY_SIZE + 1, &key);
-    if (ret != PUBLIC_KEY_E) {
+    if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
         res = WC_TEST_RET_ENC_NC;
     }
     if (ret == 0) {
         /* Load bad public key only and perform checks. */
         ret = wc_ed448_import_public(key_bad_y_max, ED448_PUB_KEY_SIZE + 1,
             &key);
-        if (ret != PUBLIC_KEY_E) {
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
             res = WC_TEST_RET_ENC_NC;
         }
     }
@@ -36570,7 +36885,7 @@ static wc_test_ret_t ed448_test_check_key(void)
         /* Load bad public key only and perform checks. */
         ret = wc_ed448_import_public(key_bad_y_is_p, ED448_PUB_KEY_SIZE + 1,
             &key);
-        if (ret != PUBLIC_KEY_E) {
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
             res = WC_TEST_RET_ENC_NC;
         }
     }
@@ -37507,7 +37822,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     idx = 0;
@@ -37607,7 +37922,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
 #endif /* HAVE_ED448 */
 
 #ifdef WOLFSSL_HAVE_KYBER
-#ifdef WOLFSSL_WC_KYBER /* OQS and PQM4 do not support KATs */
+#ifdef WOLFSSL_WC_KYBER /* OQS does not support KATs */
 #ifdef WOLFSSL_KYBER512
 static wc_test_ret_t kyber512_kat(void)
 {
@@ -37645,6 +37960,7 @@ static wc_test_ret_t kyber512_kat(void)
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = {
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
         0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
         0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
@@ -37745,8 +38061,111 @@ static wc_test_ret_t kyber512_kat(void)
         0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
+#else
+        0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa,
+        0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57,
+        0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
+        0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78,
+        0x96, 0xac, 0xf1, 0x26, 0x2c, 0x81, 0x35, 0x10,
+        0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
+        0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c,
+        0x0b, 0x9b, 0x58, 0x19, 0x92, 0x63, 0x8c, 0xb7,
+        0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
+        0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9,
+        0x88, 0x72, 0x2c, 0x36, 0x35, 0x42, 0x3e, 0x27,
+        0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
+        0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c,
+        0x5c, 0x90, 0x35, 0xbb, 0x0a, 0xf2, 0xc9, 0x92,
+        0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
+        0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5,
+        0x9e, 0x91, 0x36, 0xb3, 0x9f, 0x95, 0x6c, 0x93,
+        0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
+        0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7,
+        0x6b, 0xbf, 0x92, 0xc8, 0x05, 0x45, 0x66, 0x68,
+        0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
+        0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55,
+        0x6e, 0xb9, 0x77, 0x82, 0xe2, 0x7a, 0x3c, 0x78,
+        0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
+        0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b,
+        0xa9, 0xe1, 0x59, 0x9b, 0x17, 0xb3, 0x0d, 0xcc,
+        0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
+        0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72,
+        0xc2, 0xb9, 0xc9, 0x74, 0x43, 0x94, 0xc6, 0xab,
+        0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
+        0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83,
+        0x2e, 0xe3, 0x2a, 0x07, 0x65, 0x4a, 0x07, 0x0c,
+        0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
+        0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b,
+        0x3f, 0x97, 0x51, 0x92, 0x3e, 0x44, 0x27, 0x4f,
+        0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
+        0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50,
+        0x97, 0xca, 0xd9, 0x55, 0x3f, 0x5a, 0x26, 0x3f,
+        0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
+        0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57,
+        0xa3, 0x15, 0x3c, 0x0a, 0x5e, 0x0a, 0x1c, 0xcd,
+        0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
+        0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88,
+        0x08, 0xca, 0xc3, 0x7f, 0x7d, 0xa6, 0xb1, 0x6f,
+        0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
+        0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32,
+        0x86, 0xcc, 0xc7, 0xc3, 0x74, 0x9c, 0x63, 0xc7,
+        0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
+        0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88,
+        0x1e, 0xc1, 0x41, 0x2b, 0xda, 0xe3, 0x42, 0x08,
+        0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
+        0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62,
+        0xcb, 0x2a, 0x15, 0x5a, 0x10, 0x03, 0x09, 0xd1,
+        0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
+        0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10,
+        0xc1, 0x08, 0xf8, 0x50, 0x30, 0x95, 0x04, 0xd7,
+        0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
+        0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb,
+        0x25, 0x5e, 0xe7, 0xa6, 0xa0, 0xa7, 0x53, 0xbd,
+        0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
+        0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69,
+        0x11, 0x3c, 0xc0, 0x13, 0xff, 0x74, 0x94, 0xba,
+        0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
+        0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58,
+        0x9d, 0x57, 0xe3, 0x22, 0xfe, 0xfa, 0x41, 0x00,
+        0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
+        0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8,
+        0x9c, 0xb1, 0x0b, 0x27, 0x1a, 0xa0, 0x5d, 0x99,
+        0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
+        0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0,
+        0x88, 0x3d, 0xa2, 0x06, 0x4f, 0x79, 0x5e, 0x0e,
+        0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
+        0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c,
+        0xa8, 0x01, 0xe5, 0x9f, 0xd7, 0x52, 0xca, 0x6e,
+        0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
+        0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb,
+        0x26, 0x0c, 0x92, 0x9a, 0x13, 0x44, 0xa8, 0x49,
+        0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
+        0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71,
+        0x44, 0x64, 0x03, 0x1a, 0x78, 0x43, 0x92, 0x87,
+        0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
+        0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c,
+        0xca, 0x90, 0x1b, 0x2a, 0xea, 0x12, 0x98, 0x17,
+        0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
+        0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5,
+        0x46, 0x71, 0x86, 0x2d, 0x90, 0x47, 0x0b, 0x1e,
+        0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
+        0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb,
+        0xcc, 0xe1, 0xdb, 0x77, 0x02, 0xea, 0x9d, 0xd6,
+        0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
+        0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85,
+        0x11, 0xf6, 0x6c, 0x3e, 0x0b, 0x92, 0x8d, 0xb8,
+        0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
+        0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3,
+        0xb2, 0x75, 0x91, 0xc8, 0x21, 0x92, 0x90, 0x76,
+        0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
+        0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0,
+        0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42,
+        0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
+        0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39
+#endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = {
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64,
         0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE,
         0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33,
@@ -37951,9 +38370,215 @@ static wc_test_ret_t kyber512_kat(void)
         0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
+#else
+        0x9c, 0xda, 0x16, 0x86, 0xa3, 0x39, 0x6a, 0x7c,
+        0x10, 0x9b, 0x41, 0x52, 0x89, 0xf5, 0x6a, 0x9e,
+        0xc4, 0x4c, 0xd5, 0xb9, 0xb6, 0x74, 0xc3, 0x8a,
+        0x3b, 0xba, 0xb3, 0x0a, 0x2c, 0x90, 0xf0, 0x04,
+        0x37, 0xa2, 0x64, 0xb0, 0xbe, 0x9a, 0x1e, 0x8b,
+        0xa8, 0x87, 0xd3, 0xc3, 0xb1, 0x00, 0x89, 0x80,
+        0x54, 0x27, 0x2f, 0x94, 0x1c, 0x88, 0xa1, 0xf2,
+        0x08, 0xf1, 0xc9, 0x14, 0xf9, 0x64, 0xc1, 0xaa,
+        0xd6, 0x13, 0xa6, 0xa8, 0x4f, 0x88, 0xe4, 0x2d,
+        0x35, 0x56, 0x83, 0x5f, 0xb1, 0x61, 0xfd, 0xc5,
+        0xcd, 0x15, 0xa3, 0xbc, 0x7e, 0x74, 0xb6, 0xf2,
+        0x61, 0x2f, 0xa8, 0x27, 0x1c, 0x7e, 0xa1, 0x12,
+        0xb0, 0x5c, 0x2a, 0x36, 0xcc, 0x70, 0x7c, 0xe3,
+        0x8d, 0x5d, 0x1a, 0xcc, 0x51, 0x15, 0x46, 0x2a,
+        0x8c, 0x1a, 0xab, 0xf0, 0x72, 0x76, 0xc7, 0x23,
+        0x18, 0x33, 0x7f, 0x74, 0xb5, 0xcb, 0xef, 0xea,
+        0x7a, 0x80, 0x37, 0x90, 0xbc, 0x03, 0x93, 0xf3,
+        0xa5, 0x4c, 0x72, 0x4a, 0x57, 0x65, 0xa4, 0x8f,
+        0x29, 0x6b, 0x03, 0xf4, 0x84, 0x37, 0x60, 0x23,
+        0x62, 0x69, 0x30, 0x22, 0x27, 0x04, 0xc0, 0x8f,
+        0xd3, 0xbc, 0x72, 0x93, 0x15, 0xd1, 0xfc, 0x70,
+        0xeb, 0x79, 0x75, 0xa9, 0x7b, 0x9d, 0xee, 0xd1,
+        0x62, 0xf4, 0x86, 0xbb, 0xc6, 0x4a, 0x09, 0x71,
+        0x11, 0x95, 0x2d, 0x89, 0xb5, 0x7d, 0x76, 0x5e,
+        0x8a, 0x99, 0x1a, 0x2e, 0x56, 0x42, 0x06, 0xea,
+        0x7b, 0xf5, 0xe4, 0x00, 0x7a, 0x66, 0x35, 0x88,
+        0x31, 0xca, 0x0e, 0x34, 0xb2, 0xf6, 0xa8, 0x4d,
+        0x10, 0xf7, 0x9c, 0x47, 0x7c, 0xb6, 0x6a, 0x8a,
+        0x95, 0x25, 0x69, 0x36, 0x73, 0x88, 0x13, 0x0d,
+        0x7b, 0x97, 0x4a, 0x63, 0xaa, 0x51, 0x99, 0x6c,
+        0x97, 0x70, 0x9b, 0xb8, 0xea, 0xbc, 0x94, 0xe6,
+        0xa5, 0x35, 0xd7, 0x92, 0xd2, 0x90, 0x54, 0x74,
+        0x95, 0x2d, 0x6b, 0x8c, 0x22, 0x22, 0xb2, 0xae,
+        0x56, 0xdc, 0x66, 0xfb, 0x04, 0x61, 0x19, 0x20,
+        0x66, 0xcd, 0xdb, 0x43, 0xec, 0x05, 0x98, 0x4f,
+        0xb4, 0x98, 0x26, 0x49, 0x77, 0x13, 0x97, 0xc6,
+        0xa8, 0x37, 0x9f, 0x3b, 0x56, 0x43, 0x06, 0x98,
+        0x48, 0x87, 0x59, 0x19, 0xe8, 0x9c, 0xc4, 0x39,
+        0xa3, 0xbe, 0x2f, 0x08, 0x14, 0x90, 0xf3, 0x41,
+        0xbd, 0x12, 0x40, 0xad, 0xd8, 0x0d, 0xdb, 0x8c,
+        0x99, 0x63, 0xb4, 0x7a, 0x2a, 0x09, 0x92, 0x29,
+        0x03, 0x38, 0xda, 0x9c, 0x3b, 0x72, 0x5c, 0x6d,
+        0xa4, 0x47, 0x18, 0xc0, 0x10, 0x46, 0x81, 0x25,
+        0x62, 0xaf, 0xb0, 0x84, 0x83, 0x7a, 0xcb, 0x3c,
+        0x57, 0x5e, 0x4f, 0x93, 0x93, 0x6c, 0x35, 0x2a,
+        0xc0, 0xe7, 0x0a, 0xa3, 0x84, 0x5e, 0xe4, 0x85,
+        0x29, 0x6e, 0x6b, 0x02, 0xde, 0x0b, 0x47, 0xb5,
+        0xc4, 0xc9, 0x6b, 0x0b, 0x7c, 0xf9, 0x4c, 0x4a,
+        0xbe, 0x95, 0x48, 0x61, 0x53, 0x11, 0x8e, 0x43,
+        0xc2, 0xb9, 0xc8, 0x4d, 0x9d, 0xa9, 0x1c, 0x6c,
+        0x5a, 0xcd, 0x5a, 0x57, 0x00, 0x2d, 0x05, 0x84,
+        0x97, 0x99, 0x27, 0x99, 0xe5, 0xba, 0x1c, 0xe6,
+        0xc2, 0x5e, 0xb2, 0x98, 0x44, 0xd8, 0x58, 0xba,
+        0x1c, 0x37, 0x85, 0x0c, 0x0c, 0x2f, 0x57, 0xc6,
+        0x0d, 0xe3, 0x7f, 0x77, 0xc0, 0x82, 0xec, 0x14,
+        0x49, 0x4e, 0xba, 0x28, 0x8a, 0x65, 0x91, 0x51,
+        0x16, 0xc2, 0x0a, 0x32, 0x5d, 0xe3, 0x1a, 0xaa,
+        0xdd, 0x68, 0x0d, 0xb1, 0x9c, 0x0c, 0xfc, 0xc3,
+        0x46, 0x0f, 0x0a, 0xa0, 0x1a, 0x87, 0xa6, 0xa5,
+        0x80, 0xc6, 0xca, 0x29, 0x1f, 0xae, 0xf0, 0xcc,
+        0xc4, 0x9b, 0x76, 0xa8, 0xda, 0xc4, 0xf9, 0xd4,
+        0x16, 0x40, 0x50, 0x9d, 0xbd, 0x0b, 0x40, 0x45,
+        0xc1, 0x53, 0x0e, 0xd3, 0x47, 0x55, 0xd4, 0x74,
+        0x62, 0x70, 0x0f, 0x2a, 0x8c, 0xaf, 0x96, 0x80,
+        0xa6, 0xd7, 0xe3, 0x8a, 0x7e, 0x2a, 0x63, 0xe9,
+        0x37, 0x65, 0x0a, 0x23, 0x30, 0x6d, 0x85, 0x5d,
+        0xa2, 0xa2, 0xb7, 0xef, 0x50, 0x5c, 0xa5, 0x96,
+        0xab, 0x04, 0x85, 0x01, 0x3e, 0xa9, 0x27, 0xc7,
+        0x34, 0x23, 0x43, 0x61, 0x36, 0x43, 0xba, 0x40,
+        0x07, 0xd6, 0xc8, 0x74, 0xb9, 0x80, 0xc7, 0x9c,
+        0x3a, 0xa1, 0xc7, 0x4f, 0x85, 0x81, 0xc3, 0x48,
+        0x49, 0xb3, 0x6e, 0xa7, 0x98, 0x15, 0xfb, 0xb4,
+        0xcc, 0xf9, 0x61, 0x05, 0x83, 0x08, 0x1d, 0x7c,
+        0x5b, 0x44, 0x09, 0xb8, 0xd0, 0x53, 0x1c, 0x04,
+        0xbc, 0xaf, 0x7c, 0xc7, 0x51, 0x10, 0x3a, 0x5f,
+        0xd1, 0xba, 0x44, 0x70, 0x83, 0x3e, 0x89, 0x77,
+        0x5a, 0xde, 0xd9, 0x70, 0xb5, 0x47, 0x18, 0x59,
+        0x25, 0x0f, 0xe7, 0x26, 0x71, 0x05, 0x83, 0x5f,
+        0x39, 0x00, 0x30, 0xc5, 0xe7, 0xcd, 0x3f, 0x96,
+        0x10, 0x19, 0xea, 0xae, 0xa2, 0x37, 0x77, 0xd3,
+        0x47, 0xbb, 0x2a, 0xdc, 0xb6, 0x73, 0xc0, 0x20,
+        0x34, 0xf3, 0x94, 0x34, 0x22, 0x71, 0xbc, 0xea,
+        0x64, 0x14, 0xe5, 0x46, 0xc3, 0xb2, 0x0b, 0xd5,
+        0x74, 0x81, 0xc7, 0xea, 0x14, 0xc7, 0x7c, 0x38,
+        0x8c, 0xc8, 0x62, 0x51, 0xc1, 0x25, 0x58, 0xb1,
+        0x00, 0xf8, 0xc5, 0xb3, 0xd0, 0x3c, 0xa2, 0xc7,
+        0x07, 0x13, 0x90, 0x96, 0x59, 0xc8, 0xba, 0x26,
+        0xd0, 0xd1, 0x76, 0x5e, 0x0b, 0xc8, 0x23, 0xd6,
+        0x8c, 0xa5, 0x57, 0x0d, 0xe6, 0x00, 0xcd, 0x09,
+        0x41, 0x72, 0x5d, 0x38, 0x6e, 0x14, 0xc1, 0x01,
+        0x2d, 0xf5, 0x95, 0x1b, 0xeb, 0x8d, 0x82, 0x81,
+        0xa4, 0xf6, 0x81, 0x5d, 0x37, 0x60, 0xb7, 0x64,
+        0x29, 0x5a, 0xd0, 0x40, 0x6c, 0x2b, 0xf7, 0x92,
+        0x8a, 0xd6, 0x50, 0x32, 0xb6, 0x5f, 0x14, 0xb7,
+        0x7c, 0xcb, 0x89, 0x17, 0xc9, 0x3a, 0x29, 0xd6,
+        0x28, 0x7d, 0x8a, 0x60, 0x62, 0x39, 0x9c, 0xb6,
+        0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa,
+        0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57,
+        0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
+        0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78,
+        0x96, 0xac, 0xf1, 0x26, 0x2c, 0x81, 0x35, 0x10,
+        0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
+        0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c,
+        0x0b, 0x9b, 0x58, 0x19, 0x92, 0x63, 0x8c, 0xb7,
+        0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
+        0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9,
+        0x88, 0x72, 0x2c, 0x36, 0x35, 0x42, 0x3e, 0x27,
+        0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
+        0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c,
+        0x5c, 0x90, 0x35, 0xbb, 0x0a, 0xf2, 0xc9, 0x92,
+        0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
+        0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5,
+        0x9e, 0x91, 0x36, 0xb3, 0x9f, 0x95, 0x6c, 0x93,
+        0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
+        0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7,
+        0x6b, 0xbf, 0x92, 0xc8, 0x05, 0x45, 0x66, 0x68,
+        0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
+        0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55,
+        0x6e, 0xb9, 0x77, 0x82, 0xe2, 0x7a, 0x3c, 0x78,
+        0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
+        0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b,
+        0xa9, 0xe1, 0x59, 0x9b, 0x17, 0xb3, 0x0d, 0xcc,
+        0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
+        0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72,
+        0xc2, 0xb9, 0xc9, 0x74, 0x43, 0x94, 0xc6, 0xab,
+        0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
+        0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83,
+        0x2e, 0xe3, 0x2a, 0x07, 0x65, 0x4a, 0x07, 0x0c,
+        0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
+        0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b,
+        0x3f, 0x97, 0x51, 0x92, 0x3e, 0x44, 0x27, 0x4f,
+        0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
+        0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50,
+        0x97, 0xca, 0xd9, 0x55, 0x3f, 0x5a, 0x26, 0x3f,
+        0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
+        0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57,
+        0xa3, 0x15, 0x3c, 0x0a, 0x5e, 0x0a, 0x1c, 0xcd,
+        0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
+        0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88,
+        0x08, 0xca, 0xc3, 0x7f, 0x7d, 0xa6, 0xb1, 0x6f,
+        0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
+        0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32,
+        0x86, 0xcc, 0xc7, 0xc3, 0x74, 0x9c, 0x63, 0xc7,
+        0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
+        0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88,
+        0x1e, 0xc1, 0x41, 0x2b, 0xda, 0xe3, 0x42, 0x08,
+        0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
+        0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62,
+        0xcb, 0x2a, 0x15, 0x5a, 0x10, 0x03, 0x09, 0xd1,
+        0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
+        0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10,
+        0xc1, 0x08, 0xf8, 0x50, 0x30, 0x95, 0x04, 0xd7,
+        0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
+        0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb,
+        0x25, 0x5e, 0xe7, 0xa6, 0xa0, 0xa7, 0x53, 0xbd,
+        0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
+        0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69,
+        0x11, 0x3c, 0xc0, 0x13, 0xff, 0x74, 0x94, 0xba,
+        0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
+        0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58,
+        0x9d, 0x57, 0xe3, 0x22, 0xfe, 0xfa, 0x41, 0x00,
+        0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
+        0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8,
+        0x9c, 0xb1, 0x0b, 0x27, 0x1a, 0xa0, 0x5d, 0x99,
+        0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
+        0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0,
+        0x88, 0x3d, 0xa2, 0x06, 0x4f, 0x79, 0x5e, 0x0e,
+        0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
+        0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c,
+        0xa8, 0x01, 0xe5, 0x9f, 0xd7, 0x52, 0xca, 0x6e,
+        0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
+        0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb,
+        0x26, 0x0c, 0x92, 0x9a, 0x13, 0x44, 0xa8, 0x49,
+        0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
+        0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71,
+        0x44, 0x64, 0x03, 0x1a, 0x78, 0x43, 0x92, 0x87,
+        0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
+        0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c,
+        0xca, 0x90, 0x1b, 0x2a, 0xea, 0x12, 0x98, 0x17,
+        0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
+        0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5,
+        0x46, 0x71, 0x86, 0x2d, 0x90, 0x47, 0x0b, 0x1e,
+        0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
+        0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb,
+        0xcc, 0xe1, 0xdb, 0x77, 0x02, 0xea, 0x9d, 0xd6,
+        0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
+        0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85,
+        0x11, 0xf6, 0x6c, 0x3e, 0x0b, 0x92, 0x8d, 0xb8,
+        0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
+        0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3,
+        0xb2, 0x75, 0x91, 0xc8, 0x21, 0x92, 0x90, 0x76,
+        0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
+        0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0,
+        0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42,
+        0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
+        0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39,
+        0x50, 0xc8, 0xdd, 0x15, 0x2a, 0x45, 0x31, 0xaa,
+        0xb5, 0x60, 0xd2, 0xfc, 0x7c, 0xa9, 0xa4, 0x0a,
+        0xd8, 0xaf, 0x25, 0xad, 0x1d, 0xd0, 0x8c, 0x6d,
+        0x79, 0xaf, 0xe4, 0xdd, 0x4d, 0x1e, 0xee, 0x5a,
+        0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
+        0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
+        0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
+        0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
+#endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = {
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D,
         0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA,
         0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9,
@@ -38051,115 +38676,115 @@ static wc_test_ret_t kyber512_kat(void)
         0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81,
         0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D
 #else
-        0x75, 0x49, 0x99, 0x8d, 0x46, 0x9e, 0x2e, 0x47,
-        0x90, 0x02, 0x30, 0x5b, 0x09, 0xb4, 0x4d, 0xba,
-        0xdb, 0xc2, 0x45, 0x7f, 0xfd, 0x31, 0x25, 0xf6,
-        0xd3, 0x1b, 0x0f, 0x27, 0xb8, 0x03, 0xd5, 0x81,
-        0x07, 0x1c, 0x1d, 0xc6, 0x18, 0x11, 0x96, 0xfe,
-        0x76, 0xdf, 0x78, 0xde, 0x20, 0xdd, 0xa6, 0x09,
-        0xcf, 0x1b, 0x7c, 0xb7, 0xa3, 0x52, 0xc4, 0xdd,
-        0x9c, 0x2c, 0xfc, 0x18, 0x80, 0x1f, 0x03, 0x6f,
-        0xe4, 0x0f, 0x8f, 0x7e, 0x6f, 0x3d, 0xd7, 0x3f,
-        0x38, 0x71, 0x30, 0xbe, 0x38, 0x7b, 0x17, 0x13,
-        0x41, 0x8f, 0x83, 0xd9, 0x3d, 0xc7, 0xf8, 0x07,
-        0x4a, 0x03, 0x24, 0x55, 0xc4, 0x6f, 0x85, 0x7c,
-        0x6b, 0x6b, 0x35, 0x42, 0x9c, 0x79, 0x00, 0x65,
-        0x42, 0x0d, 0x74, 0x22, 0x52, 0xee, 0x53, 0xf5,
-        0x3f, 0x6e, 0x64, 0xa9, 0xb7, 0x8a, 0x49, 0xbc,
-        0x29, 0xb8, 0xce, 0x84, 0x83, 0x1a, 0x01, 0xc3,
-        0x42, 0x9e, 0x34, 0x69, 0x60, 0xdc, 0x55, 0x95,
-        0x26, 0xd9, 0x78, 0x53, 0xc3, 0x66, 0x31, 0xb4,
-        0x77, 0x32, 0x85, 0xfa, 0xfe, 0x8e, 0x3c, 0xa4,
-        0x25, 0x5a, 0x87, 0x23, 0xae, 0x4f, 0x02, 0xdd,
-        0xd8, 0x5a, 0x47, 0x81, 0xb9, 0xf4, 0x18, 0x6d,
-        0x67, 0xa8, 0x3b, 0x5d, 0x9e, 0xdd, 0xc3, 0xae,
-        0x7c, 0xd4, 0x09, 0x6c, 0x33, 0xf4, 0xd9, 0x7f,
-        0xe0, 0x20, 0x30, 0xec, 0xb6, 0xa1, 0xa8, 0xad,
-        0x9b, 0x19, 0xd3, 0xeb, 0x32, 0xf1, 0xb8, 0xf2,
-        0x71, 0xb3, 0x03, 0x53, 0xe9, 0xe1, 0x9d, 0xd1,
-        0x83, 0xf0, 0x6b, 0x54, 0xc3, 0xcb, 0x02, 0xef,
-        0x16, 0x62, 0x82, 0x75, 0x2a, 0xa1, 0x1c, 0x81,
-        0x58, 0xe4, 0x8b, 0xbc, 0x68, 0x30, 0x17, 0x1c,
-        0xa7, 0xdd, 0xb7, 0x5a, 0x35, 0xe4, 0x6c, 0x35,
-        0x32, 0x1a, 0xbe, 0x6a, 0x74, 0x20, 0x32, 0xc7,
-        0x72, 0xa1, 0x6b, 0x3d, 0x1c, 0xdd, 0xfc, 0x6f,
-        0x28, 0x01, 0xe2, 0xb8, 0x17, 0x30, 0x2d, 0xbc,
-        0x94, 0xf3, 0x33, 0xc0, 0xcb, 0x91, 0xe1, 0xce,
-        0xbd, 0x5e, 0xc6, 0x1e, 0x49, 0xfa, 0x5a, 0x14,
-        0xaa, 0xa3, 0x93, 0x75, 0x5f, 0xc3, 0xe6, 0xf4,
-        0xb8, 0xc5, 0xc4, 0xfa, 0x4b, 0xaa, 0x07, 0xa0,
-        0x8c, 0x4f, 0x33, 0x94, 0x62, 0x63, 0x58, 0xa1,
-        0x5e, 0x69, 0x0e, 0xe1, 0xe4, 0x82, 0x9b, 0x11,
-        0x1c, 0x17, 0x24, 0x1a, 0xee, 0x37, 0xd5, 0xc8,
-        0x32, 0xf4, 0x84, 0x76, 0x88, 0xfe, 0x5b, 0x5d,
-        0x1b, 0x19, 0xe8, 0xe0, 0x4d, 0x9d, 0x19, 0x37,
-        0x00, 0x19, 0x87, 0xf3, 0xb4, 0xb8, 0x35, 0x49,
-        0xc3, 0xe5, 0x30, 0xe4, 0x11, 0x9d, 0x16, 0x4b,
-        0x20, 0xef, 0x9d, 0x3a, 0x72, 0xf7, 0x4c, 0x04,
-        0x4a, 0x97, 0x45, 0x91, 0x22, 0x8b, 0x41, 0xe6,
-        0x80, 0xec, 0x56, 0x40, 0xa9, 0x72, 0x34, 0xc2,
-        0xc6, 0x01, 0x7c, 0x95, 0xe9, 0x1b, 0xe2, 0xbd,
-        0x49, 0x85, 0x47, 0xd5, 0x7a, 0x52, 0x22, 0xb8,
-        0x16, 0x2a, 0x35, 0x46, 0x65, 0x6d, 0x59, 0x98,
-        0x0d, 0x51, 0xaf, 0x59, 0x5b, 0xf5, 0xf2, 0x3a,
-        0x63, 0x2f, 0x6d, 0x85, 0x44, 0xb8, 0x10, 0x74,
-        0xae, 0xd3, 0x4c, 0x03, 0x52, 0xba, 0x56, 0x0d,
-        0xea, 0xfb, 0x07, 0x44, 0x1a, 0x55, 0xa9, 0x37,
-        0x63, 0x42, 0xe5, 0x0a, 0x0e, 0xc2, 0x53, 0x72,
-        0x28, 0x25, 0x5a, 0x4b, 0x5d, 0x03, 0xc9, 0x29,
-        0x57, 0xf4, 0xea, 0x35, 0x07, 0xb4, 0xba, 0xad,
-        0xce, 0x53, 0xcc, 0xdf, 0xb7, 0x36, 0x4f, 0xfc,
-        0x18, 0x17, 0xb5, 0x8c, 0x50, 0xef, 0x28, 0xe3,
-        0x22, 0xe1, 0xb9, 0x45, 0xe0, 0xeb, 0x9b, 0x12,
-        0x33, 0x97, 0x5c, 0x30, 0xa5, 0x54, 0x53, 0x68,
-        0x68, 0x27, 0x14, 0xbf, 0x50, 0x2b, 0x61, 0xe1,
-        0xd0, 0x45, 0x7a, 0x97, 0x53, 0xe1, 0x0d, 0xe0,
-        0xf1, 0xbf, 0x35, 0xec, 0x3a, 0x3f, 0x47, 0x0a,
-        0x3c, 0x69, 0xcc, 0xb0, 0x4d, 0x2d, 0x98, 0xfa,
-        0xb3, 0xa0, 0xb6, 0x72, 0x9a, 0x98, 0x75, 0xe1,
-        0xdb, 0x53, 0x3c, 0x96, 0xb4, 0x1e, 0x3d, 0x98,
-        0x62, 0x8a, 0x6f, 0x8c, 0xf6, 0x68, 0x40, 0x6c,
-        0x5f, 0x03, 0x8e, 0x6b, 0x7b, 0x24, 0x2f, 0xdf,
-        0x86, 0xa7, 0xf1, 0xe6, 0x97, 0xae, 0xb1, 0x36,
-        0x11, 0x41, 0x67, 0xb1, 0x3f, 0x89, 0xf2, 0x31,
-        0xbc, 0xec, 0x7a, 0x41, 0x66, 0xb3, 0x9e, 0xab,
-        0x4a, 0x37, 0x09, 0x23, 0x78, 0x22, 0x05, 0x0c,
-        0x49, 0xc9, 0x25, 0x95, 0xa2, 0x37, 0xf2, 0xeb,
-        0x48, 0x3b, 0x9e, 0x1d, 0xd6, 0x12, 0x4b, 0xed,
-        0x5e, 0xb9, 0xb7, 0xb5, 0x12, 0x12, 0x96, 0x37,
-        0x6b, 0x7d, 0x20, 0x14, 0xa7, 0x75, 0x60, 0xca,
-        0x65, 0x83, 0x3d, 0x8b, 0xeb, 0x4d, 0x6a, 0xe6,
-        0x8e, 0xfd, 0x7a, 0x11, 0xac, 0xc7, 0xde, 0x87,
-        0xd8, 0x2b, 0xe1, 0xad, 0x57, 0x3a, 0xe9, 0xf6,
-        0xf0, 0x76, 0x6f, 0xd7, 0x86, 0x38, 0x7d, 0x1a,
-        0x8c, 0x12, 0xd1, 0xc8, 0xa2, 0x96, 0xb4, 0xf7,
-        0x26, 0x34, 0xf7, 0x05, 0x77, 0x68, 0x88, 0x48,
-        0xe5, 0x76, 0x85, 0x1f, 0x13, 0xbe, 0x48, 0xdf,
-        0x33, 0x5d, 0x4a, 0xcd, 0x89, 0x79, 0x3a, 0x6c,
-        0x6c, 0x06, 0x55, 0xfc, 0x39, 0xbc, 0x9e, 0x1e,
-        0x27, 0xb4, 0xa5, 0x00, 0xf7, 0x08, 0xcd, 0x4a,
-        0x9f, 0x2e, 0xc6, 0x72, 0xba, 0x5b, 0xf8, 0xad,
-        0x23, 0x99, 0x8d, 0x4c, 0x0c, 0x95, 0x8f, 0x29,
-        0x0f, 0x2a, 0x6c, 0x4e, 0x6c, 0xd8, 0xc0, 0xcd,
-        0xc8, 0x5f, 0x57, 0x16, 0xec, 0x98, 0xa4, 0xc8,
-        0x99, 0x5d, 0x37, 0x8c, 0xc6, 0xe2, 0xa1, 0xe8,
-        0xb8, 0x28, 0x00, 0xdd, 0xf0, 0x3b, 0x32, 0x26,
-        0xa2, 0xe7, 0x81, 0x77, 0x71, 0xe5, 0x09, 0xb4,
-        0x95, 0x5e, 0xe2, 0xbe, 0xd4, 0x21, 0x7b, 0xdf,
-        0x06, 0x30, 0xb5, 0x84, 0x0f, 0x25, 0x24, 0xab
+        0x11, 0x3d, 0xb2, 0xdd, 0x06, 0x87, 0x12, 0x35,
+        0xe7, 0xbc, 0x36, 0xc9, 0xdc, 0xaa, 0x52, 0x8f,
+        0xc2, 0x6c, 0xe5, 0xdb, 0x9e, 0xcc, 0x1d, 0xc3,
+        0x2e, 0x95, 0x7d, 0x7f, 0xfb, 0x3c, 0x74, 0x29,
+        0xd5, 0x0c, 0x3c, 0x35, 0x77, 0xa5, 0x15, 0xd3,
+        0x18, 0x3a, 0x1b, 0x9d, 0x26, 0x7b, 0x93, 0x6b,
+        0x7e, 0xb8, 0xf5, 0x43, 0xa3, 0xaf, 0xb7, 0x77,
+        0x65, 0xca, 0x79, 0x38, 0xf7, 0x8a, 0xa6, 0x43,
+        0x8c, 0xe8, 0x0a, 0x06, 0xa6, 0x96, 0x6d, 0x0d,
+        0x06, 0xaf, 0x75, 0xba, 0x3e, 0x0d, 0x4f, 0x37,
+        0xba, 0xc7, 0x33, 0x69, 0xf5, 0xa7, 0x29, 0xf7,
+        0x3e, 0x85, 0x72, 0x9e, 0xdd, 0x97, 0xc8, 0xc2,
+        0xa8, 0xcc, 0x26, 0x19, 0xe4, 0xcf, 0x7b, 0x60,
+        0x91, 0x86, 0x9e, 0x90, 0x9f, 0xd4, 0x7d, 0x97,
+        0x09, 0x14, 0x92, 0x04, 0xb0, 0x83, 0x7d, 0x8d,
+        0x6f, 0x25, 0xd2, 0x67, 0x97, 0x2b, 0xe6, 0x3b,
+        0xad, 0x34, 0xb5, 0x44, 0x52, 0x3c, 0x01, 0xc0,
+        0x9d, 0xe3, 0xb1, 0xfa, 0x1d, 0x6b, 0x7b, 0x05,
+        0x9e, 0xee, 0x9e, 0x65, 0x20, 0x62, 0xfe, 0x87,
+        0x0f, 0x68, 0xc6, 0x80, 0x05, 0x33, 0x9e, 0xa1,
+        0x81, 0xe1, 0xd0, 0x76, 0x7c, 0x15, 0x2a, 0xeb,
+        0x38, 0xfa, 0xf0, 0xf9, 0x24, 0x5a, 0xe5, 0x9d,
+        0x5c, 0xb0, 0xd2, 0xb7, 0xf2, 0x01, 0x22, 0x9e,
+        0xd9, 0x70, 0x20, 0xd0, 0x62, 0x3a, 0x46, 0x10,
+        0x0d, 0x09, 0x7b, 0x0c, 0xe1, 0x15, 0x4e, 0x02,
+        0x8a, 0xe6, 0x19, 0x4d, 0xe0, 0x5d, 0xe9, 0x7d,
+        0xd9, 0xae, 0x2e, 0x85, 0xff, 0xd2, 0x5d, 0x95,
+        0xeb, 0x22, 0xef, 0xfe, 0x5b, 0xa1, 0x9c, 0xd8,
+        0x07, 0xc5, 0x30, 0xeb, 0xaa, 0x9f, 0xe9, 0xf6,
+        0x42, 0xcc, 0xac, 0xff, 0x47, 0xed, 0x15, 0xc2,
+        0x2b, 0xfe, 0x30, 0x36, 0xeb, 0xf8, 0xad, 0x9c,
+        0x8e, 0xd2, 0x32, 0x40, 0xae, 0xeb, 0xaa, 0x24,
+        0xd1, 0x35, 0x75, 0x51, 0x00, 0xb8, 0x5e, 0xce,
+        0xe3, 0x17, 0x49, 0x06, 0xe4, 0x63, 0x12, 0x06,
+        0x2c, 0xee, 0xca, 0xc7, 0x5d, 0xe5, 0x27, 0x52,
+        0x56, 0xc2, 0xc1, 0xa6, 0x53, 0xfd, 0x69, 0x15,
+        0xb1, 0xb3, 0x0c, 0x8e, 0xcb, 0xb6, 0xfd, 0x42,
+        0x80, 0x43, 0x74, 0x53, 0x17, 0x3a, 0x96, 0x23,
+        0x8b, 0xc7, 0xd1, 0x08, 0x89, 0x23, 0x43, 0xe0,
+        0x33, 0xbc, 0xd9, 0x8e, 0x43, 0x7e, 0x78, 0x9f,
+        0xc5, 0xbe, 0xba, 0xa1, 0x2b, 0x26, 0x34, 0xb5,
+        0x1e, 0xd0, 0xd5, 0x89, 0xf1, 0x11, 0x43, 0xa0,
+        0x21, 0xd8, 0xec, 0xce, 0x59, 0x4f, 0xdd, 0x48,
+        0xda, 0xe8, 0x4c, 0x80, 0x63, 0xef, 0x35, 0x81,
+        0xbc, 0x37, 0x8a, 0x48, 0xda, 0x4e, 0x51, 0xbb,
+        0x17, 0x5b, 0x0d, 0xb4, 0x7f, 0x9d, 0xcf, 0x99,
+        0x31, 0x8c, 0x30, 0x22, 0x5c, 0xa7, 0xfa, 0x79,
+        0xc8, 0x79, 0xbf, 0x1c, 0x93, 0x97, 0xb5, 0xcc,
+        0xc5, 0xef, 0xad, 0x94, 0xc5, 0x00, 0xed, 0x7f,
+        0x9f, 0x38, 0x5d, 0x08, 0x8e, 0x34, 0x93, 0x22,
+        0x21, 0xfc, 0x0f, 0xc9, 0xaf, 0xe5, 0x1f, 0x68,
+        0x75, 0x54, 0x81, 0x31, 0x69, 0x76, 0x95, 0x47,
+        0x8a, 0xbd, 0xc8, 0x73, 0x6f, 0x10, 0x09, 0x5a,
+        0x6b, 0x92, 0xec, 0x67, 0x9f, 0xe0, 0xe2, 0xae,
+        0x5d, 0x8b, 0x33, 0x53, 0x55, 0xd5, 0x8d, 0xae,
+        0x4d, 0x4f, 0x0b, 0x17, 0xaa, 0x5d, 0x1e, 0x52,
+        0xf1, 0xd4, 0x55, 0x84, 0xa8, 0x92, 0xc3, 0x4c,
+        0xe4, 0xb0, 0x4f, 0xcd, 0x00, 0x98, 0x1d, 0x51,
+        0xca, 0xa1, 0x60, 0x64, 0xba, 0xd9, 0x2d, 0x01,
+        0x9d, 0xc3, 0xad, 0xed, 0x91, 0x96, 0x84, 0x11,
+        0x2b, 0x29, 0xda, 0xa2, 0x8b, 0x9d, 0xae, 0x09,
+        0xb8, 0x6b, 0x21, 0xa9, 0x33, 0x10, 0xd5, 0xfb,
+        0xc6, 0x52, 0x7b, 0x22, 0x4b, 0x9c, 0xe8, 0x7d,
+        0x27, 0x82, 0xbb, 0x29, 0x46, 0x73, 0xf0, 0xec,
+        0x06, 0xf2, 0x6b, 0x08, 0x76, 0x52, 0xa1, 0x8d,
+        0x6a, 0xd7, 0xb1, 0xc9, 0x33, 0x03, 0xef, 0x05,
+        0x61, 0xc0, 0xfc, 0x9c, 0xd4, 0xf6, 0x78, 0xf6,
+        0x06, 0xf1, 0x92, 0xcf, 0x5d, 0xf9, 0x2b, 0x15,
+        0x48, 0xf5, 0xdd, 0x26, 0x87, 0xed, 0xbe, 0xcc,
+        0xfc, 0x6d, 0x4e, 0x9d, 0xe4, 0xbd, 0x50, 0xd3,
+        0xc7, 0x4f, 0xb2, 0x75, 0xab, 0xd9, 0xb3, 0xe9,
+        0x02, 0x77, 0xdb, 0x4a, 0x00, 0x69, 0xc0, 0xa2,
+        0xa7, 0x13, 0x6f, 0x50, 0xce, 0xad, 0x4b, 0x2f,
+        0x19, 0x95, 0xfa, 0xaf, 0x16, 0x80, 0x40, 0xe9,
+        0xe4, 0xbe, 0xb7, 0xc5, 0x72, 0x20, 0x49, 0xd6,
+        0xda, 0x64, 0x02, 0x99, 0x2f, 0xce, 0xa4, 0x50,
+        0x97, 0xdf, 0x7c, 0x1c, 0x20, 0xfb, 0x06, 0x82,
+        0x22, 0x00, 0x05, 0x76, 0x93, 0x5a, 0x08, 0x06,
+        0x77, 0x34, 0x51, 0x92, 0x1f, 0x54, 0xc5, 0x5f,
+        0xbf, 0x59, 0x3a, 0x4f, 0x14, 0x7c, 0x1f, 0xef,
+        0x3a, 0xca, 0xf0, 0xcf, 0xa9, 0x07, 0xae, 0x48,
+        0xc8, 0xc0, 0x63, 0x12, 0xcf, 0xdf, 0x51, 0x86,
+        0x90, 0x4b, 0xec, 0x7f, 0xed, 0x4e, 0xd9, 0x33,
+        0xc9, 0x25, 0x6a, 0xb0, 0x4c, 0xbf, 0xa0, 0x3a,
+        0x96, 0x7c, 0x1f, 0x7e, 0xad, 0x4a, 0xb4, 0x0d,
+        0xf1, 0x16, 0xbe, 0x66, 0x0e, 0x27, 0xca, 0x2b,
+        0x54, 0x35, 0x26, 0xd4, 0xb9, 0x68, 0x4c, 0x31,
+        0xe1, 0xe4, 0x23, 0x83, 0xb9, 0x69, 0xf8, 0x96,
+        0x29, 0x9d, 0x71, 0x39, 0x0c, 0xc8, 0x5b, 0x70,
+        0x32, 0x02, 0xac, 0xad, 0xec, 0xfa, 0x8c, 0x40,
+        0x96, 0x5c, 0x08, 0xc5, 0x3b, 0x56, 0x71, 0xe0,
+        0xd5, 0x94, 0x55, 0xbc, 0x5a, 0x85, 0x86, 0xc6,
+        0x55, 0xdb, 0x8c, 0x2a, 0xde, 0x4b, 0xa8, 0x87,
+        0x7f, 0x19, 0xb6, 0x00, 0x0e, 0x18, 0xf8, 0xfe,
+        0xad, 0xda, 0x7e, 0xde, 0x8f, 0xe8, 0x0a, 0xa6,
+        0x62, 0xd6, 0x94, 0xc6, 0xd8, 0xc3, 0x3b, 0x52
 #endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = {
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C,
         0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC,
         0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02,
         0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F
 #else
-        0xc6, 0x08, 0x77, 0x70, 0x86, 0xed, 0x9f, 0xfd,
-        0xf9, 0x2c, 0xd4, 0xf1, 0xc9, 0x99, 0xae, 0xdd,
-        0x0b, 0x42, 0xe5, 0xe8, 0xef, 0x67, 0x32, 0xf4,
-        0x11, 0x12, 0x46, 0x48, 0x1e, 0x26, 0x04, 0x63
+        0x31, 0x98, 0x39, 0xe8, 0x2a, 0xb6, 0xb2, 0x22,
+        0xde, 0x7b, 0x61, 0x9e, 0x80, 0xda, 0x83, 0x91,
+        0x52, 0x2b, 0xbb, 0x37, 0x67, 0x70, 0x18, 0x49,
+        0x4a, 0x47, 0x42, 0xc5, 0x3f, 0x9a, 0xbf, 0xdf
 #endif
     };
 
@@ -38280,6 +38905,7 @@ static wc_test_ret_t kyber768_kat(void)
     };
 
     WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = {
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
         0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
         0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
@@ -38428,8 +39054,159 @@ static wc_test_ret_t kyber768_kat(void)
         0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
+#else
+        0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24,
+        0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71,
+        0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
+        0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79,
+        0x67, 0x53, 0x29, 0x13, 0xa8, 0xd5, 0x3d, 0xfd,
+        0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
+        0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72,
+        0xa3, 0xf1, 0x63, 0x25, 0xc4, 0x0c, 0x29, 0x52,
+        0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
+        0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0,
+        0xb8, 0x99, 0x42, 0xce, 0xb1, 0x95, 0x53, 0x1c,
+        0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
+        0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0,
+        0xca, 0xc5, 0x20, 0x7e, 0x53, 0x5b, 0x26, 0x0a,
+        0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
+        0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb,
+        0x68, 0xbb, 0x34, 0x56, 0xc7, 0x3a, 0x01, 0xb7,
+        0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
+        0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b,
+        0x2f, 0x56, 0x02, 0xba, 0x65, 0xf0, 0x7e, 0xa9,
+        0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
+        0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c,
+        0x8a, 0xfe, 0xcb, 0x74, 0x8e, 0xe3, 0x91, 0xe9,
+        0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
+        0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38,
+        0xc3, 0x7b, 0xc6, 0x49, 0xb8, 0x26, 0x34, 0xce,
+        0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
+        0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57,
+        0xb4, 0x5e, 0xb6, 0x74, 0x65, 0xe1, 0x6d, 0xe4,
+        0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
+        0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4,
+        0x3c, 0xea, 0x88, 0xb0, 0x2a, 0x4c, 0x03, 0xd0,
+        0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
+        0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36,
+        0x6c, 0xdc, 0x25, 0x4b, 0xa2, 0x21, 0x29, 0xf4,
+        0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
+        0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b,
+        0x2c, 0xa4, 0x80, 0xcf, 0x35, 0x04, 0x09, 0xb2,
+        0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
+        0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab,
+        0x90, 0x1e, 0xa2, 0x53, 0xc8, 0x41, 0x5b, 0xd7,
+        0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
+        0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55,
+        0xaf, 0x16, 0xd3, 0xbc, 0x69, 0xf7, 0x0c, 0x2e,
+        0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
+        0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33,
+        0x1f, 0xa0, 0x4c, 0x19, 0x17, 0xb2, 0x78, 0xc3,
+        0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
+        0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63,
+        0xb1, 0xd9, 0x64, 0x4a, 0x61, 0x29, 0x48, 0xa3,
+        0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
+        0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27,
+        0x60, 0x9c, 0x76, 0xc7, 0xea, 0x6b, 0x5d, 0xe0,
+        0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
+        0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b,
+        0xce, 0xae, 0x1b, 0xa5, 0xcc, 0x72, 0xc7, 0x4a,
+        0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
+        0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2,
+        0x6c, 0x7c, 0x61, 0x51, 0xa1, 0x9c, 0x6c, 0xd7,
+        0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
+        0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37,
+        0x9d, 0xe3, 0xda, 0xbf, 0xa6, 0x29, 0xa7, 0xc0,
+        0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
+        0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb,
+        0x2c, 0xa7, 0xa8, 0x48, 0xcd, 0x36, 0x68, 0x01,
+        0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
+        0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0,
+        0x02, 0xba, 0xe9, 0x0a, 0xf6, 0x5c, 0x48, 0x06,
+        0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
+        0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75,
+        0x35, 0x94, 0xe6, 0xa7, 0x02, 0x76, 0x1f, 0xc9,
+        0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
+        0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa,
+        0x88, 0x09, 0xd9, 0x28, 0xc7, 0xf4, 0xcb, 0xbf,
+        0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
+        0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53,
+        0x92, 0x10, 0xc7, 0x11, 0x3b, 0xc3, 0x7b, 0x3e,
+        0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
+        0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89,
+        0xcb, 0x7c, 0x70, 0xc0, 0x23, 0x36, 0x6d, 0x78,
+        0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
+        0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6,
+        0x5a, 0x94, 0x11, 0x4f, 0xfa, 0xf6, 0x0d, 0x9a,
+        0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
+        0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3,
+        0x59, 0x9e, 0x37, 0xc7, 0x68, 0xc7, 0xbc, 0x10,
+        0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
+        0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2,
+        0x90, 0xd7, 0x89, 0x2e, 0xa8, 0x54, 0x64, 0xee,
+        0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
+        0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba,
+        0x8a, 0x95, 0x9a, 0x68, 0x09, 0x65, 0x47, 0xf6,
+        0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
+        0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a,
+        0x65, 0x6c, 0x28, 0x82, 0x8b, 0xeb, 0x91, 0x26,
+        0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
+        0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb,
+        0x95, 0x07, 0x26, 0x9d, 0xda, 0xf8, 0xc9, 0x5c,
+        0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
+        0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b,
+        0x1e, 0xee, 0xb3, 0x3e, 0xcd, 0xa7, 0x6a, 0xe9,
+        0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
+        0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c,
+        0x4c, 0x2c, 0x77, 0xce, 0x87, 0xc4, 0x1f, 0x98,
+        0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
+        0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8,
+        0x8e, 0x65, 0xda, 0x4d, 0x8e, 0xe6, 0x4f, 0x68,
+        0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
+        0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a,
+        0x00, 0x43, 0x33, 0x48, 0x93, 0x93, 0xa0, 0x74,
+        0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
+        0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72,
+        0x71, 0xc0, 0xb2, 0x7b, 0x2d, 0xba, 0xa0, 0x0d,
+        0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
+        0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8,
+        0x99, 0x12, 0x2c, 0x97, 0x96, 0xb4, 0xb0, 0x18,
+        0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
+        0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0,
+        0x0b, 0xce, 0x8c, 0xac, 0x78, 0x64, 0xcb, 0xb3,
+        0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
+        0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7,
+        0xac, 0xc9, 0xc5, 0xa1, 0x88, 0x40, 0x72, 0xd8,
+        0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
+        0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65,
+        0x12, 0x61, 0xf9, 0x62, 0xb1, 0x7a, 0x72, 0x15,
+        0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
+        0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71,
+        0x95, 0xa8, 0x5b, 0x4f, 0x98, 0xa1, 0xb5, 0x74,
+        0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
+        0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37,
+        0x48, 0xd9, 0xb5, 0xcd, 0x6c, 0x17, 0xb9, 0xb3,
+        0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
+        0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15,
+        0x78, 0x2a, 0x71, 0xcd, 0xee, 0xe7, 0x92, 0xba,
+        0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
+        0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30,
+        0xad, 0x98, 0xb4, 0x63, 0x4f, 0x64, 0xab, 0xa8,
+        0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
+        0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7,
+        0xaa, 0xc4, 0x1c, 0x82, 0x88, 0x87, 0x93, 0x18,
+        0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
+        0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29,
+        0x11, 0xd8, 0x55, 0x1e, 0x54, 0x66, 0xc5, 0x76,
+        0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
+        0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d,
+        0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d,
+        0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
+        0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28
+#endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = {
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
         0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
         0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
@@ -38730,9 +39507,311 @@ static wc_test_ret_t kyber768_kat(void)
         0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
+#else
+        0xda, 0x0a, 0xc7, 0xb6, 0x60, 0x40, 0x4e, 0x61,
+        0x3a, 0xa1, 0xf9, 0x80, 0x38, 0x0c, 0xb3, 0x6d,
+        0xba, 0x18, 0xd2, 0x32, 0x56, 0xc7, 0x26, 0x7a,
+        0x00, 0xa6, 0x7b, 0xa6, 0xc2, 0xa2, 0xb1, 0x4c,
+        0x41, 0x42, 0x39, 0x66, 0x2f, 0x68, 0xbd, 0x44,
+        0x6c, 0x8e, 0xfd, 0xf3, 0x66, 0x56, 0xa0, 0x89,
+        0x1a, 0x3c, 0xc6, 0x23, 0xfc, 0x68, 0xb6, 0x57,
+        0x2f, 0x7b, 0x29, 0xa6, 0xde, 0x12, 0x80, 0x14,
+        0x41, 0x1e, 0xe4, 0x19, 0x06, 0xd0, 0x80, 0x71,
+        0xf9, 0x48, 0x56, 0xe3, 0x6a, 0x83, 0x2b, 0x40,
+        0x33, 0x8d, 0x74, 0x35, 0x16, 0x65, 0x9b, 0xd2,
+        0x58, 0x79, 0xc0, 0x07, 0xa5, 0x2b, 0xc9, 0x58,
+        0x6f, 0x79, 0x87, 0x6a, 0xfa, 0xc6, 0xc9, 0xa3,
+        0x0d, 0x8f, 0xac, 0x24, 0x3b, 0xd2, 0x24, 0x25,
+        0xd6, 0xad, 0xce, 0x42, 0xab, 0x7e, 0xd3, 0x90,
+        0x14, 0x75, 0x7a, 0x95, 0x8b, 0xc8, 0xa7, 0x45,
+        0x65, 0xf0, 0x19, 0x23, 0x4f, 0xf0, 0x4b, 0x34,
+        0x89, 0x3e, 0xd6, 0xd0, 0x55, 0x01, 0xc3, 0x72,
+        0x55, 0x23, 0x9a, 0xae, 0x2a, 0xc1, 0x9f, 0x8c,
+        0x75, 0xac, 0x59, 0x00, 0xda, 0xe8, 0x30, 0x0d,
+        0xbb, 0xa7, 0x10, 0xdc, 0x2c, 0xaa, 0xe1, 0xbc,
+        0xa3, 0xa3, 0x8c, 0x58, 0x34, 0x2b, 0x28, 0x6b,
+        0x85, 0x18, 0xf1, 0x36, 0xad, 0x15, 0xb9, 0xf7,
+        0xbc, 0xbb, 0x06, 0xa5, 0x60, 0x7d, 0xb3, 0x75,
+        0xdb, 0xe9, 0x76, 0x45, 0x7c, 0x26, 0xc6, 0x59,
+        0x82, 0x57, 0x53, 0x1b, 0x2c, 0xfb, 0x6e, 0xe7,
+        0xf5, 0x15, 0x91, 0x84, 0x08, 0x04, 0xc3, 0x83,
+        0x88, 0x37, 0x6c, 0x27, 0x14, 0x84, 0x13, 0xda,
+        0x9e, 0x92, 0x92, 0x0b, 0xfd, 0x9a, 0x06, 0x9e,
+        0x01, 0x8b, 0xd2, 0x72, 0x05, 0x3d, 0xa8, 0x77,
+        0x5c, 0x0b, 0x73, 0x9f, 0x76, 0x1d, 0xb2, 0x10,
+        0x7c, 0xf3, 0x5a, 0x43, 0x4d, 0x69, 0xb0, 0x7e,
+        0x5b, 0xcd, 0xb8, 0x74, 0x34, 0x13, 0x8b, 0x0c,
+        0xb5, 0x56, 0x76, 0x1b, 0xa5, 0x22, 0xa5, 0x74,
+        0x7b, 0x28, 0x74, 0x7d, 0x80, 0xeb, 0x9d, 0x6c,
+        0xc6, 0x73, 0xbe, 0xe5, 0x76, 0x93, 0x77, 0xb9,
+        0x96, 0xd3, 0x6c, 0xeb, 0x0c, 0x0c, 0x7e, 0xd9,
+        0xa6, 0x58, 0x53, 0x33, 0x24, 0x86, 0x9c, 0x18,
+        0xa1, 0xa3, 0x6f, 0x31, 0x47, 0x0f, 0x14, 0xc5,
+        0xae, 0x49, 0xab, 0x07, 0x05, 0x07, 0xf8, 0x24,
+        0x9c, 0xe4, 0x04, 0xb4, 0x9c, 0x0a, 0x8c, 0x3e,
+        0xe4, 0x2f, 0xea, 0x96, 0x31, 0xfa, 0x1a, 0x0d,
+        0x10, 0xd8, 0x6b, 0x93, 0xf9, 0x86, 0xe0, 0xe3,
+        0xa8, 0x2e, 0x70, 0x3b, 0x74, 0xe5, 0xae, 0x61,
+        0x01, 0x24, 0x24, 0x21, 0xa8, 0x9a, 0xa0, 0x7f,
+        0xe6, 0x85, 0x88, 0x46, 0x0b, 0xaa, 0x36, 0x87,
+        0x86, 0x48, 0x6a, 0x72, 0xe4, 0xf2, 0x4d, 0x2d,
+        0xd7, 0x6c, 0xfc, 0x03, 0xb6, 0x94, 0xa5, 0xba,
+        0x91, 0xa7, 0x55, 0xa0, 0xb9, 0x8f, 0x3b, 0xf9,
+        0x33, 0x07, 0xc0, 0xab, 0x64, 0x63, 0x9a, 0xea,
+        0x7a, 0x64, 0x98, 0xa3, 0xc3, 0xdd, 0xc5, 0x71,
+        0x14, 0x1a, 0xbc, 0xa4, 0x67, 0x8c, 0xd2, 0xe2,
+        0xb8, 0x57, 0xfb, 0x88, 0xf6, 0x00, 0xca, 0xa5,
+        0x96, 0xb4, 0x4b, 0xc4, 0x22, 0x25, 0x0b, 0x28,
+        0x19, 0xe0, 0x51, 0x5f, 0x04, 0x72, 0x39, 0x18,
+        0x53, 0x70, 0x0b, 0x01, 0xef, 0xf9, 0x45, 0x3f,
+        0xd1, 0x18, 0x76, 0xb7, 0xc7, 0x59, 0xa0, 0x7d,
+        0xd8, 0x45, 0xca, 0xba, 0x45, 0x55, 0x26, 0x4a,
+        0x82, 0x76, 0x51, 0x93, 0xfd, 0xf8, 0x1b, 0x62,
+        0x0a, 0x1e, 0x1f, 0x92, 0x3f, 0xb2, 0x44, 0x42,
+        0xcd, 0x1c, 0xbe, 0x94, 0x17, 0x50, 0x03, 0xec,
+        0x06, 0xce, 0x77, 0xa3, 0xc6, 0x44, 0x93, 0xc1,
+        0x99, 0x98, 0x7a, 0x30, 0x0c, 0x95, 0xc5, 0x3c,
+        0x00, 0x89, 0xb5, 0xd6, 0x5c, 0x92, 0xea, 0x97,
+        0x1b, 0x2f, 0xfa, 0x93, 0xb5, 0x2a, 0x46, 0x1e,
+        0xa2, 0xac, 0x8c, 0x19, 0x9c, 0x2f, 0x4c, 0x2b,
+        0x70, 0x42, 0x97, 0xce, 0x3c, 0x39, 0x49, 0xe0,
+        0x73, 0x5e, 0xa8, 0xa1, 0x4a, 0xa5, 0x9e, 0x8d,
+        0xec, 0x0c, 0x87, 0x83, 0x99, 0xff, 0x70, 0x74,
+        0x7a, 0xb2, 0x44, 0xce, 0x46, 0xb5, 0xf2, 0x23,
+        0x04, 0x73, 0x32, 0x3d, 0x25, 0xc6, 0x6f, 0xe6,
+        0xb4, 0x19, 0xb1, 0xf4, 0xa1, 0x12, 0xe5, 0x21,
+        0x40, 0x35, 0x25, 0x6b, 0xc4, 0x3f, 0xfd, 0x2b,
+        0x6b, 0x7b, 0x37, 0x87, 0x69, 0xa6, 0xb4, 0x70,
+        0x00, 0xbf, 0xb6, 0x35, 0x7d, 0x45, 0x81, 0x4b,
+        0xae, 0xf3, 0x85, 0x7d, 0x37, 0x9e, 0x2f, 0xb8,
+        0xb5, 0xe5, 0x20, 0x1a, 0xb2, 0x62, 0x74, 0xbb,
+        0x1b, 0x70, 0xad, 0x32, 0x2c, 0xd0, 0x43, 0x9b,
+        0x2d, 0xb1, 0x09, 0xcf, 0xf0, 0xa2, 0xf8, 0xe6,
+        0x00, 0x99, 0x55, 0x71, 0xff, 0xc3, 0x8c, 0x59,
+        0x0b, 0xc4, 0xc7, 0x61, 0x5c, 0x69, 0xd0, 0xc9,
+        0x8e, 0xf4, 0x30, 0xf3, 0x08, 0x61, 0xa7, 0x72,
+        0x38, 0xff, 0xc0, 0x70, 0x61, 0xe4, 0x75, 0xd6,
+        0xa3, 0x0a, 0xd1, 0xb4, 0x7f, 0xd0, 0x39, 0xc3,
+        0xa4, 0x47, 0x76, 0x2d, 0xb2, 0x21, 0x1d, 0xc3,
+        0x1d, 0x0a, 0xca, 0xcf, 0xd5, 0x58, 0x90, 0xa5,
+        0x82, 0x47, 0x98, 0xf9, 0xae, 0xad, 0x74, 0x13,
+        0xdf, 0xe0, 0x28, 0xb1, 0x01, 0x2b, 0xe8, 0xb6,
+        0xca, 0x10, 0x26, 0x66, 0x6a, 0xc6, 0xbc, 0x94,
+        0x40, 0xa4, 0x49, 0xb5, 0x1a, 0xd8, 0xbb, 0xa7,
+        0xb0, 0x92, 0x1d, 0xd4, 0xd8, 0xb4, 0xa5, 0x78,
+        0x13, 0x6d, 0x1a, 0x05, 0xdb, 0x38, 0xcc, 0x85,
+        0x84, 0x37, 0xb2, 0x51, 0x61, 0xd1, 0xc3, 0xc2,
+        0x8e, 0xe0, 0x7b, 0xbc, 0xf2, 0xb2, 0x49, 0x11,
+        0x0d, 0x22, 0x78, 0x1d, 0xc3, 0x05, 0x0d, 0x8c,
+        0xc0, 0x09, 0x00, 0x96, 0xb3, 0x8a, 0x85, 0x06,
+        0x96, 0xf8, 0x6e, 0x9e, 0x6b, 0xab, 0x32, 0x52,
+        0x71, 0xb2, 0x24, 0x86, 0x75, 0x01, 0x19, 0x68,
+        0x50, 0x28, 0x81, 0x09, 0x04, 0x97, 0xfa, 0xc0,
+        0xaf, 0x84, 0x3c, 0x1a, 0xea, 0x76, 0xdd, 0x81,
+        0xcf, 0x29, 0xc0, 0x12, 0xc6, 0x62, 0x27, 0xb7,
+        0xf0, 0x6d, 0x99, 0x61, 0x30, 0x9b, 0x02, 0x62,
+        0xf7, 0x32, 0xc9, 0xa4, 0xd0, 0xbb, 0xd0, 0x67,
+        0x27, 0xab, 0xb8, 0x37, 0x1f, 0xf2, 0xc1, 0x18,
+        0x99, 0xa0, 0x98, 0x37, 0x5c, 0x46, 0x05, 0x16,
+        0xb2, 0xcc, 0x88, 0xbc, 0xf6, 0x28, 0xed, 0xe3,
+        0x7d, 0x8f, 0x3b, 0x33, 0x42, 0xe4, 0x49, 0x0a,
+        0x85, 0x60, 0x6e, 0xc0, 0x3d, 0xa2, 0x9b, 0x02,
+        0x56, 0x27, 0x53, 0x82, 0xa3, 0x31, 0x3d, 0xc0,
+        0x41, 0x11, 0x48, 0x01, 0x03, 0x2c, 0x51, 0x9f,
+        0x35, 0x0c, 0x3e, 0x6a, 0xba, 0xc3, 0xe3, 0x3b,
+        0x93, 0xb4, 0xa1, 0x9f, 0x7c, 0x54, 0x66, 0xe5,
+        0x8c, 0xb1, 0xdc, 0x14, 0xb4, 0xa9, 0x6c, 0x47,
+        0x57, 0x29, 0xf9, 0x71, 0xbd, 0xf1, 0x73, 0xcd,
+        0xf3, 0x54, 0x82, 0x4d, 0x01, 0x94, 0x27, 0xf9,
+        0x5b, 0x3b, 0x4a, 0x4a, 0x4a, 0x95, 0x8e, 0x47,
+        0x6a, 0x6e, 0x69, 0x91, 0xce, 0x6f, 0x06, 0xcb,
+        0x5d, 0xfc, 0xa7, 0xd4, 0x38, 0x0c, 0x3d, 0x92,
+        0x0b, 0x57, 0x11, 0xac, 0x1f, 0xcb, 0xaf, 0x4b,
+        0x9a, 0xc8, 0x00, 0xb9, 0x76, 0xd1, 0xec, 0x76,
+        0x6a, 0x62, 0x6c, 0xc1, 0x90, 0x0b, 0x66, 0xb3,
+        0xa9, 0xdc, 0x62, 0xc5, 0xc1, 0x44, 0x52, 0x7a,
+        0x29, 0x6b, 0xaf, 0x70, 0x43, 0x3b, 0xf6, 0x57,
+        0xc0, 0x43, 0x7f, 0x87, 0x59, 0x7b, 0xd7, 0xc8,
+        0xbb, 0xbe, 0x9a, 0xbc, 0x37, 0x05, 0x09, 0x31,
+        0xa4, 0xa8, 0x69, 0x82, 0xa2, 0x02, 0x8a, 0x74,
+        0x45, 0x4c, 0x9b, 0x81, 0x0c, 0x88, 0xd1, 0x70,
+        0x1c, 0x8c, 0xc9, 0x8a, 0x1d, 0x4c, 0xa1, 0x07,
+        0xa6, 0xb2, 0x5e, 0x96, 0x2f, 0xe4, 0xb6, 0xb0,
+        0x3c, 0x95, 0x45, 0x32, 0x60, 0xb8, 0x07, 0x22,
+        0x86, 0x37, 0xcc, 0x9e, 0xb1, 0x2a, 0xcc, 0x09,
+        0x54, 0x95, 0x9a, 0x52, 0xae, 0x54, 0xd1, 0x97,
+        0x73, 0x00, 0xab, 0xa0, 0xba, 0x2c, 0x14, 0x60,
+        0x9b, 0xb2, 0x8c, 0x11, 0xd5, 0xfa, 0xc5, 0xca,
+        0xc8, 0x82, 0x97, 0x60, 0x32, 0x83, 0xe8, 0x67,
+        0xa3, 0x64, 0x83, 0x66, 0xc7, 0x24, 0xd9, 0x35,
+        0x4c, 0xd7, 0xa1, 0x96, 0xdb, 0xd9, 0x80, 0x2f,
+        0x7b, 0x88, 0xd3, 0xfa, 0x00, 0x1f, 0x9c, 0x97,
+        0x73, 0x22, 0x54, 0x62, 0x23, 0x5e, 0x91, 0x35,
+        0x2a, 0x20, 0x79, 0x1f, 0xd8, 0xb8, 0x7f, 0xe3,
+        0x37, 0x7e, 0xc6, 0xa3, 0x94, 0x0b, 0x11, 0x30,
+        0xa0, 0xbb, 0x04, 0xe7, 0x41, 0x0a, 0x34, 0xe2,
+        0x58, 0x0d, 0x07, 0x1d, 0x6c, 0x56, 0x20, 0x20,
+        0x86, 0x78, 0x7a, 0x65, 0x90, 0xf8, 0x43, 0x93,
+        0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24,
+        0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71,
+        0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
+        0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79,
+        0x67, 0x53, 0x29, 0x13, 0xa8, 0xd5, 0x3d, 0xfd,
+        0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
+        0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72,
+        0xa3, 0xf1, 0x63, 0x25, 0xc4, 0x0c, 0x29, 0x52,
+        0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
+        0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0,
+        0xb8, 0x99, 0x42, 0xce, 0xb1, 0x95, 0x53, 0x1c,
+        0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
+        0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0,
+        0xca, 0xc5, 0x20, 0x7e, 0x53, 0x5b, 0x26, 0x0a,
+        0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
+        0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb,
+        0x68, 0xbb, 0x34, 0x56, 0xc7, 0x3a, 0x01, 0xb7,
+        0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
+        0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b,
+        0x2f, 0x56, 0x02, 0xba, 0x65, 0xf0, 0x7e, 0xa9,
+        0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
+        0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c,
+        0x8a, 0xfe, 0xcb, 0x74, 0x8e, 0xe3, 0x91, 0xe9,
+        0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
+        0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38,
+        0xc3, 0x7b, 0xc6, 0x49, 0xb8, 0x26, 0x34, 0xce,
+        0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
+        0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57,
+        0xb4, 0x5e, 0xb6, 0x74, 0x65, 0xe1, 0x6d, 0xe4,
+        0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
+        0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4,
+        0x3c, 0xea, 0x88, 0xb0, 0x2a, 0x4c, 0x03, 0xd0,
+        0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
+        0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36,
+        0x6c, 0xdc, 0x25, 0x4b, 0xa2, 0x21, 0x29, 0xf4,
+        0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
+        0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b,
+        0x2c, 0xa4, 0x80, 0xcf, 0x35, 0x04, 0x09, 0xb2,
+        0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
+        0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab,
+        0x90, 0x1e, 0xa2, 0x53, 0xc8, 0x41, 0x5b, 0xd7,
+        0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
+        0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55,
+        0xaf, 0x16, 0xd3, 0xbc, 0x69, 0xf7, 0x0c, 0x2e,
+        0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
+        0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33,
+        0x1f, 0xa0, 0x4c, 0x19, 0x17, 0xb2, 0x78, 0xc3,
+        0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
+        0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63,
+        0xb1, 0xd9, 0x64, 0x4a, 0x61, 0x29, 0x48, 0xa3,
+        0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
+        0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27,
+        0x60, 0x9c, 0x76, 0xc7, 0xea, 0x6b, 0x5d, 0xe0,
+        0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
+        0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b,
+        0xce, 0xae, 0x1b, 0xa5, 0xcc, 0x72, 0xc7, 0x4a,
+        0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
+        0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2,
+        0x6c, 0x7c, 0x61, 0x51, 0xa1, 0x9c, 0x6c, 0xd7,
+        0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
+        0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37,
+        0x9d, 0xe3, 0xda, 0xbf, 0xa6, 0x29, 0xa7, 0xc0,
+        0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
+        0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb,
+        0x2c, 0xa7, 0xa8, 0x48, 0xcd, 0x36, 0x68, 0x01,
+        0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
+        0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0,
+        0x02, 0xba, 0xe9, 0x0a, 0xf6, 0x5c, 0x48, 0x06,
+        0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
+        0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75,
+        0x35, 0x94, 0xe6, 0xa7, 0x02, 0x76, 0x1f, 0xc9,
+        0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
+        0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa,
+        0x88, 0x09, 0xd9, 0x28, 0xc7, 0xf4, 0xcb, 0xbf,
+        0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
+        0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53,
+        0x92, 0x10, 0xc7, 0x11, 0x3b, 0xc3, 0x7b, 0x3e,
+        0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
+        0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89,
+        0xcb, 0x7c, 0x70, 0xc0, 0x23, 0x36, 0x6d, 0x78,
+        0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
+        0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6,
+        0x5a, 0x94, 0x11, 0x4f, 0xfa, 0xf6, 0x0d, 0x9a,
+        0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
+        0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3,
+        0x59, 0x9e, 0x37, 0xc7, 0x68, 0xc7, 0xbc, 0x10,
+        0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
+        0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2,
+        0x90, 0xd7, 0x89, 0x2e, 0xa8, 0x54, 0x64, 0xee,
+        0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
+        0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba,
+        0x8a, 0x95, 0x9a, 0x68, 0x09, 0x65, 0x47, 0xf6,
+        0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
+        0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a,
+        0x65, 0x6c, 0x28, 0x82, 0x8b, 0xeb, 0x91, 0x26,
+        0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
+        0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb,
+        0x95, 0x07, 0x26, 0x9d, 0xda, 0xf8, 0xc9, 0x5c,
+        0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
+        0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b,
+        0x1e, 0xee, 0xb3, 0x3e, 0xcd, 0xa7, 0x6a, 0xe9,
+        0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
+        0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c,
+        0x4c, 0x2c, 0x77, 0xce, 0x87, 0xc4, 0x1f, 0x98,
+        0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
+        0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8,
+        0x8e, 0x65, 0xda, 0x4d, 0x8e, 0xe6, 0x4f, 0x68,
+        0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
+        0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a,
+        0x00, 0x43, 0x33, 0x48, 0x93, 0x93, 0xa0, 0x74,
+        0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
+        0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72,
+        0x71, 0xc0, 0xb2, 0x7b, 0x2d, 0xba, 0xa0, 0x0d,
+        0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
+        0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8,
+        0x99, 0x12, 0x2c, 0x97, 0x96, 0xb4, 0xb0, 0x18,
+        0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
+        0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0,
+        0x0b, 0xce, 0x8c, 0xac, 0x78, 0x64, 0xcb, 0xb3,
+        0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
+        0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7,
+        0xac, 0xc9, 0xc5, 0xa1, 0x88, 0x40, 0x72, 0xd8,
+        0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
+        0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65,
+        0x12, 0x61, 0xf9, 0x62, 0xb1, 0x7a, 0x72, 0x15,
+        0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
+        0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71,
+        0x95, 0xa8, 0x5b, 0x4f, 0x98, 0xa1, 0xb5, 0x74,
+        0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
+        0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37,
+        0x48, 0xd9, 0xb5, 0xcd, 0x6c, 0x17, 0xb9, 0xb3,
+        0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
+        0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15,
+        0x78, 0x2a, 0x71, 0xcd, 0xee, 0xe7, 0x92, 0xba,
+        0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
+        0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30,
+        0xad, 0x98, 0xb4, 0x63, 0x4f, 0x64, 0xab, 0xa8,
+        0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
+        0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7,
+        0xaa, 0xc4, 0x1c, 0x82, 0x88, 0x87, 0x93, 0x18,
+        0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
+        0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29,
+        0x11, 0xd8, 0x55, 0x1e, 0x54, 0x66, 0xc5, 0x76,
+        0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
+        0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d,
+        0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d,
+        0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
+        0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28,
+        0xf5, 0x72, 0x62, 0x66, 0x13, 0x58, 0xcd, 0xe8,
+        0xd3, 0xeb, 0xf9, 0x90, 0xe5, 0xfd, 0x1d, 0x5b,
+        0x89, 0x6c, 0x99, 0x2c, 0xcf, 0xaa, 0xdb, 0x52,
+        0x56, 0xb6, 0x8b, 0xbf, 0x59, 0x43, 0xb1, 0x32,
+        0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
+        0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
+        0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
+        0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
+#endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = {
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9,
         0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67,
         0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A,
@@ -38870,155 +39949,155 @@ static wc_test_ret_t kyber768_kat(void)
         0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D,
         0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69
 #else
-        0xa4, 0x13, 0xbe, 0x81, 0x04, 0x72, 0x59, 0x20,
-        0x24, 0x01, 0xee, 0x35, 0x98, 0x9d, 0x25, 0xa3,
-        0x85, 0x6c, 0xd1, 0xc0, 0x26, 0x0c, 0xe2, 0x39,
-        0x1d, 0xe3, 0x23, 0x73, 0x6b, 0x67, 0x8f, 0x32,
-        0x80, 0x05, 0xc8, 0x21, 0xad, 0x09, 0x21, 0x80,
-        0xb4, 0x49, 0x6f, 0x21, 0x29, 0x28, 0x0f, 0x4f,
-        0x29, 0x94, 0x04, 0x36, 0x2b, 0x9d, 0x14, 0x19,
-        0x48, 0xb6, 0xbb, 0x02, 0xac, 0xd5, 0x73, 0x65,
-        0x59, 0xfc, 0x90, 0x39, 0x01, 0x8c, 0x96, 0x1d,
-        0xdd, 0xd9, 0x4e, 0xe5, 0x59, 0x19, 0x84, 0x71,
-        0xd4, 0xa0, 0x49, 0xe5, 0x47, 0xb5, 0x63, 0x6c,
-        0xf8, 0xbb, 0xf7, 0xdb, 0x1a, 0x90, 0xc7, 0x2b,
-        0x87, 0x09, 0x23, 0xdc, 0xd5, 0x4b, 0x14, 0x8c,
-        0x60, 0xc9, 0xc8, 0xee, 0x60, 0x4d, 0x30, 0xee,
-        0xbb, 0x69, 0x01, 0xe6, 0xdf, 0x25, 0x96, 0x12,
-        0x18, 0x26, 0x05, 0x8d, 0x25, 0x02, 0x9a, 0xe3,
-        0x99, 0xc9, 0x5f, 0x6a, 0xac, 0xba, 0xaf, 0xe3,
-        0x4f, 0x11, 0x8d, 0xdb, 0xa7, 0xa6, 0x9d, 0x7c,
-        0xd8, 0x99, 0xb5, 0xf4, 0xd5, 0x8d, 0x3d, 0xf2,
-        0xa8, 0x89, 0xb0, 0x30, 0xce, 0x9a, 0x7e, 0xa6,
-        0x44, 0x6d, 0x41, 0xa6, 0x0a, 0x17, 0x5f, 0x12,
-        0x7d, 0xa9, 0x4c, 0x27, 0x6b, 0xaa, 0x1e, 0xdf,
-        0xb3, 0x57, 0xd4, 0x1b, 0x28, 0x57, 0xad, 0x46,
-        0x2c, 0x83, 0xd8, 0xff, 0x00, 0x23, 0x6d, 0x9b,
-        0xac, 0x59, 0x32, 0x5e, 0x0c, 0x3b, 0xdd, 0xcb,
-        0x37, 0xbf, 0xe0, 0xfd, 0xa4, 0xe1, 0x67, 0xfc,
-        0xf6, 0xae, 0xc1, 0x49, 0xfe, 0x5f, 0x9f, 0x63,
-        0x93, 0xfc, 0x47, 0x15, 0xc6, 0x99, 0x5d, 0x67,
-        0xf2, 0xb4, 0xdd, 0xb0, 0xc7, 0x67, 0x8e, 0xe1,
-        0x40, 0xbc, 0xfd, 0xd2, 0x36, 0x5e, 0x81, 0x22,
-        0xca, 0x92, 0xcb, 0xba, 0x1a, 0xc7, 0x03, 0x35,
-        0x7e, 0xdf, 0x15, 0x21, 0x0c, 0x68, 0x92, 0x66,
-        0x9f, 0x1a, 0x2b, 0x88, 0xd7, 0x92, 0xbe, 0x7d,
-        0x9a, 0xa5, 0x6c, 0x5e, 0x8d, 0xf7, 0x58, 0xab,
-        0xb4, 0xbb, 0xae, 0x83, 0x14, 0x1d, 0x27, 0x59,
-        0xdf, 0xc4, 0xea, 0x8f, 0x2c, 0xf0, 0x0d, 0xd8,
-        0x6a, 0x73, 0x12, 0xfb, 0xae, 0xa9, 0xcf, 0xe6,
-        0xd7, 0xfd, 0x3f, 0x13, 0xfc, 0x8c, 0xb7, 0x5d,
-        0x25, 0x2c, 0xb3, 0xec, 0x7e, 0x7b, 0x37, 0xcd,
-        0x81, 0xd8, 0x8f, 0x38, 0xae, 0x59, 0x3e, 0xde,
-        0x6f, 0x8a, 0x81, 0xd5, 0x11, 0x83, 0xd7, 0xdc,
-        0x7f, 0x57, 0xab, 0xb2, 0x1c, 0xe2, 0xc5, 0x93,
-        0xdb, 0x72, 0xf0, 0xbf, 0x77, 0x9c, 0xcc, 0xc8,
-        0x24, 0x20, 0xf5, 0x3c, 0x2f, 0xe3, 0x64, 0xb1,
-        0xfd, 0x3c, 0xd2, 0xec, 0x54, 0xb9, 0x24, 0xa6,
-        0x2a, 0xfa, 0x4c, 0x31, 0x95, 0x57, 0x8e, 0x48,
-        0xaa, 0x5f, 0x50, 0x7e, 0x79, 0x28, 0xd7, 0x52,
-        0x7d, 0x65, 0x77, 0xd3, 0xfc, 0xa8, 0x7e, 0x7b,
-        0x7b, 0x19, 0xa8, 0x9f, 0x69, 0xf0, 0x01, 0x8e,
-        0xeb, 0x36, 0x87, 0x1b, 0xaa, 0xdf, 0xcc, 0x70,
-        0x94, 0xe3, 0x44, 0xfb, 0x36, 0x48, 0x1f, 0xb1,
-        0x4a, 0x5c, 0x53, 0xc3, 0x08, 0x67, 0xcf, 0x1c,
-        0x5c, 0x02, 0xcf, 0x62, 0x27, 0xf9, 0xaa, 0xe8,
-        0xd8, 0xa1, 0x2b, 0x24, 0xc5, 0xac, 0x2b, 0x8e,
-        0xb9, 0x12, 0xb8, 0x7d, 0xe8, 0x32, 0x54, 0x09,
-        0xe4, 0x40, 0xa4, 0x7b, 0x5c, 0x74, 0x23, 0x71,
-        0x79, 0xa6, 0xce, 0x55, 0x58, 0xee, 0x09, 0x10,
-        0x1c, 0xa4, 0xe6, 0x45, 0xe2, 0x4b, 0xdc, 0x28,
-        0x77, 0x87, 0x35, 0xab, 0xf9, 0x8b, 0x06, 0x88,
-        0xf6, 0x28, 0x9d, 0x50, 0x32, 0x51, 0x58, 0x2a,
-        0xab, 0x6e, 0x81, 0xce, 0xd0, 0x17, 0x98, 0x29,
-        0xf7, 0x31, 0x17, 0x31, 0xd0, 0x61, 0x5d, 0x0a,
-        0x0d, 0x95, 0x59, 0x78, 0xaa, 0xfb, 0xf8, 0xaa,
-        0x44, 0x0a, 0x5c, 0x85, 0x87, 0x0c, 0x58, 0xb3,
-        0xe5, 0xc1, 0xff, 0x92, 0x67, 0xf0, 0x94, 0xb7,
-        0x42, 0xf5, 0x16, 0xe8, 0xe9, 0x75, 0x9d, 0x0f,
-        0x88, 0x02, 0x1d, 0x99, 0xa7, 0xfd, 0x65, 0xbb,
-        0xee, 0x80, 0x12, 0x17, 0x27, 0x66, 0x56, 0xd2,
-        0x1f, 0x37, 0x34, 0xde, 0x0a, 0x55, 0x89, 0xb3,
-        0x3f, 0xe9, 0x96, 0xec, 0xb9, 0x9c, 0x0d, 0x8a,
-        0x52, 0xd5, 0x4b, 0x39, 0xdc, 0xfe, 0x70, 0x7f,
-        0xc1, 0x1e, 0x35, 0x63, 0x8a, 0x69, 0xd9, 0x08,
-        0xcc, 0xb0, 0xed, 0xac, 0xfb, 0x2a, 0xa4, 0x35,
-        0xe3, 0xbe, 0xb9, 0x81, 0xd3, 0xfd, 0xef, 0x59,
-        0xca, 0xde, 0x6f, 0x63, 0xcd, 0xa0, 0x56, 0xc5,
-        0x26, 0xcd, 0xc5, 0x5b, 0x87, 0xa3, 0xef, 0x26,
-        0x38, 0xbc, 0xae, 0xed, 0xf4, 0x06, 0x71, 0x10,
-        0x53, 0xa0, 0x9d, 0x31, 0x06, 0x99, 0xdc, 0x8e,
-        0x3d, 0x07, 0xac, 0xc1, 0x0e, 0x1e, 0xa8, 0xec,
-        0x8d, 0x51, 0xab, 0x31, 0xc0, 0x4c, 0xa8, 0x8c,
-        0x21, 0x77, 0xa5, 0x11, 0x93, 0xb4, 0x18, 0xcc,
-        0xc4, 0xb2, 0x54, 0x8e, 0xcd, 0xa8, 0x61, 0x59,
-        0x8f, 0xfa, 0xa8, 0xb1, 0x6e, 0xaf, 0x89, 0xd5,
-        0x9c, 0x84, 0x03, 0xc3, 0x9c, 0x8d, 0x94, 0xc4,
-        0x28, 0xcf, 0x19, 0x18, 0x0e, 0x14, 0x20, 0x28,
-        0x7b, 0x45, 0x5f, 0xb6, 0xe4, 0xe5, 0xbf, 0xbd,
-        0x38, 0x3a, 0xef, 0x18, 0xca, 0x99, 0xf8, 0x10,
-        0xf6, 0xce, 0xa7, 0x03, 0xbe, 0x4b, 0x9b, 0xf0,
-        0xcb, 0x6f, 0x0c, 0x53, 0x83, 0xe8, 0x3e, 0xd3,
-        0xa7, 0x23, 0xa2, 0x7d, 0x8e, 0x39, 0x91, 0x06,
-        0x76, 0x56, 0x72, 0x69, 0x25, 0xb2, 0x0f, 0xb7,
-        0x35, 0xb1, 0x27, 0x52, 0xfa, 0xcf, 0x68, 0x4e,
-        0x5c, 0x03, 0xdc, 0x5b, 0xe7, 0xa6, 0x3a, 0xf4,
-        0xbd, 0x93, 0x07, 0x54, 0xfd, 0xb5, 0xf7, 0x49,
-        0x30, 0x6c, 0x2c, 0xfa, 0x6e, 0x39, 0x89, 0x25,
-        0xc3, 0x46, 0xd9, 0xd5, 0x72, 0x92, 0x4b, 0x15,
-        0x3b, 0x76, 0x73, 0xb7, 0xa5, 0x02, 0x21, 0x40,
-        0x26, 0x4f, 0xd5, 0xa0, 0xab, 0xe0, 0x0b, 0x5d,
-        0x85, 0xc6, 0x86, 0xf2, 0x96, 0xfb, 0xc4, 0x9d,
-        0xd3, 0x15, 0x5a, 0xd2, 0xf7, 0x48, 0x25, 0x55,
-        0x06, 0x90, 0x9b, 0x35, 0x5c, 0x70, 0x60, 0xdd,
-        0xed, 0x4d, 0xd2, 0xfa, 0x21, 0xc7, 0xbf, 0x68,
-        0x12, 0x51, 0xe7, 0xd6, 0x32, 0x89, 0xe1, 0x5f,
-        0x85, 0x85, 0x4a, 0x25, 0xb4, 0xfb, 0x08, 0x5e,
-        0xf0, 0x3a, 0x03, 0xcd, 0x05, 0x0f, 0x4f, 0x50,
-        0x21, 0xd1, 0x12, 0xf3, 0x29, 0x1a, 0x9f, 0xd6,
-        0x0a, 0xd0, 0x1e, 0x0b, 0x57, 0x97, 0xe7, 0x8d,
-        0x9b, 0x94, 0xbe, 0xfe, 0x97, 0x46, 0xd7, 0x54,
-        0xe6, 0xce, 0x41, 0xda, 0x34, 0xc5, 0x7d, 0xa3,
-        0xd7, 0xde, 0xda, 0x6b, 0x23, 0x30, 0x82, 0xc4,
-        0x13, 0x76, 0x14, 0xe9, 0x64, 0xff, 0xf0, 0xe3,
-        0x84, 0x72, 0xe3, 0x6e, 0x49, 0x5f, 0x54, 0xe2,
-        0xd2, 0x37, 0x1a, 0x75, 0x81, 0xb6, 0x94, 0xcb,
-        0x26, 0x3d, 0xdf, 0x80, 0xbd, 0xd4, 0x3f, 0x63,
-        0x83, 0x57, 0x8b, 0x5e, 0x18, 0x24, 0x4a, 0x69,
-        0xca, 0xc9, 0xcd, 0xab, 0xea, 0x3d, 0x05, 0x71,
-        0x8f, 0x5c, 0x23, 0xb1, 0xd4, 0xce, 0x66, 0x84,
-        0x45, 0x75, 0x97, 0xd0, 0x12, 0x84, 0xb3, 0x8b,
-        0x9d, 0x3e, 0xb1, 0xeb, 0xa4, 0xf5, 0xbe, 0xff,
-        0x99, 0x0b, 0xb7, 0x49, 0xf0, 0x96, 0xa3, 0x0f,
-        0x1b, 0xde, 0x72, 0x4a, 0xde, 0x37, 0x89, 0xde,
-        0x5e, 0xf1, 0x83, 0xa6, 0x01, 0x63, 0xe2, 0x8f,
-        0x15, 0x84, 0x50, 0x09, 0x84, 0xca, 0x51, 0x53,
-        0x55, 0x5c, 0x38, 0xc6, 0x16, 0x49, 0x68, 0x3a,
-        0x72, 0x79, 0x21, 0xff, 0xcc, 0xe3, 0x00, 0x7c,
-        0x26, 0x77, 0x83, 0xbd, 0xdb, 0xdb, 0x9d, 0xe4,
-        0x88, 0x80, 0xc4, 0xe8, 0x45, 0x2d, 0xab, 0x29,
-        0xe7, 0xc4, 0xf8, 0xd1, 0xd5, 0xdf, 0xd3, 0x03,
-        0xa9, 0x08, 0xb1, 0xce, 0x08, 0xbe, 0x0b, 0x9f,
-        0xae, 0x98, 0x89, 0x4d, 0xcb, 0x26, 0x92, 0xd0,
-        0xb3, 0x2f, 0xa3, 0x9d, 0xa9, 0x8b, 0xd4, 0xff,
-        0x0e, 0xa1, 0x0f, 0x0b, 0x43, 0x8a, 0x49, 0x71,
-        0xa7, 0xfc, 0x47, 0x18, 0x2f, 0xbe, 0x52, 0xd6,
-        0xde, 0x71, 0xfe, 0xe3, 0xe8, 0x24, 0xa3, 0x9f,
-        0x19, 0xc2, 0x7f, 0x51, 0xae, 0xc6, 0xd9, 0x2b,
-        0xc7, 0xf8, 0xb8, 0xf0, 0x71, 0x84, 0x7b, 0xca
+        0xc8, 0x39, 0x10, 0x85, 0xb8, 0xd3, 0xea, 0x97,
+        0x94, 0x21, 0x25, 0x41, 0xb2, 0x91, 0x4f, 0x08,
+        0x96, 0x4d, 0x33, 0x52, 0x1d, 0x3f, 0x67, 0xad,
+        0x66, 0x09, 0x6e, 0xbf, 0xb1, 0xf7, 0x06, 0x42,
+        0x4b, 0x49, 0x55, 0x8f, 0x75, 0x5b, 0x56, 0x25,
+        0xba, 0xe2, 0x36, 0xf2, 0xe0, 0x07, 0x96, 0x01,
+        0xc7, 0x66, 0xf7, 0xd9, 0x60, 0x80, 0x8f, 0x7e,
+        0x2b, 0xb0, 0xc7, 0xa5, 0xe0, 0x66, 0xed, 0x34,
+        0x6d, 0xe6, 0x28, 0xf8, 0xc5, 0x7e, 0xeb, 0xab,
+        0xbb, 0x0c, 0x22, 0xd9, 0x11, 0x54, 0x84, 0x63,
+        0x69, 0x3e, 0xf3, 0xce, 0x52, 0xa5, 0x3f, 0x7f,
+        0xf4, 0x15, 0xf0, 0x0e, 0x65, 0x7a, 0xe1, 0xc5,
+        0xa4, 0x8f, 0xa5, 0xec, 0x6e, 0x4b, 0xe5, 0xcf,
+        0x46, 0x2d, 0xaf, 0xfc, 0x84, 0xd2, 0xf6, 0xd5,
+        0xff, 0x55, 0xdc, 0x9b, 0xbe, 0x8b, 0xb0, 0xd7,
+        0x25, 0xec, 0x64, 0xfd, 0x4c, 0xd4, 0xbd, 0x8d,
+        0xba, 0x0a, 0x84, 0x4e, 0x8b, 0x5c, 0xe4, 0xb6,
+        0xa2, 0x89, 0x34, 0xd7, 0xf7, 0xa0, 0x50, 0x99,
+        0x1f, 0xe1, 0x85, 0xb5, 0x06, 0xb4, 0x51, 0xda,
+        0xbf, 0xad, 0x52, 0xd5, 0x2c, 0xb2, 0x11, 0x4c,
+        0xa7, 0xd9, 0xa5, 0xcf, 0x98, 0x6c, 0x8f, 0xdc,
+        0x1b, 0xc1, 0x0e, 0xc0, 0xc1, 0x86, 0x9e, 0x50,
+        0xc0, 0x3c, 0x55, 0xa7, 0x61, 0x92, 0xa1, 0x04,
+        0x9a, 0xca, 0x63, 0x6b, 0xa9, 0x02, 0x0b, 0xda,
+        0xa8, 0xd0, 0xf5, 0x8c, 0x76, 0x3b, 0x0b, 0x89,
+        0x84, 0x5c, 0xa0, 0x6d, 0x4c, 0x4d, 0xdc, 0x21,
+        0x43, 0x3e, 0x16, 0xb9, 0xc6, 0x2e, 0x44, 0x87,
+        0x1f, 0xdb, 0xc0, 0x5b, 0xa2, 0x18, 0xaf, 0x87,
+        0x1f, 0xdd, 0x7d, 0xcf, 0xa4, 0x64, 0xe6, 0x0f,
+        0xaa, 0x52, 0x65, 0x26, 0x4c, 0xe1, 0x39, 0x1b,
+        0xd9, 0xa8, 0xc5, 0xfa, 0xa7, 0x62, 0x6d, 0x5f,
+        0x15, 0x9b, 0x98, 0x05, 0xb9, 0x75, 0x71, 0x0a,
+        0x35, 0x03, 0xa0, 0xb8, 0x58, 0xa1, 0x1c, 0x6a,
+        0x64, 0x7c, 0xc0, 0xe1, 0x9a, 0xc8, 0x8b, 0x1b,
+        0xe9, 0x05, 0x6c, 0x95, 0xb4, 0xd2, 0x08, 0x7d,
+        0x09, 0x51, 0xd1, 0xd2, 0xf4, 0x99, 0x24, 0x91,
+        0x11, 0x7e, 0x63, 0x47, 0x79, 0x4b, 0xa5, 0x45,
+        0x71, 0xec, 0x49, 0xbb, 0xa7, 0x1a, 0xf3, 0x41,
+        0x3d, 0x38, 0xa3, 0x0b, 0xf5, 0x87, 0x22, 0x48,
+        0xd1, 0xf6, 0xd0, 0x7c, 0x86, 0xba, 0xf7, 0x82,
+        0xe7, 0x3d, 0x26, 0x37, 0xf0, 0x43, 0xd3, 0x41,
+        0xa0, 0x09, 0x21, 0x85, 0x7d, 0x8b, 0x21, 0xdd,
+        0xf3, 0xe1, 0xd6, 0x31, 0x00, 0x36, 0xed, 0x27,
+        0xaf, 0x49, 0xe5, 0xde, 0x1b, 0x90, 0x0f, 0xe4,
+        0xde, 0x79, 0x80, 0x8f, 0xf2, 0x9f, 0x95, 0x70,
+        0x85, 0x96, 0x12, 0xb1, 0x5a, 0xdc, 0x01, 0xfb,
+        0xb2, 0x65, 0xb3, 0x05, 0xb1, 0xe3, 0xa1, 0x2a,
+        0xe4, 0x19, 0xda, 0x5b, 0x74, 0x26, 0x1f, 0xa2,
+        0x84, 0xc1, 0x01, 0xda, 0x3d, 0x8d, 0xca, 0x8b,
+        0x2e, 0x45, 0x21, 0xac, 0xa5, 0x71, 0xef, 0x44,
+        0xa0, 0x58, 0xe8, 0x44, 0xff, 0x32, 0xb1, 0x6d,
+        0x5a, 0xae, 0xa0, 0x5f, 0x7f, 0x3a, 0xf8, 0xe2,
+        0xab, 0x16, 0x22, 0x2e, 0x34, 0x76, 0x62, 0xed,
+        0xdf, 0xb8, 0x91, 0xd0, 0xec, 0xc2, 0xa5, 0x5c,
+        0x56, 0x38, 0xf9, 0xdd, 0xe9, 0x2d, 0x9a, 0x3d,
+        0x54, 0x4a, 0x5f, 0x90, 0x1a, 0xc5, 0x01, 0xac,
+        0xd1, 0xea, 0x6a, 0x01, 0x02, 0x01, 0xfc, 0xb1,
+        0x0a, 0xd7, 0x02, 0xc4, 0x25, 0xa9, 0x4b, 0xdf,
+        0x58, 0x90, 0xd5, 0x00, 0xa2, 0xa1, 0x47, 0xee,
+        0xe1, 0xd1, 0xfc, 0xba, 0x8c, 0x3a, 0xbe, 0x7c,
+        0x2d, 0xfe, 0x70, 0xf3, 0x46, 0xf0, 0x33, 0xd8,
+        0x16, 0xa0, 0xb2, 0x79, 0x1b, 0x4f, 0x0b, 0x2d,
+        0x95, 0x6d, 0x9e, 0xe5, 0x97, 0x17, 0x15, 0x39,
+        0x9a, 0x56, 0x88, 0x30, 0x24, 0x95, 0xe2, 0xe0,
+        0x7c, 0x1c, 0x8c, 0x01, 0x52, 0x71, 0x84, 0xbc,
+        0xd0, 0xc2, 0x08, 0xbc, 0x15, 0x9f, 0x2e, 0x13,
+        0x31, 0x8c, 0x0b, 0xb3, 0xdd, 0x24, 0xa6, 0xa7,
+        0xfc, 0x84, 0x9f, 0x83, 0x38, 0x5e, 0xd4, 0xdb,
+        0xa0, 0x7f, 0xe1, 0xd7, 0xbd, 0x56, 0x40, 0xcc,
+        0x9e, 0xd5, 0xcc, 0xfd, 0xd6, 0x87, 0x63, 0xcb,
+        0x0d, 0x0e, 0xdf, 0x61, 0xb2, 0x92, 0x17, 0x7f,
+        0xc1, 0xd2, 0xd3, 0xc1, 0x1d, 0xd0, 0x49, 0x50,
+        0x56, 0xbc, 0xb1, 0x25, 0x58, 0xae, 0xbc, 0xfd,
+        0xde, 0xf9, 0xfe, 0xb4, 0xae, 0xbc, 0x57, 0xaf,
+        0xd9, 0x02, 0x3c, 0x65, 0xcf, 0xe6, 0x5a, 0x24,
+        0xe3, 0x3f, 0x1b, 0x00, 0x11, 0x1e, 0x92, 0xe6,
+        0x3e, 0x01, 0x1e, 0xaf, 0x0b, 0x21, 0x2c, 0xf9,
+        0x57, 0x43, 0xcd, 0x07, 0xf5, 0x18, 0x9e, 0xce,
+        0x1f, 0x20, 0x5b, 0x7f, 0x6f, 0xcb, 0x2e, 0x6b,
+        0x19, 0x61, 0xb5, 0x40, 0x4c, 0xeb, 0xe4, 0x7c,
+        0x8c, 0xd1, 0x3b, 0x85, 0x99, 0xd5, 0xb4, 0x9e,
+        0x6d, 0x87, 0xee, 0xda, 0x36, 0xe9, 0xb8, 0xfc,
+        0x4c, 0x00, 0x63, 0x58, 0x96, 0xaa, 0x2b, 0x75,
+        0x89, 0x6e, 0x33, 0x6d, 0x1b, 0x61, 0x2e, 0xe1,
+        0x3d, 0xb8, 0x11, 0xe1, 0xf0, 0x7e, 0x61, 0x74,
+        0x8d, 0x92, 0x0f, 0x48, 0x65, 0xf3, 0xf1, 0x17,
+        0x41, 0x39, 0x9d, 0xc6, 0x16, 0x2c, 0x91, 0xca,
+        0x16, 0x8a, 0x02, 0x32, 0x9d, 0xff, 0x82, 0x1d,
+        0x58, 0x19, 0x87, 0x12, 0xdd, 0x55, 0x8a, 0xbb,
+        0x09, 0x9b, 0x3a, 0x0b, 0xaf, 0x9d, 0xa1, 0xb7,
+        0x30, 0xb2, 0xaa, 0x73, 0xbc, 0xf5, 0x8d, 0x74,
+        0xf3, 0x57, 0xb0, 0x6f, 0x72, 0x11, 0xc8, 0x04,
+        0xb6, 0xc8, 0xaf, 0x16, 0xff, 0x35, 0x09, 0xfa,
+        0xd1, 0xd3, 0x5b, 0x14, 0xbf, 0xdc, 0xed, 0x7d,
+        0xb8, 0xa6, 0xa2, 0x5c, 0x48, 0xe5, 0x95, 0x64,
+        0x80, 0x72, 0x4d, 0xaa, 0x05, 0x7c, 0xd6, 0x60,
+        0xb6, 0x7e, 0xe3, 0xe4, 0x72, 0x57, 0x41, 0x82,
+        0x67, 0x9d, 0x48, 0x58, 0x38, 0xa6, 0x47, 0x6e,
+        0xac, 0x02, 0x14, 0x10, 0x75, 0xc8, 0x12, 0xaf,
+        0x79, 0x67, 0xba, 0x7c, 0x91, 0x85, 0xcc, 0x2a,
+        0xbd, 0x2a, 0x45, 0x45, 0xb8, 0x0f, 0x3d, 0x31,
+        0x04, 0xd5, 0x8d, 0x65, 0x4a, 0x57, 0x79, 0x2d,
+        0xcf, 0xab, 0xbe, 0x9c, 0x07, 0x15, 0xe8, 0xde,
+        0x2e, 0xf8, 0x1e, 0xf4, 0x04, 0xc8, 0x16, 0x8f,
+        0xd7, 0xa4, 0x3e, 0xfa, 0xb3, 0xd4, 0x48, 0xe6,
+        0x86, 0xa0, 0x88, 0xef, 0xd2, 0x6a, 0x26, 0x15,
+        0x99, 0x48, 0x92, 0x67, 0x23, 0xd7, 0xec, 0xcc,
+        0x39, 0xe3, 0xc1, 0xb7, 0x19, 0xcf, 0x8b, 0xec,
+        0xb7, 0xbe, 0x7e, 0x96, 0x4f, 0x22, 0xcd, 0x8c,
+        0xb1, 0xb7, 0xe2, 0x5e, 0x80, 0x0e, 0xa9, 0x7d,
+        0x60, 0xa6, 0x4c, 0xc0, 0xbb, 0xd9, 0xcb, 0x40,
+        0x7a, 0x3a, 0xb9, 0xf8, 0x8f, 0x5e, 0x29, 0x16,
+        0x9e, 0xea, 0xfd, 0x4e, 0x03, 0x22, 0xfd, 0xe6,
+        0x59, 0x0a, 0xe0, 0x93, 0xce, 0x8f, 0xee, 0xae,
+        0x98, 0xb6, 0x22, 0xca, 0xa7, 0x55, 0x6f, 0xf4,
+        0x26, 0xc9, 0xe7, 0xa4, 0x04, 0xce, 0x69, 0x35,
+        0x58, 0x30, 0xa7, 0xa6, 0x77, 0x67, 0xa7, 0x6c,
+        0x7d, 0x9a, 0x97, 0xb8, 0x4b, 0xfc, 0xf5, 0x0a,
+        0x02, 0xf7, 0x5c, 0x23, 0x5d, 0x2f, 0x9c, 0x67,
+        0x11, 0x38, 0x04, 0x9f, 0xfc, 0x7c, 0x80, 0x55,
+        0x92, 0x6c, 0x03, 0xeb, 0x3f, 0xb8, 0x7f, 0x96,
+        0x95, 0x18, 0x5a, 0x42, 0xec, 0xa9, 0xa4, 0x16,
+        0x55, 0x87, 0x3d, 0x30, 0xa6, 0xb3, 0xbf, 0x42,
+        0x8b, 0x24, 0x62, 0x23, 0x48, 0x4a, 0x8f, 0xf6,
+        0x1e, 0xe3, 0xee, 0xaf, 0xff, 0x10, 0xe9, 0x9c,
+        0x2c, 0x13, 0xa7, 0x62, 0x84, 0xd0, 0x63, 0xe5,
+        0x6a, 0xb7, 0x11, 0xa3, 0x5a, 0x85, 0xb5, 0x38,
+        0x3d, 0xf8, 0x1d, 0xa2, 0x34, 0x90, 0xf6, 0x6e,
+        0x8e, 0xa3, 0xfc, 0xba, 0x06, 0x7f, 0x55, 0x30,
+        0xc6, 0x54, 0x1c, 0x2b, 0x8f, 0x74, 0x71, 0x7c,
+        0x35, 0x02, 0x3e, 0x7b, 0x9b, 0x39, 0x56, 0xc3,
+        0xee, 0x2f, 0xf8, 0x4b, 0xa0, 0x3c, 0xcf, 0x4b,
+        0x4b, 0x53, 0x21, 0xb9, 0x24, 0x08, 0x95, 0x48,
+        0x1b, 0xc6, 0xd6, 0x3c, 0x16, 0x93, 0xc1, 0x84,
+        0x78, 0x52, 0xf8, 0xe9, 0x7f, 0x50, 0xa1, 0x33,
+        0x53, 0x2a, 0xc3, 0xee, 0x1e, 0x52, 0xd4, 0x64
 #endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = {
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73,
         0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28,
         0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7,
         0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29
 #else
-        0x72, 0x9f, 0xa0, 0x6a, 0xc9, 0x3c, 0x5e, 0xfd,
-        0xfb, 0xf1, 0x27, 0x2a, 0x96, 0xce, 0xf1, 0x67,
-        0xa3, 0x93, 0x94, 0x7a, 0xb7, 0xdc, 0x2d, 0x11,
-        0xed, 0x7d, 0xe8, 0xac, 0x3c, 0x94, 0x7f, 0xa8
+        0xe7, 0x18, 0x4a, 0x09, 0x75, 0xee, 0x34, 0x70,
+        0x87, 0x8d, 0x2d, 0x15, 0x9e, 0xc8, 0x31, 0x29,
+        0xc8, 0xae, 0xc2, 0x53, 0xd4, 0xee, 0x17, 0xb4,
+        0x81, 0x03, 0x11, 0xd1, 0x98, 0xcd, 0x03, 0x68
 #endif
     };
 
@@ -39138,6 +40217,7 @@ static wc_test_ret_t kyber1024_kat(void)
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = {
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
         0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
         0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
@@ -39334,8 +40414,207 @@ static wc_test_ret_t kyber1024_kat(void)
         0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
+#else
+        0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48,
+        0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0,
+        0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
+        0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4,
+        0x64, 0x60, 0xc3, 0x18, 0x3d, 0x2b, 0xcd, 0x6d,
+        0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
+        0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2,
+        0x3a, 0x3e, 0x8c, 0x33, 0x0d, 0x74, 0x21, 0x59,
+        0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
+        0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75,
+        0x34, 0x99, 0xc0, 0x45, 0x2e, 0x45, 0x38, 0x15,
+        0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
+        0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27,
+        0xb3, 0x8c, 0x67, 0x45, 0xf2, 0x94, 0x40, 0x16,
+        0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
+        0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05,
+        0x0f, 0xfa, 0x8a, 0x06, 0xfa, 0x15, 0x4a, 0x49,
+        0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
+        0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2,
+        0xc4, 0xb6, 0x20, 0x1d, 0xda, 0x80, 0xc9, 0xab,
+        0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
+        0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2,
+        0x69, 0x3f, 0x31, 0x97, 0x39, 0xf4, 0x0c, 0x4f,
+        0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
+        0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5,
+        0x6a, 0xc7, 0x46, 0x80, 0x1a, 0xcc, 0xcc, 0x84,
+        0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
+        0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66,
+        0x50, 0x48, 0x2c, 0x8d, 0x9d, 0x95, 0x87, 0xbc,
+        0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
+        0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0,
+        0x3a, 0x48, 0xd4, 0xb7, 0x44, 0x25, 0xc2, 0x6e,
+        0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
+        0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82,
+        0x17, 0xd8, 0x68, 0xc7, 0xf5, 0x00, 0x2a, 0xbe,
+        0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
+        0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1,
+        0x0e, 0x08, 0xec, 0xcc, 0xed, 0x3c, 0x1f, 0x7d,
+        0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
+        0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98,
+        0x70, 0x58, 0x5c, 0x39, 0xd5, 0x58, 0x9a, 0x50,
+        0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
+        0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8,
+        0x1b, 0x63, 0x37, 0xb5, 0x7d, 0xa3, 0xc3, 0x76,
+        0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
+        0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71,
+        0x89, 0x6f, 0xf5, 0x89, 0xd4, 0xb8, 0x93, 0xe7,
+        0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
+        0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c,
+        0x74, 0x69, 0x80, 0xc1, 0x2a, 0xa6, 0xb9, 0x5e,
+        0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
+        0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47,
+        0x31, 0x23, 0x82, 0xca, 0x36, 0x5c, 0x5f, 0x35,
+        0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
+        0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c,
+        0x1e, 0x8a, 0x17, 0x6b, 0x79, 0x49, 0x95, 0x8f,
+        0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
+        0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39,
+        0xc8, 0x26, 0xcb, 0x50, 0x82, 0x08, 0x60, 0x77,
+        0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
+        0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30,
+        0x9b, 0x14, 0xb0, 0x86, 0xd6, 0xe9, 0x23, 0xc5,
+        0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
+        0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7,
+        0x2c, 0x9f, 0xda, 0x1c, 0xb3, 0xfb, 0x9b, 0xa0,
+        0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
+        0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56,
+        0x47, 0x8a, 0xc0, 0x44, 0xef, 0x34, 0x56, 0x37,
+        0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
+        0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08,
+        0x05, 0xd2, 0xd3, 0x2f, 0xfc, 0x62, 0xbf, 0x0c,
+        0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
+        0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00,
+        0x62, 0x58, 0x38, 0x65, 0x38, 0x1c, 0x74, 0xdd,
+        0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
+        0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25,
+        0x52, 0xa8, 0xf4, 0xb7, 0x88, 0xb4, 0xaf, 0xd1,
+        0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
+        0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94,
+        0x9a, 0x75, 0x58, 0x0d, 0x04, 0x96, 0x39, 0x85,
+        0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
+        0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56,
+        0xa5, 0xd6, 0x7c, 0x7e, 0xb5, 0x24, 0x10, 0xeb,
+        0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
+        0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26,
+        0x93, 0x8d, 0x34, 0x94, 0x3c, 0x38, 0x08, 0xc7,
+        0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
+        0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3,
+        0x34, 0x0b, 0xaa, 0x8d, 0x2e, 0x65, 0x34, 0x4f,
+        0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
+        0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93,
+        0x27, 0xf9, 0x18, 0x9f, 0x7e, 0x10, 0x85, 0x6b,
+        0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
+        0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7,
+        0x18, 0x50, 0xb2, 0x2e, 0x04, 0x59, 0x28, 0x27,
+        0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
+        0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76,
+        0x2d, 0xc5, 0xf2, 0x0b, 0xd5, 0xd2, 0xab, 0x5b,
+        0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
+        0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a,
+        0x0d, 0x80, 0x23, 0xbe, 0xd1, 0xf5, 0xca, 0xe8,
+        0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
+        0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b,
+        0x6a, 0xa0, 0x48, 0x98, 0x92, 0x33, 0x07, 0x9a,
+        0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
+        0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53,
+        0x75, 0x36, 0xe4, 0x6f, 0x3a, 0x6a, 0x97, 0xe7,
+        0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
+        0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87,
+        0x1f, 0x5e, 0xf9, 0xb4, 0x35, 0x50, 0x73, 0xb5,
+        0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
+        0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13,
+        0xb3, 0x55, 0x07, 0xb0, 0xdf, 0x57, 0x8c, 0xe2,
+        0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
+        0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c,
+        0xaf, 0x92, 0xf6, 0x9a, 0x75, 0x16, 0x14, 0x06,
+        0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
+        0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4,
+        0x9a, 0x81, 0x66, 0x1a, 0xa6, 0x5a, 0xc0, 0x9b,
+        0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
+        0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2,
+        0xbf, 0x0f, 0x84, 0x24, 0xa1, 0x9b, 0x74, 0x08,
+        0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
+        0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12,
+        0x98, 0x61, 0x1a, 0x7f, 0x5f, 0x60, 0x92, 0x2b,
+        0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
+        0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31,
+        0x8b, 0x50, 0x77, 0x33, 0x45, 0xc9, 0x97, 0x46,
+        0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
+        0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5,
+        0x09, 0x8b, 0xd4, 0x89, 0xd6, 0x96, 0xa0, 0xf7,
+        0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
+        0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04,
+        0x72, 0x05, 0x63, 0x32, 0x12, 0x31, 0x0e, 0xe9,
+        0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
+        0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07,
+        0x2e, 0xab, 0xe2, 0x37, 0x31, 0xe3, 0x4a, 0xf7,
+        0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
+        0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b,
+        0xc8, 0x37, 0x57, 0x84, 0x47, 0xaa, 0xcf, 0xae,
+        0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
+        0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6,
+        0x99, 0x77, 0x98, 0x50, 0x29, 0x5c, 0xa7, 0x2d,
+        0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
+        0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5,
+        0x08, 0x17, 0xba, 0x25, 0x5c, 0x74, 0x74, 0xc9,
+        0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
+        0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26,
+        0x5c, 0x04, 0x83, 0xa6, 0x5c, 0xa4, 0x51, 0x4e,
+        0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
+        0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb,
+        0xb2, 0x10, 0x35, 0x3e, 0xfa, 0x1a, 0xa8, 0x66,
+        0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
+        0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76,
+        0x5f, 0xf6, 0x0b, 0x3b, 0x80, 0x19, 0x84, 0xa9,
+        0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
+        0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5,
+        0x82, 0x58, 0xb4, 0xaf, 0x71, 0x22, 0x1c, 0xd1,
+        0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
+        0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc,
+        0xca, 0x70, 0x29, 0xa2, 0x30, 0xd6, 0x39, 0xdc,
+        0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
+        0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7,
+        0xbb, 0x10, 0xe3, 0x03, 0x01, 0xa6, 0x5c, 0xae,
+        0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
+        0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4,
+        0xa0, 0x6c, 0x81, 0x66, 0xd0, 0xb0, 0xb8, 0x12,
+        0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
+        0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c,
+        0x68, 0x53, 0x68, 0x55, 0x23, 0x43, 0xbb, 0x60,
+        0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
+        0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74,
+        0xba, 0x0a, 0x55, 0x1e, 0x18, 0x46, 0x20, 0xfe,
+        0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
+        0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6,
+        0x71, 0xa1, 0x53, 0x76, 0xe5, 0xa6, 0x74, 0x7a,
+        0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
+        0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37,
+        0x78, 0x70, 0xa6, 0x0a, 0x7a, 0x18, 0x96, 0x83,
+        0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
+        0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05,
+        0xc4, 0x2d, 0xd2, 0x86, 0x33, 0x56, 0x94, 0x72,
+        0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
+        0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4,
+        0x6f, 0xa7, 0x22, 0x44, 0x61, 0xa5, 0xcc, 0x27,
+        0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
+        0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8,
+        0xce, 0x91, 0xc1, 0x34, 0xa6, 0x38, 0x6f, 0x86,
+        0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
+        0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b,
+        0x53, 0xd2, 0x29, 0x3d, 0xf3, 0xe9, 0xa8, 0x22,
+        0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
+        0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e,
+        0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38,
+        0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
+        0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb
+#endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = {
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
         0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
         0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
@@ -39732,9 +41011,407 @@ static wc_test_ret_t kyber1024_kat(void)
         0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
+#else
+        0x43, 0x3a, 0x70, 0xee, 0x69, 0x50, 0xf9, 0x88,
+        0x2a, 0xcd, 0xd5, 0xa4, 0x78, 0x20, 0xa6, 0xa8,
+        0x16, 0x37, 0x08, 0xf0, 0x4d, 0x45, 0x7c, 0x77,
+        0x99, 0x79, 0xb8, 0x3f, 0xe1, 0x17, 0x22, 0x47,
+        0x01, 0x49, 0x08, 0x30, 0x38, 0x66, 0x37, 0xda,
+        0x33, 0x2e, 0x74, 0xb1, 0xae, 0xda, 0x0b, 0x2f,
+        0x81, 0xca, 0x4f, 0x9b, 0xb2, 0xc2, 0xb0, 0x2b,
+        0x0c, 0xfd, 0x68, 0x0c, 0x11, 0x48, 0x2f, 0x33,
+        0x5a, 0xcf, 0x7b, 0x91, 0x39, 0xb5, 0xb8, 0x8a,
+        0x34, 0xe3, 0x54, 0x2c, 0x68, 0x61, 0x37, 0x75,
+        0x45, 0x98, 0x33, 0x43, 0xcd, 0x82, 0x94, 0x14,
+        0xe4, 0x78, 0x64, 0x21, 0x2e, 0x78, 0xf8, 0x55,
+        0xf5, 0x23, 0x90, 0x37, 0x9a, 0xcc, 0x3a, 0x62,
+        0x95, 0x31, 0x31, 0xb6, 0x3e, 0xe8, 0x32, 0xad,
+        0xb3, 0xbf, 0x4b, 0xf5, 0x8e, 0x24, 0x73, 0x49,
+        0xb5, 0xe0, 0x97, 0xe5, 0x5a, 0xbe, 0x49, 0x7b,
+        0x15, 0x98, 0x23, 0x73, 0xae, 0x73, 0x2e, 0x04,
+        0x39, 0xac, 0x67, 0xd0, 0x5c, 0x7f, 0x03, 0x7c,
+        0x8a, 0x73, 0x9b, 0x18, 0x14, 0x0e, 0x14, 0x4c,
+        0x85, 0x1d, 0xc9, 0x61, 0x1f, 0x4b, 0xcf, 0x04,
+        0xf3, 0xa2, 0x09, 0x3c, 0x19, 0x7b, 0xd6, 0x3b,
+        0xb5, 0xe6, 0x19, 0x01, 0x00, 0x54, 0x5f, 0xf8,
+        0x1d, 0xb7, 0xfc, 0xcd, 0xdd, 0x9a, 0x32, 0x4b,
+        0x0b, 0xac, 0x3c, 0x2c, 0x23, 0x82, 0x28, 0x40,
+        0x58, 0xf0, 0x8b, 0x96, 0x19, 0x52, 0xc0, 0x94,
+        0x01, 0x9c, 0x10, 0xbe, 0x37, 0xa5, 0x3d, 0x5a,
+        0xc7, 0x94, 0xc0, 0x10, 0xa9, 0xd0, 0x82, 0x1f,
+        0x15, 0x02, 0x7a, 0x1c, 0x41, 0x9c, 0x3c, 0x71,
+        0xc9, 0xa1, 0xd2, 0x8a, 0xed, 0x02, 0x59, 0x7a,
+        0xb7, 0x9b, 0x87, 0x53, 0x94, 0x62, 0x6b, 0xa3,
+        0x9a, 0xdc, 0x09, 0x0c, 0x3a, 0x90, 0xcf, 0x75,
+        0x87, 0x1a, 0x65, 0x27, 0x5e, 0xb1, 0xc5, 0xb0,
+        0x33, 0x72, 0xe1, 0x3a, 0x1a, 0x23, 0xd0, 0xcf,
+        0x93, 0x74, 0x11, 0x1f, 0x80, 0xcc, 0x83, 0xa9,
+        0x05, 0x62, 0x2b, 0x83, 0xfc, 0x51, 0x39, 0x71,
+        0xec, 0x84, 0x19, 0xf0, 0x88, 0x0c, 0x30, 0x67,
+        0x63, 0x36, 0x71, 0xb0, 0x9b, 0x54, 0x56, 0xab,
+        0x60, 0x57, 0x93, 0x6d, 0x19, 0xa4, 0xa2, 0xa2,
+        0x67, 0x91, 0x1b, 0x00, 0x0a, 0x13, 0x95, 0x6f,
+        0xbd, 0x49, 0x38, 0x21, 0xda, 0x07, 0x2c, 0x04,
+        0x64, 0x2b, 0x0c, 0x20, 0xda, 0x6c, 0xc0, 0xd9,
+        0xd8, 0x64, 0xa3, 0x93, 0x65, 0xdf, 0xd6, 0x4f,
+        0x10, 0x18, 0x78, 0x25, 0xfa, 0x33, 0x25, 0x07,
+        0x49, 0xcb, 0xc0, 0xc9, 0x05, 0xd7, 0xb1, 0xff,
+        0x3c, 0xae, 0x24, 0x12, 0xbf, 0x86, 0xb8, 0x1a,
+        0x81, 0x7b, 0x86, 0xba, 0xa3, 0x0e, 0xdf, 0x78,
+        0x62, 0xe5, 0xf6, 0xba, 0xc9, 0x87, 0x26, 0xe5,
+        0x6b, 0x3c, 0xec, 0x60, 0x66, 0x4c, 0xaa, 0x2a,
+        0x7d, 0xf6, 0x70, 0xc5, 0xe2, 0x07, 0xdf, 0xac,
+        0x03, 0x82, 0x4c, 0x89, 0x89, 0x7c, 0xb4, 0x90,
+        0xea, 0xa7, 0x65, 0x21, 0x22, 0x2c, 0x86, 0x20,
+        0x51, 0x69, 0xc9, 0x1c, 0x32, 0x9c, 0x4a, 0x18,
+        0x4d, 0x78, 0x72, 0x1a, 0xf8, 0x36, 0xad, 0x4d,
+        0xb0, 0xca, 0x78, 0x46, 0x4d, 0x41, 0x71, 0x47,
+        0x30, 0x12, 0xb7, 0xd1, 0x83, 0xba, 0xfa, 0x62,
+        0x75, 0x85, 0xc6, 0x4b, 0xe3, 0x80, 0x9d, 0x7e,
+        0x60, 0x04, 0xcb, 0xdc, 0x79, 0xa5, 0x46, 0x0f,
+        0x0a, 0xd6, 0x77, 0xcb, 0x71, 0x65, 0x12, 0x40,
+        0x7d, 0x3a, 0x61, 0x9a, 0xd0, 0x95, 0x43, 0xb7,
+        0x39, 0x54, 0x74, 0x72, 0xa7, 0x06, 0xb3, 0x17,
+        0xa5, 0x09, 0xbe, 0x5d, 0x86, 0x1f, 0xd6, 0x6c,
+        0x7d, 0x0e, 0xd9, 0x4c, 0xd5, 0x00, 0x47, 0x95,
+        0xc1, 0x81, 0x59, 0xe3, 0xa3, 0x3d, 0x79, 0x87,
+        0x11, 0x52, 0x5f, 0x16, 0x35, 0xa6, 0x84, 0x28,
+        0x17, 0x29, 0x23, 0x24, 0x96, 0x35, 0xaa, 0xd0,
+        0x32, 0xb9, 0xe5, 0x66, 0x64, 0xbd, 0xd4, 0x8e,
+        0xd2, 0x4a, 0xc7, 0x5c, 0x64, 0x68, 0xd1, 0x90,
+        0x3e, 0x47, 0x10, 0x86, 0xc5, 0xf1, 0x56, 0x7e,
+        0x83, 0x1a, 0x05, 0x08, 0xc5, 0x39, 0x63, 0x25,
+        0x91, 0xab, 0x57, 0x7d, 0x32, 0x4a, 0x82, 0x42,
+        0x97, 0x25, 0x80, 0x99, 0x50, 0x76, 0x1d, 0x84,
+        0x34, 0x28, 0x8c, 0x14, 0x03, 0x4f, 0x1c, 0x06,
+        0xc1, 0xd0, 0xaa, 0xe0, 0x9a, 0x71, 0xc7, 0x40,
+        0xa5, 0x57, 0x01, 0xc2, 0x8f, 0xf8, 0x44, 0x99,
+        0xf2, 0xbb, 0x18, 0xb6, 0x62, 0x8c, 0xaa, 0xa3,
+        0xfe, 0x75, 0xac, 0x4d, 0xe0, 0x4c, 0x6f, 0x91,
+        0x39, 0x00, 0xd8, 0x6c, 0x88, 0x12, 0x62, 0x52,
+        0xa1, 0x7c, 0x4d, 0x30, 0x39, 0x91, 0xdb, 0x02,
+        0x87, 0x12, 0x08, 0x81, 0xbb, 0x88, 0x47, 0x8a,
+        0xaa, 0x9a, 0xf9, 0xbc, 0x53, 0xd3, 0x72, 0x98,
+        0x43, 0x85, 0x8f, 0xdb, 0x46, 0x48, 0x05, 0x9c,
+        0xac, 0x82, 0xc1, 0xa1, 0x08, 0x78, 0xba, 0x39,
+        0x82, 0x3b, 0x04, 0x1b, 0xd0, 0xe2, 0x58, 0x48,
+        0x7b, 0x56, 0xcc, 0x8a, 0x32, 0x20, 0xc1, 0xa5,
+        0x8b, 0xf6, 0x6a, 0x17, 0x2b, 0x5b, 0x9a, 0x0c,
+        0x63, 0x2d, 0x67, 0x4e, 0xae, 0x88, 0x5a, 0x01,
+        0x5c, 0x4e, 0x37, 0xba, 0x07, 0x36, 0x80, 0xbe,
+        0xde, 0x75, 0x34, 0xf3, 0xe3, 0x4b, 0x60, 0x50,
+        0xc8, 0x6b, 0x21, 0xc3, 0xc0, 0x90, 0x94, 0x1f,
+        0x23, 0xb7, 0xf6, 0x73, 0x1e, 0x2b, 0xda, 0x0e,
+        0x6e, 0xa4, 0x64, 0x67, 0x71, 0xce, 0xc5, 0x72,
+        0xb9, 0x8c, 0xa0, 0xa1, 0x58, 0x91, 0x9a, 0xdb,
+        0xeb, 0x84, 0xce, 0x58, 0x5f, 0xf9, 0xf2, 0x5e,
+        0xbd, 0xda, 0x6c, 0xb6, 0xf0, 0x7a, 0x8f, 0x81,
+        0x12, 0x32, 0x60, 0x7e, 0x72, 0x17, 0xbb, 0x03,
+        0x9b, 0xab, 0xd0, 0xd9, 0x19, 0x34, 0xa8, 0x59,
+        0x40, 0x59, 0xc9, 0x68, 0x77, 0x23, 0xc0, 0x43,
+        0x81, 0xbf, 0xd6, 0x27, 0xa1, 0x05, 0x17, 0xf5,
+        0xf4, 0xbf, 0xc7, 0x77, 0x77, 0xaa, 0x26, 0x71,
+        0xae, 0x12, 0x4f, 0x2b, 0x7a, 0x5f, 0x4d, 0x56,
+        0x14, 0x02, 0x91, 0x97, 0xe6, 0x58, 0x6f, 0xa8,
+        0xc1, 0x7e, 0x0a, 0xd9, 0x07, 0x81, 0xbc, 0x7b,
+        0xb1, 0x9a, 0x77, 0x2d, 0x5a, 0x4e, 0xfe, 0x32,
+        0xca, 0xc8, 0x9b, 0x76, 0xc4, 0x2a, 0x5e, 0xde,
+        0x9b, 0xcc, 0x20, 0xc1, 0x89, 0x8c, 0x08, 0xa5,
+        0xb0, 0xc0, 0x7e, 0x47, 0x8b, 0x1b, 0xbc, 0x22,
+        0x6e, 0xfa, 0xd1, 0x5f, 0x2a, 0xc7, 0x37, 0x51,
+        0x4b, 0x8c, 0x61, 0x49, 0x81, 0x07, 0x79, 0x22,
+        0x24, 0x16, 0x53, 0x7e, 0xd0, 0x0d, 0xae, 0xab,
+        0x17, 0x7e, 0x90, 0x3e, 0xad, 0x6b, 0x4a, 0xc4,
+        0x23, 0x70, 0xaf, 0x1b, 0x1f, 0x50, 0xeb, 0xaf,
+        0xaa, 0x1c, 0x6e, 0x64, 0x7b, 0xba, 0xcc, 0xe7,
+        0x2c, 0x7d, 0x0b, 0x88, 0xae, 0xb0, 0xb0, 0x6f,
+        0xc1, 0xa4, 0x54, 0x57, 0xa9, 0xc1, 0x87, 0x57,
+        0x9b, 0xf1, 0x84, 0x57, 0x9c, 0xc3, 0x51, 0xc4,
+        0x3d, 0xff, 0x94, 0x26, 0x05, 0xaa, 0x56, 0x04,
+        0xfc, 0x85, 0xfc, 0x55, 0x83, 0xf6, 0xf1, 0x49,
+        0x6f, 0xe6, 0x1d, 0x70, 0xd6, 0xcd, 0xe2, 0x32,
+        0x7f, 0xee, 0x71, 0x3d, 0x86, 0xf2, 0x9b, 0x3a,
+        0xfc, 0xbb, 0x54, 0xe9, 0xa9, 0x2a, 0x33, 0xa6,
+        0xc1, 0xea, 0x6f, 0xfa, 0x30, 0x95, 0x66, 0xb0,
+        0x68, 0x62, 0x33, 0xc0, 0xf3, 0xb1, 0xc3, 0x14,
+        0x48, 0x90, 0xe4, 0xf0, 0x82, 0x9a, 0x60, 0x99,
+        0xc5, 0x74, 0x9c, 0xde, 0xc8, 0x43, 0x28, 0xec,
+        0x2c, 0xb6, 0x4a, 0x73, 0x85, 0xa7, 0x61, 0xd6,
+        0x4b, 0x3a, 0x23, 0xc4, 0x89, 0x34, 0x33, 0x43,
+        0xb9, 0x77, 0x23, 0xae, 0x78, 0xc7, 0xd8, 0x05,
+        0x45, 0x8e, 0x16, 0x20, 0xf0, 0x29, 0x28, 0x97,
+        0x69, 0x17, 0x04, 0xcb, 0x76, 0xe3, 0xb0, 0xb2,
+        0x81, 0xa8, 0x3c, 0xf6, 0x44, 0x90, 0x49, 0x8c,
+        0xbc, 0xaf, 0x04, 0x80, 0x24, 0x16, 0xb3, 0x3c,
+        0x56, 0x51, 0x71, 0xd7, 0x72, 0xd3, 0xb9, 0x35,
+        0x40, 0x37, 0x58, 0x76, 0x29, 0xae, 0x14, 0xa5,
+        0xc5, 0x03, 0x1a, 0xc3, 0x66, 0x71, 0xa0, 0xd0,
+        0xc9, 0x1c, 0xc0, 0xb4, 0xcd, 0x69, 0xd8, 0x40,
+        0x2e, 0x33, 0xb9, 0xbc, 0xc2, 0xbb, 0xaf, 0x6b,
+        0x97, 0x1e, 0x30, 0x3f, 0xa1, 0x37, 0xbe, 0x23,
+        0x25, 0x98, 0xa4, 0x99, 0x9b, 0xc0, 0x12, 0x57,
+        0x4c, 0x81, 0x65, 0x1b, 0x38, 0xb3, 0x83, 0x96,
+        0xc1, 0xc3, 0x65, 0x30, 0x3a, 0xd2, 0x5d, 0x49,
+        0xfc, 0x6b, 0x68, 0x99, 0x51, 0xa1, 0xcc, 0x4c,
+        0x60, 0x07, 0x61, 0x30, 0x65, 0x49, 0x5f, 0x97,
+        0x91, 0x0f, 0x97, 0x35, 0xd4, 0xea, 0x4e, 0x44,
+        0x2a, 0xcb, 0x2f, 0xab, 0xae, 0xcf, 0xe1, 0xad,
+        0xef, 0x06, 0x67, 0xba, 0x42, 0x2c, 0x95, 0x4a,
+        0x05, 0xd1, 0xb6, 0x16, 0x7a, 0x26, 0x3e, 0x12,
+        0x75, 0xc6, 0xad, 0xa8, 0x38, 0x59, 0x65, 0x30,
+        0x4b, 0x30, 0x32, 0x40, 0x40, 0x54, 0x2c, 0xf5,
+        0xa4, 0x51, 0xbc, 0xaf, 0xc7, 0x47, 0x88, 0xbe,
+        0x3b, 0x9b, 0x9f, 0xcc, 0x45, 0xd4, 0x79, 0x0e,
+        0x2d, 0x73, 0x35, 0xc6, 0x0a, 0x14, 0xf0, 0xa4,
+        0x9d, 0x13, 0x05, 0x3f, 0x26, 0x26, 0xa6, 0x27,
+        0xca, 0x19, 0x55, 0x3c, 0xb3, 0x36, 0xa2, 0xcb,
+        0x4a, 0x45, 0x5d, 0x8e, 0xf3, 0x98, 0x94, 0x91,
+        0x47, 0x2b, 0xa0, 0x05, 0x1e, 0xf7, 0x41, 0x6e,
+        0x0b, 0xbf, 0x1a, 0x61, 0x08, 0xfa, 0x07, 0xc1,
+        0x61, 0x54, 0x8e, 0x7c, 0x62, 0x33, 0x1a, 0xe5,
+        0xa2, 0xb4, 0xe4, 0xa1, 0x08, 0xa5, 0x10, 0x93,
+        0xd3, 0x15, 0x08, 0x21, 0xa2, 0xfb, 0x54, 0x71,
+        0x70, 0xa1, 0xb7, 0x3c, 0x43, 0xc5, 0x50, 0xc6,
+        0x55, 0x7a, 0x40, 0x48, 0xa5, 0x8a, 0x2c, 0xd7,
+        0x7a, 0x24, 0x42, 0x34, 0xb2, 0x23, 0x51, 0x75,
+        0xa0, 0x89, 0x7d, 0x50, 0x61, 0xb4, 0x61, 0x34,
+        0x82, 0xdc, 0x13, 0x64, 0x14, 0x04, 0x8c, 0x11,
+        0xdb, 0x37, 0xea, 0xe0, 0xa5, 0xdf, 0x87, 0xc1,
+        0x93, 0x14, 0xb0, 0xe8, 0x23, 0x97, 0xa0, 0xd3,
+        0x38, 0xdc, 0x21, 0x53, 0x8a, 0xf3, 0x61, 0x49,
+        0xd9, 0x3f, 0x8b, 0x1a, 0x11, 0xc5, 0x3b, 0xb5,
+        0xde, 0xf8, 0xb7, 0xa2, 0xcc, 0xa3, 0x36, 0x2b,
+        0x7f, 0xe3, 0xa1, 0x40, 0x8a, 0x25, 0x47, 0xe2,
+        0x09, 0x05, 0x8c, 0x67, 0x3a, 0x75, 0x66, 0xc2,
+        0x61, 0x23, 0xa6, 0xd8, 0xb6, 0x92, 0xa5, 0xf3,
+        0x3e, 0xbd, 0xcb, 0x26, 0x24, 0xb7, 0x9d, 0x87,
+        0x7b, 0xce, 0x5f, 0xa1, 0x4e, 0x42, 0xe8, 0x3f,
+        0xaa, 0xd8, 0x2e, 0x99, 0x00, 0x55, 0x3a, 0x3c,
+        0x60, 0x45, 0xca, 0x32, 0x9f, 0xea, 0x4a, 0x50,
+        0x65, 0x58, 0xc4, 0x91, 0xb6, 0xa6, 0x16, 0xc6,
+        0xfd, 0x40, 0x0b, 0x42, 0x13, 0x6f, 0x44, 0xcb,
+        0x0d, 0x02, 0x57, 0x65, 0x08, 0x19, 0x01, 0x8d,
+        0x3c, 0x56, 0x8e, 0xf6, 0xc6, 0x0c, 0x6c, 0x40,
+        0x9e, 0x70, 0xa8, 0x29, 0x28, 0x71, 0x08, 0xc1,
+        0xb6, 0xa4, 0xd3, 0x2f, 0x76, 0xe5, 0xcc, 0x4d,
+        0x10, 0x4b, 0x02, 0x43, 0x8e, 0xf7, 0xa4, 0x67,
+        0x91, 0x23, 0x98, 0xea, 0x9c, 0x7c, 0xbd, 0x99,
+        0x81, 0x58, 0x9a, 0x34, 0x18, 0x97, 0x68, 0x7b,
+        0x51, 0x6a, 0x13, 0x30, 0x7d, 0x66, 0xc0, 0x68,
+        0xc4, 0x44, 0xb4, 0xb9, 0x49, 0xa1, 0x74, 0x12,
+        0x41, 0x33, 0x15, 0xcc, 0xf4, 0x9b, 0x99, 0x98,
+        0x00, 0x34, 0xb5, 0xb8, 0xcf, 0xde, 0xc4, 0xa6,
+        0x0b, 0x9c, 0x1e, 0x74, 0x55, 0xaa, 0xfb, 0xf3,
+        0xa7, 0x57, 0x34, 0x69, 0x90, 0xcc, 0x32, 0xb0,
+        0x59, 0x9b, 0xa2, 0x17, 0xa6, 0xc5, 0xfc, 0x39,
+        0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48,
+        0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0,
+        0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
+        0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4,
+        0x64, 0x60, 0xc3, 0x18, 0x3d, 0x2b, 0xcd, 0x6d,
+        0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
+        0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2,
+        0x3a, 0x3e, 0x8c, 0x33, 0x0d, 0x74, 0x21, 0x59,
+        0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
+        0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75,
+        0x34, 0x99, 0xc0, 0x45, 0x2e, 0x45, 0x38, 0x15,
+        0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
+        0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27,
+        0xb3, 0x8c, 0x67, 0x45, 0xf2, 0x94, 0x40, 0x16,
+        0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
+        0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05,
+        0x0f, 0xfa, 0x8a, 0x06, 0xfa, 0x15, 0x4a, 0x49,
+        0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
+        0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2,
+        0xc4, 0xb6, 0x20, 0x1d, 0xda, 0x80, 0xc9, 0xab,
+        0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
+        0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2,
+        0x69, 0x3f, 0x31, 0x97, 0x39, 0xf4, 0x0c, 0x4f,
+        0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
+        0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5,
+        0x6a, 0xc7, 0x46, 0x80, 0x1a, 0xcc, 0xcc, 0x84,
+        0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
+        0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66,
+        0x50, 0x48, 0x2c, 0x8d, 0x9d, 0x95, 0x87, 0xbc,
+        0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
+        0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0,
+        0x3a, 0x48, 0xd4, 0xb7, 0x44, 0x25, 0xc2, 0x6e,
+        0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
+        0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82,
+        0x17, 0xd8, 0x68, 0xc7, 0xf5, 0x00, 0x2a, 0xbe,
+        0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
+        0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1,
+        0x0e, 0x08, 0xec, 0xcc, 0xed, 0x3c, 0x1f, 0x7d,
+        0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
+        0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98,
+        0x70, 0x58, 0x5c, 0x39, 0xd5, 0x58, 0x9a, 0x50,
+        0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
+        0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8,
+        0x1b, 0x63, 0x37, 0xb5, 0x7d, 0xa3, 0xc3, 0x76,
+        0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
+        0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71,
+        0x89, 0x6f, 0xf5, 0x89, 0xd4, 0xb8, 0x93, 0xe7,
+        0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
+        0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c,
+        0x74, 0x69, 0x80, 0xc1, 0x2a, 0xa6, 0xb9, 0x5e,
+        0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
+        0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47,
+        0x31, 0x23, 0x82, 0xca, 0x36, 0x5c, 0x5f, 0x35,
+        0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
+        0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c,
+        0x1e, 0x8a, 0x17, 0x6b, 0x79, 0x49, 0x95, 0x8f,
+        0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
+        0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39,
+        0xc8, 0x26, 0xcb, 0x50, 0x82, 0x08, 0x60, 0x77,
+        0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
+        0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30,
+        0x9b, 0x14, 0xb0, 0x86, 0xd6, 0xe9, 0x23, 0xc5,
+        0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
+        0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7,
+        0x2c, 0x9f, 0xda, 0x1c, 0xb3, 0xfb, 0x9b, 0xa0,
+        0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
+        0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56,
+        0x47, 0x8a, 0xc0, 0x44, 0xef, 0x34, 0x56, 0x37,
+        0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
+        0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08,
+        0x05, 0xd2, 0xd3, 0x2f, 0xfc, 0x62, 0xbf, 0x0c,
+        0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
+        0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00,
+        0x62, 0x58, 0x38, 0x65, 0x38, 0x1c, 0x74, 0xdd,
+        0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
+        0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25,
+        0x52, 0xa8, 0xf4, 0xb7, 0x88, 0xb4, 0xaf, 0xd1,
+        0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
+        0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94,
+        0x9a, 0x75, 0x58, 0x0d, 0x04, 0x96, 0x39, 0x85,
+        0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
+        0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56,
+        0xa5, 0xd6, 0x7c, 0x7e, 0xb5, 0x24, 0x10, 0xeb,
+        0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
+        0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26,
+        0x93, 0x8d, 0x34, 0x94, 0x3c, 0x38, 0x08, 0xc7,
+        0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
+        0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3,
+        0x34, 0x0b, 0xaa, 0x8d, 0x2e, 0x65, 0x34, 0x4f,
+        0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
+        0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93,
+        0x27, 0xf9, 0x18, 0x9f, 0x7e, 0x10, 0x85, 0x6b,
+        0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
+        0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7,
+        0x18, 0x50, 0xb2, 0x2e, 0x04, 0x59, 0x28, 0x27,
+        0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
+        0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76,
+        0x2d, 0xc5, 0xf2, 0x0b, 0xd5, 0xd2, 0xab, 0x5b,
+        0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
+        0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a,
+        0x0d, 0x80, 0x23, 0xbe, 0xd1, 0xf5, 0xca, 0xe8,
+        0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
+        0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b,
+        0x6a, 0xa0, 0x48, 0x98, 0x92, 0x33, 0x07, 0x9a,
+        0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
+        0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53,
+        0x75, 0x36, 0xe4, 0x6f, 0x3a, 0x6a, 0x97, 0xe7,
+        0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
+        0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87,
+        0x1f, 0x5e, 0xf9, 0xb4, 0x35, 0x50, 0x73, 0xb5,
+        0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
+        0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13,
+        0xb3, 0x55, 0x07, 0xb0, 0xdf, 0x57, 0x8c, 0xe2,
+        0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
+        0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c,
+        0xaf, 0x92, 0xf6, 0x9a, 0x75, 0x16, 0x14, 0x06,
+        0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
+        0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4,
+        0x9a, 0x81, 0x66, 0x1a, 0xa6, 0x5a, 0xc0, 0x9b,
+        0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
+        0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2,
+        0xbf, 0x0f, 0x84, 0x24, 0xa1, 0x9b, 0x74, 0x08,
+        0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
+        0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12,
+        0x98, 0x61, 0x1a, 0x7f, 0x5f, 0x60, 0x92, 0x2b,
+        0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
+        0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31,
+        0x8b, 0x50, 0x77, 0x33, 0x45, 0xc9, 0x97, 0x46,
+        0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
+        0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5,
+        0x09, 0x8b, 0xd4, 0x89, 0xd6, 0x96, 0xa0, 0xf7,
+        0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
+        0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04,
+        0x72, 0x05, 0x63, 0x32, 0x12, 0x31, 0x0e, 0xe9,
+        0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
+        0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07,
+        0x2e, 0xab, 0xe2, 0x37, 0x31, 0xe3, 0x4a, 0xf7,
+        0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
+        0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b,
+        0xc8, 0x37, 0x57, 0x84, 0x47, 0xaa, 0xcf, 0xae,
+        0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
+        0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6,
+        0x99, 0x77, 0x98, 0x50, 0x29, 0x5c, 0xa7, 0x2d,
+        0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
+        0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5,
+        0x08, 0x17, 0xba, 0x25, 0x5c, 0x74, 0x74, 0xc9,
+        0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
+        0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26,
+        0x5c, 0x04, 0x83, 0xa6, 0x5c, 0xa4, 0x51, 0x4e,
+        0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
+        0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb,
+        0xb2, 0x10, 0x35, 0x3e, 0xfa, 0x1a, 0xa8, 0x66,
+        0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
+        0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76,
+        0x5f, 0xf6, 0x0b, 0x3b, 0x80, 0x19, 0x84, 0xa9,
+        0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
+        0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5,
+        0x82, 0x58, 0xb4, 0xaf, 0x71, 0x22, 0x1c, 0xd1,
+        0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
+        0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc,
+        0xca, 0x70, 0x29, 0xa2, 0x30, 0xd6, 0x39, 0xdc,
+        0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
+        0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7,
+        0xbb, 0x10, 0xe3, 0x03, 0x01, 0xa6, 0x5c, 0xae,
+        0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
+        0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4,
+        0xa0, 0x6c, 0x81, 0x66, 0xd0, 0xb0, 0xb8, 0x12,
+        0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
+        0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c,
+        0x68, 0x53, 0x68, 0x55, 0x23, 0x43, 0xbb, 0x60,
+        0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
+        0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74,
+        0xba, 0x0a, 0x55, 0x1e, 0x18, 0x46, 0x20, 0xfe,
+        0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
+        0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6,
+        0x71, 0xa1, 0x53, 0x76, 0xe5, 0xa6, 0x74, 0x7a,
+        0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
+        0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37,
+        0x78, 0x70, 0xa6, 0x0a, 0x7a, 0x18, 0x96, 0x83,
+        0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
+        0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05,
+        0xc4, 0x2d, 0xd2, 0x86, 0x33, 0x56, 0x94, 0x72,
+        0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
+        0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4,
+        0x6f, 0xa7, 0x22, 0x44, 0x61, 0xa5, 0xcc, 0x27,
+        0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
+        0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8,
+        0xce, 0x91, 0xc1, 0x34, 0xa6, 0x38, 0x6f, 0x86,
+        0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
+        0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b,
+        0x53, 0xd2, 0x29, 0x3d, 0xf3, 0xe9, 0xa8, 0x22,
+        0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
+        0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e,
+        0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38,
+        0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
+        0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb,
+        0xeb, 0xbe, 0x41, 0xcd, 0x4d, 0xea, 0x48, 0x9d,
+        0xed, 0xd0, 0x0e, 0x76, 0xae, 0x0b, 0xcf, 0x54,
+        0xaa, 0x85, 0x50, 0x20, 0x29, 0x20, 0xeb, 0x64,
+        0xd5, 0x89, 0x2a, 0xd0, 0x2b, 0x13, 0xf2, 0xe5,
+        0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
+        0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
+        0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
+        0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
+#endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = {
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1,
         0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1,
         0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE,
@@ -39932,215 +41609,215 @@ static wc_test_ret_t kyber1024_kat(void)
         0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7,
         0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13
 #else
-        0xb1, 0x56, 0x96, 0xac, 0xab, 0xf3, 0xf5, 0xc7,
-        0x1c, 0x09, 0x60, 0x5d, 0xf3, 0x50, 0xf9, 0x8e,
-        0xf9, 0x89, 0x74, 0x74, 0xf2, 0x41, 0xc7, 0xf7,
-        0xd1, 0x6f, 0x7a, 0x69, 0x60, 0x43, 0x58, 0x50,
-        0x84, 0x58, 0x91, 0x6d, 0x2c, 0x85, 0x52, 0xc7,
-        0x04, 0xcb, 0x6e, 0x0d, 0xa4, 0x30, 0x5a, 0x11,
-        0x72, 0x0a, 0x2b, 0x59, 0xa6, 0xd8, 0x19, 0x0f,
-        0xc3, 0xe3, 0x89, 0xe6, 0x55, 0x1e, 0x7c, 0x59,
-        0x57, 0x8f, 0xe2, 0xb0, 0x5d, 0x75, 0x91, 0xba,
-        0xb3, 0x26, 0xd8, 0x94, 0xe2, 0x36, 0x56, 0xc6,
-        0xb5, 0xfe, 0x4b, 0x7a, 0xbd, 0x65, 0x05, 0xa8,
-        0xc2, 0x6d, 0x1d, 0xf8, 0xb4, 0x4a, 0x0e, 0xd5,
-        0x3a, 0xff, 0xff, 0x9a, 0x58, 0x5f, 0xce, 0x86,
-        0xda, 0x3b, 0x3f, 0xf2, 0x2b, 0x1f, 0xda, 0xe2,
-        0xf6, 0xd2, 0x55, 0xc2, 0x65, 0x35, 0xf6, 0x16,
-        0x94, 0xd5, 0x04, 0x71, 0xf1, 0xd8, 0x4d, 0x17,
-        0x67, 0x3e, 0x48, 0x1f, 0x4e, 0x82, 0x4c, 0x82,
-        0x81, 0x0c, 0xe8, 0xf2, 0xec, 0xc9, 0xbb, 0x3f,
-        0x5f, 0x07, 0xbf, 0x14, 0x30, 0xe7, 0xbf, 0xd9,
-        0x9f, 0xb9, 0x8f, 0x3d, 0x2f, 0x94, 0x1e, 0xdf,
-        0x64, 0x2d, 0x7b, 0x9e, 0x73, 0xbc, 0x15, 0x95,
-        0xa0, 0x4c, 0xd9, 0x49, 0xfa, 0x76, 0x64, 0x68,
-        0x48, 0x9f, 0x40, 0x2f, 0x92, 0x32, 0x5f, 0x6d,
-        0x9e, 0xc5, 0xd6, 0x96, 0xe0, 0xfa, 0xc2, 0xc6,
-        0xa3, 0x79, 0x83, 0xa6, 0x45, 0x13, 0x84, 0xce,
-        0x9d, 0x9d, 0xe4, 0x48, 0xf1, 0x58, 0x74, 0xe5,
-        0x30, 0x94, 0x3e, 0x8e, 0x0f, 0xe2, 0x99, 0x60,
-        0x58, 0x7a, 0x89, 0xb8, 0x05, 0x2c, 0x9d, 0x0e,
-        0x6b, 0x0e, 0xa5, 0xdb, 0xb7, 0x34, 0xd2, 0xa9,
-        0xc0, 0x5c, 0xbb, 0x6d, 0x0c, 0x79, 0xf4, 0xa5,
-        0x7d, 0xb5, 0xaf, 0xde, 0xd6, 0xa7, 0xdf, 0x0e,
-        0xcf, 0x47, 0xb7, 0xa3, 0x1d, 0xea, 0xf3, 0x7d,
-        0xfa, 0x1d, 0xc8, 0x97, 0x22, 0xa4, 0x7b, 0x40,
-        0xb4, 0xa5, 0x0c, 0x7a, 0x2f, 0x32, 0xe8, 0xab,
-        0x3d, 0xa9, 0x73, 0xaa, 0x68, 0x3c, 0x0a, 0x69,
-        0x82, 0x94, 0xca, 0x3a, 0x04, 0x54, 0x83, 0x17,
-        0x5d, 0x87, 0x78, 0x6b, 0x47, 0xf7, 0x8a, 0xb0,
-        0x29, 0x5b, 0x82, 0x67, 0xed, 0xfe, 0xed, 0xa4,
-        0x42, 0xc3, 0x51, 0xa3, 0x8e, 0x95, 0xcf, 0x43,
-        0xb0, 0x83, 0x42, 0xc6, 0x7d, 0x0b, 0xc5, 0xdd,
-        0x59, 0x74, 0xf6, 0xc5, 0xc0, 0x03, 0xea, 0x31,
-        0xb5, 0x80, 0x4a, 0x31, 0x1c, 0x29, 0xeb, 0xa1,
-        0x7b, 0xdb, 0x54, 0x7a, 0x62, 0x9e, 0xc8, 0x39,
-        0x74, 0x04, 0x3b, 0xd0, 0x3a, 0x37, 0xd0, 0xec,
-        0x7f, 0xf3, 0x9d, 0xe1, 0xdf, 0xb8, 0xe6, 0x32,
-        0xa8, 0x6b, 0x26, 0x02, 0x1e, 0x75, 0x3e, 0x7d,
-        0xc7, 0x31, 0xbc, 0x4e, 0xd7, 0xe7, 0xfe, 0xce,
-        0x78, 0xb0, 0x7d, 0xff, 0x5e, 0x87, 0x75, 0xb2,
-        0x22, 0x3e, 0x19, 0xdf, 0xb3, 0xa0, 0x6a, 0x18,
-        0x65, 0xed, 0x4f, 0x08, 0xa8, 0x45, 0x44, 0x49,
-        0x25, 0x04, 0xf2, 0x96, 0x2e, 0x00, 0x5f, 0xde,
-        0x5d, 0xe6, 0xe4, 0xff, 0x48, 0x99, 0x4d, 0x4f,
-        0xf8, 0x11, 0xce, 0x31, 0xe3, 0x90, 0x98, 0x03,
-        0xc3, 0x53, 0x4c, 0x1c, 0x6c, 0x6d, 0xdc, 0x9e,
-        0x1a, 0x43, 0xc8, 0x45, 0xe7, 0xe7, 0xe2, 0xa1,
-        0x08, 0x11, 0x86, 0xbe, 0xde, 0x4b, 0x5b, 0xcf,
-        0x1b, 0x80, 0xb1, 0x3d, 0x21, 0x8a, 0x4a, 0xb4,
-        0x46, 0xf4, 0x79, 0xe3, 0x8c, 0x1d, 0xe4, 0xa5,
-        0x94, 0xe0, 0xf2, 0x0c, 0xdc, 0x23, 0xa9, 0xea,
-        0x58, 0x77, 0x8c, 0xb2, 0xfb, 0x10, 0x4f, 0x1d,
-        0xc9, 0x1b, 0xa5, 0xc1, 0x7e, 0x74, 0x00, 0x4c,
-        0x43, 0x0a, 0xab, 0x1a, 0x3d, 0x16, 0x79, 0xda,
-        0xeb, 0x50, 0x82, 0xe5, 0x17, 0xaf, 0x6a, 0x4e,
-        0x28, 0xf5, 0x64, 0x44, 0x1b, 0x73, 0x23, 0x5d,
-        0x08, 0x4a, 0x58, 0x31, 0xcb, 0xb3, 0x94, 0xce,
-        0xcd, 0x99, 0x7f, 0xe0, 0x8b, 0x1b, 0x4a, 0xa9,
-        0x95, 0xbd, 0xd9, 0x72, 0x6c, 0x04, 0x61, 0x58,
-        0x59, 0xff, 0xfd, 0x1c, 0x99, 0x06, 0xfb, 0x2d,
-        0x04, 0x01, 0xed, 0x6f, 0x59, 0x1e, 0x13, 0xc6,
-        0xe7, 0x9e, 0xc5, 0xe8, 0x62, 0x07, 0x9e, 0x6d,
-        0xfd, 0x3c, 0xa6, 0x88, 0xfa, 0x5a, 0xc7, 0xf8,
-        0xd2, 0x79, 0x07, 0x53, 0x05, 0x49, 0xac, 0x71,
-        0xfd, 0xeb, 0x5f, 0x86, 0x9d, 0x2a, 0x9b, 0x23,
-        0x5a, 0x0e, 0x54, 0xb3, 0xb8, 0x66, 0x02, 0x1d,
-        0x6b, 0x5c, 0x98, 0xd1, 0xc6, 0xc0, 0xc0, 0x04,
-        0x89, 0x99, 0x5e, 0x3c, 0x34, 0x96, 0xb6, 0x9c,
-        0x76, 0x33, 0x8a, 0xc4, 0x22, 0xc9, 0xf9, 0x41,
-        0x58, 0xed, 0x5c, 0xf9, 0xcc, 0x6b, 0xe9, 0x38,
-        0x46, 0x03, 0x4d, 0x4b, 0xa5, 0x33, 0xa3, 0x42,
-        0x2c, 0x29, 0xd6, 0x75, 0x40, 0x5a, 0xe8, 0x53,
-        0xb8, 0x49, 0x7d, 0xc9, 0x12, 0xf4, 0xa8, 0x35,
-        0x00, 0xc8, 0x9d, 0xb7, 0x6b, 0xcd, 0xd7, 0x04,
-        0x6d, 0x98, 0x32, 0xfa, 0x3d, 0x2b, 0xf3, 0xd0,
-        0x24, 0x65, 0xeb, 0xb4, 0x16, 0x80, 0x35, 0x11,
-        0x8f, 0x08, 0x7d, 0xdd, 0x47, 0x64, 0x3d, 0x2d,
-        0xb7, 0x1f, 0x47, 0x41, 0x9a, 0xed, 0x97, 0x3e,
-        0xc4, 0x38, 0x48, 0x66, 0xd4, 0x5e, 0x1d, 0xf2,
-        0x16, 0xed, 0xa5, 0xbf, 0x61, 0x33, 0xf8, 0x4a,
-        0x32, 0x8c, 0x11, 0x29, 0x62, 0x1e, 0xc1, 0x50,
-        0x1f, 0xc4, 0x6f, 0xe3, 0xed, 0xa4, 0x60, 0x68,
-        0x0b, 0x39, 0x7a, 0x42, 0xa4, 0x36, 0x8e, 0xb3,
-        0xdc, 0x88, 0x45, 0x1b, 0x2b, 0x61, 0x6e, 0xec,
-        0x5f, 0x1e, 0xc0, 0x5e, 0x5b, 0xd2, 0x08, 0x4b,
-        0x49, 0x45, 0xd2, 0x0e, 0xa8, 0x63, 0x0d, 0x81,
-        0x49, 0x2c, 0x78, 0xcf, 0x06, 0xa7, 0x8e, 0xc5,
-        0x08, 0xa0, 0xc5, 0x71, 0x3b, 0x48, 0x60, 0x21,
-        0x64, 0x32, 0x66, 0xa6, 0x0d, 0x99, 0x74, 0x46,
-        0x78, 0xe5, 0x98, 0xb1, 0x52, 0xcf, 0x18, 0x29,
-        0x89, 0x7a, 0xf7, 0x20, 0xc1, 0x8e, 0xb6, 0x89,
-        0x3d, 0x8b, 0x1f, 0x81, 0xc8, 0xbb, 0xc5, 0x5c,
-        0x80, 0x47, 0x39, 0x1a, 0x90, 0x51, 0xa6, 0xd0,
-        0xd6, 0x54, 0x71, 0x89, 0x1a, 0xc2, 0xdf, 0xd8,
-        0xac, 0x98, 0x4a, 0xa7, 0xaf, 0xf3, 0x97, 0x44,
-        0x92, 0xb7, 0x51, 0xfd, 0xc5, 0xde, 0xa1, 0x39,
-        0x68, 0x86, 0xe8, 0xc9, 0x4b, 0x94, 0x48, 0xe1,
-        0xee, 0x63, 0x3f, 0x6c, 0x21, 0x43, 0x55, 0x2e,
-        0xb8, 0x49, 0xc6, 0xd7, 0xe7, 0x2b, 0x6a, 0x7c,
-        0x81, 0x21, 0x46, 0x15, 0x44, 0x51, 0x5e, 0x34,
-        0x6d, 0x69, 0x97, 0x31, 0x11, 0xc9, 0x24, 0xac,
-        0xda, 0x06, 0x47, 0x0b, 0x5d, 0xf2, 0x32, 0x0e,
-        0x06, 0xb8, 0xf1, 0xaf, 0xf4, 0x13, 0xf9, 0xe8,
-        0x88, 0x43, 0x6c, 0x31, 0x37, 0x80, 0x25, 0xbe,
-        0x66, 0x72, 0x6a, 0x0b, 0xa5, 0x59, 0x17, 0x7b,
-        0x11, 0x37, 0xc4, 0x31, 0xcc, 0xe1, 0xa6, 0xfb,
-        0x00, 0xde, 0x36, 0xc6, 0xaf, 0xce, 0x92, 0xf1,
-        0x1b, 0xc7, 0x5a, 0x88, 0x5f, 0xbb, 0xd9, 0xb1,
-        0x08, 0xe6, 0xea, 0xd4, 0x3f, 0xee, 0x47, 0xda,
-        0x31, 0x12, 0x30, 0xf9, 0x22, 0xba, 0xb9, 0x3a,
-        0x76, 0x77, 0x71, 0x1e, 0x97, 0xea, 0x41, 0x29,
-        0x80, 0x2c, 0x5d, 0xff, 0x20, 0xd0, 0xd9, 0xdb,
-        0x97, 0xf8, 0x82, 0xc6, 0x33, 0x79, 0xfc, 0x27,
-        0xd0, 0x8a, 0x6f, 0xec, 0xc2, 0x88, 0xcc, 0x06,
-        0xe2, 0x57, 0x65, 0x4b, 0x38, 0x8e, 0x50, 0x18,
-        0x80, 0x1f, 0xf1, 0x9b, 0xac, 0x2c, 0x94, 0x87,
-        0xa5, 0xf4, 0x7e, 0x07, 0x31, 0x01, 0xdd, 0x37,
-        0xb1, 0x0d, 0x43, 0xc9, 0x35, 0x11, 0x9b, 0x6f,
-        0x70, 0xed, 0xdf, 0x9b, 0xa5, 0x14, 0x9e, 0xd6,
-        0x4e, 0x8c, 0x12, 0x9d, 0x97, 0x8c, 0xbf, 0x2c,
-        0x1a, 0x30, 0x6f, 0x83, 0xa6, 0x34, 0x7b, 0xfc,
-        0x44, 0x5e, 0x8f, 0xd6, 0x45, 0xab, 0x0e, 0x4b,
-        0x2a, 0x93, 0x93, 0x28, 0xcb, 0x55, 0xa7, 0x95,
-        0x1a, 0x3a, 0x93, 0x8a, 0x06, 0xae, 0xd2, 0x4e,
-        0xf3, 0x25, 0x62, 0x14, 0x9c, 0x8b, 0x7f, 0x2d,
-        0xad, 0xd7, 0x5d, 0x2d, 0xb3, 0x78, 0x2b, 0x64,
-        0xf4, 0xcb, 0x1f, 0x56, 0xa0, 0x94, 0x52, 0x77,
-        0xc9, 0xc5, 0xe1, 0x60, 0x5a, 0x0c, 0x0e, 0xb6,
-        0x5d, 0x7f, 0xe3, 0x42, 0x1c, 0x90, 0x87, 0x4b,
-        0xb9, 0xcc, 0xb9, 0x45, 0xea, 0x74, 0xc9, 0x97,
-        0xec, 0xa7, 0x3c, 0x94, 0x05, 0x9b, 0x77, 0xc7,
-        0xc3, 0xf0, 0x8d, 0xd6, 0xe5, 0xe4, 0x94, 0xe3,
-        0xf2, 0x33, 0x99, 0xf2, 0xfc, 0xe0, 0x56, 0xe9,
-        0xf1, 0x30, 0xfe, 0xb6, 0xce, 0xcb, 0xb3, 0xe8,
-        0xde, 0xce, 0x49, 0xe5, 0x67, 0x37, 0x57, 0x51,
-        0x57, 0x42, 0x09, 0x4a, 0xc3, 0x82, 0x56, 0x38,
-        0x57, 0xb5, 0xd4, 0x12, 0xd7, 0x19, 0x1c, 0xdc,
-        0x5d, 0xe0, 0x68, 0x1c, 0x72, 0xc5, 0xda, 0xf8,
-        0x33, 0xbe, 0xed, 0xcd, 0x88, 0xe4, 0x01, 0x23,
-        0xa6, 0x17, 0xd2, 0xbd, 0x0d, 0x75, 0x95, 0x91,
-        0x6a, 0x68, 0x94, 0xb9, 0x26, 0x3b, 0x6e, 0xb9,
-        0x1e, 0x23, 0x80, 0x15, 0x4e, 0x0c, 0xfc, 0x52,
-        0x78, 0x42, 0x58, 0xcf, 0x73, 0x20, 0xc4, 0xf0,
-        0x2e, 0xad, 0x0b, 0x44, 0x71, 0xea, 0x0d, 0xd0,
-        0xab, 0xeb, 0x5e, 0x63, 0x62, 0x8f, 0x48, 0x36,
-        0xa2, 0x3d, 0xb2, 0x69, 0xce, 0xe0, 0x9e, 0x46,
-        0xf3, 0x5b, 0x9d, 0xe8, 0x7e, 0xcb, 0x04, 0x22,
-        0xad, 0x8e, 0xc6, 0xcb, 0x60, 0xb7, 0x17, 0xee,
-        0xc2, 0x12, 0x16, 0xf0, 0xb7, 0x91, 0xc8, 0x52,
-        0xa9, 0xf8, 0xa4, 0xc2, 0x61, 0x67, 0xd7, 0x35,
-        0x0e, 0x17, 0xfa, 0x3e, 0xc7, 0x45, 0xb4, 0x63,
-        0x11, 0xa6, 0x71, 0xcb, 0x8d, 0x7f, 0x14, 0x88,
-        0x5f, 0xf0, 0x1b, 0xab, 0x0e, 0xf4, 0x69, 0xd0,
-        0x85, 0x0f, 0xe8, 0x07, 0xe7, 0x0d, 0x36, 0xa4,
-        0xb7, 0x36, 0xb2, 0xc3, 0x2c, 0x67, 0x62, 0x58,
-        0xae, 0x7d, 0x55, 0x3d, 0xca, 0xb8, 0xad, 0xe6,
-        0x36, 0x8a, 0xa2, 0x31, 0x79, 0x77, 0x8a, 0xdd,
-        0x21, 0x4d, 0xd9, 0x15, 0x4f, 0x51, 0x0f, 0x50,
-        0xe5, 0x56, 0x0c, 0x65, 0xfc, 0xec, 0x35, 0xe8,
-        0x78, 0x82, 0x53, 0x0e, 0xdc, 0x65, 0xbe, 0xe6,
-        0x6b, 0x25, 0xa5, 0x35, 0xda, 0x21, 0x46, 0xe1,
-        0x4f, 0x83, 0x90, 0xbc, 0xf5, 0x79, 0xc3, 0x37,
-        0xba, 0xd9, 0x74, 0x57, 0x5d, 0x5f, 0x09, 0xa8,
-        0x76, 0x88, 0x83, 0xf9, 0x39, 0x3a, 0x14, 0x41,
-        0x71, 0xfe, 0xb3, 0xfc, 0x66, 0x3e, 0xee, 0xf1,
-        0x38, 0xb2, 0x1b, 0xd5, 0x57, 0xab, 0xbb, 0xad,
-        0x2c, 0x02, 0x24, 0x34, 0x1f, 0xab, 0xfb, 0x6c,
-        0x6f, 0xde, 0xa6, 0xf3, 0xc2, 0x65, 0xe5, 0xd8,
-        0xaf, 0x16, 0x9a, 0x96, 0x4a, 0x7a, 0x86, 0xa1,
-        0xa0, 0xe2, 0x22, 0xdd, 0x63, 0x71, 0x38, 0x20,
-        0x79, 0xf8, 0x38, 0x23, 0x4a, 0xea, 0x8f, 0xf6,
-        0xe2, 0xb8, 0x94, 0xe0, 0x4a, 0x9a, 0x34, 0xcf,
-        0xac, 0xab, 0x81, 0xb0, 0x70, 0x4b, 0x14, 0xd7,
-        0xd1, 0x09, 0x94, 0x9c, 0x68, 0x64, 0x4c, 0x01,
-        0x5b, 0xc2, 0xf2, 0x6a, 0x9c, 0x29, 0x42, 0x87,
-        0xec, 0xf1, 0x52, 0xd8, 0x46, 0xf9, 0x14, 0xc0,
-        0x74, 0x5c, 0xeb, 0x7e, 0xc3, 0xd3, 0x6a, 0xd9,
-        0xd7, 0x23, 0xc1, 0x5f, 0x89, 0xe2, 0xd8, 0xfe,
-        0x2c, 0x18, 0xe1, 0x11, 0x80, 0xd0, 0x70, 0x9d,
-        0x70, 0x02, 0xa5, 0x0f, 0x87, 0xd1, 0xc7, 0x3d,
-        0xbb, 0x61, 0x6f, 0xd8, 0xde, 0x30, 0x33, 0x9d,
-        0x83, 0xda, 0x5a, 0x8e, 0xd5, 0x03, 0x21, 0xcc,
-        0x12, 0xf9, 0x4d, 0xff, 0x84, 0xd9, 0xe5, 0x44,
-        0xf1, 0x7e, 0xc3, 0x4a, 0x60, 0xeb, 0x41, 0x4b,
-        0x28, 0x78, 0xcc, 0x1a, 0x05, 0xc2, 0x64, 0xa0,
-        0x66, 0xdd, 0xd3, 0x7f, 0x0c, 0x50, 0x4f, 0x0e,
-        0x6c, 0xcd, 0x0f, 0x31, 0x1e, 0xb5, 0x21, 0x2d,
-        0xe3, 0x2e, 0x9d, 0x65, 0x51, 0x25, 0xe4, 0xf4
+        0xc9, 0xbe, 0xad, 0x6b, 0x0c, 0x11, 0x14, 0x38,
+        0x9b, 0xd4, 0x76, 0x1c, 0x73, 0xab, 0x90, 0x95,
+        0xb5, 0x80, 0x9d, 0xaa, 0xc9, 0xf6, 0x59, 0xbb,
+        0x56, 0x4a, 0xf2, 0x26, 0x17, 0x30, 0x52, 0xa4,
+        0xa3, 0xe7, 0xf2, 0xe5, 0xfd, 0x47, 0xd2, 0xb0,
+        0x2a, 0xae, 0xb5, 0x18, 0x9e, 0x06, 0xb9, 0xf4,
+        0xae, 0x98, 0xb6, 0x19, 0xcb, 0x63, 0xef, 0xbd,
+        0xf3, 0x98, 0x9a, 0x94, 0xb3, 0x6e, 0x8e, 0xa0,
+        0xd7, 0x00, 0x63, 0x3b, 0x95, 0x0a, 0x0a, 0xe2,
+        0xa7, 0x8e, 0xd9, 0x2e, 0x85, 0xc8, 0x5c, 0x70,
+        0xe1, 0x3e, 0x62, 0x6f, 0xb2, 0x63, 0xfa, 0xc9,
+        0x68, 0x15, 0x21, 0xc3, 0xab, 0x22, 0xfd, 0xab,
+        0x29, 0x17, 0x3c, 0x96, 0x16, 0xa2, 0xb0, 0x37,
+        0x08, 0x3f, 0xf7, 0xb2, 0xe0, 0x19, 0xb5, 0xbc,
+        0xde, 0x06, 0x8f, 0xac, 0x25, 0x7e, 0xf8, 0xf1,
+        0x27, 0x98, 0x41, 0x16, 0x93, 0xc1, 0xbd, 0xcc,
+        0x65, 0x42, 0x09, 0x97, 0xa5, 0x13, 0xa8, 0xa6,
+        0x95, 0x02, 0x62, 0x0b, 0xe8, 0xe4, 0xce, 0x73,
+        0x62, 0xe4, 0x12, 0xa7, 0x6c, 0xf5, 0x1c, 0x1f,
+        0x24, 0x33, 0xf1, 0xab, 0x64, 0xce, 0x0e, 0x5d,
+        0x2f, 0x56, 0xd7, 0xc9, 0xad, 0xe9, 0x94, 0xd0,
+        0xe3, 0x5d, 0x0a, 0xee, 0xf3, 0xac, 0x51, 0x5b,
+        0x48, 0x24, 0x37, 0x66, 0x4d, 0x8c, 0x1d, 0x25,
+        0xe5, 0xa5, 0x50, 0x7c, 0xf8, 0x0f, 0x97, 0x0d,
+        0x3e, 0xa7, 0x22, 0x6a, 0xac, 0xdc, 0x45, 0x7c,
+        0xbf, 0x88, 0xa0, 0x56, 0x0a, 0xa3, 0x5b, 0xb2,
+        0xc5, 0xc4, 0x55, 0x86, 0x7e, 0x21, 0x59, 0x91,
+        0x0a, 0x35, 0x81, 0x0b, 0xef, 0xe3, 0xaa, 0x10,
+        0xeb, 0x04, 0xd8, 0xd5, 0x71, 0x47, 0xcb, 0x8f,
+        0x66, 0xd2, 0xb0, 0x70, 0xba, 0xc4, 0x3d, 0x1f,
+        0x1f, 0xfd, 0xd5, 0x7a, 0x93, 0x99, 0x95, 0x1f,
+        0x64, 0x96, 0x57, 0x27, 0xbc, 0xb9, 0xf6, 0x6a,
+        0xd4, 0x23, 0x09, 0xda, 0xfc, 0x79, 0x9c, 0x1c,
+        0x54, 0x0a, 0xf1, 0xaf, 0x93, 0xef, 0xf6, 0x8a,
+        0x86, 0xd6, 0x1f, 0x51, 0x15, 0xdb, 0x66, 0x2d,
+        0xee, 0x7a, 0xc9, 0xa3, 0x62, 0x67, 0x77, 0x62,
+        0xb6, 0xa1, 0x64, 0xa0, 0xfa, 0x0a, 0x4d, 0x85,
+        0x9e, 0x4b, 0x8c, 0x8d, 0xbd, 0xb4, 0xe1, 0x83,
+        0xf5, 0xe6, 0x80, 0x8f, 0xc5, 0x22, 0x29, 0x65,
+        0x0c, 0xaf, 0x7c, 0xf3, 0xe1, 0x6d, 0xe3, 0xd8,
+        0x95, 0xd1, 0x48, 0xc3, 0x54, 0x48, 0xab, 0x8c,
+        0x27, 0x53, 0xc9, 0x83, 0x1b, 0x24, 0xbd, 0x49,
+        0x21, 0x49, 0x7e, 0xaa, 0x19, 0x25, 0x65, 0xca,
+        0xbf, 0xd8, 0x3c, 0x0c, 0x68, 0xdf, 0xe7, 0xd3,
+        0x92, 0xab, 0xf5, 0xe5, 0xe6, 0xf8, 0x4b, 0xb9,
+        0xf5, 0xaf, 0x4b, 0x71, 0x18, 0xc0, 0xb5, 0x58,
+        0x10, 0x5f, 0x9c, 0x10, 0xc9, 0xb6, 0xd7, 0x06,
+        0x82, 0xe1, 0xde, 0x6e, 0x06, 0x89, 0xd7, 0x10,
+        0x6a, 0x63, 0x74, 0xbd, 0x34, 0xae, 0xd7, 0x22,
+        0x9e, 0x6c, 0xb3, 0x56, 0xf2, 0xea, 0x65, 0xe6,
+        0x80, 0xce, 0x7b, 0x1e, 0x2c, 0x37, 0x04, 0xe1,
+        0x16, 0xa3, 0x85, 0x42, 0x82, 0x6e, 0x8a, 0x00,
+        0x11, 0x41, 0xba, 0xf2, 0xe3, 0x4d, 0xe3, 0x7a,
+        0x03, 0x04, 0x09, 0x86, 0xd4, 0xc0, 0xcd, 0x5d,
+        0x57, 0xf0, 0x70, 0x1c, 0xe9, 0x30, 0x98, 0x6f,
+        0xd9, 0x52, 0x5b, 0x58, 0xe2, 0xe5, 0x9f, 0x45,
+        0xb8, 0xdd, 0x04, 0xc0, 0xf3, 0x5b, 0x0f, 0x47,
+        0x97, 0x0c, 0xc6, 0x70, 0x79, 0x61, 0x8e, 0xb9,
+        0xe6, 0xd9, 0x1e, 0x9b, 0x0f, 0x8c, 0x6d, 0x2e,
+        0x16, 0x5c, 0xf4, 0x48, 0xa2, 0xc1, 0xeb, 0xf7,
+        0x1b, 0x65, 0x37, 0xe0, 0xf3, 0x75, 0x18, 0x5d,
+        0xfa, 0xfe, 0xf6, 0x98, 0xb6, 0x23, 0x9b, 0xb3,
+        0x55, 0x80, 0xb3, 0x15, 0xbc, 0xb5, 0xed, 0x40,
+        0x8c, 0x35, 0x7f, 0x19, 0x2d, 0xef, 0x89, 0xbc,
+        0x1b, 0x75, 0xcd, 0xd6, 0xaa, 0xe8, 0xb5, 0xfa,
+        0xf0, 0xc3, 0xe1, 0x38, 0x03, 0xf6, 0xbd, 0xfa,
+        0x76, 0xfb, 0x40, 0x7f, 0xcb, 0xda, 0x79, 0x0c,
+        0x32, 0x9b, 0x3e, 0xe4, 0x2f, 0xd3, 0xd3, 0xb0,
+        0x3b, 0xd5, 0x00, 0x3f, 0x0b, 0xc4, 0x32, 0xf7,
+        0xba, 0x39, 0x63, 0x11, 0x12, 0x45, 0x2d, 0xfd,
+        0x12, 0x14, 0x04, 0x33, 0xff, 0x89, 0x80, 0xeb,
+        0x6a, 0x52, 0x6b, 0xa8, 0x5e, 0xf9, 0x94, 0x77,
+        0x37, 0x8b, 0x4d, 0xc7, 0x66, 0x35, 0xa5, 0xcd,
+        0x50, 0x40, 0xe4, 0x3b, 0x8c, 0x1f, 0xe4, 0xee,
+        0x5e, 0x15, 0x8e, 0x42, 0x3b, 0xfc, 0x0c, 0x89,
+        0x3c, 0x1d, 0x56, 0x13, 0xbe, 0xd0, 0x8d, 0xa7,
+        0x19, 0xc9, 0x07, 0x31, 0x84, 0xee, 0xb3, 0x6f,
+        0xd3, 0x57, 0x38, 0x0f, 0xb1, 0x87, 0x3d, 0x8c,
+        0xbd, 0x36, 0xe2, 0x25, 0x5e, 0x98, 0x5b, 0x1b,
+        0x76, 0x81, 0x97, 0x43, 0xa6, 0x58, 0x4a, 0x9b,
+        0x3a, 0x58, 0x09, 0x96, 0xc9, 0xc2, 0xee, 0xd9,
+        0xbb, 0xbf, 0xff, 0x78, 0xa6, 0x20, 0x4b, 0x5e,
+        0x5e, 0xea, 0xe5, 0xf4, 0xef, 0xd2, 0x66, 0x00,
+        0x78, 0xb3, 0x7f, 0x07, 0x54, 0xab, 0x5d, 0xa8,
+        0x62, 0xe6, 0x66, 0xb1, 0x45, 0xb5, 0xf2, 0x3f,
+        0x3d, 0x09, 0x77, 0x79, 0x99, 0x29, 0xdf, 0xa2,
+        0xae, 0xdd, 0xa5, 0x3d, 0x15, 0x2e, 0xda, 0x1d,
+        0x0d, 0x0e, 0x4e, 0xa4, 0x3f, 0x6e, 0xd8, 0x89,
+        0xbb, 0x96, 0x5e, 0xef, 0xe0, 0xa7, 0xc6, 0x85,
+        0xbb, 0x36, 0x77, 0x0e, 0xaa, 0x87, 0x42, 0x42,
+        0xc0, 0xe2, 0x29, 0xcf, 0x6c, 0xe5, 0x6d, 0xef,
+        0xa5, 0xae, 0xae, 0x64, 0xd0, 0xc4, 0x0d, 0xda,
+        0x8a, 0xa2, 0x6e, 0xae, 0xb3, 0x14, 0x58, 0xf0,
+        0x70, 0xa3, 0xbc, 0x72, 0xe1, 0x61, 0x9e, 0xe9,
+        0xb5, 0xf6, 0x42, 0x29, 0x1c, 0x56, 0xdf, 0x5b,
+        0x7e, 0x43, 0xdb, 0x6c, 0x80, 0x2f, 0xc7, 0x4f,
+        0x4f, 0x3f, 0x9b, 0x5c, 0x0d, 0x35, 0x5c, 0x3a,
+        0xae, 0x52, 0x0a, 0xa3, 0x12, 0x29, 0xd1, 0x2f,
+        0x3e, 0x7c, 0xc5, 0xd4, 0x8e, 0x69, 0x11, 0x91,
+        0xa3, 0x6b, 0x28, 0x37, 0x65, 0xf4, 0x13, 0x3f,
+        0x0f, 0xf1, 0xfe, 0x2f, 0x01, 0xc6, 0x64, 0x8b,
+        0x27, 0x98, 0xa7, 0x4e, 0xb5, 0xd8, 0x42, 0xa2,
+        0x48, 0xf5, 0x24, 0xa7, 0xe7, 0xf8, 0x97, 0x42,
+        0x11, 0x29, 0x7b, 0x44, 0xf0, 0xdd, 0x19, 0xf3,
+        0x86, 0xe8, 0x6b, 0xe6, 0xba, 0x78, 0x2d, 0xe7,
+        0x7f, 0xde, 0x88, 0x72, 0x26, 0xf3, 0x7a, 0x1c,
+        0x77, 0xbc, 0x5e, 0xdd, 0xee, 0xe5, 0xbf, 0x46,
+        0xb6, 0x7f, 0xb7, 0x47, 0x8d, 0x55, 0x98, 0x65,
+        0xf2, 0x62, 0xca, 0xa8, 0x4d, 0x64, 0xa8, 0xce,
+        0x59, 0xe4, 0xdf, 0x08, 0x18, 0xe1, 0x48, 0x61,
+        0x52, 0x6a, 0xcd, 0x34, 0x83, 0x60, 0x0f, 0x3d,
+        0xae, 0x79, 0x59, 0xd3, 0x5d, 0x81, 0x81, 0xca,
+        0x6a, 0x81, 0xce, 0x79, 0x1b, 0xe0, 0x07, 0x52,
+        0xda, 0x77, 0x59, 0x44, 0x6a, 0x2c, 0xfb, 0xe0,
+        0x0b, 0x82, 0x48, 0xb9, 0x34, 0x91, 0xde, 0xbd,
+        0x52, 0x02, 0x20, 0xb7, 0x55, 0x41, 0x6d, 0x2f,
+        0xc6, 0xb7, 0xc8, 0xaf, 0x2f, 0xf7, 0x5e, 0x5b,
+        0xcb, 0xb8, 0xe7, 0x53, 0x73, 0x80, 0xa5, 0x72,
+        0x1c, 0x77, 0x48, 0x49, 0x57, 0xa6, 0x92, 0x71,
+        0xd8, 0xba, 0xfc, 0xe0, 0xf1, 0x66, 0x73, 0x5f,
+        0xf8, 0x69, 0x23, 0x2d, 0xe5, 0xd3, 0x81, 0xaf,
+        0xbf, 0x0e, 0x44, 0xd6, 0x91, 0x72, 0xb7, 0x9a,
+        0x35, 0x19, 0x19, 0x49, 0xde, 0x09, 0x70, 0x3b,
+        0x94, 0x22, 0x2b, 0x13, 0xc3, 0x85, 0xc6, 0x08,
+        0x1e, 0x6d, 0x2e, 0xde, 0x1e, 0x57, 0xfe, 0x18,
+        0x4e, 0xf8, 0xf6, 0x01, 0x96, 0xb9, 0xa3, 0xa7,
+        0xb7, 0xef, 0xf7, 0x49, 0x71, 0x91, 0xca, 0x87,
+        0x41, 0xb5, 0xa0, 0x1e, 0x79, 0xcb, 0x69, 0xa6,
+        0x11, 0x42, 0xe6, 0xf5, 0xd0, 0x80, 0xfb, 0xb3,
+        0xe5, 0x66, 0xf7, 0x9e, 0x14, 0x6f, 0x75, 0xc8,
+        0xa1, 0x09, 0x78, 0x60, 0x84, 0x1b, 0x47, 0x47,
+        0xdf, 0x60, 0x4d, 0xba, 0x95, 0x4e, 0x4a, 0x8d,
+        0x9e, 0x0d, 0xcc, 0xc1, 0xf6, 0x09, 0xd0, 0x5c,
+        0xf8, 0xd3, 0x12, 0x19, 0xec, 0xd6, 0x0c, 0x31,
+        0x2d, 0xe6, 0x84, 0x55, 0x2f, 0x09, 0x22, 0x7c,
+        0xb8, 0x29, 0x29, 0x1c, 0x64, 0x57, 0x32, 0xc5,
+        0xf5, 0xd4, 0xd7, 0x11, 0x63, 0x9f, 0x42, 0xa2,
+        0x30, 0x80, 0xaa, 0x34, 0xfe, 0x14, 0x20, 0xf2,
+        0x19, 0xbd, 0x6b, 0xcf, 0x4e, 0x3b, 0x29, 0xb9,
+        0xd0, 0x22, 0x93, 0xb2, 0xda, 0x81, 0x38, 0x3e,
+        0x0a, 0x51, 0xd2, 0xbb, 0x18, 0x6c, 0x7b, 0x0a,
+        0x21, 0x1a, 0x0c, 0xd6, 0x3a, 0xcb, 0xfc, 0x02,
+        0x10, 0x40, 0x1e, 0x98, 0x5d, 0x43, 0x6b, 0x38,
+        0x03, 0xd5, 0x60, 0x1c, 0x24, 0x13, 0x6a, 0xfd,
+        0x15, 0x62, 0x52, 0x2e, 0x45, 0xb4, 0x57, 0xcb,
+        0x43, 0x91, 0x78, 0xbe, 0x4a, 0x87, 0xcc, 0xe4,
+        0x03, 0x46, 0xd3, 0x4a, 0xe0, 0xf3, 0xc3, 0x91,
+        0x03, 0xc8, 0xa3, 0xeb, 0xc9, 0xc8, 0x6c, 0x8d,
+        0xb8, 0xfc, 0x55, 0x61, 0xeb, 0x0f, 0x3a, 0x14,
+        0x3d, 0x4e, 0x9f, 0xe9, 0x3a, 0x5c, 0xba, 0x6f,
+        0x6f, 0xca, 0xe5, 0x65, 0x0d, 0x3f, 0x43, 0xd2,
+        0x66, 0x8a, 0x59, 0x56, 0xc9, 0x22, 0x89, 0x3b,
+        0x81, 0x66, 0x47, 0xde, 0xd0, 0xaf, 0xc0, 0x52,
+        0xa6, 0xc3, 0xd9, 0xd0, 0x1a, 0x3d, 0x3a, 0xf0,
+        0xf1, 0xba, 0x80, 0x7f, 0xf1, 0x04, 0x91, 0xe1,
+        0x31, 0xdc, 0x15, 0xe1, 0x65, 0xcf, 0xd0, 0x65,
+        0x0a, 0x1f, 0x2c, 0x31, 0x3d, 0x79, 0x56, 0x14,
+        0x1e, 0xdc, 0xc6, 0x1c, 0xb9, 0x0e, 0x9e, 0x7a,
+        0xbf, 0x2f, 0xe3, 0x5f, 0xc9, 0xdc, 0x1b, 0xde,
+        0x88, 0x93, 0x9f, 0xa1, 0x1f, 0x7b, 0xbe, 0x3e,
+        0xb4, 0xd8, 0xff, 0xa6, 0x43, 0xb0, 0x74, 0xd7,
+        0x4f, 0x45, 0x11, 0x35, 0x86, 0xe9, 0xbb, 0x12,
+        0x06, 0x00, 0x03, 0xd7, 0x19, 0x41, 0xf2, 0xda,
+        0x09, 0x8d, 0xc0, 0xe9, 0x6c, 0xad, 0x32, 0x55,
+        0xcf, 0x32, 0x8e, 0xa2, 0xd3, 0x30, 0x8c, 0x1f,
+        0x45, 0x85, 0xe8, 0x9c, 0x61, 0x3c, 0x42, 0x6b,
+        0x7e, 0x79, 0x8e, 0x1e, 0xc4, 0xe9, 0x8f, 0xe6,
+        0xc7, 0x1e, 0x74, 0x91, 0xf5, 0xec, 0xa0, 0xcd,
+        0x05, 0x11, 0x58, 0x61, 0xbd, 0x16, 0x0e, 0x3f,
+        0xe7, 0x3a, 0x58, 0xa0, 0x26, 0xba, 0x53, 0x8e,
+        0x0e, 0x25, 0x6b, 0x92, 0xf1, 0xd7, 0xa2, 0x49,
+        0x75, 0x70, 0x59, 0x48, 0x56, 0x86, 0x0f, 0xfd,
+        0x06, 0xb6, 0x01, 0xac, 0x57, 0x55, 0x92, 0xf4,
+        0xac, 0x61, 0x2b, 0x5d, 0xe7, 0x86, 0x60, 0x42,
+        0x12, 0x3e, 0xbc, 0x60, 0xc5, 0x57, 0x68, 0xe3,
+        0xa7, 0x60, 0x0a, 0x32, 0x60, 0x55, 0x1f, 0x2b,
+        0xea, 0x22, 0xbb, 0xf6, 0xb6, 0xc8, 0x24, 0x6e,
+        0x80, 0xf9, 0x12, 0x5c, 0x4b, 0xb9, 0xdb, 0x35,
+        0x4d, 0xd6, 0x4a, 0xe6, 0x95, 0xc1, 0x5f, 0x50,
+        0x71, 0xf4, 0xab, 0xb9, 0x63, 0x92, 0x07, 0xca,
+        0xc7, 0x33, 0x1b, 0x31, 0x0f, 0x69, 0xa0, 0x5f,
+        0x54, 0xb9, 0x95, 0xde, 0x52, 0x9a, 0x02, 0x3f,
+        0x03, 0x3b, 0x05, 0x5d, 0xb9, 0x52, 0x87, 0xa1,
+        0x4b, 0xa3, 0x0a, 0x7c, 0xc5, 0x26, 0xbb, 0x72,
+        0x4c, 0x41, 0x7f, 0xba, 0x29, 0x06, 0x36, 0xa9,
+        0x96, 0xf2, 0x86, 0xe3, 0xe9, 0xe9, 0x39, 0xe4,
+        0xfe, 0x1c, 0x39, 0x8b, 0x5c, 0x65, 0x99, 0x95,
+        0x9d, 0x0b, 0x44, 0x45, 0xa3, 0x27, 0xec, 0x46,
+        0x9a, 0x16, 0x53, 0xcf, 0xae, 0xa7, 0x55, 0x2c,
+        0xec, 0xec, 0x08, 0x5c, 0xca, 0xa6, 0x89, 0x38,
+        0xae, 0x4a, 0xc3, 0xc4, 0x24, 0xf7, 0xe4, 0x80,
+        0x43, 0x9e, 0xbd, 0x2c, 0x99, 0x2b, 0x5f, 0x6f,
+        0x95, 0xec, 0x24, 0x4b, 0x65, 0x7d, 0xbd, 0xea,
+        0xa9, 0xae, 0x11, 0x0a, 0xaf, 0x4d, 0x68, 0xbf,
+        0x4e, 0x27, 0x41, 0x0d, 0x43, 0xce, 0xef, 0x3e,
+        0x88, 0xe9, 0xc7, 0x17, 0xdd, 0x44, 0xc9, 0xee
 #endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = {
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
         0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4,
         0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5,
         0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55,
         0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19
 #else
-        0x63, 0xa1, 0x03, 0x90, 0x74, 0xf0, 0x1f, 0x26,
-        0x51, 0x21, 0x3a, 0xd9, 0x35, 0x0d, 0x65, 0x61,
-        0xcb, 0x03, 0xa6, 0x04, 0x00, 0xe7, 0x41, 0x18,
-        0xbb, 0x44, 0x64, 0xd8, 0x7b, 0x9d, 0xb2, 0x05
+        0x48, 0x9d, 0xd1, 0xe9, 0xc2, 0xbe, 0x4a, 0xf3,
+        0x48, 0x2b, 0xdb, 0x35, 0xbb, 0x26, 0xce, 0x76,
+        0x0e, 0x6e, 0x41, 0x4d, 0xa6, 0xec, 0xbe, 0x48,
+        0x99, 0x85, 0x74, 0x8a, 0x82, 0x5f, 0x1c, 0xd6
 #endif
     };
 
@@ -40427,13 +42104,17 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
     ret = wc_dilithium_set_level(key, param);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-
     ret = wc_dilithium_import_public(pubKey, pubKeyLen, key);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
+        (word32)sizeof(msg), &res, key);
+#else
     ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res,
         key);
+#endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (res != 1)
@@ -40448,6 +42129,118 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
 static wc_test_ret_t dilithium_param_44_vfy_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = {
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        0xd8, 0xac, 0xaf, 0xd8, 0x2e, 0x14, 0x23, 0x78, 0xf7, 0x0d, 0x9a, 0x04,
+        0x2b, 0x92, 0x48, 0x67, 0x60, 0x55, 0x34, 0xd9, 0xac, 0x0b, 0xc4, 0x1f,
+        0x46, 0xe8, 0x85, 0xb9, 0x2e, 0x1b, 0x10, 0x3a, 0x75, 0x7a, 0xc2, 0xbc,
+        0x76, 0xf0, 0x6d, 0x05, 0xa4, 0x78, 0x48, 0x84, 0x26, 0x69, 0xbd, 0x26,
+        0x1d, 0x73, 0x60, 0xaa, 0x57, 0x9d, 0x8c, 0x66, 0xb1, 0x19, 0xea, 0x11,
+        0xff, 0xbb, 0xf6, 0xeb, 0x26, 0x26, 0xac, 0x78, 0x74, 0x46, 0x6d, 0x51,
+        0x6e, 0x92, 0xdf, 0x6a, 0x98, 0x41, 0xe9, 0x10, 0xf2, 0xcc, 0xa8, 0x7a,
+        0x50, 0xdb, 0x1f, 0x4c, 0x42, 0x19, 0xd5, 0xbc, 0x76, 0x20, 0x6f, 0x2f,
+        0xbf, 0xc2, 0xc9, 0x1b, 0x02, 0xb5, 0xb1, 0x09, 0x46, 0x06, 0x87, 0x02,
+        0xac, 0x3d, 0xcf, 0xc3, 0xa5, 0x1b, 0xf0, 0xce, 0xd4, 0x9e, 0x84, 0x34,
+        0x3c, 0x24, 0x7d, 0x89, 0xf3, 0xbf, 0x9c, 0x18, 0x9d, 0x1b, 0x1d, 0xd4,
+        0xf6, 0xda, 0xc9, 0xa4, 0x14, 0xc4, 0x6b, 0xd7, 0x05, 0x6d, 0xed, 0x54,
+        0x42, 0x6b, 0x5f, 0x6d, 0x1e, 0xda, 0x6b, 0x47, 0x70, 0xe5, 0x4e, 0xe7,
+        0x25, 0x06, 0xf8, 0x28, 0x24, 0x34, 0xd6, 0xe5, 0xbe, 0xc5, 0x4f, 0x9e,
+        0x5d, 0x33, 0xfc, 0xef, 0xe4, 0xe9, 0x55, 0x67, 0x93, 0x1f, 0x2e, 0x11,
+        0x3a, 0x2e, 0xf2, 0xbb, 0x82, 0x09, 0x8d, 0xb2, 0x09, 0xf3, 0x2f, 0xef,
+        0x6f, 0x38, 0xc6, 0x56, 0xf2, 0x23, 0x08, 0x63, 0x99, 0x7f, 0x4e, 0xc0,
+        0x9d, 0x08, 0x9d, 0xa1, 0x59, 0x6e, 0xe1, 0x00, 0x2c, 0x99, 0xec, 0x83,
+        0x2f, 0x12, 0x97, 0x2f, 0x75, 0x04, 0x67, 0x44, 0xb5, 0x95, 0xce, 0xc6,
+        0x3e, 0x7a, 0x10, 0x77, 0x5e, 0xbe, 0x9c, 0x0f, 0xb3, 0xc7, 0x38, 0xbf,
+        0x9e, 0x35, 0x8f, 0xe4, 0x8d, 0x19, 0xc3, 0x41, 0xb1, 0x0b, 0x8c, 0x10,
+        0x9a, 0x58, 0xec, 0x4f, 0xb3, 0xe9, 0x5b, 0x72, 0x4b, 0xb8, 0x99, 0x34,
+        0x9a, 0xcd, 0xb0, 0x69, 0xd0, 0x67, 0xef, 0x96, 0xb9, 0xe5, 0x54, 0x92,
+        0xb7, 0x1a, 0x52, 0xf6, 0x0a, 0xc2, 0x23, 0x8d, 0x4f, 0xad, 0x00, 0xae,
+        0x0f, 0x97, 0xfa, 0xce, 0x96, 0xba, 0xe7, 0x74, 0x55, 0xd4, 0xaf, 0xbf,
+        0xa1, 0x32, 0x91, 0x2d, 0x03, 0x9f, 0xe3, 0x10, 0x8c, 0x77, 0x5d, 0x26,
+        0x76, 0xf1, 0x87, 0x90, 0xf0, 0x20, 0xd1, 0xea, 0xf7, 0xa4, 0xe8, 0x2c,
+        0x32, 0x1c, 0x55, 0xc0, 0x5d, 0xc9, 0xcd, 0x4e, 0x8f, 0x0d, 0xef, 0x0a,
+        0x27, 0xb6, 0x4f, 0xa4, 0xd3, 0xa4, 0xed, 0x33, 0x22, 0xa1, 0xd3, 0x15,
+        0xac, 0x1a, 0x20, 0x4e, 0x28, 0x8c, 0x8c, 0xd0, 0x71, 0xd1, 0xf2, 0xdb,
+        0x33, 0x63, 0xb6, 0xa4, 0xf2, 0x17, 0x3c, 0x12, 0xb0, 0xad, 0xef, 0x31,
+        0x91, 0xfe, 0xe5, 0x53, 0x99, 0xb6, 0x85, 0x63, 0xfa, 0xe6, 0xcd, 0xf6,
+        0xb9, 0xce, 0x4a, 0x7d, 0x4a, 0x49, 0x29, 0xd2, 0xd9, 0xc9, 0x47, 0x4a,
+        0x8a, 0x5c, 0x14, 0x5e, 0x0f, 0x7c, 0xc3, 0x91, 0xb0, 0xab, 0x37, 0xf5,
+        0x26, 0x8d, 0x46, 0x74, 0x49, 0xad, 0x51, 0xc3, 0x11, 0xfa, 0x85, 0x15,
+        0xa5, 0x84, 0xc1, 0xe0, 0x3c, 0x13, 0x6d, 0x13, 0xa3, 0xe6, 0xa8, 0x3c,
+        0x22, 0xac, 0x17, 0x48, 0x57, 0x7c, 0x81, 0xe2, 0x4e, 0xd8, 0x33, 0x5d,
+        0x4d, 0x65, 0xf7, 0xe1, 0xb8, 0x00, 0x78, 0x09, 0x16, 0xb0, 0x0b, 0xca,
+        0x15, 0x0d, 0xcd, 0x9a, 0xd8, 0x47, 0x4c, 0x9b, 0x69, 0xb2, 0xa0, 0x9d,
+        0x96, 0x96, 0x52, 0x6d, 0x89, 0xad, 0xff, 0x55, 0xde, 0x7b, 0xd6, 0x3d,
+        0x1d, 0x5e, 0x8d, 0xf1, 0xfc, 0x48, 0x1c, 0x50, 0x59, 0x55, 0xb9, 0x07,
+        0xfd, 0x6b, 0xcb, 0x95, 0xa6, 0x14, 0x73, 0xdb, 0x40, 0x40, 0x1c, 0x44,
+        0xe6, 0x79, 0x30, 0x88, 0xbd, 0xa0, 0xde, 0x9b, 0xb8, 0x76, 0xf8, 0x98,
+        0x56, 0x4b, 0xb9, 0x7a, 0xf6, 0xd4, 0x73, 0x89, 0x6b, 0xf7, 0x7d, 0x05,
+        0x33, 0xbe, 0xb6, 0x1c, 0x4d, 0xa7, 0x12, 0x3b, 0x3f, 0xed, 0x4a, 0x0f,
+        0xae, 0xa7, 0x6a, 0x26, 0x0d, 0x01, 0x84, 0x84, 0xa8, 0x0e, 0xc1, 0xc1,
+        0xfd, 0xe4, 0xa9, 0xe2, 0x3f, 0xab, 0xce, 0x20, 0x90, 0x86, 0x79, 0xa2,
+        0x40, 0xd0, 0xef, 0x79, 0x34, 0x2b, 0xe8, 0xc9, 0x54, 0xa7, 0x19, 0x62,
+        0xcc, 0x20, 0x79, 0x3f, 0x5b, 0x9c, 0x61, 0xc2, 0xc1, 0xd2, 0x36, 0x7c,
+        0x8e, 0xe3, 0x01, 0xbe, 0xc4, 0xb2, 0xb8, 0x07, 0x51, 0x23, 0x5b, 0x5d,
+        0x00, 0xe6, 0x7f, 0xd6, 0xbb, 0x32, 0xa9, 0x7e, 0xb4, 0x30, 0xeb, 0x5e,
+        0x6d, 0xed, 0xb2, 0xc3, 0x88, 0x81, 0xa3, 0x3b, 0x1f, 0x1e, 0xf9, 0x48,
+        0x10, 0xd6, 0x01, 0x65, 0x5f, 0x6d, 0xc5, 0xeb, 0x76, 0x5f, 0x10, 0x79,
+        0xaa, 0xc0, 0x86, 0xe7, 0x44, 0x95, 0x44, 0x4b, 0x54, 0x0c, 0x46, 0x2a,
+        0x98, 0x01, 0x6e, 0xc0, 0xb9, 0x59, 0x2a, 0xff, 0x8f, 0xb3, 0x80, 0x15,
+        0xec, 0xcd, 0x39, 0x36, 0xd7, 0x2f, 0x20, 0x9e, 0x3a, 0xc1, 0x90, 0xe5,
+        0x99, 0x27, 0x16, 0xd7, 0x6c, 0x30, 0x10, 0x12, 0x03, 0x3e, 0xdc, 0xb9,
+        0x03, 0x25, 0xb0, 0x8a, 0x27, 0x4d, 0x1a, 0x32, 0x36, 0x54, 0xc0, 0xba,
+        0x22, 0xb2, 0xe2, 0xf6, 0x39, 0x23, 0x03, 0xc4, 0xc9, 0xe4, 0x0d, 0x99,
+        0xfb, 0x98, 0xa5, 0x9b, 0x12, 0x9b, 0x58, 0x44, 0x74, 0x9f, 0x65, 0x61,
+        0x51, 0xba, 0x31, 0x60, 0x9c, 0xec, 0xf8, 0x4d, 0x36, 0x61, 0xd1, 0x33,
+        0x6d, 0xa6, 0x28, 0x75, 0xba, 0x7c, 0x82, 0xcb, 0x7e, 0xbe, 0x8f, 0x2d,
+        0x21, 0x84, 0xb9, 0xf2, 0x4e, 0x7b, 0x95, 0x99, 0x11, 0xf3, 0xe1, 0xc0,
+        0x6a, 0x44, 0xae, 0x11, 0xcb, 0x04, 0xa0, 0xf2, 0x3e, 0x17, 0xdf, 0xb2,
+        0x6a, 0xdf, 0x5c, 0xf3, 0x8a, 0xf8, 0x90, 0x86, 0x64, 0xea, 0x0a, 0x32,
+        0x7f, 0x9f, 0x90, 0xa8, 0x9d, 0x33, 0x12, 0xa6, 0xa4, 0xe7, 0x74, 0xa0,
+        0x75, 0xa9, 0x65, 0xf8, 0x39, 0xae, 0x14, 0x32, 0x79, 0xcc, 0xaa, 0x34,
+        0x86, 0x55, 0xcc, 0x99, 0xb7, 0x00, 0x05, 0x8b, 0xe3, 0x76, 0x28, 0x12,
+        0xb6, 0x2a, 0x3e, 0x44, 0x8d, 0xf4, 0xba, 0xef, 0xf6, 0xdc, 0x29, 0x08,
+        0x29, 0x7d, 0xd1, 0x1d, 0x17, 0x15, 0xb6, 0xb6, 0x58, 0x67, 0xd5, 0xd3,
+        0x12, 0x05, 0x4e, 0xb0, 0xc3, 0x83, 0xe0, 0x35, 0x30, 0x60, 0x59, 0xa0,
+        0xc5, 0x97, 0x5b, 0x81, 0xd3, 0x68, 0x6c, 0x8c, 0x17, 0x28, 0xa9, 0x24,
+        0x4f, 0x80, 0x20, 0xa5, 0x21, 0x9f, 0x8f, 0x15, 0x89, 0x2d, 0x87, 0xae,
+        0x2e, 0xcc, 0x73, 0x3e, 0x06, 0x43, 0xbc, 0xb3, 0x1b, 0xa6, 0x72, 0xaa,
+        0xa3, 0xaa, 0xbb, 0x6f, 0x2d, 0x68, 0x60, 0xcf, 0x05, 0x94, 0x25, 0x3e,
+        0x59, 0xf3, 0x64, 0x61, 0x5e, 0x78, 0x9a, 0x7e, 0x0d, 0x50, 0x45, 0x78,
+        0x51, 0xab, 0x11, 0xb1, 0xc6, 0x95, 0xfc, 0x29, 0x28, 0x10, 0x9c, 0x1a,
+        0x8c, 0x37, 0xb5, 0x4f, 0x0e, 0xed, 0x4a, 0x28, 0x6c, 0xaa, 0xb7, 0x0d,
+        0x12, 0xfa, 0x87, 0x5d, 0xd4, 0x9a, 0xb7, 0x2b, 0x46, 0x90, 0x58, 0x4e,
+        0xd7, 0x8b, 0x41, 0x1b, 0xf8, 0xc4, 0xc2, 0xde, 0xda, 0xec, 0x61, 0xe7,
+        0xbf, 0x11, 0xdd, 0x6e, 0x4e, 0x6a, 0xd4, 0x87, 0x01, 0xe4, 0xac, 0xe8,
+        0xaf, 0x2b, 0x01, 0xe1, 0x09, 0x20, 0xe0, 0xbd, 0x7d, 0x03, 0x73, 0x23,
+        0xdf, 0x77, 0x71, 0xa4, 0x25, 0x8b, 0x0a, 0x93, 0x49, 0x32, 0x45, 0x1a,
+        0xa4, 0x94, 0x31, 0x61, 0x2e, 0x17, 0x39, 0x8a, 0x66, 0xc9, 0xf9, 0x20,
+        0x2d, 0x6a, 0x97, 0x2f, 0xe7, 0x26, 0xd8, 0x01, 0x42, 0x65, 0xcf, 0xce,
+        0xd4, 0x24, 0x41, 0xfb, 0x9b, 0x6f, 0xf1, 0xc2, 0x9e, 0xd5, 0x08, 0x0c,
+        0xdc, 0x4d, 0x8e, 0xae, 0xcb, 0x5f, 0xd4, 0xcd, 0x7c, 0xf6, 0x82, 0xc6,
+        0xee, 0xf9, 0x88, 0x3a, 0x34, 0x07, 0x04, 0xb4, 0x84, 0x69, 0xb3, 0xa4,
+        0x67, 0xab, 0x09, 0xc0, 0x83, 0xfe, 0x59, 0xaf, 0x18, 0x2c, 0xc8, 0x09,
+        0xc1, 0xbb, 0x13, 0x7c, 0xce, 0x01, 0x5d, 0x85, 0xaa, 0x10, 0x28, 0xa2,
+        0x96, 0x98, 0x69, 0x23, 0xa3, 0xe7, 0x67, 0xbc, 0x7c, 0x7e, 0xde, 0x4b,
+        0x36, 0xab, 0x94, 0xd2, 0xb8, 0xf9, 0xdf, 0xee, 0xa1, 0x69, 0xa1, 0xc8,
+        0xe9, 0x83, 0x21, 0xac, 0x1b, 0x39, 0xf7, 0x6d, 0xbf, 0x8c, 0xdb, 0xd6,
+        0x2f, 0xc9, 0x3c, 0x3d, 0x50, 0xcf, 0x7f, 0xbe, 0x4a, 0x8d, 0xd8, 0x14,
+        0xad, 0x69, 0xb0, 0x3e, 0x8a, 0xaf, 0xeb, 0xd9, 0x1a, 0x15, 0x4a, 0xe4,
+        0xdd, 0xd9, 0xb2, 0xf8, 0x6b, 0xe2, 0x42, 0x9e, 0x29, 0x16, 0xfc, 0x85,
+        0x9c, 0x47, 0x4b, 0x1f, 0x3d, 0x7b, 0x8c, 0xe1, 0x6d, 0xa3, 0xb8, 0x0a,
+        0xe6, 0xfa, 0x27, 0xfe, 0x52, 0x72, 0xab, 0x3a, 0xa6, 0x58, 0xd7, 0x53,
+        0xaf, 0x9f, 0xee, 0x03, 0x85, 0xfc, 0xa4, 0x7a, 0x72, 0x29, 0x7e, 0x62,
+        0x28, 0x08, 0x79, 0xa8, 0xb8, 0xc7, 0x51, 0x8d, 0xaa, 0x40, 0x2d, 0x4a,
+        0xd9, 0x47, 0xb4, 0xa8, 0xa2, 0x0a, 0x43, 0xd0, 0xe0, 0x4a, 0x39, 0xa3,
+        0x06, 0x08, 0x9a, 0xe2, 0xf3, 0xf2, 0xf8, 0xb9, 0x9f, 0x63, 0x32, 0xa0,
+        0x65, 0x0b, 0xb0, 0x50, 0x96, 0xa6, 0xa8, 0x7a, 0x18, 0xdd, 0x6c, 0xd1,
+        0x9b, 0xd9, 0x4e, 0x76, 0x8f, 0xfb, 0x22, 0xa6, 0x1d, 0x29, 0xfc, 0xb8,
+        0x47, 0x29, 0xb6, 0xd1, 0xb1, 0x63, 0x4a, 0x36, 0x1b, 0x10, 0xe6, 0x4c,
+        0x65, 0x68, 0x1f, 0xad, 0x4f, 0x7d, 0x6b, 0x01, 0x41, 0x18, 0x5f, 0xba,
+        0x3d, 0xa6, 0x54, 0x28, 0x58, 0xd5, 0x81, 0x60, 0xdf, 0x84, 0x76, 0x00,
+        0x21, 0x53, 0xeb, 0xd3, 0xa6, 0xec, 0x7d, 0x3c, 0xb8, 0xcd, 0x91, 0x4c,
+        0x2f, 0x4b, 0x2e, 0x23, 0x4c, 0x0f, 0x0f, 0xe0, 0x14, 0xa5, 0xe7, 0xe5,
+        0x70, 0x8d, 0x8b, 0x9c
+#else
     0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
     0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
     0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
@@ -40579,9 +42372,214 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
     0x6a, 0x68, 0x4e, 0x2c, 0x1b, 0x56, 0x3e, 0x60, 0xa4, 0x42,
     0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77,
     0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1,
-    0xfe, 0x4b,
+    0xfe, 0x4b
+#endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_sig[] = {
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        0x27, 0x3b, 0x58, 0xa0, 0xcf, 0x00, 0x29, 0x5e, 0x1a, 0x63, 0xbf, 0xb4,
+        0x97, 0x16, 0xa1, 0x9c, 0x78, 0xd1, 0x33, 0xdc, 0x72, 0xde, 0xa3, 0xfc,
+        0xf4, 0x09, 0xb1, 0x09, 0x16, 0x3f, 0x80, 0x72, 0x22, 0x68, 0x65, 0x68,
+        0xb9, 0x80, 0x5a, 0x4a, 0x0d, 0x73, 0x49, 0xe1, 0xc6, 0xde, 0xca, 0x08,
+        0x4f, 0xca, 0xf8, 0xb2, 0xf8, 0x45, 0x3b, 0x6b, 0x8c, 0x6c, 0xfd, 0x3a,
+        0xf4, 0xde, 0xde, 0x82, 0xd8, 0x04, 0xbe, 0x4f, 0x4a, 0xdb, 0x92, 0x47,
+        0x83, 0x2d, 0xc4, 0x55, 0xed, 0x20, 0x4f, 0x71, 0xb1, 0x58, 0xd9, 0x70,
+        0x73, 0xbd, 0xb0, 0x3a, 0xb4, 0x8f, 0xd6, 0x9e, 0x32, 0x98, 0x2b, 0x9e,
+        0xff, 0x2a, 0x7c, 0xcb, 0x05, 0x1b, 0x8e, 0xe6, 0x3a, 0x45, 0xc6, 0x7a,
+        0xc8, 0xaf, 0x62, 0xd3, 0x04, 0xfa, 0x69, 0x4f, 0xda, 0x1b, 0x74, 0x16,
+        0x0d, 0xb3, 0x1a, 0xee, 0x71, 0xd7, 0xb0, 0xef, 0x69, 0xf5, 0xe2, 0xe9,
+        0xc2, 0xcc, 0x15, 0x66, 0x28, 0x0a, 0xac, 0xe2, 0x63, 0x06, 0xb7, 0x21,
+        0x0d, 0xd8, 0x5c, 0x94, 0x63, 0xfd, 0x51, 0x18, 0x9f, 0x07, 0x19, 0x3d,
+        0xa2, 0x50, 0x40, 0xd3, 0xe9, 0x05, 0xd4, 0x11, 0x13, 0x15, 0xaa, 0x46,
+        0xda, 0x3e, 0x5f, 0xcd, 0x3c, 0xfa, 0x42, 0xba, 0x79, 0x4a, 0xb7, 0x43,
+        0x91, 0xa5, 0xcb, 0xbc, 0xeb, 0x37, 0x94, 0xf1, 0x9c, 0xb9, 0xdb, 0x41,
+        0x06, 0xd8, 0x7b, 0x5e, 0x90, 0xe3, 0x3c, 0x8a, 0x10, 0x62, 0x9a, 0x15,
+        0x27, 0x78, 0xed, 0x69, 0x11, 0x2c, 0xb5, 0xb4, 0xdb, 0xc8, 0x70, 0x50,
+        0x62, 0x47, 0x96, 0xcb, 0xd9, 0xb2, 0x3e, 0x59, 0x2f, 0x1c, 0xac, 0xcb,
+        0xcf, 0x22, 0xc2, 0x9b, 0xc7, 0x92, 0xe9, 0x4d, 0x8d, 0x5d, 0xcf, 0x06,
+        0x53, 0x7e, 0xf4, 0x4e, 0xfe, 0x9e, 0x41, 0x5d, 0x00, 0x8c, 0x08, 0xf4,
+        0x02, 0x79, 0x33, 0x1c, 0x27, 0x1d, 0xe3, 0x94, 0xac, 0xe6, 0x87, 0xa0,
+        0x08, 0xb4, 0x60, 0x0c, 0xff, 0x47, 0xdc, 0x16, 0x3a, 0x1d, 0x89, 0xc0,
+        0x6a, 0xa4, 0x3d, 0x71, 0x33, 0xdd, 0x1e, 0x70, 0xfe, 0xd4, 0x8b, 0xed,
+        0x7c, 0x91, 0xe4, 0xe2, 0x15, 0x06, 0xc1, 0x83, 0x24, 0x55, 0xa7, 0x2a,
+        0x9f, 0x4e, 0xd9, 0x56, 0x7a, 0x95, 0xa8, 0xdd, 0xc4, 0xf0, 0x71, 0x3a,
+        0x99, 0x65, 0x31, 0x4b, 0xb7, 0x96, 0x2c, 0x53, 0x54, 0x83, 0xec, 0xc9,
+        0x97, 0x2f, 0x0c, 0xa4, 0x8f, 0xbb, 0x93, 0x9d, 0xea, 0xae, 0xf9, 0xcb,
+        0xb2, 0xb9, 0xa3, 0x61, 0x5f, 0x77, 0x8c, 0xb6, 0x5a, 0x56, 0xbe, 0x5f,
+        0x85, 0xd1, 0xb5, 0x0a, 0x53, 0xe2, 0xc7, 0xbf, 0x76, 0x8b, 0x97, 0x6f,
+        0x10, 0xdd, 0x1f, 0x44, 0x69, 0x66, 0x03, 0xc4, 0x6b, 0x59, 0xf7, 0xb4,
+        0xc1, 0x12, 0xcc, 0x00, 0x70, 0xe8, 0xbd, 0x44, 0x28, 0xf5, 0xfa, 0x96,
+        0xf3, 0x59, 0xed, 0x81, 0x67, 0xe0, 0xbe, 0x47, 0x75, 0xb3, 0xa8, 0x9f,
+        0x21, 0x70, 0x2e, 0x6f, 0xef, 0x54, 0x11, 0x3f, 0x34, 0xaf, 0x0d, 0x73,
+        0x5b, 0x9e, 0x6d, 0x86, 0x58, 0xb7, 0x34, 0xc2, 0xc2, 0xb3, 0x64, 0xd5,
+        0x9b, 0x6e, 0xb9, 0x99, 0x6a, 0xe4, 0xfd, 0xc3, 0x17, 0xf3, 0x10, 0xfc,
+        0x6e, 0xf5, 0x65, 0xe1, 0x9c, 0x59, 0x15, 0x11, 0x00, 0xea, 0x96, 0x81,
+        0x69, 0x9b, 0x05, 0x4d, 0xf3, 0xce, 0xf3, 0xf0, 0xa9, 0x01, 0x3f, 0x13,
+        0xbb, 0xb0, 0xac, 0xc3, 0x92, 0x1c, 0x2b, 0x61, 0xe3, 0x01, 0x22, 0x45,
+        0x4a, 0x23, 0x19, 0x80, 0xca, 0xb9, 0xef, 0x4e, 0x76, 0x52, 0xc5, 0x9d,
+        0x91, 0x33, 0x17, 0xc4, 0x28, 0x83, 0x55, 0x61, 0x49, 0x72, 0x04, 0xaa,
+        0xf8, 0xe3, 0x4b, 0x20, 0xf7, 0x6a, 0x74, 0x56, 0x64, 0xf9, 0xb3, 0xc9,
+        0x67, 0x5b, 0x55, 0x29, 0x9a, 0x89, 0xa5, 0x14, 0x67, 0xea, 0x6d, 0x6a,
+        0xde, 0x98, 0x58, 0x73, 0x25, 0xa3, 0xdb, 0xed, 0x3d, 0x62, 0xaa, 0xe0,
+        0x79, 0x7f, 0xa3, 0xd9, 0xb5, 0x4c, 0xe9, 0xa8, 0xdf, 0xfd, 0x59, 0x31,
+        0x42, 0x81, 0x9e, 0xb7, 0x81, 0x3f, 0x0e, 0xfb, 0xef, 0x80, 0x71, 0x9d,
+        0xb7, 0xa5, 0xfc, 0xb1, 0x80, 0xc9, 0x7e, 0x31, 0xd9, 0x47, 0xe2, 0xca,
+        0x10, 0x7b, 0xd1, 0xa1, 0x1c, 0x28, 0xc7, 0x7f, 0x51, 0x26, 0xb1, 0x4e,
+        0x57, 0xdd, 0x7d, 0x76, 0x5c, 0x5a, 0x85, 0xa7, 0x7b, 0x8c, 0xc5, 0x6e,
+        0xac, 0x20, 0xf8, 0x49, 0x16, 0xd6, 0x64, 0xf5, 0xf4, 0x2c, 0x32, 0xa1,
+        0x5d, 0xfb, 0x87, 0xb6, 0x14, 0xfe, 0x68, 0x7c, 0x4d, 0xce, 0xd7, 0x94,
+        0xf9, 0x8b, 0xf0, 0x61, 0xfd, 0xe0, 0x83, 0x7f, 0x13, 0xec, 0x7a, 0xb7,
+        0x41, 0x04, 0x51, 0x6e, 0x30, 0xa2, 0x01, 0xf7, 0x30, 0x12, 0xec, 0xd2,
+        0x8f, 0x73, 0xe7, 0x8e, 0x12, 0xb4, 0xe5, 0xc1, 0xff, 0xdf, 0x67, 0x14,
+        0xb1, 0xe9, 0xba, 0x36, 0x19, 0x18, 0xf4, 0xaa, 0xe0, 0xe4, 0x9d, 0xcd,
+        0xe8, 0xe7, 0x2b, 0x33, 0xb3, 0xdc, 0xb9, 0x19, 0xd7, 0xad, 0xa4, 0x68,
+        0xcd, 0x83, 0x77, 0x98, 0x36, 0x49, 0xd9, 0x32, 0x20, 0xfd, 0xfc, 0x34,
+        0xe7, 0x54, 0xd9, 0xb5, 0x05, 0xab, 0x0e, 0x08, 0x0e, 0x16, 0x8a, 0x7d,
+        0x91, 0x4c, 0xaa, 0x19, 0x04, 0x37, 0x35, 0xa5, 0xab, 0x6c, 0xee, 0xc4,
+        0x90, 0xf0, 0x5f, 0xc7, 0xae, 0x82, 0xfd, 0x59, 0x53, 0xe5, 0x36, 0x5a,
+        0x56, 0x37, 0x61, 0x69, 0xda, 0xe5, 0x8f, 0xfd, 0x2e, 0xd4, 0x9c, 0x7f,
+        0xb6, 0x39, 0xa4, 0x8d, 0x0a, 0xab, 0x82, 0x0f, 0xfe, 0x84, 0x69, 0x44,
+        0x8a, 0xa6, 0xd0, 0x39, 0xf9, 0x72, 0x68, 0xe7, 0x97, 0xd8, 0x6c, 0x7b,
+        0xec, 0x85, 0x8c, 0x52, 0xc9, 0x97, 0xbb, 0xc4, 0x7a, 0x67, 0x22, 0x60,
+        0x46, 0x9f, 0x16, 0xf1, 0x67, 0x0e, 0x1b, 0x50, 0x7c, 0xc4, 0x29, 0x15,
+        0xbc, 0x55, 0x6a, 0x67, 0xf6, 0xa8, 0x85, 0x66, 0x89, 0x9f, 0xff, 0x38,
+        0x28, 0xaa, 0x87, 0x91, 0xce, 0xde, 0x8d, 0x45, 0x5c, 0xa1, 0x25, 0x95,
+        0xe2, 0x86, 0xdd, 0xa1, 0x87, 0x6a, 0x0a, 0xa8, 0x3e, 0x63, 0x0e, 0x21,
+        0xa5, 0x6e, 0x08, 0x4d, 0x07, 0xb6, 0x26, 0xa8, 0x92, 0xdb, 0xed, 0x13,
+        0x01, 0xc3, 0xba, 0xcf, 0xad, 0x01, 0xbc, 0xe5, 0xc0, 0xba, 0xbe, 0x7c,
+        0x75, 0xf1, 0xb9, 0xfe, 0xd3, 0xf0, 0xa5, 0x2c, 0x8e, 0x10, 0xff, 0x99,
+        0xcb, 0xe2, 0x2d, 0xdc, 0x2f, 0x76, 0x00, 0xf8, 0x51, 0x7c, 0xcc, 0x52,
+        0x16, 0x0f, 0x18, 0x98, 0xea, 0x34, 0x06, 0x7f, 0xb7, 0x2e, 0xe9, 0x40,
+        0xf0, 0x2d, 0x30, 0x3d, 0xc0, 0x67, 0x4c, 0xe6, 0x63, 0x40, 0x41, 0x42,
+        0x96, 0xbb, 0x0b, 0xd6, 0xc9, 0x1c, 0x22, 0x7a, 0xa9, 0x4d, 0xcc, 0x5b,
+        0xaa, 0x03, 0xc6, 0x3b, 0x1e, 0x2f, 0x11, 0xae, 0x34, 0x6f, 0x0c, 0xe9,
+        0x16, 0x9c, 0x82, 0x3b, 0x90, 0x4c, 0x0e, 0xf0, 0xf9, 0x7f, 0x02, 0xca,
+        0xb9, 0xa9, 0x49, 0x6d, 0x27, 0x73, 0xd0, 0xbf, 0x15, 0x61, 0x52, 0xbc,
+        0xd6, 0x31, 0x59, 0x2b, 0x52, 0x5b, 0xaf, 0x3c, 0xc0, 0x8f, 0xdc, 0xd5,
+        0x2c, 0x1d, 0xe4, 0xe9, 0x41, 0xe8, 0xd3, 0x35, 0xd6, 0xb1, 0xf3, 0x32,
+        0xe0, 0x52, 0x08, 0x73, 0x99, 0xb6, 0x6b, 0xbc, 0x26, 0xfb, 0x2e, 0xa7,
+        0xb7, 0xcd, 0x14, 0xf0, 0xf9, 0xe5, 0x3a, 0xd0, 0x05, 0x5b, 0x2b, 0x38,
+        0xbd, 0x7c, 0xda, 0xd4, 0x15, 0x45, 0xfa, 0x3b, 0x6f, 0x94, 0x8e, 0x22,
+        0xce, 0xfa, 0x53, 0xe0, 0x5f, 0xa6, 0x9d, 0x1c, 0x26, 0x91, 0x8a, 0xab,
+        0x72, 0x5b, 0x18, 0x78, 0x69, 0x98, 0x3f, 0x8d, 0x33, 0x7c, 0x21, 0x93,
+        0x9e, 0xf0, 0xaf, 0xb7, 0x30, 0xc8, 0xac, 0xbc, 0xdb, 0x9c, 0x29, 0x17,
+        0x6b, 0x9d, 0x0f, 0x16, 0xd6, 0xc0, 0xcc, 0x3b, 0xce, 0x11, 0xe9, 0x64,
+        0xc8, 0xd4, 0x4c, 0x98, 0x7c, 0x8f, 0xf1, 0x5e, 0x84, 0xe4, 0x72, 0xf9,
+        0x69, 0xf5, 0x9d, 0xad, 0x95, 0x3b, 0xfb, 0x6d, 0x30, 0x7e, 0x0a, 0x47,
+        0x5b, 0x26, 0xb2, 0x4e, 0xeb, 0x1a, 0xc3, 0x37, 0x16, 0x28, 0x79, 0x62,
+        0xb4, 0x36, 0x85, 0x4a, 0x15, 0x5a, 0xc3, 0x6e, 0xbe, 0x7e, 0x00, 0xe9,
+        0x4a, 0xa5, 0xd7, 0x90, 0xcf, 0x59, 0x63, 0x2d, 0x2b, 0xc2, 0xc6, 0x47,
+        0xe6, 0x77, 0xb7, 0x6e, 0x9b, 0xc8, 0x0d, 0x18, 0x2b, 0x45, 0x2b, 0xc9,
+        0x5a, 0x6e, 0xb4, 0x50, 0xa5, 0x23, 0x7d, 0x17, 0xcc, 0x49, 0xe2, 0xb3,
+        0xf4, 0x6d, 0xb4, 0xb7, 0xbb, 0x9e, 0xdd, 0x20, 0x99, 0x19, 0xf5, 0x53,
+        0x1f, 0xd0, 0xff, 0x67, 0xf3, 0x8e, 0x6a, 0xcd, 0x2a, 0x6e, 0x2b, 0x0a,
+        0x90, 0xd7, 0xdb, 0xe1, 0xff, 0x1c, 0x40, 0xa1, 0xb0, 0x5d, 0x94, 0x4d,
+        0x20, 0x14, 0x01, 0xa1, 0xa8, 0xd1, 0x15, 0xd2, 0xd9, 0x1b, 0xbf, 0xc2,
+        0x8a, 0xd0, 0x02, 0xf6, 0x16, 0xa1, 0xb7, 0x40, 0xe0, 0x36, 0x88, 0xc8,
+        0x17, 0x0a, 0xf0, 0xb6, 0x0d, 0x3c, 0x53, 0xb9, 0x51, 0xed, 0xef, 0x20,
+        0x6f, 0xf3, 0x0c, 0xb5, 0xce, 0x0e, 0x9e, 0xfd, 0x0f, 0x5e, 0x3f, 0x8f,
+        0x3c, 0xb7, 0x2a, 0xdb, 0xc6, 0xa7, 0xf2, 0x11, 0x6e, 0xdc, 0x05, 0x33,
+        0xd4, 0xd8, 0xb0, 0x2d, 0x8a, 0xe5, 0x39, 0x82, 0x00, 0x49, 0x7d, 0xfd,
+        0x32, 0x29, 0xbb, 0x79, 0x5d, 0xcb, 0x21, 0x7b, 0x2d, 0x36, 0x58, 0x73,
+        0x52, 0x57, 0x52, 0x96, 0x4d, 0x89, 0x61, 0xf4, 0xad, 0x1f, 0x48, 0xd5,
+        0x7a, 0x4a, 0xaa, 0x1c, 0xa1, 0xf4, 0xb4, 0x9c, 0x43, 0x3b, 0x95, 0x72,
+        0xd0, 0x0e, 0x35, 0x82, 0x26, 0xd4, 0x2e, 0xe3, 0x83, 0x96, 0x97, 0x5a,
+        0x7b, 0xfc, 0x48, 0x17, 0x3c, 0xba, 0x9e, 0x5f, 0x46, 0x1a, 0x53, 0xe3,
+        0x2e, 0x78, 0x79, 0x80, 0xf6, 0x2d, 0x24, 0xcf, 0x62, 0xb6, 0x86, 0xeb,
+        0xee, 0xec, 0xf2, 0x1d, 0x00, 0xc8, 0x28, 0x9d, 0x93, 0x16, 0xa7, 0xd9,
+        0x11, 0x47, 0xe3, 0xc4, 0xb6, 0xc4, 0xa0, 0x99, 0x83, 0xc1, 0x17, 0xd8,
+        0x8e, 0xde, 0x69, 0x1d, 0xcb, 0xdd, 0xe7, 0x86, 0x6f, 0xf2, 0x36, 0x07,
+        0x23, 0x86, 0x0d, 0xe9, 0xad, 0x87, 0xae, 0x76, 0x98, 0x95, 0x51, 0xf2,
+        0xb3, 0x11, 0xc5, 0x34, 0xf0, 0x0c, 0xf8, 0x29, 0x9c, 0x84, 0x4f, 0x81,
+        0x49, 0x85, 0x63, 0x25, 0x16, 0xb0, 0xc3, 0xaa, 0xd7, 0x8a, 0x2e, 0x4b,
+        0x97, 0x60, 0x74, 0xf8, 0xa7, 0x39, 0xec, 0x6c, 0x2c, 0x9b, 0x33, 0x3a,
+        0x11, 0xbd, 0xa6, 0x90, 0x48, 0x65, 0xb1, 0xe7, 0x38, 0x53, 0x47, 0x1b,
+        0x62, 0xd5, 0xb7, 0xa8, 0xd4, 0xae, 0xf5, 0x12, 0x06, 0x12, 0x54, 0xa2,
+        0xce, 0xf1, 0x6b, 0x3a, 0xda, 0x63, 0x2e, 0x37, 0x2a, 0x25, 0x89, 0x30,
+        0x98, 0x77, 0x1d, 0x4b, 0x5a, 0x1e, 0xb7, 0x3d, 0xed, 0x19, 0xec, 0x9f,
+        0x64, 0x46, 0xa8, 0x2a, 0x79, 0xf3, 0x70, 0x39, 0x9f, 0x8c, 0xc3, 0x28,
+        0xcc, 0x2a, 0xc0, 0xd0, 0xe6, 0x80, 0xf5, 0x01, 0x78, 0x72, 0x7f, 0xe7,
+        0x2e, 0x7b, 0x5f, 0x05, 0xc3, 0x41, 0x33, 0x07, 0xdb, 0x9c, 0xa8, 0x96,
+        0xa7, 0x21, 0x20, 0x23, 0xd0, 0x59, 0x39, 0x06, 0x19, 0xa4, 0x29, 0xe5,
+        0x72, 0x39, 0x69, 0x23, 0xe3, 0xfa, 0x28, 0x63, 0xf5, 0x42, 0x3b, 0xca,
+        0x88, 0x5d, 0x7e, 0x47, 0x93, 0xa8, 0x8c, 0x75, 0xf2, 0x19, 0x44, 0x43,
+        0x15, 0x39, 0x03, 0x42, 0xd8, 0x1d, 0x81, 0x30, 0x8e, 0x84, 0x31, 0x24,
+        0x75, 0x67, 0x4e, 0xbe, 0xfe, 0x0a, 0xd8, 0xc3, 0xe7, 0x5b, 0xe1, 0xd5,
+        0x12, 0x6a, 0x69, 0x99, 0xcd, 0x35, 0xca, 0x22, 0x02, 0x65, 0xb3, 0x0f,
+        0x50, 0xb6, 0xaa, 0xc6, 0x91, 0x5c, 0x4d, 0xd4, 0x07, 0x93, 0x46, 0xf0,
+        0xcc, 0xe1, 0x92, 0x14, 0x91, 0x21, 0x43, 0xc4, 0xba, 0x45, 0x1c, 0x47,
+        0x29, 0xdf, 0xff, 0x89, 0x60, 0xee, 0x89, 0x1e, 0xc3, 0xb4, 0xb9, 0x0b,
+        0xc9, 0x7e, 0xd9, 0x15, 0xb0, 0x80, 0x91, 0xbe, 0xb9, 0x43, 0x48, 0x12,
+        0x86, 0x8e, 0x79, 0x38, 0x4d, 0xce, 0x36, 0x7f, 0xc3, 0xe8, 0xb7, 0xb9,
+        0x92, 0xbf, 0x27, 0x20, 0x54, 0xc8, 0x05, 0x63, 0x3b, 0xf5, 0x48, 0x1a,
+        0xa9, 0x04, 0x6c, 0xb6, 0x0e, 0x11, 0xea, 0xf3, 0x59, 0xb9, 0xa6, 0xf6,
+        0xf8, 0x0b, 0x15, 0xed, 0x30, 0xf9, 0xe4, 0xe5, 0x26, 0x2d, 0xbb, 0xc6,
+        0x5b, 0x36, 0xbb, 0x73, 0xa6, 0x4f, 0xf5, 0x43, 0x9f, 0xd7, 0xb9, 0x0f,
+        0xbc, 0x4f, 0x8d, 0xb8, 0xec, 0x1d, 0x42, 0x19, 0x56, 0x37, 0xc4, 0xcb,
+        0xd0, 0x16, 0x85, 0xff, 0xd3, 0x9b, 0xef, 0xc8, 0x75, 0x37, 0xd1, 0x92,
+        0xad, 0x21, 0x94, 0x1e, 0x9a, 0xf6, 0x2f, 0x6d, 0x30, 0xba, 0x37, 0xc3,
+        0xdc, 0x11, 0xe0, 0x79, 0xa4, 0x92, 0x1f, 0xe4, 0xaa, 0x7a, 0x6b, 0x2a,
+        0xe4, 0x04, 0xb7, 0xf9, 0x86, 0x95, 0xdb, 0xa8, 0xfc, 0x8a, 0x53, 0x21,
+        0x31, 0x14, 0xf7, 0x40, 0x01, 0x78, 0x4e, 0x73, 0x18, 0xb3, 0x54, 0xd7,
+        0xa6, 0x93, 0xf0, 0x70, 0x04, 0x1c, 0xe0, 0x2b, 0xef, 0xee, 0xd4, 0x64,
+        0xa7, 0xd9, 0x9f, 0x81, 0x4f, 0xe5, 0x1e, 0xbe, 0x6e, 0xd2, 0xf6, 0x3a,
+        0xba, 0xcf, 0x8c, 0x96, 0x2a, 0x3d, 0xf7, 0xe5, 0x5c, 0x59, 0x40, 0x9c,
+        0xe3, 0xf9, 0x2b, 0x6d, 0x3d, 0xf2, 0x6f, 0x81, 0xd6, 0xab, 0x9c, 0xab,
+        0xc6, 0xf7, 0x8f, 0xaa, 0xe5, 0x71, 0xe3, 0xc9, 0x8c, 0x1a, 0xeb, 0xc5,
+        0x87, 0xe7, 0xb0, 0xde, 0x18, 0xba, 0xaa, 0x1e, 0xda, 0x12, 0x32, 0x16,
+        0x94, 0x3a, 0x6e, 0x4f, 0x84, 0x06, 0x8e, 0x33, 0xf7, 0xfa, 0x35, 0xb8,
+        0x45, 0xe4, 0x5e, 0x9e, 0x46, 0x05, 0x7a, 0xf7, 0xf4, 0x99, 0xad, 0xb9,
+        0xdd, 0x55, 0xd9, 0x52, 0x3b, 0x93, 0xe3, 0x9b, 0x54, 0x1b, 0xe6, 0xa9,
+        0x70, 0xd3, 0x48, 0xf9, 0x3d, 0xdb, 0x88, 0x63, 0x66, 0xa0, 0xab, 0x72,
+        0x83, 0x6e, 0x8f, 0x78, 0x9d, 0x55, 0x46, 0x21, 0xca, 0x7c, 0xb7, 0x5d,
+        0x16, 0xe8, 0x66, 0x3b, 0x7b, 0xaa, 0xfe, 0x9c, 0x9c, 0x33, 0xc9, 0xc2,
+        0xa4, 0x3c, 0x78, 0x97, 0xf3, 0x5b, 0xc2, 0x29, 0x36, 0x98, 0x68, 0x28,
+        0xfe, 0x0a, 0xae, 0x6f, 0xe5, 0xf7, 0xfb, 0x9d, 0xf8, 0x8c, 0xd9, 0xd0,
+        0x4d, 0xfe, 0xc7, 0xd0, 0xb0, 0xe3, 0x9c, 0xdb, 0xac, 0x9e, 0x1b, 0x55,
+        0x7e, 0x24, 0xfe, 0xc4, 0x12, 0xcb, 0xc2, 0xdd, 0x0a, 0xda, 0x31, 0x40,
+        0x41, 0xb7, 0xfc, 0x3f, 0x6d, 0xe2, 0xd3, 0x8a, 0x0f, 0x21, 0x33, 0x3a,
+        0xbc, 0xa7, 0x62, 0x18, 0xb3, 0xaf, 0x48, 0xc6, 0xe2, 0xa3, 0xdd, 0x1d,
+        0x20, 0x62, 0xe4, 0x4b, 0x81, 0x6b, 0x3a, 0xc5, 0xb1, 0x07, 0xe1, 0xf1,
+        0xe1, 0xba, 0xf6, 0x01, 0xc6, 0xf2, 0xea, 0xc0, 0x97, 0x73, 0x79, 0x19,
+        0x06, 0xaa, 0x62, 0x42, 0xcb, 0x21, 0x5f, 0x08, 0x97, 0x7d, 0x72, 0xb5,
+        0x39, 0x4d, 0x99, 0xe3, 0xa2, 0x3f, 0xb9, 0xb4, 0xed, 0xf4, 0x61, 0x35,
+        0xe1, 0x50, 0xfb, 0x56, 0x7c, 0x35, 0xfd, 0x44, 0x8a, 0x57, 0x22, 0xed,
+        0x30, 0x33, 0xc3, 0x0b, 0xf1, 0x88, 0xe4, 0x44, 0x46, 0xf5, 0x73, 0x6d,
+        0x9b, 0x98, 0x88, 0x92, 0xf5, 0x34, 0x85, 0x18, 0x66, 0xef, 0x70, 0xbe,
+        0x7b, 0xc1, 0x0f, 0x1c, 0x78, 0x2d, 0x42, 0x13, 0x2d, 0x2f, 0x4d, 0x40,
+        0x8e, 0xe2, 0x6f, 0xe0, 0x04, 0xdb, 0x58, 0xbc, 0x65, 0x80, 0xba, 0xfc,
+        0x89, 0xee, 0xf3, 0x78, 0xb2, 0xd9, 0x78, 0x93, 0x6d, 0xbf, 0xd4, 0x74,
+        0x24, 0xf4, 0x5c, 0x37, 0x89, 0x0c, 0x14, 0xd5, 0xbd, 0xc5, 0xfc, 0x37,
+        0xe8, 0x8b, 0xe0, 0xc5, 0x89, 0xc9, 0x70, 0xb3, 0x76, 0x46, 0xce, 0x0d,
+        0x7c, 0x3d, 0xa4, 0x5d, 0x02, 0x95, 0x03, 0xba, 0x24, 0xaa, 0xf7, 0xd0,
+        0x75, 0x35, 0x78, 0x27, 0x9c, 0x6d, 0x2a, 0xef, 0xaa, 0xac, 0x85, 0xef,
+        0x8d, 0xfc, 0xc0, 0xfc, 0x72, 0x02, 0xf4, 0xa3, 0xd3, 0x87, 0xfc, 0x4d,
+        0xce, 0x3d, 0xcb, 0xc2, 0x74, 0x5b, 0xb0, 0x83, 0xc5, 0x72, 0x72, 0xd6,
+        0xa1, 0x67, 0x4d, 0xa1, 0xd6, 0xaa, 0xe7, 0x9b, 0xe7, 0xc0, 0xfd, 0x86,
+        0x91, 0x08, 0xfa, 0x48, 0x2f, 0x50, 0xce, 0x17, 0xea, 0x1c, 0xe3, 0x90,
+        0x35, 0xe6, 0x6c, 0xc9, 0x66, 0x7d, 0x51, 0x32, 0x20, 0x0c, 0x2d, 0x4b,
+        0xa1, 0xbf, 0x78, 0x87, 0xe1, 0x5a, 0x28, 0x0e, 0x9a, 0x85, 0xf6, 0x7e,
+        0x39, 0x60, 0xbc, 0x64, 0x42, 0x5d, 0xf0, 0x0a, 0xd7, 0x3e, 0xbb, 0xa0,
+        0x6d, 0x7c, 0xfa, 0x75, 0xee, 0x34, 0x39, 0x23, 0x0e, 0xbd, 0x50, 0x19,
+        0x7a, 0x2a, 0xb7, 0x17, 0x3a, 0x8b, 0xb7, 0xb6, 0xf4, 0xd8, 0x47, 0x71,
+        0x6b, 0x21, 0x1b, 0x56, 0xcc, 0xfb, 0x7b, 0x81, 0x99, 0x46, 0x88, 0x23,
+        0x40, 0x49, 0x66, 0x8b, 0xac, 0x84, 0x16, 0x8a, 0x86, 0xae, 0x38, 0xc4,
+        0x5b, 0x1f, 0x2b, 0xfa, 0xf2, 0x8b, 0x81, 0xc1, 0x22, 0x61, 0x61, 0x6c,
+        0x43, 0x16, 0x8c, 0x1d, 0x37, 0xb2, 0xaf, 0x3c, 0x3a, 0x90, 0x33, 0xed,
+        0xf5, 0x08, 0x78, 0xfd, 0x5a, 0xde, 0xd3, 0x38, 0x6d, 0xd7, 0x1c, 0x23,
+        0xeb, 0xb4, 0x9b, 0x8e, 0xc2, 0x48, 0x47, 0x8e, 0x84, 0xbb, 0xc4, 0xd0,
+        0xcc, 0xf9, 0x55, 0x5a, 0x57, 0xb9, 0x99, 0x52, 0x82, 0x21, 0x3b, 0x83,
+        0xda, 0x8f, 0xa3, 0x88, 0x9c, 0x57, 0xe0, 0x4b, 0xc1, 0xce, 0xbe, 0xd3,
+        0xea, 0xdd, 0xf2, 0x07, 0xc1, 0x73, 0x6f, 0xc0, 0x5e, 0x8e, 0x85, 0x72,
+        0xab, 0x2f, 0xa9, 0xac, 0x39, 0xee, 0x05, 0x34, 0x13, 0x16, 0x1b, 0x1c,
+        0x21, 0x24, 0x41, 0x49, 0x78, 0x87, 0x8b, 0x97, 0x9c, 0x9f, 0xa3, 0xa8,
+        0xb9, 0xbc, 0xc6, 0xcc, 0xf2, 0xfd, 0x18, 0x2a, 0x46, 0x58, 0x5a, 0x88,
+        0xa2, 0xb5, 0xcc, 0xd2, 0xda, 0xe1, 0xe3, 0x0d, 0x20, 0x23, 0x2b, 0x2f,
+        0x47, 0x57, 0x5e, 0x64, 0x87, 0x97, 0x9c, 0xa7, 0xaa, 0xbc, 0xc1, 0xe4,
+        0xe5, 0xea, 0x0b, 0x16, 0x3b, 0x3c, 0x3e, 0x45, 0x58, 0x63, 0x6a, 0x6f,
+        0x7c, 0x8c, 0x8d, 0x92, 0x99, 0x9c, 0xad, 0xb5, 0xb7, 0xce, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x16, 0x23, 0x36, 0x4a
+#else
     0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a,
     0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5,
     0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40,
@@ -40823,7 +42821,8 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
     0xaf, 0xc6, 0xc7, 0xcc, 0xd2, 0xfa, 0x2a, 0x2d, 0x2f, 0x32,
     0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c,
     0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46
+#endif
     };
 
     return dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
@@ -40836,6 +42835,171 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
 static wc_test_ret_t dilithium_param_65_vfy_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = {
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        0x2c, 0x32, 0xfa, 0x59, 0x71, 0x16, 0x4a, 0x0e, 0x45, 0x0f, 0x21, 0xfd,
+        0x65, 0xee, 0x50, 0xb0, 0xbf, 0xea, 0x8e, 0x4e, 0xa2, 0x55, 0x71, 0xa6,
+        0x65, 0x48, 0x56, 0x20, 0x8a, 0x48, 0x9d, 0xd7, 0xc9, 0x2c, 0x80, 0x62,
+        0x88, 0x68, 0x4d, 0x5f, 0xbe, 0x5f, 0xe5, 0xf5, 0xa4, 0x75, 0xb6, 0x88,
+        0x26, 0xae, 0x7d, 0x11, 0x43, 0x89, 0xcd, 0xe9, 0x67, 0x0c, 0x91, 0x0b,
+        0xd1, 0xd8, 0x8b, 0x7b, 0x73, 0x75, 0x94, 0xc1, 0xc9, 0x61, 0xc7, 0x35,
+        0x21, 0x99, 0x2e, 0xab, 0xe0, 0xdf, 0x4d, 0xac, 0x0d, 0xd0, 0xa2, 0x61,
+        0x5f, 0x04, 0x08, 0x83, 0x66, 0x5c, 0x67, 0x47, 0x0c, 0xab, 0x2c, 0xb7,
+        0x6d, 0x0e, 0x32, 0x4c, 0x8c, 0x25, 0x80, 0xf5, 0xe5, 0x7e, 0x3b, 0xa1,
+        0xc6, 0xc5, 0x87, 0xd8, 0x68, 0xb2, 0xd5, 0x67, 0xf9, 0x5a, 0x8b, 0x88,
+        0xf8, 0xcd, 0x0c, 0xda, 0x4f, 0xfc, 0xd2, 0xaf, 0xb2, 0xa2, 0x38, 0x21,
+        0xf9, 0xd8, 0xf1, 0x1c, 0x8d, 0xb4, 0xe8, 0xfb, 0x76, 0x36, 0x87, 0xf4,
+        0x7d, 0x03, 0xc4, 0x06, 0xab, 0x87, 0xac, 0x52, 0xe8, 0xd5, 0xf7, 0x63,
+        0xf0, 0xa8, 0x0b, 0x95, 0xbd, 0x07, 0xf1, 0x1d, 0x33, 0x7b, 0x8a, 0x2c,
+        0xef, 0x85, 0xbe, 0xf8, 0xc1, 0x4b, 0xa2, 0xb0, 0xe0, 0x7a, 0x85, 0xfa,
+        0x52, 0x36, 0x05, 0xa7, 0x65, 0x4a, 0x0c, 0x21, 0x5c, 0xc0, 0x4f, 0x18,
+        0xb8, 0x66, 0x02, 0xe6, 0xd0, 0x45, 0x60, 0x56, 0xfc, 0x40, 0x94, 0xb5,
+        0xa5, 0x2b, 0xc7, 0x57, 0xc3, 0xc5, 0x30, 0x72, 0x1c, 0x4c, 0x2a, 0xd5,
+        0x75, 0xae, 0x43, 0x9f, 0x01, 0x71, 0xac, 0x5c, 0xdf, 0x9c, 0x0a, 0x3c,
+        0xb5, 0x89, 0x07, 0x9b, 0x28, 0x25, 0x31, 0x31, 0xc5, 0xb7, 0x24, 0x53,
+        0x2c, 0x3c, 0x2a, 0x96, 0xe5, 0x0d, 0xa2, 0x97, 0xa7, 0x08, 0x9d, 0x31,
+        0xc0, 0xcd, 0x53, 0xd5, 0xa8, 0x58, 0xa6, 0xac, 0x43, 0x2d, 0xac, 0x39,
+        0x01, 0x2c, 0x60, 0xf6, 0x82, 0x86, 0xd0, 0xaf, 0xad, 0x61, 0x3f, 0x82,
+        0x80, 0xa1, 0xe1, 0x12, 0x83, 0x6e, 0x1d, 0x5e, 0xfe, 0xc6, 0x1e, 0x2a,
+        0x7a, 0x44, 0xcd, 0xc2, 0x0a, 0xf5, 0xc8, 0x72, 0x3e, 0x29, 0xc7, 0x0a,
+        0xd1, 0x4c, 0x17, 0xdd, 0x1f, 0xb6, 0x95, 0x34, 0xc2, 0x6c, 0xdc, 0x63,
+        0xd1, 0x7e, 0xb0, 0x52, 0x06, 0x18, 0x6c, 0xb1, 0x99, 0x6a, 0xbe, 0x42,
+        0xa9, 0xc0, 0x22, 0xcc, 0x09, 0x11, 0x84, 0x1f, 0x16, 0x9a, 0x0e, 0xdd,
+        0x18, 0x7a, 0x39, 0x34, 0xb0, 0x49, 0x44, 0xcb, 0x88, 0x1f, 0x91, 0x93,
+        0x49, 0x3f, 0xcc, 0x62, 0x56, 0x33, 0x15, 0xcb, 0x02, 0x9b, 0x33, 0xe8,
+        0xd7, 0xab, 0x51, 0xc0, 0x91, 0xe0, 0x9c, 0xd2, 0xf9, 0x52, 0x05, 0x0c,
+        0xbf, 0xf1, 0x97, 0x42, 0xfe, 0xd0, 0x32, 0x27, 0x34, 0xf8, 0x82, 0x2d,
+        0x65, 0x3a, 0x36, 0xce, 0xd1, 0x07, 0x82, 0x3a, 0x6a, 0xaa, 0x56, 0xf1,
+        0x9b, 0x98, 0xca, 0x8e, 0x55, 0xff, 0xa0, 0x74, 0xd6, 0x6a, 0x42, 0xaa,
+        0x0a, 0xd4, 0x59, 0x74, 0xfb, 0xd4, 0xdb, 0x14, 0x10, 0xee, 0xca, 0x78,
+        0x83, 0x83, 0x95, 0x9b, 0x77, 0xf1, 0x9a, 0x48, 0xe0, 0x8f, 0xa4, 0x5a,
+        0x4d, 0xa9, 0x3f, 0x32, 0x78, 0x4a, 0x25, 0x96, 0x9c, 0x20, 0x0a, 0xcc,
+        0x5b, 0xd8, 0xca, 0x19, 0x47, 0x77, 0xb8, 0x7c, 0x51, 0x3e, 0xd6, 0x30,
+        0xdb, 0x45, 0xb0, 0xe6, 0x9d, 0x6f, 0xc5, 0x0a, 0x5d, 0x5f, 0x55, 0xcd,
+        0x0f, 0x20, 0x22, 0x7e, 0x09, 0x99, 0xac, 0xb8, 0x9c, 0x9d, 0xf7, 0x3e,
+        0x7e, 0x07, 0xd7, 0xbc, 0x21, 0x76, 0x8c, 0x27, 0x81, 0x94, 0xab, 0x57,
+        0x4a, 0xe2, 0x91, 0x1c, 0xa4, 0x77, 0x4a, 0xd2, 0x96, 0x52, 0x9d, 0x33,
+        0xb5, 0x58, 0x70, 0xd7, 0xff, 0x22, 0xe8, 0x14, 0xea, 0xd0, 0x8c, 0xd4,
+        0x06, 0x08, 0xd8, 0x73, 0x66, 0x4b, 0x93, 0x41, 0xc9, 0x73, 0x5b, 0x07,
+        0x5f, 0x31, 0xc5, 0x25, 0x98, 0x7b, 0x7b, 0xa5, 0x26, 0x83, 0x94, 0x22,
+        0x42, 0x1c, 0x51, 0xe6, 0x80, 0x48, 0xca, 0xd4, 0x53, 0x40, 0x3a, 0xee,
+        0x2c, 0x29, 0x07, 0xed, 0xdf, 0x97, 0x44, 0x19, 0xe5, 0xe5, 0x35, 0x66,
+        0x1f, 0xbd, 0x29, 0x77, 0x0c, 0x15, 0x6c, 0x95, 0x08, 0x81, 0xe0, 0x76,
+        0x86, 0x5e, 0x6d, 0x77, 0x78, 0x76, 0x07, 0xdd, 0x21, 0x97, 0x59, 0xdb,
+        0xd4, 0xbd, 0xb6, 0x4c, 0x3f, 0x07, 0x93, 0xb6, 0x4a, 0xce, 0xf7, 0x08,
+        0x86, 0xfd, 0x9c, 0x03, 0x08, 0x94, 0x00, 0xea, 0x4b, 0xd6, 0x1e, 0x17,
+        0xfb, 0xb5, 0xba, 0xde, 0x25, 0x95, 0xe7, 0xf8, 0x97, 0x9e, 0x99, 0xae,
+        0x5d, 0xdd, 0xf6, 0x32, 0x1a, 0xf2, 0x4f, 0xcf, 0x0c, 0x17, 0x55, 0xb8,
+        0xfb, 0xae, 0xc8, 0x46, 0xb0, 0x3e, 0x86, 0x2b, 0x5e, 0xef, 0x36, 0xca,
+        0x24, 0xed, 0x32, 0x5b, 0xc8, 0xfb, 0x88, 0x35, 0x6a, 0x26, 0xfe, 0x06,
+        0x54, 0x0c, 0x3e, 0x2c, 0x71, 0xdf, 0x98, 0xf0, 0xbb, 0xb2, 0xe0, 0x9d,
+        0xf7, 0xeb, 0xce, 0x07, 0xfa, 0xc4, 0xab, 0x88, 0xc3, 0x14, 0x33, 0x60,
+        0x48, 0xcf, 0x39, 0x26, 0x90, 0xac, 0xfa, 0x39, 0x6f, 0x2d, 0x9d, 0x6d,
+        0x15, 0x7f, 0x84, 0x6b, 0x0a, 0x1c, 0xf4, 0x6c, 0x78, 0x62, 0x52, 0x93,
+        0x2c, 0x7e, 0x9f, 0x4a, 0x51, 0x7a, 0x2e, 0xad, 0xea, 0xe4, 0xe5, 0x9c,
+        0x15, 0x15, 0x28, 0x4d, 0x3e, 0x5e, 0xb4, 0x3b, 0xff, 0x81, 0xe0, 0x56,
+        0x44, 0x33, 0x33, 0xd9, 0x4b, 0xb2, 0x23, 0x60, 0xed, 0x0d, 0xa5, 0x4e,
+        0x9f, 0x7d, 0xbc, 0x6e, 0x3a, 0xf9, 0x7e, 0x16, 0x47, 0x66, 0xb1, 0x6c,
+        0xc7, 0x26, 0x62, 0x9b, 0x3c, 0x53, 0xb3, 0xa1, 0x16, 0x62, 0x31, 0x64,
+        0xd2, 0xbb, 0x28, 0x5c, 0xe8, 0x21, 0xc3, 0xfc, 0xc3, 0x6d, 0xa7, 0x35,
+        0x4d, 0x57, 0xe0, 0xbd, 0x54, 0x1a, 0x84, 0xf7, 0x9c, 0x8a, 0x54, 0x3d,
+        0x59, 0xb3, 0xa2, 0x46, 0x3b, 0x16, 0x48, 0x3b, 0x3a, 0x3c, 0x5e, 0x88,
+        0xc3, 0x60, 0x63, 0x7e, 0xca, 0x68, 0xb7, 0x2f, 0x2b, 0xb5, 0x62, 0x2e,
+        0x51, 0x89, 0xbe, 0x78, 0xf7, 0xfa, 0x19, 0xcc, 0xca, 0x87, 0x9a, 0xf5,
+        0xef, 0x0d, 0x21, 0x08, 0x3b, 0xd6, 0x9a, 0x94, 0xc5, 0xd1, 0x1b, 0xa9,
+        0x7c, 0xc8, 0x9f, 0x9a, 0xb0, 0xb8, 0xf7, 0x02, 0x12, 0x31, 0x70, 0x52,
+        0x52, 0xda, 0xb5, 0x9a, 0x08, 0x20, 0xc3, 0xc4, 0x0c, 0x6a, 0x34, 0x58,
+        0x75, 0x9b, 0xdc, 0x1a, 0x6a, 0x37, 0x42, 0x9f, 0x16, 0x70, 0xbb, 0x39,
+        0x86, 0xbd, 0x09, 0x9c, 0x04, 0x44, 0xbe, 0x1a, 0xe5, 0xe9, 0x50, 0x9b,
+        0x14, 0x50, 0x4f, 0x00, 0xba, 0xb0, 0xf6, 0x36, 0x4d, 0x69, 0x16, 0x11,
+        0x40, 0x5a, 0x4e, 0x8b, 0x39, 0xb4, 0xf1, 0xb2, 0x11, 0x36, 0x2f, 0x02,
+        0x15, 0xca, 0x78, 0xde, 0x75, 0x07, 0x64, 0x72, 0xfd, 0xd4, 0x48, 0xdd,
+        0xfb, 0xf5, 0x8a, 0x3d, 0xa8, 0x8e, 0x14, 0xd1, 0x69, 0xe3, 0x21, 0x50,
+        0x39, 0xfd, 0xd0, 0x3b, 0xa0, 0x22, 0x61, 0x5c, 0x7e, 0x88, 0x91, 0xe1,
+        0xf0, 0xf6, 0x16, 0x23, 0xdb, 0xdb, 0x50, 0x0e, 0x39, 0xcc, 0x86, 0xf1,
+        0xab, 0x89, 0x60, 0xb0, 0xac, 0x28, 0xc6, 0x57, 0xe4, 0xee, 0xa9, 0x1b,
+        0xae, 0x78, 0xc5, 0x67, 0x1a, 0xeb, 0xb3, 0x43, 0xbc, 0xea, 0x11, 0x0c,
+        0x64, 0xf6, 0xd2, 0x52, 0xa0, 0x7e, 0xcd, 0x6d, 0x84, 0x8c, 0xf8, 0x80,
+        0xb7, 0xdb, 0x26, 0x91, 0x4a, 0xa0, 0x61, 0x69, 0x2f, 0x6f, 0x1c, 0x9d,
+        0x2a, 0x20, 0x44, 0xdc, 0x58, 0xaf, 0x7d, 0xfe, 0x4d, 0xa2, 0x10, 0x21,
+        0x88, 0xef, 0x42, 0x2e, 0x8e, 0xfb, 0x63, 0xbc, 0xc8, 0x26, 0xe7, 0x80,
+        0xa5, 0xbf, 0xe0, 0x7a, 0xcb, 0xf3, 0x31, 0x1c, 0xd9, 0xa3, 0x12, 0x00,
+        0x2f, 0x20, 0xc6, 0xc1, 0x15, 0xfd, 0x5b, 0x0d, 0x8a, 0x4d, 0xfb, 0x84,
+        0x4d, 0xb4, 0x64, 0xeb, 0x12, 0xf3, 0x78, 0x6b, 0x4d, 0xc6, 0x98, 0x46,
+        0x4c, 0xb3, 0xb4, 0x59, 0xdc, 0xb7, 0xdc, 0xbb, 0x56, 0x0f, 0x09, 0x14,
+        0x28, 0x43, 0x9f, 0xb8, 0x75, 0xed, 0xcb, 0x97, 0x25, 0xaf, 0xa5, 0xeb,
+        0x46, 0x14, 0xa6, 0x38, 0x68, 0x06, 0xe0, 0x6e, 0x55, 0x68, 0x6b, 0xf3,
+        0xd8, 0x6d, 0x59, 0x65, 0x65, 0xff, 0x48, 0xfd, 0xdb, 0x3d, 0xe2, 0x21,
+        0xb4, 0x7b, 0x78, 0x6a, 0x2e, 0x28, 0xb8, 0x21, 0xc4, 0x72, 0xf4, 0xef,
+        0xfb, 0x74, 0x43, 0x29, 0xf2, 0x30, 0xc9, 0xca, 0x78, 0x93, 0x72, 0xfd,
+        0x84, 0xa4, 0x95, 0xe0, 0xcd, 0xb1, 0x48, 0x29, 0xe7, 0xd1, 0x27, 0xf7,
+        0xdc, 0x31, 0x6e, 0x00, 0x04, 0xd7, 0x7c, 0xfd, 0x2d, 0x25, 0xe9, 0xdb,
+        0xc2, 0xb8, 0x14, 0x26, 0xed, 0x63, 0xb1, 0x50, 0x0a, 0x3c, 0xb2, 0x79,
+        0x98, 0x79, 0x81, 0x2d, 0xdb, 0x60, 0x97, 0x99, 0xc0, 0x0a, 0x89, 0x9f,
+        0x90, 0x19, 0x0b, 0xb3, 0x97, 0xd2, 0xf7, 0x50, 0xa5, 0x1d, 0x7d, 0x71,
+        0x75, 0xe6, 0x58, 0x62, 0x53, 0x95, 0x40, 0x9e, 0xc7, 0xd3, 0x72, 0xa1,
+        0xae, 0x07, 0xb3, 0x8a, 0x56, 0x61, 0x99, 0x81, 0x3e, 0xe4, 0x5e, 0x78,
+        0x57, 0xd1, 0x8a, 0xc4, 0x04, 0x38, 0x13, 0xa0, 0x5d, 0x68, 0x6d, 0x22,
+        0xae, 0xda, 0xfc, 0x67, 0xbb, 0xfb, 0x8e, 0x1a, 0xdc, 0x24, 0xf7, 0xc8,
+        0xf9, 0x92, 0x6f, 0x4e, 0xb5, 0xe7, 0x6d, 0x13, 0x88, 0x05, 0x5c, 0xbb,
+        0xe0, 0x24, 0x2a, 0x96, 0xc6, 0x70, 0x52, 0x14, 0xd0, 0xd9, 0xd8, 0xb2,
+        0x5b, 0xdc, 0x85, 0xcf, 0x62, 0xb4, 0xcf, 0x77, 0xf1, 0xe5, 0x51, 0xeb,
+        0xef, 0xe9, 0x3e, 0xf0, 0x16, 0xd2, 0xcc, 0x38, 0x0a, 0x47, 0x91, 0xc0,
+        0xe0, 0x14, 0x1a, 0xf9, 0x74, 0xd1, 0x32, 0x8b, 0x02, 0x36, 0x05, 0x55,
+        0x62, 0xa7, 0xae, 0x77, 0xb0, 0x01, 0x3d, 0x2c, 0x91, 0xbe, 0xfa, 0xdd,
+        0x9c, 0x17, 0x42, 0xc1, 0x01, 0x4d, 0xd8, 0x27, 0x3c, 0x10, 0x82, 0x66,
+        0x11, 0x91, 0x8b, 0xc8, 0x52, 0xd5, 0xc1, 0x1d, 0xee, 0xb2, 0x90, 0x17,
+        0xed, 0xf3, 0xad, 0xa5, 0xd5, 0xeb, 0xf2, 0x9b, 0x78, 0xbf, 0x2d, 0x5a,
+        0xad, 0xe5, 0x53, 0xe6, 0xc1, 0x3b, 0xd8, 0xf3, 0x6b, 0xc5, 0x4c, 0x87,
+        0x0a, 0xe3, 0xc8, 0xc7, 0xe5, 0x42, 0x2c, 0xe2, 0x13, 0x1a, 0xe7, 0x27,
+        0x20, 0x3e, 0x95, 0x13, 0x1e, 0xbb, 0x03, 0xae, 0xc0, 0x84, 0x14, 0x6d,
+        0x7b, 0xf7, 0x98, 0x08, 0x18, 0x12, 0xb4, 0x4f, 0x99, 0x4a, 0xcf, 0xd0,
+        0x4a, 0x5d, 0x21, 0x16, 0xf6, 0xdf, 0x10, 0xc7, 0xbe, 0xe6, 0x79, 0x3b,
+        0x35, 0x2a, 0xa6, 0xd6, 0x19, 0x9c, 0xde, 0xbd, 0xaf, 0x72, 0xd2, 0x25,
+        0xe0, 0xa4, 0xde, 0x99, 0x44, 0x18, 0x66, 0x41, 0xc7, 0x56, 0xf7, 0xdc,
+        0x32, 0x56, 0x57, 0x39, 0x18, 0x31, 0xc8, 0x75, 0x01, 0xc3, 0xf3, 0x46,
+        0xcf, 0xbf, 0xc6, 0x10, 0xb5, 0x1c, 0x38, 0xf9, 0xa4, 0xa5, 0x44, 0xa1,
+        0x0b, 0x25, 0x48, 0x9c, 0xd3, 0x1c, 0x55, 0x54, 0x15, 0x9f, 0xe3, 0x74,
+        0x5b, 0xb1, 0x92, 0xb6, 0x52, 0x61, 0xba, 0x2f, 0x53, 0x91, 0x17, 0x44,
+        0x94, 0x00, 0xe4, 0x43, 0xa0, 0xe7, 0x0d, 0xaa, 0x8a, 0x5b, 0x81, 0x43,
+        0xad, 0xfb, 0x50, 0xfe, 0xcf, 0x85, 0x2d, 0xfa, 0xc8, 0x1d, 0xad, 0xc8,
+        0x7a, 0x7c, 0x5e, 0xf3, 0x90, 0x35, 0x5e, 0x67, 0xce, 0x57, 0x4d, 0xa0,
+        0x22, 0x9e, 0x07, 0x4a, 0xf5, 0x9e, 0x5f, 0x91, 0x45, 0xd8, 0x62, 0xe0,
+        0xf3, 0x87, 0x3b, 0xb7, 0x89, 0x2f, 0xdf, 0x8b, 0x82, 0xb1, 0x86, 0xc3,
+        0xa4, 0xa3, 0x68, 0xc7, 0x73, 0x9e, 0x68, 0x8d, 0x24, 0x6a, 0x29, 0x94,
+        0x58, 0x57, 0x4b, 0x81, 0x00, 0xe2, 0x2b, 0x94, 0x0a, 0xf5, 0x96, 0xa3,
+        0x23, 0x9a, 0x7b, 0xd0, 0x2d, 0xcb, 0x6a, 0x8e, 0xae, 0x1b, 0x1c, 0x34,
+        0xed, 0x30, 0x4e, 0xca, 0x29, 0x21, 0xfc, 0x3d, 0x70, 0x11, 0xc1, 0x5f,
+        0x3e, 0xc2, 0x9e, 0x88, 0x71, 0x29, 0xa3, 0x8f, 0x92, 0xf5, 0x46, 0x77,
+        0xd5, 0x47, 0x2d, 0x2b, 0x66, 0x1c, 0x07, 0xf0, 0xfc, 0x7b, 0xa0, 0x13,
+        0x00, 0xae, 0xa5, 0x61, 0x92, 0x36, 0xeb, 0x7e, 0x43, 0x91, 0x20, 0x72,
+        0xe5, 0xba, 0x7f, 0x79, 0x23, 0x12, 0x3e, 0xb2, 0x4b, 0x13, 0xa1, 0x8c,
+        0x84, 0x72, 0x3b, 0x45, 0x62, 0xcf, 0x2e, 0x78, 0xc4, 0x9c, 0x22, 0x09,
+        0xfa, 0x59, 0x9d, 0xdf, 0x13, 0x54, 0x66, 0xe2, 0x6f, 0xfa, 0xb5, 0x2a,
+        0x27, 0x3e, 0x17, 0x82, 0xf3, 0x2a, 0x4d, 0x36, 0xd3, 0xf0, 0x8d, 0x43,
+        0x40, 0x2c, 0x84, 0x68, 0xbe, 0x40, 0x50, 0x7d, 0xa3, 0x27, 0x5e, 0xde,
+        0x4d, 0x04, 0x6f, 0xe8, 0x96, 0x9c, 0x7a, 0x1d, 0xb8, 0x2b, 0x8a, 0xb1,
+        0x6e, 0xe2, 0x36, 0x07, 0x22, 0x50, 0xd9, 0x71, 0x93, 0x48, 0xb5, 0x51,
+        0xce, 0x2a, 0x64, 0x6b, 0x11, 0xa6, 0xb9, 0x40, 0x2d, 0x6c, 0xd2, 0x76,
+        0x52, 0xc6, 0xe3, 0xa6, 0x6b, 0xd2, 0x3f, 0x39, 0xd2, 0x13, 0x28, 0xa4,
+        0xa9, 0x58, 0x99, 0xe8, 0x3d, 0x08, 0xfa, 0x3c, 0x34, 0x39, 0x4d, 0x7d,
+        0x5e, 0x10, 0x72, 0x51, 0x96, 0x1d, 0x4b, 0xd9, 0x3e, 0xc9, 0x22, 0x4c,
+        0x72, 0x63, 0xf8, 0x87, 0x4b, 0xe7, 0x41, 0xac, 0xcd, 0xd6, 0x34, 0xa2,
+        0xe1, 0xe8, 0x66, 0x81, 0x04, 0x7d, 0x70, 0x95, 0xba, 0x37, 0x86, 0x9e,
+        0x1f, 0x9a, 0x1b, 0xe4, 0x35, 0xac, 0xe6, 0xcf, 0x48, 0x55, 0x6e, 0xbb,
+        0x9d, 0x40, 0x79, 0x96, 0xdd, 0xac, 0xf8, 0xf5, 0x99, 0xad, 0x43, 0x0d,
+        0xad, 0xa9, 0x62, 0xc0, 0x70, 0x8b, 0x50, 0x9b, 0xca, 0x0d, 0x3e, 0x54,
+        0x9c, 0x27, 0xd5, 0x9e, 0x20, 0xe2, 0xe0, 0xb0, 0xb0, 0xbe, 0x8e, 0x56,
+        0x43, 0x95, 0x9b, 0x34, 0xd1, 0x05, 0x28, 0xa0, 0xee, 0xd9, 0xab, 0x6a,
+        0xa7, 0xbb, 0xb7, 0x1b, 0x3a, 0x5d, 0x33, 0x97, 0x25, 0x54, 0xe4, 0x0e,
+        0x64, 0x79, 0xed, 0x16, 0x62, 0x89, 0x70, 0x4a, 0xa6, 0x47, 0x40, 0xd7,
+        0xa3, 0xd2, 0x6f, 0x28, 0xdd, 0xc5, 0x04, 0xab, 0x7e, 0x7e, 0x1e, 0xb0,
+        0x19, 0x02, 0x48, 0xb5, 0x88, 0x82, 0x75, 0xaf, 0x66, 0x74, 0xca, 0xf6,
+        0xd7, 0xe8, 0x6d, 0xfa, 0x5e, 0xfa, 0xaf, 0xa8, 0x04, 0xaa, 0x2c, 0x09,
+        0xf1, 0x4c, 0x36, 0x75, 0xb5, 0xdc, 0xe8, 0x04, 0x80, 0xd3, 0x14, 0x78,
+        0x09, 0x5b, 0xfd, 0x52, 0x6f, 0xd9, 0x3c, 0x1c, 0x02, 0x3b, 0x77, 0xb8,
+        0xa1, 0xe9, 0xa4, 0xb7, 0x42, 0x62, 0xee, 0xea, 0x43, 0xf3, 0xd8, 0xd0,
+        0x7a, 0x53, 0x91, 0x34, 0x7f, 0xe7, 0x9a, 0xc6
+#else
     0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
     0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
     0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
@@ -41031,9 +43195,288 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
     0x20, 0x8f, 0x10, 0xfc, 0xc1, 0xc4, 0xcf, 0x37, 0x8d, 0x69,
     0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27,
     0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14,
-    0x1b, 0x10,
+    0x1b, 0x10
+#endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_sig[] = {
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        0xb1, 0xd1, 0x8e, 0x83, 0x0b, 0x0d, 0xd2, 0x71, 0xb2, 0xaa, 0x31, 0x38,
+        0x16, 0xf0, 0xb4, 0xbc, 0x64, 0x2b, 0x97, 0xa1, 0x08, 0x19, 0x4f, 0x52,
+        0xfe, 0x99, 0x1a, 0xa9, 0xd4, 0x08, 0x93, 0x99, 0x88, 0xfd, 0x6a, 0xd6,
+        0xd8, 0xdb, 0xf0, 0x71, 0x2a, 0xc9, 0x04, 0x83, 0xc9, 0x45, 0x59, 0x5d,
+        0xe0, 0x36, 0x59, 0x53, 0x1b, 0xb8, 0x5a, 0xa6, 0x1f, 0xb4, 0x1b, 0x0a,
+        0xfb, 0x3a, 0xba, 0xe3, 0xb7, 0x5e, 0x04, 0x14, 0x59, 0x09, 0x9a, 0x8e,
+        0xc2, 0x77, 0x5a, 0x3d, 0xf1, 0x43, 0x67, 0x74, 0x78, 0xfc, 0xcd, 0x34,
+        0xed, 0x35, 0x16, 0x38, 0x04, 0xe6, 0xe7, 0xd6, 0xd2, 0x90, 0x1b, 0x28,
+        0xb6, 0x66, 0x1b, 0x57, 0x85, 0x5e, 0xa7, 0x9f, 0x86, 0x1a, 0x0d, 0xc3,
+        0x7e, 0xed, 0xbd, 0x32, 0x8a, 0x35, 0xe1, 0xb3, 0x01, 0xdc, 0x9b, 0x44,
+        0x88, 0xa1, 0x0b, 0x87, 0x6e, 0x55, 0x31, 0xb1, 0x27, 0xcb, 0x85, 0xa4,
+        0x27, 0x56, 0x33, 0xb0, 0x39, 0x0d, 0xd3, 0x4b, 0xd1, 0xa2, 0x47, 0x07,
+        0xc6, 0xf4, 0xe6, 0x1f, 0x88, 0x70, 0x70, 0x13, 0x7e, 0x2e, 0x17, 0x32,
+        0x0a, 0x6b, 0x38, 0x34, 0xcf, 0x2f, 0x00, 0x36, 0x58, 0x8d, 0xe1, 0xdd,
+        0xa7, 0x94, 0x2a, 0x8f, 0x87, 0x99, 0x67, 0x02, 0x4d, 0x5b, 0x56, 0xaf,
+        0xef, 0xc4, 0x3c, 0xff, 0x72, 0x53, 0x95, 0x27, 0x03, 0x49, 0x94, 0x4f,
+        0x94, 0x87, 0x1f, 0x52, 0x33, 0xed, 0xb9, 0x14, 0x7b, 0xe5, 0x6c, 0xef,
+        0x7a, 0x17, 0x5a, 0xa4, 0x89, 0x2a, 0xfe, 0x68, 0xda, 0xdd, 0x48, 0xc2,
+        0xf0, 0x92, 0xf4, 0xe4, 0xd6, 0xa6, 0x48, 0x08, 0x2c, 0xe8, 0xcd, 0x72,
+        0xf6, 0x94, 0x3e, 0xc1, 0x82, 0xb8, 0x01, 0x58, 0xb2, 0xef, 0xef, 0xf4,
+        0xcb, 0x93, 0x63, 0x2e, 0x33, 0x5b, 0xc9, 0xd6, 0x6a, 0xde, 0xad, 0xe8,
+        0x1e, 0x3f, 0xa3, 0xf2, 0x35, 0x87, 0xc1, 0xc9, 0x48, 0x2f, 0x1b, 0x00,
+        0xea, 0x3d, 0x04, 0x29, 0xd5, 0xc0, 0xe9, 0x1a, 0xc5, 0xce, 0x5e, 0xdb,
+        0xd1, 0xee, 0x16, 0x9c, 0x05, 0x40, 0xf9, 0x21, 0x13, 0x72, 0x08, 0x39,
+        0x6b, 0x63, 0x19, 0xcd, 0x6f, 0x64, 0xa0, 0xc3, 0x77, 0xb7, 0x50, 0xed,
+        0xe9, 0x2d, 0xd5, 0x72, 0xea, 0xa6, 0xc1, 0x97, 0xb9, 0x6b, 0xe5, 0x81,
+        0x91, 0x8e, 0xd1, 0x36, 0x11, 0xee, 0xfb, 0x2b, 0x66, 0xba, 0xe4, 0x3e,
+        0xd0, 0xdd, 0x17, 0xc5, 0x24, 0x3b, 0xc3, 0x5b, 0x75, 0xfc, 0xd5, 0xb6,
+        0x8c, 0xba, 0x8c, 0x66, 0xb2, 0xee, 0x40, 0x45, 0x8c, 0x23, 0xbb, 0xe0,
+        0xc8, 0xd6, 0x05, 0xfd, 0x71, 0x5b, 0x24, 0xbb, 0x37, 0x65, 0x5f, 0x57,
+        0x92, 0x22, 0x13, 0xb2, 0x9a, 0x70, 0x22, 0x4b, 0xbe, 0x03, 0xd1, 0x54,
+        0xb0, 0x3a, 0x30, 0x50, 0x71, 0x24, 0xf7, 0x81, 0x8c, 0x20, 0x67, 0x74,
+        0x5a, 0xef, 0xa1, 0x6a, 0xe3, 0xd0, 0x04, 0xd6, 0xa5, 0x6e, 0xad, 0xa7,
+        0x15, 0x41, 0xf3, 0x21, 0xe8, 0xd9, 0xe6, 0xe5, 0x97, 0xbd, 0xc2, 0x1b,
+        0xbb, 0xd1, 0x4e, 0x7e, 0x5a, 0xd6, 0xe4, 0x19, 0xa5, 0xe4, 0x76, 0xf4,
+        0xce, 0x00, 0x94, 0x76, 0xef, 0x1b, 0xb3, 0x47, 0xb9, 0xa3, 0x32, 0xf7,
+        0x45, 0x6d, 0x32, 0x73, 0x06, 0xc0, 0xb9, 0xaf, 0x9c, 0x46, 0x99, 0xbe,
+        0x14, 0x06, 0xcd, 0x35, 0x7c, 0x90, 0x7c, 0xe7, 0x97, 0x0a, 0x9f, 0xb4,
+        0x21, 0xff, 0xf0, 0xea, 0x83, 0xc0, 0x86, 0x68, 0x9f, 0x36, 0xb0, 0xad,
+        0xe1, 0x8d, 0xc5, 0x76, 0x55, 0xb5, 0xb6, 0x7e, 0x1f, 0xa7, 0x5b, 0x26,
+        0x6c, 0xb5, 0xf9, 0x54, 0x1f, 0x76, 0xc1, 0x9c, 0xfc, 0x57, 0xc8, 0x86,
+        0xc1, 0x7d, 0x59, 0x55, 0x92, 0xa5, 0xb8, 0x03, 0xfa, 0xa5, 0x72, 0xd1,
+        0x5c, 0x8d, 0x9b, 0x2e, 0x84, 0x07, 0x18, 0xee, 0x49, 0xc5, 0x99, 0x8e,
+        0x15, 0x7c, 0xbf, 0xad, 0x8b, 0x13, 0xcd, 0x97, 0xf9, 0x3c, 0xa2, 0x89,
+        0x9c, 0x9c, 0x89, 0xc9, 0x7a, 0x46, 0xb3, 0x42, 0x7b, 0xd4, 0x28, 0x0d,
+        0x55, 0x63, 0x28, 0xd6, 0xc1, 0x65, 0xf5, 0x34, 0x6e, 0x38, 0x2a, 0xb4,
+        0x35, 0x40, 0xed, 0x7e, 0x80, 0x61, 0x9d, 0x8f, 0x68, 0x4f, 0x74, 0x0c,
+        0x30, 0x35, 0x0e, 0xb3, 0x07, 0xf4, 0x92, 0xed, 0x9c, 0x7f, 0xf5, 0xed,
+        0x3e, 0x17, 0x5b, 0x6e, 0x91, 0x46, 0xa1, 0x25, 0x1d, 0x83, 0x50, 0x93,
+        0x35, 0x06, 0x6c, 0x2f, 0x99, 0x8b, 0x21, 0x4c, 0x5c, 0x34, 0xb1, 0xa7,
+        0x82, 0xbc, 0x70, 0x28, 0x56, 0x61, 0x29, 0x35, 0x89, 0x0b, 0x41, 0x21,
+        0xf0, 0xf7, 0xff, 0x69, 0x3d, 0xa4, 0x28, 0x1e, 0x0d, 0x5d, 0xa7, 0x0e,
+        0xaa, 0xd3, 0x4a, 0x95, 0x49, 0xfe, 0x35, 0x5f, 0xa9, 0xc0, 0xe4, 0xe1,
+        0x9a, 0x03, 0xd4, 0xac, 0x96, 0xe3, 0xea, 0x7e, 0xa6, 0x85, 0x7e, 0xb0,
+        0xb8, 0xc2, 0xe8, 0x07, 0xd6, 0xd3, 0x1a, 0x84, 0x90, 0x24, 0x04, 0xef,
+        0x7c, 0x93, 0x15, 0x83, 0xea, 0xe2, 0x42, 0xc6, 0xe7, 0x13, 0x45, 0xbf,
+        0x35, 0xae, 0x5d, 0x50, 0x79, 0x16, 0xbb, 0x11, 0x17, 0x1b, 0xf4, 0x08,
+        0x88, 0x9d, 0x66, 0x14, 0x6a, 0xa0, 0x71, 0x76, 0x80, 0x51, 0x73, 0x7c,
+        0x1d, 0xb0, 0xc1, 0xad, 0x58, 0xfb, 0xbe, 0xcf, 0x73, 0xe0, 0xd9, 0xf8,
+        0xd5, 0xac, 0xd7, 0x49, 0xd9, 0xc9, 0x59, 0xbf, 0xfa, 0xf5, 0xb1, 0xd2,
+        0x5a, 0x01, 0xcd, 0x8b, 0x07, 0x8b, 0x59, 0x37, 0xc0, 0x8c, 0x7d, 0xa9,
+        0x71, 0x83, 0xf9, 0x7c, 0x58, 0xa9, 0x77, 0x01, 0x3d, 0x39, 0x56, 0x5c,
+        0x93, 0xfe, 0x40, 0x87, 0x5a, 0x31, 0x81, 0x53, 0x8e, 0x0d, 0x99, 0x7e,
+        0xdf, 0x37, 0xd9, 0xe3, 0x91, 0xb8, 0x60, 0x3a, 0x5b, 0xca, 0xe8, 0x91,
+        0x56, 0x89, 0x59, 0x61, 0xc6, 0x31, 0xe2, 0x6c, 0x81, 0xda, 0xc7, 0x5c,
+        0x04, 0x9d, 0xe4, 0x23, 0x12, 0x73, 0xfc, 0x48, 0xfb, 0xa5, 0xce, 0x87,
+        0x37, 0x47, 0x71, 0x5c, 0xd1, 0x2a, 0x63, 0x89, 0xdc, 0x07, 0xe7, 0x7f,
+        0x5d, 0x48, 0xe6, 0xd2, 0x96, 0xc6, 0x6f, 0xed, 0xee, 0x8c, 0xed, 0x5e,
+        0x41, 0x38, 0xbd, 0xdf, 0x21, 0xaa, 0x9e, 0x51, 0x16, 0x22, 0x4a, 0xdc,
+        0xd8, 0x12, 0xdf, 0x5a, 0x83, 0xd6, 0xd0, 0x07, 0xa4, 0x42, 0x41, 0x13,
+        0xe1, 0x08, 0xc9, 0x00, 0x0f, 0x37, 0xc0, 0x7d, 0xda, 0xb2, 0x25, 0xfc,
+        0xc9, 0xbc, 0xa8, 0x86, 0xcc, 0x38, 0x0e, 0x06, 0x51, 0x1b, 0x37, 0xc1,
+        0x0e, 0x2a, 0x58, 0x49, 0xbc, 0x7c, 0xa7, 0xf0, 0xda, 0xd7, 0x74, 0x34,
+        0xf5, 0xd8, 0x99, 0x8c, 0x94, 0x86, 0xe3, 0x1e, 0x6b, 0xf5, 0x68, 0xfa,
+        0xa6, 0x69, 0x63, 0x22, 0x5a, 0x3c, 0x6f, 0x29, 0xc9, 0x40, 0xc0, 0xbe,
+        0x8d, 0xb5, 0xcc, 0x82, 0x6e, 0x9d, 0xd1, 0x1f, 0x13, 0x63, 0xd8, 0x24,
+        0x63, 0x38, 0x59, 0xf0, 0x4a, 0x8c, 0x0f, 0x28, 0x8a, 0x77, 0x81, 0xa2,
+        0xa0, 0x23, 0x11, 0x59, 0xa9, 0x5a, 0x2d, 0x71, 0x8f, 0x82, 0xa7, 0xbd,
+        0x85, 0x26, 0x4d, 0xc2, 0x2f, 0x11, 0xe8, 0xff, 0x96, 0xa1, 0x2d, 0xf2,
+        0xd5, 0xf3, 0x1d, 0x54, 0xd0, 0x5f, 0x71, 0x07, 0xaf, 0x22, 0xa0, 0xcd,
+        0x78, 0xb3, 0x47, 0xb1, 0x40, 0x3d, 0x6b, 0xfd, 0x10, 0x1b, 0xc6, 0x60,
+        0xef, 0x5c, 0x24, 0xa3, 0x1f, 0xee, 0xc0, 0x0b, 0xed, 0x1d, 0x38, 0xc8,
+        0xf2, 0x8c, 0xec, 0x5e, 0xd9, 0x70, 0x1a, 0x2b, 0x25, 0xe6, 0xed, 0xa9,
+        0x0c, 0xb3, 0x78, 0xe1, 0x91, 0x01, 0x41, 0x2e, 0xfe, 0x7d, 0xbd, 0xfe,
+        0xcf, 0x48, 0x6d, 0x2e, 0x05, 0x31, 0x89, 0x24, 0xc4, 0xd7, 0xc4, 0x26,
+        0x2f, 0x64, 0x43, 0xa3, 0xdd, 0x56, 0x11, 0x5c, 0x65, 0x76, 0x96, 0xcc,
+        0x3c, 0x12, 0x42, 0xf2, 0x6b, 0x20, 0xc2, 0xe6, 0xc3, 0x5c, 0xfa, 0x91,
+        0xb1, 0xbd, 0x3b, 0xd3, 0x99, 0xde, 0x59, 0x7a, 0x34, 0x40, 0x56, 0xb0,
+        0x88, 0x02, 0x19, 0xc8, 0xf9, 0xf9, 0x8f, 0xe7, 0x60, 0xfb, 0x42, 0x87,
+        0x57, 0xb4, 0x42, 0xb4, 0x65, 0x94, 0x0a, 0x5f, 0xdb, 0xf5, 0x32, 0xe9,
+        0x49, 0x28, 0xbe, 0xa6, 0x64, 0x0d, 0x6d, 0x08, 0x43, 0x91, 0x16, 0x7a,
+        0x6c, 0xa9, 0x02, 0xe4, 0x84, 0x03, 0x39, 0x48, 0x08, 0xcc, 0xcb, 0x56,
+        0xad, 0x52, 0x95, 0x9e, 0x9a, 0x2b, 0xf1, 0x6d, 0x3f, 0x4b, 0x02, 0xc6,
+        0x52, 0xc7, 0x09, 0x6b, 0x3f, 0xa9, 0x60, 0xe2, 0x19, 0x5d, 0x0a, 0x61,
+        0xcd, 0xc8, 0x36, 0xdb, 0x8e, 0x57, 0xd2, 0x11, 0x49, 0x1c, 0x26, 0x58,
+        0x04, 0x07, 0x32, 0x2a, 0x34, 0xf0, 0x6a, 0x88, 0xcf, 0x63, 0xb7, 0xef,
+        0x7e, 0x93, 0xcc, 0x64, 0x07, 0x14, 0xfa, 0x63, 0x38, 0xdd, 0xc0, 0xf0,
+        0xaa, 0x56, 0xa1, 0xed, 0x16, 0xaa, 0x53, 0x8c, 0x99, 0xc0, 0xd4, 0xda,
+        0x94, 0x58, 0x13, 0xd9, 0x5f, 0x98, 0x9a, 0xa1, 0x57, 0xbd, 0x89, 0xca,
+        0x9d, 0x3e, 0xdf, 0x75, 0x26, 0x29, 0x0f, 0xb2, 0x33, 0x4b, 0x83, 0xb3,
+        0x99, 0x1f, 0x06, 0x5d, 0x10, 0xf5, 0x1c, 0x75, 0x97, 0xec, 0x5b, 0x87,
+        0xc7, 0xf1, 0xd8, 0xbd, 0x0e, 0x4c, 0x1a, 0xb0, 0x59, 0x3b, 0x27, 0x73,
+        0xdc, 0xde, 0xca, 0x0c, 0x2e, 0x1f, 0x42, 0x7f, 0xd8, 0x0f, 0x9b, 0x3f,
+        0x49, 0x3f, 0x63, 0x7d, 0x71, 0xe3, 0x77, 0x79, 0xcc, 0x9c, 0xbf, 0xff,
+        0x23, 0xa9, 0x74, 0xa2, 0xda, 0xb7, 0xca, 0x86, 0x7f, 0x12, 0xc1, 0x1b,
+        0x41, 0x35, 0xb5, 0xc7, 0x10, 0x09, 0xc0, 0xa2, 0x1b, 0x41, 0x31, 0x5e,
+        0x6c, 0x35, 0xb5, 0x63, 0x13, 0x19, 0x61, 0x8e, 0xbd, 0x89, 0xf6, 0x0a,
+        0xbd, 0x16, 0x15, 0xd8, 0xfa, 0xcc, 0x9f, 0x97, 0x02, 0x8f, 0x1b, 0x34,
+        0x40, 0xbc, 0x4a, 0xb1, 0x39, 0x12, 0xf8, 0x66, 0xda, 0x34, 0x03, 0xf2,
+        0x5c, 0x33, 0x9c, 0x63, 0x0b, 0xb6, 0x8f, 0xca, 0x81, 0xa2, 0x4a, 0x43,
+        0xe7, 0xe7, 0x66, 0x41, 0x45, 0x6b, 0x7c, 0xd1, 0x1d, 0xbc, 0x4f, 0x91,
+        0xab, 0x24, 0x0b, 0x9f, 0x60, 0x47, 0x36, 0x04, 0x8b, 0x72, 0xb6, 0x65,
+        0x35, 0xfc, 0xbf, 0xc9, 0x26, 0xaf, 0x84, 0x04, 0x30, 0x32, 0x02, 0xc0,
+        0x94, 0x98, 0xbc, 0x17, 0x33, 0x99, 0xac, 0xb1, 0x4e, 0xdd, 0xf0, 0x46,
+        0x68, 0x6a, 0xac, 0x6d, 0xdb, 0x85, 0xfd, 0xc6, 0x3b, 0xc8, 0x93, 0x89,
+        0xbf, 0xd7, 0xd9, 0x94, 0xe4, 0xa4, 0x37, 0xb9, 0x67, 0x52, 0x84, 0xcf,
+        0x88, 0xba, 0x01, 0x8b, 0xe4, 0xd4, 0x3e, 0xde, 0x94, 0xa1, 0xa9, 0xd8,
+        0x15, 0xb5, 0x6e, 0xa0, 0x62, 0x92, 0x5c, 0xb1, 0x1b, 0xbf, 0x4f, 0xaf,
+        0xf5, 0x99, 0x35, 0xce, 0x7d, 0xa9, 0x4b, 0xa8, 0x60, 0x31, 0xf5, 0x0a,
+        0x83, 0x58, 0xf5, 0x83, 0xde, 0xb2, 0xfe, 0xf3, 0x12, 0x08, 0x3d, 0xe3,
+        0x14, 0x89, 0x17, 0x93, 0x5c, 0x87, 0xe4, 0x89, 0xcb, 0xb7, 0x67, 0x3e,
+        0xea, 0x0e, 0x08, 0x57, 0xf1, 0xca, 0xe0, 0x18, 0xd7, 0xae, 0x5f, 0x9e,
+        0x62, 0x5c, 0xd7, 0x6a, 0x2f, 0xd6, 0x30, 0x67, 0xfb, 0x5e, 0xed, 0xcf,
+        0xa9, 0x88, 0x04, 0x0a, 0xf2, 0x62, 0x50, 0xc5, 0x39, 0xc6, 0xa1, 0x3c,
+        0xe4, 0x9a, 0x81, 0x55, 0x96, 0xca, 0x60, 0xb2, 0x53, 0x62, 0xee, 0xa1,
+        0x1d, 0xfc, 0xd9, 0x5c, 0x51, 0xbf, 0x55, 0x65, 0x1d, 0x13, 0x2a, 0x13,
+        0x58, 0xa3, 0x18, 0x52, 0x6b, 0xb4, 0xae, 0x60, 0x1c, 0x26, 0x3e, 0xb1,
+        0x4c, 0xb1, 0x72, 0x1b, 0x8a, 0x4c, 0xaa, 0xb5, 0x5b, 0x8a, 0x3b, 0x2f,
+        0x1f, 0xc3, 0x29, 0x41, 0xe6, 0x6d, 0xd7, 0x96, 0x26, 0xdd, 0x37, 0x67,
+        0x4f, 0x9d, 0x31, 0xc6, 0x54, 0x51, 0xaa, 0xba, 0x73, 0xae, 0xd2, 0x00,
+        0x0b, 0x05, 0x98, 0x73, 0xd6, 0x9c, 0xb4, 0x2e, 0x23, 0xd0, 0xc3, 0xac,
+        0x46, 0x6f, 0x3e, 0x05, 0x43, 0xf8, 0x96, 0xa0, 0xe0, 0xfe, 0x17, 0x3f,
+        0xfa, 0xc2, 0xc3, 0xf6, 0x1a, 0x46, 0xd0, 0x05, 0x53, 0x0e, 0xea, 0xd8,
+        0xba, 0xa3, 0xab, 0xb6, 0x58, 0xd1, 0x40, 0x1c, 0x97, 0x38, 0xd4, 0x77,
+        0x58, 0x03, 0xf5, 0x8a, 0xc7, 0x48, 0x19, 0x71, 0x71, 0xb5, 0x4b, 0x08,
+        0x85, 0x35, 0x1c, 0xdf, 0xbd, 0xa9, 0xc9, 0xd1, 0x40, 0x62, 0xa3, 0xd6,
+        0x3b, 0xa1, 0xf7, 0x4e, 0xc6, 0xfe, 0xc4, 0x07, 0x2f, 0xf5, 0xc9, 0x0c,
+        0xb6, 0xa0, 0xb3, 0x25, 0x3e, 0x2a, 0x07, 0xe3, 0x63, 0xe3, 0x9e, 0x8d,
+        0x0d, 0x7a, 0x70, 0x1e, 0x65, 0x95, 0x47, 0x37, 0xa8, 0xd2, 0x35, 0x09,
+        0x09, 0x70, 0xf5, 0xc9, 0xc9, 0x30, 0x95, 0xd9, 0xf2, 0x5d, 0x10, 0x3c,
+        0xc3, 0x66, 0x66, 0xb6, 0xdc, 0x14, 0xf6, 0x91, 0xc2, 0x7b, 0x4b, 0x71,
+        0x42, 0xf9, 0x35, 0xe7, 0x08, 0x1e, 0xb6, 0x9a, 0x5c, 0x0e, 0x8b, 0x41,
+        0x44, 0x7f, 0xad, 0xca, 0x8a, 0x4b, 0x6a, 0x02, 0x81, 0x96, 0xe7, 0xe1,
+        0xb0, 0x5b, 0xaf, 0xf2, 0x17, 0x44, 0x7f, 0xd1, 0x49, 0x77, 0xfd, 0x07,
+        0x59, 0x53, 0x8e, 0x51, 0xac, 0x0f, 0x0c, 0xb4, 0xa3, 0xf6, 0x24, 0x16,
+        0x47, 0xf3, 0xa4, 0x36, 0x17, 0x3e, 0x01, 0x1e, 0xf1, 0xec, 0x78, 0x4a,
+        0xcb, 0xbd, 0x2a, 0xfd, 0x01, 0xdd, 0xa5, 0xad, 0x7b, 0xef, 0x5e, 0x56,
+        0xb2, 0x60, 0xb4, 0xf2, 0x27, 0xc8, 0x9b, 0x5b, 0x31, 0x49, 0x54, 0xbc,
+        0x69, 0x9b, 0xc6, 0x1a, 0x79, 0xe7, 0xd4, 0x46, 0xc8, 0x50, 0xc3, 0xaa,
+        0xfc, 0xb5, 0x28, 0x87, 0x1e, 0xa0, 0x0c, 0xc6, 0x1a, 0xa7, 0x34, 0xd6,
+        0xbb, 0x9d, 0x9c, 0x0d, 0x90, 0x6f, 0x1a, 0x3c, 0xdc, 0x3b, 0x95, 0xc4,
+        0x38, 0x25, 0x7a, 0xc6, 0x46, 0x82, 0x9f, 0x68, 0xca, 0x6a, 0x63, 0xa7,
+        0x99, 0xfe, 0x64, 0xe6, 0x6f, 0x11, 0xcd, 0x2c, 0x76, 0x1e, 0xe6, 0x08,
+        0xb8, 0x33, 0x64, 0x43, 0x51, 0xbd, 0x52, 0xf7, 0x05, 0x06, 0xd5, 0xcc,
+        0x6a, 0xde, 0x1a, 0xa2, 0xbe, 0xf8, 0x8c, 0x44, 0x5e, 0x2d, 0xc2, 0x28,
+        0xcd, 0x9a, 0x53, 0x04, 0x96, 0xcc, 0x1e, 0xbb, 0x96, 0x07, 0xc9, 0x17,
+        0x04, 0xf8, 0xd8, 0xd9, 0xdd, 0x35, 0x35, 0x3d, 0x53, 0x30, 0x60, 0xb3,
+        0x87, 0x5d, 0xf3, 0xe5, 0xa7, 0x20, 0x30, 0x9d, 0xb0, 0x5b, 0xc4, 0x36,
+        0xf7, 0xd7, 0xb6, 0x3e, 0x44, 0x98, 0x99, 0xe7, 0xc3, 0x29, 0xcb, 0x70,
+        0xc4, 0x91, 0x8b, 0xfc, 0x63, 0x60, 0x29, 0x95, 0xeb, 0x61, 0x7f, 0xdf,
+        0xf7, 0x3a, 0x69, 0x3a, 0xeb, 0xa1, 0x73, 0x1d, 0x13, 0x18, 0x29, 0x2c,
+        0x89, 0x82, 0x56, 0x42, 0xe7, 0xa3, 0xba, 0xe9, 0x59, 0x2e, 0xfd, 0xff,
+        0xb6, 0xf7, 0xbd, 0x2a, 0xc9, 0xff, 0x4c, 0x63, 0xef, 0x54, 0x63, 0x82,
+        0x7c, 0xa5, 0x11, 0x44, 0xc7, 0x68, 0xf5, 0x7b, 0x44, 0x2c, 0xee, 0xab,
+        0xa3, 0x84, 0x5a, 0x99, 0x28, 0x98, 0x97, 0x2e, 0x8b, 0x07, 0x09, 0x6c,
+        0xea, 0xc1, 0x81, 0x0b, 0xe0, 0xc4, 0xb7, 0xc2, 0x73, 0xbe, 0x8b, 0x72,
+        0xf8, 0xc9, 0x8d, 0x50, 0x28, 0xf2, 0x95, 0x54, 0x8a, 0x3b, 0x23, 0x86,
+        0xc4, 0xe8, 0xe8, 0xe5, 0x45, 0x0d, 0xdf, 0xa3, 0xe6, 0x00, 0x71, 0xe8,
+        0x20, 0xd2, 0x6d, 0x22, 0x23, 0xaf, 0x37, 0x04, 0x55, 0x05, 0x8d, 0xc9,
+        0x38, 0x38, 0x12, 0x4c, 0x9f, 0x28, 0x56, 0x14, 0x76, 0xe5, 0x10, 0x54,
+        0xd9, 0x68, 0xca, 0xc3, 0x97, 0x9f, 0xd2, 0x25, 0x2c, 0x0d, 0xa0, 0xff,
+        0xea, 0xab, 0x61, 0xd2, 0xb2, 0x06, 0xc2, 0x93, 0xfd, 0x5a, 0xfe, 0xe3,
+        0x98, 0xbf, 0x37, 0x2e, 0xa5, 0x74, 0x56, 0xd0, 0x7a, 0x5a, 0x23, 0x3b,
+        0xd2, 0xa0, 0x1f, 0x4b, 0xeb, 0x7f, 0x5a, 0xc5, 0x51, 0x79, 0xf6, 0x95,
+        0x19, 0x50, 0xb1, 0x6a, 0x80, 0xcb, 0xcf, 0x19, 0xa4, 0x67, 0xf4, 0x08,
+        0x0f, 0x6a, 0xd9, 0x3f, 0x15, 0x96, 0x2c, 0x6d, 0xd5, 0x69, 0x7a, 0x56,
+        0x4d, 0x17, 0xc8, 0xcb, 0xba, 0x9b, 0x6e, 0x65, 0xa2, 0x3d, 0x66, 0xed,
+        0xea, 0xe2, 0x54, 0x88, 0x6c, 0xc1, 0x1a, 0x11, 0xde, 0x4e, 0x0c, 0x8a,
+        0x42, 0x04, 0xe1, 0x77, 0xc3, 0x0c, 0xff, 0x10, 0x7d, 0x4a, 0x45, 0x3f,
+        0xb8, 0x40, 0xf9, 0x75, 0x76, 0x9f, 0x65, 0x42, 0x2f, 0x78, 0x5b, 0x0b,
+        0x32, 0xbc, 0x45, 0xfc, 0xd4, 0x29, 0x49, 0x34, 0x76, 0xda, 0x5f, 0xe8,
+        0x39, 0x35, 0x9e, 0xba, 0x7f, 0x19, 0x7e, 0x14, 0xe6, 0x71, 0x9c, 0x72,
+        0x6a, 0xce, 0xcc, 0xa6, 0x72, 0x73, 0x3f, 0x4e, 0x9b, 0x9e, 0x94, 0x0c,
+        0xce, 0x00, 0x15, 0xb4, 0x50, 0xff, 0xcf, 0xcd, 0x78, 0xd3, 0x08, 0x0e,
+        0x95, 0x48, 0x24, 0x13, 0x16, 0x54, 0xb4, 0xe0, 0xa9, 0x29, 0xa3, 0x05,
+        0x77, 0x2f, 0x5d, 0x47, 0x6a, 0xa5, 0xb0, 0x4e, 0xf3, 0xa9, 0x4a, 0x82,
+        0xb9, 0x2c, 0x26, 0x07, 0x9c, 0x33, 0xc6, 0x68, 0xc2, 0xe0, 0xc0, 0x7d,
+        0x70, 0x48, 0x74, 0xb9, 0xf5, 0x1e, 0x6c, 0x15, 0x7f, 0xba, 0xe5, 0xa1,
+        0xb4, 0x36, 0x41, 0x20, 0xf4, 0x2d, 0x97, 0x27, 0x0b, 0x10, 0x30, 0x57,
+        0x7f, 0x38, 0x66, 0xe1, 0xc4, 0xf6, 0xa4, 0xc9, 0x8d, 0xbc, 0x2b, 0x4f,
+        0x14, 0xb3, 0xf0, 0x1e, 0x80, 0x70, 0xc0, 0x0f, 0x69, 0x06, 0xe7, 0x95,
+        0xd1, 0x53, 0x65, 0x49, 0x1c, 0xa8, 0xfa, 0x9e, 0x2b, 0xcc, 0x33, 0x71,
+        0x76, 0xa4, 0x0b, 0x4a, 0xc7, 0xea, 0xa0, 0xfa, 0x1b, 0x2b, 0xfb, 0xa5,
+        0x59, 0x06, 0x2a, 0xef, 0x4b, 0xbf, 0x05, 0x4b, 0x87, 0x70, 0x3c, 0xde,
+        0xc7, 0xb2, 0x4f, 0xf2, 0x5b, 0x1a, 0xbe, 0xda, 0x04, 0x31, 0x57, 0xff,
+        0xf2, 0xa5, 0x43, 0x12, 0xff, 0x8d, 0xf4, 0x99, 0x05, 0xe1, 0x34, 0xa9,
+        0xb9, 0x0a, 0xb3, 0x1f, 0x3d, 0x6d, 0x0d, 0xb7, 0xd3, 0x35, 0x0b, 0x04,
+        0x44, 0x77, 0x60, 0xc0, 0x96, 0x99, 0x7b, 0xa8, 0x8e, 0x79, 0x4a, 0x96,
+        0x24, 0xef, 0xb1, 0xf4, 0x8a, 0x2f, 0x3e, 0x08, 0xf3, 0x3d, 0xf2, 0xfe,
+        0x5f, 0x0a, 0xf7, 0x0a, 0xf5, 0xd8, 0xf2, 0xa0, 0x1b, 0xe7, 0x9e, 0xc9,
+        0x0b, 0xcf, 0x58, 0x97, 0x92, 0x90, 0xad, 0x3d, 0xfc, 0x42, 0xc1, 0x7f,
+        0x39, 0xe8, 0xd1, 0x35, 0x14, 0x8a, 0xb3, 0x77, 0xb1, 0xa9, 0xdb, 0xb4,
+        0x3a, 0x3d, 0xeb, 0x59, 0x0b, 0x5b, 0x3a, 0x63, 0x54, 0x70, 0xda, 0xf0,
+        0xf0, 0xb9, 0xe6, 0x07, 0x69, 0x27, 0x9d, 0xc6, 0xb6, 0x00, 0x2d, 0xd6,
+        0xc7, 0xd7, 0x2e, 0xf8, 0x9c, 0xfe, 0x4c, 0xfb, 0xc0, 0x7b, 0xbf, 0xa2,
+        0x25, 0xb8, 0x2a, 0x5c, 0x06, 0xca, 0x12, 0x2c, 0x96, 0xa4, 0x27, 0xa6,
+        0x73, 0x0b, 0xb8, 0x42, 0x93, 0x51, 0x87, 0xfe, 0xe6, 0x8f, 0xca, 0x00,
+        0x53, 0xdc, 0xc0, 0x38, 0x03, 0x9e, 0x66, 0x13, 0x84, 0x68, 0xe7, 0x04,
+        0x93, 0x79, 0x0c, 0x3e, 0x4c, 0x90, 0xe2, 0xf7, 0x81, 0x15, 0x49, 0x05,
+        0xe1, 0x8f, 0xe6, 0xfc, 0xc8, 0x40, 0xae, 0x3d, 0x7a, 0x16, 0xec, 0xc6,
+        0x39, 0xa5, 0x04, 0x95, 0x35, 0xac, 0xdd, 0x0d, 0x19, 0xd6, 0xa9, 0xd9,
+        0xd2, 0x53, 0x71, 0x31, 0x38, 0xa2, 0xf1, 0x9c, 0x13, 0x2c, 0x8c, 0x21,
+        0x9c, 0x3a, 0x1b, 0xf2, 0xd8, 0x4c, 0xeb, 0xe9, 0x8b, 0x27, 0x52, 0xd3,
+        0x6c, 0x01, 0xc0, 0x60, 0x32, 0x8c, 0x6e, 0xfb, 0xd6, 0xd6, 0x1b, 0xc6,
+        0x93, 0xff, 0xdc, 0xdb, 0x38, 0xf5, 0x0e, 0xd5, 0x15, 0xcd, 0x65, 0x76,
+        0x78, 0x42, 0x13, 0x37, 0x6b, 0x2e, 0xe8, 0xe2, 0x54, 0x4d, 0x45, 0x34,
+        0x73, 0x1b, 0x61, 0x35, 0x2c, 0xf7, 0x20, 0x3e, 0xe9, 0x7c, 0xf0, 0xf3,
+        0xba, 0x41, 0xfc, 0x49, 0xe4, 0x5d, 0xd4, 0xb8, 0x07, 0x15, 0x7b, 0x16,
+        0xc7, 0x7f, 0x78, 0xef, 0xd6, 0x53, 0x3f, 0xe4, 0xa6, 0x33, 0xcf, 0xcc,
+        0x78, 0x53, 0x0c, 0x59, 0xf7, 0x28, 0xa5, 0x83, 0x2b, 0x5a, 0xd3, 0xd6,
+        0xb7, 0xb2, 0xd1, 0x73, 0x63, 0xa9, 0xad, 0x16, 0xf2, 0xed, 0x48, 0x6e,
+        0x88, 0x22, 0xbd, 0x16, 0x9d, 0x6a, 0xc2, 0x48, 0x83, 0xdf, 0x40, 0xb7,
+        0x0a, 0x50, 0x23, 0x3d, 0x58, 0x50, 0x00, 0x02, 0x04, 0xd2, 0x31, 0x72,
+        0x28, 0x7b, 0x10, 0x96, 0xe0, 0xe7, 0x3f, 0xe0, 0xd0, 0x61, 0x70, 0x5c,
+        0x0a, 0xdb, 0xc0, 0x7b, 0xea, 0xef, 0xba, 0xc0, 0x90, 0xe0, 0xf9, 0x0e,
+        0x83, 0x8c, 0x3b, 0x05, 0x2b, 0xb6, 0xcb, 0xbb, 0x37, 0xa1, 0xd3, 0x28,
+        0x02, 0x40, 0xe3, 0x76, 0xbf, 0x27, 0x0b, 0x4f, 0x82, 0xb9, 0x22, 0xee,
+        0x0b, 0x3a, 0xcb, 0xcc, 0x56, 0x13, 0x51, 0xb8, 0xb6, 0x2d, 0xd3, 0x6c,
+        0x96, 0x10, 0xd9, 0x51, 0x24, 0x7b, 0x2b, 0xb8, 0x7b, 0xbd, 0x8d, 0xd9,
+        0xf2, 0x50, 0x61, 0xbb, 0x0c, 0xb7, 0x71, 0x65, 0x3a, 0x25, 0x18, 0x09,
+        0x1a, 0x9d, 0x41, 0xf4, 0xdb, 0x5a, 0x1c, 0x61, 0x0a, 0xbb, 0x43, 0x27,
+        0x8a, 0xa8, 0x83, 0x60, 0x8c, 0x5d, 0x4c, 0x9b, 0xa9, 0xe5, 0xa7, 0x67,
+        0x99, 0x98, 0xdc, 0x7a, 0x3a, 0x55, 0x0d, 0x25, 0x69, 0x47, 0x21, 0xb1,
+        0xd7, 0x0c, 0x0c, 0x43, 0x58, 0xc9, 0xbf, 0x74, 0x91, 0x1b, 0x2b, 0xf3,
+        0x29, 0x8d, 0x10, 0x41, 0xaf, 0xdd, 0x42, 0x0a, 0x71, 0xe3, 0xb8, 0x4d,
+        0x3a, 0xf3, 0x9c, 0x5a, 0x46, 0x4e, 0x70, 0xbe, 0xdb, 0x0d, 0x03, 0xee,
+        0xcb, 0xfb, 0x61, 0x45, 0xbd, 0x25, 0xb4, 0x72, 0xd1, 0x51, 0x03, 0x19,
+        0x82, 0x53, 0x83, 0x18, 0xab, 0xa3, 0x6c, 0x9e, 0xa2, 0xe9, 0x15, 0xb1,
+        0x74, 0x61, 0xa1, 0xaf, 0x09, 0x4b, 0x4a, 0x34, 0x9b, 0xd0, 0xd2, 0x80,
+        0x43, 0xd9, 0x90, 0x53, 0x71, 0x38, 0xb9, 0x80, 0x58, 0x1b, 0x9f, 0x9e,
+        0xfe, 0x07, 0x1b, 0x33, 0x24, 0xb2, 0x58, 0x7f, 0x01, 0xbe, 0xe8, 0x25,
+        0x53, 0x08, 0x06, 0x77, 0x7d, 0x5a, 0x16, 0x83, 0x67, 0x91, 0x0b, 0xa2,
+        0xd2, 0x1e, 0x5f, 0x9c, 0x39, 0xda, 0x57, 0xbc, 0x67, 0xc5, 0x39, 0xbe,
+        0xb9, 0x73, 0x03, 0x19, 0x97, 0x34, 0x4f, 0x1e, 0x6b, 0x4d, 0x87, 0xef,
+        0x79, 0x4f, 0xd1, 0xdd, 0x80, 0x13, 0xbe, 0x3b, 0x0f, 0xea, 0x77, 0x9a,
+        0x1a, 0x46, 0x63, 0xc5, 0x2f, 0x93, 0xfe, 0x18, 0x71, 0xfb, 0x70, 0xbf,
+        0x85, 0x3b, 0x3e, 0x54, 0xe6, 0xf8, 0xe0, 0xb9, 0xd0, 0x9d, 0xf5, 0x2b,
+        0x12, 0x22, 0x39, 0x6a, 0x8d, 0x13, 0xa1, 0x3a, 0x95, 0xd0, 0xe7, 0x07,
+        0xa4, 0x2c, 0x33, 0xba, 0x43, 0x1d, 0xd8, 0xb5, 0xd0, 0x8e, 0x6c, 0x85,
+        0x6f, 0xf8, 0x8f, 0xd3, 0x72, 0x65, 0xc1, 0xff, 0x8f, 0xf6, 0xb5, 0x19,
+        0x59, 0x34, 0xf9, 0xe8, 0xdb, 0xf3, 0x10, 0x68, 0xbd, 0xd5, 0x59, 0xf7,
+        0xe5, 0xf2, 0x84, 0x98, 0x8d, 0xd6, 0x6f, 0xcc, 0xde, 0xc5, 0xee, 0xf7,
+        0x16, 0xca, 0xec, 0xc4, 0x00, 0x89, 0x2e, 0x0d, 0x0d, 0xb6, 0xa8, 0xe0,
+        0x9a, 0xb0, 0xe5, 0x8e, 0xb6, 0x64, 0x47, 0x7d, 0x01, 0x59, 0x8a, 0x90,
+        0xa6, 0x9b, 0x2b, 0x63, 0xad, 0x70, 0xc8, 0x07, 0x36, 0x3e, 0xa9, 0x8f,
+        0xd9, 0xc2, 0xf7, 0x4b, 0xec, 0x95, 0x53, 0xec, 0x6b, 0x2d, 0x1f, 0xb5,
+        0x91, 0xbf, 0x9f, 0xc5, 0x85, 0x61, 0x3a, 0xc7, 0x5c, 0x15, 0x2a, 0x0b,
+        0x4b, 0x3c, 0x38, 0x6d, 0xc9, 0x2c, 0x91, 0x11, 0xc6, 0x6b, 0x44, 0x71,
+        0x9f, 0x89, 0xd5, 0xde, 0x27, 0x99, 0x81, 0xa2, 0x59, 0x8b, 0x57, 0x97,
+        0x83, 0x46, 0x33, 0xe1, 0x8c, 0xdf, 0xcf, 0x5b, 0x6b, 0xb3, 0x0e, 0x17,
+        0x1a, 0xb8, 0x7d, 0x6e, 0x71, 0xe5, 0xc8, 0x4c, 0xa9, 0xe2, 0x52, 0x81,
+        0xf6, 0x2f, 0x3a, 0xef, 0x5a, 0x1b, 0x6b, 0x7b, 0x61, 0x51, 0xcb, 0xd5,
+        0x7b, 0x5f, 0xf0, 0x1c, 0xb8, 0xeb, 0x9a, 0xe4, 0x0a, 0x6e, 0x53, 0x59,
+        0x2e, 0x2d, 0x78, 0x27, 0xb7, 0x47, 0x35, 0x1a, 0x01, 0x25, 0x0a, 0xcc,
+        0x67, 0xae, 0xda, 0xaf, 0xfe, 0x22, 0x63, 0xe8, 0xa2, 0x1c, 0x34, 0xe6,
+        0x6b, 0x73, 0xcf, 0x6f, 0x3e, 0x0a, 0x4a, 0x36, 0xbc, 0xda, 0x43, 0xbc,
+        0x5e, 0x9c, 0x91, 0xe4, 0x8b, 0x34, 0x2e, 0x09, 0x87, 0x69, 0x96, 0x93,
+        0xb4, 0xff, 0x97, 0xbc, 0x4e, 0xd6, 0xa2, 0xb4, 0x16, 0x78, 0x7c, 0x62,
+        0xd0, 0x78, 0x3f, 0x37, 0xdb, 0xf2, 0x92, 0xad, 0x9b, 0x51, 0x77, 0x08,
+        0x19, 0xd2, 0x09, 0x12, 0xf7, 0x52, 0xe8, 0xc8, 0xb2, 0xfb, 0x6f, 0xcd,
+        0x05, 0x5b, 0xd2, 0x8e, 0x0d, 0x6e, 0x0c, 0x16, 0x5b, 0x8a, 0xc2, 0x09,
+        0x13, 0x3b, 0x69, 0x85, 0xbd, 0xc0, 0xcc, 0x2b, 0x48, 0x65, 0xa7, 0xc1,
+        0xc3, 0xe0, 0xea, 0x14, 0x67, 0x6f, 0xa4, 0xb8, 0xc6, 0xf0, 0x12, 0x3e,
+        0x96, 0x0d, 0x23, 0x2b, 0x37, 0x87, 0x8d, 0xc8, 0xf7, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x03, 0x0b, 0x13, 0x1a, 0x1d, 0x25
+#else
     0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc,
     0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e,
     0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2,
@@ -41364,7 +43807,8 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
     0x6b, 0x79, 0x7b, 0xc7, 0xcd, 0xef, 0x21, 0x2a, 0x50, 0x7e,
     0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28,
+    0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28
+#endif
     };
 
     return dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
@@ -41377,6 +43821,224 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
 static wc_test_ret_t dilithium_param_87_vfy_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = {
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        0x8a, 0x66, 0xe3, 0x6e, 0x3c, 0x11, 0x70, 0x9f, 0x82, 0xdd, 0xeb, 0x9e,
+        0xc0, 0xd7, 0x25, 0x87, 0x0c, 0x65, 0x07, 0x9d, 0x47, 0x39, 0x5d, 0x04,
+        0x42, 0x5c, 0xd6, 0x0a, 0xdc, 0x39, 0x44, 0x04, 0xd9, 0x79, 0x43, 0x87,
+        0x98, 0x64, 0x88, 0x82, 0x3a, 0x31, 0xbd, 0xec, 0x66, 0xcb, 0x01, 0x90,
+        0xf9, 0x85, 0xcc, 0xde, 0x54, 0x69, 0x7d, 0x84, 0xb3, 0x84, 0x3c, 0x42,
+        0x0d, 0x09, 0x63, 0xdb, 0xe6, 0x5d, 0xc2, 0x8a, 0xcf, 0xe1, 0xf4, 0x86,
+        0x13, 0x05, 0x09, 0x9a, 0x4d, 0x05, 0xd4, 0x31, 0xe7, 0x27, 0x39, 0xfd,
+        0x3a, 0xdb, 0x63, 0x9f, 0x1c, 0x67, 0x0b, 0x01, 0xec, 0xf9, 0xff, 0xf3,
+        0xda, 0xa9, 0xf4, 0x9a, 0x59, 0x52, 0x76, 0xc2, 0xd2, 0xd5, 0xdd, 0x8d,
+        0xb1, 0xa2, 0xef, 0xb3, 0x73, 0x99, 0xe3, 0xcd, 0x1c, 0xf5, 0xca, 0x6e,
+        0x39, 0xfa, 0x26, 0x83, 0x45, 0xe7, 0xd0, 0x9c, 0x1b, 0xf7, 0xb2, 0x64,
+        0xf1, 0x70, 0x00, 0x10, 0xc0, 0x7c, 0x7f, 0xb2, 0x32, 0xce, 0x6d, 0x71,
+        0xa5, 0x43, 0x7c, 0x40, 0x71, 0x09, 0x54, 0x74, 0xac, 0xb5, 0xeb, 0xe0,
+        0x04, 0x02, 0xe5, 0x82, 0x4d, 0x5a, 0x85, 0x1e, 0x19, 0x86, 0x39, 0x33,
+        0x92, 0x2f, 0xa9, 0xa8, 0x10, 0xd2, 0x31, 0x60, 0x16, 0x08, 0x99, 0xe3,
+        0x2c, 0x93, 0x13, 0xc4, 0x4b, 0x10, 0xe0, 0x42, 0xca, 0x3f, 0x32, 0xa7,
+        0xa4, 0xd2, 0xfc, 0x9c, 0x93, 0xb6, 0x5f, 0xe2, 0x5b, 0x6e, 0x40, 0x0c,
+        0x63, 0xf8, 0xf8, 0xe1, 0x2d, 0xcd, 0x86, 0x07, 0x79, 0xdb, 0x61, 0xad,
+        0x24, 0xfd, 0x1e, 0x66, 0x3e, 0x8d, 0x76, 0xba, 0x98, 0x8e, 0x94, 0xc7,
+        0x57, 0xb1, 0x65, 0xce, 0x4f, 0x97, 0xfa, 0x34, 0x7c, 0x97, 0x6b, 0xcd,
+        0x3c, 0x42, 0x81, 0xa4, 0xd1, 0x75, 0xeb, 0x6d, 0x0c, 0x31, 0x0e, 0x6f,
+        0xd5, 0x75, 0xe7, 0xff, 0x83, 0xdd, 0x7a, 0x4d, 0x83, 0x67, 0xa7, 0x4b,
+        0xc1, 0x74, 0xad, 0x37, 0x38, 0x99, 0xe0, 0xf5, 0x5a, 0x44, 0x36, 0xa2,
+        0x20, 0x2b, 0xfc, 0xc9, 0xfa, 0x68, 0xcb, 0xf0, 0x6f, 0x0a, 0x46, 0x1d,
+        0xb5, 0xca, 0x5b, 0x96, 0x1b, 0x3a, 0xaf, 0x7d, 0x01, 0x7a, 0xd2, 0x09,
+        0xcc, 0xd4, 0xe4, 0xb1, 0x49, 0x34, 0x56, 0x68, 0x9c, 0x0f, 0x23, 0xe9,
+        0xb3, 0x4b, 0xed, 0x3d, 0xe7, 0x8d, 0x19, 0x6e, 0xe6, 0xfa, 0x06, 0x55,
+        0xb8, 0x06, 0x4d, 0xa8, 0x45, 0x20, 0x91, 0xf7, 0xfa, 0x0b, 0x6b, 0xce,
+        0x55, 0xa7, 0x14, 0x1b, 0xf9, 0xea, 0xc5, 0x79, 0x78, 0xf7, 0x3a, 0xd9,
+        0xfc, 0x07, 0x43, 0x06, 0x90, 0x94, 0x5e, 0xc9, 0x48, 0x51, 0xe5, 0x96,
+        0x68, 0x78, 0xc8, 0xcb, 0xd1, 0xf3, 0x65, 0xef, 0x14, 0x91, 0xa3, 0xca,
+        0x8b, 0x77, 0x40, 0x84, 0xf4, 0x2e, 0xe7, 0x56, 0xe3, 0xab, 0xa0, 0xa8,
+        0x61, 0x93, 0x17, 0x95, 0x9e, 0xff, 0x3a, 0xd4, 0x12, 0xea, 0x13, 0xe6,
+        0x82, 0x16, 0xed, 0x14, 0x70, 0x91, 0xcc, 0x72, 0x58, 0x99, 0xa1, 0x7f,
+        0xf3, 0x84, 0x10, 0xf4, 0x01, 0x0d, 0x05, 0x45, 0x4d, 0xca, 0x05, 0x03,
+        0x75, 0x7e, 0xbb, 0x44, 0x2e, 0xf5, 0xee, 0xed, 0x64, 0x9b, 0xd3, 0xde,
+        0x3e, 0xfc, 0x31, 0x8c, 0xca, 0x23, 0x66, 0x25, 0xac, 0x5f, 0x0f, 0x33,
+        0x0f, 0xd2, 0xe9, 0xc9, 0x96, 0x2a, 0xe2, 0xb8, 0xed, 0x93, 0xd3, 0x78,
+        0xd8, 0x81, 0xe4, 0x52, 0x9a, 0xc6, 0x64, 0x1d, 0x2d, 0x5f, 0x93, 0x9a,
+        0x2e, 0x73, 0xc4, 0x17, 0xae, 0xc6, 0x08, 0x0d, 0x2d, 0xe9, 0x4b, 0x10,
+        0x29, 0xa8, 0x4e, 0x8c, 0x08, 0x59, 0x87, 0x10, 0x0d, 0x5d, 0xfa, 0xec,
+        0xd6, 0x42, 0xf6, 0x5c, 0xa4, 0x0d, 0xaa, 0x64, 0x8e, 0x20, 0xa5, 0x50,
+        0x9f, 0x0b, 0x85, 0x37, 0x57, 0x15, 0x7c, 0xb1, 0xe4, 0xdd, 0xd5, 0x19,
+        0x3b, 0x10, 0x7d, 0x22, 0xdb, 0x53, 0x8b, 0x7b, 0x32, 0xf7, 0xf2, 0x24,
+        0x92, 0xb2, 0x05, 0xd1, 0xfd, 0xfc, 0x11, 0xd6, 0xfd, 0x3c, 0x8d, 0xd7,
+        0xb0, 0x58, 0x50, 0x06, 0x84, 0x61, 0xa6, 0x78, 0x04, 0x1d, 0x7f, 0x92,
+        0x0e, 0x8b, 0xb3, 0x63, 0x43, 0xc5, 0x30, 0x4c, 0xce, 0x2b, 0x44, 0x70,
+        0x53, 0x7c, 0xb5, 0xbd, 0x30, 0xcb, 0x41, 0x19, 0x27, 0x69, 0xfe, 0x41,
+        0x92, 0xae, 0xf0, 0x37, 0x33, 0xf0, 0x95, 0xe4, 0xe8, 0x4f, 0x75, 0x41,
+        0x64, 0x87, 0xc5, 0x68, 0xd3, 0xce, 0xfa, 0xaa, 0xe8, 0x59, 0x88, 0xfe,
+        0x24, 0x46, 0x27, 0x60, 0x71, 0x36, 0x78, 0x66, 0x3c, 0x36, 0x8e, 0xdb,
+        0x90, 0x67, 0xa5, 0x6a, 0xfe, 0xd3, 0x23, 0x28, 0x91, 0x34, 0x24, 0x67,
+        0x4b, 0x01, 0x6a, 0x0e, 0x02, 0xb7, 0xf0, 0xa8, 0xd4, 0x76, 0xd5, 0xa8,
+        0x1c, 0xd3, 0xb3, 0x7d, 0x74, 0xc6, 0x17, 0x96, 0xa7, 0xf9, 0xad, 0x24,
+        0x36, 0xd2, 0xeb, 0x34, 0x5a, 0xcc, 0x9c, 0x01, 0x99, 0xbe, 0x21, 0x4f,
+        0x27, 0x9d, 0x6b, 0xca, 0x27, 0x1b, 0x60, 0x51, 0x41, 0x23, 0xe1, 0xcb,
+        0xfc, 0x17, 0x2e, 0x1a, 0x4d, 0x3d, 0x51, 0xb3, 0x91, 0x8c, 0x53, 0x4d,
+        0xd7, 0xbc, 0xa4, 0x07, 0xd7, 0x17, 0x19, 0x18, 0x61, 0x38, 0x4e, 0x05,
+        0x81, 0x3f, 0x43, 0x8a, 0x00, 0x60, 0xdc, 0x30, 0xf4, 0x38, 0x3f, 0x93,
+        0x82, 0x10, 0x29, 0x73, 0xa9, 0xbd, 0x63, 0x15, 0x7d, 0xac, 0x2e, 0xc9,
+        0x05, 0xc1, 0x01, 0x41, 0x18, 0x5a, 0xc0, 0xc8, 0xc7, 0x81, 0x69, 0xe7,
+        0x24, 0x21, 0x57, 0xaf, 0x88, 0x73, 0x7c, 0x53, 0x29, 0xae, 0x5a, 0xdf,
+        0x76, 0x37, 0x56, 0x4f, 0x1f, 0x6b, 0xfd, 0x71, 0xbb, 0x80, 0x4a, 0xd7,
+        0x53, 0x50, 0x10, 0x2d, 0xfc, 0x1a, 0xaf, 0x7c, 0x1f, 0xe8, 0xd0, 0x6c,
+        0xa6, 0x45, 0x3d, 0xb5, 0x3d, 0xb2, 0xfc, 0x97, 0xa9, 0xbf, 0x7c, 0x0f,
+        0x32, 0x7a, 0xcc, 0xa9, 0x2f, 0xd0, 0xc6, 0xe6, 0xcd, 0x04, 0x1d, 0x71,
+        0x91, 0xb9, 0x59, 0x4b, 0xad, 0xa0, 0xde, 0x9e, 0xdc, 0x9c, 0x10, 0xeb,
+        0x8d, 0xd6, 0x65, 0x57, 0xbc, 0x96, 0xfd, 0x0f, 0xcc, 0x73, 0xbe, 0x39,
+        0x27, 0x99, 0x94, 0xf5, 0xe1, 0xbb, 0x32, 0xcd, 0x27, 0x7e, 0x08, 0xa0,
+        0xd2, 0x92, 0x39, 0xeb, 0x71, 0xc8, 0xe8, 0x34, 0x57, 0x34, 0x4b, 0x20,
+        0x3f, 0xe2, 0x68, 0xec, 0xc0, 0x8a, 0x71, 0xa3, 0x16, 0xa2, 0x91, 0x77,
+        0xde, 0x41, 0x12, 0xa5, 0xf5, 0x2a, 0x63, 0x60, 0x55, 0xd0, 0x33, 0xa4,
+        0xa7, 0x2e, 0xcb, 0x80, 0x08, 0xe5, 0x76, 0x16, 0x75, 0x04, 0x57, 0xe3,
+        0x14, 0x71, 0x4e, 0x57, 0x29, 0x23, 0x0e, 0xc0, 0xcc, 0xad, 0xba, 0xdc,
+        0x96, 0x5d, 0x23, 0x49, 0x42, 0xd8, 0x91, 0x08, 0x0d, 0x52, 0xf4, 0x5f,
+        0xcd, 0xb7, 0x03, 0xaa, 0x73, 0x26, 0xa8, 0xd5, 0x5b, 0x0c, 0x85, 0xc8,
+        0x84, 0x50, 0x9e, 0x70, 0x18, 0x45, 0x27, 0x82, 0x20, 0x75, 0xad, 0x52,
+        0x5c, 0x80, 0x4b, 0xb1, 0x0b, 0x3b, 0x30, 0x39, 0x02, 0x54, 0x18, 0x5d,
+        0x02, 0x9e, 0x85, 0x31, 0x4a, 0x07, 0x9c, 0x59, 0x5d, 0xab, 0x13, 0x4f,
+        0x8f, 0x6e, 0x39, 0x20, 0xb2, 0xc5, 0x31, 0x93, 0xc6, 0xcc, 0xfb, 0xdc,
+        0x15, 0xba, 0x3d, 0xcc, 0xbb, 0xd2, 0x6f, 0x04, 0x21, 0xdf, 0x0b, 0x27,
+        0x5c, 0xd2, 0x6e, 0xfa, 0xda, 0x86, 0x5d, 0xe4, 0xca, 0xa4, 0x90, 0x22,
+        0xa2, 0x80, 0xb5, 0x33, 0x17, 0xdb, 0x9b, 0x7b, 0x0a, 0xcc, 0x0f, 0x9b,
+        0x38, 0x06, 0xdf, 0x10, 0x11, 0xa1, 0xd7, 0x2c, 0x24, 0xf0, 0xa8, 0x34,
+        0x24, 0xfb, 0x99, 0xba, 0x0a, 0xb5, 0xa1, 0x94, 0x6c, 0x2d, 0xf8, 0xda,
+        0x74, 0xaf, 0x19, 0x59, 0x84, 0xb2, 0x68, 0x1c, 0xef, 0xa1, 0xf5, 0x18,
+        0x8f, 0x10, 0xf6, 0xb3, 0x6d, 0x33, 0x87, 0xe0, 0x25, 0xc8, 0x65, 0x5c,
+        0x2f, 0x51, 0x07, 0x83, 0x69, 0x1b, 0xce, 0xa8, 0xe6, 0xe4, 0x27, 0x62,
+        0x5d, 0x9b, 0x7f, 0xa7, 0x07, 0xc8, 0x54, 0x86, 0x90, 0xa5, 0x06, 0x6a,
+        0x94, 0x80, 0x84, 0x97, 0xaa, 0x2a, 0xb9, 0x79, 0xe5, 0x19, 0x7a, 0x91,
+        0xef, 0x8b, 0x58, 0xdc, 0xf9, 0x90, 0x94, 0xa2, 0x25, 0x4c, 0x69, 0xd8,
+        0x6e, 0x9e, 0xad, 0xf8, 0x82, 0x17, 0x37, 0xc9, 0x20, 0x15, 0x24, 0x40,
+        0xe5, 0xc6, 0xc1, 0xc7, 0xbd, 0xd4, 0x62, 0xff, 0x16, 0x6d, 0xa5, 0xec,
+        0xe9, 0x67, 0x41, 0x9d, 0x3e, 0xfb, 0x22, 0x81, 0x80, 0x61, 0x37, 0x45,
+        0xa5, 0x9f, 0x70, 0xff, 0xd4, 0x99, 0x3d, 0x79, 0x45, 0xd0, 0x27, 0xc2,
+        0x32, 0xbe, 0xd4, 0xe2, 0x53, 0xa8, 0x8c, 0x94, 0x8b, 0xbe, 0x8a, 0x43,
+        0xf7, 0x2a, 0x28, 0x49, 0xf4, 0xce, 0x2e, 0x0b, 0x98, 0xc7, 0xaf, 0x7d,
+        0x51, 0x2e, 0xda, 0xd0, 0x7a, 0xfa, 0x91, 0x3a, 0xe6, 0xe7, 0x64, 0xd6,
+        0x09, 0xd8, 0x5d, 0x6a, 0x97, 0xcf, 0x89, 0x96, 0x72, 0x21, 0x97, 0x61,
+        0xc5, 0x1b, 0xd8, 0xa1, 0xf0, 0xcd, 0x9d, 0xe4, 0xe9, 0x13, 0xd0, 0x16,
+        0x41, 0x20, 0xa4, 0x2c, 0x33, 0xf5, 0x3d, 0xfe, 0x80, 0xe8, 0xb2, 0x52,
+        0x0e, 0x18, 0x31, 0x19, 0x50, 0xeb, 0xc6, 0x99, 0x43, 0xab, 0x9a, 0x59,
+        0x5d, 0x6c, 0x84, 0x00, 0x88, 0x45, 0x7c, 0x73, 0xdf, 0x56, 0x61, 0x3a,
+        0xe1, 0x55, 0xb8, 0x59, 0x13, 0xcc, 0x0e, 0x53, 0xe9, 0xf4, 0x74, 0xa0,
+        0xf2, 0x15, 0xd2, 0xa8, 0xf9, 0xd4, 0x0d, 0x3d, 0xe7, 0x3d, 0x7d, 0x5b,
+        0x19, 0x89, 0x8b, 0x2c, 0x4d, 0x8a, 0xeb, 0xc3, 0x43, 0x31, 0x9a, 0x45,
+        0x72, 0x5b, 0x25, 0xb6, 0xa2, 0xc1, 0x98, 0xe3, 0x8a, 0xd4, 0x90, 0xd0,
+        0x3e, 0x13, 0xf0, 0xd7, 0x90, 0x34, 0x94, 0xcc, 0xf1, 0x0a, 0xa9, 0x30,
+        0xd1, 0x95, 0x43, 0x07, 0xcd, 0xd2, 0xca, 0xb0, 0xe5, 0xd4, 0xf1, 0xa1,
+        0xc5, 0x9b, 0xf4, 0x98, 0x28, 0xba, 0xde, 0x40, 0xd6, 0x98, 0x98, 0x20,
+        0x9c, 0x84, 0x9e, 0xc6, 0x57, 0xd8, 0x84, 0xc4, 0xa2, 0x9b, 0x53, 0x50,
+        0xa5, 0xa6, 0x0b, 0x47, 0xe8, 0x08, 0x7d, 0xd7, 0x09, 0xa4, 0x0c, 0x2b,
+        0x27, 0xde, 0xf9, 0x78, 0xbc, 0xa4, 0xb6, 0xc6, 0x1b, 0xda, 0xce, 0x6a,
+        0xf8, 0x1a, 0xf5, 0xfe, 0x7b, 0xab, 0x58, 0x7c, 0xdc, 0x72, 0x02, 0x94,
+        0x99, 0xf0, 0x3c, 0x37, 0x87, 0x5b, 0xd2, 0x4b, 0x5a, 0x80, 0x83, 0xd7,
+        0xfc, 0x9d, 0xa7, 0x51, 0x81, 0xb8, 0x62, 0xff, 0x4b, 0xb3, 0x9f, 0x07,
+        0xc3, 0x54, 0xfb, 0x41, 0x85, 0x42, 0x9d, 0xac, 0x27, 0x81, 0x2e, 0xaf,
+        0x98, 0x67, 0x8c, 0x23, 0xad, 0x45, 0xfe, 0x6a, 0x57, 0x9f, 0x18, 0xc5,
+        0x71, 0x8c, 0xad, 0x3f, 0x30, 0x3c, 0xaa, 0x47, 0x8d, 0xba, 0xc8, 0x7f,
+        0x03, 0x1c, 0x86, 0xee, 0xba, 0x3f, 0x59, 0x45, 0xd4, 0xd0, 0xf5, 0x54,
+        0x9e, 0xcb, 0x08, 0xcf, 0xca, 0x40, 0x0a, 0x06, 0xc0, 0x1e, 0x60, 0x1f,
+        0x33, 0xbf, 0x2c, 0xa8, 0x5f, 0xce, 0x23, 0xa0, 0xe2, 0x1c, 0x2d, 0x56,
+        0x2a, 0x44, 0x61, 0x58, 0xf1, 0x84, 0x63, 0x4f, 0x0d, 0x5e, 0xfb, 0x83,
+        0x0f, 0x36, 0x1b, 0xf4, 0x8f, 0x17, 0x82, 0x2e, 0x04, 0x2c, 0x77, 0x9d,
+        0x32, 0x58, 0xb8, 0xb0, 0xf9, 0x44, 0xd2, 0xf6, 0x84, 0xa4, 0x8b, 0x28,
+        0x53, 0xd6, 0x99, 0x81, 0x84, 0x43, 0xf0, 0xc1, 0x15, 0xc6, 0x74, 0x4f,
+        0xab, 0x05, 0xcc, 0x80, 0xdf, 0xef, 0xcf, 0xaf, 0x14, 0x82, 0xdf, 0x51,
+        0x7c, 0x28, 0x5e, 0x5b, 0x27, 0x5e, 0x91, 0x8b, 0x54, 0x3d, 0x54, 0x26,
+        0xb0, 0x3f, 0xd7, 0xc5, 0xce, 0xf3, 0x6d, 0x2c, 0x12, 0xc6, 0xb4, 0x48,
+        0x60, 0x11, 0x9c, 0xef, 0x29, 0x98, 0x9c, 0x76, 0x4e, 0x73, 0x2b, 0xd2,
+        0x23, 0x53, 0x7d, 0x03, 0xc2, 0x2f, 0x8a, 0xa1, 0xe2, 0x84, 0x54, 0x2d,
+        0xd8, 0xc6, 0x55, 0x77, 0x9d, 0x07, 0x67, 0x1f, 0x1a, 0xd3, 0x57, 0x4c,
+        0x25, 0x79, 0x8f, 0xd8, 0x82, 0xc2, 0x4d, 0x87, 0x84, 0x33, 0xdc, 0x47,
+        0xed, 0x9e, 0xfb, 0xd2, 0x62, 0xc8, 0x50, 0x76, 0xda, 0x3c, 0x3c, 0x05,
+        0x0e, 0x2d, 0x30, 0x56, 0xca, 0x4d, 0x6a, 0xe2, 0x17, 0x24, 0x26, 0x9c,
+        0xff, 0x09, 0xec, 0xb3, 0x94, 0xec, 0xab, 0x69, 0xb2, 0xf0, 0xa5, 0x66,
+        0x18, 0x92, 0x49, 0x6b, 0x90, 0xf5, 0x77, 0x5a, 0x18, 0xe5, 0x51, 0x36,
+        0x4a, 0x35, 0x54, 0x98, 0x48, 0x04, 0xa9, 0x0f, 0xcb, 0x55, 0xf1, 0x71,
+        0xad, 0x1a, 0x4a, 0x2c, 0x0e, 0x5d, 0x5e, 0x77, 0x47, 0xf5, 0x46, 0x17,
+        0x6b, 0x94, 0x2a, 0xbc, 0x40, 0xe5, 0xa7, 0xa6, 0x88, 0x41, 0x76, 0x22,
+        0x47, 0xd1, 0xe8, 0x2b, 0x18, 0x48, 0x21, 0xc0, 0xe8, 0x4f, 0xe2, 0xb2,
+        0x7e, 0x03, 0xbb, 0x25, 0x9c, 0xc8, 0x68, 0x66, 0x48, 0x25, 0x6a, 0xf2,
+        0x64, 0x29, 0xec, 0x79, 0xba, 0xdb, 0x34, 0xe1, 0xd4, 0xf9, 0x52, 0x0e,
+        0xfd, 0x8d, 0x86, 0x94, 0x71, 0xd8, 0xe0, 0x86, 0x02, 0x9b, 0xd4, 0x65,
+        0x69, 0x5e, 0x01, 0x32, 0x87, 0x59, 0xd8, 0x6c, 0xbc, 0x8a, 0x9f, 0x58,
+        0x28, 0x8c, 0x97, 0xef, 0x33, 0xb2, 0xda, 0x45, 0xa0, 0xec, 0xe5, 0x5b,
+        0xac, 0xc6, 0x65, 0xc1, 0xb6, 0xcb, 0xf7, 0x85, 0x0e, 0xfa, 0x78, 0x36,
+        0x30, 0x84, 0x90, 0xa8, 0xf8, 0x42, 0x25, 0xa5, 0xdd, 0xdc, 0xdc, 0x89,
+        0xd3, 0xf0, 0x73, 0x9a, 0xd8, 0x95, 0x8f, 0x04, 0xbf, 0xc1, 0xfd, 0x94,
+        0xff, 0xe6, 0xf8, 0x4e, 0xc6, 0x43, 0xc9, 0x60, 0x30, 0xe9, 0x68, 0xa8,
+        0x76, 0xfb, 0xfa, 0xdf, 0xc0, 0x9b, 0xbc, 0xbc, 0x34, 0xe4, 0x38, 0xfd,
+        0x93, 0xb0, 0x47, 0xb2, 0x3e, 0x83, 0x6c, 0xef, 0xe1, 0xaf, 0x35, 0xb4,
+        0x90, 0x2a, 0x32, 0xaf, 0x25, 0x3f, 0x3e, 0x72, 0x61, 0xc0, 0x0f, 0x29,
+        0xbb, 0x46, 0x6e, 0x2e, 0x94, 0x7d, 0xdd, 0xb7, 0x67, 0x1f, 0x7b, 0x64,
+        0xcb, 0xa5, 0x9a, 0x58, 0x63, 0x20, 0xa7, 0xc0, 0x94, 0xa9, 0xad, 0x90,
+        0x7d, 0xf3, 0x2b, 0x61, 0x2b, 0x64, 0x3d, 0x8a, 0xc3, 0xd1, 0xcb, 0xad,
+        0x36, 0x44, 0xe6, 0x29, 0x8b, 0x3d, 0x95, 0x7c, 0xa7, 0xa2, 0xfa, 0x1b,
+        0x16, 0x8d, 0x9e, 0xc4, 0xf8, 0x4c, 0x76, 0x20, 0x00, 0x68, 0x07, 0x99,
+        0x9c, 0x60, 0xe6, 0x16, 0x6a, 0x6f, 0x8a, 0xbe, 0x71, 0x95, 0xa1, 0xcb,
+        0xfe, 0x7c, 0x41, 0x59, 0x61, 0x20, 0xf9, 0x54, 0x3c, 0xb1, 0x19, 0x5c,
+        0x42, 0x67, 0x3f, 0xff, 0xf3, 0x32, 0x21, 0x9c, 0x9e, 0x88, 0xf9, 0x97,
+        0x00, 0x43, 0x73, 0x4a, 0xfc, 0x54, 0xeb, 0x27, 0x79, 0x14, 0x85, 0xd3,
+        0xdc, 0x47, 0xb3, 0x6d, 0x24, 0xd3, 0xf7, 0x7a, 0xfb, 0x90, 0x7c, 0x6e,
+        0xcd, 0x4e, 0xbf, 0x26, 0x76, 0xd2, 0xe8, 0xcc, 0x67, 0xd1, 0x23, 0x3c,
+        0x94, 0x16, 0x1e, 0x07, 0x36, 0x7c, 0x96, 0xf6, 0xe8, 0x50, 0x72, 0x26,
+        0x56, 0x67, 0x89, 0xa9, 0x11, 0xfb, 0x1d, 0xb8, 0xb9, 0x2a, 0x55, 0xb7,
+        0x85, 0xf7, 0x40, 0xa2, 0xfc, 0x9f, 0x30, 0xec, 0x8f, 0x9a, 0x1c, 0xc8,
+        0xe4, 0xc5, 0x1f, 0xcb, 0x0a, 0x60, 0x80, 0x41, 0xec, 0x88, 0x8a, 0xda,
+        0x7c, 0x7a, 0xa1, 0x96, 0x51, 0x62, 0x16, 0x63, 0x75, 0x36, 0x28, 0x7c,
+        0xc9, 0xd0, 0x27, 0x0c, 0x9e, 0x18, 0x4a, 0x82, 0xf7, 0x02, 0xb9, 0x40,
+        0x8f, 0xd5, 0x97, 0x7a, 0x35, 0xa9, 0x3a, 0xb3, 0x8b, 0x6b, 0xf1, 0x9a,
+        0xd1, 0xe7, 0x14, 0x38, 0x5e, 0xba, 0x8c, 0xbf, 0x32, 0xaa, 0x34, 0x30,
+        0x7c, 0x1e, 0x11, 0xcd, 0x1f, 0x9f, 0xcf, 0x4d, 0x14, 0xce, 0x67, 0xf9,
+        0x9c, 0x89, 0x07, 0x92, 0x44, 0x6e, 0x9a, 0x16, 0xe4, 0xfb, 0x67, 0x01,
+        0x3f, 0x4c, 0x14, 0x89, 0x33, 0x87, 0x46, 0xc6, 0xe4, 0x66, 0x94, 0xd4,
+        0x87, 0x4f, 0x2c, 0x92, 0x1b, 0xae, 0x82, 0xe7, 0x99, 0xaa, 0xb4, 0x99,
+        0x81, 0x26, 0xa6, 0x6f, 0x1d, 0xc1, 0x95, 0x80, 0xe9, 0xea, 0xe3, 0x44,
+        0x6a, 0x2b, 0xd2, 0xe0, 0x0d, 0x69, 0x42, 0xf7, 0x27, 0x6b, 0x4f, 0x02,
+        0x7a, 0x33, 0x7b, 0x43, 0x3d, 0xef, 0x10, 0xaa, 0xab, 0xc5, 0xa2, 0xf0,
+        0xbb, 0x07, 0x4b, 0x26, 0x0c, 0x58, 0xcd, 0x3b, 0xd2, 0x6d, 0xa5, 0x32,
+        0x37, 0x88, 0x4e, 0x8b, 0xe3, 0x75, 0xb0, 0xbb, 0x87, 0xea, 0xa4, 0x53,
+        0xf3, 0xff, 0x39, 0x92, 0x44, 0xab, 0x7b, 0x71, 0x62, 0x31, 0x6b, 0x31,
+        0xca, 0x97, 0xba, 0xd7, 0x41, 0xe0, 0x47, 0x47, 0x4f, 0x77, 0xa2, 0x35,
+        0x62, 0x7a, 0xc1, 0xb6, 0x69, 0x10, 0x09, 0xce, 0xfc, 0x92, 0xcc, 0xc5,
+        0x7a, 0x11, 0xf1, 0xc1, 0xa0, 0x80, 0xe5, 0x42, 0x17, 0xb6, 0x3f, 0xab,
+        0xc1, 0xa2, 0x41, 0xfb, 0xe3, 0x98, 0x2d, 0x7a, 0xe4, 0x1b, 0x1f, 0x7e,
+        0x71, 0x3c, 0x3e, 0x90, 0x8c, 0x60, 0x30, 0xb7, 0x73, 0x06, 0x1f, 0x8a,
+        0xce, 0x50, 0x20, 0x7c, 0xfa, 0x8c, 0xf2, 0x14, 0xd9, 0x00, 0xa2, 0x21,
+        0xea, 0x10, 0x36, 0x21, 0x6f, 0x7f, 0x13, 0xe3, 0x6c, 0xb2, 0xd6, 0xa5,
+        0xa6, 0x6e, 0xa9, 0xe7, 0x1d, 0xdf, 0xc9, 0x97, 0x60, 0x75, 0xa3, 0x55,
+        0xa1, 0x2c, 0x94, 0xd7, 0x85, 0x4b, 0x44, 0xc6, 0x9c, 0x17, 0xc2, 0xad,
+        0xe6, 0x56, 0x72, 0x1d, 0xb9, 0x13, 0x54, 0xfe, 0x8c, 0xec, 0xf4, 0xa3,
+        0x54, 0x6b, 0x31, 0xbc, 0x55, 0x9e, 0x01, 0xd4, 0x9b, 0x24, 0x9e, 0x51,
+        0xaf, 0x67, 0x76, 0x02, 0xf7, 0x34, 0x6a, 0xaa, 0xb0, 0x3c, 0x70, 0x2e,
+        0xc8, 0x86, 0xfa, 0x40, 0x89, 0x12, 0xb7, 0x49, 0x38, 0x0b, 0xf7, 0x66,
+        0xd2, 0x2e, 0x58, 0xf1, 0x22, 0x3b, 0xb3, 0x40, 0x6b, 0x7a, 0x68, 0x4d,
+        0x42, 0xfd, 0xbf, 0xa0, 0xf7, 0x2f, 0x63, 0x4a, 0x87, 0xe7, 0x99, 0x52,
+        0x6e, 0xe7, 0xdd, 0xca, 0x19, 0x71, 0xee, 0x92, 0xe2, 0x68, 0x0e, 0xe1,
+        0xb7, 0x90, 0x1f, 0xc4, 0xef, 0xf8, 0xf6, 0x85, 0x53, 0x18, 0x33, 0x86,
+        0x15, 0xc8, 0x29, 0x58, 0x6f, 0xf0, 0x1c, 0x14, 0x73, 0xa9, 0x8e, 0x88,
+        0x74, 0xd4, 0x21, 0xf5, 0xc6, 0x7c, 0xd8, 0x96, 0x0f, 0xb0, 0xa6, 0x7b,
+        0xf7, 0x72, 0x15, 0xd7, 0x30, 0x6b, 0x15, 0x1d, 0x3f, 0xb7, 0x4e, 0xaa,
+        0xc0, 0x52, 0x1d, 0x84, 0xbf, 0x98, 0xbd, 0x33, 0x02, 0xab, 0x8b, 0xd0,
+        0x9c, 0x85, 0x2f, 0xa3, 0xfb, 0x46, 0x8d, 0x4d, 0x97, 0x1a, 0x8a, 0x3c,
+        0x73, 0x5b, 0x3b, 0x58, 0x26, 0xba, 0x6b, 0x45, 0x2e, 0x24, 0x66, 0x79,
+        0x7d, 0xc4, 0xf8, 0x8c, 0x05, 0x7d, 0x5c, 0x23, 0xb9, 0xe8, 0x5d, 0xfe,
+        0xc9, 0x84, 0xe5, 0x58, 0x40, 0xa4, 0xb7, 0x55, 0x74, 0x69, 0x92, 0x9c,
+        0x3e, 0x19, 0xb1, 0xb6, 0x51, 0xe9, 0x71, 0xcc, 0x96, 0x2b, 0x01, 0x71,
+        0xf5, 0xb9, 0xde, 0x77, 0xfe, 0x2e, 0x74, 0x9c, 0x6a, 0x52, 0x17, 0x1e,
+        0xea, 0xd9, 0xc8, 0x14, 0xbe, 0x61, 0xdf, 0xe9, 0x96, 0x24, 0x5a, 0x9a,
+        0xd8, 0xd7, 0xad, 0x71, 0xe0, 0xf4, 0xbb, 0x9e, 0xae, 0x95, 0xcd, 0x58,
+        0x94, 0x81, 0xee, 0x46, 0x84, 0x65, 0x39, 0xb1, 0x1b, 0x1e, 0xf5, 0x50,
+        0xad, 0x56, 0x58, 0xb7, 0x53, 0x9b, 0x2a, 0x2f, 0x09, 0x61, 0x57, 0xda,
+        0xf5, 0xdc, 0x9f, 0x3c, 0x6c, 0x69, 0x0d, 0x61, 0x49, 0xb2, 0xe0, 0xb2,
+        0xe5, 0xef, 0x19, 0xbe, 0x04, 0xf6, 0x6b, 0xad, 0x41, 0x4c, 0x5a, 0x50,
+        0xf6, 0xac, 0x1b, 0x25, 0x8a, 0xdd, 0xe3, 0x57, 0xab, 0x7c, 0x92, 0xe4
+#else
     0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
     0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
     0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
@@ -41636,9 +44298,398 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
     0xe7, 0x56, 0xa8, 0xb4, 0x93, 0x3c, 0xd5, 0x98, 0x9f, 0x61,
     0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40,
     0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95,
-    0x0a, 0x93,
+    0x0a, 0x93
+#endif
     };
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_sig[] = {
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        0x20, 0xff, 0x12, 0xe1, 0x87, 0xf6, 0x11, 0x38, 0xff, 0x41, 0xd0, 0x8f,
+        0xcd, 0x7e, 0xd1, 0xf6, 0x21, 0x17, 0xd0, 0x46, 0xe9, 0x86, 0x83, 0x1b,
+        0xaf, 0xe5, 0x2b, 0x59, 0x21, 0xd1, 0x6b, 0xc9, 0xdb, 0x34, 0xdc, 0xba,
+        0xfd, 0xd3, 0xf8, 0x71, 0x49, 0xd8, 0x31, 0xbc, 0x48, 0x83, 0x22, 0x7b,
+        0xfd, 0x6a, 0x93, 0xa6, 0x39, 0x4c, 0xda, 0xdb, 0x15, 0xe7, 0x41, 0x14,
+        0xb4, 0xb8, 0xfe, 0xb0, 0x1f, 0xf9, 0x0a, 0x2c, 0x0b, 0xc0, 0xac, 0x09,
+        0x84, 0x69, 0x5e, 0x64, 0x8c, 0xa8, 0xee, 0xa1, 0x52, 0x22, 0xde, 0x0d,
+        0xc7, 0x25, 0xef, 0xa8, 0xfd, 0x8c, 0xb9, 0x45, 0x4f, 0xa4, 0x9c, 0xbc,
+        0x70, 0xf2, 0x88, 0xea, 0x79, 0x13, 0xb0, 0xfc, 0xe6, 0x41, 0x48, 0x1c,
+        0x33, 0x48, 0xa2, 0x77, 0x75, 0x37, 0x9f, 0xc1, 0x86, 0x94, 0xcd, 0x69,
+        0x98, 0x87, 0x47, 0x49, 0x75, 0x93, 0xf1, 0xa4, 0x2d, 0x8e, 0xa8, 0x7e,
+        0x0f, 0x95, 0xf5, 0x3e, 0x5d, 0x31, 0x2d, 0xc9, 0x58, 0x1c, 0x42, 0xfd,
+        0x79, 0x6a, 0x49, 0xa3, 0x84, 0xc5, 0x2e, 0x8d, 0x96, 0x9c, 0xc8, 0x05,
+        0x93, 0xdb, 0x6d, 0xbf, 0x83, 0x34, 0xc2, 0x81, 0x47, 0x90, 0xc9, 0xa9,
+        0x82, 0xbd, 0xe1, 0xc8, 0x89, 0xa2, 0x36, 0x47, 0xed, 0xfb, 0x47, 0x57,
+        0x01, 0x1a, 0x75, 0x8c, 0x6b, 0x83, 0xcf, 0x56, 0xae, 0x52, 0x66, 0x8b,
+        0xab, 0x7f, 0x0c, 0xec, 0xde, 0x5c, 0x13, 0xbe, 0xbd, 0x5b, 0x74, 0x28,
+        0xb5, 0xd7, 0x68, 0xd5, 0xd2, 0xe9, 0x96, 0x3b, 0x55, 0xda, 0x3a, 0x93,
+        0x3c, 0xd9, 0x9f, 0x53, 0x2a, 0x31, 0x84, 0x45, 0x3f, 0xee, 0x2b, 0xfc,
+        0x92, 0xb0, 0x9c, 0xc6, 0x16, 0x16, 0x4f, 0x33, 0x41, 0x17, 0x58, 0xbe,
+        0x5d, 0x57, 0x4b, 0x04, 0x82, 0xe3, 0xb3, 0x68, 0xdf, 0x7c, 0x93, 0xce,
+        0x9d, 0xf6, 0x7e, 0x21, 0x3d, 0x28, 0x1c, 0xf0, 0x37, 0x46, 0xf2, 0xc2,
+        0x73, 0x7c, 0xbe, 0x98, 0x0e, 0x09, 0x75, 0xa7, 0x21, 0x11, 0xa9, 0xd6,
+        0xd1, 0x47, 0xac, 0xd0, 0x19, 0x48, 0x3b, 0x74, 0xc1, 0x3c, 0x37, 0x43,
+        0x49, 0x12, 0x62, 0xee, 0xaf, 0x5c, 0x38, 0xf7, 0x8a, 0xce, 0xb3, 0x7a,
+        0x05, 0x16, 0xd4, 0x71, 0x8b, 0xbe, 0x1a, 0xe0, 0x1e, 0xbc, 0x4b, 0x54,
+        0x0f, 0xb5, 0x73, 0x2b, 0xb8, 0x3a, 0x75, 0xf0, 0x26, 0xcd, 0xf9, 0xca,
+        0x32, 0xf9, 0x7e, 0x15, 0x38, 0x75, 0x9c, 0x4d, 0xbc, 0x11, 0xf8, 0xea,
+        0x8e, 0xe8, 0x38, 0x17, 0xc5, 0x62, 0xf4, 0x34, 0xfb, 0xd6, 0xf5, 0x76,
+        0xfc, 0xa3, 0xf3, 0x44, 0xf9, 0xab, 0x2e, 0x9a, 0x68, 0xcd, 0xa1, 0x29,
+        0xff, 0xda, 0xe8, 0xb5, 0xb0, 0x20, 0x5d, 0x02, 0x01, 0x62, 0x26, 0x44,
+        0x32, 0xc8, 0x94, 0xf8, 0xf1, 0xaa, 0xf9, 0xc2, 0x86, 0xcb, 0x55, 0x7f,
+        0x8d, 0xb3, 0xf6, 0x63, 0xb1, 0xa4, 0x95, 0x57, 0xb8, 0x1d, 0xc3, 0x42,
+        0xd2, 0x4b, 0x69, 0xcd, 0x7a, 0x10, 0x5b, 0x6a, 0x13, 0xd1, 0x02, 0x98,
+        0x38, 0x87, 0x9b, 0x9a, 0x5a, 0x66, 0x73, 0xcb, 0x75, 0xd0, 0x7a, 0x4b,
+        0xad, 0x23, 0x06, 0x1c, 0xc8, 0x6b, 0x0c, 0xa8, 0xfe, 0x7b, 0x8f, 0x65,
+        0x50, 0xd7, 0xf7, 0x76, 0x88, 0x42, 0xe0, 0x5e, 0x18, 0x91, 0x8b, 0x99,
+        0x37, 0x56, 0x08, 0x91, 0xe7, 0x01, 0xe7, 0x05, 0xd5, 0xed, 0x43, 0x25,
+        0x71, 0x7e, 0x3e, 0xfc, 0xc4, 0xfd, 0xed, 0x8b, 0x85, 0x16, 0x8c, 0xe3,
+        0x05, 0xee, 0x51, 0x02, 0xa4, 0x4b, 0xd8, 0x3c, 0xcf, 0x4d, 0x2f, 0x2d,
+        0x68, 0x6e, 0xc1, 0xd5, 0xfa, 0x91, 0xfd, 0x6a, 0xe0, 0x64, 0x85, 0x35,
+        0x9c, 0x75, 0xe6, 0x0d, 0xb8, 0xec, 0x97, 0x88, 0x62, 0x98, 0x78, 0x75,
+        0xc7, 0x1e, 0x68, 0xa7, 0xb9, 0x7b, 0xab, 0x75, 0x7a, 0x72, 0x3c, 0x7b,
+        0xab, 0x60, 0x03, 0xb7, 0x38, 0x13, 0xe4, 0x96, 0x6e, 0xcb, 0x95, 0xcc,
+        0xdc, 0x6a, 0x47, 0x67, 0x77, 0xd7, 0x95, 0xc4, 0x87, 0x66, 0xc2, 0x7e,
+        0x42, 0x90, 0x59, 0x4f, 0xd6, 0xf3, 0xf4, 0xa7, 0xd0, 0x29, 0xf9, 0x5d,
+        0x4b, 0x06, 0x06, 0xf7, 0x6e, 0xb2, 0xab, 0xb0, 0x8e, 0x21, 0xa6, 0xff,
+        0x5e, 0x7b, 0x47, 0xb6, 0x3a, 0xa6, 0x9e, 0x19, 0xf6, 0xdf, 0x9b, 0x3b,
+        0x3d, 0x07, 0x37, 0xd1, 0x0b, 0xa8, 0xf3, 0x9c, 0x43, 0x89, 0xee, 0xba,
+        0x03, 0xee, 0x38, 0x74, 0x13, 0x09, 0x8e, 0x47, 0x4e, 0xa9, 0x14, 0xf5,
+        0xb0, 0x55, 0xe0, 0x03, 0xe5, 0xb9, 0x53, 0xef, 0x03, 0x15, 0x60, 0xb3,
+        0x4a, 0x71, 0x31, 0x4b, 0xf1, 0xc8, 0xe4, 0x63, 0x9b, 0x8b, 0x78, 0x3c,
+        0x1f, 0xac, 0x27, 0x20, 0xa8, 0x53, 0x7d, 0xdd, 0x72, 0xd3, 0x90, 0x8f,
+        0x71, 0xa6, 0xa7, 0xeb, 0xb0, 0xeb, 0x42, 0x96, 0xa4, 0xc3, 0xba, 0xc6,
+        0x3c, 0xe7, 0x7b, 0x15, 0x1e, 0xfa, 0x15, 0x23, 0x37, 0xf3, 0xc8, 0xb2,
+        0xf9, 0x46, 0x04, 0xd1, 0x5e, 0x44, 0xd7, 0x8f, 0x70, 0xb1, 0x0a, 0xde,
+        0x6a, 0xe3, 0xaf, 0x9e, 0x49, 0x55, 0x78, 0x79, 0x11, 0x22, 0x87, 0xa9,
+        0x54, 0x7c, 0xb4, 0x83, 0xe1, 0x25, 0xcd, 0x89, 0xa6, 0x91, 0x21, 0x7b,
+        0xbe, 0x3d, 0x2f, 0x46, 0xb5, 0x5b, 0x50, 0x1a, 0xc8, 0x8d, 0x32, 0xf3,
+        0x62, 0x1f, 0x24, 0x64, 0xe8, 0xb6, 0x02, 0x4f, 0x1f, 0x52, 0x3c, 0x40,
+        0xfc, 0x72, 0x38, 0xd4, 0xba, 0x40, 0x8e, 0xb7, 0xc0, 0x97, 0x06, 0x16,
+        0xd5, 0xe3, 0x39, 0x45, 0xd7, 0x7c, 0x0e, 0xed, 0x6b, 0x19, 0x19, 0x0a,
+        0x8e, 0xcb, 0x2b, 0xee, 0x4d, 0xa1, 0x5e, 0x84, 0x22, 0x66, 0xcd, 0x4f,
+        0xb9, 0x1a, 0x25, 0x85, 0x02, 0xc0, 0x67, 0xc4, 0xd5, 0x1a, 0xcb, 0xbb,
+        0xde, 0x4d, 0x3c, 0x3c, 0x62, 0x9f, 0x76, 0x8f, 0x15, 0x29, 0xa5, 0xbb,
+        0x5a, 0x48, 0x38, 0x66, 0xfa, 0x56, 0x0a, 0x09, 0xbd, 0xdf, 0xdf, 0x4a,
+        0xe7, 0x0e, 0xa6, 0xb1, 0xb5, 0x7c, 0xe1, 0xed, 0x8d, 0x63, 0x07, 0x42,
+        0xf3, 0xf8, 0x15, 0x28, 0x7c, 0x09, 0xf5, 0x02, 0x69, 0x1b, 0x88, 0x1e,
+        0x3d, 0xad, 0x5f, 0x46, 0xed, 0xab, 0x2b, 0x11, 0x96, 0x73, 0xa8, 0xe8,
+        0xe6, 0x64, 0x7d, 0xae, 0x13, 0xa1, 0x7d, 0x54, 0xae, 0xc0, 0x82, 0xeb,
+        0x2a, 0xd1, 0x76, 0xb7, 0x9f, 0xbd, 0x33, 0x8f, 0xe7, 0xe6, 0x79, 0x92,
+        0xa6, 0xaf, 0x61, 0x91, 0x49, 0xbc, 0xd2, 0x3c, 0x6f, 0x8b, 0xbe, 0x8f,
+        0x5f, 0x1f, 0x00, 0x2c, 0x2e, 0x2c, 0xa0, 0x14, 0xcf, 0x34, 0x42, 0x44,
+        0x41, 0x11, 0xd7, 0x37, 0xd3, 0x99, 0x44, 0x36, 0x43, 0x03, 0xb9, 0x50,
+        0x4f, 0xab, 0xfe, 0x48, 0xe2, 0x4b, 0xed, 0x51, 0x8b, 0xe0, 0x04, 0x3c,
+        0x93, 0x28, 0x55, 0xc8, 0x5a, 0xb3, 0x52, 0x2c, 0x56, 0xbd, 0x43, 0xb9,
+        0x4a, 0x6c, 0x4c, 0xcc, 0xda, 0xba, 0x9c, 0xe6, 0x3e, 0x50, 0x8b, 0x1a,
+        0xe5, 0x83, 0xc1, 0x60, 0x55, 0xb2, 0x02, 0x16, 0x54, 0x33, 0x62, 0x69,
+        0x7c, 0x7d, 0x94, 0xf2, 0xb0, 0x3a, 0x22, 0xf0, 0x21, 0x46, 0xd7, 0x94,
+        0x53, 0xec, 0x63, 0x4c, 0x3e, 0xc3, 0x71, 0xd1, 0xb9, 0x2e, 0x16, 0xe8,
+        0x17, 0x63, 0x7e, 0x0c, 0x83, 0x05, 0x72, 0xe6, 0x20, 0x60, 0x34, 0xae,
+        0x0e, 0x54, 0xa0, 0x57, 0x75, 0x93, 0x2e, 0xb8, 0x6c, 0xec, 0xda, 0x44,
+        0x1b, 0xac, 0xd6, 0x75, 0xc5, 0x79, 0x3c, 0xc2, 0xa6, 0xa2, 0x7f, 0x3a,
+        0xb0, 0xec, 0xeb, 0xc1, 0xe6, 0xd6, 0xae, 0xac, 0x2e, 0x55, 0x30, 0x1c,
+        0x81, 0xa4, 0x4c, 0x35, 0x0e, 0xd8, 0xa6, 0x4e, 0xea, 0x0e, 0xbf, 0x79,
+        0xf7, 0xdf, 0x55, 0xfc, 0xf9, 0x24, 0xb0, 0xa6, 0xba, 0xc3, 0x72, 0x42,
+        0x60, 0x06, 0x44, 0x03, 0xe3, 0x40, 0x3c, 0x2a, 0x13, 0xf7, 0xdf, 0x3d,
+        0xb7, 0x0d, 0x86, 0x6c, 0xb0, 0x0f, 0x2e, 0x72, 0x91, 0x16, 0x4f, 0x5f,
+        0xd0, 0x3e, 0x8c, 0x36, 0xed, 0xa8, 0x6f, 0xbc, 0x65, 0xb0, 0x65, 0x99,
+        0x47, 0x50, 0xa5, 0x9c, 0xea, 0xee, 0x8a, 0x44, 0x70, 0xf5, 0x31, 0x1a,
+        0xe9, 0x11, 0xc1, 0xce, 0xe0, 0x21, 0x52, 0x70, 0x89, 0xf7, 0xc3, 0x35,
+        0xfa, 0x55, 0x5a, 0xc5, 0x10, 0x02, 0xc4, 0xc7, 0xf7, 0xe1, 0xaf, 0x49,
+        0x48, 0x61, 0xe7, 0x0d, 0xa1, 0x2d, 0x7d, 0x03, 0x00, 0x38, 0xa7, 0xd5,
+        0xd3, 0xbf, 0x95, 0x29, 0xed, 0xcc, 0x70, 0x3e, 0xbe, 0x95, 0x8a, 0xdf,
+        0xaf, 0xbf, 0xec, 0xf8, 0x6a, 0x4f, 0x9e, 0x69, 0xee, 0x4e, 0x3d, 0x8b,
+        0x58, 0xa0, 0x2e, 0xb5, 0x83, 0x6a, 0x0e, 0x04, 0xa4, 0xa9, 0x74, 0xcb,
+        0x4f, 0xb0, 0x39, 0x37, 0x8f, 0xcf, 0xbf, 0x77, 0xe4, 0x1a, 0x74, 0xcf,
+        0x0e, 0x0d, 0x2d, 0x6e, 0x1d, 0xba, 0xc1, 0xf5, 0x7c, 0x54, 0x6e, 0x92,
+        0xec, 0x4b, 0x03, 0xc3, 0xa4, 0x44, 0xad, 0x3e, 0x4f, 0xa4, 0xd9, 0xe9,
+        0x71, 0x3c, 0xe6, 0xb6, 0xbe, 0xe7, 0xfc, 0x72, 0x76, 0x86, 0x9a, 0x73,
+        0xb1, 0xb3, 0xf3, 0x84, 0xb6, 0x2a, 0x40, 0x0b, 0x8c, 0xae, 0xb3, 0xc4,
+        0xdc, 0xb5, 0x21, 0x85, 0x87, 0xdc, 0x19, 0x18, 0xd5, 0xba, 0xa4, 0x5e,
+        0x88, 0x89, 0xa4, 0xf4, 0x88, 0x75, 0xc2, 0x7a, 0xb4, 0xee, 0x9d, 0x54,
+        0x66, 0x97, 0x70, 0x08, 0x8f, 0x99, 0x84, 0x5d, 0x5e, 0xa7, 0x6f, 0x92,
+        0xe8, 0xa3, 0x65, 0xfa, 0x0e, 0x87, 0xfb, 0x3c, 0xe9, 0x17, 0x2d, 0xc7,
+        0x2d, 0x30, 0x8f, 0x41, 0x82, 0x68, 0x2b, 0xf1, 0x67, 0x8e, 0xf7, 0x05,
+        0x78, 0xfa, 0xc3, 0x61, 0xba, 0x35, 0xe7, 0x2f, 0x19, 0xef, 0x71, 0x36,
+        0xac, 0x5b, 0xf0, 0x45, 0x30, 0x70, 0xdc, 0xc7, 0xab, 0x7b, 0x62, 0x17,
+        0x9d, 0xc4, 0x43, 0x6f, 0xfc, 0x02, 0x56, 0x5f, 0x65, 0xaa, 0x68, 0x3b,
+        0x5c, 0xfa, 0x71, 0x28, 0x89, 0xe9, 0x28, 0x2f, 0x95, 0x4b, 0xfc, 0xe6,
+        0xe7, 0xc8, 0x44, 0x28, 0x5c, 0x3c, 0x08, 0x5f, 0x9c, 0xbc, 0x41, 0x68,
+        0x91, 0x98, 0x7a, 0x00, 0x63, 0xc9, 0x5c, 0x75, 0x8f, 0xcc, 0x33, 0x77,
+        0x7b, 0xd0, 0x2d, 0xe8, 0xa2, 0x98, 0xa4, 0x1b, 0xfa, 0x09, 0x67, 0x7b,
+        0x25, 0x96, 0x19, 0xf4, 0x77, 0x33, 0x20, 0x4f, 0x19, 0xf6, 0x9c, 0x6c,
+        0x2e, 0xd9, 0x68, 0x95, 0xb0, 0xe2, 0x18, 0x06, 0xe5, 0x84, 0x8e, 0xf7,
+        0xbf, 0x6c, 0x96, 0xa8, 0x9d, 0x37, 0xc7, 0x28, 0xa1, 0x3d, 0x90, 0x8c,
+        0x40, 0x3d, 0xe2, 0x51, 0xfd, 0x55, 0x09, 0xf8, 0x83, 0x43, 0x44, 0x4d,
+        0x1c, 0x8a, 0x8d, 0x36, 0x84, 0x64, 0xc4, 0xfa, 0x1d, 0x72, 0x04, 0x0b,
+        0x1d, 0x49, 0x13, 0x88, 0x78, 0x5f, 0x07, 0x9b, 0xc8, 0x01, 0x9c, 0x3c,
+        0xfc, 0xff, 0x0f, 0xd5, 0x13, 0xcd, 0x15, 0x98, 0xcc, 0xe6, 0x59, 0x1e,
+        0x83, 0x38, 0x8f, 0x6c, 0x75, 0xbe, 0xdf, 0xe9, 0x1b, 0xc5, 0xb9, 0x6b,
+        0xa4, 0x5a, 0x0c, 0xae, 0x98, 0x8d, 0x93, 0xfa, 0x76, 0x7f, 0x0d, 0x0b,
+        0xe8, 0xa0, 0x3b, 0x9e, 0x5e, 0xc8, 0xa8, 0xcc, 0x02, 0xc9, 0x86, 0x9c,
+        0x78, 0xaf, 0x6e, 0x6a, 0xf4, 0xfe, 0x49, 0xad, 0xc5, 0x93, 0xae, 0x62,
+        0xbd, 0xe3, 0x3a, 0xa8, 0xf2, 0x60, 0xb5, 0x29, 0xde, 0x5f, 0x12, 0x02,
+        0x2d, 0x43, 0x90, 0xf5, 0x9d, 0x9d, 0x97, 0x29, 0xfa, 0xdd, 0x60, 0x41,
+        0x64, 0xb7, 0xa5, 0x03, 0x72, 0x10, 0x2b, 0xdd, 0x5b, 0x60, 0xe6, 0xf0,
+        0xe1, 0xd7, 0xa5, 0x97, 0xec, 0xb4, 0x9a, 0x4c, 0x3e, 0x16, 0xa2, 0x82,
+        0xb3, 0xc3, 0x3f, 0x3e, 0x5d, 0x32, 0xac, 0x5a, 0x40, 0xb4, 0x00, 0xfa,
+        0xd9, 0x47, 0xe8, 0x77, 0xa8, 0x96, 0x5c, 0x60, 0x04, 0x9c, 0x5c, 0xdf,
+        0x24, 0x3b, 0xa7, 0x4a, 0x58, 0x25, 0x12, 0x9a, 0xa8, 0x7b, 0x3e, 0x14,
+        0xc8, 0x06, 0x79, 0x23, 0xea, 0x91, 0x7f, 0xe1, 0x78, 0x41, 0x6c, 0xdb,
+        0x8c, 0xeb, 0x66, 0x35, 0x87, 0x87, 0x81, 0x65, 0x2c, 0xef, 0x3a, 0x6e,
+        0xae, 0xb3, 0x6c, 0xe9, 0x86, 0x50, 0x6d, 0x89, 0xd6, 0x27, 0x0a, 0xdb,
+        0xf8, 0xd4, 0xb8, 0x85, 0x8e, 0x37, 0xa6, 0x56, 0xf7, 0x58, 0x18, 0x4c,
+        0x44, 0xcf, 0xeb, 0xc4, 0x79, 0x19, 0xfc, 0x2e, 0x53, 0x18, 0x0e, 0x7b,
+        0x51, 0x86, 0xf3, 0x59, 0x13, 0xb2, 0xaf, 0xd3, 0xee, 0xf4, 0xd5, 0xbf,
+        0x2c, 0xb8, 0x6d, 0x71, 0x74, 0x7c, 0x67, 0x54, 0xa7, 0x4b, 0x03, 0xa9,
+        0x1b, 0x62, 0x95, 0x9f, 0xc3, 0xf0, 0x71, 0x39, 0x2d, 0x26, 0xaf, 0xaf,
+        0xa7, 0xa5, 0x58, 0xf8, 0xf8, 0x8a, 0xe0, 0x62, 0x90, 0x3f, 0x72, 0x9d,
+        0x21, 0x82, 0x76, 0x3e, 0x4c, 0x5d, 0xe0, 0xb5, 0x67, 0x23, 0xe3, 0x13,
+        0x1a, 0x29, 0xa3, 0xda, 0xa4, 0xb4, 0x5c, 0x1d, 0x47, 0xdf, 0xdf, 0xc9,
+        0x93, 0x6c, 0xb2, 0xb5, 0x22, 0xb3, 0x47, 0x2b, 0xcf, 0xf0, 0x36, 0x87,
+        0x51, 0x3c, 0x79, 0x41, 0x70, 0xbd, 0xea, 0x70, 0xa2, 0x29, 0x90, 0x55,
+        0x30, 0x6f, 0x3e, 0x50, 0xc8, 0x38, 0xd6, 0xfa, 0x6f, 0xe3, 0x39, 0x67,
+        0x88, 0x52, 0x1f, 0xd3, 0x52, 0xbf, 0x3e, 0x7b, 0x2a, 0xe5, 0x1e, 0xcd,
+        0xf9, 0xf1, 0x91, 0x1d, 0x04, 0x61, 0x25, 0xbb, 0xe1, 0x33, 0xe3, 0x66,
+        0x46, 0xed, 0x06, 0x8d, 0xc3, 0x4f, 0x20, 0xc6, 0x24, 0xa7, 0xb5, 0x49,
+        0x3b, 0xc7, 0xe6, 0xa0, 0x77, 0x58, 0xd9, 0x70, 0xb1, 0xf5, 0xec, 0x94,
+        0x19, 0xf3, 0x5b, 0x0f, 0x9a, 0xe4, 0xad, 0x37, 0x81, 0xaf, 0x68, 0x7b,
+        0xe5, 0x67, 0xb5, 0xae, 0x7f, 0x2d, 0x64, 0x78, 0x68, 0x5a, 0xd1, 0x8f,
+        0x1c, 0xc0, 0xc3, 0x5b, 0x21, 0x77, 0xe4, 0xa8, 0x5d, 0x05, 0x50, 0xc1,
+        0x92, 0xee, 0x36, 0x2d, 0xd2, 0xff, 0xee, 0xc2, 0x11, 0x99, 0xee, 0xd7,
+        0x48, 0xfb, 0x6a, 0xa3, 0xc9, 0xb7, 0x0c, 0xc1, 0xe5, 0x12, 0xbf, 0x6f,
+        0x58, 0x66, 0x35, 0x34, 0x26, 0xaa, 0xbe, 0xc3, 0x33, 0x86, 0xfd, 0xc0,
+        0x1c, 0xa5, 0xe4, 0x1e, 0x91, 0xc4, 0x55, 0x4e, 0xf1, 0xcb, 0xd2, 0x0b,
+        0xe8, 0x0d, 0x89, 0x6a, 0x00, 0xbd, 0x7b, 0xf5, 0x3d, 0x1a, 0x4a, 0x48,
+        0xfc, 0xf0, 0x5b, 0xcd, 0xdb, 0xb2, 0xa0, 0x27, 0x4b, 0x8f, 0xf7, 0x87,
+        0x78, 0x13, 0xdb, 0x3f, 0xfb, 0x0b, 0xda, 0x22, 0xb3, 0x2b, 0x3a, 0x38,
+        0xd2, 0x29, 0x73, 0x77, 0xb8, 0xd6, 0xec, 0xab, 0xb4, 0xfe, 0xbe, 0xbb,
+        0x6e, 0xe2, 0xc8, 0x45, 0x7b, 0x0d, 0x36, 0x28, 0x0f, 0x45, 0x72, 0xea,
+        0x6d, 0x38, 0x02, 0x5e, 0x48, 0x89, 0x12, 0x24, 0x1b, 0x33, 0x0f, 0xe9,
+        0xf4, 0xce, 0xf8, 0x27, 0x16, 0x37, 0x29, 0xae, 0xe8, 0x22, 0x03, 0x31,
+        0xa9, 0xa0, 0x73, 0x0c, 0x40, 0xe4, 0xfc, 0x6b, 0xe2, 0x1c, 0x8d, 0x7c,
+        0x40, 0x82, 0x72, 0x28, 0xd0, 0x7d, 0xe5, 0xef, 0x05, 0x14, 0x80, 0x28,
+        0x11, 0x32, 0x0d, 0x63, 0x8a, 0xc3, 0x7c, 0xfe, 0xf5, 0x06, 0x0e, 0xb0,
+        0x78, 0x5c, 0x3a, 0xb6, 0x54, 0x37, 0x46, 0xa7, 0x43, 0x4f, 0x05, 0xec,
+        0xe4, 0x9f, 0xd8, 0x55, 0x1f, 0x70, 0xb3, 0xe6, 0xbc, 0x46, 0x34, 0x9e,
+        0xfc, 0xa4, 0x57, 0x8f, 0x0f, 0x25, 0x6f, 0x9f, 0xb3, 0x80, 0x21, 0x0b,
+        0xa1, 0xca, 0x59, 0xcd, 0x37, 0xf7, 0xc9, 0xcb, 0xbe, 0x91, 0xad, 0x07,
+        0x4f, 0xc7, 0x4e, 0x04, 0xbd, 0x38, 0x8b, 0x63, 0xb5, 0x51, 0xac, 0xc8,
+        0x83, 0x3a, 0xa7, 0xe1, 0x77, 0xbc, 0xa4, 0x0c, 0x6c, 0x50, 0xeb, 0x46,
+        0xe1, 0x45, 0x9a, 0x7b, 0x01, 0xca, 0x54, 0xf0, 0x0f, 0xa0, 0x1f, 0x43,
+        0x9a, 0x19, 0x70, 0x2e, 0x70, 0x5a, 0xcf, 0x3b, 0x1b, 0x41, 0xfd, 0xd3,
+        0x9a, 0xa2, 0x36, 0x14, 0xf0, 0xdd, 0xb0, 0x12, 0x6d, 0xcf, 0x55, 0x3f,
+        0xef, 0x0a, 0xc1, 0x80, 0xa9, 0x68, 0xc3, 0x98, 0x03, 0x46, 0x34, 0xce,
+        0x91, 0xb2, 0x7a, 0x94, 0xd2, 0xe7, 0xb9, 0x9c, 0x56, 0xb8, 0xf8, 0xd6,
+        0xff, 0xbf, 0x8b, 0x39, 0x45, 0x04, 0x45, 0xc9, 0xa2, 0xe2, 0xbb, 0x50,
+        0x68, 0x13, 0x32, 0x1e, 0x09, 0x51, 0xb7, 0xb9, 0xcf, 0x5f, 0xcc, 0x54,
+        0xd2, 0xf3, 0xc1, 0x9d, 0xa0, 0x8d, 0x22, 0xc8, 0x7e, 0x1b, 0xc6, 0x14,
+        0xde, 0x5f, 0x52, 0xb4, 0x69, 0x71, 0xca, 0x58, 0x1d, 0x1e, 0x89, 0xcb,
+        0x56, 0x78, 0x7a, 0x85, 0xee, 0xfd, 0xf6, 0x7e, 0xbe, 0x49, 0x9b, 0xb1,
+        0x05, 0x95, 0x12, 0xe9, 0x63, 0xbd, 0x61, 0x9a, 0x26, 0xf9, 0x0b, 0x9f,
+        0x23, 0x0a, 0x59, 0x55, 0x93, 0xd3, 0x2d, 0xca, 0x66, 0x45, 0x03, 0xb7,
+        0xf0, 0x88, 0x9e, 0xc1, 0x11, 0xbb, 0x62, 0x2c, 0x6f, 0xac, 0x3e, 0x87,
+        0xd7, 0xe6, 0x4a, 0x44, 0x83, 0x04, 0x5d, 0x5d, 0xbc, 0x3c, 0xce, 0x83,
+        0x2b, 0x11, 0x42, 0x02, 0x73, 0x1c, 0x24, 0x90, 0xd9, 0x1a, 0x7d, 0x96,
+        0x82, 0x33, 0x75, 0x1e, 0x59, 0xea, 0xa7, 0x99, 0xe1, 0x5b, 0xdc, 0xe4,
+        0x07, 0xc5, 0x48, 0x07, 0xb4, 0xbc, 0x80, 0x0e, 0xbd, 0x63, 0x6e, 0x66,
+        0xf1, 0x12, 0xb6, 0x67, 0xe0, 0x14, 0x74, 0x9f, 0xbb, 0xb3, 0xb8, 0x16,
+        0xd0, 0x25, 0xe9, 0x21, 0x80, 0x1a, 0x32, 0xb0, 0x58, 0x9a, 0x62, 0x17,
+        0x18, 0x9d, 0x64, 0x2d, 0x47, 0x89, 0x82, 0x3b, 0x8c, 0x5d, 0x60, 0xc4,
+        0x54, 0x69, 0xaa, 0xb4, 0x6a, 0x1d, 0x16, 0xb0, 0xe2, 0x5d, 0x7d, 0xeb,
+        0xb9, 0x80, 0x37, 0xcd, 0x5b, 0xf0, 0xa1, 0xa8, 0x39, 0xb2, 0xd6, 0x3a,
+        0xc8, 0xcd, 0xca, 0xaf, 0xcb, 0x3b, 0x54, 0xc2, 0x67, 0x49, 0xf3, 0xf1,
+        0x11, 0x4d, 0x53, 0x7c, 0x46, 0x8d, 0x22, 0xf6, 0x9a, 0x0d, 0x9e, 0xda,
+        0x37, 0xc6, 0x06, 0x00, 0xca, 0xb6, 0xb6, 0x99, 0xc5, 0xb6, 0x81, 0x7e,
+        0x87, 0x62, 0xcf, 0x07, 0x76, 0xc1, 0x5f, 0xfe, 0x86, 0xfc, 0x5b, 0xa0,
+        0xac, 0xca, 0xcb, 0x7d, 0xf5, 0x5a, 0xc2, 0x5e, 0x41, 0x48, 0x35, 0xc4,
+        0x71, 0x9d, 0xc4, 0x0a, 0x79, 0x6f, 0xe3, 0x6d, 0x47, 0xd4, 0xaa, 0xfd,
+        0x97, 0xe7, 0xb0, 0x7e, 0x61, 0xf1, 0x7d, 0x7e, 0xf8, 0x78, 0x4c, 0x2e,
+        0x65, 0x51, 0xeb, 0x99, 0xd0, 0x3e, 0x24, 0x4c, 0xe0, 0x40, 0x7e, 0x2d,
+        0xf7, 0x00, 0x9d, 0x50, 0x87, 0xce, 0x1f, 0x9a, 0xd2, 0x76, 0x00, 0x09,
+        0xeb, 0x10, 0x1b, 0x4c, 0xf1, 0x43, 0x0e, 0x35, 0xbb, 0x23, 0x2e, 0x26,
+        0x3d, 0x66, 0xa3, 0x0f, 0xf6, 0x10, 0x8b, 0x67, 0xce, 0x66, 0xfd, 0xb5,
+        0x07, 0xdc, 0x04, 0x69, 0xad, 0xe0, 0x4d, 0xdf, 0xdb, 0x2f, 0x87, 0xf7,
+        0xde, 0xc3, 0x77, 0x89, 0x71, 0xfd, 0x70, 0x38, 0xed, 0xe6, 0x27, 0xb1,
+        0xbd, 0x94, 0x5f, 0x39, 0x20, 0x72, 0x59, 0xc4, 0x39, 0xd0, 0x20, 0x5d,
+        0xe2, 0xe7, 0xe0, 0x00, 0x61, 0xc7, 0x65, 0xbd, 0xef, 0x05, 0xb3, 0xc7,
+        0x7e, 0xae, 0xc5, 0x83, 0x7f, 0xc1, 0x32, 0x4e, 0x2a, 0x17, 0x64, 0x4e,
+        0x2a, 0x9a, 0x2d, 0x26, 0x99, 0xa2, 0xd7, 0x37, 0x3a, 0x10, 0x6a, 0x89,
+        0x72, 0x43, 0x0e, 0x3a, 0x03, 0x4c, 0xf9, 0xfe, 0xe8, 0xfc, 0x87, 0x71,
+        0x37, 0x71, 0x5a, 0x05, 0xbc, 0x4e, 0x20, 0x4c, 0xd7, 0xf9, 0x8d, 0x4e,
+        0xb8, 0xb8, 0x56, 0x07, 0xc8, 0x6e, 0x34, 0x6d, 0x45, 0x83, 0x34, 0xf0,
+        0x77, 0xfb, 0x18, 0xec, 0x72, 0xf6, 0x4c, 0xfb, 0xba, 0x84, 0xe9, 0x89,
+        0x3d, 0xfd, 0xb7, 0x0d, 0x70, 0xae, 0xa4, 0x48, 0x6b, 0x39, 0xf8, 0x62,
+        0xc0, 0x7f, 0x0c, 0xf2, 0xa3, 0xfa, 0x7a, 0x64, 0x83, 0x57, 0x7d, 0x4c,
+        0x04, 0x96, 0xd7, 0x9d, 0x10, 0x8b, 0x34, 0x48, 0x17, 0xff, 0x74, 0x5c,
+        0x9c, 0xbe, 0xeb, 0xe5, 0x52, 0x94, 0x6a, 0x34, 0x6f, 0xf7, 0x95, 0x32,
+        0x38, 0x5a, 0x9b, 0x08, 0xf6, 0xda, 0x8c, 0x0f, 0x9c, 0x5d, 0x04, 0x45,
+        0xd4, 0xe9, 0xa4, 0x7a, 0xc4, 0xfd, 0x70, 0xfe, 0xa1, 0x3d, 0x21, 0xa0,
+        0x01, 0xe5, 0x21, 0xca, 0xa7, 0xd9, 0xf1, 0x9f, 0x45, 0xe1, 0xe8, 0x2d,
+        0x27, 0xe6, 0x87, 0xc8, 0x0d, 0xad, 0x13, 0xdb, 0xfe, 0x2f, 0xaa, 0x2b,
+        0xdc, 0xa6, 0x1a, 0xc9, 0x19, 0x78, 0x1a, 0x1f, 0x10, 0xcf, 0x31, 0xe1,
+        0x06, 0x28, 0x66, 0xb3, 0xa7, 0xa2, 0xa6, 0xf1, 0x3b, 0x2d, 0xd3, 0x81,
+        0xaf, 0x6f, 0xc9, 0x88, 0x76, 0xe9, 0x83, 0x6c, 0x52, 0xb9, 0x70, 0x51,
+        0x87, 0x6b, 0x8b, 0xbd, 0x5b, 0x9c, 0xa9, 0xf3, 0xcb, 0x55, 0xd1, 0x76,
+        0x40, 0xe1, 0x90, 0xb9, 0x4c, 0xbd, 0xab, 0x1d, 0xa0, 0x5b, 0x5b, 0x34,
+        0x14, 0x2f, 0x87, 0x8f, 0x63, 0xa0, 0x2d, 0x29, 0x4e, 0x50, 0x4b, 0x18,
+        0x5f, 0x86, 0xac, 0x1b, 0x93, 0xe9, 0x59, 0x38, 0xa1, 0x2a, 0x36, 0x21,
+        0xb2, 0xa4, 0xc0, 0x79, 0xc1, 0x60, 0xfc, 0x0f, 0xbf, 0x99, 0x04, 0x9d,
+        0x4b, 0x17, 0x60, 0x5b, 0xcd, 0x78, 0x03, 0xd7, 0x7c, 0x4b, 0x9b, 0x17,
+        0x58, 0x24, 0x60, 0xb8, 0x08, 0x92, 0x48, 0x4f, 0x66, 0x42, 0x9a, 0x98,
+        0x2a, 0x99, 0x9a, 0x8f, 0xdd, 0xd7, 0x09, 0xf3, 0x22, 0x66, 0x62, 0xef,
+        0xe5, 0x64, 0xd3, 0xdf, 0x31, 0xaa, 0x84, 0x4c, 0xa5, 0x3f, 0x4e, 0x27,
+        0x48, 0x37, 0x96, 0x63, 0xbf, 0x8d, 0xe1, 0xf0, 0xd1, 0xef, 0x95, 0x1a,
+        0xe6, 0xf4, 0x02, 0x61, 0xbf, 0xe3, 0xbc, 0x8b, 0x3d, 0x0b, 0x77, 0x91,
+        0xc0, 0x5d, 0xfb, 0xe6, 0x7e, 0xab, 0x5e, 0xc5, 0x1c, 0x5b, 0x16, 0xfd,
+        0x88, 0xa4, 0x78, 0x4c, 0x06, 0x77, 0xc3, 0x6e, 0x84, 0x0c, 0xda, 0xbf,
+        0xf3, 0x8e, 0xd3, 0x61, 0x65, 0xac, 0xf2, 0x18, 0x70, 0x68, 0x84, 0x6f,
+        0x9f, 0x3a, 0x94, 0x81, 0xa6, 0xc7, 0xc3, 0x92, 0xee, 0x4b, 0x20, 0x15,
+        0x4e, 0x03, 0x76, 0x51, 0x5b, 0x4e, 0xe1, 0x5c, 0x51, 0x5e, 0x1b, 0x9c,
+        0x30, 0x25, 0x79, 0xdd, 0x70, 0x12, 0xec, 0xdc, 0x45, 0x95, 0x45, 0x43,
+        0xcd, 0xbb, 0xae, 0xa0, 0x0d, 0x43, 0xb4, 0xc9, 0x8c, 0x62, 0xfd, 0x7b,
+        0xed, 0x50, 0x78, 0xb7, 0xa6, 0x94, 0xcb, 0x98, 0xb0, 0xbe, 0x09, 0xd9,
+        0x0c, 0xb2, 0xc4, 0x8b, 0x96, 0x93, 0xd9, 0x26, 0xc6, 0x6d, 0x26, 0x93,
+        0x32, 0x4e, 0x86, 0x72, 0x74, 0x92, 0x00, 0x72, 0x0b, 0x20, 0xa3, 0x2b,
+        0x94, 0xe6, 0x10, 0x56, 0x5a, 0x41, 0x71, 0x92, 0x08, 0xce, 0x6c, 0xc4,
+        0x1d, 0x9e, 0x71, 0x82, 0x64, 0x23, 0xe5, 0x15, 0xef, 0x4a, 0x7c, 0x4d,
+        0xe3, 0x92, 0xbc, 0xa3, 0xa2, 0x29, 0xb7, 0x46, 0xfa, 0x8f, 0x9f, 0xc2,
+        0x5d, 0xe4, 0xc0, 0x9c, 0x3f, 0x40, 0x17, 0xae, 0x44, 0xf3, 0x28, 0x10,
+        0x29, 0x24, 0xa9, 0x1c, 0x9e, 0xd2, 0x55, 0x4c, 0xee, 0x45, 0xfe, 0x4a,
+        0x45, 0x12, 0xf5, 0xde, 0xc7, 0x64, 0x15, 0xc3, 0x4a, 0x77, 0x63, 0x05,
+        0x8d, 0xa6, 0x31, 0xa0, 0xad, 0x64, 0xaf, 0x3c, 0x69, 0x2c, 0x25, 0x78,
+        0xae, 0xa0, 0x88, 0x96, 0x8a, 0xc2, 0x9b, 0x8d, 0xee, 0x6f, 0x2e, 0x79,
+        0x1f, 0xec, 0x32, 0x35, 0x75, 0x83, 0x19, 0x8b, 0xda, 0xca, 0xd0, 0xaf,
+        0x6a, 0x6c, 0x42, 0xe8, 0x81, 0xb5, 0x69, 0x31, 0x0b, 0x7d, 0xbc, 0xd8,
+        0xd2, 0xb7, 0x7a, 0x8f, 0xfa, 0xcf, 0x91, 0x07, 0x1f, 0xda, 0xa9, 0x1f,
+        0xb7, 0x2d, 0xff, 0x50, 0x15, 0x2a, 0xef, 0x8c, 0xa1, 0xe3, 0x7f, 0x08,
+        0x95, 0xf2, 0x99, 0x83, 0x1f, 0x97, 0x71, 0x3e, 0x35, 0x3c, 0x8c, 0xe7,
+        0x08, 0xd8, 0xa6, 0x1f, 0x0c, 0xa6, 0x52, 0xdc, 0x73, 0xa0, 0xfc, 0xd2,
+        0x73, 0xe9, 0x27, 0x9d, 0xfd, 0x7a, 0x4a, 0x29, 0xd3, 0x12, 0x26, 0x13,
+        0x0f, 0xce, 0xea, 0x56, 0x99, 0x61, 0x78, 0x47, 0x2c, 0xa0, 0x16, 0xa0,
+        0xe2, 0x64, 0x97, 0x57, 0x31, 0xf0, 0x32, 0x5b, 0x44, 0x93, 0x76, 0x8b,
+        0x59, 0x63, 0x5c, 0x5b, 0x0f, 0xe1, 0xe7, 0x74, 0x98, 0x11, 0x2d, 0x90,
+        0xe4, 0xde, 0xd4, 0x3a, 0xc2, 0xfd, 0x24, 0xe3, 0x1f, 0x7a, 0xf4, 0x40,
+        0xbb, 0x51, 0x92, 0x8f, 0x68, 0x9c, 0x51, 0xab, 0xdc, 0xf6, 0x1e, 0x96,
+        0xca, 0x56, 0x5c, 0x92, 0xca, 0xb2, 0x1b, 0x2e, 0x6d, 0x20, 0x28, 0xb3,
+        0x0a, 0x8e, 0xfd, 0xa9, 0xa2, 0x38, 0x74, 0x60, 0x37, 0xa6, 0x96, 0x02,
+        0x20, 0x8a, 0x9a, 0x2b, 0x8c, 0xb9, 0x6d, 0xec, 0xff, 0xbf, 0x88, 0xbd,
+        0x6c, 0xb4, 0x10, 0xbd, 0xfa, 0x5a, 0xeb, 0xb2, 0x6b, 0x74, 0x13, 0x2d,
+        0xa5, 0xdb, 0x60, 0x93, 0xc6, 0xed, 0x39, 0x4f, 0xc5, 0x63, 0xe1, 0x9e,
+        0x57, 0x1f, 0xe7, 0x47, 0xa4, 0xfb, 0x7f, 0xfa, 0x3a, 0x46, 0x50, 0x3a,
+        0xd8, 0xd3, 0x83, 0xf5, 0xe6, 0x5e, 0xf8, 0x09, 0x0d, 0xfa, 0x33, 0xe1,
+        0x50, 0xe4, 0x36, 0x3e, 0x0a, 0x5d, 0xe6, 0xf8, 0x2e, 0x17, 0x87, 0x8f,
+        0xe1, 0x8c, 0x82, 0x73, 0xbd, 0xdd, 0x3b, 0x77, 0x47, 0x9f, 0x42, 0xd7,
+        0xf4, 0x2d, 0x6c, 0xef, 0xcc, 0x22, 0x15, 0x3c, 0xe9, 0x26, 0xea, 0xbc,
+        0xee, 0x09, 0xd3, 0xea, 0x84, 0x0f, 0x46, 0xa8, 0xe0, 0xda, 0xc5, 0x57,
+        0x02, 0x54, 0xb6, 0x88, 0x2b, 0x37, 0xe5, 0x96, 0xc5, 0x33, 0xb7, 0x45,
+        0x5d, 0xb7, 0xc7, 0xfd, 0xa0, 0xfa, 0x85, 0x1b, 0x2f, 0xe1, 0xec, 0x89,
+        0xc6, 0xb2, 0x51, 0x71, 0xcb, 0x08, 0x82, 0x3e, 0xc9, 0xed, 0x80, 0x9d,
+        0x37, 0x31, 0x9d, 0x15, 0xde, 0x24, 0x6f, 0xbd, 0x0e, 0x73, 0xa2, 0xb8,
+        0x7e, 0x29, 0x7e, 0x96, 0xe4, 0xbb, 0xd6, 0x23, 0x17, 0xff, 0x33, 0x97,
+        0x9c, 0x87, 0xe0, 0xe5, 0x0f, 0xb9, 0xb6, 0x31, 0x33, 0xad, 0xf8, 0xd8,
+        0xdb, 0xa0, 0x71, 0x13, 0xe4, 0x1c, 0xce, 0xd0, 0x7e, 0x65, 0x7b, 0xa0,
+        0x38, 0x17, 0x53, 0x4f, 0x71, 0x75, 0x6d, 0x02, 0x61, 0xc4, 0x52, 0xf8,
+        0xe4, 0x2e, 0xbc, 0x52, 0xc1, 0xb1, 0x7e, 0x83, 0x0a, 0xa1, 0xd1, 0xcd,
+        0x2f, 0xa0, 0x30, 0xfd, 0x41, 0x86, 0x7f, 0x26, 0xd1, 0xe7, 0xfc, 0xd7,
+        0xc7, 0x37, 0xe5, 0x11, 0xa6, 0xc0, 0x9a, 0x75, 0x18, 0x04, 0x36, 0xca,
+        0x8e, 0x26, 0x7d, 0xcf, 0xa2, 0x6a, 0x94, 0x9b, 0xc4, 0xf7, 0xc7, 0xeb,
+        0x51, 0x13, 0xa3, 0x6f, 0x8c, 0x80, 0x5f, 0xae, 0xf0, 0x18, 0xa0, 0x88,
+        0xe0, 0x8d, 0xb7, 0x80, 0x4e, 0x8c, 0xec, 0xc8, 0x7b, 0xeb, 0xac, 0x29,
+        0xb7, 0x4a, 0x0f, 0x33, 0xdd, 0x9d, 0x89, 0x0a, 0x10, 0xb0, 0xce, 0x74,
+        0x59, 0xa2, 0x62, 0x91, 0xc9, 0xac, 0x56, 0xcd, 0x69, 0xd3, 0x01, 0x6d,
+        0x51, 0xe7, 0x04, 0xc3, 0xfb, 0xe9, 0x79, 0x1b, 0x72, 0x72, 0x1a, 0x90,
+        0x0a, 0x20, 0x55, 0x85, 0xc1, 0x8b, 0xeb, 0x1e, 0x9f, 0x9f, 0x4a, 0x81,
+        0x47, 0x97, 0x96, 0xbc, 0xc2, 0xe4, 0xc2, 0xfe, 0xa0, 0x20, 0xda, 0x70,
+        0x0c, 0x2b, 0xe2, 0xd4, 0xc8, 0xcb, 0x46, 0x00, 0xb6, 0x7c, 0xfb, 0xbd,
+        0x56, 0x94, 0x3d, 0x7f, 0x64, 0xf7, 0x88, 0xb5, 0xa7, 0xfe, 0xbe, 0x64,
+        0x8a, 0xe4, 0x00, 0x08, 0x82, 0x5b, 0x8f, 0x98, 0x77, 0x87, 0xda, 0xaf,
+        0x16, 0x25, 0x4a, 0x9a, 0xed, 0xfb, 0x50, 0x18, 0x45, 0x46, 0x2b, 0x73,
+        0xff, 0xb9, 0xb9, 0xab, 0xa2, 0x8f, 0x3a, 0xaf, 0xc5, 0x0a, 0x14, 0x91,
+        0xb2, 0x3f, 0xa6, 0x93, 0xf4, 0x81, 0x20, 0x77, 0xfa, 0x51, 0x79, 0x62,
+        0xe8, 0xe6, 0x89, 0x52, 0x39, 0xd5, 0x01, 0xa2, 0x87, 0xa3, 0x53, 0x74,
+        0x3c, 0x36, 0x8a, 0xc3, 0xb4, 0x44, 0x3b, 0x15, 0x21, 0xf6, 0xdc, 0x18,
+        0x02, 0xd2, 0x57, 0xe5, 0x10, 0xf0, 0x3d, 0x61, 0xa7, 0x16, 0x85, 0x6f,
+        0x71, 0x07, 0x75, 0x50, 0x4b, 0x21, 0x53, 0x47, 0x38, 0x35, 0x9e, 0xa7,
+        0xd8, 0xfd, 0x74, 0x59, 0x15, 0x32, 0x7b, 0x89, 0xd0, 0x2c, 0xd9, 0xf6,
+        0x40, 0x49, 0x79, 0xdc, 0xfb, 0x0a, 0x64, 0x59, 0x9b, 0x17, 0x47, 0x36,
+        0xcb, 0xf0, 0xc3, 0xcc, 0x14, 0x8e, 0x1f, 0xa8, 0x12, 0xaa, 0xb7, 0x6a,
+        0xba, 0x45, 0xf9, 0xc4, 0x44, 0xe7, 0xb5, 0x7c, 0xdd, 0xbe, 0x16, 0x76,
+        0x52, 0x92, 0x3d, 0x78, 0xb7, 0xec, 0x81, 0x96, 0xd8, 0x7f, 0x34, 0x2a,
+        0xa2, 0x64, 0x5f, 0xfd, 0xb1, 0x42, 0x4c, 0x79, 0x98, 0xc9, 0x17, 0x48,
+        0x74, 0x12, 0x72, 0x2c, 0xde, 0x91, 0x7e, 0xa9, 0x49, 0x2a, 0xcc, 0x5c,
+        0x60, 0x05, 0x25, 0x09, 0x72, 0x20, 0x80, 0x42, 0x7b, 0x18, 0xc2, 0xfc,
+        0x2a, 0x5e, 0x3e, 0x2d, 0x61, 0xa6, 0xf6, 0x82, 0x42, 0x83, 0x81, 0x66,
+        0x4d, 0xa6, 0xe1, 0xf9, 0xf6, 0x48, 0xd4, 0xc8, 0x69, 0xed, 0xee, 0xb5,
+        0x7a, 0xcb, 0xf6, 0x0a, 0x76, 0x0e, 0x61, 0x8b, 0xf2, 0x1a, 0x8a, 0xa7,
+        0x88, 0xb0, 0x90, 0xd5, 0x23, 0xaa, 0xe0, 0x2b, 0xd6, 0xd0, 0xef, 0x49,
+        0x13, 0x88, 0xc7, 0x50, 0xf0, 0x9e, 0xd5, 0x28, 0xe1, 0xaa, 0x1d, 0xaf,
+        0xd9, 0x73, 0xb3, 0x9e, 0xa7, 0xd8, 0xfc, 0xb9, 0x22, 0x97, 0x0e, 0x21,
+        0xa0, 0xb9, 0xf9, 0xea, 0x1e, 0x95, 0x88, 0xda, 0x85, 0x7c, 0x32, 0x7c,
+        0xbd, 0xef, 0xf8, 0x44, 0x25, 0x5f, 0x23, 0xfd, 0x14, 0x78, 0xc6, 0xdb,
+        0x86, 0xee, 0xf8, 0xda, 0xc0, 0xae, 0x92, 0x6a, 0x03, 0xa9, 0x0a, 0xee,
+        0x4a, 0x22, 0x5a, 0x6c, 0x39, 0xd3, 0x91, 0x7d, 0x91, 0x43, 0xac, 0x79,
+        0xad, 0xab, 0xb7, 0x91, 0xb1, 0x20, 0x84, 0x7f, 0x0a, 0xd7, 0xa8, 0x62,
+        0x95, 0xab, 0x04, 0xb6, 0xb2, 0xf1, 0xd4, 0xb0, 0xac, 0x52, 0x89, 0xb0,
+        0x93, 0xdf, 0xdf, 0x80, 0x26, 0x0c, 0x32, 0x31, 0xb3, 0xba, 0xa1, 0xba,
+        0x6f, 0xa3, 0x14, 0x5c, 0xfa, 0x37, 0x3b, 0x6a, 0xf2, 0xc4, 0x34, 0x27,
+        0x08, 0x1a, 0xe4, 0xfc, 0x89, 0x58, 0x79, 0x34, 0x36, 0xe4, 0xad, 0x4b,
+        0x3f, 0x57, 0x7b, 0xc1, 0x59, 0x2d, 0xb6, 0x54, 0x44, 0xbe, 0x4e, 0x5d,
+        0x0d, 0x6a, 0xf3, 0xcd, 0xbf, 0xcd, 0x4d, 0x9f, 0x9a, 0x50, 0x09, 0xa4,
+        0x6b, 0x8b, 0xb3, 0x01, 0x69, 0x6c, 0x69, 0x5d, 0x28, 0x73, 0x9e, 0xb5,
+        0xc2, 0xc7, 0x6e, 0xff, 0x4c, 0x5c, 0x6b, 0x93, 0x22, 0xc1, 0x9f, 0xa6,
+        0x71, 0xbf, 0x4d, 0x2d, 0x4e, 0x4e, 0x98, 0xa3, 0x6d, 0xab, 0x05, 0xa0,
+        0xde, 0x34, 0x41, 0x28, 0xa4, 0x38, 0x75, 0x4e, 0xdf, 0x7f, 0xc9, 0xdd,
+        0xbf, 0x5a, 0xd4, 0xcd, 0x38, 0x0c, 0x89, 0xe7, 0x0e, 0xfc, 0x0f, 0x27,
+        0x39, 0x21, 0xa4, 0xa6, 0x07, 0x7b, 0x2a, 0x13, 0x56, 0xe7, 0x4e, 0x55,
+        0x57, 0x71, 0x98, 0xb9, 0x3d, 0x59, 0xb5, 0xa8, 0x24, 0x18, 0x08, 0xa2,
+        0x6e, 0x9a, 0xe5, 0x97, 0xa7, 0x38, 0xd9, 0x43, 0x9b, 0x19, 0x17, 0x34,
+        0x03, 0xd6, 0xba, 0xe9, 0x71, 0x38, 0x26, 0x90, 0x78, 0x9e, 0x1c, 0x41,
+        0x8d, 0x60, 0xdd, 0x0e, 0x12, 0x46, 0x37, 0xb4, 0x79, 0x87, 0x33, 0x12,
+        0x24, 0xc4, 0x5a, 0x6c, 0x70, 0xa2, 0xb2, 0x58, 0xbb, 0xe7, 0xd6, 0x88,
+        0x42, 0x2d, 0x49, 0xc8, 0x67, 0x1e, 0xc5, 0xed, 0x16, 0xa8, 0x1f, 0x36,
+        0x2b, 0xfb, 0x0d, 0x51, 0x96, 0xc8, 0x78, 0xf2, 0xab, 0x82, 0xa1, 0xe2,
+        0xaf, 0x8c, 0xa4, 0x13, 0x54, 0x90, 0xf1, 0xe7, 0xbb, 0xd1, 0x09, 0x23,
+        0x76, 0x0e, 0x50, 0x32, 0xc5, 0x54, 0xbb, 0x1e, 0x12, 0x5d, 0x59, 0xf3,
+        0xe9, 0xc9, 0xa4, 0xaa, 0xbc, 0x13, 0x1d, 0xf0, 0x79, 0x54, 0xae, 0x70,
+        0xc0, 0xea, 0xcb, 0x21, 0x32, 0xe6, 0xe6, 0x8e, 0xaa, 0x51, 0x46, 0x25,
+        0x1e, 0xf1, 0x3f, 0x9f, 0xf6, 0xff, 0x19, 0x53, 0x97, 0xbc, 0xa2, 0xb6,
+        0x91, 0x59, 0x27, 0x1e, 0x39, 0x76, 0x76, 0x02, 0x0b, 0x03, 0x25, 0x6b,
+        0x00, 0x02, 0xfa, 0x7d, 0x69, 0x5e, 0xde, 0x64, 0x33, 0xbf, 0xab, 0x3e,
+        0x3f, 0x24, 0x32, 0x68, 0xbf, 0x90, 0x8f, 0x0f, 0xc5, 0x36, 0x58, 0x9e,
+        0x9b, 0x11, 0xd1, 0x2a, 0x8a, 0x0d, 0xac, 0x3a, 0x23, 0xe2, 0x8e, 0xd6,
+        0x0d, 0x4a, 0x8b, 0x45, 0x04, 0x47, 0xd9, 0x5a, 0x46, 0x6c, 0x70, 0x82,
+        0xc7, 0x81, 0x67, 0xdc, 0xa6, 0xfa, 0x6a, 0x86, 0xfd, 0x01, 0xed, 0x90,
+        0xf6, 0xe6, 0x26, 0x6d, 0xac, 0x52, 0x03, 0x4a, 0x91, 0x08, 0x7b, 0xa5,
+        0x9c, 0xca, 0xd3, 0x2d, 0x79, 0xf1, 0xed, 0xcb, 0xaa, 0x8f, 0x77, 0xc8,
+        0x17, 0xa8, 0xfb, 0x6c, 0x15, 0x62, 0xab, 0x34, 0xd1, 0xdd, 0x94, 0x3e,
+        0xd4, 0x0c, 0x47, 0xed, 0x04, 0x91, 0xd2, 0xd7, 0x98, 0xb4, 0x43, 0x57,
+        0xd1, 0x54, 0xef, 0x63, 0xba, 0xe3, 0x8a, 0x72, 0xc5, 0xb9, 0xf4, 0x30,
+        0xfa, 0x16, 0x3c, 0xe1, 0xbb, 0xbe, 0x57, 0x90, 0xb9, 0xa1, 0xa0, 0x23,
+        0xfa, 0xdd, 0xbe, 0x2f, 0xb3, 0xec, 0x41, 0x8b, 0x64, 0xeb, 0xc5, 0x41,
+        0xea, 0xa8, 0x16, 0x76, 0x6f, 0x28, 0xda, 0x2b, 0x5f, 0x03, 0x0b, 0xe8,
+        0x1c, 0x29, 0x71, 0xd8, 0x4e, 0x41, 0xdf, 0x39, 0x8e, 0x6a, 0x95, 0x79,
+        0x85, 0x9c, 0xa9, 0x79, 0xd9, 0x8f, 0x33, 0xaf, 0x15, 0x3b, 0x5a, 0x82,
+        0x56, 0x32, 0x98, 0x0c, 0xf6, 0xf6, 0x64, 0x42, 0xd4, 0x6a, 0x15, 0x0f,
+        0xb9, 0x75, 0x22, 0xbd, 0x9a, 0x58, 0xa6, 0x01, 0x3a, 0x63, 0xf0, 0x80,
+        0x78, 0x22, 0x80, 0xa0, 0x14, 0xe1, 0x37, 0x6b, 0xd4, 0x99, 0x3f, 0xc2,
+        0xba, 0x2b, 0x8f, 0xf3, 0x56, 0xc8, 0x1b, 0xe4, 0x7a, 0x5e, 0x96, 0x60,
+        0xee, 0x74, 0x54, 0xb6, 0x6d, 0x5c, 0x3d, 0x3e, 0x05, 0xf0, 0x9a, 0xf6,
+        0xcd, 0xdd, 0x06, 0xdb, 0x8c, 0x21, 0xb9, 0xf5, 0x28, 0x57, 0x9c, 0x4f,
+        0xb4, 0x08, 0xcf, 0xac, 0x6c, 0xfe, 0x30, 0xaf, 0xa2, 0xef, 0xcf, 0x93,
+        0x15, 0xdd, 0x12, 0x16, 0x19, 0x7d, 0xbc, 0x57, 0xd9, 0xce, 0xbe, 0x0e,
+        0xfc, 0xe1, 0xf0, 0x4a, 0x7c, 0xaa, 0xbf, 0x20, 0x64, 0x00, 0x34, 0x59,
+        0xed, 0xea, 0x12, 0x58, 0x46, 0x4c, 0xc6, 0x2f, 0x77, 0x62, 0x1d, 0x82,
+        0x5c, 0xe8, 0x98, 0x0d, 0xef, 0x5c, 0x0e, 0xec, 0x5d, 0x2e, 0x5f, 0xd2,
+        0x22, 0x43, 0x2d, 0xe1, 0x02, 0xd5, 0x4a, 0x0a, 0x79, 0x6f, 0xa5, 0xec,
+        0x48, 0xaa, 0xee, 0xf8, 0xe3, 0x5f, 0xdd, 0xe7, 0x26, 0x87, 0xb5, 0xc4,
+        0xcf, 0xd9, 0x7f, 0xa8, 0xaa, 0xb6, 0xbe, 0xe9, 0x02, 0x49, 0x5d, 0x5f,
+        0x81, 0x8b, 0xb9, 0xbd, 0xc0, 0xc9, 0xd5, 0xfe, 0x36, 0x3e, 0x49, 0x56,
+        0x63, 0x8b, 0xce, 0xef, 0x48, 0x6e, 0xc0, 0xd4, 0x04, 0x0c, 0x33, 0x45,
+        0x6e, 0x97, 0x9e, 0xa3, 0xae, 0xbc, 0xc2, 0xce, 0xdc, 0xe3, 0xff, 0x48,
+        0x51, 0x68, 0x89, 0xad, 0xae, 0xc7, 0xd1, 0xde, 0xe2, 0xf9, 0xfe, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06,
+        0x0c, 0x18, 0x20, 0x24, 0x2f, 0x33, 0x3f
+#else
     0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0,
     0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf,
     0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2,
@@ -42101,7 +45152,8 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
     0x40, 0x7e, 0x87, 0x92, 0x96, 0x51, 0x63, 0x87, 0xae, 0xc8,
     0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
-    0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f,
+    0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f
+#endif
     };
 
     return dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
@@ -42194,11 +45246,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
     }
 
 #ifndef WOLFSSL_NO_ML_DSA_44
+#ifdef WOLFSSL_WC_DILITHIUM
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
     ret = dilithium_param_44_vfy_test();
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
+#endif
 #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
     ret = dilithium_param_test(WC_ML_DSA_44, &rng);
     if (ret != 0)
@@ -42206,11 +45260,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
 #endif
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
+#ifdef WOLFSSL_WC_DILITHIUM
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
     ret = dilithium_param_65_vfy_test();
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
+#endif
 #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
     ret = dilithium_param_test(WC_ML_DSA_65, &rng);
     if (ret != 0)
@@ -42218,11 +45274,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
 #endif
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_87
+#ifdef WOLFSSL_WC_DILITHIUM
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
     ret = dilithium_param_87_vfy_test();
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
+#endif
 #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
     ret = dilithium_param_test(WC_ML_DSA_87, &rng);
     if (ret != 0)
@@ -42385,7 +45443,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
 
             ret2 = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
                                      msgSz);
-            if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+            if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
                 /* Verify passed when it should have failed. */
                 return WC_TEST_RET_ENC_I(j);
             }
@@ -42396,20 +45454,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
     }
 
     /* Cleanup everything. */
-    if (sig != NULL) {
-        XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        sig = NULL;
-    }
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    sig = NULL;
 
-    if (sk != NULL) {
-        XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        sk = NULL;
-    }
+    XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    sk = NULL;
 
-    if (old_sk != NULL) {
-        XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        old_sk = NULL;
-    }
+    XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    old_sk = NULL;
 
     wc_XmssKey_Free(&signingKey);
     wc_FreeRng(&rng);
@@ -42849,7 +45901,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
     xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
     ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
                              (byte *) xmss_msg, sizeof(xmss_msg));
-    if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+    if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
         printf("error: wc_XmssKey_Verify returned %d, expected -1\n", ret2);
         return WC_TEST_RET_ENC_EC(ret2);
     }
@@ -42870,7 +45922,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
 
         ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
                                  (byte *) xmss_msg, sizeof(xmss_msg));
-        if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+        if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
             /* Verify passed when it should have failed. */
             return WC_TEST_RET_ENC_I(j);
         }
@@ -43020,7 +46072,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 
             ret2 = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
                                      msgSz);
-            if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+            if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
                 /* Verify passed when it should have failed. */
                 return WC_TEST_RET_ENC_I(j);
             }
@@ -43361,7 +46413,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     lms_msg[msgSz / 2] ^= 1;
     ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
                             (byte *) lms_msg, msgSz);
-    if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+    if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
         printf("error: wc_LmsKey_Verify returned %d, expected -1\n", ret2);
         return WC_TEST_RET_ENC_EC(ret);
     }
@@ -43383,7 +46435,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
         ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig,
                                 LMS_L1H10W8_SIGLEN,
                                 (byte *) lms_msg, msgSz);
-        if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+        if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
             /* Verify passed when it should have failed. */
             return WC_TEST_RET_ENC_I(j);
         }
@@ -43418,17 +46470,17 @@ static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
     word32 sigSz;
 
     ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_InitEccsiKey(NULL, NULL, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitEccsiKey(NULL, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeEccsiKey(NULL);
@@ -43439,373 +46491,373 @@ static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeEccsiKey(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiKey(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiKey(NULL, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
             NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key set */
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
             NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
             NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key set */
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
             &valid);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(key, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(key, pvt, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(key, NULL, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key created so no curve information. */
     ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportEccsiKey(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key to export */
     ret = wc_ExportEccsiKey(key, NULL, &sz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportEccsiKey(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiKey(key, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiKey(NULL, data, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPrivateKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key to export */
     ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key to export */
     ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
             &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetEccsiHash(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiHash(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiHash(NULL, hash, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetEccsiPair(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(key, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(NULL, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(NULL, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(key, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(key, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(NULL, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
             &sigSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
             &sigSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
             &sigSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* Key not set. */
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
             &sigSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
             &valid);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetEccsiPair(key, ssk, pvt);
@@ -43814,7 +46866,7 @@ static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
     /* Identity hash not set. */
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
             &sigSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeEccsiKey(key);
@@ -43929,7 +46981,7 @@ static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_po
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 
     ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (sz != 32 * 3)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -43949,7 +47001,7 @@ static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_po
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (sz != 32)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -43966,7 +47018,7 @@ static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_po
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (sz != 32 * 2)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -44014,7 +47066,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
     word32 sz;
 
     ret = wc_ExportEccsiKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32 * 3)
         return WC_TEST_RET_ENC_NC;
@@ -44025,7 +47077,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32 * 3)
         return WC_TEST_RET_ENC_NC;
@@ -44038,7 +47090,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
         return WC_TEST_RET_ENC_NC;
 
     ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32)
         return WC_TEST_RET_ENC_NC;
@@ -44049,7 +47101,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32)
         return WC_TEST_RET_ENC_NC;
@@ -44072,7 +47124,7 @@ static wc_test_ret_t eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
     word32 sz;
 
     ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32 * 2)
         return WC_TEST_RET_ENC_NC;
@@ -44168,7 +47220,7 @@ static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RN
 #ifdef WOLFSSL_SHA384
     ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA384, id, idSz, pvt, hashPriv,
             &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
@@ -44196,7 +47248,7 @@ static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RN
 
     ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
             &sigSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sigSz != 129)
         return WC_TEST_RET_ENC_NC;
@@ -44428,10 +47480,10 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
     word32 len;
 
     ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeSakkeKey(NULL);
@@ -44444,386 +47496,386 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkeKey(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeKey(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeKey(NULL, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkePublicKey(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePublicKey(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePublicKey(NULL, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeRsk(key, id, 1, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkeKey(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkeKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkeKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkeKey(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeKey(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeKey(NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePrivateKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePrivateKey(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePrivateKey(NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     sz = sizeof(data);
     ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkeRsk(NULL, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeRsk(key, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeRsk(NULL, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeRsk(key, data, 1);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     len--;
     ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GetSakkeAuthSize(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkeAuthSize(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkeAuthSize(NULL, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(NULL, id, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(NULL, id, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GenerateSakkePointITable(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkePointITable(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkePointITable(NULL, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkePointITable(key, NULL, &len);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     len--;
     ret = wc_GenerateSakkePointITable(key, data, &len);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkePointITable(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointITable(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointITable(NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointITable(key, data, 1);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ClearSakkePointITable(NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GetSakkePointI(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkePointI(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkePointI(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     sz = 1;
     ret = wc_GetSakkePointI(key, data, &sz);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     sz = 256;
     ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkeIdentity(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeIdentity(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeIdentity(NULL, id, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ssvSz = sizeof(ssv);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, &authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeRsk(key, NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ssvSz = sizeof(ssv);
     authSz = sizeof(auth);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkeIdentity(key, id, 1);
@@ -44831,7 +47883,7 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeIdentity(key, id, 0);
     if (ret != 0)
@@ -44842,7 +47894,7 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeSakkeKey(key);
@@ -45014,7 +48066,7 @@ static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
     iTableLen = 0;
     ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (iTableLen != 0) {
         iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -45026,7 +48078,7 @@ static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
     }
     len = 0;
     ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (len > 0) {
         table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -45054,10 +48106,8 @@ static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     /* Dispose of tables */
-    if (iTable != NULL)
-        XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (table != NULL)
-        XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     /* Make sure the key public key is exportable - convert to Montgomery form
      * in Validation.
@@ -45220,7 +48270,7 @@ static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkeKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 384)
         return WC_TEST_RET_ENC_NC;
@@ -45247,7 +48297,7 @@ static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 128)
         return WC_TEST_RET_ENC_NC;
@@ -45273,7 +48323,7 @@ static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 256)
         return WC_TEST_RET_ENC_NC;
@@ -45359,7 +48409,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
     word32 sz;
 
     ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (ssvSz != 16)
         return WC_TEST_RET_ENC_NC;
@@ -45385,7 +48435,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
 
     ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             NULL, &authSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (authSz != 257)
         return WC_TEST_RET_ENC_NC;
@@ -45404,7 +48454,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
         return WC_TEST_RET_ENC_NC;
 
     ret = wc_GetSakkePointI(pub, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 256)
         return WC_TEST_RET_ENC_NC;
@@ -45445,7 +48495,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
     ssv[0] ^= 0x80;
     ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != SAKKE_VERIFY_FAIL_E)
+    if (ret != WC_NO_ERR_TRACE(SAKKE_VERIFY_FAIL_E))
         return WC_TEST_RET_ENC_EC(ret);
     ssv[0] ^= 0x80;
 
@@ -45552,8 +48602,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void)
     }
     if (rng_inited)
         wc_FreeRng(&rng);
-    if (key != NULL)
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (pub != NULL) {
         wc_FreeSakkeKey(pub);
         XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -45781,7 +48830,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
 
         XMEMSET(tag, 0, sizeof(tag));
         tagSz = sizeof(tag);
-#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
         ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
                                tc->k, tc->kSz, NULL, devId);
 #else
@@ -45792,7 +48841,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
         ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz,
                              tc->k, tc->kSz, HEAP_HINT, devId);
 #else
@@ -45802,7 +48851,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
         /* Test that keyless generate with init is the same */
         XMEMSET(tag, 0, sizeof(tag));
         tagSz = sizeof(tag);
@@ -45824,8 +48873,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (cmac)
-        XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
+    XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
 #endif
 
     return ret;
@@ -46103,53 +49151,53 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
 
     /* Testing bad parameters. */
     ret = wc_InitSipHash(NULL, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(NULL, siphash_key, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(&siphash, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(&siphash, siphash_key, 7);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashUpdate(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashUpdate(&siphash, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(NULL, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(&siphash, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(NULL, res, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SipHash(NULL, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(siphash_key, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(NULL, NULL, 0, res, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(siphash_key, NULL, 0, res, 15);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(siphash_key, NULL, 1, res, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Test cache with multiple non blocksize bytes */
@@ -46480,8 +49528,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void)
     ret = 0; /* success */
 
 exit:
-    if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -46971,7 +50019,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
     /* if needing to find keyIdSz can call with NULL */
     ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
             &keyIdSz);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         printf("Unexpected error %d when getting keyIdSz\n", ret);
         printf("Possibly no KEY ID attribute set\n");
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -47474,7 +50522,9 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
             for (z = 0; z < envelopedSz; z++) {
                 decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
                                                  decoded, PKCS7_BUF_SIZE);
-                if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
+                if (decodedSz <= 0 &&
+                    decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
+                {
                     printf("unexpected error %d\n", decodedSz);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
                 }
@@ -47524,12 +50574,9 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
     (void)rsaPrivKeySz;
 
   out:
-    if (testVectors)
-        XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (enveloped)
-        XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (decoded)
-        XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -48163,7 +51210,9 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
             for (z = 0; z < envelopedSz; z++) {
                 decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
                         enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
-                if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
+                if (decodedSz <= 0 &&
+                    decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
+                {
                     printf("unexpected error %d\n", decodedSz);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
                 }
@@ -48232,12 +51281,9 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
 #endif
 
   out:
-    if (testVectors)
-        XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (enveloped)
-        XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (decoded)
-        XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -48407,7 +51453,7 @@ static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
     /* find keyID in fwWrappedFirmwareKey */
     ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
             sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
-    if (ret == LENGTH_ONLY_E) {
+    if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         XMEMSET(atr, 0, sizeof(atr));
         ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
                 sizeof(fwWrappedFirmwareKey), atr, &atrSz);
@@ -48652,7 +51698,7 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
 
     /* Get size of SID and print it out */
     ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         goto out;
 
     sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -48700,12 +51746,10 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
 
   out:
 
-    if (decoded)
-        XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (pkcs7)
         wc_PKCS7_Free(pkcs7);
-    if (sid)
-        XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -48762,8 +51806,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 cert
     ret = 0;
 
   out:
-    if (derBuf)
-        XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -48954,7 +51997,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
             for (z = 0; z < encryptedSz; z++) {
                 decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
                                                  decoded, PKCS7_BUF_SIZE);
-                if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
+                if (decodedSz <= 0 &&
+                    decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
+                {
                     printf("unexpected error %d\n", decodedSz);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
                 }
@@ -49032,10 +52077,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
     }
 
   out:
-    if (encrypted)
-        XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (decoded)
-        XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -49158,10 +52201,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (compressed)
-        XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (decoded)
-        XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -49578,11 +52619,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
         #endif
 
             for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
-                #if defined(WOLF_C89)
-                    XSPRINTF((char*)&transId[k], "%02x", digest[j]);
-                #else
-                    (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
-                #endif
+                (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
             }
         }
 
@@ -49652,7 +52689,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
             if (testVectors[i].signedAttribs != NULL) {
                 ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz,
                     NULL, (word32*)&bufSz);
-                if (ret != LENGTH_ONLY_E)
+                if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
                 ret = 0;
             }
@@ -49688,10 +52725,8 @@ static wc_test_ret_t pkcs7signed_run_vectors(
 
     if (pkcs7 != NULL)
         wc_PKCS7_Free(pkcs7);
-    if (out != NULL)
-        XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (testVectors != NULL)
-        XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     wc_FreeRng(&rng);
 
     if (ret > 0)
@@ -50131,7 +53166,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
             word32 z;
             for (z = 0; z < outSz && ret != 0; z++) {
                 ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
-                if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
+                if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
                     printf("unexpected error %d\n", ret);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
                 }
@@ -50222,15 +53257,12 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
 
     if (pkcs7 != NULL)
         wc_PKCS7_Free(pkcs7);
-    if (out != NULL)
-        XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
         !defined(NO_PKCS7_ENCRYPTED_DATA)
-    if (encryptedTmp != NULL)
-        XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
-    if (testVectors != NULL)
-        XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     wc_FreeRng(&rng);
 
     if (ret > 0)
@@ -50557,10 +53589,10 @@ static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
     }
 
     ret = mp_read_radix(r, badStr1, MP_RADIX_DEC);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(r, badStr2, MP_RADIX_DEC);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(r, empty2, MP_RADIX_DEC);
     if (ret != MP_OKAY)
@@ -50634,7 +53666,7 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
     if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(r, badStr2, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(r, 1);
@@ -50650,7 +53682,7 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
     XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
     longStr[sizeof(longStr)-1] = '\0';
     ret = mp_read_radix(r, longStr, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -50677,10 +53709,10 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
 
 #ifdef WOLFSSL_SP_MATH
     ret = mp_toradix(a, str, 8);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(a, 8, &size);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -50799,7 +53831,7 @@ static wc_test_ret_t mp_test_read_to_bin(mp_int* a)
 
     /* Length too small. */
     ret = mp_to_unsigned_bin_len(a, out, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_read_unsigned_bin(a, NULL, 0);
@@ -50881,7 +53913,7 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     (void)r;
 
     ret = mp_init(NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
@@ -50894,11 +53926,11 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
     ret = mp_grow(NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef WOLFSSL_SP_MATH
     ret = mp_grow(a, SP_INT_DIGITS + 1);
-    if (ret != MP_MEM)
+    if (ret != WC_NO_ERR_TRACE(MP_MEM))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 #endif
@@ -50906,49 +53938,52 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     mp_clear(NULL);
 
     ret = mp_abs(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_abs(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_abs(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_unsigned_bin_size(NULL);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
+    /* clear buffer to avoid provoking uninitvar errors. */
+    XMEMSET(buffer, 0, sizeof(buffer));
+
     ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_unsigned_bin(a, buffer, SP_INT_DIGITS * SP_WORD_SIZEOF + 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_read_radix(NULL, NULL, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(a, NULL, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(NULL, hexStr, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #ifndef WOLFSSL_SP_INT_NEGATIVE
     ret = mp_read_radix(a, negStr, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_read_radix(a, negStr, 10);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* WOLFSSL_SP_MATH_ALL */
 #endif /* WOLFSSL_SP_INT_NEGATIVE */
@@ -50956,12 +53991,12 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 #ifndef WOLFSSL_SP_MATH_ALL
     /* Radix 10 only supported with ALL. */
     ret = mp_read_radix(a, decStr, 10);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     /* Radix 8 not supported SP_INT. */
     ret = mp_read_radix(a, "0123", 8);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_count_bits(NULL);
@@ -50984,43 +54019,43 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
     !defined(NO_RSA)
     ret = mp_set_bit(NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
     !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_to_unsigned_bin(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin(NULL, buffer);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_len(a, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
     !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
     if (ret != MP_OKAY)
@@ -51029,24 +54064,24 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
     ret = mp_copy(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_copy(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_copy(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH)
     ret = sp_2expt(NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = mp_set(NULL, 0);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_cmp_d(NULL, 0);
@@ -51072,489 +54107,489 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
     !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_lshd(NULL, 0);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lshd(a, SP_INT_DIGITS + 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_div(NULL, NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div(a, NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div(NULL, b, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div(a, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_mod(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_set_int(NULL, 0);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
     (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, a, 1, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, a, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, a, 1, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, a, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, a, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, a, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
     !defined(WC_NO_RNG)
     ret = mp_rand_prime(NULL, 32, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_rand_prime(a, 32, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_rand_prime(NULL, 32, rng, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_rand_prime(a, 0, rng, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_mul(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_sqr(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqr(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqr(NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_sqrmod(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(a, NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_mulmod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
     !defined(NO_RSA) || !defined(NO_DSA)
     ret = mp_add_d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add_d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add_d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
     !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
     ret = mp_sub_d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub_d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub_d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
     defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     ret = mp_div_d(NULL, 0, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_d(a, 0, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_d(NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
                             (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
     ret = mp_mod_d(NULL, 0, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_d(a, 0, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_d(NULL, 0, &rd);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     ret = mp_gcd(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(a, NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
     ret = mp_div_2_mod_ct(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_div_2(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2(NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
     defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
     ret = mp_invmod(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(a, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
     ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(a, b, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(a, NULL, a, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(NULL, b, a, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
     ret = mp_lcm(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, b, 1, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, b, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, b, 1, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_exptmod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -51566,115 +54601,115 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
     ret = mp_prime_is_prime(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(NULL, 1, &result);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 0, &result);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 1024, &result);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
     ret = mp_exch(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exch(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exch(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
                                                     defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_mul_d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_add(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_sub(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -51682,126 +54717,126 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 #if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
                                      defined(WOLFSSL_CUSTOM_CURVES))
     ret = mp_addmod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_submod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_div_2d(NULL, 1, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_mod_2d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_2d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_2d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_mul_2d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_2d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_2d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_montgomery_reduce(NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_reduce(a, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_reduce(NULL, b, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_zero(b);
     ret = mp_montgomery_reduce(a, b, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_montgomery_setup(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_setup(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_setup(NULL, &rho);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_montgomery_calc_normalization(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_calc_normalization(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_calc_normalization(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -51811,53 +54846,53 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 
 #if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_tohex(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_tohex(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_tohex(NULL, hexStr);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     ret = mp_todecimal(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_todecimal(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_todecimal(NULL, decStr);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_toradix(a, NULL, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_toradix(a, hexStr, 3);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(a, 3, &size);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -51942,11 +54977,11 @@ static wc_test_ret_t mp_test_set_is_bit(mp_int* a)
         i = SP_INT_MAX_BITS + j;
         if (mp_is_bit_set(a, i))
             return WC_TEST_RET_ENC_NC;
-        if (mp_set_bit(a, i) != MP_VAL)
+        if (mp_set_bit(a, i) != WC_NO_ERR_TRACE(MP_VAL))
             return WC_TEST_RET_ENC_NC;
     #ifdef WOLFSSL_KEY_GEN
         ret = mp_2expt(a, i);
-        if (ret != MP_VAL)
+        if (ret != WC_NO_ERR_TRACE(MP_VAL))
             return WC_TEST_RET_ENC_EC(ret);
     #endif
     }
@@ -52177,7 +55212,7 @@ static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
     mp_zero(d);
 
     ret = mp_div(a, d, r, rem);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(d, 1);
@@ -52316,7 +55351,7 @@ static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 #else
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_NC;
 #endif
 #ifndef WOLFSSL_SP_MATH
@@ -52336,13 +55371,13 @@ static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng)
 #endif
 
     ret = mp_prime_is_prime(a, 0, &res);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, -1, &res);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 257, &res);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(a, 1);
@@ -52425,13 +55460,13 @@ static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* ex
     mp_set(a, 0);
     mp_set(b, 1);
     ret = mp_lcm(a, a, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(b, a, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
@@ -52487,7 +55522,7 @@ static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* ex
     if (ret != MP_EQ)
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(b, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     return 0;
@@ -52596,7 +55631,7 @@ static wc_test_ret_t mp_test_mod_d(mp_int* a, WC_RNG* rng)
     if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_d(a, 0, &r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_zero(a);
@@ -52726,25 +55761,25 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
     mp_set(a, 0);
     mp_set(m, 1);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(m, a, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 2);
     mp_set(m, 4);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 3);
     mp_set(m, 6);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 5*9);
     mp_set(m, 6*9);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 4);
@@ -52778,7 +55813,7 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
     mp_set(m, 0);
     mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     /* Maximum modulus - even. */
     mp_set(m, 0);
@@ -52799,22 +55834,22 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
     mp_set(a, 0);
     mp_set(m, 3);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 0);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 1);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 2);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(a, 1);
@@ -52838,10 +55873,10 @@ static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
     mp_set(e, 0x3);
     mp_set(m, 0x0);
     ret = mp_exptmod_ex(b, e, 1, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(b, e, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 
@@ -52946,10 +55981,10 @@ static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
     mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
     mp_add_d(m, 0x01, m);
     ret = mp_exptmod_ex(b, e, 1, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(b, e, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -53207,7 +56242,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
              *        - if p and a are even it will fail.
              */
             ret = mp_invmod(a, p, r1);
-            if (ret != 0 && ret != MP_VAL)
+            if (ret != 0 && ret != WC_NO_ERR_TRACE(MP_VAL))
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
         #ifndef WOLFSSL_SP_MATH
@@ -53730,9 +56765,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void)
 #endif /* WOLFSSL_PUBLIC_MP */
 
 
-#if defined(ASN_BER_TO_DER) && \
-    (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
-     defined(OPENSSL_EXTRA_X509_SMALL))
+#ifdef ASN_BER_TO_DER
 /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
 typedef struct berDerTestData {
     const byte *in;
@@ -53792,7 +56825,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
 
     for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
         ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
-        if (ret != LENGTH_ONLY_E)
+        if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             return WC_TEST_RET_ENC_I(i);
         if (len != testData[i].outSz)
             return WC_TEST_RET_ENC_I(i);
@@ -53805,50 +56838,50 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
 
         for (l = 1; l < testData[i].inSz; l++) {
             ret = wc_BerToDer(testData[i].in, l, NULL, &len);
-            if (ret != ASN_PARSE_E)
+            if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
                  return WC_TEST_RET_ENC_EC(ret);
             len = testData[i].outSz;
             ret = wc_BerToDer(testData[i].in, l, out, &len);
-            if (ret != ASN_PARSE_E)
+            if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
                  return WC_TEST_RET_ENC_EC(ret);
         }
 
         for (l = 0; l < testData[i].outSz-1; l++) {
             ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
-            if (ret != BUFFER_E)
+            if (ret != WC_NO_ERR_TRACE(BUFFER_E))
                  return WC_TEST_RET_ENC_EC(ret);
         }
     }
 
     ret = wc_BerToDer(NULL, 4, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(out, 4, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(NULL, 4, NULL, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(NULL, 4, out, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(out, 4, out, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(NULL, 4, out, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     for (l = 1; l < sizeof(good4_out); l++) {
         len = l;
         ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
-        if (ret != BUFFER_E)
+        if (ret != WC_NO_ERR_TRACE(BUFFER_E))
             return WC_TEST_RET_ENC_EC(ret);
     }
 
     return 0;
 }
-#endif
+#endif /* ASN_BER_TO_DER */
 
 #ifdef DEBUG_WOLFSSL
 static THREAD_LS_T int log_cnt = 0;
@@ -53917,11 +56950,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void)
 #else
     WOLFSSL_ENTER("logging_test");
     ret = wolfSSL_Debugging_ON();
-    if (ret != NOT_COMPILED_IN)
+    if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         return WC_TEST_RET_ENC_EC(ret);
     wolfSSL_Debugging_OFF();
     ret = wolfSSL_SetLoggingCb(NULL);
-    if (ret != NOT_COMPILED_IN)
+    if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* DEBUG_WOLFSSL */
     return 0;
@@ -53976,7 +57009,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
     /* trying to free a locked mutex is not portable behavior with pthread */
     /* Attempting to destroy a locked mutex results in undefined behavior */
     ret = wc_FreeMutex(&m);
-    if (ret != BAD_MUTEX_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_UnLockMutex(&m);
@@ -53988,10 +57021,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
 #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
     /* Trying to use a pthread after free'ing is not portable behavior */
     ret = wc_LockMutex(&m);
-    if (ret != BAD_MUTEX_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_UnLockMutex(&m);
-    if (ret != BAD_MUTEX_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 #endif
@@ -54319,7 +57352,7 @@ static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx)
     */
     ctx->exampleVar = 1;
     ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     } else
         /* reset return code */
@@ -54355,7 +57388,7 @@ static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx)
         ctx->exampleVar = 1;
         ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
                             in, inLen, out, &sigSz, key, sizeof(*key), NULL);
-        if (ret != NO_VALID_DEVID) {
+        if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
         } else
             /* reset return code */
@@ -54479,7 +57512,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     ctx->exampleVar = 1;
     ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     } else
         /* reset return code */
@@ -54504,7 +57537,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret == 0) {
         ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
     }
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     }
     else
@@ -54522,7 +57555,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret == 0) {
         ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
     }
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     }
     else
@@ -54543,7 +57576,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret == 0) {
         ret = wc_ecc_shared_secret(key, pub, out, &outLen);
     }
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     }
     else
@@ -54673,12 +57706,8 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
         wc_ecc_free(key);
         XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (pub != NULL) {
-        XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #ifdef OPENSSL_EXTRA
     if (check) {
         FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -54702,7 +57731,8 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
 /* Example crypto dev callback function that calls software version */
 static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); /* return this to bypass HW and
+                                                   use SW */
     myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
 
     if (info == NULL)
@@ -54807,7 +57837,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                 ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
                     info->pk.rsakg.e, info->pk.rsakg.rng);
 #ifdef HAVE_FIPS
-                if (ret == PRIME_GEN_E)
+                if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E))
                     continue;
                 break;
             }
@@ -55466,6 +58496,7 @@ static int myCryptoCbFind(int currentId, int algoType)
 #endif /* WOLF_CRYPTO_CB_FIND */
 
 
+#if !defined(WC_TEST_NO_CRYPTOCB_SW_TEST)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
 {
     wc_test_ret_t ret = 0;
@@ -55594,6 +58625,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
 
     return ret;
 }
+#endif /* ! WC_TEST_NO_CRYPTOCB_SW_TEST */
 #endif /* WOLF_CRYPTO_CB */
 
 #ifdef WOLFSSL_CERT_PIV
@@ -55719,8 +58751,11 @@ typedef struct {
   word32     keySz;
   const byte nonce[49];
   word32     nonceSz;
-  const byte assoc[81];
-  word32     assocSz;
+  byte       numAssoc;
+  const byte assoc1[81];
+  word32     assoc1Sz;
+  const byte assoc2[11];
+  word32     assoc2Sz;
   const byte plaintext[83];
   word32     plaintextSz;
   const byte siv[AES_BLOCK_SIZE+1];
@@ -55728,15 +58763,17 @@ typedef struct {
   word32     ciphertextSz;
 } AesSivTestVector;
 
-#define AES_SIV_TEST_VECTORS 7
+#define AES_SIV_TEST_VECTORS 9
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
 {
-    /* These test vectors come from chrony 4.1's SIV unit tests. */
     WOLFSSL_SMALL_STACK_STATIC const AesSivTestVector testVectors[AES_SIV_TEST_VECTORS] = {
+    /* These test vectors come from chrony 4.1's SIV unit tests. */
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
+      "", 0,
       "", 0,
       "", 0,
       "\x22\x3e\xb5\x94\xe0\xe0\x25\x4b\x00\x25\x8e\x21\x9a\x1c\xa4\x21",
@@ -55745,14 +58782,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
       "", 0,
+      "", 0,
       "\xd7\x20\x19\x89\xc6\xdb\xc6\xd6\x61\xfc\x62\xbc\x86\x5e\xee\xef",
       "", 0
     },
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
+      "", 0,
       "", 0,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
       "\xb6\xc1\x60\xe9\xc2\xfd\x2a\xe8\xde\xc5\x36\x8b\x2a\x33\xed\xe1",
@@ -55761,7 +58802,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e", 15,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c", 15,
+      "", 0,
       "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4", 15,
       "\x03\x8c\x41\x51\xba\x7a\x8f\x77\x6e\x56\x31\x99\x42\x0b\xc7\x03",
       "\xe7\x6c\x67\xc9\xda\xb7\x0d\x5b\x44\x06\x26\x5a\xd0\xd2\x3b", 15
@@ -55769,7 +58812,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
+      "", 0,
       "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7", 16,
       "\x5c\x05\x23\x65\xf4\x57\x0a\xa0\xfb\x38\x3e\xce\x9b\x75\x85\xeb",
       "\x68\x85\x19\x36\x0c\x7c\x48\x11\x40\xcb\x9b\x57\x9a\x0e\x65\x32", 16
@@ -55778,8 +58823,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
       "\xd5", 17,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b"
       "\xa0", 17,
+      "", 0,
       "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7"
       "\x08", 17,
       "\xaf\x58\x4b\xe7\x82\x1e\x96\x19\x29\x91\x25\xe0\xdd\x80\x3b\x49",
@@ -55791,11 +58838,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
       "\xb0\x5a\x1b\xc7\x56\xe7\xb6\x2c\xb4\x85\xe5\x56\xa5\x28\xc0\x6c"
       "\x2f\x3b\x0b\x9d\x1a\x0c\xdf\x69\x47\xe0\xcc\xc0\x87\xaa\x5c\x09"
       "\x98\x48\x8d\x6a\x8e\x1e\x05\xd7\x8b\x68\x74\x83\xb5\x1d\xf1\x2c", 48,
+      1,
       "\xe5\x8b\xd2\x6a\x30\xc5\xc5\x61\xcc\xbd\x7c\x27\xbf\xfe\xf9\x06"
       "\x00\x5b\xd7\xfc\x11\x0b\xcf\x16\x61\xef\xac\x05\xa7\xaf\xec\x27"
       "\x41\xc8\x5e\x9e\x0d\xf9\x2f\xaf\x20\x79\x17\xe5\x17\x91\x2a\x27"
       "\x34\x1c\xbc\xaf\xeb\xef\x7f\x52\xe7\x1e\x4c\x2a\xca\xbd\x2b\xbe"
       "\x34\xd6\xfb\x69\xd3\x3e\x49\x59\x60\xb4\x26\xc9\xb8\xce\xba", 79,
+      "", 0,
       "\x6c\xe7\xcf\x7e\xab\x7b\xa0\xe1\xa7\x22\xcb\x88\xde\x5e\x42\xd2"
       "\xec\x79\xe0\xa2\xcf\x5f\x0f\x6f\x6b\x89\x57\xcd\xae\x17\xd4\xc2"
       "\xf3\x1b\xa2\xa8\x13\x78\x23\x2f\x83\xa8\xd4\x0c\xc0\xd2\xf3\x99"
@@ -55809,7 +58858,39 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
       "\x48\xc9\x55\xc5\x2f\x40\x73\x3f\x98\xbb\x8d\x69\x78\x46\x64\x17"
       "\x8d\x49\x2f\x14\x62\xa4\x7c\x2a\x57\x38\x87\xce\xc6\x72\xd3\x5c"
       "\xa1", 81
-    }};
+    },
+    /* Example A.1 from RFC5297 */
+    {
+      "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
+      "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 32,
+      "", 0,
+      1,
+      "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+      "\x20\x21\x22\x23\x24\x25\x26\x27", 24,
+      "", 0,
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee", 14,
+      "\x85\x63\x2d\x07\xc6\xe8\xf3\x7f\x95\x0a\xcd\x32\x0a\x2e\xcc\x93",
+      "\x40\xc0\x2b\x96\x90\xc4\xdc\x04\xda\xef\x7f\x6a\xfe\x5c", 14
+    },
+    /* Example A.2 from RFC5297 */
+    {
+      "\x7f\x7e\x7d\x7c\x7b\x7a\x79\x78\x77\x76\x75\x74\x73\x72\x71\x70"
+      "\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f", 32,
+      "\x09\xf9\x11\x02\x9d\x74\xe3\x5b\xd8\x41\x56\xc5\x63\x56\x88\xc0", 16,
+      2,
+      "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff"
+      "\xde\xad\xda\xda\xde\xad\xda\xda\xff\xee\xdd\xcc\xbb\xaa\x99\x88"
+      "\x77\x66\x55\x44\x33\x22\x11\x00", 40,
+      "\x10\x20\x30\x40\x50\x60\x70\x80\x90\xa0", 10,
+      "\x74\x68\x69\x73\x20\x69\x73\x20\x73\x6f\x6d\x65\x20\x70\x6c\x61"
+      "\x69\x6e\x74\x65\x78\x74\x20\x74\x6f\x20\x65\x6e\x63\x72\x79\x70"
+      "\x74\x20\x75\x73\x69\x6e\x67\x20\x53\x49\x56\x2d\x41\x45\x53", 47,
+      "\x7b\xdb\x6e\x3b\x43\x26\x67\xeb\x06\xf4\xd1\x4b\xff\x2f\xbd\x0f",
+      "\xcb\x90\x0f\x2f\xdd\xbe\x40\x43\x26\x60\x19\x65\xc8\x89\xbf\x17"
+      "\xdb\xa7\x7c\xeb\x09\x4f\xa6\x63\xb7\xa3\xf7\x48\xba\x8a\xf8\x29"
+      "\xea\x64\xad\x54\x4a\x27\x2e\x9c\x48\x5b\x62\xa3\xfd\x5c\x0d", 47
+    }
+    };
     int i;
     byte computedCiphertext[82];
     byte computedPlaintext[82];
@@ -55817,9 +58898,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     wc_test_ret_t ret = 0;
     WOLFSSL_ENTER("aes_siv_test");
 
+    /* First test legacy "exactly one Assoc" interface. */
     for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
+        if (testVectors[i].numAssoc != 1)
+            continue;
+
         ret = wc_AesSivEncrypt(testVectors[i].key, testVectors[i].keySz,
-                              testVectors[i].assoc, testVectors[i].assocSz,
+                              testVectors[i].assoc1, testVectors[i].assoc1Sz,
                               testVectors[i].nonce, testVectors[i].nonceSz,
                               testVectors[i].plaintext,
                               testVectors[i].plaintextSz, siv,
@@ -55837,7 +58922,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
             return WC_TEST_RET_ENC_NC;
         }
         ret = wc_AesSivDecrypt(testVectors[i].key, testVectors[i].keySz,
-                              testVectors[i].assoc, testVectors[i].assocSz,
+                              testVectors[i].assoc1, testVectors[i].assoc1Sz,
                               testVectors[i].nonce, testVectors[i].nonceSz,
                               computedCiphertext, testVectors[i].plaintextSz,
                               siv, computedPlaintext);
@@ -55851,6 +58936,47 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
         }
     }
 
+    /* Then test "multiple Assoc" interface. */
+    for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
+        const struct AesSivAssoc assoc[2] = {
+            { testVectors[i].assoc1, testVectors[i].assoc1Sz },
+            { testVectors[i].assoc2, testVectors[i].assoc2Sz }
+        };
+
+        ret = wc_AesSivEncrypt_ex(testVectors[i].key, testVectors[i].keySz,
+                                  assoc, testVectors[i].numAssoc,
+                                  testVectors[i].nonce, testVectors[i].nonceSz,
+                                  testVectors[i].plaintext,
+                                  testVectors[i].plaintextSz, siv,
+                                  computedCiphertext);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_EC(ret);
+        }
+        ret = XMEMCMP(siv, testVectors[i].siv, AES_BLOCK_SIZE);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_NC;
+        }
+        ret = XMEMCMP(computedCiphertext, testVectors[i].ciphertext,
+                     testVectors[i].ciphertextSz);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_NC;
+        }
+        ret = wc_AesSivDecrypt_ex(testVectors[i].key, testVectors[i].keySz,
+                                  assoc, testVectors[i].numAssoc,
+                                  testVectors[i].nonce, testVectors[i].nonceSz,
+                                  computedCiphertext,
+                                  testVectors[i].plaintextSz, siv,
+                                  computedPlaintext);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_EC(ret);
+        }
+        ret = XMEMCMP(computedPlaintext, testVectors[i].plaintext,
+                     testVectors[i].plaintextSz);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_NC;
+        }
+    }
+
     return 0;
 }
 #endif
diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h
index b58beca0d4..2584b12277 100644
--- a/wolfcrypt/test/test.h
+++ b/wolfcrypt/test/test.h
@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/test/test_paths.h.in b/wolfcrypt/test/test_paths.h.in
index adac40c1a9..38e9124070 100644
--- a/wolfcrypt/test/test_paths.h.in
+++ b/wolfcrypt/test/test_paths.h.in
@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test_paths.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/callbacks.h b/wolfssl/callbacks.h
index bf996fad60..1010eca9e2 100644
--- a/wolfssl/callbacks.h
+++ b/wolfssl/callbacks.h
@@ -1,6 +1,6 @@
 /* callbacks.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/crl.h b/wolfssl/crl.h
index 4b4dcc2768..5e5205ea2b 100644
--- a/wolfssl/crl.h
+++ b/wolfssl/crl.h
@@ -1,6 +1,6 @@
 /* crl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index 724d7de007..f61c78650a 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -1,6 +1,6 @@
 /* error-ssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,6 +35,19 @@
 #endif
 
 enum wolfSSL_ErrorCodes {
+    WOLFSSL_FATAL_ERROR          =   -1,   /* must be -1 for backward compat. */
+
+    /* negative counterparts to namesake positive constants in ssl.h */
+    WOLFSSL_ERROR_WANT_READ_E    =   -2,
+    WOLFSSL_ERROR_WANT_WRITE_E   =   -3,
+    WOLFSSL_ERROR_WANT_X509_LOOKUP_E = -4,
+    WOLFSSL_ERROR_SYSCALL_E      =   -5,
+    WOLFSSL_ERROR_ZERO_RETURN_E  =   -6,
+    WOLFSSL_ERROR_WANT_CONNECT_E =   -7,
+    WOLFSSL_ERROR_WANT_ACCEPT_E  =   -8,
+
+    WOLFSSL_FIRST_E              = -301,   /* start of native TLS codes */
+
     INPUT_CASE_ERROR             = -301,   /* process input state error */
     PREFIX_ERROR                 = -302,   /* bad index to key rounds  */
     MEMORY_ERROR                 = -303,   /* out of memory            */
@@ -79,12 +92,14 @@ enum wolfSSL_ErrorCodes {
     ZERO_RETURN                  = -343,   /* peer sent close notify */
     SIDE_ERROR                   = -344,   /* wrong client/server type */
     NO_PEER_CERT                 = -345,   /* peer didn't send key */
+
     ECC_CURVETYPE_ERROR          = -350,   /* Bad ECC Curve Type */
     ECC_CURVE_ERROR              = -351,   /* Bad ECC Curve */
     ECC_PEERKEY_ERROR            = -352,   /* Bad Peer ECC Key */
     ECC_MAKEKEY_ERROR            = -353,   /* Bad Make ECC Key */
     ECC_EXPORT_ERROR             = -354,   /* Bad ECC Export Key */
     ECC_SHARED_ERROR             = -355,   /* Bad ECC Shared Secret */
+
     NOT_CA_ERROR                 = -357,   /* Not a CA cert error */
 
     BAD_CERT_MANAGER_ERROR       = -359,   /* Bad Cert Manager */
@@ -185,24 +200,40 @@ enum wolfSSL_ErrorCodes {
     DTLS_CID_ERROR               = -454,   /* Wrong or missing CID */
     DTLS_TOO_MANY_FRAGMENTS_E    = -455,   /* Received too many fragments */
     QUIC_WRONG_ENC_LEVEL         = -456,   /* QUIC data received on wrong encryption level */
-
     DUPLICATE_TLS_EXT_E          = -457,   /* Duplicate TLS extension in msg. */
-    /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
 
-    /* begin negotiation parameter errors */
+    /* legacy CyaSSL compat layer error codes */
+    WOLFSSL_ALPN_NOT_FOUND       = -458,   /* TLS extension not found */
+    WOLFSSL_BAD_CERTTYPE         = -459,   /* Certificate type not supported */
+    WOLFSSL_BAD_STAT             = -460,   /* not used */
+    WOLFSSL_BAD_PATH             = -461,   /* No certificates found at designated path */
+    WOLFSSL_BAD_FILETYPE         = -462,   /* Data format not supported */
+    WOLFSSL_BAD_FILE             = -463,   /* Input/output error on file */
+    WOLFSSL_NOT_IMPLEMENTED      = -464,   /* Function not implemented */
+    WOLFSSL_UNKNOWN              = -465,   /* Unknown algorithm (EVP) */
+
+    /* negotiation parameter errors */
     UNSUPPORTED_SUITE            = -500,   /* unsupported cipher suite */
     MATCH_SUITE_ERROR            = -501,   /* can't match cipher suite */
     COMPRESSION_ERROR            = -502,   /* compression mismatch */
     KEY_SHARE_ERROR              = -503,   /* key share mismatch */
     POST_HAND_AUTH_ERROR         = -504,   /* client won't do post-hand auth */
     HRR_COOKIE_ERROR             = -505,   /* HRR msg cookie mismatch */
-    UNSUPPORTED_CERTIFICATE      = -506    /* unsupported certificate type */
-    /* end negotiation parameter errors only 10 for now */
-    /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
+    UNSUPPORTED_CERTIFICATE      = -506,   /* unsupported certificate type */
 
-    /* no error strings go down here, add above negotiation errors !!!! */
+    WOLFSSL_LAST_E               = -506
 };
 
+/* I/O Callback default errors */
+enum IOerrors {
+    WOLFSSL_CBIO_ERR_GENERAL    = -1,     /* general unexpected err */
+    WOLFSSL_CBIO_ERR_WANT_READ  = -2,     /* need to call read  again */
+    WOLFSSL_CBIO_ERR_WANT_WRITE = -2,     /* need to call write again */
+    WOLFSSL_CBIO_ERR_CONN_RST   = -3,     /* connection reset */
+    WOLFSSL_CBIO_ERR_ISR        = -4,     /* interrupt */
+    WOLFSSL_CBIO_ERR_CONN_CLOSE = -5,     /* connection closed or epipe */
+    WOLFSSL_CBIO_ERR_TIMEOUT    = -6      /* socket timeout */
+};
 
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
     enum {
@@ -215,7 +246,9 @@ enum wolfSSL_ErrorCodes {
 WOLFSSL_LOCAL
 void SetErrorString(int err, char* buff);
 
-#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
+        (defined(BUILDING_WOLFSSL) || \
+         defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
     #include <wolfssl/debug-trace-error-codes.h>
 #endif
 
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 390b21b54a..7ce0436355 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1,6 +1,6 @@
 /* internal.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1329,6 +1329,10 @@ enum {
     #endif
 #endif
 
+#ifndef MAX_PSK_KEY_LEN
+    #define MAX_PSK_KEY_LEN 64
+#endif
+
 #ifndef MAX_EARLY_DATA_SZ
     /* maximum early data size */
     #define MAX_EARLY_DATA_SZ  4096
@@ -1421,7 +1425,7 @@ enum {
     #define ENCRYPT_BASE_BITS    (256 * 2)
 #else
     /* No secret from public key operation but PSK key plus length used. */
-    #define ENCRYPT_BASE_BITS  ((MAX_PSK_ID_LEN + 2) * 8)
+    #define ENCRYPT_BASE_BITS  ((MAX_PSK_KEY_LEN + 2) * 8)
 #endif
 
 #ifdef WOLFSSL_DTLS_CID
@@ -1429,7 +1433,7 @@ enum {
 /* DTLSv1.3 parsing code copies the record header in a static buffer to decrypt
  * the record. Increasing the CID max size does increase also this buffer,
  * impacting on per-session runtime memory footprint. */
-#define DTLS_CID_MAX_SIZE 2
+#define DTLS_CID_MAX_SIZE 10
 #endif
 #else
 #undef DTLS_CID_MAX_SIZE
@@ -1561,7 +1565,7 @@ enum Misc {
                                  * hybridization with other algs. */
 #else
 #ifndef NO_PSK
-    ENCRYPT_LEN     = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_ID_LEN + 2,
+    ENCRYPT_LEN     = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_KEY_LEN + 2,
 #else
     ENCRYPT_LEN     = (ENCRYPT_BASE_BITS / 8),
 #endif
@@ -1633,6 +1637,7 @@ enum Misc {
 #endif
 
     HANDSHAKE_HEADER_SZ   = 4,  /* type + length(3)        */
+    DTLS13_HANDSHAKE_HEADER_SZ   = 12, /* sizeof(Dtls13HandshakeHeader) */
     RECORD_HEADER_SZ      = 5,  /* type + version + len(2) */
     CERT_HEADER_SZ        = 3,  /* always 3 bytes          */
     REQ_HEADER_SZ         = 2,  /* cert request header sz  */
@@ -1828,7 +1833,6 @@ enum Misc {
     DTLS_TIMEOUT_MULTIPLIER =  2, /* default timeout multiplier for DTLS recv */
 
     NULL_TERM_LEN        =   1,  /* length of null '\0' termination character */
-    MAX_PSK_KEY_LEN      =  64,  /* max psk key supported */
     MIN_PSK_ID_LEN       =   6,  /* min length of identities */
     MIN_PSK_BINDERS_LEN  =  33,  /* min length of binders */
 
@@ -2042,7 +2046,7 @@ enum Misc {
 #define WOLFSSL_ASSERT_EQ(x, y) WOLFSSL_ASSERT_TEST(x, y, ==)
 
 #define WOLFSSL_ASSERT_SIZEOF_TEST(x, y, op) \
-    WOLFSSL_ASSERT_TEST(sizeof((x)), sizeof((y)), op)
+    WOLFSSL_ASSERT_TEST(sizeof(x), sizeof(y), op)
 
 #define WOLFSSL_ASSERT_SIZEOF_GE(x, y) WOLFSSL_ASSERT_SIZEOF_TEST(x, y, >=)
 
@@ -2212,7 +2216,7 @@ WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
 WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
 WOLFSSL_LOCAL int  ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz);
 WOLFSSL_LOCAL int  MatchDomainName(const char* pattern, int len, const char* str, word32 strLen);
-#ifndef NO_CERTS
+#if !defined(NO_CERTS) && !defined(NO_ASN)
 WOLFSSL_LOCAL int  CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, int* checkCN);
 WOLFSSL_LOCAL int  CheckIPAddr(DecodedCert* dCert, const char* ipasc);
 WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType);
@@ -2614,6 +2618,8 @@ struct WOLFSSL_CERT_MANAGER {
 #endif
     CallbackCACache caCacheCallback;       /* CA cache addition callback */
     CbMissingCRL    cbMissingCRL;          /* notify thru cb of missing crl */
+    crlErrorCb      crlCb;                 /* Allow user to override error */
+    void*           crlCbCtx;
     CbOCSPIO        ocspIOCb;              /* I/O callback for OCSP lookup */
     CbOCSPRespFree  ocspRespFreeCb;        /* Frees OCSP Response from IO Cb */
     wolfSSL_Mutex   caLock;                /* CA list lock */
@@ -2647,8 +2653,7 @@ struct WOLFSSL_CERT_MANAGER {
 #ifdef HAVE_DILITHIUM
     short           minDilithiumKeySz;  /* minimum allowed Dilithium key size */
 #endif
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
+#ifdef WC_ASN_UNKNOWN_EXT_CB
     wc_UnknownExtCallback unknownExtCallback;
 #endif
 };
@@ -2673,7 +2678,9 @@ typedef struct ProcPeerCertArgs {
 #ifdef WOLFSSL_TLS13
     buffer*      exts; /* extensions */
 #endif
+#ifndef NO_ASN
     DecodedCert* dCert;
+#endif
     word32 idx;
     word32 begin;
     int    totalCerts; /* number of certs in certs buffer */
@@ -2743,6 +2750,70 @@ typedef struct WOLFSSL_DTLS_PEERSEQ {
 #endif
 } WOLFSSL_DTLS_PEERSEQ;
 
+struct WOLFSSL_BIO {
+    WOLFSSL_BUF_MEM* mem_buf;
+    WOLFSSL_BIO_METHOD* method;
+    WOLFSSL_BIO* prev;          /* previous in chain */
+    WOLFSSL_BIO* next;          /* next in chain */
+    WOLFSSL_BIO* pair;          /* BIO paired with */
+    void*        heap;          /* user heap hint */
+    union {
+        byte*    mem_buf_data;
+#ifndef WOLFCRYPT_ONLY
+        WOLFSSL* ssl;
+        WOLFSSL_EVP_MD_CTX* md_ctx;
+#endif
+#ifndef NO_FILESYSTEM
+        XFILE    fh;
+#endif
+    } ptr;
+    void*        usrCtx;        /* user set pointer */
+    char*        ip;            /* IP address for wolfIO_TcpConnect */
+    word16       port;          /* Port for wolfIO_TcpConnect */
+    char*        infoArg;       /* BIO callback argument */
+    wolf_bio_info_cb infoCb;    /* BIO callback */
+    int          wrSz;          /* write buffer size (mem) */
+    int          wrSzReset;     /* First buffer size (mem) - read ONLY data */
+    int          wrIdx;         /* current index for write buffer */
+    int          rdIdx;         /* current read index */
+    int          readRq;        /* read request */
+    union {
+        SOCKET_T fd;
+        size_t   length;
+    } num;
+    int          eof;           /* eof flag */
+    int          flags;
+    byte         type;          /* method type */
+    byte         init:1;        /* bio has been initialized */
+    byte         shutdown:1;    /* close flag */
+    byte         connected:1;   /* connected state, for datagram BIOs -- as for
+                                 * struct WOLFSSL_DTLS_CTX, when set, sendto and
+                                 * recvfrom leave the peer_addr unchanged. */
+#ifdef WOLFSSL_HAVE_BIO_ADDR
+    union WOLFSSL_BIO_ADDR peer_addr; /* for datagram BIOs, the socket address stored
+                                       * with BIO_CTRL_DGRAM_CONNECT,
+                                       * BIO_CTRL_DGRAM_SET_CONNECTED, or
+                                       * BIO_CTRL_DGRAM_SET_PEER, or stored when a
+                                       * packet was received on an unconnected BIO. */
+#endif
+
+#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS)
+    #define WOLFSSL_BIO_HAVE_FLOW_STATS
+    word64       bytes_read;
+    word64       bytes_written;
+#endif
+
+#ifdef HAVE_EX_DATA
+    WOLFSSL_CRYPTO_EX_DATA ex_data;
+#endif
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+    wolfSSL_Ref  ref;
+#endif
+};
+
+#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA)
+WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr);
+#endif
 
 #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
 
@@ -3022,6 +3093,8 @@ WOLFSSL_LOCAL int GetEchConfig(WOLFSSL_EchConfig* config, byte* output,
 
 WOLFSSL_LOCAL int GetEchConfigsEx(WOLFSSL_EchConfig* configs,
     byte* output, word32* outputLen);
+
+WOLFSSL_LOCAL void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap);
 #endif
 
 struct TLSX {
@@ -3334,6 +3407,13 @@ typedef struct InternalTicket {
 #endif /* OPENSSL_EXTRA */
 } InternalTicket;
 
+#ifndef WOLFSSL_TICKET_ENC_CBC_HMAC
+    #define WOLFSSL_INTERNAL_TICKET_LEN     sizeof(InternalTicket)
+#else
+    #define WOLFSSL_INTERNAL_TICKET_LEN     \
+        (((sizeof(InternalTicket) + 15) / 16) * 16)
+#endif
+
 #ifndef WOLFSSL_TICKET_EXTRA_PADDING_SZ
 #define WOLFSSL_TICKET_EXTRA_PADDING_SZ 32
 #endif
@@ -3733,6 +3813,9 @@ struct WOLFSSL_CTX {
 #endif
 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
     byte        dtlsSctp:1;         /* DTLS-over-SCTP mode */
+#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
+    byte        disableECH:1;
 #endif
     word16      minProto:1; /* sets min to min available */
     word16      maxProto:1; /* sets max to max available */
@@ -4884,7 +4967,8 @@ struct Options {
     word16            useDtlsCID:1;
 #endif /* WOLFSSL_DTLS_CID */
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
-    word16            useEch:1;
+    word16            useEch:1;               /* Do we have a valid config */
+    byte              disableECH:1;           /* Did the user disable ech */
 #endif
 #ifdef WOLFSSL_SEND_HRR_COOKIE
     word16            cookieGood:1;
@@ -5102,13 +5186,9 @@ struct WOLFSSL_X509 {
     byte             hwType[EXTERNAL_SERIAL_SIZE];
     int              hwSerialNumSz;
     byte             hwSerialNum[EXTERNAL_SERIAL_SIZE];
-#endif /* WOLFSSL_SEP */
-#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
-    defined (OPENSSL_EXTRA)) && \
-    (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
     byte             certPolicySet;
     byte             certPolicyCrit;
-#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
+#endif /* WOLFSSL_SEP */
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
     WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
     WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */
@@ -5149,6 +5229,7 @@ struct WOLFSSL_X509 {
     byte*            authKeyId; /* Points into authKeyIdSrc */
     byte*            authKeyIdSrc;
     byte*            subjKeyId;
+    WOLFSSL_ASN1_STRING* subjKeyIdStr;
     byte*            extKeyUsageSrc;
 #ifdef OPENSSL_ALL
     byte*            subjAltNameSrc;
@@ -5241,6 +5322,29 @@ struct WOLFSSL_X509 {
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 };
 
+#if defined(WOLFSSL_ACERT)
+struct WOLFSSL_X509_ACERT {
+    int               version;
+    int               serialSz;
+    byte              serial[EXTERNAL_SERIAL_SIZE];
+    WOLFSSL_ASN1_TIME notBefore;
+    WOLFSSL_ASN1_TIME notAfter;
+    buffer            sig;
+    int               sigOID;
+#ifndef NO_CERTS
+    DerBuffer *       derCert;
+#endif
+    void*             heap;
+    /* copy of raw Attributes field from */
+    byte              holderSerial[EXTERNAL_SERIAL_SIZE];
+    int               holderSerialSz;
+    DNS_entry *       holderEntityName;  /* Holder entityName from ACERT */
+    DNS_entry *       holderIssuerName;  /* issuerName from ACERT */
+    DNS_entry *       AttCertIssuerName; /* AttCertIssuer name from ACERT */
+    byte *            rawAttr;
+    word32            rawAttrLen;
+};
+#endif /* WOLFSSL_ACERT */
 
 /* record layer header for PlainText, Compressed, and CipherText */
 typedef struct RecordLayerHeader {
@@ -6102,8 +6206,10 @@ WOLFSSL_API   void SSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
                                  int type, WOLFSSL* ssl, int userChain,
                                 WOLFSSL_CRL* crl, int verify);
 
+    #ifndef NO_ASN
     WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName,
                                     size_t domainNameLen);
+    #endif
 #endif
 
 
@@ -6386,10 +6492,13 @@ WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
     #ifndef GetCA
         WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash);
     #endif
-    #ifdef WOLFSSL_AKID_NAME
+    #if defined(WOLFSSL_AKID_NAME) && !defined(GetCAByAKID)
         WOLFSSL_LOCAL Signer* GetCAByAKID(void* vp, const byte* issuer,
                 word32 issuerSz, const byte* serial, word32 serialSz);
     #endif
+    #if defined(HAVE_OCSP) && !defined(GetCAByKeyHash)
+        WOLFSSL_LOCAL Signer* GetCAByKeyHash(void* vp, const byte* keyHash);
+    #endif
     #if !defined(NO_SKID) && !defined(GetCAByName)
         WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
     #endif
@@ -6512,10 +6621,18 @@ WOLFSSL_LOCAL enum wc_HashType HashAlgoToType(int hashAlgo);
     WOLFSSL_LOCAL void InitX509(WOLFSSL_X509* x509, int dynamicFlag,
                                 void* heap);
     WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509* x509);
+    #ifndef NO_ASN
     WOLFSSL_LOCAL int  CopyDecodedToX509(WOLFSSL_X509* x509,
                                          DecodedCert* dCert);
+    #endif
 #endif
 
+#if defined(WOLFSSL_ACERT)
+    WOLFSSL_LOCAL int  CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509,
+                                              DecodedAcert* dAcert);
+#endif /* WOLFSSL_ACERT */
+
+
 #ifndef MAX_CIPHER_NAME
 #define MAX_CIPHER_NAME 50
 #endif
@@ -6533,7 +6650,7 @@ typedef struct CipherSuiteInfo {
 #endif
     byte cipherSuite0;
     byte cipherSuite;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
     defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
     byte minor;
     byte major;
@@ -6563,7 +6680,7 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite)
 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
 WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
-                                         byte* cipherSuite, int* flags);
+                       byte* cipherSuite, byte* major, byte* minor, int* flags);
 
 
 enum encrypt_side {
@@ -6714,6 +6831,7 @@ WOLFSSL_LOCAL int Dtls13RlAddCiphertextHeader(WOLFSSL* ssl, byte* out,
     word16 length);
 WOLFSSL_LOCAL int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out,
     enum ContentType content_type, word16 length);
+WOLFSSL_LOCAL int Dtls13MinimumRecordLength(WOLFSSL* ssl);
 WOLFSSL_LOCAL int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr,
     word16 recordLength);
 WOLFSSL_LOCAL int Dtls13IsUnifiedHeader(byte header_flags);
@@ -6863,8 +6981,12 @@ WOLFSSL_LOCAL int CreateCookieExt(const WOLFSSL* ssl, byte* hash,
 WOLFSSL_LOCAL int TranslateErrorToAlert(int err);
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
-void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type);
-WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type);
+WOLFSSL_LOCAL void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk,
+                                        WOLF_STACK_TYPE type);
+WOLFSSL_LOCAL WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type);
+
+WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj,
+        const byte* der, word32 len, int addHdr);
 #endif
 
 #ifdef __cplusplus
diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h
index 4dff068b9b..f2e234f630 100644
--- a/wolfssl/ocsp.h
+++ b/wolfssl/ocsp.h
@@ -1,6 +1,6 @@
 /* ocsp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -48,6 +48,16 @@ typedef struct OcspEntry WOLFSSL_OCSP_SINGLERESP;
 typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ;
 
 typedef struct OcspRequest WOLFSSL_OCSP_REQUEST;
+
+typedef struct {
+    WOLFSSL_BIO *bio;
+    WOLFSSL_BIO *reqResp; /* First used for request then for response */
+    byte* buf;
+    int bufLen;
+    int state;
+    int ioState;
+    int sent;
+} WOLFSSL_OCSP_REQ_CTX;
 #endif
 
 WOLFSSL_LOCAL int  InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm);
@@ -67,13 +77,11 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp
 WOLFSSL_LOCAL int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert,
                                      void* vp);
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY)
-
-    WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
-                                                  WOLFSSL_OCSP_CERTID *id, int *status, int *reason,
-                                                  WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd,
-                                                  WOLFSSL_ASN1_TIME **nextupd);
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
+                                              WOLFSSL_OCSP_CERTID *id, int *status, int *reason,
+                                              WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd,
+                                              WOLFSSL_ASN1_TIME **nextupd);
 WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s);
 WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd,
     WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec);
@@ -132,8 +140,21 @@ WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs);
 WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(
     WOLFSSL_OCSP_BASICRESP *bs, int idx);
 
-#endif
-#ifdef OPENSSL_EXTRA
+WOLFSSL_API WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio,
+        int maxline);
+WOLFSSL_API void wolfSSL_OCSP_REQ_CTX_free(WOLFSSL_OCSP_REQ_CTX *ctx);
+WOLFSSL_API WOLFSSL_OCSP_REQ_CTX *wolfSSL_OCSP_sendreq_new(WOLFSSL_BIO *bio,
+        const char *path, OcspRequest *req, int maxline);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_set1_req(WOLFSSL_OCSP_REQ_CTX *ctx,
+        OcspRequest *req);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_add1_header(WOLFSSL_OCSP_REQ_CTX *ctx,
+                             const char *name, const char *value);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_http(WOLFSSL_OCSP_REQ_CTX *ctx,
+        const char *op, const char *path);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx);
+WOLFSSL_API int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp,
+        WOLFSSL_OCSP_REQ_CTX *rctx);
+
 WOLFSSL_API int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req,
         WOLFSSL_X509_EXTENSION* ext, int idx);
 WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status,
@@ -148,7 +169,7 @@ WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req,
         unsigned char* val, int sz);
 WOLFSSL_API int wolfSSL_OCSP_check_nonce(OcspRequest* req,
         WOLFSSL_OCSP_BASICRESP* bs);
-#endif
+#endif /* OPENSSL_EXTRA */
 
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/aes.h b/wolfssl/openssl/aes.h
index 38e71ae5b0..2991ff07ae 100644
--- a/wolfssl/openssl/aes.h
+++ b/wolfssl/openssl/aes.h
@@ -1,6 +1,6 @@
 /* aes.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h
index 12ad369807..9ae07986fb 100644
--- a/wolfssl/openssl/asn1.h
+++ b/wolfssl/openssl/asn1.h
@@ -1,6 +1,6 @@
 /* asn1.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -38,7 +38,6 @@
 #define c2i_ASN1_OBJECT       wolfSSL_c2i_ASN1_OBJECT
 
 #define V_ASN1_INTEGER                   0x02
-#define V_ASN1_OCTET_STRING              0x04 /* tag for ASN1_OCTET_STRING */
 #define V_ASN1_NEG                       0x100
 #define V_ASN1_NEG_INTEGER               (2 | V_ASN1_NEG)
 #define V_ASN1_NEG_ENUMERATED            (10 | V_ASN1_NEG)
@@ -73,6 +72,8 @@
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 
 #define V_ASN1_EOC                      0
+#define V_ASN1_BOOLEAN                  1
+#define V_ASN1_OCTET_STRING             4
 #define V_ASN1_NULL                     5
 #define V_ASN1_OBJECT                   6
 #define V_ASN1_UTF8STRING               12
@@ -111,6 +112,7 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
     const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai);
 
 WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value);
+WOLFSSL_API int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a);
 
 WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
                                         int *cls, long inLen);
@@ -122,47 +124,162 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a
 /* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally
  * we don't use this. Some projects use OpenSSL to implement ASN1 types and
  * this section is only to provide those projects with ASN1 functionality. */
-typedef struct {
+
+typedef void* (*WolfsslAsn1NewCb)(void);
+typedef void (*WolfsslAsn1FreeCb)(void*);
+typedef int (*WolfsslAsn1i2dCb)(const void*, unsigned char**);
+typedef void* (*WolfsslAsn1d2iCb)(void**, const byte **, long);
+
+struct WOLFSSL_ASN1_TEMPLATE {
+    /* Type functions */
+    WolfsslAsn1NewCb new_func;
+    WolfsslAsn1FreeCb free_func;
+    WolfsslAsn1i2dCb i2d_func;
+    WolfsslAsn1d2iCb d2i_func;
+    /* Member info */
     size_t offset;              /* Offset of this field in structure */
-    byte type;                  /* The type of the member as defined in
-                                 * WOLFSSL_ASN1_TYPES */
-} WOLFSSL_ASN1_TEMPLATE;
-
-typedef struct {
-    byte type;                              /* One of the ASN_Tags types */
-    const WOLFSSL_ASN1_TEMPLATE *members;   /* If SEQUENCE or CHOICE this
-                                             * contains the contents */
+    /* DER info */
+    int tag;
+    byte first_byte;            /* First expected byte. Required for
+                                 * IMPLICIT types. */
+    byte ex:1;                  /* explicit, name conflicts with C++ keyword */
+    byte sequence:1;
+};
+
+enum WOLFSSL_ASN1_TYPES {
+    WOLFSSL_ASN1_SEQUENCE = 0,
+    WOLFSSL_ASN1_CHOICE,
+    WOLFSSL_ASN1_OBJECT_TYPE,
+};
+
+struct WOLFSSL_ASN1_ITEM {
+    enum WOLFSSL_ASN1_TYPES type;
+    const struct WOLFSSL_ASN1_TEMPLATE* members; /* If SEQUENCE or CHOICE this
+                                                  * contains the contents */
     size_t mcount;                          /* Number of members if SEQUENCE
                                              * or CHOICE */
     size_t size;                            /* Structure size */
-} WOLFSSL_ASN1_ITEM;
+    size_t toffset;                         /* Type offset */
+};
 
-typedef enum {
-    WOLFSSL_X509_ALGOR_ASN1 = 0,
-    WOLFSSL_ASN1_BIT_STRING_ASN1,
-    WOLFSSL_ASN1_INTEGER_ASN1,
-} WOLFSSL_ASN1_TYPES;
+typedef struct WOLFSSL_ASN1_TEMPLATE WOLFSSL_ASN1_TEMPLATE;
+typedef struct WOLFSSL_ASN1_ITEM WOLFSSL_ASN1_ITEM;
 
-#define ASN1_SEQUENCE(type) \
-    static const WOLFSSL_ASN1_TEMPLATE type##_member_data[]
+#define ASN1_BIT_STRING_FIRST_BYTE ASN_BIT_STRING
+#define ASN1_TFLG_EXPLICIT      (0x1 << 0)
+#define ASN1_TFLG_SEQUENCE_OF   (0x1 << 1)
+#define ASN1_TFLG_IMPTAG        (0x1 << 2)
+#define ASN1_TFLG_EXPTAG        (0x1 << 3)
 
-#define ASN1_SIMPLE(type, member, member_type) \
-    { OFFSETOF(type, member), \
-        WOLFSSL_##member_type##_ASN1 }
+#define ASN1_TFLG_TAG_MASK      (ASN1_TFLG_IMPTAG|ASN1_TFLG_EXPTAG)
+
+#define ASN1_ITEM_TEMPLATE(mtype) \
+        static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data
+
+#define ASN1_ITEM_TEMPLATE_END(mtype) \
+    ; \
+    const WOLFSSL_ASN1_ITEM mtype##_template_data = { \
+            WOLFSSL_ASN1_OBJECT_TYPE, \
+            &mtype##_member_data, \
+            1, \
+            0, \
+            0 \
+    };
+
+#define ASN1_SEQUENCE(mtype) \
+    static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data[]
+
+#define ASN1_SEQUENCE_END(mtype) \
+    ; \
+    const WOLFSSL_ASN1_ITEM mtype##_template_data = { \
+            WOLFSSL_ASN1_SEQUENCE, \
+            mtype##_member_data, \
+            sizeof(mtype##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \
+            sizeof(mtype), \
+            0 \
+    }; \
+    static WC_MAYBE_UNUSED const byte mtype##_FIRST_BYTE = \
+        ASN_CONSTRUCTED | ASN_SEQUENCE;
+
+/* This is what a ASN1_CHOICE type should look like
+ *      typedef struct {
+ *              int type;
+ *              union {
+ *                      ASN1_SOMETHING *opt1;
+ *                      ASN1_SOMEOTHER *opt2;
+ *              } value;
+ *      } chname;
+ */
+
+#define ASN1_CHOICE(mtype) \
+    static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data[]
 
-#define ASN1_SEQUENCE_END(type) \
+#define ASN1_CHOICE_END(mtype) \
     ; \
-    const WOLFSSL_ASN1_ITEM type##_template_data = { \
-            ASN_SEQUENCE, \
-            type##_member_data, \
-            sizeof(type##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \
-            sizeof(type) \
+    const WOLFSSL_ASN1_ITEM mtype##_template_data = { \
+            WOLFSSL_ASN1_CHOICE, \
+            mtype##_member_data, \
+            sizeof(mtype##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \
+            sizeof(mtype) ,\
+            OFFSETOF(mtype, type) \
     };
 
+#define ASN1_TYPE(type, member, tag, first_byte, exp, seq) \
+    OFFSETOF(type, member), tag, first_byte, exp, seq
+
+/* Function callbacks need to be defined immediately otherwise we will
+ * incorrectly expand the type. Ex: ASN1_INTEGER -> WOLFSSL_ASN1_INTEGER */
+
+#define ASN1_SIMPLE(type, member, member_type) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, -1, 0, 0, 0) }
+
+#define ASN1_IMP(type, member, member_type, tag) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, tag, member_type##_FIRST_BYTE, 0, 0) }
+
+#define ASN1_EXP(type, member, member_type, tag) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, tag, 0, 1, 0) }
+
+#define ASN1_SEQUENCE_OF(type, member, member_type) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, -1, 0, 0, 1) }
+
+#define ASN1_EXP_SEQUENCE_OF(type, member, member_type, tag) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, tag, 0, 1, 1) }
+
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, member_type) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      0, flags & ASN1_TFLG_TAG_MASK ? tag : -1, 0, \
+      !!(flags & ASN1_TFLG_EXPLICIT), TRUE }
+
 WOLFSSL_API void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *tpl);
-WOLFSSL_API void wolfSSL_ASN1_item_free(void *val, const WOLFSSL_ASN1_ITEM *tpl);
+WOLFSSL_API void wolfSSL_ASN1_item_free(void *obj,
+        const WOLFSSL_ASN1_ITEM *item);
 WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
                                       const WOLFSSL_ASN1_ITEM *tpl);
+WOLFSSL_API void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item);
 
 /* Need function declaration otherwise compiler complains */
 /* // NOLINTBEGIN(readability-named-parameter) */
@@ -178,7 +295,13 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
     int i2d_##type(type *src, byte **dest); \
     int i2d_##type(type *src, byte **dest) \
     { \
-        return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data);\
+        return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data); \
+    } \
+    type* d2i_##type(type **dst, const byte **src, long len); \
+    type* d2i_##type(type **dst, const byte **src, long len) \
+    { \
+        return (type*)wolfSSL_ASN1_item_d2i((void**)dst, src, len, \
+                &type##_template_data); \
     }
 /* // NOLINTEND(readability-named-parameter) */
 
@@ -186,7 +309,9 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
 
 #define BN_to_ASN1_INTEGER          wolfSSL_BN_to_ASN1_INTEGER
 #define ASN1_TYPE_set               wolfSSL_ASN1_TYPE_set
+#define ASN1_TYPE_get               wolfSSL_ASN1_TYPE_get
 #define ASN1_TYPE_new               wolfSSL_ASN1_TYPE_new
 #define ASN1_TYPE_free              wolfSSL_ASN1_TYPE_free
+#define i2d_ASN1_TYPE               wolfSSL_i2d_ASN1_TYPE
 
 #endif /* WOLFSSL_ASN1_H_ */
diff --git a/wolfssl/openssl/asn1t.h b/wolfssl/openssl/asn1t.h
index e7d5affd9a..e74ee26357 100644
--- a/wolfssl/openssl/asn1t.h
+++ b/wolfssl/openssl/asn1t.h
@@ -1,6 +1,6 @@
 /* asn1t.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h
index 9206b092a9..198ca4ebda 100644
--- a/wolfssl/openssl/bio.h
+++ b/wolfssl/openssl/bio.h
@@ -1,6 +1,6 @@
 /* bio.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -61,6 +61,7 @@
 #define BIO_s_file                      wolfSSL_BIO_s_file
 #define BIO_s_bio                       wolfSSL_BIO_s_bio
 #define BIO_s_socket                    wolfSSL_BIO_s_socket
+#define BIO_s_datagram                  wolfSSL_BIO_s_datagram
 #define BIO_s_accept                    wolfSSL_BIO_s_socket
 #define BIO_set_fd                      wolfSSL_BIO_set_fd
 #define BIO_set_close                   wolfSSL_BIO_set_close
@@ -168,7 +169,10 @@
 #define BIO_C_SET_WRITE_BUF_SIZE        136
 #define BIO_C_MAKE_BIO_PAIR             138
 
-#define BIO_CTRL_DGRAM_QUERY_MTU   40
+#define BIO_CTRL_DGRAM_CONNECT       31
+#define BIO_CTRL_DGRAM_SET_CONNECTED 32
+#define BIO_CTRL_DGRAM_QUERY_MTU     40
+#define BIO_CTRL_DGRAM_SET_PEER      44
 
 #define BIO_FP_TEXT                0x00
 #define BIO_NOCLOSE                0x00
diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h
index d5ad52bbc1..6c0373630a 100644
--- a/wolfssl/openssl/bn.h
+++ b/wolfssl/openssl/bn.h
@@ -1,6 +1,6 @@
 /* bn.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/buffer.h b/wolfssl/openssl/buffer.h
index 52a7813ed3..c9f2790203 100644
--- a/wolfssl/openssl/buffer.h
+++ b/wolfssl/openssl/buffer.h
@@ -1,6 +1,6 @@
 /* buffer.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/camellia.h b/wolfssl/openssl/camellia.h
index aa830f5348..0cad9c9ee3 100644
--- a/wolfssl/openssl/camellia.h
+++ b/wolfssl/openssl/camellia.h
@@ -1,6 +1,6 @@
 /* camellia.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/cmac.h b/wolfssl/openssl/cmac.h
index 5ae013c124..dd08497faa 100644
--- a/wolfssl/openssl/cmac.h
+++ b/wolfssl/openssl/cmac.h
@@ -1,6 +1,6 @@
 /* cmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/cms.h b/wolfssl/openssl/cms.h
index 5355c61587..7febb6715e 100644
--- a/wolfssl/openssl/cms.h
+++ b/wolfssl/openssl/cms.h
@@ -1,6 +1,6 @@
 /* cms.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/compat_types.h b/wolfssl/openssl/compat_types.h
index c1afd62e1d..61cc80aeb1 100644
--- a/wolfssl/openssl/compat_types.h
+++ b/wolfssl/openssl/compat_types.h
@@ -1,6 +1,6 @@
 /* compat_types.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,6 +50,8 @@ typedef struct WOLFSSL_EVP_PKEY_CTX   WOLFSSL_EVP_PKEY_CTX;
 typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX;
 typedef struct WOLFSSL_ASN1_PCTX      WOLFSSL_ASN1_PCTX;
 
+typedef struct WOLFSSL_BIO            WOLFSSL_BIO;
+
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 typedef WOLFSSL_EVP_MD         EVP_MD;
 typedef WOLFSSL_EVP_MD_CTX     EVP_MD_CTX;
diff --git a/wolfssl/openssl/conf.h b/wolfssl/openssl/conf.h
index 7c3d721067..4e9115f95f 100644
--- a/wolfssl/openssl/conf.h
+++ b/wolfssl/openssl/conf.h
@@ -1,6 +1,6 @@
 /* conf.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h
index a787da28d1..e436e938c8 100644
--- a/wolfssl/openssl/crypto.h
+++ b/wolfssl/openssl/crypto.h
@@ -1,6 +1,6 @@
 /* crypto.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/des.h b/wolfssl/openssl/des.h
index ca0be35908..0f385a6d99 100644
--- a/wolfssl/openssl/des.h
+++ b/wolfssl/openssl/des.h
@@ -1,6 +1,6 @@
 /* des.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h
index eacd033c90..ae0f02683a 100644
--- a/wolfssl/openssl/dh.h
+++ b/wolfssl/openssl/dh.h
@@ -1,6 +1,6 @@
 /* dh.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,6 +67,9 @@ WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH* dh);
 WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH* dh);
 WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* pub,
                                      WOLFSSL_DH* dh);
+WOLFSSL_API int wolfSSL_DH_compute_key_padded(unsigned char* key,
+                                const WOLFSSL_BIGNUM* otherPub, WOLFSSL_DH* dh);
+
 WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf,
                                    int derSz);
 WOLFSSL_API int wolfSSL_DH_set_length(WOLFSSL_DH* dh, long len);
@@ -91,6 +94,7 @@ typedef WOLFSSL_DH                   DH;
 #define DH_size         wolfSSL_DH_size
 #define DH_generate_key wolfSSL_DH_generate_key
 #define DH_compute_key  wolfSSL_DH_compute_key
+#define DH_compute_key_padded wolfSSL_DH_compute_key_padded
 #define DH_set_length   wolfSSL_DH_set_length
 #define DH_set0_pqg     wolfSSL_DH_set0_pqg
 #define DH_get0_pqg     wolfSSL_DH_get0_pqg
diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h
index 5a8c31c708..76a1252e1f 100644
--- a/wolfssl/openssl/dsa.h
+++ b/wolfssl/openssl/dsa.h
@@ -1,6 +1,6 @@
 /* dsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h
index da988c6a94..c7b0cfffa9 100644
--- a/wolfssl/openssl/ec.h
+++ b/wolfssl/openssl/ec.h
@@ -1,6 +1,6 @@
 /* ec.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,6 +26,7 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/ecc.h>
 
@@ -205,6 +206,9 @@ WOLFSSL_API
 int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key,
                               const unsigned char* der, int derSz, int opt);
 WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
+        WOLFSSL_EC_KEY **out);
+WOLFSSL_API
 void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
 WOLFSSL_API
 WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
@@ -371,6 +375,8 @@ typedef WOLFSSL_EC_KEY_METHOD         EC_KEY_METHOD;
 #define EC_KEY_check_key                wolfSSL_EC_KEY_check_key
 #define EC_KEY_print_fp                 wolfSSL_EC_KEY_print_fp
 
+#define d2i_EC_PUBKEY_bio               wolfSSL_d2i_EC_PUBKEY_bio
+
 #define ECDSA_size                      wolfSSL_ECDSA_size
 #define ECDSA_sign                      wolfSSL_ECDSA_sign
 #define ECDSA_verify                    wolfSSL_ECDSA_verify
@@ -424,6 +430,7 @@ typedef WOLFSSL_EC_KEY_METHOD         EC_KEY_METHOD;
 #define i2d_ECPrivateKey                wolfSSL_i2d_ECPrivateKey
 #define EC_KEY_set_conv_form            wolfSSL_EC_KEY_set_conv_form
 #define EC_KEY_get_conv_form            wolfSSL_EC_KEY_get_conv_form
+#define d2i_ECPKParameters              wolfSSL_d2i_ECPKParameters
 
 #define EC_POINT_point2hex              wolfSSL_EC_POINT_point2hex
 #define EC_POINT_hex2point              wolfSSL_EC_POINT_hex2point
diff --git a/wolfssl/openssl/ec25519.h b/wolfssl/openssl/ec25519.h
index 6090311068..0421ce83ba 100644
--- a/wolfssl/openssl/ec25519.h
+++ b/wolfssl/openssl/ec25519.h
@@ -1,6 +1,6 @@
 /* ec25519.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ec448.h b/wolfssl/openssl/ec448.h
index 06ce1ddfc4..89a9e1cc94 100644
--- a/wolfssl/openssl/ec448.h
+++ b/wolfssl/openssl/ec448.h
@@ -1,6 +1,6 @@
 /* ec448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ecdh.h b/wolfssl/openssl/ecdh.h
index 9f816b25fe..74b8c910e7 100644
--- a/wolfssl/openssl/ecdh.h
+++ b/wolfssl/openssl/ecdh.h
@@ -1,6 +1,6 @@
 /* ecdh.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h
index 385e5c06b2..704f56d00f 100644
--- a/wolfssl/openssl/ecdsa.h
+++ b/wolfssl/openssl/ecdsa.h
@@ -1,6 +1,6 @@
 /* ecdsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ed25519.h b/wolfssl/openssl/ed25519.h
index a4f2a3ac4e..d4c1b1b913 100644
--- a/wolfssl/openssl/ed25519.h
+++ b/wolfssl/openssl/ed25519.h
@@ -1,6 +1,6 @@
 /* ed25519.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ed448.h b/wolfssl/openssl/ed448.h
index 2d2b4b74eb..3c9786264f 100644
--- a/wolfssl/openssl/ed448.h
+++ b/wolfssl/openssl/ed448.h
@@ -1,6 +1,6 @@
 /* ed448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h
index 178afa5f47..2af6407848 100644
--- a/wolfssl/openssl/err.h
+++ b/wolfssl/openssl/err.h
@@ -1,6 +1,6 @@
 /* err.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h
index 346cefc65d..fbfea201a1 100644
--- a/wolfssl/openssl/evp.h
+++ b/wolfssl/openssl/evp.h
@@ -1,6 +1,6 @@
 /* evp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -722,6 +722,8 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx);
 WOLFSSL_API int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
   WOLFSSL_EVP_PKEY **ppkey);
 WOLFSSL_API int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey,
+                                      const char *name);
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 WOLFSSL_API void wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx);
 #else
@@ -1111,6 +1113,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define EVP_PKEY_keygen                wolfSSL_EVP_PKEY_keygen
 #define EVP_PKEY_keygen_init           wolfSSL_EVP_PKEY_keygen_init
 #define EVP_PKEY_bits                  wolfSSL_EVP_PKEY_bits
+#define EVP_PKEY_is_a                  wolfSSL_EVP_PKEY_is_a
 #define EVP_PKEY_CTX_free              wolfSSL_EVP_PKEY_CTX_free
 #define EVP_PKEY_CTX_new               wolfSSL_EVP_PKEY_CTX_new
 #define EVP_PKEY_CTX_set_rsa_padding   wolfSSL_EVP_PKEY_CTX_set_rsa_padding
diff --git a/wolfssl/openssl/fips_rand.h b/wolfssl/openssl/fips_rand.h
index 586a9574cd..58f21b3419 100644
--- a/wolfssl/openssl/fips_rand.h
+++ b/wolfssl/openssl/fips_rand.h
@@ -1,6 +1,6 @@
 /* fips_rand.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/hmac.h b/wolfssl/openssl/hmac.h
index 818c8609c1..71a473b4fc 100644
--- a/wolfssl/openssl/hmac.h
+++ b/wolfssl/openssl/hmac.h
@@ -1,6 +1,6 @@
 /* hmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am
index dee416cd5f..84e0dbb1f3 100644
--- a/wolfssl/openssl/include.am
+++ b/wolfssl/openssl/include.am
@@ -46,6 +46,7 @@ nobase_include_HEADERS+= \
                          wolfssl/openssl/pkcs7.h \
                          wolfssl/openssl/rand.h \
                          wolfssl/openssl/rsa.h \
+                         wolfssl/openssl/safestack.h \
                          wolfssl/openssl/sha.h \
                          wolfssl/openssl/sha3.h \
                          wolfssl/openssl/srp.h \
diff --git a/wolfssl/openssl/kdf.h b/wolfssl/openssl/kdf.h
index 29537df199..08d8327a77 100644
--- a/wolfssl/openssl/kdf.h
+++ b/wolfssl/openssl/kdf.h
@@ -1,6 +1,6 @@
 /* kdf.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/lhash.h b/wolfssl/openssl/lhash.h
index 06c62a295e..4c1637a6e2 100644
--- a/wolfssl/openssl/lhash.h
+++ b/wolfssl/openssl/lhash.h
@@ -1,6 +1,6 @@
 /* lhash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/md4.h b/wolfssl/openssl/md4.h
index e1f8b9ee83..d478e9622b 100644
--- a/wolfssl/openssl/md4.h
+++ b/wolfssl/openssl/md4.h
@@ -1,6 +1,6 @@
 /* md4.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/md5.h b/wolfssl/openssl/md5.h
index 81b60002e9..62533a9ffc 100644
--- a/wolfssl/openssl/md5.h
+++ b/wolfssl/openssl/md5.h
@@ -1,6 +1,6 @@
 /* md5.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/modes.h b/wolfssl/openssl/modes.h
index 3288f50fa5..e6a584c70f 100644
--- a/wolfssl/openssl/modes.h
+++ b/wolfssl/openssl/modes.h
@@ -1,6 +1,6 @@
 /* modes.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/obj_mac.h b/wolfssl/openssl/obj_mac.h
index f3fcd859c4..b083f049dc 100644
--- a/wolfssl/openssl/obj_mac.h
+++ b/wolfssl/openssl/obj_mac.h
@@ -1,6 +1,6 @@
 /* obj_mac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/objects.h b/wolfssl/openssl/objects.h
index 5f8d8f7c00..08640fbf67 100644
--- a/wolfssl/openssl/objects.h
+++ b/wolfssl/openssl/objects.h
@@ -1,6 +1,6 @@
 /* objects.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ocsp.h b/wolfssl/openssl/ocsp.h
index 8cd3372325..28eb1597aa 100644
--- a/wolfssl/openssl/ocsp.h
+++ b/wolfssl/openssl/ocsp.h
@@ -1,6 +1,6 @@
 /* ocsp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,12 +27,16 @@
 #ifdef HAVE_OCSP
 #include <wolfssl/ocsp.h>
 
-#define OCSP_REQUEST              OcspRequest
-#define OCSP_RESPONSE             OcspResponse
-#define OCSP_BASICRESP            WOLFSSL_OCSP_BASICRESP
-#define OCSP_SINGLERESP           WOLFSSL_OCSP_SINGLERESP
-#define OCSP_CERTID               WOLFSSL_OCSP_CERTID
-#define OCSP_ONEREQ               WOLFSSL_OCSP_ONEREQ
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\
+    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
+typedef OcspRequest                      OCSP_REQUEST;
+typedef OcspResponse                     OCSP_RESPONSE;
+typedef WOLFSSL_OCSP_BASICRESP           OCSP_BASICRESP;
+typedef WOLFSSL_OCSP_SINGLERESP          OCSP_SINGLERESP;
+typedef WOLFSSL_OCSP_CERTID              OCSP_CERTID;
+typedef WOLFSSL_OCSP_ONEREQ              OCSP_ONEREQ;
+typedef WOLFSSL_OCSP_REQ_CTX             OCSP_REQ_CTX;
+#endif
 
 #define OCSP_REVOKED_STATUS_NOSTATUS     (-1)
 
@@ -85,6 +89,15 @@
 #define OCSP_resp_count           wolfSSL_OCSP_resp_count
 #define OCSP_resp_get0            wolfSSL_OCSP_resp_get0
 
+#define OCSP_REQ_CTX_new          wolfSSL_OCSP_REQ_CTX_new
+#define OCSP_REQ_CTX_free         wolfSSL_OCSP_REQ_CTX_free
+#define OCSP_sendreq_new          wolfSSL_OCSP_sendreq_new
+#define OCSP_REQ_CTX_set1_req     wolfSSL_OCSP_REQ_CTX_set1_req
+#define OCSP_REQ_CTX_add1_header  wolfSSL_OCSP_REQ_CTX_add1_header
+#define OCSP_REQ_CTX_http         wolfSSL_OCSP_REQ_CTX_http
+#define OCSP_REQ_CTX_nbio         wolfSSL_OCSP_REQ_CTX_nbio
+#define OCSP_sendreq_nbio         wolfSSL_OCSP_sendreq_nbio
+
 #endif /* HAVE_OCSP */
 
 #endif /* WOLFSSL_OCSP_H_ */
diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h
index f68b6cafb3..481f74ee39 100644
--- a/wolfssl/openssl/opensslv.h
+++ b/wolfssl/openssl/opensslv.h
@@ -1,6 +1,6 @@
 /* opensslv.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,32 +34,41 @@
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L)
-     /* valid version */
+    /* valid version */
+#elif defined(OPENSSL_VERSION_NUMBER)
+    /* unrecognized version, but continue. */
+    #define WOLFSSL_OPENSSL_VERSION_NUMBER_UNRECOGNIZED
+#elif defined(HAVE_MOSQUITTO)
+    #define OPENSSL_VERSION_NUMBER 0x10100000L
 #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \
       defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \
       defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL) || \
       defined(WOLFSSL_OPENSSH)
     /* For Apache httpd, Use 1.1.0 compatibility */
-     #define OPENSSL_VERSION_NUMBER 0x10100003L
-#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) || defined(WOLFSSL_KRB)
+    #define OPENSSL_VERSION_NUMBER 0x10100003L
+#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON)
     /* For Qt and Python 3.8.5 compatibility */
-     #define OPENSSL_VERSION_NUMBER 0x10101000L
+    #define OPENSSL_VERSION_NUMBER 0x10101000L
 #elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG)
-     #define OPENSSL_VERSION_NUMBER 0x1010000fL
+    #define OPENSSL_VERSION_NUMBER 0x1010000fL
 #elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENVPN)
-     /* version number can be increased for Lighty after compatibility for ECDH
-        is added */
-     #define OPENSSL_VERSION_NUMBER 0x10001040L
+    defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_OPENVPN)
+    /* version number can be increased for Lighty after compatibility for ECDH
+       is added */
+    #define OPENSSL_VERSION_NUMBER 0x10001040L
 #else
-     #define OPENSSL_VERSION_NUMBER 0x0090810fL
+    #define OPENSSL_VERSION_NUMBER 0x0090810fL
 #endif
 
-#define OPENSSL_VERSION_TEXT             "wolfSSL " LIBWOLFSSL_VERSION_STRING
-#define OPENSSL_VERSION                  0
+#ifndef OPENSSL_VERSION_TEXT
+    #define OPENSSL_VERSION_TEXT "wolfSSL " LIBWOLFSSL_VERSION_STRING
+#endif
+#ifndef OPENSSL_VERSION
+    #define OPENSSL_VERSION 0
+#endif
 
 #ifndef OPENSSL_IS_WOLFSSL
-#define OPENSSL_IS_WOLFSSL
+    #define OPENSSL_IS_WOLFSSL
 #endif
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
diff --git a/wolfssl/openssl/ossl_typ.h b/wolfssl/openssl/ossl_typ.h
index 85b83c3f43..8214fa3c8c 100644
--- a/wolfssl/openssl/ossl_typ.h
+++ b/wolfssl/openssl/ossl_typ.h
@@ -1,6 +1,6 @@
 /* ossl_typ.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h
index 221e8d6f97..0cfaedd0d3 100644
--- a/wolfssl/openssl/pem.h
+++ b/wolfssl/openssl/pem.h
@@ -1,6 +1,6 @@
 /* pem.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -56,6 +56,8 @@ WOLFSSL_API
 WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
                                              WOLFSSL_RSA** rsa,
                                              wc_pem_password_cb* cb, void *u);
+WOLFSSL_API
+WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out);
 
 WOLFSSL_API
 WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
@@ -63,6 +65,10 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
                                                       wc_pem_password_cb* cb,
                                                       void* pass);
 WOLFSSL_API
+WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
+                                             const unsigned char **in,
+                                             long len);
+WOLFSSL_API
 int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa,
                                         const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
@@ -243,12 +249,12 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_write_bio_RSA_PUBKEY        wolfSSL_PEM_write_bio_RSA_PUBKEY
 #define PEM_read_bio_RSA_PUBKEY         wolfSSL_PEM_read_bio_RSA_PUBKEY
 #define PEM_read_bio_RSAPublicKey       wolfSSL_PEM_read_bio_RSA_PUBKEY
-#define PEM_read_bio_ECPKParameters     wolfSSL_PEM_read_bio_ECPKParameters
 #define PEM_write_RSAPrivateKey         wolfSSL_PEM_write_RSAPrivateKey
 #define PEM_write_RSA_PUBKEY            wolfSSL_PEM_write_RSA_PUBKEY
 #define PEM_read_RSA_PUBKEY             wolfSSL_PEM_read_RSA_PUBKEY
 #define PEM_write_RSAPublicKey          wolfSSL_PEM_write_RSAPublicKey
 #define PEM_read_RSAPublicKey           wolfSSL_PEM_read_RSAPublicKey
+#define d2i_RSA_PUBKEY_bio              wolfSSL_d2i_RSA_PUBKEY_bio
 /* DSA */
 #define PEM_write_bio_DSAPrivateKey     wolfSSL_PEM_write_bio_DSAPrivateKey
 #define PEM_write_DSAPrivateKey         wolfSSL_PEM_write_DSAPrivateKey
@@ -263,6 +269,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_write_ECPrivateKey          wolfSSL_PEM_write_ECPrivateKey
 #define PEM_read_bio_ECPrivateKey       wolfSSL_PEM_read_bio_ECPrivateKey
 #define PEM_read_bio_EC_PUBKEY          wolfSSL_PEM_read_bio_EC_PUBKEY
+#define PEM_read_bio_ECPKParameters     wolfSSL_PEM_read_bio_ECPKParameters
 #ifndef NO_WOLFSSL_STUB
 #define PEM_write_bio_ECPKParameters(...) 0
 #endif
diff --git a/wolfssl/openssl/pkcs12.h b/wolfssl/openssl/pkcs12.h
index 28a0a37805..d82954da99 100644
--- a/wolfssl/openssl/pkcs12.h
+++ b/wolfssl/openssl/pkcs12.h
@@ -1,6 +1,6 @@
 /* pkcs12.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/pkcs7.h b/wolfssl/openssl/pkcs7.h
index 41f890163b..9a53b89a5e 100644
--- a/wolfssl/openssl/pkcs7.h
+++ b/wolfssl/openssl/pkcs7.h
@@ -1,6 +1,6 @@
 /* pkcs7.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h
index cc0d72ac96..c88cd128f7 100644
--- a/wolfssl/openssl/rand.h
+++ b/wolfssl/openssl/rand.h
@@ -1,6 +1,6 @@
 /* rand.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/rc4.h b/wolfssl/openssl/rc4.h
index ca56ac8253..cef9330e38 100644
--- a/wolfssl/openssl/rc4.h
+++ b/wolfssl/openssl/rc4.h
@@ -1,6 +1,6 @@
 /* rc4.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ripemd.h b/wolfssl/openssl/ripemd.h
index 7ba600d9a1..a7c4247931 100644
--- a/wolfssl/openssl/ripemd.h
+++ b/wolfssl/openssl/ripemd.h
@@ -1,6 +1,6 @@
 /* ripemd.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h
index 7284948ad4..a248b23074 100644
--- a/wolfssl/openssl/rsa.h
+++ b/wolfssl/openssl/rsa.h
@@ -1,6 +1,6 @@
 /* rsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,6 +28,7 @@
 #include <wolfssl/openssl/bn.h>
 #include <wolfssl/openssl/err.h>
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/rsa.h>
 
 #ifdef __cplusplus
     extern "C" {
@@ -240,6 +241,9 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 
 #define RSA_F4             WOLFSSL_RSA_F4
 
+#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE
+#define OPENSSL_RSA_MAX_PUBEXP_BITS  RSA_MAX_SIZE
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/safestack.h b/wolfssl/openssl/safestack.h
new file mode 100644
index 0000000000..ee1f8728f8
--- /dev/null
+++ b/wolfssl/openssl/safestack.h
@@ -0,0 +1,40 @@
+/* safestack.h
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* stack.h for openSSL */
+
+#ifndef WOLFSSL_SAFESTACK_H_
+#define WOLFSSL_SAFESTACK_H_
+
+#include <wolfssl/openssl/compat_types.h>
+#include <wolfssl/openssl/ssl.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h
index ab38c5c096..f9bc1a5869 100644
--- a/wolfssl/openssl/sha.h
+++ b/wolfssl/openssl/sha.h
@@ -1,6 +1,6 @@
 /* sha.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/sha3.h b/wolfssl/openssl/sha3.h
index 4407bca61c..c2f5535c0d 100644
--- a/wolfssl/openssl/sha3.h
+++ b/wolfssl/openssl/sha3.h
@@ -1,6 +1,6 @@
 /* sha3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/srp.h b/wolfssl/openssl/srp.h
index b60981d769..097cf51289 100644
--- a/wolfssl/openssl/srp.h
+++ b/wolfssl/openssl/srp.h
@@ -1,6 +1,6 @@
 /* srp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 0fbf621b7d..ef65f60ea9 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -1,6 +1,6 @@
 /* ssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -82,6 +82,7 @@ typedef WOLFSSL_CTX      SSL_CTX;
 
 typedef WOLFSSL_X509       X509;
 typedef WOLFSSL_X509       X509_REQ;
+typedef WOLFSSL_X509       X509_REQ_INFO;
 typedef WOLFSSL_X509_NAME  X509_NAME;
 typedef WOLFSSL_X509_INFO  X509_INFO;
 typedef WOLFSSL_X509_CHAIN X509_CHAIN;
@@ -99,6 +100,7 @@ typedef WOLFSSL_CIPHER         SSL_CIPHER;
 typedef WOLFSSL_X509_LOOKUP    X509_LOOKUP;
 typedef WOLFSSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
 typedef WOLFSSL_X509_CRL       X509_CRL;
+typedef WOLFSSL_X509_ACERT     X509_ACERT;
 typedef WOLFSSL_X509_EXTENSION X509_EXTENSION;
 typedef WOLFSSL_X509_PUBKEY    X509_PUBKEY;
 typedef WOLFSSL_X509_ALGOR     X509_ALGOR;
@@ -214,6 +216,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_CTX_set_ecdh_auto           wolfSSL_CTX_set_ecdh_auto
 
 #define i2d_PUBKEY                      wolfSSL_i2d_PUBKEY
+#define i2d_X509_PUBKEY                 wolfSSL_i2d_X509_PUBKEY
 #define d2i_PUBKEY                      wolfSSL_d2i_PUBKEY
 #define d2i_PUBKEY_bio                  wolfSSL_d2i_PUBKEY_bio
 #define d2i_PublicKey                   wolfSSL_d2i_PublicKey
@@ -254,6 +257,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_F_X509_CHECK_PRIVATE_KEY   128
 
 #ifdef WOLFSSL_DTLS
+    #define DTLS_client_method          wolfDTLS_client_method
+    #define DTLS_server_method          wolfDTLS_server_method
     #define DTLSv1_client_method        wolfDTLSv1_client_method
     #define DTLSv1_server_method        wolfDTLSv1_server_method
     #define DTLSv1_2_client_method      wolfDTLSv1_2_client_method
@@ -265,13 +270,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #ifndef NO_FILESYSTEM
     #define SSL_CTX_use_certificate_file      wolfSSL_CTX_use_certificate_file
     #define SSL_CTX_use_PrivateKey_file       wolfSSL_CTX_use_PrivateKey_file
-#ifdef WOLFSSL_APACHE_HTTPD
-    #define SSL_CTX_load_verify_locations(ctx,file,path) \
-        wolfSSL_CTX_load_verify_locations_ex(ctx,file,path,\
-                                                   WOLFSSL_LOAD_FLAG_IGNORE_ERR)
-#else
-    #define SSL_CTX_load_verify_locations     wolfSSL_CTX_load_verify_locations
-#endif
+    #define SSL_CTX_load_verify_locations     wolfSSL_CTX_load_verify_locations_compat
     #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths
     #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file
     #define SSL_CTX_use_RSAPrivateKey_file    wolfSSL_CTX_use_RSAPrivateKey_file
@@ -400,7 +399,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
 #define SSL_SESSION_get_max_early_data  wolfSSL_SESSION_get_max_early_data
 
-#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
     #define SSL_MODE_RELEASE_BUFFERS     0x00000010U
     #define ASN1_BOOLEAN                 WOLFSSL_ASN1_BOOLEAN
     #define X509_get_ext                 wolfSSL_X509_get_ext
@@ -429,6 +428,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define d2i_X509_fp                     wolfSSL_d2i_X509_fp
 #define i2d_X509                        wolfSSL_i2d_X509
 #define d2i_X509                        wolfSSL_d2i_X509
+#define d2i_X509_REQ_INFO               wolfSSL_d2i_X509_REQ_INFO
 #define PEM_read_bio_X509               wolfSSL_PEM_read_bio_X509
 #define PEM_read_bio_X509_REQ           wolfSSL_PEM_read_bio_X509_REQ
 #define PEM_read_X509_REQ               wolfSSL_PEM_read_X509_REQ
@@ -446,6 +446,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define d2i_X509_REQ                    wolfSSL_d2i_X509_REQ
 #define X509_REQ_new                    wolfSSL_X509_REQ_new
 #define X509_REQ_free                   wolfSSL_X509_REQ_free
+#define X509_REQ_INFO_free              wolfSSL_X509_REQ_free
 #define X509_REQ_sign                   wolfSSL_X509_REQ_sign
 #define X509_REQ_sign_ctx               wolfSSL_X509_REQ_sign_ctx
 #define X509_REQ_add_extensions         wolfSSL_X509_REQ_add_extensions
@@ -491,6 +492,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_get0_notAfter              wolfSSL_X509_get_notAfter
 #define X509_getm_notAfter              wolfSSL_X509_get_notAfter
 #define X509_get_serialNumber           wolfSSL_X509_get_serialNumber
+#define X509_get0_serialNumber          wolfSSL_X509_get_serialNumber
 #define X509_get0_pubkey_bitstr         wolfSSL_X509_get0_pubkey_bitstr
 #define X509_get_ex_new_index           wolfSSL_X509_get_ex_new_index
 #define X509_get_ex_data                wolfSSL_X509_get_ex_data
@@ -533,6 +535,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_dup                        wolfSSL_X509_dup
 #define X509_add_ext                    wolfSSL_X509_add_ext
 #define X509_delete_ext                 wolfSSL_X509_delete_ext
+#define X509_get0_subject_key_id        wolfSSL_X509_get0_subject_key_id
 
 #define X509_EXTENSION_get_object       wolfSSL_X509_EXTENSION_get_object
 #define X509_EXTENSION_get_data         wolfSSL_X509_EXTENSION_get_data
@@ -566,6 +569,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define sk_X509_EXTENSION_new_null      wolfSSL_sk_X509_EXTENSION_new_null
 #define sk_X509_EXTENSION_pop_free      wolfSSL_sk_X509_EXTENSION_pop_free
 #define sk_X509_EXTENSION_push          wolfSSL_sk_X509_EXTENSION_push
+#define sk_X509_EXTENSION_free          wolfSSL_sk_X509_EXTENSION_free
 
 #define X509_INFO_new                   wolfSSL_X509_INFO_new
 #define X509_INFO_free                  wolfSSL_X509_INFO_free
@@ -647,6 +651,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT WOLFSSL_ALWAYS_CHECK_SUBJECT
 #define X509_CHECK_FLAG_NO_WILDCARDS         WOLFSSL_NO_WILDCARDS
 #define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS WOLFSSL_NO_PARTIAL_WILDCARDS
+#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS WOLFSSL_MULTI_LABEL_WILDCARDS
 
 #define X509_VP_FLAG_DEFAULT        WOLFSSL_VPARAM_DEFAULT
 #define X509_VP_FLAG_OVERWRITE      WOLFSSL_VPARAM_OVERWRITE
@@ -698,6 +703,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_STORE_set_ex_data          wolfSSL_X509_STORE_set_ex_data
 #define X509_STORE_get_ex_data          wolfSSL_X509_STORE_get_ex_data
 #define X509_STORE_get0_param           wolfSSL_X509_STORE_get0_param
+#define X509_STORE_set1_param           wolfSSL_X509_STORE_set1_param
 #define X509_STORE_CTX_get1_issuer      wolfSSL_X509_STORE_CTX_get1_issuer
 #define X509_STORE_CTX_set_time         wolfSSL_X509_STORE_CTX_set_time
 #define X509_STORE_CTX_get0_param       wolfSSL_X509_STORE_CTX_get0_param
@@ -712,7 +718,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_VERIFY_PARAM_set1_ip_asc   wolfSSL_X509_VERIFY_PARAM_set1_ip_asc
 #define X509_VERIFY_PARAM_set1_ip       wolfSSL_X509_VERIFY_PARAM_set1_ip
 #define X509_VERIFY_PARAM_set1          wolfSSL_X509_VERIFY_PARAM_set1
+#define X509_VERIFY_PARAM_lookup        wolfSSL_X509_VERIFY_PARAM_lookup
+#define X509_VERIFY_PARAM_inherit       wolfSSL_X509_VERIFY_PARAM_inherit
 #define X509_STORE_load_locations       wolfSSL_X509_STORE_load_locations
+#define X509_STORE_get0_param           wolfSSL_X509_STORE_get0_param
 
 #define X509_LOOKUP_add_dir             wolfSSL_X509_LOOKUP_add_dir
 #define X509_LOOKUP_load_file           wolfSSL_X509_LOOKUP_load_file
@@ -737,6 +746,14 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_CRL_get_version            wolfSSL_X509_CRL_version
 #define X509_load_crl_file              wolfSSL_X509_load_crl_file
 
+#define X509_ACERT_free                 wolfSSL_X509_ACERT_free
+#define X509_ACERT_get_version          wolfSSL_X509_ACERT_get_version
+#define X509_ACERT_get_signature_nid    wolfSSL_X509_ACERT_get_signature_nid
+#define X509_ACERT_print                wolfSSL_X509_ACERT_print
+#define X509_ACERT_verify               wolfSSL_X509_ACERT_verify
+#define X509_ACERT_sign                 wolfSSL_X509_ACERT_sign
+#define PEM_read_bio_X509_ACERT         wolfSSL_PEM_read_bio_X509_ACERT
+
 #define X509_get_X509_PUBKEY            wolfSSL_X509_get_X509_PUBKEY
 #define X509_REQ_get_X509_PUBKEY        wolfSSL_X509_get_X509_PUBKEY
 #define X509_get0_tbs_sigalg            wolfSSL_X509_get0_tbs_sigalg
@@ -748,6 +765,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define X509_ALGOR_new                  wolfSSL_X509_ALGOR_new
 #define X509_ALGOR_free                 wolfSSL_X509_ALGOR_free
+#define i2d_X509_ALGOR                  wolfSSL_i2d_X509_ALGOR
+#define d2i_X509_ALGOR                  wolfSSL_d2i_X509_ALGOR
 #define X509_PUBKEY_new                 wolfSSL_X509_PUBKEY_new
 #define X509_PUBKEY_free                wolfSSL_X509_PUBKEY_free
 
@@ -784,7 +803,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define BIO_pop                         wolfSSL_BIO_pop
 #define BIO_flush                       wolfSSL_BIO_flush
 #define BIO_pending                     wolfSSL_BIO_pending
-
+#define BIO_number_read                 wolfSSL_BIO_number_read
+#define BIO_number_written              wolfSSL_BIO_number_written
+#define BIO_reset                       wolfSSL_BIO_reset
 #define BIO_get_mem_data                wolfSSL_BIO_get_mem_data
 #define BIO_new_mem_buf                 wolfSSL_BIO_new_mem_buf
 
@@ -792,6 +813,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define BIO_set_write_buffer_size       wolfSSL_BIO_set_write_buffer_size
 #define BIO_f_ssl                       wolfSSL_BIO_f_ssl
 #define BIO_new_socket                  wolfSSL_BIO_new_socket
+#define BIO_new_dgram                   wolfSSL_BIO_new_dgram
 #define BIO_new_connect                 wolfSSL_BIO_new_connect
 #define BIO_new_accept                  wolfSSL_BIO_new_accept
 #define BIO_set_conn_port               wolfSSL_BIO_set_conn_port
@@ -800,6 +822,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define BIO_do_handshake                wolfSSL_BIO_do_handshake
 #define BIO_ssl_shutdown                wolfSSL_BIO_ssl_shutdown
 #define SSL_set_bio                     wolfSSL_set_bio
+#define SSL_set0_rbio                   wolfSSL_set_rbio
+#define SSL_set0_wbio                   wolfSSL_set_wbio
 #define BIO_method_type                 wolfSSL_BIO_method_type
 #define BIO_set_ssl                     wolfSSL_BIO_set_ssl
 #define BIO_get_ssl                     wolfSSL_BIO_get_ssl
@@ -835,10 +859,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define COMP_zlib                       wolfSSL_COMP_zlib
 #define COMP_rle                        wolfSSL_COMP_rle
 #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method
-
-#define SSL_get_current_compression(ssl) 0
-#define SSL_get_current_expansion(ssl) 0
 #define SSL_COMP_get_name               wolfSSL_COMP_get_name
+#define SSL_get_current_compression     wolfSSL_get_current_compression
+#define SSL_get_current_expansion       wolfSSL_get_current_expansion
 
 #define SSL_get_ex_new_index            wolfSSL_get_ex_new_index
 #define RSA_get_ex_new_index            wolfSSL_get_ex_new_index
@@ -847,6 +870,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_BIT_STRING_free            wolfSSL_ASN1_BIT_STRING_free
 #define ASN1_BIT_STRING_get_bit         wolfSSL_ASN1_BIT_STRING_get_bit
 #define ASN1_BIT_STRING_set_bit         wolfSSL_ASN1_BIT_STRING_set_bit
+#define i2d_ASN1_BIT_STRING             wolfSSL_i2d_ASN1_BIT_STRING
+#define d2i_ASN1_BIT_STRING             wolfSSL_d2i_ASN1_BIT_STRING
 
 #define sk_ASN1_OBJECT_free             wolfSSL_sk_ASN1_OBJECT_free
 
@@ -866,6 +891,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #endif
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 #define ASN1_TIME_set_string            wolfSSL_ASN1_TIME_set_string
+#define ASN1_TIME_set_string_X509       wolfSSL_ASN1_TIME_set_string_X509
 #define ASN1_GENERALIZEDTIME_set_string wolfSSL_ASN1_TIME_set_string
 #define ASN1_GENERALIZEDTIME_print      wolfSSL_ASN1_GENERALIZEDTIME_print
 
@@ -903,6 +929,22 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_STRING_set_default_mask_asc(...) 1
 #endif
 
+#define ASN1_GENERALSTRING              WOLFSSL_ASN1_STRING
+#define ASN1_GENERALSTRING_new          wolfSSL_ASN1_STRING_new
+#define ASN1_GENERALSTRING_free         wolfSSL_ASN1_STRING_free
+#define ASN1_GENERALSTRING_set          wolfSSL_ASN1_STRING_set
+#define i2d_ASN1_GENERALSTRING          wolfSSL_i2d_ASN1_GENERALSTRING
+#define i2d_ASN1_OCTET_STRING           wolfSSL_i2d_ASN1_OCTET_STRING
+#define i2d_ASN1_UTF8STRING             wolfSSL_i2d_ASN1_UTF8STRING
+#define i2d_ASN1_SEQUENCE               wolfSSL_i2d_ASN1_SEQUENCE
+#define d2i_ASN1_GENERALSTRING          wolfSSL_d2i_ASN1_GENERALSTRING
+#define d2i_ASN1_OCTET_STRING           wolfSSL_d2i_ASN1_OCTET_STRING
+#define d2i_ASN1_UTF8STRING             wolfSSL_d2i_ASN1_UTF8STRING
+
+#define sk_ASN1_GENERALSTRING_num       wolfSSL_sk_num
+#define sk_ASN1_GENERALSTRING_value     wolfSSL_sk_value
+#define sk_ASN1_GENERALSTRING_push      wolfSSL_sk_push
+
 #define ASN1_OCTET_STRING               WOLFSSL_ASN1_STRING
 #define ASN1_OCTET_STRING_new           wolfSSL_ASN1_STRING_new
 #define ASN1_OCTET_STRING_free          wolfSSL_ASN1_STRING_free
@@ -1149,6 +1191,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define DTLSv1_get_timeout(ssl, timeleft)   wolfSSL_DTLSv1_get_timeout((ssl), (WOLFSSL_TIMEVAL*)(timeleft))
 #define DTLSv1_handle_timeout               wolfSSL_DTLSv1_handle_timeout
 #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration
+#define SSL_set_mtu                         wolfSSL_set_mtu_compat
 
 /* DTLS SRTP */
 #ifdef WOLFSSL_SRTP
@@ -1201,6 +1244,10 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define sk_SSL_CIPHER_free              wolfSSL_sk_SSL_CIPHER_free
 #define sk_SSL_CIPHER_find              wolfSSL_sk_SSL_CIPHER_find
 
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+#define SSL_get0_peername wolfSSL_get0_peername
+#endif
+
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
     || defined(WOLFSSL_NGINX)
 #include <wolfssl/openssl/pem.h>
@@ -1209,7 +1256,6 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define SSL_R_SHORT_READ     10
 #define ERR_R_PEM_LIB        9
 #define SSL_CTRL_MODE        33
-
 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
 
 #define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL)
@@ -1229,6 +1275,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
                                                                   (char *)(arg))
 #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY */
 
+#define SSL_CTX_set_dh_auto             wolfSSL_CTX_set_dh_auto
 #define SSL_CTX_set_tmp_dh              wolfSSL_CTX_set_tmp_dh
 
 #define TLSEXT_STATUSTYPE_ocsp  1
@@ -1515,10 +1562,8 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define PEM_R_BAD_DECRYPT               (-MIN_CODE_E + 4)
 #define ASN1_R_HEADER_TOO_LONG          (-MIN_CODE_E + 5)
 
+#define ERR_LIB_SYS             2
 #define ERR_LIB_RSA             4
-#define ERR_LIB_EC              16
-#define ERR_LIB_SSL             20
-#define ERR_LIB_PKCS12          35
 #define ERR_LIB_PEM             9
 #define ERR_LIB_X509            10
 #define ERR_LIB_EVP             11
@@ -1526,6 +1571,9 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define ERR_LIB_DIGEST          13
 #define ERR_LIB_CIPHER          14
 #define ERR_LIB_USER            15
+#define ERR_LIB_EC              16
+#define ERR_LIB_SSL             20
+#define ERR_LIB_PKCS12          35
 
 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
     defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
@@ -1692,11 +1740,16 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define OpenSSL_version(x)              wolfSSL_OpenSSL_version()
 #endif
 
+#define X509_OBJECT_retrieve_by_subject wolfSSL_X509_OBJECT_retrieve_by_subject
+
 #ifndef NO_WOLFSSL_STUB
 #define OBJ_create_objects(...)         WC_DO_NOTHING
 #define sk_SSL_COMP_free(...)           WC_DO_NOTHING
 #endif
 
+#define ASN1_OBJECT_new                 wolfSSL_ASN1_OBJECT_new
+#define ASN1_OBJECT_free                wolfSSL_ASN1_OBJECT_free
+#define i2d_ASN1_OBJECT                 wolfSSL_i2d_ASN1_OBJECT
 #define OBJ_dup                         wolfSSL_ASN1_OBJECT_dup
 
 #define SSL_set_psk_use_session_callback    wolfSSL_set_psk_use_session_callback
diff --git a/wolfssl/openssl/stack.h b/wolfssl/openssl/stack.h
index cee7cfc929..fe697c4c63 100644
--- a/wolfssl/openssl/stack.h
+++ b/wolfssl/openssl/stack.h
@@ -1,6 +1,6 @@
 /* stack.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/tls1.h b/wolfssl/openssl/tls1.h
index 843696a5c4..933ed5d093 100644
--- a/wolfssl/openssl/tls1.h
+++ b/wolfssl/openssl/tls1.h
@@ -1,6 +1,6 @@
 /* tls1.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/txt_db.h b/wolfssl/openssl/txt_db.h
index 511235b2cf..b8aa56f24f 100644
--- a/wolfssl/openssl/txt_db.h
+++ b/wolfssl/openssl/txt_db.h
@@ -1,6 +1,6 @@
 /* txt_db.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h
index 9afb8e01c1..eb03578e0c 100644
--- a/wolfssl/openssl/x509.h
+++ b/wolfssl/openssl/x509.h
@@ -1,6 +1,6 @@
 /* x509.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/x509_vfy.h b/wolfssl/openssl/x509_vfy.h
index 025f52678e..8666a53fee 100644
--- a/wolfssl/openssl/x509_vfy.h
+++ b/wolfssl/openssl/x509_vfy.h
@@ -1,6 +1,6 @@
 /* x509_vfy.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h
index 51b4e65554..401f8e83f1 100644
--- a/wolfssl/openssl/x509v3.h
+++ b/wolfssl/openssl/x509v3.h
@@ -1,6 +1,6 @@
 /* x509v3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -137,10 +137,24 @@ WOLFSSL_API WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
 WOLFSSL_API void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ex);
 WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
                                           const WOLFSSL_ASN1_STRING *s);
+WOLFSSL_API int wolfSSL_i2d_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API int wolfSSL_i2d_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API int wolfSSL_i2d_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_GENERALSTRING(
+        WOLFSSL_ASN1_STRING** out, const byte** src, long len);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_OCTET_STRING(
+        WOLFSSL_ASN1_STRING** out, const byte** src, long len);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_UTF8STRING(
+        WOLFSSL_ASN1_STRING** out, const byte** src, long len);
 WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
         WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent);
-WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx,
-        const char *section, WOLFSSL_X509 *cert);
+WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf,
+        WOLFSSL_X509V3_CTX *ctx, const char *section, WOLFSSL_X509 *cert);
 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa);
 
 #define BASIC_CONSTRAINTS_free    wolfSSL_BASIC_CONSTRAINTS_free
diff --git a/wolfssl/options.h.in b/wolfssl/options.h.in
index 63919d63e5..aa94f3ec0e 100644
--- a/wolfssl/options.h.in
+++ b/wolfssl/options.h.in
@@ -1,6 +1,6 @@
 /* options.h.in
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/quic.h b/wolfssl/quic.h
index d4152423db..70ae61c4a5 100644
--- a/wolfssl/quic.h
+++ b/wolfssl/quic.h
@@ -1,6 +1,6 @@
 /* quic.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h
index 3b5f2373ed..3eabd42902 100644
--- a/wolfssl/sniffer.h
+++ b/wolfssl/sniffer.h
@@ -1,6 +1,6 @@
 /* sniffer.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h
index 841241d974..1794ba8979 100644
--- a/wolfssl/sniffer_error.h
+++ b/wolfssl/sniffer_error.h
@@ -1,6 +1,6 @@
 /* sniffer_error.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index d1a88bd5df..90f711589e 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1,6 +1,6 @@
 /* ssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,8 +32,8 @@
 /* for users not using preprocessor flags*/
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/version.h>
+#include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/memory.h>
 #include <wolfssl/wolfcrypt/types.h>
@@ -67,6 +67,15 @@
     #undef OCSP_RESPONSE
 #endif
 
+#ifdef OPENSSL_ALL
+    #ifndef WOLFSSL_HAVE_BIO_ADDR
+    #define WOLFSSL_HAVE_BIO_ADDR
+    #endif
+    #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DTLS_MTU)
+    #define WOLFSSL_DTLS_MTU
+    #endif
+#endif
+
 #ifdef OPENSSL_COEXIST
     /* mode to allow wolfSSL and OpenSSL to exist together */
     #ifdef TEST_OPENSSL_COEXIST
@@ -140,6 +149,7 @@ typedef struct WOLFSSL_CTX      WOLFSSL_CTX;
 
 typedef struct WOLFSSL_STACK      WOLFSSL_STACK;
 typedef struct WOLFSSL_X509       WOLFSSL_X509;
+typedef struct WOLFSSL_X509_ACERT WOLFSSL_X509_ACERT;
 typedef struct WOLFSSL_X509_NAME  WOLFSSL_X509_NAME;
 typedef struct WOLFSSL_X509_NAME_ENTRY  WOLFSSL_X509_NAME_ENTRY;
 typedef struct WOLFSSL_X509_PUBKEY WOLFSSL_X509_PUBKEY;
@@ -199,11 +209,11 @@ typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD;
 typedef struct WOLFSSL_CRL            WOLFSSL_X509_CRL;
 typedef struct WOLFSSL_X509_STORE     WOLFSSL_X509_STORE;
 typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM;
-typedef struct WOLFSSL_BIO            WOLFSSL_BIO;
 typedef struct WOLFSSL_BIO_METHOD     WOLFSSL_BIO_METHOD;
 typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
 typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
 typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
+typedef struct WOLFSSL_ASN1_OTHERNAME OTHERNAME;
 typedef struct WOLFSSL_X509V3_CTX     WOLFSSL_X509V3_CTX;
 typedef struct WOLFSSL_v3_ext_method  WOLFSSL_v3_ext_method;
 typedef struct WOLFSSL_OBJ_NAME       WOLFSSL_OBJ_NAME;
@@ -237,6 +247,9 @@ typedef int (*WOLFSSL_X509_STORE_CTX_check_crl_cb)(WOLFSSL_X509_STORE_CTX *,
 
 struct WOLFSSL_OBJ_NAME {
     int type;
+    int alias;
+    const char *name;
+    const char *data;
 };
 
 struct WOLFSSL_AUTHORITY_KEYID {
@@ -474,7 +487,8 @@ enum BIO_TYPE {
     WOLFSSL_BIO_BIO    = 5,
     WOLFSSL_BIO_FILE   = 6,
     WOLFSSL_BIO_BASE64 = 7,
-    WOLFSSL_BIO_MD     = 8
+    WOLFSSL_BIO_MD     = 8,
+    WOLFSSL_BIO_DGRAM  = 9
 };
 
 enum BIO_FLAGS {
@@ -537,38 +551,6 @@ struct WOLFSSL_BIO_METHOD {
 typedef long (*wolf_bio_info_cb)(WOLFSSL_BIO *bio, int event, const char *parg,
                                  int iarg, long larg, long return_value);
 
-struct WOLFSSL_BIO {
-    WOLFSSL_BUF_MEM* mem_buf;
-    WOLFSSL_BIO_METHOD* method;
-    WOLFSSL_BIO* prev;          /* previous in chain */
-    WOLFSSL_BIO* next;          /* next in chain */
-    WOLFSSL_BIO* pair;          /* BIO paired with */
-    void*        heap;          /* user heap hint */
-    void*        ptr;           /* WOLFSSL, file descriptor, MD, or mem buf */
-    void*        usrCtx;        /* user set pointer */
-    char*        ip;            /* IP address for wolfIO_TcpConnect */
-    word16       port;          /* Port for wolfIO_TcpConnect */
-    char*        infoArg;       /* BIO callback argument */
-    wolf_bio_info_cb infoCb;    /* BIO callback */
-    int          wrSz;          /* write buffer size (mem) */
-    int          wrSzReset;     /* First buffer size (mem) - read ONLY data */
-    int          wrIdx;         /* current index for write buffer */
-    int          rdIdx;         /* current read index */
-    int          readRq;        /* read request */
-    int          num;           /* socket num or length */
-    int          eof;           /* eof flag */
-    int          flags;
-    byte         type;          /* method type */
-    byte         init:1;        /* bio has been initialized */
-    byte         shutdown:1;    /* close flag */
-#ifdef HAVE_EX_DATA
-    WOLFSSL_CRYPTO_EX_DATA ex_data;
-#endif
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
-    wolfSSL_Ref  ref;
-#endif
-};
-
 typedef struct WOLFSSL_COMP_METHOD {
     int type;            /* stunnel dereference */
 } WOLFSSL_COMP_METHOD;
@@ -623,6 +605,7 @@ struct WOLFSSL_X509_STORE {
 #define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1
 #define WOLFSSL_NO_WILDCARDS         0x2
 #define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4
+#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 #define WOLFSSL_USE_CHECK_TIME 0x2
@@ -640,12 +623,13 @@ struct WOLFSSL_X509_STORE {
 #endif
 
 struct WOLFSSL_X509_VERIFY_PARAM {
+    const char    *name;
     time_t         check_time;
     unsigned int   inherit_flags;
     unsigned long  flags;
     char           hostName[WOLFSSL_HOST_NAME_MAX];
-    unsigned int  hostFlags;
-    char ipasc[WOLFSSL_MAX_IPSTR];
+    unsigned int   hostFlags;
+    char           ipasc[WOLFSSL_MAX_IPSTR];
 };
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
@@ -1005,6 +989,8 @@ WOLFSSL_API int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx,
 WOLFSSL_API int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output,
     word32* outputLen);
 
+WOLFSSL_API void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable);
+
 WOLFSSL_API int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64,
     word32 echConfigs64Len);
 
@@ -1013,6 +999,8 @@ WOLFSSL_API int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
 
 WOLFSSL_API int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* echConfigs,
     word32* echConfigsLen);
+
+WOLFSSL_API void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable);
 #endif /* WOLFSSL_TLS13 && HAVE_ECH */
 
 #ifdef HAVE_POLY1305
@@ -1103,6 +1091,8 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(
     WOLFSSL_CTX* ctx, const char* file, const char* path, word32 flags);
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations(
     WOLFSSL_CTX* ctx, const char* file, const char* path);
+WOLFSSL_API int wolfSSL_CTX_load_verify_locations_compat(
+    WOLFSSL_CTX* ctx, const char* file, const char* path);
 #ifndef _WIN32
 WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num);
 #endif /* !_WIN32 */
@@ -1143,6 +1133,7 @@ WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx);
 #ifdef OPENSSL_EXTRA
 WOLFSSL_API int wolfSSL_set_ecdh_auto(WOLFSSL* ssl, int onoff);
 WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff);
+WOLFSSL_API int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff);
 WOLFSSL_API int wolfSSL_get_signature_nid(WOLFSSL* ssl, int* nid);
 WOLFSSL_API int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid);
 WOLFSSL_API int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid);
@@ -1482,10 +1473,18 @@ WOLFSSL_API int   wolfSSL_dtls_free_peer(void* addr);
 WOLFSSL_API int  wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
 WOLFSSL_API int  wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
 
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
 WOLFSSL_API int  wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx);
 WOLFSSL_API int  wolfSSL_dtls_set_sctp(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short);
-WOLFSSL_API int  wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short);
+#endif
+#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
+                                                           defined(WOLFSSL_DTLS)
+WOLFSSL_API int  wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short mtu);
+WOLFSSL_API int  wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short mtu);
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+WOLFSSL_API int  wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu);
+#endif
+#endif
 
 #ifdef WOLFSSL_SRTP
 
@@ -1562,6 +1561,7 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_shallow_sk_dup(WOLFSSL_STACK* sk);
 WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
 WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
+WOLFSSL_API int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx);
 
 #if defined(HAVE_OCSP) || defined(HAVE_CRL) || (defined(WOLFSSL_CUSTOM_OID) && \
     defined(WOLFSSL_ASN_TEMPLATE) && defined(HAVE_OID_DECODING))
@@ -1647,6 +1647,8 @@ WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* a);
 WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free(
         WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk,
         void (*f) (WOLFSSL_X509_EXTENSION*));
+WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(
+        WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void);
 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj);
@@ -1664,7 +1666,7 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_ST
 WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s);
 WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
-                            WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
+                      const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
 WOLFSSL_API int  wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data);
 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
 WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup(
@@ -1728,8 +1730,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)*
         wolfSSL_X509_chain_up_ref(WOLF_STACK_OF(WOLFSSL_X509)* chain);
 #endif
 
-WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port,
-                                     char** path, int* ssl);
+WOLFSSL_API int wolfSSL_OCSP_parse_url(const char* url, char** host,
+        char** port, char** path, int* ssl);
 
 #ifndef NO_BIO
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
@@ -1764,6 +1766,7 @@ WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void);
 WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size);
 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void);
 WOLFSSL_API WOLFSSL_BIO*        wolfSSL_BIO_new_socket(int sfd, int flag);
+WOLFSSL_API WOLFSSL_BIO*        wolfSSL_BIO_new_dgram(int fd, int closeF);
 WOLFSSL_API int         wolfSSL_BIO_eof(WOLFSSL_BIO* b);
 
 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void);
@@ -1812,6 +1815,8 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
 #endif
 WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag);
 WOLFSSL_API void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
+WOLFSSL_API void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd);
+WOLFSSL_API void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr);
 WOLFSSL_API int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b);
 
 #ifndef NO_FILESYSTEM
@@ -1821,6 +1826,7 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag);
 
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
+WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void);
 
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str);
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port);
@@ -1844,6 +1850,10 @@ WOLFSSL_API int  wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b);
 WOLFSSL_API int  wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf);
 WOLFSSL_API int  wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num);
 WOLFSSL_API int  wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
+#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS)
+WOLFSSL_API word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio);
+WOLFSSL_API word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio);
+#endif
 WOLFSSL_API int  wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
 
 WOLFSSL_API int  wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
@@ -1856,7 +1866,14 @@ WOLFSSL_API int wolfSSL_BIO_set_mem_buf(WOLFSSL_BIO* bio, WOLFSSL_BUF_MEM* bufMe
                                         int closeFlag);
 #endif
 WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio);
-#endif
+
+#ifdef WOLFSSL_HAVE_BIO_ADDR
+WOLFSSL_API WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void);
+WOLFSSL_API void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr);
+WOLFSSL_API void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr);
+#endif /* WOLFSSL_HAVE_BIO_ADDR */
+
+#endif /* !NO_BIO */
 
 WOLFSSL_API void        wolfSSL_RAND_screen(void);
 WOLFSSL_API const char* wolfSSL_RAND_file_name(char* fname, unsigned long len);
@@ -1868,9 +1885,14 @@ WOLFSSL_API void        wolfSSL_RAND_Cleanup(void);
 WOLFSSL_API void        wolfSSL_RAND_add(const void* add, int len, double entropy);
 WOLFSSL_API int         wolfSSL_RAND_poll(void);
 
+#ifndef NO_WOLFSSL_STUB
 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void);
 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void);
 WOLFSSL_API int wolfSSL_COMP_add_compression_method(int method, void* data);
+WOLFSSL_API const char *wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp);
+WOLFSSL_API const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl);
+WOLFSSL_API const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl);
+#endif /* !NO_WOLFSSL_STUB */
 
 WOLFSSL_API unsigned long wolfSSL_thread_id(void);
 WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void));
@@ -1948,6 +1970,8 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID(
                                             WOLFSSL_X509* x509, unsigned char* dst, int* dstLen);
 WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
                                             WOLFSSL_X509* x509, unsigned char* dst, int* dstLen);
+WOLFSSL_API const WOLFSSL_ASN1_STRING *wolfSSL_X509_get0_subject_key_id(
+        WOLFSSL_X509 *x509);
 
 WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
 #ifdef WOLFSSL_CERT_REQ
@@ -1996,7 +2020,7 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
 WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn);
 WOLFSSL_API const unsigned char* wolfSSL_ASN1_STRING_get0_data(
                                             const WOLFSSL_ASN1_STRING* asn);
-WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn);
+WOLFSSL_API int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn);
 WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst,
                                                 const WOLFSSL_ASN1_STRING* src);
 WOLFSSL_API int         wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx);
@@ -2024,6 +2048,8 @@ WOLFSSL_API int          wolfSSL_X509_STORE_add_cert(
                                               WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509);
 WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(
         const WOLFSSL_X509_STORE *ctx);
+WOLFSSL_API int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx,
+        WOLFSSL_X509_VERIFY_PARAM *param);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
                                                    WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(
@@ -2061,6 +2087,8 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
         const unsigned char** in, long inSz);
 WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der);
+WOLFSSL_API int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey,
+                                        unsigned char** der);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** pkey,
         const unsigned char ** in, long inSz);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
@@ -2113,6 +2141,10 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip(
        WOLFSSL_X509_VERIFY_PARAM* param, const unsigned char* ip, size_t iplen);
 WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
                                     const WOLFSSL_X509_VERIFY_PARAM* from);
+WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(
+                                                             const char *name);
+WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
+                                         const WOLFSSL_X509_VERIFY_PARAM *from);
 WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
                                               const char *file, int type);
 WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
@@ -2132,7 +2164,7 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(
                                                const unsigned char** in,
                                                long inSz);
 WOLFSSL_API int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a,
-                                         unsigned char** out);
+                                         unsigned char** pp);
 
 WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime);
 
@@ -2440,12 +2472,6 @@ enum {
     OCSP_TRUSTOTHER  = 512,
     OCSP_RESPID_KEY  = 1024,
     OCSP_NOTIME      = 2048,
-
-    /* OCSP Types */
-    OCSP_CERTID   = 2,
-    OCSP_REQUEST  = 4,
-    OCSP_RESPONSE = 8,
-    OCSP_BASICRESP = 16,
 #endif
 
     SSL_ST_CONNECT = 0x1000,
@@ -2580,6 +2606,14 @@ WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
 enum { /* ssl Constants */
     WOLFSSL_ERROR_NONE      =  0,   /* for most functions */
     WOLFSSL_FAILURE         =  0,   /* for some functions */
+
+    #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
+            (defined(BUILDING_WOLFSSL) || \
+             defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
+        #define WOLFSSL_FAILURE WC_ERR_TRACE(WOLFSSL_FAILURE)
+        #define CONST_NUM_ERR_WOLFSSL_FAILURE 0
+    #endif
+
     WOLFSSL_SUCCESS         =  1,
 
 /* WOLFSSL_SHUTDOWN_NOT_DONE is returned by wolfSSL_shutdown and
@@ -2597,16 +2631,6 @@ enum { /* ssl Constants */
     WOLFSSL_SHUTDOWN_NOT_DONE =  2,
 #endif
 
-    WOLFSSL_ALPN_NOT_FOUND  = -9,
-    WOLFSSL_BAD_CERTTYPE    = -8,
-    WOLFSSL_BAD_STAT        = -7,
-    WOLFSSL_BAD_PATH        = -6,
-    WOLFSSL_BAD_FILETYPE    = -5,
-    WOLFSSL_BAD_FILE        = -4,
-    WOLFSSL_NOT_IMPLEMENTED = -3,
-    WOLFSSL_UNKNOWN         = -2,
-    WOLFSSL_FATAL_ERROR     = -1,
-
     WOLFSSL_FILETYPE_ASN1    = CTC_FILETYPE_ASN1,
     WOLFSSL_FILETYPE_PEM     = CTC_FILETYPE_PEM,
     WOLFSSL_FILETYPE_DEFAULT = CTC_FILETYPE_ASN1, /* ASN1 */
@@ -2630,14 +2654,15 @@ enum { /* ssl Constants */
             (WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE |
                     WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP),
 
+    /* These values match OpenSSL values for corresponding names. */
+    WOLFSSL_ERROR_SSL              =  1,
     WOLFSSL_ERROR_WANT_READ        =  2,
     WOLFSSL_ERROR_WANT_WRITE       =  3,
-    WOLFSSL_ERROR_WANT_CONNECT     =  7,
-    WOLFSSL_ERROR_WANT_ACCEPT      =  8,
+    WOLFSSL_ERROR_WANT_X509_LOOKUP =  4,
     WOLFSSL_ERROR_SYSCALL          =  5,
-    WOLFSSL_ERROR_WANT_X509_LOOKUP = 83,
     WOLFSSL_ERROR_ZERO_RETURN      =  6,
-    WOLFSSL_ERROR_SSL              = 85,
+    WOLFSSL_ERROR_WANT_CONNECT     =  7,
+    WOLFSSL_ERROR_WANT_ACCEPT      =  8,
 
     WOLFSSL_SENT_SHUTDOWN     = 1,
     WOLFSSL_RECEIVED_SHUTDOWN = 2,
@@ -2808,6 +2833,8 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a,
 #ifdef OPENSSL_EXTRA
 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
 WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
+WOLFSSL_API int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t,
+        const char *str);
 #endif
 
 WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
@@ -2871,6 +2898,10 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
    date check and signature check */
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
 
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+WOLFSSL_API const char *wolfSSL_get0_peername(WOLFSSL *ssl);
+#endif
+
 /* need to call once to load library (session cache) */
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void);
 /* call when done to cleanup/free session cache mutex / resources  */
@@ -2914,6 +2945,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int
 /* free X509 */
 #define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509))
 WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509* x509);
+
 /* get index cert in PEM */
 WOLFSSL_API int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
                                 unsigned char* buf, int inLen, int* outLen);
@@ -2943,6 +2975,8 @@ WOLFSSL_API WOLFSSL_X509*
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_API WOLFSSL_X509*
     wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
+        const unsigned char** in, int len);
 #endif
 WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
@@ -2971,6 +3005,37 @@ WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl);
 WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
 #endif
 
+#if defined(WOLFSSL_ACERT)
+WOLFSSL_API void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509,
+                                         void* heap);
+WOLFSSL_API void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509);
+#ifndef NO_WOLFSSL_STUB
+WOLFSSL_API int  wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
+                                        WOLFSSL_EVP_PKEY * pkey,
+                                        const WOLFSSL_EVP_MD * md);
+#endif /* !NO_WOLFSSL_STUB */
+WOLFSSL_API int  wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509,
+                                           WOLFSSL_EVP_PKEY* pkey);
+WOLFSSL_API int  wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio,
+                                          WOLFSSL_X509_ACERT* x509_acert);
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
+                                                 const byte ** rawAttr,
+                                                 word32 * rawAttrLen);
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
+                                                      unsigned char* in,
+                                                      int * inOutSz);
+WOLFSSL_API int  wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509);
+WOLFSSL_API long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT *x);
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT* x);
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509,
+                                                  unsigned char* buf,
+                                                  int* bufSz);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT(
+    WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, wc_pem_password_cb *cb, void *u);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format);
+#endif
+
 WOLFSSL_API
 const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const
                                                      WOLFSSL_X509_REVOKED *rev);
@@ -3089,6 +3154,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
             #include <sys/socket.h>
         #elif defined(ARDUINO)
             /* TODO board specific */
+        #elif defined(NUCLEUS_PLUS_2_3)
+            #include "services/sys/uio.h"
         #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)    && \
               !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \
               !defined(WOLFSSL_EMBOS)   && !defined(WOLFSSL_FROSTED)    && \
@@ -3210,18 +3277,6 @@ WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCt
 WOLFSSL_API int   wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, const byte* secret, word32 secretSz);
 
 
-/* I/O Callback default errors */
-enum IOerrors {
-    WOLFSSL_CBIO_ERR_GENERAL    = -1,     /* general unexpected err */
-    WOLFSSL_CBIO_ERR_WANT_READ  = -2,     /* need to call read  again */
-    WOLFSSL_CBIO_ERR_WANT_WRITE = -2,     /* need to call write again */
-    WOLFSSL_CBIO_ERR_CONN_RST   = -3,     /* connection reset */
-    WOLFSSL_CBIO_ERR_ISR        = -4,     /* interrupt */
-    WOLFSSL_CBIO_ERR_CONN_CLOSE = -5,     /* connection closed or epipe */
-    WOLFSSL_CBIO_ERR_TIMEOUT    = -6      /* socket timeout */
-};
-
-
 /* CA cache callbacks */
 enum {
     WOLFSSL_SSLV3    = 0,
@@ -3259,6 +3314,8 @@ WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
 
 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
 typedef void (*CbMissingCRL)(const char* url);
+typedef int  (*crlErrorCb)(int ret, WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm,
+                           void* ctx);
 typedef int  (*CbOCSPIO)(void*, const char*, int,
                                          unsigned char*, int, unsigned char**);
 typedef void (*CbOCSPRespFree)(void*,unsigned char*);
@@ -3667,8 +3724,7 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
     WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm);
     WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER* cm);
 
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
+#ifdef WC_ASN_UNKNOWN_EXT_CB
     WOLFSSL_API void wolfSSL_CertManagerSetUnknownExtCallback(
         WOLFSSL_CERT_MANAGER* cm,
         wc_UnknownExtCallback cb);
@@ -3708,6 +3764,8 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
         const unsigned char* buff, long sz, int type);
     WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm,
         CbMissingCRL cb);
+    WOLFSSL_API int wolfSSL_CertManagerSetCRL_ErrorCb(WOLFSSL_CERT_MANAGER* cm,
+                                                      crlErrorCb cb, void* ctx);
     WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm);
 #ifdef HAVE_CRL_IO
     WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm,
@@ -3751,6 +3809,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
     WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl,
                                           const unsigned char* buff, long sz, int type);
     WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb);
+    WOLFSSL_API int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb,
+                                           void* ctx);
 #ifdef HAVE_CRL_IO
     WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb);
 #endif
@@ -3768,6 +3828,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
     WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx,
                                             const unsigned char* buff, long sz, int type);
     WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb);
+    WOLFSSL_API int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb,
+                                               void* cbCtx);
 #ifdef HAVE_CRL_IO
     WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb);
 #endif
@@ -4046,9 +4108,9 @@ enum {
     WOLFSSL_FFDHE_8192    = 260,
 
 #ifdef HAVE_PQC
-    /* These group numbers were taken from OQS's openssl fork, see:
-     * https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/
-     * oqs-template/oqs-kem-info.md.
+    /* These group numbers were taken from OQS's openssl provider, see:
+     * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/
+     * oqs-kem-info.md.
      *
      * The levels in the group name refer to the claimed NIST level of each
      * parameter set. The associated parameter set name is listed as a comment
@@ -4062,6 +4124,7 @@ enum {
      * algorithms have LEVEL2 and LEVEL4 because none of these submissions
      * included them. */
 
+#ifndef WOLFSSL_ML_KEM
     WOLFSSL_PQC_MIN               = 570,
     WOLFSSL_PQC_SIMPLE_MIN        = 570,
     WOLFSSL_KYBER_LEVEL1          = 570, /* KYBER_512 */
@@ -4075,7 +4138,22 @@ enum {
     WOLFSSL_P521_KYBER_LEVEL5     = 12093,
     WOLFSSL_PQC_HYBRID_MAX        = 12093,
     WOLFSSL_PQC_MAX               = 12093,
-#endif
+#else
+    WOLFSSL_PQC_MIN               = 583,
+    WOLFSSL_PQC_SIMPLE_MIN        = 583,
+    WOLFSSL_KYBER_LEVEL1          = 583, /* ML-KEM 512 */
+    WOLFSSL_KYBER_LEVEL3          = 584, /* ML-KEM 768 */
+    WOLFSSL_KYBER_LEVEL5          = 585, /* ML-KEM 1024 */
+    WOLFSSL_PQC_SIMPLE_MAX        = 585,
+
+    WOLFSSL_PQC_HYBRID_MIN        = 12103,
+    WOLFSSL_P256_KYBER_LEVEL1     = 12103,
+    WOLFSSL_P384_KYBER_LEVEL3     = 12104,
+    WOLFSSL_P521_KYBER_LEVEL5     = 12105,
+    WOLFSSL_PQC_HYBRID_MAX        = 12105,
+    WOLFSSL_PQC_MAX               = 12105,
+#endif /* WOLFSSL_ML_KEM */
+#endif /* HAVE_PQC */
 };
 
 enum {
@@ -4140,7 +4218,25 @@ WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl);
 #ifdef HAVE_SESSION_TICKET
 
 #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER)
-    #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
+    #ifdef WOLFSSL_TICKET_ENC_CBC_HMAC
+        #if defined(WOLFSSL_TICKET_ENC_HMAC_SHA512)
+            #define WOLFSSL_TICKET_ENC_HMAC     WC_HASH_TYPE_SHA512
+            #define WOLFSSL_TICKET_HMAC_KEY_SZ  64
+        #elif defined(WOLFSSL_TICKET_ENC_HMAC_SHA384)
+            #define WOLFSSL_TICKET_ENC_HMAC     WC_HASH_TYPE_SHA384
+            #define WOLFSSL_TICKET_HMAC_KEY_SZ  48
+        #else
+            #define WOLFSSL_TICKET_ENC_HMAC     WC_HASH_TYPE_SHA256
+            #define WOLFSSL_TICKET_HMAC_KEY_SZ  32
+        #endif
+        #ifdef WOLFSSL_TICKET_ENC_AES256_CBC
+            #define WOLFSSL_TICKET_KEY_SZ   \
+                (AES_256_KEY_SIZE + WOLFSSL_TICKET_HMAC_KEY_SZ)
+        #else
+            #define WOLFSSL_TICKET_KEY_SZ   \
+                (AES_128_KEY_SIZE + WOLFSSL_TICKET_HMAC_KEY_SZ)
+        #endif
+    #elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
         !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \
         !defined(WOLFSSL_TICKET_ENC_AES256_GCM)
         #define WOLFSSL_TICKET_KEY_SZ       CHACHA20_POLY1305_AEAD_KEYSIZE
@@ -4171,7 +4267,11 @@ WOLFSSL_API int wolfSSL_send_SessionTicket(WOLFSSL* ssl);
 
 #define WOLFSSL_TICKET_NAME_SZ 16
 #define WOLFSSL_TICKET_IV_SZ   16
-#define WOLFSSL_TICKET_MAC_SZ  32
+#ifndef WOLFSSL_TICKET_ENC_CBC_HMAC
+    #define WOLFSSL_TICKET_MAC_SZ  32
+#else
+    #define WOLFSSL_TICKET_MAC_SZ  WOLFSSL_TICKET_HMAC_KEY_SZ
+#endif
 
 enum TicketEncRet {
     WOLFSSL_TICKET_RET_FATAL  = -1,  /* fatal error, don't use ticket */
@@ -4448,7 +4548,6 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_dup(
         WOLFSSL_X509_EXTENSION* src);
 WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,
                                        WOLFSSL_X509_EXTENSION* ext);
-WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk);
 WOLFSSL_API void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* ext_to_free);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
 #endif
@@ -4819,6 +4918,10 @@ WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit(
                             const WOLFSSL_ASN1_BIT_STRING* str, int i);
 WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit(
                             WOLFSSL_ASN1_BIT_STRING* str, int pos, int val);
+WOLFSSL_API int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bstr,
+        unsigned char** pp);
+WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING(
+        WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len);
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 WOLFSSL_API int  wolfSSL_version(WOLFSSL* ssl);
@@ -4919,6 +5022,11 @@ WOLFSSL_API WOLFSSL_X509_OBJECT* wolfSSL_X509_OBJECT_new(void);
 WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj);
 WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_OBJECT_get0_X509(const WOLFSSL_X509_OBJECT *obj);
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_X509_OBJECT_get0_X509_CRL(WOLFSSL_X509_OBJECT *obj);
+
+WOLFSSL_API WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject(
+        WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *sk,
+        WOLFSSL_X509_LOOKUP_TYPE type,
+        WOLFSSL_X509_NAME *name);
 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@@ -5191,8 +5299,14 @@ WOLFSSL_API void wolfSSL_X509_ALGOR_free(WOLFSSL_X509_ALGOR *alg);
 WOLFSSL_API const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);
 WOLFSSL_API void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const WOLFSSL_X509_ALGOR *algor);
 WOLFSSL_API int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval);
+WOLFSSL_API int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* alg,
+        unsigned char** pp);
+WOLFSSL_API WOLFSSL_X509_ALGOR* wolfSSL_d2i_X509_ALGOR(WOLFSSL_X509_ALGOR** out,
+        const byte** src, long len);
 WOLFSSL_API WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void);
 WOLFSSL_API void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at);
+WOLFSSL_API int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at,
+                                      unsigned char** pp);
 WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_PUBKEY_new(void);
 WOLFSSL_API void wolfSSL_X509_PUBKEY_free(WOLFSSL_X509_PUBKEY *x);
 WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509* x509);
@@ -5207,7 +5321,6 @@ WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a)
 WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
 WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
 WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-WOLFSSL_API const char* wolfSSL_COMP_get_name(const void* comp);
 WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir);
 WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x);
 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p);
diff --git a/wolfssl/test.h b/wolfssl/test.h
index ba4105d3eb..ffff05b6a4 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1,6 +1,6 @@
 /* test.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1099,10 +1099,11 @@ static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr,
         char serialMsg[80];
 
         /* testsuite has multiple threads writing to stdout, get output
-           message ready to write once */
-        strLen = sprintf(serialMsg, " %s", words[3]);
+         * message ready to write once */
+        strLen = XSNPRINTF(serialMsg, sizeof(serialMsg), " %s", words[3]);
         for (i = 0; i < sz; i++)
-            sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
+            strLen = XSNPRINTF(serialMsg + strLen,
+                sizeof(serialMsg) - (size_t)strLen, ":%02x ", serial[i]);
         printf("%s\n", serialMsg);
     }
 
@@ -3349,8 +3350,9 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
         ret = BAD_FUNC_ARG;
     }
 
-#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_FIPS) && \
-                                                         !defined(HAVE_SELFTEST)
+#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
+    !defined(HAVE_SELFTEST)
     if (ret == 0) {
         ret = wc_ecc_set_rng(privKey, wolfSSL_GetRNG(ssl));
     }
@@ -3909,9 +3911,11 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
 {
     enum wc_HashType hashType = WC_HASH_TYPE_NONE;
     WC_RNG           rng;
-    int              ret;
+    int              ret = 0;
     word32           idx = 0;
     RsaKey           myKey;
+    byte*            inBuf = (byte*)in;
+    word32           inBufSz = inSz;
     byte*            keyBuf = (byte*)key;
     PkCbInfo* cbInfo = (PkCbInfo*)ctx;
 
@@ -3949,17 +3953,40 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
     if (ret != 0)
         return ret;
 
-    ret = wc_InitRsaKey(&myKey, NULL);
+    #ifdef TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
+        /* With this defined, RSA-PSS sign callback when used from TLS 1.3
+         * does not hash data before giving to this callback. User must
+         * compute hash themselves. */
+        if (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_3) {
+            inBufSz = wc_HashGetDigestSize(hashType);
+            inBuf = (byte*)XMALLOC(inBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (inBuf == NULL) {
+                ret = MEMORY_E;
+            }
+            if (ret == 0) {
+                ret = wc_Hash(hashType, in, inSz, inBuf, inBufSz);
+            }
+        }
+    #endif
+
+    if (ret == 0) {
+        ret = wc_InitRsaKey(&myKey, NULL);
+    }
     if (ret == 0) {
         ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
         if (ret == 0) {
-            ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey,
-                                 &rng);
+            ret = wc_RsaPSS_Sign(inBuf, inBufSz, out, *outSz, hashType, mgf,
+                                 &myKey, &rng);
         }
         if (ret > 0) {  /* save and convert to 0 success */
             *outSz = (word32) ret;
             ret = 0;
         }
+    #ifdef TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
+        if ((inBuf != NULL) && (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_3)) {
+            XFREE(inBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+    #endif
         wc_FreeRsaKey(&myKey);
     }
     wc_FreeRng(&rng);
@@ -4834,4 +4861,23 @@ void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName);
 
 #define DTLS_CID_BUFFER_SIZE 256
 
+static WC_MAYBE_UNUSED void *mymemmem(const void *haystack, size_t haystacklen,
+                                      const void *needle, size_t needlelen)
+{
+    size_t i, j;
+    const char* h = (const char*)haystack;
+    const char* n = (const char*)needle;
+    if (needlelen > haystacklen)
+        return NULL;
+    for (i = 0; i <= haystacklen - needlelen; i++) {
+        for (j = 0; j < needlelen; j++) {
+            if (h[i + j] != n[j])
+                break;
+        }
+        if (j == needlelen)
+            return (void*)(h + i);
+    }
+    return NULL;
+}
+
 #endif /* wolfSSL_TEST_H */
diff --git a/wolfssl/version.h b/wolfssl/version.h
index 2da6e5e80f..01fd1b683e 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -1,6 +1,6 @@
 /* wolfssl_version.h.in
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/version.h.in b/wolfssl/version.h.in
index 158e00b44a..ed48dcef55 100644
--- a/wolfssl/version.h.in
+++ b/wolfssl/version.h.in
@@ -1,6 +1,6 @@
 /* wolfssl_version.h.in
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index 46687dade9..cf08ec3a5c 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -1,6 +1,6 @@
 /* aes.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -728,6 +728,11 @@ WOLFSSL_API int  wc_AesInit_Label(Aes* aes, const char* label, void* heap,
 WOLFSSL_API void wc_AesFree(Aes* aes);
 
 #ifdef WOLFSSL_AES_SIV
+typedef struct AesSivAssoc {
+    const byte* assoc;
+    word32 assocSz;
+} AesSivAssoc;
+
 WOLFSSL_API
 int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
@@ -736,6 +741,15 @@ WOLFSSL_API
 int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
                      const byte* in, word32 inSz, byte* siv, byte* out);
+
+WOLFSSL_API
+int wc_AesSivEncrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out);
+WOLFSSL_API
+int wc_AesSivDecrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out);
 #endif
 
 #ifdef WOLFSSL_AES_EAX
diff --git a/wolfssl/wolfcrypt/arc4.h b/wolfssl/wolfcrypt/arc4.h
index fe58b10ece..0dc29d3757 100644
--- a/wolfssl/wolfcrypt/arc4.h
+++ b/wolfssl/wolfcrypt/arc4.h
@@ -1,6 +1,6 @@
 /* arc4.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 503c985790..cc7073101c 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -1,6 +1,6 @@
 /* asn.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -76,13 +76,28 @@ that can be serialized and deserialized in a cross-platform way.
 #endif
 
 enum {
-    ISSUER  = 0,
-    SUBJECT = 1,
+    ASN_ISSUER  = 0,
+    ASN_SUBJECT = 1,
 
-    BEFORE  = 0,
-    AFTER   = 1
+    ASN_BEFORE  = 0,
+    ASN_AFTER   = 1
 };
 
+#ifndef NO_ASN_OLD_TYPE_NAMES
+    #ifndef ISSUER
+        #define ISSUER ASN_ISSUER
+    #endif
+    #ifndef SUBJECT
+        #define SUBJECT ASN_SUBJECT
+    #endif
+    #ifndef BEFORE
+        #define BEFORE ASN_BEFORE
+    #endif
+    #ifndef AFTER
+        #define AFTER ASN_AFTER
+    #endif
+#endif
+
 /* ASN Tags   */
 enum ASN_Tags {
     ASN_EOC               = 0x00,
@@ -351,7 +366,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Int8Bit(dataASN, num)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD8;                     \
-        (dataASN)->data.u8  = num;                                     \
+        (dataASN)->data.u8  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a 16-bit number.
@@ -362,7 +377,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Int16Bit(dataASN, num)                                  \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD16;                    \
-        (dataASN)->data.u16 = num;                                     \
+        (dataASN)->data.u16 = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a 32-bit number.
@@ -373,7 +388,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Int32Bit(dataASN, num)                                  \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD32;                    \
-        (dataASN)->data.u32 = num;                                     \
+        (dataASN)->data.u32 = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get data into a buffer of a specific length.
@@ -385,8 +400,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Buffer(dataASN, d, l)                                   \
     do {                                                               \
         (dataASN)->dataType           = ASN_DATA_TYPE_BUFFER;          \
-        (dataASN)->data.buffer.data   = d;                             \
-        (dataASN)->data.buffer.length = l;                             \
+        (dataASN)->data.buffer.data   = (d);                           \
+        (dataASN)->data.buffer.length = (l);                           \
     } while (0)
 
 /* Setup ASN data item to check parsed data against expected buffer.
@@ -398,8 +413,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_ExpBuffer(dataASN, d, l)                                \
     do {                                                               \
         (dataASN)->dataType        = ASN_DATA_TYPE_EXP_BUFFER;         \
-        (dataASN)->data.ref.data   = d;                                \
-        (dataASN)->data.ref.length = l;                                \
+        (dataASN)->data.ref.data   = (d);                              \
+        (dataASN)->data.ref.length = (l);                              \
     } while (0)
 
 /* Setup ASN data item to get a number into an mp_int.
@@ -410,7 +425,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_MP(dataASN, num)                                        \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP;                        \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a number into an mp_int that is initialized.
@@ -421,7 +436,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_MP_Inited(dataASN, num)                                 \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP_INITED;                 \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a positive or negative number into an mp_int.
@@ -432,7 +447,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_MP_PosNeg(dataASN, num)                                 \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP_POS_NEG;                \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to be a choice of tags.
@@ -443,7 +458,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Choice(dataASN, options)                                \
     do {                                                               \
         (dataASN)->dataType    = ASN_DATA_TYPE_CHOICE;                 \
-        (dataASN)->data.choice = options;                              \
+        (dataASN)->data.choice = (options);                            \
     } while (0)
 
 /* Setup ASN data item to get a boolean value.
@@ -454,7 +469,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Boolean(dataASN, num)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_NONE;                      \
-        (dataASN)->data.u8  = num;                                     \
+        (dataASN)->data.u8  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to be a an OID of a specific type.
@@ -463,7 +478,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
  * @param [in] oidType  Type of OID to expect.
  */
 #define GetASN_OID(dataASN, oidType)                                   \
-    (dataASN)->data.oid.type = oidType
+    (dataASN)->data.oid.type = (oidType)
 
 /* Get the data and length from an ASN data item.
  *
@@ -509,7 +524,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_Boolean(dataASN, val)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_NONE;                      \
-        (dataASN)->data.u8  = val;                                     \
+        (dataASN)->data.u8  = (val);                                   \
     } while (0)
 
 /* Setup an ASN data item to set an 8-bit number.
@@ -520,7 +535,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_Int8Bit(dataASN, num)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD8;                     \
-        (dataASN)->data.u8  = num;                                     \
+        (dataASN)->data.u8  = (num);                                   \
     } while (0)
 
 /* Setup an ASN data item to set a 16-bit number.
@@ -531,7 +546,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_Int16Bit(dataASN, num)                                  \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD16;                    \
-        (dataASN)->data.u16 = num;                                     \
+        (dataASN)->data.u16 = (num);                                   \
     } while (0)
 
 /* Setup an ASN data item to set the data in a buffer.
@@ -542,8 +557,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
  */
 #define SetASN_Buffer(dataASN, d, l)                                   \
     do {                                                               \
-        (dataASN)->data.buffer.data   = d;                             \
-        (dataASN)->data.buffer.length = l;                             \
+        (dataASN)->data.buffer.data   = (d);                           \
+        (dataASN)->data.buffer.length = (word32)(l);                   \
     } while (0)
 
 /* Setup an ASN data item to set the DER encode data in a buffer.
@@ -555,8 +570,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_ReplaceBuffer(dataASN, d, l)                            \
     do {                                                               \
         (dataASN)->dataType           = ASN_DATA_TYPE_REPLACE_BUFFER;  \
-        (dataASN)->data.buffer.data   = d;                             \
-        (dataASN)->data.buffer.length = l;                             \
+        (dataASN)->data.buffer.data   = (d);                           \
+        (dataASN)->data.buffer.length = (l);                           \
     } while (0)
 
 /* Setup an ASN data item to set an muli-precision number.
@@ -567,7 +582,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_MP(dataASN, num)                                        \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP;                        \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup an ASN data item to set an OID based on id and type.
@@ -784,7 +799,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
  * Any certificate containing more than this number of subject
  * alternative names will cause an error when attempting to parse. */
 #ifndef WOLFSSL_MAX_ALT_NAMES
-#define WOLFSSL_MAX_ALT_NAMES 128
+#define WOLFSSL_MAX_ALT_NAMES 1024
 #endif
 
 /* Maximum number of allowed name constraints in a certificate.
@@ -864,6 +879,10 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
 #define NID_X9_62_prime_field 406        /* 1.2.840.10045.1.1 */
 #endif /* OPENSSL_EXTRA */
 
+#define NID_id_GostR3410_2001     811
+#define NID_id_GostR3410_2012_256 979
+#define NID_id_GostR3410_2012_512 980
+
 enum ECC_TYPES
 {
     ECC_PREFIX_0 = 160,
@@ -1399,10 +1418,10 @@ struct DNS_entry {
     int        type;   /* i.e. ASN_DNS_TYPE */
     int        len;    /* actual DNS len */
     char*      name;   /* actual DNS name */
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
     char*      ipString; /* human readable form of IP address */
 #endif
-#if defined(OPENSSL_ALL)
+#ifdef WOLFSSL_RID_ALT_NAME
     char*      ridString; /* human readable form of registeredID */
 #endif
 
@@ -1641,10 +1660,12 @@ typedef struct TrustedPeerCert TrustedPeerCert;
 typedef struct SignatureCtx SignatureCtx;
 typedef struct CertSignCtx  CertSignCtx;
 
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
+#ifdef WC_ASN_UNKNOWN_EXT_CB
 typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit,
                                      const unsigned char* der, word32 derSz);
+typedef int (*wc_UnknownExtCallbackEx)(const word16* oid, word32 oidSz,
+                                       int crit, const unsigned char* der,
+                                       word32 derSz, void *ctx);
 #endif
 
 struct DecodedCert {
@@ -1692,7 +1713,7 @@ struct DecodedCert {
     word32  extensionsIdx;           /* if want to go back and parse later */
     const byte* extAuthInfo;         /* Authority Information Access URI */
     int     extAuthInfoSz;           /* length of the URI                */
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+#ifdef WOLFSSL_ASN_CA_ISSUER
     const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */
     int     extAuthInfoCaIssuerSz;   /* length of the caIssuer URI         */
 #endif
@@ -1703,7 +1724,9 @@ struct DecodedCert {
     const byte* extCrlInfo;          /* CRL Distribution Points          */
     int     extCrlInfoSz;            /* length of the URI                */
     byte    extSubjKeyId[KEYID_SIZE]; /* Subject Key ID                  */
+    word32  extSubjKeyIdSz;
     byte    extAuthKeyId[KEYID_SIZE]; /* Authority Key ID                */
+    word32  extAuthKeyIdSz;
 #ifdef WOLFSSL_AKID_NAME
     const byte* extAuthKeyIdIssuer;  /* Authority Key ID authorityCertIssuer */
     word32  extAuthKeyIdIssuerSz;    /* Authority Key ID authorityCertIssuer length */
@@ -1730,9 +1753,7 @@ struct DecodedCert {
     word32  extRawAuthKeyIdSz;
 #endif
     const byte* extAuthKeyIdSrc;
-    word32  extAuthKeyIdSz;
     const byte* extSubjKeyIdSrc;
-    word32  extSubjKeyIdSz;
 #endif
 #ifdef OPENSSL_ALL
     const byte* extSubjAltNameSrc;
@@ -1782,7 +1803,7 @@ struct DecodedCert {
     char*   subjectSN;
     int     subjectSNLen;
     char    subjectSNEnc;
-    #ifdef WOLFSSL_CERT_NAME_ALL
+#ifdef WOLFSSL_CERT_NAME_ALL
     char*   subjectN;
     int     subjectNLen;
     char    subjectNEnc;
@@ -1795,7 +1816,7 @@ struct DecodedCert {
     char*   subjectDNQ;
     int     subjectDNQLen;
     char    subjectDNQEnc;
-    #endif /*WOLFSSL_CERT_NAME_ALL */
+#endif /* WOLFSSL_CERT_NAME_ALL */
     char*   subjectC;
     int     subjectCLen;
     char    subjectCEnc;
@@ -1860,12 +1881,12 @@ struct DecodedCert {
     char*   issuerEmail;
     int     issuerEmailLen;
 #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
-#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
+#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
     void* issuerName;
     void* subjectName;
-#endif /* OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 #ifdef WOLFSSL_SEP
     int     deviceTypeSz;
     byte*   deviceType;
@@ -1940,7 +1961,7 @@ struct DecodedCert {
     byte extSubjAltNameSet : 1;
     byte inhibitAnyOidSet : 1;
     byte selfSigned : 1;           /* Indicates subject and issuer are same */
-#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+#ifdef WOLFSSL_SEP
     byte extCertPolicySet : 1;
 #endif
     byte extCRLdistCrit : 1;
@@ -1966,7 +1987,7 @@ struct DecodedCert {
     byte extAltSigAlgSet : 1;
     byte extAltSigValSet : 1;
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
-#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+#ifdef WOLFSSL_SEP
     byte extCertPolicyCrit : 1;
 #endif
 #ifdef WOLFSSL_CERT_REQ
@@ -1975,9 +1996,10 @@ struct DecodedCert {
 #ifdef HAVE_RPK
     byte isRPK : 1;   /* indicate the cert is Raw-Public-Key cert in RFC7250 */
 #endif
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
+#ifdef WC_ASN_UNKNOWN_EXT_CB
     wc_UnknownExtCallback unknownExtCallback;
+    wc_UnknownExtCallbackEx unknownExtCallbackEx;
+    void *unknownExtCallbackExCtx;
 #endif
 #ifdef WOLFSSL_DUAL_ALG_CERTS
     /* Subject Alternative Public Key Info */
@@ -2016,7 +2038,7 @@ struct Signer {
 #ifndef IGNORE_NAME_CONSTRAINTS
         Base_entry* permittedNames;
         Base_entry* excludedNames;
-#endif /* IGNORE_NAME_CONSTRAINTS */
+#endif /* !IGNORE_NAME_CONSTRAINTS */
     byte    subjectNameHash[SIGNER_DIGEST_SIZE];
                                      /* sha hash of names in certificate */
     #if defined(HAVE_OCSP) || defined(HAVE_CRL)
@@ -2117,15 +2139,16 @@ typedef enum MimeStatus
 } MimeStatus;
 #endif /* HAVE_SMIME */
 
-
 WOLFSSL_LOCAL int HashIdAlg(word32 oidSum);
 WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
 WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash,
     int hashAlg);
 WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
 
-WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
+#ifdef ASN_BER_TO_DER
+WOLFSSL_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
                                 word32* derSz);
+#endif
 WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz,
     byte* out, word32* outSz, word32* idx);
 
@@ -2143,10 +2166,12 @@ WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert* cert);
 WOLFSSL_ASN_API int  ParseCert(DecodedCert* cert, int type, int verify,
                                void* cm);
 
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
-WOLFSSL_ASN_API int wc_SetUnknownExtCallback(DecodedCert* cert,
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+WOLFSSL_API int wc_SetUnknownExtCallback(DecodedCert* cert,
                                              wc_UnknownExtCallback cb);
+WOLFSSL_API int wc_SetUnknownExtCallbackEx(DecodedCert* cert,
+                                               wc_UnknownExtCallbackEx cb,
+                                               void *ctx);
 #endif
 
 WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in,
@@ -2158,7 +2183,7 @@ WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SMALL_CERT_VERIFY)
     WOLFSSL_API int wc_CheckCertSignature(const byte* cert, word32 certSz,
                                           void* heap, void* cm);
-    /* Depricated public API name kept for backwards build compatibility */
+    /* Deprecated public API name kept for backwards build compatibility */
     #define CheckCertSignature(cert, certSz, heap, cm) \
         wc_CheckCertSignature(cert, certSz, heap, cm)
 
@@ -2216,6 +2241,9 @@ WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx,
                                       word32 length);
 WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx,
                                          word32 length, word32* algId);
+WOLFSSL_LOCAL int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx,
+                                          word32 length, word32* algId,
+                                          word32* eccOid);
 WOLFSSL_LOCAL int ToTraditionalEnc(byte* input, word32 sz, const char* password,
                      int passwordSz, word32* algId);
 WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out,
@@ -2233,8 +2261,7 @@ WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID,
         word32* oidSz, int* algoID, void* heap);
 
 typedef struct tm wolfssl_tm;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#ifdef WOLFSSL_ASN_TIME_STRING
 WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
 #endif
 #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
@@ -2260,10 +2287,12 @@ WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number,
                               word32 maxIdx);
 
 WOLFSSL_LOCAL const char* GetSigName(int oid);
-WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
-                           word32 maxIdx);
+WOLFSSL_ASN_API int GetLength(const byte* input, word32* inOutIdx, int* len,
+                              word32 maxIdx);
 WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
                            word32 maxIdx, int check);
+WOLFSSL_LOCAL int GetASNHeader(const byte* input, byte tag, word32* inOutIdx,
+                               int* len, word32 maxIdx);
 WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
                              word32 maxIdx);
 WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
@@ -2301,8 +2330,11 @@ WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
                               word32 oidType, word32 maxIdx);
 WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
                            word32 oidType, word32 maxIdx);
-WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
-                            word32 inputSz);
+WOLFSSL_LOCAL int GetAlgoIdEx(const byte* input, word32* inOutIdx, word32* oid,
+                     word32 oidType, word32 maxIdx, byte *absentParams);
+WOLFSSL_ASN_API int GetASNTag(const byte* input, word32* idx, byte* tag,
+                              word32 inputSz);
+WOLFSSL_LOCAL int GetASN_BitString(const byte* input, word32 idx, int length);
 
 WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output);
 WOLFSSL_LOCAL word32 SetASNSequence(word32 len, byte* output);
@@ -2314,6 +2346,8 @@ WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output);
 
 WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
 WOLFSSL_LOCAL word32 SetLengthEx(word32 length, byte* output, byte isIndef);
+WOLFSSL_LOCAL word32 SetHeader(byte tag, word32 len, byte* output,
+                               byte isIndef);
 WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
 WOLFSSL_LOCAL word32 SetSequenceEx(word32 len, byte* output, byte isIndef);
 WOLFSSL_LOCAL word32 SetIndefEnd(byte* output);
@@ -2327,6 +2361,8 @@ WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output,
     byte isIndef);
 WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
 WOLFSSL_API word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz);
+WOLFSSL_LOCAL word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz,
+                                byte absentParams);
 WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
 WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
     word32 outputSz, int maxSnSz);
@@ -2401,13 +2437,12 @@ WOLFSSL_LOCAL int AllocCopyDer(DerBuffer** der, const unsigned char* buff,
     word32 length, int type, void* heap);
 WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
 
-#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
-    (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
+#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE
 WOLFSSL_LOCAL int ParseKeyUsageStr(const char* value, word16* keyUsage,
         void* heap);
 WOLFSSL_LOCAL int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage,
         void* heap);
-#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */
+#endif
 
 #endif /* !NO_CERTS */
 
@@ -2499,8 +2534,7 @@ struct CertStatus {
     byte nextDate[MAX_DATE_SIZE];
     byte thisDateFormat;
     byte nextDateFormat;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     WOLFSSL_ASN1_TIME thisDateParsed;
     WOLFSSL_ASN1_TIME nextDateParsed;
     byte* thisDateAsn;
@@ -2585,10 +2619,6 @@ struct OcspRequest {
     int    serialSz;
 #ifdef OPENSSL_EXTRA
     WOLFSSL_ASN1_INTEGER* serialInt;
-#endif
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
-    defined(HAVE_LIGHTY)
     void* cid; /* WOLFSSL_OCSP_CERTID kept to free */
 #endif
     byte*  url;      /* copy of the extAuthInfo in source cert */
@@ -2677,9 +2707,56 @@ WOLFSSL_LOCAL int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl,
                            const byte* buff, word32 sz, int verify, void* cm);
 WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);
 
-
 #endif /* HAVE_CRL */
 
+#if defined(WOLFSSL_ACERT)
+/* Minimal structure for x509 attribute certificate (rfc 5755).
+ *
+ * The attributes field is not parsed, but is stored as raw buffer.
+ *
+ * */
+struct DecodedAcert {
+    word32       certBegin; /* Offset to start of acert. */
+    word32       sigIndex; /* Offset to start of signature. */
+    word32       sigLength; /* Signature length. */
+    word32       signatureOID; /* Sum of algorithm object id. */
+#ifdef WC_RSA_PSS
+    word32       sigParamsIndex; /* start of signature parameters */
+    word32       sigParamsLength; /* length of signature parameters */
+#endif
+    const byte * signature; /* Not owned, points into raw acert.  */
+    const byte * source; /* Byte buffer holding acert, NOT owned. */
+    word32       srcIdx; /* Current offset into buffer. */
+    word32       maxIdx; /* Max allowed offset. Set in init. */
+    void *       heap; /* For user memory overrides. */
+    int          version; /* attribute cert version. */
+    byte         serial[EXTERNAL_SERIAL_SIZE];  /* Raw serial number. */
+    int          serialSz;
+    const byte * beforeDate; /* Before and After dates. */
+    int          beforeDateLen;
+    const byte * afterDate;
+    int          afterDateLen;
+    byte         holderSerial[EXTERNAL_SERIAL_SIZE];
+    int          holderSerialSz;
+    DNS_entry *  holderEntityName;  /* Holder entityName from ACERT */
+    DNS_entry *  holderIssuerName;  /* Holder issuerName from ACERT */
+    DNS_entry *  AttCertIssuerName; /* AttCertIssuer name from ACERT */
+    const byte * rawAttr; /* Not owned, points into raw acert. */
+    word32       rawAttrLen;
+    SignatureCtx sigCtx;
+};
+
+typedef struct DecodedAcert DecodedAcert;
+
+WOLFSSL_LOCAL void InitDecodedAcert(DecodedAcert* acert,
+                                    const byte* source, word32 inSz,
+                                    void* heap);
+WOLFSSL_LOCAL void FreeDecodedAcert(DecodedAcert * acert);
+WOLFSSL_LOCAL int  ParseX509Acert(DecodedAcert* cert, int verify);
+WOLFSSL_LOCAL int  VerifyX509Acert(const byte* cert, word32 certSz,
+                                   const byte* pubKey, word32 pubKeySz,
+                                   int pubKeyOID, void * heap);
+#endif /* WOLFSSL_ACERT */
 
 #ifdef __cplusplus
     } /* extern "C" */
@@ -2739,7 +2816,9 @@ enum PBESTypes {
 
     PBES2              = 13,       /* algo ID */
     PBES1_MD5_DES      = 3,
-    PBES1_SHA1_DES     = 10
+    PBES1_SHA1_DES     = 10,
+
+    PBE_NONE           = 999
 };
 
 enum PKCSTypes {
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index f233004a36..83ef40eb46 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -1,6 +1,6 @@
 /* asn_public.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -148,6 +148,7 @@ enum CertType {
     CA_TYPE,
     ECC_PRIVATEKEY_TYPE,
     DSA_PRIVATEKEY_TYPE,
+    ACERT_TYPE,
     CERTREQ_TYPE,
     DSA_TYPE,
     ECC_TYPE,
@@ -177,7 +178,8 @@ enum CertType {
     SPHINCS_SMALL_LEVEL3_TYPE,
     SPHINCS_SMALL_LEVEL5_TYPE,
     ECC_PARAM_TYPE,
-    CHAIN_CERT_TYPE
+    CHAIN_CERT_TYPE,
+    PKCS7_TYPE
 };
 
 
@@ -360,7 +362,6 @@ typedef struct WOLFSSL_ASN1_INTEGER {
 #endif
 #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
 
-#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 #ifdef WOLFSSL_MULTI_ATTRIB
 #ifndef CTC_MAX_ATTRIB
     #define CTC_MAX_ATTRIB 4
@@ -374,7 +375,6 @@ typedef struct NameAttrib {
     char value[CTC_NAME_SIZE];   /* name */
 } NameAttrib;
 #endif /* WOLFSSL_MULTI_ATTRIB */
-#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef WOLFSSL_CUSTOM_OID
 typedef struct CertOidField {
diff --git a/wolfssl/wolfcrypt/blake2-impl.h b/wolfssl/wolfcrypt/blake2-impl.h
index 2cdbf40101..1a0db320e7 100644
--- a/wolfssl/wolfcrypt/blake2-impl.h
+++ b/wolfssl/wolfcrypt/blake2-impl.h
@@ -12,7 +12,7 @@
 */
 /* blake2-impl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/blake2-int.h b/wolfssl/wolfcrypt/blake2-int.h
index 0ad625ee67..b048ca5e89 100644
--- a/wolfssl/wolfcrypt/blake2-int.h
+++ b/wolfssl/wolfcrypt/blake2-int.h
@@ -12,7 +12,7 @@
 */
 /* blake2-int.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/blake2.h b/wolfssl/wolfcrypt/blake2.h
index 1c62e643af..1f4ac77f10 100644
--- a/wolfssl/wolfcrypt/blake2.h
+++ b/wolfssl/wolfcrypt/blake2.h
@@ -1,6 +1,6 @@
 /* blake2.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/camellia.h b/wolfssl/wolfcrypt/camellia.h
index 928312354d..bdba23bc90 100644
--- a/wolfssl/wolfcrypt/camellia.h
+++ b/wolfssl/wolfcrypt/camellia.h
@@ -27,7 +27,7 @@
 
 /* camellia.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h
index 6c9577b110..42e71aee57 100644
--- a/wolfssl/wolfcrypt/chacha.h
+++ b/wolfssl/wolfcrypt/chacha.h
@@ -1,6 +1,6 @@
 /* chacha.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -82,7 +82,8 @@ typedef struct ChaCha {
     byte extra[12];
 #endif
     word32 left;                            /* number of bytes leftover */
-#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM)
+#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM) || \
+    defined(WOLFSSL_RISCV_ASM)
     word32 over[CHACHA_CHUNK_WORDS];
 #endif
 } ChaCha;
@@ -96,16 +97,26 @@ WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
 WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
                               word32 msglen);
 
-WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx);
-
 WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz);
 
 #ifdef HAVE_XCHACHA
+WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx);
+
 WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz,
                                   const byte *nonce, word32 nonceSz,
                                   word32 counter);
 #endif
 
+#if defined(WOLFSSL_ARMASM) && defined(__thumb__)
+void wc_chacha_setiv(word32* x, const byte* iv, word32 counter);
+void wc_chacha_setkey(word32* x, const byte* key, word32 keySz);
+void wc_chacha_use_over(byte* over, byte* output, const byte* input,
+    word32 len);
+void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len);
+
+#endif
+
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/chacha20_poly1305.h b/wolfssl/wolfcrypt/chacha20_poly1305.h
index 6c04912a03..929a1a640e 100644
--- a/wolfssl/wolfcrypt/chacha20_poly1305.h
+++ b/wolfssl/wolfcrypt/chacha20_poly1305.h
@@ -1,6 +1,6 @@
 /* chacha20_poly1305.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h
index a92e83207c..015a9a0a63 100644
--- a/wolfssl/wolfcrypt/cmac.h
+++ b/wolfssl/wolfcrypt/cmac.h
@@ -1,6 +1,6 @@
 /* cmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h
index e0aecc6282..5aef5b1151 100644
--- a/wolfssl/wolfcrypt/coding.h
+++ b/wolfssl/wolfcrypt/coding.h
@@ -1,6 +1,6 @@
 /* coding.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/compress.h b/wolfssl/wolfcrypt/compress.h
index a4efc7809e..2886b2be89 100644
--- a/wolfssl/wolfcrypt/compress.h
+++ b/wolfssl/wolfcrypt/compress.h
@@ -1,6 +1,6 @@
 /* compress.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/cpuid.h b/wolfssl/wolfcrypt/cpuid.h
index 9d25dcf327..c91b628b5b 100644
--- a/wolfssl/wolfcrypt/cpuid.h
+++ b/wolfssl/wolfcrypt/cpuid.h
@@ -1,6 +1,6 @@
 /* cpuid.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h
index 29580eaa6a..4ec42ecbb3 100644
--- a/wolfssl/wolfcrypt/cryptocb.h
+++ b/wolfssl/wolfcrypt/cryptocb.h
@@ -1,6 +1,6 @@
 /* cryptocb.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -75,7 +75,7 @@
     #include <wolfssl/wolfcrypt/kyber.h>
 #ifdef WOLFSSL_WC_KYBER
     #include <wolfssl/wolfcrypt/wc_kyber.h>
-#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
+#elif defined(HAVE_LIBOQS)
     #include <wolfssl/wolfcrypt/ext_kyber.h>
 #endif
 #endif
@@ -118,6 +118,9 @@ typedef struct wc_CryptoInfo {
                 int         type;
                 RsaKey*     key;
                 WC_RNG*     rng;
+            #ifdef WOLF_CRYPTO_CB_RSA_PAD
+                RsaPadding *padding;
+            #endif
             } rsa;
         #ifdef WOLFSSL_KEY_GEN
             struct {
@@ -481,6 +484,11 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info);
 WOLFSSL_LOCAL int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
     word32* outLen, int type, RsaKey* key, WC_RNG* rng);
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+WOLFSSL_LOCAL int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
+    word32* outLen, int type, RsaKey* key, WC_RNG* rng, RsaPadding *padding);
+#endif
+
 #ifdef WOLFSSL_KEY_GEN
 WOLFSSL_LOCAL int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e,
     WC_RNG* rng);
diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h
index 3b25a9dfa5..4d6d90da45 100644
--- a/wolfssl/wolfcrypt/curve25519.h
+++ b/wolfssl/wolfcrypt/curve25519.h
@@ -1,6 +1,6 @@
 /* curve25519.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h
index aa00e1021e..75df9e2fb3 100644
--- a/wolfssl/wolfcrypt/curve448.h
+++ b/wolfssl/wolfcrypt/curve448.h
@@ -1,6 +1,6 @@
 /* curve448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h
index d5b1232126..78a51640bb 100644
--- a/wolfssl/wolfcrypt/des3.h
+++ b/wolfssl/wolfcrypt/des3.h
@@ -1,6 +1,6 @@
 /* des3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -134,9 +134,16 @@ WOLFSSL_API int  wc_Des_EcbEncrypt(Des* des, byte* out,
 WOLFSSL_API int wc_Des3_EcbEncrypt(Des3* des, byte* out,
                                    const byte* in, word32 sz);
 
+#ifdef FREESCALE_MMCAU /* Has separate encrypt/decrypt functions */
+WOLFSSL_API int wc_Des_EcbDecrypt(Des* des, byte* out,
+                                   const byte* in, word32 sz);
+WOLFSSL_API int wc_Des3_EcbDecrypt(Des3* des, byte* out,
+                                   const byte* in, word32 sz);
+#else
 /* ECB decrypt same process as encrypt but with decrypt key */
 #define wc_Des_EcbDecrypt  wc_Des_EcbEncrypt
 #define wc_Des3_EcbDecrypt wc_Des3_EcbEncrypt
+#endif
 
 WOLFSSL_API int  wc_Des3_SetKey(Des3* des, const byte* key,
                                 const byte* iv,int dir);
diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h
index 93e8475367..865baa3ebe 100644
--- a/wolfssl/wolfcrypt/dh.h
+++ b/wolfssl/wolfcrypt/dh.h
@@ -1,6 +1,6 @@
 /* dh.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -151,6 +151,9 @@ WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
 WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
                        const byte* priv, word32 privSz, const byte* otherPub,
                        word32 pubSz);
+WOLFSSL_API int wc_DhAgree_ct(DhKey* key, byte* agree, word32* agreeSz,
+                       const byte* priv, word32 privSz, const byte* otherPub,
+                       word32 pubSz);
 
 WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
                            word32 inSz); /* wc_DhKeyDecode is in asn.c */
diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h
index 8b336cf0de..7f30679e59 100644
--- a/wolfssl/wolfcrypt/dilithium.h
+++ b/wolfssl/wolfcrypt/dilithium.h
@@ -1,6 +1,6 @@
 /* dilithium.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -197,8 +197,8 @@
 #define PARAMS_ML_DSA_44_ETA            DILITHIUM_ETA_2
 /* Number of bits in private key for ML-DSA-44. */
 #define PARAMS_ML_DSA_44_ETA_BITS       DILITHIUM_ETA_2_BITS
-/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-44. */
-#define PARAMS_ML_DSA_44_LAMBDA         16
+/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_LAMBDA         128
 /* # +/-1's in polynomial c, TAU, for ML-DSA-44. */
 #define PARAMS_ML_DSA_44_TAU            39
 /* BETA = TAU * ETA for ML-DSA-44. */
@@ -242,7 +242,7 @@
     (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * DILITHIUM_N * DILITHIUM_U / 8)
 /* Encoding size of signature in bytes for ML-DSA-44. */
 #define PARAMS_ML_DSA_44_SIG_SIZE       \
-    ((PARAMS_ML_DSA_44_LAMBDA * 2) +    \
+    ((PARAMS_ML_DSA_44_LAMBDA / 4) +    \
      PARAMS_ML_DSA_44_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \
      PARAMS_ML_DSA_44_OMEGA + PARAMS_ML_DSA_44_K)
 
@@ -258,8 +258,8 @@
 #define PARAMS_ML_DSA_65_ETA            DILITHIUM_ETA_4
 /* Number of bits in private key for ML-DSA-65. */
 #define PARAMS_ML_DSA_65_ETA_BITS       DILITHIUM_ETA_4_BITS
-/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-65. */
-#define PARAMS_ML_DSA_65_LAMBDA         24
+/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_LAMBDA         192
 /* # +/-1's in polynomial c, TAU, for ML-DSA-65. */
 #define PARAMS_ML_DSA_65_TAU            49
 /* BETA = TAU * ETA for ML-DSA-65. */
@@ -303,7 +303,7 @@
     (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * DILITHIUM_N * DILITHIUM_U / 8)
 /* Encoding size of signature in bytes for ML-DSA-65. */
 #define PARAMS_ML_DSA_65_SIG_SIZE       \
-    ((PARAMS_ML_DSA_65_LAMBDA * 2) +    \
+    ((PARAMS_ML_DSA_65_LAMBDA / 4) +    \
      PARAMS_ML_DSA_65_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \
      PARAMS_ML_DSA_65_OMEGA + PARAMS_ML_DSA_65_K)
 
@@ -319,8 +319,8 @@
 #define PARAMS_ML_DSA_87_ETA            DILITHIUM_ETA_2
 /* Number of bits in private key for ML-DSA-87. */
 #define PARAMS_ML_DSA_87_ETA_BITS       DILITHIUM_ETA_2_BITS
-/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-87. */
-#define PARAMS_ML_DSA_87_LAMBDA         32
+/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_LAMBDA         256
 /* # +/-1's in polynomial c, TAU, for ML-DSA-87. */
 #define PARAMS_ML_DSA_87_TAU            60
 /* BETA = TAU * ETA for ML-DSA-87. */
@@ -365,7 +365,7 @@
     (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * DILITHIUM_N * DILITHIUM_U / 8)
 /* Encoding size of signature in bytes for ML-DSA-87. */
 #define PARAMS_ML_DSA_87_SIG_SIZE       \
-    ((PARAMS_ML_DSA_87_LAMBDA * 2) +    \
+    ((PARAMS_ML_DSA_87_LAMBDA / 4) +    \
      PARAMS_ML_DSA_87_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \
      PARAMS_ML_DSA_87_OMEGA + PARAMS_ML_DSA_87_K)
 
@@ -384,6 +384,9 @@
 /* Maximum count of elements of a vector with dimension L. */
 #define DILITHIUM_MAX_L_VECTOR_COUNT     \
     (PARAMS_ML_DSA_87_L * DILITHIUM_N)
+/* Maximum count of elements of a matrix with dimension KxL. */
+#define DILITHIUM_MAX_MATRIX_COUNT        \
+    (PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_N)
 
 #elif !defined(WOLFSSL_NO_ML_DSA_65)
 
@@ -398,6 +401,9 @@
 /* Maximum count of elements of a vector with dimension L. */
 #define DILITHIUM_MAX_L_VECTOR_COUNT     \
     (PARAMS_ML_DSA_65_L * DILITHIUM_N)
+/* Maximum count of elements of a matrix with dimension KxL. */
+#define DILITHIUM_MAX_MATRIX_COUNT        \
+    (PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_N)
 
 #else
 
@@ -412,6 +418,9 @@
 /* Maximum count of elements of a vector with dimension L. */
 #define DILITHIUM_MAX_L_VECTOR_COUNT     \
     (PARAMS_ML_DSA_44_L * DILITHIUM_N)
+/* Maximum count of elements of a matrix with dimension KxL. */
+#define DILITHIUM_MAX_MATRIX_COUNT        \
+    (PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_N)
 
 #endif
 
@@ -511,7 +520,7 @@ typedef struct wc_dilithium_params {
     byte tau;
     byte beta;
     byte omega;
-    byte lambda;
+    word16 lambda;
     byte gamma1_bits;
     word32 gamma2;
     word32 w1EncSz;
@@ -531,6 +540,8 @@ struct dilithium_key {
     byte prvKeySet;
     byte level; /* 2,3 or 5 */
 
+    void* heap; /* heap hint */
+
 #ifdef WOLF_CRYPTO_CB
     void* devCtx;
     int   devId;
@@ -553,6 +564,7 @@ struct dilithium_key {
 #ifdef WOLFSSL_WC_DILITHIUM
     const wc_dilithium_params* params;
     wc_Shake shake;
+#ifndef WC_DILITHIUM_FIXED_ARRAY
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
     sword32* a;
     byte aSet;
@@ -567,6 +579,22 @@ struct dilithium_key {
     sword32* t1;
     byte pubVecSet;
 #endif
+#else
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+    sword32 a[DILITHIUM_MAX_MATRIX_COUNT];
+    byte aSet;
+#endif
+#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+    sword32 s1[DILITHIUM_MAX_L_VECTOR_COUNT];
+    sword32 s2[DILITHIUM_MAX_K_VECTOR_COUNT];
+    sword32 t0[DILITHIUM_MAX_K_VECTOR_COUNT];
+    byte privVecsSet;
+#endif
+#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+    sword32 t1[DILITHIUM_MAX_K_VECTOR_COUNT];
+    byte pubVecSet;
+#endif
+#endif
 #if defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && \
     defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)
     sword32 z[DILITHIUM_MAX_L_VECTOR_COUNT];
@@ -574,6 +602,9 @@ struct dilithium_key {
     sword32 w[DILITHIUM_N];
     sword32 t1[DILITHIUM_N];
     byte w1e[DILITHIUM_MAX_W1_ENC_SZ];
+#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+    sword64 t64[DILITHIUM_N];
+#endif
     byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE];
     byte block[DILITHIUM_GEN_C_BLOCK_BYTES];
 #endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC &&
@@ -595,15 +626,38 @@ WOLFSSL_API
 int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed);
 
 WOLFSSL_API
-int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out,
-    word32 *outLen, dilithium_key* key, WC_RNG* rng);
+int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
+    word32* sigLen, dilithium_key* key, WC_RNG* rng);
+WOLFSSL_API
+int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng);
+WOLFSSL_API
+int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
+    const byte* hash, word32 hashLen, byte* sig, word32* sigLen,
+    dilithium_key* key, WC_RNG* rng);
+WOLFSSL_API
+int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen, dilithium_key* key, const byte* seed);
+WOLFSSL_API
+int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed);
 WOLFSSL_API
-int wc_dilithium_sign_msg_with_seed(const byte* in, word32 inLen, byte* out,
-    word32 *outLen, dilithium_key* key, byte* seed);
+int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
+    int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed);
 #endif
 WOLFSSL_API
 int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
     word32 msgLen, int* res, dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
+    word32 ctxLen, const byte* msg, word32 msgLen, int* res,
+    dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
+    const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash,
+    word32 hashLen, int* res, dilithium_key* key);
 
 WOLFSSL_API
 int wc_dilithium_init(dilithium_key* key);
@@ -684,11 +738,13 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
 WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input,
     word32* inOutIdx, dilithium_key* key, word32 inSz);
 #endif
+#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
 #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
 WOLFSSL_API int wc_Dilithium_PublicKeyDecode(const byte* input,
     word32* inOutIdx, dilithium_key* key, word32 inSz);
 #endif
 
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
 #ifdef WC_ENABLE_ASYM_KEY_EXPORT
 WOLFSSL_API int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output,
     word32 inLen, int withAlg);
diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h
index d5ae3a4f82..1e92fd5ed2 100644
--- a/wolfssl/wolfcrypt/dsa.h
+++ b/wolfssl/wolfcrypt/dsa.h
@@ -1,6 +1,6 @@
 /* dsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 4a198a6b0d..ba8c88b882 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -1,6 +1,6 @@
 /* ecc.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -595,6 +595,7 @@ struct ecc_key {
 #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
     defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
     byte deterministic:1;
+    enum wc_HashType hashType;
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK)
@@ -640,8 +641,15 @@ WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key* key);
 
 
 /* ECC predefined curve sets  */
-extern const ecc_set_type ecc_sets[];
-extern const size_t ecc_sets_count;
+#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+    extern const ecc_set_type ecc_sets[];
+    extern const size_t ecc_sets_count;
+#else
+    WOLFSSL_API const ecc_set_type *wc_ecc_get_sets(void);
+    WOLFSSL_API size_t wc_ecc_get_sets_count(void);
+    #define ecc_sets wc_ecc_get_sets()
+    #define ecc_sets_count wc_ecc_get_sets_count()
+#endif
 
 WOLFSSL_API
 const char* wc_ecc_get_name(int curve_id);
@@ -719,6 +727,9 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
 WOLFSSL_API
 int wc_ecc_set_deterministic(ecc_key* key, byte flag);
 WOLFSSL_API
+int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag,
+        enum wc_HashType hashType);
+WOLFSSL_API
 int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
         enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order,
         void* heap);
@@ -759,7 +770,7 @@ WOLFSSL_API
 int wc_ecc_set_flags(ecc_key* key, word32 flags);
 WOLFSSL_ABI WOLFSSL_API
 void wc_ecc_fp_free(void);
-WOLFSSL_LOCAL
+WOLFSSL_API
 void wc_ecc_fp_init(void);
 WOLFSSL_API
 int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
diff --git a/wolfssl/wolfcrypt/eccsi.h b/wolfssl/wolfcrypt/eccsi.h
index 8e0124ccad..72f9c70637 100644
--- a/wolfssl/wolfcrypt/eccsi.h
+++ b/wolfssl/wolfcrypt/eccsi.h
@@ -1,6 +1,6 @@
 /* eccsi.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h
index efba65020b..ff3b26cb0c 100644
--- a/wolfssl/wolfcrypt/ed25519.h
+++ b/wolfssl/wolfcrypt/ed25519.h
@@ -1,6 +1,6 @@
 /* ed25519.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ed448.h b/wolfssl/wolfcrypt/ed448.h
index 5884bda131..1d12da87ae 100644
--- a/wolfssl/wolfcrypt/ed448.h
+++ b/wolfssl/wolfcrypt/ed448.h
@@ -1,6 +1,6 @@
 /* ed448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index dbe0553e51..3f188f7444 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -1,6 +1,6 @@
 /* error-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,10 +37,25 @@ the error status.
     extern "C" {
 #endif
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H
+#include <wolfssl/debug-untrace-error-codes.h>
+#endif
 
 /* error codes, add string for new errors !!! */
-enum {
-    MAX_CODE_E         = -100,  /* errors -101 - -299 */
+enum wolfCrypt_ErrorCodes {
+    /* note that WOLFSSL_FATAL_ERROR is defined as -1 in error-ssl.h, for
+     * reasons of backward compatibility.
+     */
+
+    MAX_CODE_E         =  -96,  /* errors -97 - -299 */
+    WC_FIRST_E         =  -97,  /* errors -97 - -299 */
+
+    MP_MEM             =  -97,  /* MP dynamic memory allocation failed. */
+    MP_VAL             =  -98,  /* MP value passed is not able to be used. */
+    MP_WOULDBLOCK      =  -99,  /* MP non-blocking operation is returning after
+                                 * partial completion. */
+    MP_NOT_INF         = -100,  /* MP point not at infinity */
+
     OPEN_RAN_E         = -101,  /* opening random device error */
     READ_RAN_E         = -102,  /* reading random device error */
     WINCRYPT_E         = -103,  /* windows crypt init error */
@@ -276,13 +291,12 @@ enum {
     SM4_CCM_AUTH_E      = -299,  /* SM4-CCM Authentication check failure */
 
     WC_LAST_E           = -299,  /* Update this to indicate last error */
-    MIN_CODE_E          = -300   /* errors -101 - -299 */
+    MIN_CODE_E          = -300   /* errors -2 - -299 */
 
     /* add new companion error id strings for any new error codes
        wolfcrypt/src/error.c !!! */
 };
 
-
 #ifdef NO_ERROR_STRINGS
     #define wc_GetErrorString(error) "no support for error strings built in"
     #define wc_ErrorString(err, buf) \
@@ -294,16 +308,35 @@ WOLFSSL_API void wc_ErrorString(int err, char* buff);
 WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error);
 #endif
 
-#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && !defined(BUILDING_WOLFSSL)
-    #undef WOLFSSL_DEBUG_TRACE_ERROR_CODES
-#endif
-#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
+        (defined(BUILDING_WOLFSSL) || \
+         defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
+    WOLFSSL_API extern void wc_backtrace_render(void);
     #define WC_NO_ERR_TRACE(label) (CONST_NUM_ERR_ ## label)
+    #ifndef WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE
+        #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+            #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE wc_backtrace_render()
+        #else
+            #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE (void)0
+        #endif
+    #endif
     #ifndef WC_ERR_TRACE
+        #ifdef NO_STDIO_FILESYSTEM
+        #define WC_ERR_TRACE(label)                           \
+            ( printf("ERR TRACE: %s L %d %s (%d)\n",          \
+                      __FILE__, __LINE__, #label, label),     \
+              WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE,          \
+              label                                           \
+            )
+        #else
         #define WC_ERR_TRACE(label)                           \
             ( fprintf(stderr,                                 \
-                      "ERR TRACE: %s L %d " #label " (%d)\n", \
-                      __FILE__, __LINE__, label), label)
+                      "ERR TRACE: %s L %d %s (%d)\n",         \
+                      __FILE__, __LINE__, #label, label),     \
+              WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE,          \
+              label                                           \
+            )
+        #endif
     #endif
     #include <wolfssl/debug-trace-error-codes.h>
 #else
diff --git a/wolfssl/wolfcrypt/ext_kyber.h b/wolfssl/wolfcrypt/ext_kyber.h
index 0ea7108b1b..6e7f6908ec 100644
--- a/wolfssl/wolfcrypt/ext_kyber.h
+++ b/wolfssl/wolfcrypt/ext_kyber.h
@@ -1,6 +1,6 @@
 /* ext_kyber.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,8 +29,8 @@
 #ifdef WOLFSSL_HAVE_KYBER
 #include <wolfssl/wolfcrypt/kyber.h>
 
-#if !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4)
-#error "This code requires liboqs or pqm4"
+#if !defined(HAVE_LIBOQS)
+#error "This code requires liboqs"
 #endif
 
 #if defined(WOLFSSL_WC_KYBER)
@@ -41,15 +41,6 @@
     #include <oqs/kem.h>
     #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_kyber_1024_length_secret_key
     #define EXT_KYBER_MAX_PUB_SZ  OQS_KEM_kyber_1024_length_public_key
-#elif defined(HAVE_PQM4)
-    #include "api_kyber.h"
-    #define PQM4_PUBLIC_KEY_LENGTH    CRYPTO_PUBLICKEYBYTES
-    #define PQM4_PRIVATE_KEY_LENGTH   CRYPTO_SECRETKEYBYTES
-    #define PQM4_SHARED_SECRET_LENGTH CRYPTO_BYTES
-    #define PQM4_CIPHERTEXT_LENGTH    CRYPTO_CIPHERTEXTBYTES
-
-    #define EXT_KYBER_MAX_PRIV_SZ PQM4_PRIVATE_KEY_LENGTH
-    #define EXT_KYBER_MAX_PUB_SZ  PQM4_PUBLIC_KEY_LENGTH
 #endif
 
 struct KyberKey {
diff --git a/wolfssl/wolfcrypt/ext_lms.h b/wolfssl/wolfcrypt/ext_lms.h
index fae812fd1a..41203351cf 100644
--- a/wolfssl/wolfcrypt/ext_lms.h
+++ b/wolfssl/wolfcrypt/ext_lms.h
@@ -1,6 +1,6 @@
 /* ext_lms.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,12 +22,9 @@
 #ifndef EXT_LMS_H
 #define EXT_LMS_H
 
-#ifdef WOLFSSL_HAVE_LMS
-#include <wolfssl/wolfcrypt/lms.h>
+#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS)
 
-#if !defined(HAVE_LIBLMS)
-#error "This code requires liblms"
-#endif
+#include <wolfssl/wolfcrypt/lms.h>
 
 /* hash-sigs LMS HSS includes */
 #include <hss.h>
diff --git a/wolfssl/wolfcrypt/ext_xmss.h b/wolfssl/wolfcrypt/ext_xmss.h
index 5f51bf54dd..cb041bcb6e 100644
--- a/wolfssl/wolfcrypt/ext_xmss.h
+++ b/wolfssl/wolfcrypt/ext_xmss.h
@@ -1,6 +1,6 @@
 /* ext_xmss.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,12 +22,9 @@
 #ifndef EXT_XMSS_H
 #define EXT_XMSS_H
 
-#ifdef WOLFSSL_HAVE_XMSS
-#include <wolfssl/wolfcrypt/xmss.h>
+#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS)
 
-#if !defined(HAVE_LIBXMSS)
-    #error "This code requires libxmss"
-#endif
+#include <wolfssl/wolfcrypt/xmss.h>
 
 #include <xmss.h>
 #include <params.h>
diff --git a/wolfssl/wolfcrypt/falcon.h b/wolfssl/wolfcrypt/falcon.h
index 9d4bff8bef..a103034bc2 100644
--- a/wolfssl/wolfcrypt/falcon.h
+++ b/wolfssl/wolfcrypt/falcon.h
@@ -1,6 +1,6 @@
 /* falcon.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/fe_448.h b/wolfssl/wolfcrypt/fe_448.h
index c925d7da42..09ff15025e 100644
--- a/wolfssl/wolfcrypt/fe_448.h
+++ b/wolfssl/wolfcrypt/fe_448.h
@@ -1,6 +1,6 @@
 /* fe448_448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h
index 8a1cab7fe9..23928f26b0 100644
--- a/wolfssl/wolfcrypt/fe_operations.h
+++ b/wolfssl/wolfcrypt/fe_operations.h
@@ -1,6 +1,6 @@
 /* fe_operations.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h
index 452e651eb4..6523753497 100644
--- a/wolfssl/wolfcrypt/fips_test.h
+++ b/wolfssl/wolfcrypt/fips_test.h
@@ -1,6 +1,6 @@
 /* fips_test.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -114,6 +114,13 @@ WOLFSSL_API int wc_RunCast_fips(int type);
 WOLFSSL_API int wc_GetCastStatus_fips(int type);
 WOLFSSL_API int wc_RunAllCast_fips(void);
 
+#ifdef NO_ATTRIBUTE_CONSTRUCTOR
+    /* NOTE: Must be called in OS initialization section outside user control
+     * and must prove during operational testing/code review with the lab that
+     * this is outside user-control if called by the OS */
+    void fipsEntry(void);
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/ge_448.h b/wolfssl/wolfcrypt/ge_448.h
index 38ac71a2fe..bbdb0674d4 100644
--- a/wolfssl/wolfcrypt/ge_448.h
+++ b/wolfssl/wolfcrypt/ge_448.h
@@ -1,6 +1,6 @@
 /* ge_448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ge_operations.h b/wolfssl/wolfcrypt/ge_operations.h
index 0c6ce8dd63..75d4b07f94 100644
--- a/wolfssl/wolfcrypt/ge_operations.h
+++ b/wolfssl/wolfcrypt/ge_operations.h
@@ -1,6 +1,6 @@
 /* ge_operations.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -112,7 +112,6 @@ typedef struct {
   ge Z;
   ge T2d;
 } ge_cached;
-#endif /* !ED25519_SMALL */
 
 #ifdef CURVED25519_ASM
 void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
@@ -124,6 +123,7 @@ void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
 void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
 void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
 #endif
+#endif /* !ED25519_SMALL */
 
 #ifdef __cplusplus
     }    /* extern "C" */
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index 27b1423780..2f7de32d0d 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -1,6 +1,6 @@
 /* hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h
index 0d0844e1fc..98270ee7ba 100644
--- a/wolfssl/wolfcrypt/hmac.h
+++ b/wolfssl/wolfcrypt/hmac.h
@@ -1,6 +1,6 @@
 /* hmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/hpke.h b/wolfssl/wolfcrypt/hpke.h
index 432f574da8..6e406ba05d 100644
--- a/wolfssl/wolfcrypt/hpke.h
+++ b/wolfssl/wolfcrypt/hpke.h
@@ -1,6 +1,6 @@
 /* hpke.h
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
index 3979c67441..d091946c0c 100644
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -116,7 +116,9 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
-                         wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
+                         wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
+                         wolfssl/wolfcrypt/port/maxim/max3266x.h \
+                         wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h
 
 if BUILD_CRYPTOAUTHLIB
 nobase_include_HEADERS+= wolfssl/wolfcrypt/port/atmel/atmel.h
diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h
index 243d3f0d13..927a1f6c21 100644
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -1,6 +1,6 @@
 /* integer.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,6 +42,8 @@
 
 #else
 
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/random.h>
 
 #ifndef CHAR_BIT
@@ -162,9 +164,6 @@ extern "C" {
 #define MP_NEG        1   /* negative */
 
 #define MP_OKAY       0   /* ok result */
-#define MP_MEM       (-2) /* out of mem */
-#define MP_VAL       (-3) /* invalid input */
-#define MP_NOT_INF   (-4) /* point not at infinity */
 #define MP_RANGE      MP_NOT_INF
 
 #define MP_YES        1   /* yes response */
@@ -223,6 +222,9 @@ typedef int           mp_err;
     #define WOLF_BIGINT_DEFINED
 #endif
 
+#define mp_size_t int
+#define mp_sign_t int
+
 /* the mp_int structure */
 typedef struct mp_int {
     int used, alloc, sign;
diff --git a/wolfssl/wolfcrypt/kdf.h b/wolfssl/wolfcrypt/kdf.h
index ad107e5e52..1e731ebc63 100644
--- a/wolfssl/wolfcrypt/kdf.h
+++ b/wolfssl/wolfcrypt/kdf.h
@@ -1,6 +1,6 @@
 /* kdf.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/kyber.h b/wolfssl/wolfcrypt/kyber.h
index 8e9a7b3e49..93b502223a 100644
--- a/wolfssl/wolfcrypt/kyber.h
+++ b/wolfssl/wolfcrypt/kyber.h
@@ -1,6 +1,6 @@
 /* kyber.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -213,6 +213,58 @@ WOLFSSL_API int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out,
 WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out,
     word32 len);
 
+
+
+#define WC_ML_KEM_512_K                     KYBER512_K
+#define WC_ML_KEM_512_PUBLIC_KEY_SIZE       KYBER512_PUBLIC_KEY_SIZE
+#define wC_ML_KEM_512_PRIVATE_KEY_SIZE      KYBER512_PRIVATE_KEY_SIZE
+#define wC_ML_KEM_512_CIPHER_TEXT_SIZE      KYBER512_CIPHER_TEXT_SIZE
+
+#define WC_ML_KEM_768_K                     KYBER768_K
+#define WC_ML_KEM_768_PUBLIC_KEY_SIZE       KYBER768_PUBLIC_KEY_SIZE
+#define wC_ML_KEM_768_PRIVATE_KEY_SIZE      KYBER768_PRIVATE_KEY_SIZE
+#define wC_ML_KEM_768_CIPHER_TEXT_SIZE      KYBER768_CIPHER_TEXT_SIZE
+
+#define WC_ML_KEM_1024_K                    KYBER1024_K
+#define WC_ML_KEM_1024_PUBLIC_KEY_SIZE      KYBER1024_PUBLIC_KEY_SIZE
+#define wC_ML_KEM_1024_PRIVATE_KEY_SIZE     KYBER1024_PRIVATE_KEY_SIZE
+#define wC_ML_KEM_1024_CIPHER_TEXT_SIZE     KYBER1024_CIPHER_TEXT_SIZE
+
+#define WC_ML_KEM_MAX_K                     KYBER_MAX_K
+#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE      KYBER_MAX_PRIVATE_KEY_SIZE
+#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE       KYBER_MAX_PUBLIC_KEY_SIZE
+#define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE      KYBER_MAX_CIPHER_TEXT_SIZE
+
+#define WC_ML_KEM_512       KYBER512
+#define WC_ML_KEM_768       KYBER768
+#define WC_ML_KEM_1024      KYBER1024
+
+#define WC_ML_KEM_SYM_SZ            KYBER_SYM_SZ
+#define WC_ML_KEM_SS_SZ             KYBER_SS_SZ
+#define WC_ML_KEM_MAKEKEY_RAND_SZ   KYBER_MAKEKEY_RAND_SZ
+#define WC_ML_KEM_ENC_RAND_SZ       KYBER_ENC_RAND_SZ
+#define WC_ML_KEM_POLY_SIZE         KYBER_POLY_SIZE
+
+#define MlKemKey            KyberKey
+
+#define wc_MlKemKey_Init(key, type, heap, devId) \
+        wc_KyberKey_Init(type, key, heap, devId)
+#define wc_MlKemKey_Free                    wc_KyberKey_Free
+#define wc_MlKemKey_MakeKey                 wc_KyberKey_MakeKey
+#define wc_MlKemKey_MakeKeyWithRandom       wc_KyberKey_MakeKeyWithRandom
+#define wc_MlKemKey_CipherTextSize          wc_KyberKey_CipherTextSize
+#define wc_MlKemKey_SharedSecretSize        wc_KyberKey_SharedSecretSize
+#define wc_MlKemKey_Encapsulate             wc_KyberKey_Encapsulate
+#define wc_MlKemKey_EncapsulateWithRandom   wc_KyberKey_EncapsulateWithRandom
+#define wc_MlKemKey_Decapsulate             wc_KyberKey_Encapsulate
+#define wc_MlKemKey_DecodePrivateKey        wc_KyberKey_DecodePrivateKey
+#define wc_MlKemKey_DecodePublicKey         wc_KyberKey_DecodePublicKey
+#define wc_MlKemKey_PrivateKeySize          wc_KyberKey_PrivateKeySize
+#define wc_MlKemKey_PublicKeySize           wc_KyberKey_PublicKeySize
+#define wc_MlKemKey_EncodePrivateKey        wc_KyberKey_EncodePrivateKey
+#define wc_MlKemKey_EncodePublicKey         wc_KyberKey_EncodePublicKey
+
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/lms.h b/wolfssl/wolfcrypt/lms.h
index fe87388f26..45c64e002b 100644
--- a/wolfssl/wolfcrypt/lms.h
+++ b/wolfssl/wolfcrypt/lms.h
@@ -1,6 +1,6 @@
 /* lms.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h
index d17f834c4e..7d349fecea 100644
--- a/wolfssl/wolfcrypt/logging.h
+++ b/wolfssl/wolfcrypt/logging.h
@@ -1,6 +1,6 @@
 /* logging.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/md2.h b/wolfssl/wolfcrypt/md2.h
index e326a4d791..fe927561c5 100644
--- a/wolfssl/wolfcrypt/md2.h
+++ b/wolfssl/wolfcrypt/md2.h
@@ -1,6 +1,6 @@
 /* md2.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/md4.h b/wolfssl/wolfcrypt/md4.h
index f367cde627..c4bd266a26 100644
--- a/wolfssl/wolfcrypt/md4.h
+++ b/wolfssl/wolfcrypt/md4.h
@@ -1,6 +1,6 @@
 /* md4.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h
index 6506be9894..c19f6c15f7 100644
--- a/wolfssl/wolfcrypt/md5.h
+++ b/wolfssl/wolfcrypt/md5.h
@@ -1,6 +1,6 @@
 /* md5.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/mem_track.h b/wolfssl/wolfcrypt/mem_track.h
index c6d81633de..b45bf2388a 100644
--- a/wolfssl/wolfcrypt/mem_track.h
+++ b/wolfssl/wolfcrypt/mem_track.h
@@ -1,6 +1,6 @@
 /* mem_track.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h
index 31b6a28f5e..481f8aa796 100644
--- a/wolfssl/wolfcrypt/memory.h
+++ b/wolfssl/wolfcrypt/memory.h
@@ -1,6 +1,6 @@
 /* memory.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h
index 9761d686a2..cc068db441 100644
--- a/wolfssl/wolfcrypt/misc.h
+++ b/wolfssl/wolfcrypt/misc.h
@@ -1,6 +1,6 @@
 /* misc.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -145,6 +145,7 @@ WOLFSSL_LOCAL word32 w64GetLow32(w64wrapper n);
 WOLFSSL_LOCAL word32 w64GetHigh32(w64wrapper n);
 WOLFSSL_LOCAL void w64SetLow32(w64wrapper *n, word32 low);
 WOLFSSL_LOCAL w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap);
+WOLFSSL_LOCAL w64wrapper w64Add(w64wrapper a, w64wrapper b, byte *wrap);
 WOLFSSL_LOCAL w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap);
 WOLFSSL_LOCAL byte w64GT(w64wrapper a, w64wrapper b);
 WOLFSSL_LOCAL byte w64IsZero(w64wrapper a);
@@ -157,6 +158,7 @@ WOLFSSL_LOCAL w64wrapper w64Sub(w64wrapper a, w64wrapper b);
 WOLFSSL_LOCAL void w64Zero(w64wrapper *a);
 WOLFSSL_LOCAL w64wrapper w64ShiftRight(w64wrapper a, int shift);
 WOLFSSL_LOCAL w64wrapper w64ShiftLeft(w64wrapper a, int shift);
+WOLFSSL_LOCAL w64wrapper w64Mul(word32 a, word32 b);
 
 #else /* !NO_INLINE */
 
diff --git a/wolfssl/wolfcrypt/mpi_class.h b/wolfssl/wolfcrypt/mpi_class.h
index 0736d6f8f3..831fae35ca 100644
--- a/wolfssl/wolfcrypt/mpi_class.h
+++ b/wolfssl/wolfcrypt/mpi_class.h
@@ -1,6 +1,6 @@
 /* mpi_class.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/mpi_superclass.h b/wolfssl/wolfcrypt/mpi_superclass.h
index abfac6af5e..f27f61a2a3 100644
--- a/wolfssl/wolfcrypt/mpi_superclass.h
+++ b/wolfssl/wolfcrypt/mpi_superclass.h
@@ -1,6 +1,6 @@
 /* mpi_superclass.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/pkcs11.h b/wolfssl/wolfcrypt/pkcs11.h
index c754784022..7a53710b6f 100644
--- a/wolfssl/wolfcrypt/pkcs11.h
+++ b/wolfssl/wolfcrypt/pkcs11.h
@@ -1,6 +1,6 @@
 /* pkcs11.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -138,14 +138,22 @@ extern "C" {
 #define CKA_HAS_RESET                         0x00000302UL
 
 #define CKM_RSA_PKCS_KEY_PAIR_GEN             0x00000000UL
+#define CKM_RSA_PKCS                          0x00000001UL
 #define CKM_RSA_X_509                         0x00000003UL
+#define CKM_RSA_PKCS_OAEP                     0x00000009UL
+#define CKM_RSA_PKCS_PSS                      0x0000000DUL
 #define CKM_DH_PKCS_KEY_PAIR_GEN              0x00000020UL
 #define CKM_DH_PKCS_DERIVE                    0x00000021UL
 #define CKM_MD5_HMAC                          0x00000211UL
+#define CKM_SHA_1                             0x00000220UL
 #define CKM_SHA_1_HMAC                        0x00000221UL
+#define CKM_SHA256                            0x00000250UL
 #define CKM_SHA256_HMAC                       0x00000251UL
+#define CKM_SHA224                            0x00000255UL
 #define CKM_SHA224_HMAC                       0x00000256UL
+#define CKM_SHA384                            0x00000260UL
 #define CKM_SHA384_HMAC                       0x00000261UL
+#define CKM_SHA512                            0x00000270UL
 #define CKM_SHA512_HMAC                       0x00000271UL
 #define CKM_GENERIC_SECRET_KEY_GEN            0x00000350UL
 #define CKM_EC_KEY_PAIR_GEN                   0x00001040UL
@@ -156,12 +164,26 @@ extern "C" {
 #define CKM_AES_CBC                           0x00001082UL
 #define CKM_AES_GCM                           0x00001087UL
 
+/* full data RSA PK callbacks */
+#define CKM_SHA1_RSA_PKCS_PSS                 0x0000000EUL
+#define CKM_SHA256_RSA_PKCS_PSS               0x00000043UL
+#define CKM_SHA384_RSA_PKCS_PSS               0x00000044UL
+#define CKM_SHA512_RSA_PKCS_PSS               0x00000045UL
+#define CKM_SHA224_RSA_PKCS_PSS               0x00000047UL
+
+#define CKG_MGF1_SHA1 0x00000001UL
+#define CKG_MGF1_SHA224 0x00000005UL
+#define CKG_MGF1_SHA256 0x00000002UL
+#define CKG_MGF1_SHA384 0x00000003UL
+#define CKG_MGF1_SHA512 0x00000004UL
+
+
 #define CKR_OK                                0x00000000UL
 #define CKR_MECHANISM_INVALID                 0x00000070UL
 #define CKR_SIGNATURE_INVALID                 0x000000C0UL
 
 #define CKD_NULL                              0x00000001UL
-
+#define CKZ_DATA_SPECIFIED                    0x00000001UL
 
 typedef unsigned char     CK_BYTE;
 typedef CK_BYTE           CK_CHAR;
@@ -339,6 +361,26 @@ typedef struct CK_GCM_PARAMS {
 } CK_GCM_PARAMS;
 typedef CK_GCM_PARAMS* CK_GCM_PARAMS_PTR;
 
+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
+
+typedef struct CK_RSA_PKCS_PSS_PARAMS {
+    CK_MECHANISM_TYPE hashAlg;
+    CK_RSA_PKCS_MGF_TYPE mgf;
+    CK_ULONG sLen;
+} CK_RSA_PKCS_PSS_PARAMS;
+typedef CK_RSA_PKCS_PSS_PARAMS *CK_RSA_PKCS_PSS_PARAMS_PTR;
+
+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
+
+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
+    CK_MECHANISM_TYPE hashAlg;
+    CK_RSA_PKCS_MGF_TYPE mgf;
+    CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
+    CK_VOID_PTR pSourceData;
+    CK_ULONG ulSourceDataLen;
+} CK_RSA_PKCS_OAEP_PARAMS;
+typedef CK_RSA_PKCS_OAEP_PARAMS *CK_RSA_PKCS_OAEP_PARAMS_PTR;
+
 /* Function list types. */
 typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
 typedef CK_FUNCTION_LIST* CK_FUNCTION_LIST_PTR;
@@ -538,4 +580,3 @@ struct CK_FUNCTION_LIST {
 #endif
 
 #endif /* _PKCS11_H_ */
-
diff --git a/wolfssl/wolfcrypt/pkcs12.h b/wolfssl/wolfcrypt/pkcs12.h
index dc06c9df25..d7bf967d8a 100644
--- a/wolfssl/wolfcrypt/pkcs12.h
+++ b/wolfssl/wolfcrypt/pkcs12.h
@@ -1,6 +1,6 @@
 /* pkcs12.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h
index 2af117dcb9..0a4631997f 100644
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -1,6 +1,6 @@
 /* pkcs7.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -345,6 +345,10 @@ struct PKCS7 {
     word32 plainDigestSz;
     word32 pkcs7DigestSz;
 
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    wc_UnknownExtCallback unknownExtCallback;
+#endif
+
 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
     CallbackRsaSignRawDigest rsaSignRawDigestCb;
 #endif
@@ -354,10 +358,23 @@ struct PKCS7 {
     word32 cachedEncryptedContentSz;
     word16 contentCRLF:1; /* have content line endings been converted to CRLF */
     word16 contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */
+    word16 hashParamsAbsent:1;
+
+    /* RFC 5280 section-4.2.1.2 lists a possible method for creating the SKID as
+     * a SHA1 hash of the public key, but leaves it open to other methods as
+     * long as it is a unique ID. This allows for setting a custom SKID when
+     * creating PKCS7 bundles*/
+    byte* customSKID;
+    word16 customSKIDSz;
+
     /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
 };
 
 WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7,
+        wc_UnknownExtCallback cb);
+#endif
 WOLFSSL_API int  wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
 WOLFSSL_API int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
 WOLFSSL_API int  wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz);
@@ -378,6 +395,8 @@ WOLFSSL_API int  wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
                                        word32 outputSz);
 
 /* CMS/PKCS#7 SignedData */
+WOLFSSL_API int  wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, const byte* in,
+                                        word16 inSz);
 WOLFSSL_API int  wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag);
 WOLFSSL_API int  wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7);
 WOLFSSL_API int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag);
diff --git a/wolfssl/wolfcrypt/poly1305.h b/wolfssl/wolfcrypt/poly1305.h
index cc312546e3..bcc48a6298 100644
--- a/wolfssl/wolfcrypt/poly1305.h
+++ b/wolfssl/wolfcrypt/poly1305.h
@@ -1,6 +1,6 @@
 /* poly1305.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -57,7 +57,7 @@
 
 #if defined(USE_INTEL_POLY1305_SPEEDUP)
 #elif (defined(WC_HAS_SIZEOF_INT128_64BIT) || defined(WC_HAS_MSVC_64BIT) ||  \
-       defined(WC_HAS_GCC_4_4_64BIT))
+       defined(WC_HAS_GCC_4_4_64BIT)) && !defined(WOLFSSL_W64_WRAPPER_TEST)
 #define POLY130564
 #else
 #define POLY130532
@@ -88,14 +88,31 @@ typedef struct Poly1305 {
     size_t leftover;
     unsigned char finished;
     unsigned char started;
-#else
-#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+#elif defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+    ALIGN128 word64 r64[2];
     ALIGN128 word32 r[5];
     ALIGN128 word32 r_2[5]; /* r^2 */
     ALIGN128 word32 r_4[5]; /* r^4 */
     ALIGN128 word32 h[5];
     word32 pad[4];
     word64 leftover;
+    unsigned char buffer[POLY1305_BLOCK_SIZE];
+    unsigned char finished;
+#elif defined(WOLFSSL_ARMASM) && defined(__thumb__)
+    word32 r[4];
+    word32 h[5];
+    word32 pad[4];
+    word32 leftover;
+    unsigned char buffer[POLY1305_BLOCK_SIZE];
+#elif defined(WOLFSSL_RISCV_ASM)
+    word64 r[2];
+#ifdef WOLFSSL_RISCV_VECTOR
+    word64 r2[6];
+#endif
+    word64 h[3];
+    word64 pad[2];
+    size_t leftover;
+    unsigned char buffer[POLY1305_BLOCK_SIZE];
 #else
 #if defined(POLY130564)
     word64 r[3];
@@ -107,10 +124,9 @@ typedef struct Poly1305 {
     word32 pad[4];
 #endif
     size_t leftover;
-#endif /* WOLFSSL_ARMASM */
     unsigned char buffer[POLY1305_BLOCK_SIZE];
     unsigned char finished;
-#endif
+#endif /* WOLFSSL_ARMASM */
 } Poly1305;
 
 /* does init */
@@ -132,9 +148,35 @@ WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional,
     word32 addSz, const byte* input, word32 sz, byte* tag, word32 tagSz);
 
 #if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM)
-void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
-                            size_t bytes);
-void poly1305_block(Poly1305* ctx, const unsigned char *m);
+#define poly1305_blocks     poly1305_blocks_aarch64
+#define poly1305_block      poly1305_block_aarch64
+
+void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m,
+    size_t bytes);
+void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m);
+#endif
+
+#if defined(__thumb__ ) && defined(WOLFSSL_ARMASM)
+#define poly1305_blocks     poly1305_blocks_thumb2
+#define poly1305_block      poly1305_block_thumb2
+
+void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char *m,
+    size_t bytes);
+void poly1305_block_thumb2(Poly1305* ctx, const unsigned char *m);
+
+void poly1305_blocks_thumb2_16(Poly1305* ctx, const unsigned char* m,
+    word32 len, int notLast);
+void poly1305_set_key(Poly1305* ctx, const byte* key);
+void poly1305_final(Poly1305* ctx, byte* mac);
+#endif
+
+#if defined(WOLFSSL_RISCV_ASM)
+#define poly1305_blocks     poly1305_blocks_riscv64
+#define poly1305_block      poly1305_block_riscv64
+
+void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
+    size_t bytes);
+void poly1305_block_riscv64(Poly1305* ctx, const unsigned char *m);
 #endif
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
index 55ff661883..85b4ed121e 100644
--- a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
+++ b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
@@ -116,7 +116,7 @@
     ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
     */
     #if defined(CONFIG_ESP_WIFI_SSID)
-        /* tyically from ESP32 with ESP-IDF v4 ot v5 */
+        /* tyically from ESP32 with ESP-IDF v4 or v5 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
     #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
         /* typically from ESP8266 rtos-sdk/v3.4 */
@@ -148,9 +148,13 @@ WOLFSSL_LOCAL esp_err_t sdk_var_whereis(const char* v_name, void* v);
 
 WOLFSSL_LOCAL intptr_t esp_sdk_stack_pointer(void);
 
+#if defined(USE_WOLFSSL_ESP_SDK_TIME)
+
 /******************************************************************************
 * Time helpers
 ******************************************************************************/
+WOLFSSL_LOCAL esp_err_t esp_sdk_time_mem_init(void);
+
 WOLFSSL_LOCAL esp_err_t esp_sdk_time_lib_init(void);
 
 /* a function to show the current data and time */
@@ -168,8 +172,9 @@ WOLFSSL_LOCAL esp_err_t set_time(void);
 
 /* wait NTP_RETRY_COUNT seconds before giving up on NTP time */
 WOLFSSL_LOCAL esp_err_t set_time_wait_for_ntp(void);
+#endif
 
-#ifndef NO_ESP_SDK_WIFI
+#if defined(USE_WOLFSSL_ESP_SDK_WIFI)
 
 /******************************************************************************
 * WiFi helpers
@@ -201,8 +206,7 @@ WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_init_sta(void);
 
 WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_show_ip(void);
 
-#endif /* !NO_ESP_SDK_WIFI */
-
+#endif /* USE_WOLFSSL_ESP_SDK_WIFI */
 
 /******************************************************************************
 * Debug helpers
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
index 9a33bf5d39..41961cf4f5 100644
--- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
+++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
@@ -216,6 +216,10 @@ enum {
 **   Turns on diagnostic messages for SHA mutex. Note that given verbosity,
 **   there may be TLS timing issues encountered. Use with caution.
 **
+** DEBUG_WOLFSSL_ESP32_UNFINISHED_HW
+**   This may be interesting in that HW may have been unnessearily locked
+**   for hash that was never completed. (typically encountered at `free1` time)
+**
 ** LOG_LOCAL_LEVEL
 **   Debugging. Default value is ESP_LOG_DEBUG
 **
@@ -563,6 +567,95 @@ enum {
     defined(WOLFSSL_ESP32_CRYPT_DEBUG)
 #endif
 
+/*
+******************************************************************************
+** wolfssl component Kconfig file settings
+******************************************************************************
+ * Naming convention:
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
+
+
+
+/* Pre-set some hardware acceleration from Kconfig / menuconfig settings */
+#ifdef CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+#endif
+
+/* wolfCrypt test settings */
+#ifdef CONFIG_ESP_WOLFSSL_ENABLE_TEST
+    #ifdef CONFIG_WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+        #define HAVE_WOLFCRYPT_TEST_OPTIONS
+    #endif
+#endif
+
+/* debug options */
+#if defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL)
+    /* wolfSSH debugging enabled via Kconfig / menuconfig */
+    #define DEBUG_WOLFSSL
+#endif
+
+/*
+******************************************************************************
+** END wolfssl component Kconfig file settings
+******************************************************************************
+*/
+
 #ifdef __cplusplus
 extern "C"
 {
@@ -623,7 +716,8 @@ extern "C"
     #elif defined(CONFIG_IDF_TARGET_ESP8266)
         /* no hardware includes for ESP8266*/
     #else
-        #include "rom/aes.h"
+        /* TODO: Confirm for older versions: */
+        /* #include "rom/aes.h" */
     #endif
 
     typedef enum tagES32_AES_PROCESS /* TODO what's this ? */
@@ -759,7 +853,7 @@ extern "C"
     #if defined(WOLFSSL_STACK_CHECK)
         word32 last_word;
     #endif
-    } WC_ESP32SHA;
+    } WC_ESP32SHA __attribute__((aligned(4)));
 
     WOLFSSL_LOCAL int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx);
     WOLFSSL_LOCAL int esp_sha_init(WC_ESP32SHA* ctx,
@@ -986,6 +1080,29 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha);
 }
 #endif
 
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+
 #endif /* WOLFSSL_ESPIDF (entire contents excluded when not Espressif ESP-IDF) */
 
 #endif  /* __ESP32_CRYPT_H__ */
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
index e719b93f59..b4faa7368d 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
@@ -1,6 +1,6 @@
 /* renesas-fspsm-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
index b110343f1b..33dcbbc8df 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
@@ -1,6 +1,6 @@
 /* renesas-fsp-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,7 +31,7 @@
 
     #define FSPSM_W_KEYVAR          renesas_sce_wrappedkey
     #define FSPSM_tls_flg_ST        sce_keyflgs_tls
-    #define FSPSM_key_flg_ST        sce_keyflgs_cryt
+    #define FSPSM_key_flg_ST        sce_keyflgs_crypt
     #define FSPSM_tag_ST            tagUser_SCEPKCbInfo
     #define FSPSM_ST                User_SCEPKCbInfo
     #define FSPSM_ST_PKC            SCE_PKCbInfo
@@ -171,7 +171,7 @@
     /* structure, type so on */
     #define FSPSM_W_KEYVAR          renesas_rsip_wrappedkey
     #define FSPSM_tls_flg_ST        rsip_keyflgs_tls
-    #define FSPSM_key_flg_ST        rsip_keyflgs_cryt
+    #define FSPSM_key_flg_ST        rsip_keyflgs_crypt
     #define FSPSM_tag_ST            tagUser_RSIPPKCbInfo
     #define FSPSM_ST                User_RSIPPKCbInfo
     #define FSPSM_ST_PKC            RSIP_PKCbInfo
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h
index 07d59ac9ac..8d6cfe1720 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h
@@ -2,7 +2,7 @@
  *
  * Contributed by Johnson Controls Tyco IP Holdings LLP.
  *
- * Use of this Software is subject to the GPLv2 License
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -13,7 +13,7 @@
  *
  * wolfSSL is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
index 43030a2cb3..2a0cd1ff54 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
@@ -1,6 +1,6 @@
 /* renesas-tsip-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,8 +36,16 @@
 #endif
 
 
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/hash.h>
+#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
 #include <wolfssl/ssl.h>
+#endif
+#ifdef WOLF_CRYPTO_CB
+#include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
 
 #ifdef __cplusplus
 extern "C" {
@@ -51,7 +59,7 @@ extern "C" {
 typedef enum {
     WOLFSSL_TSIP_NOERROR = 0,
     WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff,
-}wolfssl_tsip_error_number;
+} wolfssl_tsip_error_number;
 
 typedef enum {
     tsip_Key_SESSION = 1,
@@ -84,19 +92,24 @@ enum {
     TSIP_TLS_VERIFY_DATA_WD_SZ = 8,
     TSIP_TLS_MAX_SIGDATA_SZ    = 130,
     TSIP_TEMP_WORK_SIZE        = 128,
+
+    TSIP_MAX_ECC_BYTES         = 48,
 };
 
 typedef enum {
-    TSIP_KEY_TYPE_RSA2048      = 0,
-    TSIP_KEY_TYPE_RSA4096      = 1,
-    TSIP_KEY_TYPE_ECDSAP256    = 2,
     #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
-    TSIP_KEY_TYPE_RSA1024      = 3,
+    TSIP_KEY_TYPE_RSA1024      = 1, /* TSIP_RSA1024 */
     #endif
-
+    TSIP_KEY_TYPE_RSA2048      = 2, /* TSIP_RSA2048 */
+    TSIP_KEY_TYPE_RSA3072      = 3, /* TSIP_RSA3072 */
+    TSIP_KEY_TYPE_RSA4096      = 4, /* TSIP_RSA4096 */
+    TSIP_KEY_TYPE_ECDSAP256    = 5, /* TSIP_ECCP256 */
+    TSIP_KEY_TYPE_ECDSAP384    = 6, /* TSIP_ECCP384 */
 } wolfssl_TSIP_KEY_TYPE;
 
+
 struct WOLFSSL;
+struct ecc_key;
 struct KeyShareEntry;
 
 /*  MsgBag stands for message bag and acts as a buffer for holding plain text
@@ -121,26 +134,33 @@ typedef struct MsgBag
 } MsgBag;
 
 #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
-
- typedef void* renesas_tsip_key;
-
- /* flags Crypt Only */
- struct tsip_keyflgs_cryt {
-    uint8_t aes256_key_set:1;
-    uint8_t aes128_key_set:1;
-    uint8_t rsapri2048_key_set:1;
-    uint8_t rsapub2048_key_set:1;
-    uint8_t rsapri1024_key_set:1;
-    uint8_t rsapub1024_key_set:1;
-    uint8_t message_type:1;/*message 0, hashed 1*/
- };
+/* flags Crypt Only */
+struct tsip_keyflgs_crypt {
+    uint32_t aes256_key_set:1;
+    uint32_t aes128_key_set:1;
+    uint32_t rsapri2048_key_set:1;
+    uint32_t rsapub2048_key_set:1;
+    uint32_t rsapri1024_key_set:1;
+    uint32_t rsapub1024_key_set:1;
+    uint32_t eccpri_key_set:1;
+    uint32_t eccpub_key_set:1;
+    uint32_t message_type:1; /*message 0, hashed 1*/
+};
 #endif
+
 /*
  * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
  */
 typedef struct TsipUserCtx {
     /* unique number for each session */
     int devId;
+
+    /* client key pair wrapped by provisioning key */
+    byte*                                              wrappedPrivateKey;
+    byte*                                              wrappedPublicKey;
+
+    int                                                wrappedKeyType;
+
 #ifdef WOLFSSL_RENESAS_TSIP_TLS
     /* 0:working as a TLS client, 1: as a server */
     byte                    side;
@@ -159,24 +179,17 @@ typedef struct TsipUserCtx {
 
     /* handle is used as work area for Tls13 handshake */
     tsip_tls13_handle_t                                handle13;
-#endif /* WOLFSSL_RENESAS_TSIP_TLS */
-    /* client key pair wrapped by provisioning key */
-    byte*                                              wrappedPrivateKey;
-    byte*                                              wrappedPublicKey;
 
-    int                                                wrappedKeyType;
-#ifdef WOLFSSL_RENESAS_TSIP_TLS
-    #if !defined(NO_RSA)
+#if !defined(NO_RSA)
     /* RSA-2048bit private and public key-index for client authentication */
     tsip_rsa2048_private_key_index_t                   Rsa2048PrivateKeyIdx;
     tsip_rsa2048_public_key_index_t                    Rsa2048PublicKeyIdx;
-    #endif /* !NO_RSA */
-
-    #if defined(HAVE_ECC)
-    /* ECC P256 private and public key-index for client authentication */
-    tsip_ecc_private_key_index_t                       EcdsaP256PrivateKeyIdx;
-    tsip_ecc_public_key_index_t                        EcdsaP256PublicKeyIdx;
-    #endif /* HAVE_ECC */
+#endif /* !NO_RSA */
+#if defined(HAVE_ECC)
+    /* ECC private and public key-index for client authentication */
+    tsip_ecc_private_key_index_t                       EcdsaPrivateKeyIdx;
+    tsip_ecc_public_key_index_t                        EcdsaPublicKeyIdx;
+#endif /* HAVE_ECC */
 
     /* ECDHE private key index for Tls13 handshake */
     tsip_tls_p256_ecc_key_index_t                      EcdhPrivKey13Idx;
@@ -226,7 +239,6 @@ typedef struct TsipUserCtx {
     /* signature data area for TLS1.3 CertificateVerify message  */
     byte                             sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
 
-
 #if (WOLFSSL_RENESAS_TSIP_VER >=109)
     /* out from R_SCE_TLS_ServerKeyExchangeVerify */
     uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
@@ -248,47 +260,19 @@ typedef struct TsipUserCtx {
     uint32_t    tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
     uint8_t     tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
     uint8_t     tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
-#endif /* WOLFSSL_RENESAS_TSIP_TLS */
-/* for tsip crypt only mode */
-#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
-
-    renesas_tsip_key    rsa1024pri_keyIdx;
-    renesas_tsip_key    rsa1024pub_keyIdx;
-    renesas_tsip_key    rsa2048pri_keyIdx;
-    renesas_tsip_key    rsa2048pub_keyIdx;
-
-    /* sign/verify hash type :
-     * md5, sha1 or sha256
-     */
-    int sing_hash_type;
-
-    /* flags shows status if tsip keys are installed */
-    union {
-        uint8_t chr;
-        struct tsip_keyflgs_cryt bits;
-    } keyflgs_crypt;
-
-#endif
-    /* installed key handling */
-    tsip_aes_key_index_t user_aes256_key_index;
-    uint8_t user_aes256_key_set:1;
-    tsip_aes_key_index_t user_aes128_key_index;
-    uint8_t user_aes128_key_set:1;
 
     /* TSIP defined cipher suite number */
     uint32_t    tsip_cipher;
 
     /* flags */
-#ifdef WOLFSSL_RENESAS_TSIP_TLS
-    #if !defined(NO_RSA)
+#if !defined(NO_RSA)
     uint8_t ClientRsa2048PrivKey_set:1;
     uint8_t ClientRsa2048PubKey_set:1;
-    #endif
-
-    #if defined(HAVE_ECC)
-    uint8_t ClientEccP256PrivKey_set:1;
-    uint8_t ClientEccP256PubKey_set:1;
-    #endif
+#endif
+#if defined(HAVE_ECC)
+    uint8_t ClientEccPrivKey_set:1;
+    uint8_t ClientEccPubKey_set:1;
+#endif
 
     uint8_t HmacInitialized:1;
     uint8_t RootCAverified:1;
@@ -308,6 +292,39 @@ typedef struct TsipUserCtx {
     uint8_t session_key_set:1;
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
 
+    /* installed key handling */
+    tsip_aes_key_index_t user_aes256_key_index;
+    uint8_t user_aes256_key_set:1;
+    tsip_aes_key_index_t user_aes128_key_index;
+    uint8_t user_aes128_key_set:1;
+
+/* for tsip crypt only mode */
+#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+#ifndef NO_RSA
+    tsip_rsa1024_private_key_index_t* rsa1024pri_keyIdx;
+    tsip_rsa1024_public_key_index_t*  rsa1024pub_keyIdx;
+    tsip_rsa2048_private_key_index_t* rsa2048pri_keyIdx;
+    tsip_rsa2048_public_key_index_t*  rsa2048pub_keyIdx;
+#endif
+#ifdef HAVE_ECC
+    #ifdef HAVE_ECC_SIGN
+    tsip_ecc_private_key_index_t      eccpri_keyIdx;
+    #endif
+    tsip_ecc_public_key_index_t       eccpub_keyIdx;
+#endif
+
+    /* sign/verify hash type :
+     * md5, sha1 or sha256
+     */
+    int sign_hash_type;
+
+    /* flags shows status if tsip keys are installed */
+    union {
+        uint32_t chr;
+        struct tsip_keyflgs_crypt bits;
+    } keyflgs_crypt;
+#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+
 } TsipUserCtx;
 
 typedef TsipUserCtx RenesasUserCtx;
@@ -372,7 +389,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
 #endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-WOLFSSL_API int tsip_use_PubicKey_buffer_crypt(TsipUserCtx *uc,
+WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
                                 const char* keyBuf, int keyBufLen, int keyType);
 WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
                                 const char* keyBuf, int keyBufLen, int keyType);
@@ -401,22 +418,29 @@ WOLFSSL_API void tsip_inform_user_keys(
 /*----------------------------------------------------*/
 /*   internal use functions                           */
 /*----------------------------------------------------*/
-WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc);
-
+#ifdef HAVE_PK_CALLBACKS
 WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
-                        WOLFSSL* ssl,
+                        struct WOLFSSL* ssl,
                         unsigned char* sig, unsigned int sigSz,
                         unsigned char** out,
                         const unsigned char* keyDer, unsigned int keySz,
                         void* ctx);
 
-WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc);
-
+#endif
 
 #ifdef WOLF_CRYPTO_CB
-
 struct wc_CryptoInfo;
 
+WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info,
+    TsipUserCtx* tuc);
+
+WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info,
+    TsipUserCtx* tuc);
+
+WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
+
+WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
+
 WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);
 
 WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
@@ -505,23 +529,23 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret(
 
 
 WOLFSSL_LOCAL int wc_tsip_storeKeyCtx(
-        WOLFSSL *ssl,
+        struct WOLFSSL *ssl,
         TsipUserCtx *userCtx);
 
 WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret(
-        WOLFSSL*  ssl,
+        struct WOLFSSL*  ssl,
         byte*       out,
         word32*     outSz);
 
 WOLFSSL_LOCAL int wc_tsip_EccSharedSecret(
-        WOLFSSL* ssl,
+        struct WOLFSSL* ssl,
         struct ecc_key* otherKey,
         unsigned char* pubKeyDer, unsigned int* pubKeySz,
         unsigned char* out, unsigned int* outlen,
         int side, void* ctx);
 
 WOLFSSL_LOCAL int wc_tsip_RsaVerify(
-        WOLFSSL* ssl,
+        struct WOLFSSL* ssl,
         byte* sig,
         word32 sigSz,
         byte** out,
@@ -530,7 +554,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerify(
         void* ctx);
 
 WOLFSSL_LOCAL int wc_tsip_EccVerify(
-        WOLFSSL*  ssl,
+        struct WOLFSSL*  ssl,
         const byte* sig,    word32  sigSz,
         const byte* hash,   word32  hashSz,
         const byte* key,    word32  keySz,
@@ -571,14 +595,14 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt(
         void* ctx);
 #endif /* NO_AES */
 WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify(
-        const WOLFSSL *ssl,
+        const struct WOLFSSL *ssl,
         const byte* message,
         word32      messageSz,
         word32      macSz,
         word32      content);
 
 WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
-        const WOLFSSL *ssl,
+        const struct WOLFSSL *ssl,
         const byte* myInner,
         word32      innerSz,
         const byte* in,
@@ -586,7 +610,7 @@ WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
         byte*       digest);
 
 WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate(
-        const WOLFSSL *ssl,
+        const struct WOLFSSL *ssl,
         const byte* myInner,
         word32      innerSz,
         const byte* in,
@@ -601,7 +625,7 @@ WOLFSSL_LOCAL int  tsip_hw_lock();
 
 WOLFSSL_LOCAL void tsip_hw_unlock( void );
 
-WOLFSSL_LOCAL int  tsip_usable(const WOLFSSL *ssl,
+WOLFSSL_LOCAL int  tsip_usable(const struct WOLFSSL *ssl,
                                 uint8_t session_key_generated);
 
 WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert(
@@ -631,13 +655,11 @@ WOLFSSL_LOCAL int  wc_tsip_generatePremasterSecret(
         word32  preSz);
 
 WOLFSSL_LOCAL int  wc_tsip_generateSessionKey(
-        WOLFSSL* ssl,
+        struct WOLFSSL* ssl,
         TsipUserCtx*    ctx,
         int             devId);
 
 WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx);
-WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info,
-                                                TsipUserCtx* tuc);
 
 WOLFSSL_LOCAL int  wc_tsip_GenerateRandBlock(byte* output, word32 size);
 
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
index e269115572..42f1695e93 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
@@ -1,6 +1,6 @@
 /* renesas_cmn.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,9 +21,14 @@
 #ifndef __RENESAS_CMN_H__
 #define __RENESAS_CMN_H__
 
+
+
 #include <wolfssl/ssl.h>
+
+#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
 #include <wolfssl/internal.h>
 
+
 /* Common Callbacks */
 WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl,
                                 const unsigned char* in, unsigned int inSz,
@@ -69,8 +74,6 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigne
 
 /* Common Methods */
 WOLFSSL_LOCAL void* Renesas_cmn_GetCbCtxBydevId(int devId);
-int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx);
-void wc_CryptoCb_CleanupRenesasCmn(int* id);
 int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
         word32 key_n_start, word32 key_n_len, word32 key_e_start,
         word32 key_e_len, word32 cm_row);
@@ -80,4 +83,9 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
                             const byte *handshake_hash, word32 hashSz,
                             byte *hashes, void* ctx);
 WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx);
+#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+
+int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx);
+void wc_CryptoCb_CleanupRenesasCmn(int* id);
+
 #endif /* __RENESAS_CMN_H__ */
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h
index 365abf5a38..3b67449144 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h
@@ -1,6 +1,6 @@
 /* renesas_sync.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
index d340a1d3f7..2063056b82 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
@@ -1,7 +1,7 @@
 
 /* renesas_tsip_types.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,6 +25,7 @@
 
 
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
 
 #if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
     !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
@@ -33,12 +34,6 @@ typedef enum {
     TSIP_SHA256 = 1,
 } TSIP_SHA_TYPE;
 
-typedef enum {
-    TSIP_RSA2048,
-    TSIP_RSA4096,
-    TSIP_ECCP256,
-} TSIP_KEY_TYPE;
-
 typedef struct {
     byte*  msg;
     void*  heap;
@@ -54,16 +49,27 @@ typedef struct {
 /* RAW hash function APIs are not implemented with TSIP */
 #define WOLFSSL_NO_HASH_RAW
 
+#ifndef NO_SHA
 typedef wolfssl_TSIP_Hash wc_Sha;
-
-#if !defined(NO_SHA256)
+#endif
+#ifndef NO_SHA256
 typedef wolfssl_TSIP_Hash wc_Sha256;
 #endif
 
-#endif /* NO_SHA */
+#endif /* !NO_SHA || !NO_SHA256 */
+
+
+typedef enum {
+    TSIP_RSA1024 = 1,
+    TSIP_RSA2048 = 2,
+    TSIP_RSA3072 = 3,
+    TSIP_RSA4096 = 4,
+    TSIP_ECCP256 = 5,
+    TSIP_ECCP384 = 6,
+} TSIP_KEY_TYPE;
 
 
-#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) ||\
+#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) || \
     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 #include "r_tsip_rx_if.h"
 
diff --git a/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h b/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h
index bac08c0454..8defcb82f4 100644
--- a/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h
+++ b/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h
@@ -1,6 +1,6 @@
 /* afalg_hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h b/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h
index 60571f3739..af9e76827d 100644
--- a/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h
+++ b/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h
@@ -1,6 +1,6 @@
 /* wc_afalg.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/aria/aria-crypt.h b/wolfssl/wolfcrypt/port/aria/aria-crypt.h
index 9d49b875a1..a660bdb3a1 100644
--- a/wolfssl/wolfcrypt/port/aria/aria-crypt.h
+++ b/wolfssl/wolfcrypt/port/aria/aria-crypt.h
@@ -1,6 +1,6 @@
 /* aria-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h b/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
index 01e18b07d8..68099b1c22 100644
--- a/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
+++ b/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
@@ -1,6 +1,6 @@
 /* aria-cryptocb.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/arm/cryptoCell.h b/wolfssl/wolfcrypt/port/arm/cryptoCell.h
index 58ba145162..eb9169f300 100644
--- a/wolfssl/wolfcrypt/port/arm/cryptoCell.h
+++ b/wolfssl/wolfcrypt/port/arm/cryptoCell.h
@@ -1,6 +1,6 @@
 /* cryptoCell.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/atmel/atmel.h b/wolfssl/wolfcrypt/port/atmel/atmel.h
index 4f92236647..c2f994083d 100644
--- a/wolfssl/wolfcrypt/port/atmel/atmel.h
+++ b/wolfssl/wolfcrypt/port/atmel/atmel.h
@@ -1,6 +1,6 @@
 /* atmel.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/autosar/StandardTypes.h b/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
index a3675f2527..99c3698ab6 100644
--- a/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
+++ b/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
@@ -1,6 +1,6 @@
 /* StandardTypes.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/caam_driver.h b/wolfssl/wolfcrypt/port/caam/caam_driver.h
index 3f5174ebb1..5b6d791304 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_driver.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_driver.h
@@ -1,6 +1,6 @@
 /* caam_driver.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/caam_error.h b/wolfssl/wolfcrypt/port/caam/caam_error.h
index abde9b56b8..cb2e2f2348 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_error.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_error.h
@@ -1,6 +1,6 @@
 /* caam_error.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/caam_qnx.h b/wolfssl/wolfcrypt/port/caam/caam_qnx.h
index 55d1fccd37..eb961c491f 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_qnx.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_qnx.h
@@ -1,6 +1,6 @@
 /* caam_qnx.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam.h b/wolfssl/wolfcrypt/port/caam/wolfcaam.h
index 1123ecba4b..472e0592d7 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam.h
@@ -1,6 +1,6 @@
 /* wolfcaam.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h
index 5ee9e7aa43..7764f38301 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h
@@ -1,6 +1,6 @@
 /* wolfcaam_aes.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h
index b07fe19b10..5a2798cb0d 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h
@@ -1,6 +1,6 @@
 /* wolfcaam_cmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h
index 2943d71765..50aa0087c8 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h
@@ -1,6 +1,6 @@
 /* wolfcaam_ecdsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h
index c1f1367259..d85ab7e77c 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h
@@ -1,6 +1,6 @@
 /* wolfcaam_fsl_nxp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
index 07f176eb51..caa5c27c31 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
@@ -1,6 +1,6 @@
 /* wolfcaam_hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
index 6eee6b2c73..6c3440511d 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
@@ -1,6 +1,6 @@
 /* wolfcaam_qnx.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h
index 032c1e8c40..0653637955 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h
@@ -1,6 +1,6 @@
 /* wolfcaam_rsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
index d07c05492c..ea1d2914e3 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
@@ -1,6 +1,6 @@
 /* wolfcaam_seco.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h
index 67aa5aeab8..17dc06e32e 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h
@@ -1,6 +1,6 @@
 /* wolfcaam_sha.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h
index b10b6c9d55..3354b45e5b 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h
@@ -1,6 +1,6 @@
 /* wolfcaam_x25519.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h b/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h
index 28fdd297a3..d1f861f921 100644
--- a/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h
+++ b/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h
@@ -1,6 +1,6 @@
 /* cavium_octeon_sync.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h b/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
index c7df1f34f1..59fe2fdc7f 100644
--- a/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
+++ b/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
@@ -1,6 +1,6 @@
 /* psoc6_crypto.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h b/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
index d2c73d1422..20d69c98d5 100644
--- a/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
+++ b/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
@@ -1,6 +1,6 @@
 /* wc_devcrypto.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/intel/quickassist_sync.h b/wolfssl/wolfcrypt/port/intel/quickassist_sync.h
index 3e3411a1e6..2db3f3ec46 100644
--- a/wolfssl/wolfcrypt/port/intel/quickassist_sync.h
+++ b/wolfssl/wolfcrypt/port/intel/quickassist_sync.h
@@ -1,6 +1,6 @@
 /* quickassist_sync.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h b/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
index ba4d3bd7e0..27b3b19da6 100644
--- a/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
+++ b/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
@@ -1,6 +1,6 @@
 /* iotsafe.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h
index 7183c149d0..bf646f2ada 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h
@@ -1,6 +1,6 @@
 /* kcapi_dh.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h
index 31949a0707..a5ccb7c323 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h
@@ -1,6 +1,6 @@
 /* kcapi_ecc.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h
index 1a4bbf8773..b723ca51d8 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h
@@ -1,6 +1,6 @@
 /* kcapi_hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
index cfd841fe21..784b47ee0a 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
@@ -1,6 +1,6 @@
 /* kcapi_hmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h
index 18a44576aa..64fcdb66b8 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h
@@ -1,6 +1,6 @@
 /* kcapi_rsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h b/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h
index 3e5483c21d..cfbc3e0883 100644
--- a/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h
+++ b/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h
@@ -1,6 +1,6 @@
 /* wc_kcapi.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/liboqs/liboqs.h b/wolfssl/wolfcrypt/port/liboqs/liboqs.h
index b558f51846..f780164ac1 100644
--- a/wolfssl/wolfcrypt/port/liboqs/liboqs.h
+++ b/wolfssl/wolfcrypt/port/liboqs/liboqs.h
@@ -1,6 +1,6 @@
 /* liboqs.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h
new file mode 100644
index 0000000000..e25dba7bb8
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h
@@ -0,0 +1,73 @@
+/* max3266x-cryptocb.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_MAX3266X_CRYPTO_CB_H_
+#define _WOLFPORT_MAX3266X_CRYPTO_CB_H_
+
+#if (defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \
+    defined(WOLF_CRYPTO_CB)
+#ifndef WOLFSSL_MAX3266X_DEVID
+    #define WOLFSSL_MAX3266X_DEVID 9
+#endif
+#define WC_USE_DEVID WOLFSSL_MAX3266X_DEVID
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/cryptocb.h>
+#include <wolfssl/wolfcrypt/aes.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+    WOLFSSL_LOCAL int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info,
+                                        void* ctx);
+#ifdef HAVE_AES_ECB
+    WOLFSSL_LOCAL int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#ifdef HAVE_AES_CBC
+    WOLFSSL_LOCAL int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+
+#ifdef HAVE_AES_DECRYPT
+#ifdef HAVE_AES_ECB
+    WOLFSSL_LOCAL int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#ifdef HAVE_AES_CBC
+    WOLFSSL_LOCAL int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#endif /* HAVE_AES_DECRYPT */
+
+
+    WOLFSSL_LOCAL int wc_MXC_Sha256Update(wc_MXC_Sha* sha256,
+                                            const unsigned char* data,
+                                            unsigned int len);
+    WOLFSSL_LOCAL int wc_MXC_Sha256Final(wc_MXC_Sha* sha256,
+                                            unsigned char* hash);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* (WOLFSSL_MAX3266X || WOLFSSL_MAX3266X_OLD) && WOLF_CRYPTO_CB) */
+#endif /* _WOLFPORT_MAX3266X_CRYPTO_CB_H_ */
diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h
new file mode 100644
index 0000000000..10c1188b44
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h
@@ -0,0 +1,388 @@
+/* max3266x.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_MAX3266X_H_
+#define _WOLFPORT_MAX3266X_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef WOLFSSL_MAX_HASH_SIZE
+    #define WOLFSSL_MAX_HASH_SIZE  64
+#endif
+
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+
+/* Some extra conditions when using callbacks */
+#if defined(WOLF_CRYPTO_CB)
+    #define MAX3266X_CB
+    #ifdef MAX3266X_MATH
+        #error Cannot have MAX3266X_MATH and MAX3266X_CB
+    #endif
+    #ifdef MAX3266X_SHA
+        #undef MAX3266X_SHA /* Turn Off Normal Sha Definition */
+        #define MAX3266X_SHA_CB /* Turn On Callback for SHA */
+    #endif
+#endif
+
+/* Default to all HW acceleration on unless specified in user_settings */
+#if !defined(MAX3266X_RNG) && !defined(MAX3266X_AES) && \
+        !defined(MAX3266X_AESGCM) && !defined(MAX3266X_SHA) && \
+        !defined(MAX3266X_MATH)
+    #define MAX3266X_RNG
+    #define MAX3266X_AES
+    #ifndef MAX3266X_CB
+        #define MAX3266X_SHA /* SHA is Supported, but need new definitions */
+        #define MAX3266X_MATH  /* MATH is not supported with callbacks */
+    #endif
+    #ifdef MAX3266X_CB
+        #define MAX3266X_SHA_CB /* Turn on Callback for SHA */
+    #endif
+#endif
+
+/* Crypto HW can be used in parallel on this device */
+/* Sets up new Mutexing if desired */
+#ifdef WOLFSSL_ALGO_HW_MUTEX
+    /* SDK only supports using RNG in parallel with crypto HW */
+    /* AES, HASH, and PK must share some mutex */
+    #define NO_AES_MUTEX
+    #define NO_HASH_MUTEX
+    #define NO_PK_MUTEX
+#endif /* WOLFSSL_ALGO_HW_MUTEX */
+
+#if defined(WOLFSSL_MAX3266X_OLD)
+    /* Support for older SDK API Maxim provides */
+
+    /* These are needed for older SDK */
+    #define TARGET MAX32665
+    #define TARGET_REV 0x4131
+    #include "mxc_sys.h"
+
+
+
+    #if defined(MAX3266X_RNG)
+        #include "trng.h"   /* Provides TRNG Drivers */
+        #define MXC_TPU_TRNG_Read           TRNG_Read
+        #warning "TRNG Health Test not available in older Maxim SDK"
+        #define MXC_TRNG_HealthTest(...)    0
+    #endif
+    #if defined(MAX3266X_AES)
+        #include "cipher.h" /* Provides Drivers for AES */
+        /* AES Defines */
+        #define MXC_TPU_CIPHER_TYPE      tpu_ciphersel_t
+        #define MXC_TPU_CIPHER_AES128    TPU_CIPHER_AES128
+        #define MXC_TPU_CIPHER_AES192    TPU_CIPHER_AES192
+        #define MXC_TPU_CIPHER_AES256    TPU_CIPHER_AES256
+
+        #define MXC_TPU_MODE_TYPE        tpu_modesel_t
+        #define MXC_TPU_MODE_ECB         TPU_MODE_ECB
+        #define MXC_TPU_MODE_CBC         TPU_MODE_CBC
+        #define MXC_TPU_MODE_CFB         TPU_MODE_CFB
+        #define MXC_TPU_MODE_CTR         TPU_MODE_CTR
+
+        /* AES Functions */
+        #define MXC_TPU_Cipher_Config       TPU_Cipher_Config
+        #define MXC_TPU_Cipher_AES_Encrypt  TPU_AES_Encrypt
+        #define MXC_TPU_Cipher_AES_Decrypt  TPU_AES_Decrypt
+
+    #endif
+    #if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+        #include "hash.h"   /* Proivdes Drivers for SHA */
+        /* SHA Defines */
+        #define MXC_TPU_HASH_TYPE        tpu_hashfunsel_t
+        #define MXC_TPU_HASH_SHA1        TPU_HASH_SHA1
+        #define MXC_TPU_HASH_SHA224      TPU_HASH_SHA224
+        #define MXC_TPU_HASH_SHA256      TPU_HASH_SHA256
+        #define MXC_TPU_HASH_SHA384      TPU_HASH_SHA384
+        #define MXC_TPU_HASH_SHA512      TPU_HASH_SHA512
+
+        /* SHA Functions */
+        #define MXC_TPU_Hash_Config             TPU_Hash_Config
+        #define MXC_TPU_Hash_SHA                TPU_SHA
+
+    #endif
+    #if defined(MAX3266X_MATH)
+        #include "maa.h"    /* Provides Drivers for math acceleration for   */
+                            /* ECDSA and RSA Acceleration                   */
+        /* MAA Defines */
+        #define MXC_TPU_MAA_TYPE     tpu_maa_clcsel_t
+        #define MXC_TPU_MAA_EXP      TPU_MAA_EXP
+        #define MXC_TPU_MAA_SQ       TPU_MAA_SQ
+        #define MXC_TPU_MAA_MUL      TPU_MAA_MUL
+        #define MXC_TPU_MAA_SQMUL    TPU_MAA_SQMUL
+        #define MXC_TPU_MAA_ADD      TPU_MAA_ADD
+        #define MXC_TPU_MAA_SUB      TPU_MAA_SUB
+
+        /* MAA Functions */
+        #define MXC_TPU_MAA_Compute      MAA_Compute
+        #define MXC_TPU_MAA_Shutdown     MAA_Shutdown
+        #define MXC_TPU_MAA_Init         MAA_Init
+        #define MXC_TPU_MAA_Reset        MAA_Reset
+
+    #endif
+
+    /* TPU Functions */
+    #define MXC_TPU_Init                SYS_TPU_Init
+    #define MXC_TPU_Shutdown            SYS_TPU_Shutdown
+    #define MXC_SYS_PERIPH_CLOCK_TPU    SYS_PERIPH_CLOCK_TPU
+
+    #define MXC_SYS_PERIPH_CLOCK_TPU    SYS_PERIPH_CLOCK_TPU
+    #define MXC_SYS_PERIPH_CLOCK_TRNG   SYS_PERIPH_CLOCK_TRNG
+
+#else
+    /* Defaults to expect newer SDK */
+    #if defined(MAX3266X_RNG)
+        #include "trng.h"   /* Provides Drivers for TRNG    */
+    #endif
+    #if defined(MAX3266X_AES) || defined(MAX3266X_SHA) || \
+                defined(MAX3266X_MATH) || defined(MAX3266X_RSA) || \
+                defined(MAX3266X_RNG)
+        #include "tpu.h"    /* SDK Drivers for the TPU unit         */
+                            /* Handles AES, SHA, and                */
+                            /* MAA driver to accelerate RSA/ECDSA   */
+
+        /* AES Defines */
+        #define MXC_TPU_CIPHER_TYPE     mxc_tpu_ciphersel_t
+        #define MXC_TPU_MODE_TYPE       mxc_tpu_modesel_t
+
+        /* SHA Defines */
+        #define MXC_TPU_HASH_TYPE       mxc_tpu_hashfunsel_t
+
+        /* MAA Defines */
+        #define MXC_TPU_MAA_TYPE     mxc_tpu_maa_clcsel_t
+
+
+    #endif
+
+#endif
+
+
+/* Provide Driver for RTC if specified, meant for wolfCrypt benchmark only */
+#if defined(MAX3266X_RTC)
+    #if defined(WOLFSSL_MAX3266X_OLD)
+       #error Not Implemented with old SDK
+    #endif
+    #include "time.h"
+    #include "rtc.h"
+    #define MXC_SECS_PER_MIN (60)
+    #define MXC_SECS_PER_HR  (60 * MXC_SECS_PER_MIN)
+    #define MXC_SECS_PER_DAY (24 * MXC_SECS_PER_HR)
+#endif
+
+/* Variable Definitions */
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+    WOLFSSL_LOCAL int wc_MXC_TPU_Init(void);
+    WOLFSSL_LOCAL int wc_MXC_TPU_Shutdown(void);
+    /* Convert Errors to wolfCrypt Codes */
+    WOLFSSL_LOCAL int wc_MXC_error(int *ret);
+
+#ifdef MAX3266X_RTC
+    WOLFSSL_LOCAL int wc_MXC_RTC_Init(void);
+    WOLFSSL_LOCAL int wc_MXC_RTC_Reset(void);
+    WOLFSSL_LOCAL double wc_MXC_RTC_Time(void);
+#endif
+
+#ifdef MAX3266X_VERBOSE
+    #ifndef DEBUG_WOLFSSL
+        #error Need "#define DEBUG_WOLFSSL" to do use "#define MAX3266X_VERBOSE"
+    #else
+        #define MAX3266X_MSG(...)   WOLFSSL_MSG(__VA_ARGS__)
+    #endif
+#else
+    #define MAX3266X_MSG(...)   /* Compile out Verbose MSGs */
+#endif
+
+#ifdef MAX3266X_RNG
+    WOLFSSL_LOCAL int wc_MXC_TRNG_Random(unsigned char* output,
+                                                unsigned int sz);
+#endif
+
+#ifdef MAX3266X_AES
+    WOLFSSL_LOCAL int wc_MXC_TPU_AesEncrypt(const unsigned char* in,
+                                const unsigned char* iv,
+                                const unsigned char* enc_key,
+                                MXC_TPU_MODE_TYPE mode,
+                                unsigned int data_size,
+                                unsigned char* out, unsigned int keySize);
+#ifdef HAVE_AES_DECRYPT
+    WOLFSSL_LOCAL int wc_MXC_TPU_AesDecrypt(const unsigned char* in,
+                                const unsigned char* iv,
+                                const unsigned char* enc_key,
+                                MXC_TPU_MODE_TYPE mode,
+                                unsigned int data_size,
+                                unsigned char* out, unsigned int keySize);
+#endif /* HAVE_AES_DECRYPT */
+#endif /* MAX3266X_AES */
+
+#if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+
+    typedef struct {
+        unsigned char   *msg;
+        unsigned int    used;
+        unsigned int    size;
+        #ifdef WOLFSSL_HASH_FLAGS
+        unsigned int    flags; /* enum wc_HashFlags in hash.h */
+        #endif
+    } wc_MXC_Sha;
+
+    #if !defined(NO_SHA)
+    #ifndef MAX3266X_SHA_CB
+        typedef wc_MXC_Sha wc_Sha;
+        #define WC_SHA_TYPE_DEFINED
+    #endif /* !MAX3266X_SHA_CB */
+
+        /* Define the SHA digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA1[20] = {
+            0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+            0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+            0xaf, 0xd8, 0x07, 0x09};
+    #endif /* NO_SHA */
+
+    #if defined(WOLFSSL_SHA224)
+    #ifndef MAX3266X_SHA_CB
+        typedef wc_MXC_Sha wc_Sha224;
+        #define WC_SHA224_TYPE_DEFINED
+    #endif /* !MAX3266X_SHA_CB */
+
+        /* Define the SHA-224 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA224[28] = {
+                0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
+                0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
+                0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
+                0xc5, 0xb3, 0xe4, 0x2f};
+    #endif /* WOLFSSL_SHA224 */
+
+    #if !defined(NO_SHA256)
+    #ifndef MAX3266X_SHA_CB
+        typedef wc_MXC_Sha wc_Sha256;
+        #define WC_SHA256_TYPE_DEFINED
+    #endif /* !MAX3266X_SHA_CB */
+
+        /* Define the SHA-256 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA256[32] = {
+                0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+                0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+                0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+                0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55};
+    #endif /* NO_SHA256 */
+
+    #if defined(WOLFSSL_SHA384)
+    #ifndef MAX3266X_SHA_CB
+        typedef wc_MXC_Sha wc_Sha384;
+        #define WC_SHA384_TYPE_DEFINED
+    #endif /* !MAX3266X_SHA_CB */
+
+        /* Define the SHA-384 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA384[48] = {
+            0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38,
+            0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a,
+            0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
+            0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda,
+            0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb,
+            0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b};
+    #endif /* WOLFSSL_SHA384 */
+
+    #if defined(WOLFSSL_SHA512)
+    #ifndef MAX3266X_SHA_CB
+        typedef wc_MXC_Sha wc_Sha512;
+        typedef wc_MXC_Sha wc_Sha512_224;
+        typedef wc_MXC_Sha wc_Sha512_256;
+        #define WC_SHA512_TYPE_DEFINED
+    #endif /* !MAX3266X_SHA_CB */
+
+        /* Does not support these SHA512 Macros */
+        #ifndef WOLFSSL_NOSHA512_224
+            #warning "MAX3266X Port does not support SHA-512/224"
+            #define WOLFSSL_NOSHA512_224
+        #endif
+        #ifndef WOLFSSL_NOSHA512_256
+            #warning "MAX3266X Port does not support SHA-512/256"
+            #define WOLFSSL_NOSHA512_256
+        #endif
+
+        /* Define the SHA-512 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA512[64] = {
+            0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
+            0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
+            0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
+            0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
+            0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
+            0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
+            0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
+            0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e};
+    #endif /* WOLFSSL_SHA512 */
+
+
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash,
+                                                const unsigned char* data,
+                                                unsigned int size);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst);
+    WOLFSSL_LOCAL void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+
+
+#endif /* defined(MAX3266X_SHA) && !defined(WOLF_CRYPTO_CB) */
+
+#if defined(MAX3266X_MATH)
+    #define WOLFSSL_USE_HW_MP
+    /* Setup mapping to fallback if edge case is encountered */
+    #if defined(USE_FAST_MATH)
+        #define mxc_mod         fp_mod
+        #define mxc_addmod      fp_addmod
+        #define mxc_submod      fp_submod
+        #define mxc_mulmod      fp_mulmod
+        #define mxc_exptmod     fp_exptmod
+        #define mxc_sqrmod      fp_sqrmod
+    #elif defined(WOLFSSL_SP_MATH_ALL)
+        #define mxc_mod         sp_mod
+        #define mxc_addmod      sp_addmod
+        #define mxc_submod      sp_submod
+        #define mxc_mulmod      sp_mulmod
+        #define mxc_exptmod     sp_exptmod
+        #define mxc_sqrmod      sp_sqrmod
+    #else
+        #error Need to use WOLFSSL_SP_MATH_ALL
+    #endif
+
+#endif
+
+#ifdef __cplusplus
+    }
+#endif
+
+#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */
+#endif /* _WOLFPORT_MAX3266X_H_ */
diff --git a/wolfssl/wolfcrypt/port/maxim/maxq10xx.h b/wolfssl/wolfcrypt/port/maxim/maxq10xx.h
index 0d8849f4fc..ecfc56c9c7 100644
--- a/wolfssl/wolfcrypt/port/maxim/maxq10xx.h
+++ b/wolfssl/wolfcrypt/port/maxim/maxq10xx.h
@@ -1,6 +1,6 @@
 /* maxq10xx.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -96,6 +96,7 @@ WOLFSSL_LOCAL void wc_MAXQ10XX_Sha256Copy(wc_Sha256* sha256);
 WOLFSSL_LOCAL void wc_MAXQ10XX_Sha256Free(wc_Sha256* sha256);
 WOLFSSL_LOCAL int wc_MAXQ10XX_EccSetKey(ecc_key* key, word32 keysize);
 WOLFSSL_LOCAL void wc_MAXQ10XX_EccFree(ecc_key* key);
+WOLFSSL_LOCAL int maxq10xx_random(byte* output, unsigned short sz);
 #endif /* WOLFSSL_MAXQ10XX_CRYPTO */
 
 #ifdef HAVE_PK_CALLBACKS
diff --git a/wolfssl/wolfcrypt/port/nrf51.h b/wolfssl/wolfcrypt/port/nrf51.h
index d93fd0d86c..cb379fdf36 100644
--- a/wolfssl/wolfcrypt/port/nrf51.h
+++ b/wolfssl/wolfcrypt/port/nrf51.h
@@ -1,6 +1,6 @@
 /* nrf51.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/nxp/dcp_port.h b/wolfssl/wolfcrypt/port/nxp/dcp_port.h
index 3d4c1fe93e..a09537369c 100644
--- a/wolfssl/wolfcrypt/port/nxp/dcp_port.h
+++ b/wolfssl/wolfcrypt/port/nxp/dcp_port.h
@@ -1,6 +1,6 @@
 /* dcp_port.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h
index 98f9ff2002..f5bfe0df10 100644
--- a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h
+++ b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h
@@ -1,6 +1,6 @@
 /* ksdk_port.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/nxp/se050_port.h b/wolfssl/wolfcrypt/port/nxp/se050_port.h
index ffda88fc97..cdeda673cd 100644
--- a/wolfssl/wolfcrypt/port/nxp/se050_port.h
+++ b/wolfssl/wolfcrypt/port/nxp/se050_port.h
@@ -1,6 +1,6 @@
 /* se050_port.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
index 46f3c04ac2..dbedb067fe 100644
--- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
+++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
@@ -1,6 +1,6 @@
 /* pic32mz-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/psa/psa.h b/wolfssl/wolfcrypt/port/psa/psa.h
index 6bde526c04..87b5fb41a7 100644
--- a/wolfssl/wolfcrypt/port/psa/psa.h
+++ b/wolfssl/wolfcrypt/port/psa/psa.h
@@ -1,6 +1,6 @@
 /* psa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
index 25e69b3f08..023448d5c1 100644
--- a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
+++ b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
@@ -27,6 +27,7 @@
 #define ASM_WORD(i) \
     ".word    " #i "\n\t"
 
+
 #define REG_X0      0
 #define REG_X1      1
 #define REG_X2      2
@@ -127,6 +128,308 @@
 #define REG_V30     30
 #define REG_V31     31
 
+
+#ifdef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+
+/* Reverse bytes in 64-bit register. */
+#define REV8(rd, rs)                                        \
+    ASM_WORD((0b011010111000 << 20) | (0b101 << 12) |       \
+             (0b0010011 << 0) |                             \
+             (rs << 15) | (rd << 7))
+
+/* Rotate right 32-bit register 5-bit value. */
+#define RORIW(rd, rs, imm)                                  \
+    ASM_WORD((0b0110000 << 25) | (0b101 << 12) |            \
+             (0b0011011 << 0) |                             \
+             (imm << 20) | (rs << 15) | (rd << 7))
+
+/* Rotate right 64-bit register 7-bit value. */
+#define RORI(rd, rs, imm)                                   \
+    ASM_WORD((0b01100 << 27) | (0b101 << 12) |              \
+             (0b0010011 << 0) |                             \
+             ((imm) << 20) | ((rs) << 15) | ((rd) << 7))
+
+/* rs1 and not rs2 into rd. */
+#define ANDN(rd, rs1, rs2)                                  \
+    ASM_WORD((0b0100000 << 25) | (0b111 << 12) |            \
+             (0b0110011 << 0) |                             \
+             ((rs2) << 20) | ((rs1) << 15) | ((rd) << 7))
+
+
+/* rd = rs1[0..31] | rs2[0..31]. */
+#define PACK(rd, rs1, rs2)                                     \
+    ASM_WORD((0b0000100 << 25) | (0b100 << 12) | 0b0110011 |   \
+             (rs2 << 20) | (rs1 << 15) | (rd << 7))
+
+#endif /* WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+#ifdef WOLFSSL_RISCV_BIT_MANIPULATION_TERNARY
+
+/* rd = (rs1|rs3 >> imm)[0..63] */
+#define FSRI(rd, rs1, rs3, imm)                                     \
+    ASM_WORD((0b1 << 26) | (0b101 << 12) | (0b0110011 << 0) |       \
+             (rs3 << 27) | (imm << 20) | (rs1 << 15) | (rd << 7))
+
+#endif
+
+/*
+ * Load and store
+ */
+
+/* 64-bit width when loading. */
+#define WIDTH_64  0b111
+/* 32-bit width when loading. */
+#define WIDTH_32  0b110
+
+
+#define VLSEG_V(vd, rs1, cnt, width) \
+    ASM_WORD(0b0000111 | (width << 12) | (0b10101000 << 20) |   \
+        (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15))
+/* Load 8 Vector registers' 64-bit element. */
+#define VLSEG8E64_V(vd, rs1)  VLSEG_V(vd, rs1, 8, WIDTH_64)
+/* Load 1 Vector register's 64-bit element. */
+#define VLSEG1E64_V(vd, rs1)  VLSEG_V(vd, rs1, 1, WIDTH_64)
+
+#define VSSEG_V(vd, rs1, cnt, width) \
+    ASM_WORD(0b0100111 | (width << 12) | (0b10101000 << 20) |   \
+        (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15))
+/* Store 8 Vector registers' 64-bit element. */
+#define VSSEG8E64_V(vd, rs1)  VSSEG_V(vd, rs1, 8, WIDTH_64)
+/* Store 1 Vector register's 64-bit element. */
+#define VSSEG1E64_V(vd, rs1)  VSSEG_V(vd, rs1, 1, WIDTH_64)
+
+/* Load n Vector registers with width-bit components. */
+#define VLRE_V(vd, rs1, cnt, width)                             \
+    ASM_WORD(0b0000111 | (width << 12) | (0b00101000 << 20) |   \
+        (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15))
+/* Load 1 Vector register with 64-bit components. */
+#define VL1RE64_V(vd, rs1)  VLRE_V(vd, rs1, 1, WIDTH_64)
+/* Load 2 Vector register with 64-bit components. */
+#define VL2RE64_V(vd, rs1)  VLRE_V(vd, rs1, 2, WIDTH_64)
+/* Load 4 Vector register with 64-bit components. */
+#define VL4RE64_V(vd, rs1)  VLRE_V(vd, rs1, 4, WIDTH_64)
+/* Load 8 Vector register with 64-bit components. */
+#define VL8RE64_V(vd, rs1)  VLRE_V(vd, rs1, 8, WIDTH_64)
+/* Load 1 Vector register with 32-bit components. */
+#define VL1RE32_V(vd, rs1)  VLRE_V(vd, rs1, 1, WIDTH_32)
+/* Load 2 Vector register with 32-bit components. */
+#define VL2RE32_V(vd, rs1)  VLRE_V(vd, rs1, 2, WIDTH_32)
+/* Load 4 Vector register with 32-bit components. */
+#define VL4RE32_V(vd, rs1)  VLRE_V(vd, rs1, 4, WIDTH_32)
+/* Load 8 Vector register with 32-bit components. */
+#define VL8RE32_V(vd, rs1)  VLRE_V(vd, rs1, 8, WIDTH_32)
+
+/* Store n Vector register. */
+#define VSR_V(vs3, rs1, cnt)                                    \
+    ASM_WORD(0b0100111 | (0b00101000 << 20) | (0 << 28) |       \
+        ((cnt-1) << 29) | (vs3 << 7) | (rs1 << 15))
+/* Store 1 Vector register. */
+#define VS1R_V(vs3, rs1)    VSR_V(vs3, rs1, 1)
+/* Store 2 Vector register. */
+#define VS2R_V(vs3, rs1)    VSR_V(vs3, rs1, 2)
+/* Store 4 Vector register. */
+#define VS4R_V(vs3, rs1)    VSR_V(vs3, rs1, 4)
+/* Store 8 Vector register. */
+#define VS8R_V(vs3, rs1)    VSR_V(vs3, rs1, 8)
+
+/* Move from vector register to vector registor. */
+#define VMV_V_V(vd, vs1)                                        \
+    ASM_WORD((0b1010111 << 0) | (0b000 << 12) | (0b1 << 25) |   \
+        (0b010111 << 26) | ((vd) << 7) | ((vs1) << 15))
+/* Splat register to each component of the vector registor. */
+#define VMV_V_X(vd, rs1)                                        \
+    ASM_WORD((0b1010111 << 0) | (0b100 << 12) | (0b1 << 25) |   \
+        (0b010111 << 26) | ((vd) << 7) | ((rs1) << 15))
+/* Splat immediate to each component of the vector registor. */
+#define VMV_V_I(vd, imm)                                        \
+    ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) |   \
+        (0b010111 << 26) | ((vd) << 7) | ((imm) << 15))
+/* Move n vector registers to vector registers. */
+#define VMVR_V(vd, vs2, n)                                      \
+    ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) |   \
+        (0b100111 << 26) | ((vd) << 7) | ((n-1) << 15) |        \
+        ((vs2) << 20))
+
+
+/*
+ * Logic
+ */
+
+/* vd = vs2 << rs1 */
+#define VSLL_VX(vd, vs2, rs1)                       \
+    ASM_WORD((0b100101 << 26) | (0b1 << 25) |       \
+             (0b100 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (rs1 << 15) | (vs2 << 20))
+/* vd = vs2 << uimm */
+#define VSLL_VI(vd, vs2, uimm)                      \
+    ASM_WORD((0b100101 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (uimm << 15) | (vs2 << 20))
+/* vd = vs2 >> rs1 */
+#define VSRL_VX(vd, vs2, rs1)                       \
+    ASM_WORD((0b101000 << 26) | (0b1 << 25) |       \
+             (0b100 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (rs1 << 15) | (vs2 << 20))
+/* vd = vs2 >> uimm */
+#define VSRL_VI(vd, vs2, uimm)                      \
+    ASM_WORD((0b101000 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (uimm << 15) | (vs2 << 20))
+
+
+/*
+ * Arithmetic
+ */
+
+/* vd = vs2 + [i,] */
+#define VADD_VI(vd, vs2, i)                         \
+    ASM_WORD((0b000000 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (i << 15) | (vs2 << 20))
+/* vd = vs1 + vs2 */
+#define VADD_VV(vd, vs1, vs2)                       \
+    ASM_WORD((0b000000 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+/* vd = vs1 ^ vs2 */
+#define VXOR_VV(vd, vs1, vs2)                       \
+    ASM_WORD((0b001011 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+/* vd = imm ^ vs2 */
+#define VXOR_VI(vd, vs2, imm)                       \
+    ASM_WORD((0b001011 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (imm << 15) | (vs2 << 20))
+/* vd = ~vs */
+#define VNOT_V(vd, vs)  VXOR_VI(vd, vs, 0b11111)
+
+/* vd = vs1 & vs2 */
+#define VAND_VV(vd, vs1, vs2)                       \
+    ASM_WORD((0b001001 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+/* vd = vs1 & rs2 */
+#define VAND_VX(vd, vs2, rs1)                       \
+    ASM_WORD((0b001001 << 26) | (0b1 << 25) |       \
+             (0b100 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (rs1 << 15) | (vs2 << 20))
+/* vd = vs1 | vs2 */
+#define VOR_VV(vd, vs1, vs2)                        \
+    ASM_WORD((0b001010 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+
+/* vd = LOW(vs1 * vs2) */
+#define VMUL_VV(vd, vs1, vs2)                       \
+    ASM_WORD((0b100101 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+/* vd = HIGH(vs1 * vs2) - unsigned * unsigned */
+#define VMULHU_VV(vd, vs1, vs2)                     \
+    ASM_WORD((0b100100 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+
+#define VMERGE_VVM(vd, vs2, vs1)                    \
+    ASM_WORD((0b010111 << 26) | (0b0 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+
+
+/*
+ * Permute
+ */
+
+/* x[rd] = vs2[0] */
+#define VMV_X_S(rd, vs2)                            \
+    ASM_WORD((0b010000 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1010111 << 0) |     \
+             ((rd) << 7) | ((vs2) << 20))
+
+/* vd[0] = x[rs1] */
+#define VMV_S_X(vd, rs1)                            \
+    ASM_WORD((0b010000 << 26) | (0b1 << 25) |       \
+             (0b110 << 12) | (0b1010111 << 0) |     \
+             ((vd) << 7) | ((rs1) << 15))
+
+/* vd[shift..max] = vs2[0..max-shift]
+ * Sliding up doesn't change bottom part of destination.
+ */
+#define VSLIDEUP_VI(vd, vs2, shift)                 \
+    ASM_WORD((0b001110 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             ((vd) << 7) | ((shift) << 15) | ((vs2) << 20))
+
+/* vd[0..max-shift] = vs2[shift..max]
+ * Sliding down change top part of destination.
+ */
+#define VSLIDEDOWN_VI(vd, vs2, shift)               \
+    ASM_WORD((0b001111 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             ((vd) << 7) | ((shift) << 15) | ((vs2) << 20))
+
+/* vd[i] = vs1[vs2[i]] */
+#define VRGATHER_VV(vd, vs1, vs2)                   \
+    ASM_WORD((0b001100 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             ((vd) << 7) | ((vs1) << 15) | ((vs2) << 20))
+
+#define VID_V(vd)                                   \
+    ASM_WORD((0b010100 << 26) | (0b1 << 25) | (0b00000 << 20) |   \
+             (0b10001 << 15) | (0b010 << 12) |      \
+             (0b1010111 << 0) | ((vd) << 7))
+
+
+/*
+ * Setting options.
+ */
+
+/* Set the options of vector instructions. */
+#define VSETIVLI(rd, n, vma, vta, vsew, vlmul) \
+    ASM_WORD((0b11 << 30) | (0b111 << 12) | (0b1010111 << 0) |  \
+             (rd << 7) | (n << 15) | (vma << 27) |              \
+             (vta << 26) | (vsew << 23) | (vlmul << 20))
+
+
+#if defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION) || \
+    defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM)
+
+/*
+ * Vector Bit Manipulation
+ */
+
+/* Reverse order of bytes in words of vector regsiter. */
+#define VREV8(vd, vs2) \
+    ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b01001<< 15) | \
+             (0b010 << 12) | (0b1010111 << 0) |                \
+             (vs2 << 20) | (vd << 7))
+
+/* Rotate left bits of vector regsiter. */
+#define VROL_VX(vd, vs2, rs) \
+    ASM_WORD((0b010101 << 26) | (0b1 << 25) | (0b100 << 12) |    \
+             (0b1010111 << 0) |                                  \
+             (vs2 << 20) | (rs << 15) | (vd << 7))
+
+/* Rotate right bits of vector regsiter. */
+#define VROR_VI(vd, imm, vs2) \
+    ASM_WORD((0b01010 << 27) | (0b1 << 25) | (0b011 << 12) |    \
+             (0b1010111 << 0) | ((imm >> 5) << 26) |            \
+             (vs2 << 20) | ((imm & 0x1f) << 15) | (vd << 7))
+
+/* Vector ANDN - vd = ~vs1 & vs2. */
+#define VANDN_VV(vd, vs1, vs2) \
+    ASM_WORD((0b000001 << 26) | (0b1 << 25) | (0b000 << 12) |    \
+             (0b1010111 << 0) |                                  \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+#endif /* WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION ||
+        * WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */
+
 #endif /* WOLFSSL_RISCV_ASM */
 
 #endif /* WOLF_CRYPT_RISCV_64_ASM_H */
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
index a6d39dbbd8..b82b54d24a 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
@@ -1,6 +1,6 @@
 /* silabs_aes.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h b/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h
index 43cd0f0979..e8d94ae084 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h
@@ -1,6 +1,6 @@
 /* silabs_ecc.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_hash.h b/wolfssl/wolfcrypt/port/silabs/silabs_hash.h
index de502a9ba4..e4e7b7d9aa 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_hash.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_hash.h
@@ -1,6 +1,6 @@
 /* silabs_hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_random.h b/wolfssl/wolfcrypt/port/silabs/silabs_random.h
index 280ef44d5d..c804417e56 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_random.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_random.h
@@ -1,6 +1,6 @@
 /* silabs_random.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h
index a7fc25de13..7e9faff672 100644
--- a/wolfssl/wolfcrypt/port/st/stm32.h
+++ b/wolfssl/wolfcrypt/port/st/stm32.h
@@ -1,6 +1,6 @@
 /* stm32.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -71,26 +71,6 @@
 #define STM32_HASH_REG_SIZE  4
 #define STM32_HASH_FIFO_SIZE 16 /* FIFO is 16 deep 32-bits wide */
 
-#if (defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) || \
-    defined(WOLFSSL_STM32H7)) && !defined(NO_STM32_HASH_FIFO_WORKAROUND)
-    /* workaround for hash FIFO to write one extra to finalize */
-    /* RM: Message Data Feeding: Data are entered into the HASH
-     * one 32-bit word at a time, by writing them into the HASH_DIN register.
-     * The current contents of the HASH_DIN register are transferred to the
-     * 16 words input FIFO each time the register is written with new data.
-     * Hence HASH_DIN and the FIFO form a seventeen 32-bit words length FIFO. */
-    #undef  STM32_HASH_BUFFER_SIZE
-    #define STM32_HASH_BUFFER_SIZE 17
-
-    #undef  STM32_HASH_FIFO_WORKAROUND
-    #define STM32_HASH_FIFO_WORKAROUND
-#endif
-
-#ifndef STM32_HASH_BUFFER_SIZE
-#define STM32_HASH_BUFFER_SIZE STM32_HASH_FIFO_SIZE
-#endif
-
-
 /* STM32 Hash Context */
 typedef struct {
     /* Context switching registers */
@@ -100,13 +80,11 @@ typedef struct {
     uint32_t HASH_CSR[HASH_CR_SIZE];
 
     /* Hash state / buffers */
-    word32 buffer[STM32_HASH_BUFFER_SIZE]; /* partial word buffer */
+    word32 buffer[STM32_HASH_FIFO_SIZE+1]; /* partial word buffer */
     word32 buffLen; /* partial word remain */
     word32 loLen;   /* total update bytes
                  (only lsb 6-bits is used for nbr valid bytes in last word) */
-#ifdef STM32_HASH_FIFO_WORKAROUND
-    int    fifoBytes; /* number of currently filled FIFO bytes */
-#endif
+    word32 fifoBytes; /* number of currently filled FIFO bytes */
 } STM32_HASH_Context;
 
 
diff --git a/wolfssl/wolfcrypt/port/st/stsafe.h b/wolfssl/wolfcrypt/port/st/stsafe.h
index d8e11d3516..c5ba072b97 100644
--- a/wolfssl/wolfcrypt/port/st/stsafe.h
+++ b/wolfssl/wolfcrypt/port/st/stsafe.h
@@ -1,6 +1,6 @@
 /* stsafe.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/ti/ti-ccm.h b/wolfssl/wolfcrypt/port/ti/ti-ccm.h
index c23790602c..05d1e4e8d4 100644
--- a/wolfssl/wolfcrypt/port/ti/ti-ccm.h
+++ b/wolfssl/wolfcrypt/port/ti/ti-ccm.h
@@ -1,6 +1,6 @@
 /* port/ti/ti_ccm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/ti/ti-hash.h b/wolfssl/wolfcrypt/port/ti/ti-hash.h
index 1395e769d9..65a1ff684e 100644
--- a/wolfssl/wolfcrypt/port/ti/ti-hash.h
+++ b/wolfssl/wolfcrypt/port/ti/ti-hash.h
@@ -1,6 +1,6 @@
 /* port/ti/ti-hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h b/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h
index a2d4928ae6..f6c06cd0cc 100644
--- a/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h
+++ b/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h
@@ -1,6 +1,6 @@
 /* xil-sha3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h b/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h
index 41203c2b42..718d665f75 100644
--- a/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h
+++ b/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h
@@ -1,6 +1,6 @@
 /* xil-versal-glue.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h b/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h
index 2015315708..26a9e17d2e 100644
--- a/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h
+++ b/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h
@@ -1,6 +1,6 @@
 /* xil-versal-trng.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h
index bcf09399f6..9535b0ac7e 100644
--- a/wolfssl/wolfcrypt/pwdbased.h
+++ b/wolfssl/wolfcrypt/pwdbased.h
@@ -1,6 +1,6 @@
 /* pwdbased.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
index 9dd6163289..cc4c797974 100644
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -1,6 +1,6 @@
 /* random.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/rc2.h b/wolfssl/wolfcrypt/rc2.h
index 2d1950e75b..22b2ad147f 100644
--- a/wolfssl/wolfcrypt/rc2.h
+++ b/wolfssl/wolfcrypt/rc2.h
@@ -1,6 +1,6 @@
 /* rc2.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ripemd.h b/wolfssl/wolfcrypt/ripemd.h
index 3e1d5b41a1..d1a0e6fcde 100644
--- a/wolfssl/wolfcrypt/ripemd.h
+++ b/wolfssl/wolfcrypt/ripemd.h
@@ -1,6 +1,6 @@
 /* ripemd.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
index f73974dea7..c5d211e67a 100644
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -1,6 +1,6 @@
 /* rsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -103,7 +103,11 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 #endif
 
 #ifndef RSA_MIN_SIZE
-#define RSA_MIN_SIZE 512
+    #if defined(HAVE_WOLFENGINE) || defined(HAVE_WOLFPROVIDER)
+        #define RSA_MIN_SIZE 1024
+    #else
+        #define RSA_MIN_SIZE 2048
+    #endif
 #endif
 
 #ifndef RSA_MAX_SIZE
@@ -274,6 +278,20 @@ struct RsaKey {
 
 #endif /* HAVE_FIPS */
 
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+struct RsaPadding {
+    byte pad_value;
+    int pad_type;
+    enum wc_HashType hash;
+    int mgf;
+    byte* label;
+    word32 labelSz;
+    int saltLen;
+    int unpadded;
+};
+typedef struct RsaPadding RsaPadding;
+#endif
+
 WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void* heap);
 WOLFSSL_API int  wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
 WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);
diff --git a/wolfssl/wolfcrypt/sakke.h b/wolfssl/wolfcrypt/sakke.h
index 173c33bb98..68b24c3c63 100644
--- a/wolfssl/wolfcrypt/sakke.h
+++ b/wolfssl/wolfcrypt/sakke.h
@@ -1,6 +1,6 @@
 /* sakke.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/selftest.h b/wolfssl/wolfcrypt/selftest.h
index a0c7c0eaea..198013be57 100644
--- a/wolfssl/wolfcrypt/selftest.h
+++ b/wolfssl/wolfcrypt/selftest.h
@@ -1,6 +1,6 @@
 /* selftest.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index d1766f6953..03cd5e5501 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -55,7 +55,7 @@
 /* This flag allows wolfSSL to include options.h instead of having client
  * projects do it themselves. This should *NEVER* be defined when building
  * wolfSSL as it can cause hard to debug problems. */
-#ifdef EXTERNAL_OPTS_OPENVPN
+#if defined(EXTERNAL_OPTS_OPENVPN) || defined(WOLFSSL_USE_OPTIONS_H)
 #include <wolfssl/options.h>
 #endif
 
@@ -212,6 +212,9 @@
 /* Uncomment next line if building for Nucleus 1.2 */
 /* #define WOLFSSL_NUCLEUS_1_2 */
 
+/* Uncomment next line if building for Nucleus Plus 2.3 */
+/* #define NUCLEUS_PLUS_2_3 */
+
 /* Uncomment next line if building for using Apache mynewt */
 /* #define WOLFSSL_APACHE_MYNEWT */
 
@@ -269,6 +272,7 @@
 #ifdef PLATFORMIO
     #ifdef ESP_PLATFORM
         /* Turn on the wolfSSL ESPIDF flag for the PlatformIO ESP-IDF detect */
+        #undef  WOLFSSL_ESPIDF
         #define WOLFSSL_ESPIDF
     #endif /* ESP_PLATFORM */
 
@@ -319,6 +323,10 @@
 #elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
     /* STM Configuration File (generated by CubeMX) */
     #include "wolfSSL.I-CUBE-wolfSSL_conf.h"
+#elif defined(NUCLEUS_PLUS_2_3)
+    /* NOTE: cyassl_nucleus_defs.h is akin to user_settings.h */
+    #include "nucleus.h"
+    #include "os/networking/ssl/lite/cyassl_nucleus_defs.h"
 #endif
 
 #include <wolfssl/wolfcrypt/visibility.h>
@@ -408,36 +416,31 @@
  * ---------------------------------------------------------------------------
  */
 #ifdef WOLFSSL_DUAL_ALG_CERTS
+    #ifdef NO_RSA
+        #error "Need RSA or else dual alg cert example will not work."
+    #endif
 
-#ifndef WOLFSSL_ASN_TEMPLATE
-    #error "Dual alg cert support requires the ASN.1 template feature."
-#endif
-
-#ifdef NO_RSA
-    #error "Need RSA or else dual alg cert example will not work."
-#endif
-
-#ifndef HAVE_ECC
-    #error "Need ECDSA or else dual alg cert example will not work."
-#endif
+    #ifndef HAVE_ECC
+        #error "Need ECDSA or else dual alg cert example will not work."
+    #endif
 
-#undef WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_GEN
+    #undef WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_GEN
 
-#undef WOLFSSL_CUSTOM_OID
-#define WOLFSSL_CUSTOM_OID
+    #undef WOLFSSL_CUSTOM_OID
+    #define WOLFSSL_CUSTOM_OID
 
-#undef HAVE_OID_ENCODING
-#define HAVE_OID_ENCODING
+    #undef HAVE_OID_ENCODING
+    #define HAVE_OID_ENCODING
 
-#undef WOLFSSL_CERT_EXT
-#define WOLFSSL_CERT_EXT
+    #undef WOLFSSL_CERT_EXT
+    #define WOLFSSL_CERT_EXT
 
-#undef OPENSSL_EXTRA
-#define OPENSSL_EXTRA
+    #undef OPENSSL_EXTRA
+    #define OPENSSL_EXTRA
 
-#undef HAVE_OID_DECODING
-#define HAVE_OID_DECODING
+    #undef HAVE_OID_DECODING
+    #define HAVE_OID_DECODING
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 
 
@@ -496,6 +499,302 @@
 
 #if defined(WOLFSSL_ESPIDF)
     #define SIZEOF_LONG_LONG 8
+
+    #ifndef WOLFSSL_MAX_ERROR_SZ
+        /* Espressif paths can be quite long. Ensure error prints full path. */
+        #define WOLFSSL_MAX_ERROR_SZ 200
+    #endif
+
+    /* Parse any Kconfig / menuconfig items into wolfSSL macro equivalents.
+     * Macros may or may not be defined. If defined, they may have a value of
+     *
+     *   0 - not enabled (also the equivalent of not defined)
+     *   1 - enabled
+     *
+     * The naming convention is generally an exact match of wolfSSL macros
+     * in the Kconfig file. At cmake time, the Kconfig is processed and an
+     * sdkconfig.h file is created by the ESP-IDF. Any configured options are
+     * named CONFIG_[Kconfig name] and thus CONFIG_[macro name]. Those that
+     * are expected to be ESP-IDF specific and may be ambigous can named
+     * with an ESP prefix, for example CONFIG_[ESP_(Kconfig name)]
+     *
+     * Note there are some inconsistent macro names that may have been
+     * used in the esp-wolfssl or other places in the ESP-IDF. They should
+     * be always be included for backward compatibility.
+     *
+     * See also: https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+     *
+     * These settings should be checked and assigned wolfssl equivalents before
+     * any others.
+     *
+     * Only the actual config settings should be defined here. Any others that
+     * may be application specific should be conditionally defined in the
+     * respective user_settings.h file.
+     *
+     * See the template example for reference:
+     * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+     *
+     * Reminder that by the time we are here, the user_settings.h has already
+     * been processed. The following settings are additive; Enabled settings
+     * from user_settings are not disabled here.
+     */
+    #if (defined(CONFIG_DEBUG_WOLFSSL) &&             \
+                 CONFIG_DEBUG_WOLFSSL) ||             \
+        (defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL) && \
+                 CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL  )
+        #define                     DEBUG_WOLFSSL
+    #endif
+    #if defined(CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH) && \
+                CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
+        #define            WOLFSSL_ENABLE_WOLFSSH
+    #endif
+    #if (defined(CONFIG_TEST_ESPIDF_ALL_WOLFSSL) && \
+                 CONFIG_TEST_ESPIDF_ALL_WOLFSSL   )
+        #define         TEST_ESPIDF_ALL_WOLFSSL
+    #endif
+    #if (defined(CONFIG_WOLFSSL_ALT_CERT_CHAINS) && \
+                 CONFIG_WOLFSSL_ALT_CERT_CHAINS   )
+        #define         WOLFSSL_ALT_CERT_CHAINS
+    #endif
+    #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) && \
+                CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL
+        #define        WOLFSSL_ASN_ALLOW_0_SERIAL
+    #endif
+    #if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && \
+                CONFIG_WOLFSSL_NO_ASN_STRICT
+        #define        WOLFSSL_NO_ASN_STRICT
+    #endif
+    #if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) && \
+                CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+        #define        WOLFSSL_DEBUG_CERT_BUNDLE
+    #endif
+    #if defined(CONFIG_USE_WOLFSSL_ESP_SDK_TIME) && \
+                CONFIG_USE_WOLFSSL_ESP_SDK_TIME
+        #define        USE_WOLFSSL_ESP_SDK_TIME
+    #endif
+    #if defined(CONFIG_USE_WOLFSSL_ESP_SDK_WIFI) && \
+                CONFIG_USE_WOLFSSL_ESP_SDK_WIFI
+        #define        USE_WOLFSSL_ESP_SDK_WIFI
+    #endif
+    #if defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) && \
+                CONFIG_WOLFSSL_APPLE_HOMEKIT
+        #define        WOLFSSL_APPLE_HOMEKIT
+    #endif
+
+    #if defined(CONFIG_TLS_STACK_WOLFSSL) && (CONFIG_TLS_STACK_WOLFSSL)
+        /* When using ESP-TLS, some old algoritms such as SHA1 are no longer
+         * enabled in wolfSSL, except for the OpenSSL compatibility. So enable
+         * that here: */
+        #define OPENSSL_EXTRA
+    #endif
+
+    /* Optional Apple HomeKit support. See below for related sanity checks. */
+    #if defined(WOLFSSL_APPLE_HOMEKIT)
+        /* SRP is known to need 8K; slow on some devices */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS (8192 * 2)
+        #define WOLFCRYPT_HAVE_SRP
+        #define HAVE_CHACHA
+        #define HAVE_POLY1305
+        #define WOLFSSL_BASE64_ENCODE
+        #define HAVE_HKDF
+        #define WOLFSSL_SHA512
+     #endif
+
+    /* Enable benchmark code via menuconfig, or when not otherwise disable: */
+    #ifdef CONFIG_ESP_WOLFSSL_ENABLE_BENCHMARK
+        #ifdef NO_CRYPT_BENCHMARK
+            #pragma message("Benchmark conflict:")
+            #pragma message("-- NO_CRYPT_BENCHMARK defined.")
+            #pragma message("-- CONFIG_WOLFSSL_ENABLE_BENCHMARK also defined.")
+            #pragma message("-- NO_CRYPT_BENCHMARK will be undefined.")
+            #undef NO_CRYPT_BENCHMARK
+        #endif
+    #endif
+
+    #if !defined(NO_CRYPT_BENCHMARK) || \
+         defined(CONFIG_ESP_WOLFSSL_ENABLE_BENCHMARK)
+
+        #define BENCH_EMBEDDED
+        #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+
+        /* See wolfcrypt/benchmark/benchmark.c for debug and other settings: */
+
+        /* Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) */
+        #ifdef CONFIG_ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            #define DEBUG_WOLFSSL_BENCHMARK_TIMING
+        #endif
+
+        /* Turn on timer debugging (used when CPU cycles not available) */
+        #ifdef CONFIG_ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            #define WOLFSSL_BENCHMARK_TIMER_DEBUG
+        #endif
+    #endif
+
+    /* Typically only used in tests, but available to all apps is
+     * the "enable all" feature: */
+    #if defined(TEST_ESPIDF_ALL_WOLFSSL)
+        #define WOLFSSL_MD2
+        #define HAVE_BLAKE2
+        #define HAVE_BLAKE2B
+        #define HAVE_BLAKE2S
+
+        #define WC_RC2
+        #define WOLFSSL_ALLOW_RC4
+
+        #define HAVE_POLY1305
+
+        #define WOLFSSL_AES_128
+        #define WOLFSSL_AES_OFB
+        #define WOLFSSL_AES_CFB
+        #define WOLFSSL_AES_XTS
+
+        /* #define WC_SRTP_KDF */
+        /* TODO Causes failure with Espressif AES HW Enabled */
+        /* #define HAVE_AES_ECB */
+        /* #define HAVE_AESCCM  */
+        /* TODO sanity check when missing HAVE_AES_ECB */
+        #define WOLFSSL_WOLFSSH
+
+        #define HAVE_AESGCM
+        #define WOLFSSL_AES_COUNTER
+
+        #define HAVE_FFDHE
+        #define HAVE_FFDHE_2048
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            /* TODO Full size SRP is disabled on the ESP8266 at this time.
+             * Low memory issue? */
+            #define WOLFCRYPT_HAVE_SRP
+            /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
+              defined(CONFIG_IDF_TARGET_ESP32S2) || \
+              defined(CONFIG_IDF_TARGET_ESP32S3)
+            #define WOLFCRYPT_HAVE_SRP
+            #define FP_MAX_BITS (8192 * 2)
+        #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
+              defined(CONFIG_IDF_TARGET_ESP32H2)
+            /* SRP Known to be working on this target::*/
+            #define WOLFCRYPT_HAVE_SRP
+            #define FP_MAX_BITS (8192 * 2)
+        #else
+            /* For everything else, give a try and see if SRP working: */
+            #define WOLFCRYPT_HAVE_SRP
+            #define FP_MAX_BITS (8192 * 2)
+        #endif
+
+        #define HAVE_DH
+
+        /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
+         * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
+        /* #define HAVE_CAMELLIA */
+
+        /* DSA requires old SHA */
+        #define HAVE_DSA
+
+        /* Needs SHA512 ? */
+        #define HAVE_HPKE
+
+        /* Not for Espressif? */
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP32H2) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+
+            #if defined(CONFIG_IDF_TARGET_ESP8266)
+                #undef HAVE_ECC
+                #undef HAVE_ECC_CDH
+                #undef HAVE_CURVE25519
+
+                #ifdef HAVE_CHACHA
+                    #error "HAVE_CHACHA not supported on ESP8266"
+                #endif
+                #ifdef HAVE_XCHACHA
+                    #error "HAVE_XCHACHA not supported on ESP8266"
+                #endif
+            #else
+                #define HAVE_XCHACHA
+                #define HAVE_CHACHA
+                /* TODO Not enabled at this time, needs further testing:
+                 *   #define WC_SRTP_KDF
+                 *   #define HAVE_COMP_KEY
+                 *   #define WOLFSSL_HAVE_XMSS
+                 */
+            #endif
+            /* TODO AES-EAX needs stesting on this platform */
+
+            /* Optionally disable DH
+             *   #undef HAVE_DH
+             *   #undef HAVE_FFDHE
+             */
+
+            /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
+            #ifndef HAVE_ECC
+                #define ECC_SHAMIR
+            #endif
+        #else
+            #define WOLFSSL_AES_EAX
+
+            #define ECC_SHAMIR
+        #endif
+
+        /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
+        /* #define WOLFSSL_CAAM      */
+        /* #define WOLFSSL_CAAM_BLOB */
+
+        #define WOLFSSL_AES_SIV
+        #define WOLFSSL_CMAC
+
+        #define WOLFSSL_CERT_PIV
+
+        /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
+        /* #define HAVE_SCRYPT */
+        #define SCRYPT_TEST_ALL
+        #define HAVE_X963_KDF
+    #endif
+
+    /* Optionally enable some wolfSSH settings via compiler def or Kconfig */
+    #if defined(ESP_ENABLE_WOLFSSH)
+        /* The default SSH Windows size is massive for an embedded target.
+         * Limit it: */
+        #define DEFAULT_WINDOW_SZ 2000
+
+        /* These may be defined in cmake for other examples: */
+        #undef  WOLFSSH_TERM
+        #define WOLFSSH_TERM
+
+        #if defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSH)
+            /* wolfSSH debugging enabled via Kconfig / menuconfig */
+            #undef  DEBUG_WOLFSSH
+            #define DEBUG_WOLFSSH
+        #endif
+
+        #undef  WOLFSSL_KEY_GEN
+        #define WOLFSSL_KEY_GEN
+
+        #undef  WOLFSSL_PTHREADS
+        #define WOLFSSL_PTHREADS
+
+        #define WOLFSSH_TEST_SERVER
+        #define WOLFSSH_TEST_THREADING
+
+    #endif /* ESP_ENABLE_WOLFSSH */
+
+    /* Experimental Kyber.  */
+    #ifdef CONFIG_ESP_WOLFSSL_ENABLE_KYBER
+        /* Kyber typically needs a minimum 10K stack */
+        #define WOLFSSL_EXPERIMENTAL_SETTINGS
+        #define WOLFSSL_HAVE_KYBER
+        #define WOLFSSL_WC_KYBER
+        #define WOLFSSL_SHA3
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            /* With limited RAM, we'll disable some of the Kyber sizes: */
+            #define WOLFSSL_NO_KYBER1024
+            #define WOLFSSL_NO_KYBER768
+            #define NO_SESSION_CACHE
+        #endif
+    #endif
+
     #ifndef NO_ESPIDF_DEFAULT
         #define FREERTOS
         #define WOLFSSL_LWIP
@@ -693,7 +992,6 @@
     #define NO_DEV_RANDOM
     #define NO_FILESYSTEM
     #define TFM_TIMING_RESISTANT
-    #define NO_BIG_INT
 #endif
 
 #ifdef WOLFSSL_MICROCHIP_PIC32MZ
@@ -1641,6 +1939,7 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_STATIC_PSK
     /* Server side support to be added at a later date. */
     #define NO_WOLFSSL_SERVER
+
     /* Need WOLFSSL_PUBLIC_ASN to use ProcessPeerCert callback. */
     #define WOLFSSL_PUBLIC_ASN
 
@@ -1672,7 +1971,8 @@ extern void uITRON4_free(void *p) ;
     defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
     defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \
     defined(WOLFSSL_STM32G0) || defined(WOLFSSL_STM32U5) || \
-    defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL)
+    defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL) || \
+    defined(WOLFSSL_STM32G4)
 
     #define SIZEOF_LONG_LONG 8
     #ifndef CHAR_BIT
@@ -1728,6 +2028,8 @@ extern void uITRON4_free(void *p) ;
             #include "stm32wlxx_hal.h"
         #elif defined(WOLFSSL_STM32G0)
             #include "stm32g0xx_hal.h"
+        #elif defined(WOLFSSL_STM32G4)
+            #include "stm32g4xx_hal.h"
         #elif defined(WOLFSSL_STM32U5)
             #include "stm32u5xx_hal.h"
         #elif defined(WOLFSSL_STM32H5)
@@ -1786,10 +2088,7 @@ extern void uITRON4_free(void *p) ;
             #include "stm32f1xx.h"
         #endif
     #endif /* WOLFSSL_STM32_CUBEMX */
-#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
-          WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB ||
-          WOLFSSL_STM32H7 || WOLFSSL_STM32G0 || WOLFSSL_STM32U5 ||
-          WOLFSSL_STM32H5 */
+#endif /* WOLFSSL_STM32* */
 #ifdef WOLFSSL_DEOS
     #include <deos.h>
     #include <timeout.h>
@@ -2021,6 +2320,12 @@ extern void uITRON4_free(void *p) ;
     #define HAVE_AESGCM
 #endif
 
+/* Detect Cortex M3 (no UMAAL) */
+#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(__ARM_ARCH_7M__)
+    #undef  WOLFSSL_SP_NO_UMAAL
+    #define WOLFSSL_SP_NO_UMAAL
+#endif
+
 #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX)
     #if defined(WOLFSSL_ARMASM)
         #error can not use both ARMv8 instructions and XILINX hardened crypto
@@ -2033,8 +2338,12 @@ extern void uITRON4_free(void *p) ;
         #define WOLFSSL_NOSHA3_224
         #define WOLFSSL_NOSHA3_256
         #define WOLFSSL_NOSHA3_512
-        #define WOLFSSL_NO_SHAKE128
-        #define WOLFSSL_NO_SHAKE256
+        #ifndef WOLFSSL_NO_SHAKE128
+            #define WOLFSSL_NO_SHAKE128
+        #endif
+        #ifndef WOLFSSL_NO_SHAKE256
+            #define WOLFSSL_NO_SHAKE256
+        #endif
     #endif
     #ifdef WOLFSSL_AFALG_XILINX_AES
         #undef  WOLFSSL_AES_DIRECT
@@ -2882,6 +3191,167 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_ASN_TEMPLATE
 #endif
 
+#if defined(WOLFSSL_DUAL_ALG_CERTS) && !defined(WOLFSSL_ASN_TEMPLATE)
+    #error "Dual alg cert support requires the ASN.1 template feature."
+#endif
+
+#if defined(WOLFSSL_ACERT) && !defined(WOLFSSL_ASN_TEMPLATE)
+    #error "Attribute Certificate support requires the ASN.1 template feature."
+#endif
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+    #undef  WOLFSSL_ASN_ALL
+    #define WOLFSSL_ASN_ALL
+#endif
+
+/* Enable all parsing features for ASN */
+#ifdef WOLFSSL_ASN_ALL
+    /* Alternate Names */
+    #undef  WOLFSSL_ALT_NAMES
+    #define WOLFSSL_ALT_NAMES
+
+    /* Alternate Name: human readable form of IP address*/
+    #undef  WOLFSSL_IP_ALT_NAME
+    #define WOLFSSL_IP_ALT_NAME
+
+    /* Alternate name: human readable form of registered ID */
+    #undef  WOLFSSL_RID_ALT_NAME
+    #define WOLFSSL_RID_ALT_NAME
+
+    /* CA Issuer URI */
+    #undef  WOLFSSL_ASN_CA_ISSUER
+    #define WOLFSSL_ASN_CA_ISSUER
+
+    /* FPKI (Federal PKI) extensions */
+    #undef  WOLFSSL_FPKI
+    #define WOLFSSL_FPKI
+
+    /* Certificate policies */
+    #undef  WOLFSSL_SEP
+    #define WOLFSSL_SEP
+
+    /* Support for full AuthorityKeyIdentifier extension.
+     * Only supports copying full AKID from an existing certificate */
+    #undef  WOLFSSL_AKID_NAME
+    #define WOLFSSL_AKID_NAME
+
+    /* Extended ASN.1 parsing support (typically used with cert gen) */
+    #undef  WOLFSSL_CERT_EXT
+    #define WOLFSSL_CERT_EXT
+
+    /* Support for SubjectDirectoryAttributes extension */
+    #undef  WOLFSSL_SUBJ_DIR_ATTR
+    #define WOLFSSL_SUBJ_DIR_ATTR
+
+    /* Support for SubjectInfoAccess extension */
+    #undef  WOLFSSL_SUBJ_INFO_ACC
+    #define WOLFSSL_SUBJ_INFO_ACC
+
+    #undef  WOLFSSL_CERT_NAME_ALL
+    #define WOLFSSL_CERT_NAME_ALL
+
+    /* Store pointers to issuer name components (lengths and encodings) */
+    #undef  WOLFSSL_HAVE_ISSUER_NAMES
+    #define WOLFSSL_HAVE_ISSUER_NAMES
+
+    /* Additional ASN.1 encoded name fields. See CTC_MAX_ATTRIB for max limit */
+    #undef  WOLFSSL_MULTI_ATTRIB
+    #define WOLFSSL_MULTI_ATTRIB
+
+    /* Parsing of indefinite length encoded ASN.1
+     * Optionally used by PKCS7/PKCS12 */
+    #undef  ASN_BER_TO_DER
+    #define ASN_BER_TO_DER
+
+    /* Enable custom OID support for subject and request extensions */
+    #undef  WOLFSSL_CUSTOM_OID
+    #define WOLFSSL_CUSTOM_OID
+
+    /* Support for full OID (not just sum) encoding */
+    #undef  HAVE_OID_ENCODING
+    #define HAVE_OID_ENCODING
+
+    /* Support for full OID (not just sum) decoding */
+    #undef  HAVE_OID_DECODING
+    #define HAVE_OID_DECODING
+
+    /* S/MIME - Secure Multipurpose Internet Mail Extension (used with PKCS7) */
+    #undef  HAVE_SMIME
+    #define HAVE_SMIME
+
+    /* Enable compatibility layer function for getting time string */
+    #undef  WOLFSSL_ASN_TIME_STRING
+    #define WOLFSSL_ASN_TIME_STRING
+
+    /* Support for parsing key usage */
+    #undef  WOLFSSL_ASN_PARSE_KEYUSAGE
+    #define WOLFSSL_ASN_PARSE_KEYUSAGE
+
+    /* Support for parsing OCSP status */
+    #undef  WOLFSSL_OCSP_PARSE_STATUS
+    #define WOLFSSL_OCSP_PARSE_STATUS
+
+    /* Extended Key Usage */
+    #undef  WOLFSSL_EKU_OID
+    #define WOLFSSL_EKU_OID
+
+    /* Attribute Certificate support */
+    #if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_ACERT)
+        #define WOLFSSL_ACERT
+    #endif
+#endif
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
+    defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+    #undef  WOLFSSL_ASN_TIME_STRING
+    #define WOLFSSL_ASN_TIME_STRING
+#endif
+
+#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
+    (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
+    #undef  WOLFSSL_ASN_PARSE_KEYUSAGE
+    #define WOLFSSL_ASN_PARSE_KEYUSAGE
+#endif
+
+#if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY) && \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
+     defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || \
+     defined(WOLFSSL_APACHE_HTTPD))
+    #undef  WOLFSSL_OCSP_PARSE_STATUS
+    #define WOLFSSL_OCSP_PARSE_STATUS
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(WOLFSSL_CERT_GEN)
+    #undef  WOLFSSL_MULTI_ATTRIB
+    #define WOLFSSL_MULTI_ATTRIB
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    #undef  WOLFSSL_EKU_OID
+    #define WOLFSSL_EKU_OID
+#endif
+
+/* Disable time checking if no timer */
+#if defined(NO_ASN_TIME)
+    #define NO_ASN_TIME_CHECK
+#endif
+
+/* ASN Unknown Extension Callback support */
+#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) && \
+    defined(WOLFSSL_ASN_TEMPLATE)
+    #undef  WC_ASN_UNKNOWN_EXT_CB
+    #define WC_ASN_UNKNOWN_EXT_CB
+#else
+    /* if user supplied build option and not using ASN template, raise error */
+    #if defined(WC_ASN_UNKNOWN_EXT_CB) && !defined(WOLFSSL_ASN_TEMPLATE)
+        #error ASN unknown extension callback is only supported \
+            with ASN template
+    #endif
+#endif
+
+
+/* Linux Kernel Module */
 #ifdef WOLFSSL_LINUXKM
     #ifdef HAVE_CONFIG_H
         #include <config.h>
@@ -3007,30 +3477,15 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_SESSION_ID_CTX
 #endif /* OPENSSL_EXTRA && !OPENSSL_COEXIST */
 
-/* ---------------------------------------------------------------------------
- * Special small OpenSSL compat layer for certs
- * ---------------------------------------------------------------------------
- */
 #ifdef OPENSSL_EXTRA_X509_SMALL
-    #undef WOLFSSL_EKU_OID
-    #define WOLFSSL_EKU_OID
-
-    #undef WOLFSSL_MULTI_ATTRIB
-    #define WOLFSSL_MULTI_ATTRIB
-
     #undef WOLFSSL_NO_OPENSSL_RAND_CB
     #define WOLFSSL_NO_OPENSSL_RAND_CB
-#endif /* OPENSSL_EXTRA_X509_SMALL */
+#endif
 
 #ifdef HAVE_SNI
     #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
 #endif
 
-/* Disable time checking if no timer */
-#if defined(NO_ASN_TIME)
-    #define NO_ASN_TIME_CHECK
-#endif
-
 /* both CURVE and ED small math should be enabled */
 #ifdef CURVED25519_SMALL
     #define CURVE25519_SMALL
@@ -3121,6 +3576,11 @@ extern void uITRON4_free(void *p) ;
     #define KEEP_PEER_CERT
 #endif
 
+#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_CERT)
+    #undef WOLFSSL_COPY_CERT
+    #define WOLFSSL_COPY_CERT
+#endif
+
 /*
  * Keeps the "Finished" messages after a TLS handshake for use as the so-called
  * "tls-unique" channel binding. See comment in internal.h around clientFinished
@@ -3137,8 +3597,8 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_NO_HASH_RAW
 #endif
 
-/* XChacha not implemented with ARM assembly ChaCha */
-#if defined(WOLFSSL_ARMASM)
+#if defined(HAVE_XCHACHA) && !defined(HAVE_CHACHA)
+    /* XChacha requires ChaCha */
     #undef HAVE_XCHACHA
 #endif
 
@@ -3370,17 +3830,7 @@ extern void uITRON4_free(void *p) ;
 #endif
 #endif
 
-#ifdef HAVE_PQM4
-#define HAVE_PQC
-#define WOLFSSL_HAVE_KYBER
-#define WOLFSSL_KYBER512
-#define WOLFSSL_NO_KYBER768
-#define WOLFSSL_NO_KYBER1024
-#endif
-
 #if (defined(HAVE_LIBOQS) ||                                            \
-     defined(WOLFSSL_WC_KYBER) ||                                       \
-     defined(WOLFSSL_WC_DILITHIUM) ||                                   \
      defined(HAVE_LIBXMSS) ||                                           \
      defined(HAVE_LIBLMS) ||                                            \
      defined(WOLFSSL_DUAL_ALG_CERTS)) &&                                \
@@ -3388,15 +3838,10 @@ extern void uITRON4_free(void *p) ;
     #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
 #endif
 
-#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) && \
-    !defined(WOLFSSL_HAVE_KYBER)
+#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(WOLFSSL_HAVE_KYBER)
 #error Please do not define HAVE_PQC yourself.
 #endif
 
-#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) && defined(HAVE_PQM4)
-#error Please do not define both HAVE_LIBOQS and HAVE_PQM4.
-#endif
-
 #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13) && \
     !defined(WOLFSSL_DTLS_CH_FRAG)
 #warning "Using DTLS 1.3 + pqc without WOLFSSL_DTLS_CH_FRAG will probably" \
@@ -3569,8 +4014,8 @@ extern void uITRON4_free(void *p) ;
     /* Ciphersuite check done in internal.h */
 #endif
 
-/* Some final sanity checks */
-#ifdef WOLFSSL_APPLE_HOMEKIT
+/* Some final sanity checks. See esp32-crypt.h for Apple HomeKit config. */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
     #ifndef WOLFCRYPT_HAVE_SRP
         #error "WOLFCRYPT_HAVE_SRP is required for Apple Homekit"
     #endif
@@ -3588,10 +4033,23 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif
 
+#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_NO_ASN_STRICT)
+    /* The settings.h and/or user_settings.h should have detected config
+     * valuse from Kconfig and set the appropriate wolfSSL macro: */
+    #error "CONFIG_WOLFSSL_NO_ASN_STRICT found without WOLFSSL_NO_ASN_STRICT"
+#endif
+
 #if defined(WOLFSSL_ESPIDF) && defined(ARDUINO)
     #error "Found both ESPIDF and ARDUINO. Pick one."
 #endif
 
+#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) && \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \
+            CONFIG_MBEDTLS_CERTIFICATE_BUNDLE  && \
+            CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    #error "mbedTLS and wolfSSL Certificate Bundles both enabled. Pick one".
+#endif
+
 #if defined(HAVE_FIPS) && defined(HAVE_PKCS11)
     #error "PKCS11 not allowed with FIPS enabled (Crypto outside boundary)"
 #endif
diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h
index eb599abed4..dd9d8b90ac 100644
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -1,6 +1,6 @@
 /* sha.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -76,6 +76,9 @@
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
     #include <wolfssl/wolfcrypt/port/silabs/silabs_hash.h>
 #endif
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
 
 #if !defined(NO_OLD_SHA_NAMES)
     #define SHA             WC_SHA
@@ -160,6 +163,9 @@ struct wc_Sha {
     int    devId;
     void*  devCtx; /* generic crypto callback context */
 #endif
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_Sha mxcCtx;
+#endif
 #ifdef WOLFSSL_IMXRT1170_CAAM
     caam_hash_ctx_t ctx;
     caam_handle_t hndl;
diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h
index a6c4ea46a3..c435cf061c 100644
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -1,6 +1,6 @@
 /* sha256.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -146,6 +146,10 @@ enum {
     #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h"
 #else
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
+#endif
+
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     #include "wolfssl/wolfcrypt/port/nxp/se050_port.h"
 #endif
@@ -209,6 +213,9 @@ struct wc_Sha256 {
 #ifdef WOLFSSL_DEVCRYPTO_HASH
     WC_CRYPTODEV ctx;
 #endif
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_Sha mxcCtx;
+#endif
 #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP)
     byte*  msg;
     word32 used;
diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h
index e1ce33a1bf..0120051508 100644
--- a/wolfssl/wolfcrypt/sha3.h
+++ b/wolfssl/wolfcrypt/sha3.h
@@ -1,6 +1,6 @@
 /* sha3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -220,8 +220,8 @@ WOLFSSL_LOCAL void sha3_block_bmi2(word64* s);
 WOLFSSL_LOCAL void sha3_block_avx2(word64* s);
 WOLFSSL_LOCAL void BlockSha3(word64 *s);
 #endif
-#if defined(WOLFSSL_ARMASM) && (defined(__arm__) || \
-    defined(WOLFSSL_ARMASM_CRYPTO_SHA3))
+#if (defined(WOLFSSL_ARMASM) && (defined(__arm__) || \
+     defined(WOLFSSL_ARMASM_CRYPTO_SHA3))) || defined(WOLFSSL_RISCV_ASM)
 WOLFSSL_LOCAL void BlockSha3(word64 *s);
 #endif
 
diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h
index bf3cff6307..9bcebdc62a 100644
--- a/wolfssl/wolfcrypt/sha512.h
+++ b/wolfssl/wolfcrypt/sha512.h
@@ -1,6 +1,6 @@
 /* sha512.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -135,6 +135,9 @@ enum {
     #include "mcapi.h"
     #include "mcapi_error.h"
 #endif
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
+#endif
 /* wc_Sha512 digest */
 struct wc_Sha512 {
 #ifdef WOLFSSL_PSOC6_CRYPTO
@@ -185,6 +188,9 @@ struct wc_Sha512 {
     int    devId;
     void*  devCtx; /* generic crypto callback context */
 #endif
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_Sha mxcCtx;
+#endif
 #ifdef WOLFSSL_HASH_FLAGS
     word32 flags; /* enum wc_HashFlags in hash.h */
 #endif
diff --git a/wolfssl/wolfcrypt/signature.h b/wolfssl/wolfcrypt/signature.h
index f712c0478a..51c07af529 100644
--- a/wolfssl/wolfcrypt/signature.h
+++ b/wolfssl/wolfcrypt/signature.h
@@ -1,6 +1,6 @@
 /* signature.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/siphash.h b/wolfssl/wolfcrypt/siphash.h
index ebb13024ca..6b75a4612f 100644
--- a/wolfssl/wolfcrypt/siphash.h
+++ b/wolfssl/wolfcrypt/siphash.h
@@ -1,6 +1,6 @@
 /* siphash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sm2.h b/wolfssl/wolfcrypt/sm2.h
index 87167f42e0..ae9885eef2 100644
--- a/wolfssl/wolfcrypt/sm2.h
+++ b/wolfssl/wolfcrypt/sm2.h
@@ -1,6 +1,6 @@
 /* sm2.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sm3.h b/wolfssl/wolfcrypt/sm3.h
index 2b3fc50343..b24fcf4f3f 100644
--- a/wolfssl/wolfcrypt/sm3.h
+++ b/wolfssl/wolfcrypt/sm3.h
@@ -1,6 +1,6 @@
 /* sm3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sm4.h b/wolfssl/wolfcrypt/sm4.h
index f3e66cb894..84a8166b5f 100644
--- a/wolfssl/wolfcrypt/sm4.h
+++ b/wolfssl/wolfcrypt/sm4.h
@@ -1,6 +1,6 @@
 /* sm4.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h
index 88e9a069bf..3ede752c37 100644
--- a/wolfssl/wolfcrypt/sp.h
+++ b/wolfssl/wolfcrypt/sp.h
@@ -1,6 +1,6 @@
 /* sp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h
index 75e735f62e..2a9a88014a 100644
--- a/wolfssl/wolfcrypt/sp_int.h
+++ b/wolfssl/wolfcrypt/sp_int.h
@@ -1,6 +1,6 @@
 /* sp_int.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -178,13 +178,6 @@ extern "C" {
 #define WOLFSSL_SP_DIV_WORD_HALF
 #endif
 
-/* Detect Cortex M3 (no UMAAL) */
-#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(__ARM_ARCH_7M__)
-    #undef  WOLFSSL_SP_NO_UMAAL
-    #define WOLFSSL_SP_NO_UMAAL
-#endif
-
-
 /* Make sure WOLFSSL_SP_ASM build option defined when requested */
 #if !defined(WOLFSSL_SP_ASM) && ( \
       defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
@@ -698,7 +691,7 @@ typedef struct sp_ecc_ctx {
         if ((a)->used > 0) {                                                   \
             for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \
             }                                                                  \
-            (a)->used = (unsigned int)(ii + 1);                                \
+            (a)->used = (mp_size_t)(ii + 1);                                   \
         }                                                                      \
     } while (0)
 
@@ -742,24 +735,18 @@ typedef struct sp_ecc_ctx {
 #define MP_LT    (-1)
 
 /* ERROR VALUES */
+
+/* MP_MEM, MP_VAL, MP_WOULDBLOCK, and MP_NOT_INF are defined in error-crypt.h */
+
 /** Error value on success. */
 #define MP_OKAY          0
-/** Error value when dynamic memory allocation fails. */
-#define MP_MEM          (-2)
-/** Error value when value passed is not able to be used. */
-#define MP_VAL          (-3)
-/** Error value when non-blocking operation is returning after partial
- * completion.
- */
-#define FP_WOULDBLOCK   (-4)
-/* Unused error. Defined for backward compatibility. */
-#define MP_NOT_INF      (-5)
+
+#define FP_WOULDBLOCK   MP_WOULDBLOCK
 /* Unused error. Defined for backward compatibility. */
 #define MP_RANGE        MP_NOT_INF
-
 #ifdef USE_FAST_MATH
 /* For old FIPS, need FP_MEM defined for old implementation. */
-#define FP_MEM          (-2)
+#define FP_MEM          MP_MEM
 #endif
 
 /* Number of bits in each word/digit. */
@@ -776,8 +763,8 @@ typedef struct sp_ecc_ctx {
 /* The number of bytes to a sp_int with 'cnt' digits.
  * Must have at least one digit.
  */
-#define MP_INT_SIZEOF(cnt)                                              \
-    (sizeof(sp_int_minimal) + (((cnt) <= 1) ? 0 : ((cnt) - 1)) *        \
+#define MP_INT_SIZEOF(cnt)                                                  \
+    (sizeof(sp_int_minimal) + (((cnt) <= 1) ? 0 : ((size_t)((cnt) - 1))) *  \
      sizeof(sp_int_digit))
 /* The address of the next sp_int after one with 'cnt' digits. */
 #define MP_INT_NEXT(t, cnt) \
@@ -786,7 +773,7 @@ typedef struct sp_ecc_ctx {
 
 /* Calculate the number of words required to support a number of bits. */
 #define MP_BITS_CNT(bits)                                       \
-        ((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1)
+        ((unsigned int)(((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1)))
 
 #ifdef WOLFSSL_SMALL_STACK
 /*
@@ -871,6 +858,20 @@ while (0)
     #define WOLF_BIGINT_DEFINED
 #endif
 
+#if SP_INT_DIGITS < (65536 / SP_WORD_SIZEOF)
+/* Type for number of digits. */
+typedef word16       sp_size_t;
+#else
+/* Type for number of digits. */
+typedef unsigned int sp_size_t;
+#endif
+
+/* Type for number of digits. */
+#define mp_size_t    sp_size_t
+#ifdef WOLFSSL_SP_INT_NEGATIVE
+    typedef sp_uint8 sp_sign_t;
+    #define mp_sign_t    sp_sign_t
+#endif
 
 /**
  * SP integer.
@@ -879,12 +880,12 @@ while (0)
  */
 typedef struct sp_int {
     /** Number of words that contain data.  */
-    unsigned int used;
+    sp_size_t    used;
     /** Maximum number of words in data.  */
-    unsigned int size;
+    sp_size_t    size;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
     /** Indicates whether number is 0/positive or negative.  */
-    unsigned int sign;
+    sp_sign_t    sign;
 #endif
 #ifdef HAVE_WOLF_BIGINT
     /** Unsigned binary (big endian) representation of number. */
@@ -895,12 +896,16 @@ typedef struct sp_int {
 } sp_int;
 
 typedef struct sp_int_minimal {
-    unsigned int used;
-    unsigned int size;
+    /** Number of words that contain data.  */
+    sp_size_t    used;
+    /** Maximum number of words in data.  */
+    sp_size_t    size;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int sign;
+    /** Indicates whether number is 0/positive or negative.  */
+    sp_uint8     sign;
 #endif
 #ifdef HAVE_WOLF_BIGINT
+    /** Unsigned binary (big endian) representation of number. */
     struct WC_BIGINT raw;
 #endif
     /** First digit of number.  */
@@ -1145,27 +1150,22 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp);
 #define mp_div_2                            sp_div_2
 #define mp_add                              sp_add
 #define mp_sub                              sp_sub
-#define mp_addmod                           sp_addmod
-#define mp_submod                           sp_submod
+
 #define mp_addmod_ct                        sp_addmod_ct
 #define mp_submod_ct                        sp_submod_ct
 #define mp_xor_ct                           sp_xor_ct
 #define mp_lshd                             sp_lshd
 #define mp_rshd                             sp_rshd
 #define mp_div                              sp_div
-#define mp_mod                              sp_mod
 #define mp_mul                              sp_mul
-#define mp_mulmod                           sp_mulmod
 #define mp_invmod                           sp_invmod
 #define mp_invmod_mont_ct                   sp_invmod_mont_ct
 #define mp_exptmod_ex                       sp_exptmod_ex
-#define mp_exptmod                          sp_exptmod
 #define mp_exptmod_nct                      sp_exptmod_nct
 #define mp_div_2d                           sp_div_2d
 #define mp_mod_2d                           sp_mod_2d
 #define mp_mul_2d                           sp_mul_2d
 #define mp_sqr                              sp_sqr
-#define mp_sqrmod                           sp_sqrmod
 
 #define mp_unsigned_bin_size                sp_unsigned_bin_size
 #define mp_read_unsigned_bin                sp_read_unsigned_bin
@@ -1188,6 +1188,17 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp);
 #define mp_memzero_add                      sp_memzero_add
 #define mp_memzero_check                    sp_memzero_check
 
+/* Allow for Hardware Based Mod Math */
+/* Avoid redeclaration warnings */
+#ifndef WOLFSSL_USE_HW_MP
+    #define mp_mod                              sp_mod
+    #define mp_addmod                           sp_addmod
+    #define mp_submod                           sp_submod
+    #define mp_mulmod                           sp_mulmod
+    #define mp_exptmod                          sp_exptmod
+    #define mp_sqrmod                           sp_sqrmod
+#endif
+
 #ifdef WOLFSSL_DEBUG_MATH
 #define mp_dump(d, a, v)                    sp_print(a, d)
 #endif
diff --git a/wolfssl/wolfcrypt/sphincs.h b/wolfssl/wolfcrypt/sphincs.h
index 84871f538d..6dd3a8e858 100644
--- a/wolfssl/wolfcrypt/sphincs.h
+++ b/wolfssl/wolfcrypt/sphincs.h
@@ -1,6 +1,6 @@
 /* sphincs.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index 7832113a7b..d1307c7924 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -1,6 +1,6 @@
 /* srp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index 915a335951..a9b0df2a9a 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -1,6 +1,6 @@
 /* tfm.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,6 +40,7 @@
 #define WOLF_CRYPT_TFM_H
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifndef CHAR_BIT
     #include <limits.h>
 #endif
@@ -305,10 +306,10 @@
 
 /* return codes */
 #define FP_OKAY      0
-#define FP_VAL      (-1)
-#define FP_MEM      (-2)
-#define FP_NOT_INF  (-3)
-#define FP_WOULDBLOCK (-4)
+#define FP_VAL      MP_VAL
+#define FP_MEM      MP_MEM
+#define FP_NOT_INF  MP_NOT_INF
+#define FP_WOULDBLOCK MP_WOULDBLOCK
 
 /* equalities */
 #define FP_LT        (-1)   /* less than */
@@ -378,6 +379,9 @@ while (0)
     #define WOLF_BIGINT_DEFINED
 #endif
 
+#define mp_size_t int
+#define mp_sign_t int
+
 /* a FP type */
 typedef struct fp_int {
     int      used;
@@ -776,9 +780,7 @@ int  fp_sqr_comba64(fp_int *a, fp_int *b);
 #define MP_LT   FP_LT   /* less than    */
 #define MP_EQ   FP_EQ   /* equal to     */
 #define MP_GT   FP_GT   /* greater than */
-#define MP_VAL  FP_VAL  /* invalid */
-#define MP_MEM  FP_MEM  /* memory error */
-#define MP_NOT_INF FP_NOT_INF /* point not at infinity */
+#define MP_RANGE MP_NOT_INF
 #define MP_OKAY FP_OKAY /* ok result    */
 #define MP_NO   FP_NO   /* yes/no result */
 #define MP_YES  FP_YES  /* yes/no result */
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 9dd2f754ed..6aacec3604 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -1,6 +1,6 @@
 /* types.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,6 +34,10 @@ decouple library dependencies with standard string, memory and so on.
     #include <wolfssl/wolfcrypt/settings.h>
     #include <wolfssl/wolfcrypt/wc_port.h>
 
+    #ifdef __APPLE__
+        #include <AvailabilityMacros.h>
+    #endif
+
     #ifdef __cplusplus
         extern "C" {
     #endif
@@ -158,16 +162,16 @@ decouple library dependencies with standard string, memory and so on.
     #elif !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__)
         #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG)
             #if (defined(__alpha__) || defined(__ia64__) || \
-                defined(_ARCH_PPC64) || defined(__mips64) || \
+                defined(_ARCH_PPC64) || defined(__ppc64__) || \
                 defined(__x86_64__)  || defined(__s390x__ ) || \
                 ((defined(sun) || defined(__sun)) && \
                  (defined(LP64) || defined(_LP64))) || \
                 (defined(__riscv_xlen) && (__riscv_xlen == 64)) || \
-                defined(__aarch64__) || \
+                defined(__aarch64__) || defined(__mips64) || \
                 (defined(__DCC__) && (defined(__LP64) || defined(__LP64__))))
                 /* long should be 64bit */
                 #define SIZEOF_LONG 8
-            #elif defined(__i386__) || defined(__CORTEX_M3__)
+            #elif defined(__i386__) || defined(__CORTEX_M3__) || defined(__ppc__)
                 /* long long should be 64bit */
                 #define SIZEOF_LONG_LONG 8
             #endif
@@ -230,7 +234,7 @@ decouple library dependencies with standard string, memory and so on.
          defined(__x86_64__) || defined(_M_X64)) || \
          defined(__aarch64__) || defined(__sparc64__) || defined(__s390x__ ) || \
         (defined(__riscv_xlen) && (__riscv_xlen == 64)) || defined(_M_ARM64) || \
-        defined(__aarch64__) || \
+        defined(__aarch64__) || defined(__ppc64__) || \
         (defined(__DCC__) && (defined(__LP64) || defined(__LP64__)))
         #define WC_64BIT_CPU
     #elif (defined(sun) || defined(__sun)) && \
@@ -420,10 +424,13 @@ typedef struct w64wrapper {
         #define FALL_THROUGH
     #endif
 
-    /* Micrium will use Visual Studio for compilation but not the Win32 API */
+    /* For platforms where the target OS is not Windows, but compilation is
+     * done on Windows/Visual Studio, enable a way to disable USE_WINDOWS_API.
+     * Examples: Micrium, TenAsus INtime, uTasker, FreeRTOS simulator */
     #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
         !defined(FREERTOS_TCP) && !defined(EBSNET) && \
-        !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
+        !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) && \
+        !defined(WOLFSSL_NOT_WINDOWS_API)
         #define USE_WINDOWS_API
     #endif
 
@@ -437,7 +444,13 @@ typedef struct w64wrapper {
     /* idea to add global alloc override by Moises Guimaraes  */
     /* default to libc stuff */
     /* XREALLOC is used once in normal math lib, not in fast math lib */
-    /* XFREE on some embedded systems doesn't like free(0) so test  */
+    /* XFREE on some embedded systems doesn't like free(0) so test for NULL
+     * explicitly.
+     *
+     * For example:
+     *   #define XFREE(p, h, t) \
+     *      {void* xp = (p); if (xp != NULL) free(xp, h, t);}
+     */
     #if defined(HAVE_IO_POOL)
         WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
         WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type);
@@ -506,7 +519,9 @@ typedef struct w64wrapper {
         #ifdef WOLFSSL_NO_MALLOC
             /* this platform does not support heap use */
             #ifdef WOLFSSL_MALLOC_CHECK
+                #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
+                #endif
                 static inline void* malloc_check(size_t sz) {
                     fprintf(stderr, "wolfSSL_malloc failed");
                     return NULL;
@@ -711,10 +726,10 @@ typedef struct w64wrapper {
             #include <string.h>
         #endif
 
-            #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
-            #define XMEMSET(b,c,l)    memset((b),(c),(l))
-            #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
-            #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
+        #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
+        #define XMEMSET(b,c,l)    memset((b),(c),(l))
+        #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
+        #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
 
         #define XSTRLEN(s1)       strlen((s1))
         #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
@@ -740,7 +755,6 @@ typedef struct w64wrapper {
                 defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24)
             /* XC32 version < 1.0 does not support strcasecmp. */
             #define USE_WOLF_STRCASECMP
-            #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1,s2)
         #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM)
             #define XSTRCASECMP(s1,s2) _stricmp((s1),(s2))
         #else
@@ -753,13 +767,16 @@ typedef struct w64wrapper {
             #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) \
                     || defined(WOLF_C89)
                 #define USE_WOLF_STRCASECMP
-                #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1, s2)
             #elif defined(WOLF_C89)
                 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
             #else
                 #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2))
             #endif
         #endif
+        #ifdef USE_WOLF_STRCASECMP
+            #undef  XSTRCASECMP
+            #define XSTRCASECMP(s1,s2) wc_strcasecmp((s1), (s2))
+        #endif
         #endif /* !XSTRCASECMP */
 
         #ifndef XSTRNCASECMP
@@ -770,7 +787,6 @@ typedef struct w64wrapper {
                 defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24)
             /* XC32 version < 1.0 does not support strncasecmp. */
             #define USE_WOLF_STRNCASECMP
-            #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp((s1),(s2),(n))
         #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM)
             #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
         #else
@@ -783,13 +799,16 @@ typedef struct w64wrapper {
             #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) \
                     || defined(WOLF_C89)
                 #define USE_WOLF_STRNCASECMP
-                #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp(s1, s2 ,n)
             #elif defined(WOLF_C89)
                 #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n))
             #else
                 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
             #endif
         #endif
+        #ifdef USE_WOLF_STRNCASECMP
+            #undef  XSTRNCASECMP
+            #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp((s1),(s2),(n))
+        #endif
         #endif /* !XSTRNCASECMP */
 
         /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when
@@ -829,10 +848,16 @@ typedef struct w64wrapper {
                    have stdio.h available, so it needs its own section. */
                 #define XSNPRINTF snprintf
             #elif defined(WOLF_C89)
+                #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
+                #endif
                 #define XSPRINTF sprintf
+                /* snprintf not available for C89, so remap using macro */
+                #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__)
             #else
+                #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
+                #endif
                 #define XSNPRINTF snprintf
             #endif
         #else
@@ -873,7 +898,8 @@ typedef struct w64wrapper {
         #endif /* !XSNPRINTF */
 
         #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
-            defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER)
+            defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) || \
+            defined(WOLFSSL_ASN_PARSE_KEYUSAGE)
             /* use only Thread Safe version of strtok */
             #if defined(USE_WOLF_STRTOK)
                 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
@@ -917,6 +943,15 @@ typedef struct w64wrapper {
         WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n);
     #endif
 
+    #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP)
+        #define USE_WOLF_STRDUP
+    #endif
+    #ifdef USE_WOLF_STRDUP
+        WOLFSSL_LOCAL char* wc_strdup_ex(const char *src, int memType);
+        #define wc_strdup(src) wc_strdup_ex(src, DYNAMIC_TYPE_TMP_BUFFER)
+        #define XSTRDUP(src) wc_strdup(src)
+    #endif
+
     #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
         #ifndef XGETENV
             #ifdef NO_GETENV
@@ -1061,6 +1096,8 @@ typedef struct w64wrapper {
         DYNAMIC_TYPE_SM4_BUFFER   = 99,
         DYNAMIC_TYPE_DEBUG_TAG    = 100,
         DYNAMIC_TYPE_LMS          = 101,
+        DYNAMIC_TYPE_BIO          = 102,
+        DYNAMIC_TYPE_X509_ACERT   = 103,
         DYNAMIC_TYPE_SNIFFER_SERVER      = 1000,
         DYNAMIC_TYPE_SNIFFER_SESSION     = 1001,
         DYNAMIC_TYPE_SNIFFER_PB          = 1002,
@@ -1231,6 +1268,9 @@ typedef struct w64wrapper {
         #undef _WC_PK_TYPE_MAX
         #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY
     #endif
+        WC_PK_TYPE_RSA_PKCS = 25,
+        WC_PK_TYPE_RSA_PSS = 26,
+        WC_PK_TYPE_RSA_OAEP = 27,
         WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX
     };
 
@@ -1458,18 +1498,19 @@ typedef struct w64wrapper {
         typedef size_t        THREAD_TYPE;
         #define WOLFSSL_THREAD
     #elif defined(WOLFSSL_PTHREADS)
-        #ifndef __MACH__
-            #include <pthread.h>
-            typedef struct COND_TYPE {
-                pthread_mutex_t mutex;
-                pthread_cond_t cond;
-            } COND_TYPE;
-        #else
+        #if defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 \
+            && !defined(__ppc__)
             #include <dispatch/dispatch.h>
             typedef struct COND_TYPE {
                 wolfSSL_Mutex mutex;
                 dispatch_semaphore_t cond;
             } COND_TYPE;
+        #else
+            #include <pthread.h>
+            typedef struct COND_TYPE {
+                pthread_mutex_t mutex;
+                pthread_cond_t cond;
+            } COND_TYPE;
         #endif
         typedef void*         THREAD_RETURN;
         typedef pthread_t     THREAD_TYPE;
@@ -1652,6 +1693,36 @@ typedef struct w64wrapper {
         #define PRAGMA_DIAG_POP /* null expansion */
     #endif
 
+    #define WC_CPP_CAT_(a, b) a ## b
+    #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b)
+    #if defined(__cplusplus) && (__cplusplus >= 201103L)
+        #ifndef static_assert2
+            #define static_assert2 static_assert
+        #endif
+    #elif !defined(static_assert)
+        #if !defined(__cplusplus) &&                \
+                !defined(__STRICT_ANSI__) &&        \
+                !defined(WOLF_C89) &&               \
+                defined(__STDC_VERSION__) &&        \
+                (__STDC_VERSION__ >= 201112L) &&    \
+                ((defined(__GNUC__) &&              \
+                  (__GNUC__ >= 5)) ||               \
+                 defined(__clang__))
+            #define static_assert(expr) _Static_assert(expr, #expr)
+            #ifndef static_assert2
+                #define static_assert2(expr, msg) _Static_assert(expr, msg)
+            #endif
+        #else
+            #define static_assert(expr) \
+                struct WC_CPP_CAT(wc_dummy_struct_L, __LINE__)
+            #ifndef static_assert2
+                #define static_assert2(expr, msg) static_assert(expr)
+            #endif
+        #endif
+    #elif !defined(static_assert2)
+         #define static_assert2(expr, msg) static_assert(expr)
+    #endif
+
     #ifndef SAVE_VECTOR_REGISTERS
         #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
     #endif
diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h
index 6ee10dfc7a..30a19e2d67 100644
--- a/wolfssl/wolfcrypt/visibility.h
+++ b/wolfssl/wolfcrypt/visibility.h
@@ -1,6 +1,6 @@
 /* visibility.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h
index b6591ffaff..e3cf9ad073 100644
--- a/wolfssl/wolfcrypt/wc_encrypt.h
+++ b/wolfssl/wolfcrypt/wc_encrypt.h
@@ -1,6 +1,6 @@
 /* wc_encrypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/wc_kyber.h b/wolfssl/wolfcrypt/wc_kyber.h
index 5491285739..34b3d64ed9 100644
--- a/wolfssl/wolfcrypt/wc_kyber.h
+++ b/wolfssl/wolfcrypt/wc_kyber.h
@@ -103,6 +103,9 @@ enum {
 
 
 
+/* The data type of the hash function. */
+#define KYBER_HASH_T    wc_Sha3
+
 /* The data type of the pseudo-random function. */
 #define KYBER_PRF_T     wc_Shake
 
@@ -119,6 +122,8 @@ struct KyberKey {
     /* Flags indicating what is stored in the key. */
     int flags;
 
+    /* A pseudo-random function object. */
+    KYBER_HASH_T hash;
     /* A pseudo-random function object. */
     KYBER_PRF_T prf;
 
@@ -162,6 +167,18 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, sword16* vec2,
 WOLFSSL_LOCAL
 int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen);
 #endif
+WOLFSSL_LOCAL
+void kyber_hash_init(KYBER_HASH_T* hash);
+WOLFSSL_LOCAL
+int kyber_hash_new(KYBER_HASH_T* hash, void* heap, int devId);
+WOLFSSL_LOCAL
+void kyber_hash_free(KYBER_HASH_T* hash);
+WOLFSSL_LOCAL
+int kyber_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out);
+WOLFSSL_LOCAL
+int kyber_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len,
+    const byte* data2, word32 data2Len, byte* out);
+
 WOLFSSL_LOCAL
 void kyber_prf_init(KYBER_PRF_T* prf);
 WOLFSSL_LOCAL
diff --git a/wolfssl/wolfcrypt/wc_pkcs11.h b/wolfssl/wolfcrypt/wc_pkcs11.h
index 85717c2404..0b8942b330 100644
--- a/wolfssl/wolfcrypt/wc_pkcs11.h
+++ b/wolfssl/wolfcrypt/wc_pkcs11.h
@@ -1,6 +1,6 @@
 /* wc_pkcs11.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -97,6 +97,10 @@ WOLFSSL_API int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear,
 WOLFSSL_API int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info,
     void* ctx);
 
+WOLFSSL_LOCAL int wc_hash2sz(int);
+WOLFSSL_LOCAL CK_MECHANISM_TYPE wc_hash2ckm(int);
+WOLFSSL_LOCAL CK_MECHANISM_TYPE wc_mgf2ckm(int);
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index 23110b94c7..cb8d0f732d 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -1,6 +1,6 @@
 /* wc_port.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -54,12 +54,18 @@
     #endif
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
+
 #ifdef WOLFSSL_LINUXKM
     #include "../../linuxkm/linuxkm_wc_port.h"
 #endif /* WOLFSSL_LINUXKM */
 
 /* THREADING/MUTEX SECTION */
-#ifdef USE_WINDOWS_API
+#if defined(SINGLE_THREADED) && defined(NO_FILESYSTEM)
+    /* No system headers required for build. */
+#elif defined(USE_WINDOWS_API)
     #if defined(WOLFSSL_PTHREADS)
         #include <pthread.h>
     #endif
@@ -147,8 +153,8 @@
 #elif defined(WOLFSSL_ZEPHYR)
     #include <version.h>
     #ifndef SINGLE_THREADED
-        #ifndef CONFIG_PTHREAD_IPC
-            #error "Need CONFIG_PTHREAD_IPC for threading"
+        #if !defined(CONFIG_PTHREAD_IPC) && !defined(CONFIG_POSIX_THREADS)
+            #error "Threading needs CONFIG_PTHREAD_IPC / CONFIG_POSIX_THREADS"
         #endif
     #if KERNEL_VERSION_NUMBER >= 0x30100
         #include <zephyr/kernel.h>
@@ -353,11 +359,20 @@
 #endif /* WOLFSSL_NO_ATOMICS */
 
 #ifdef WOLFSSL_ATOMIC_OPS
-    WOLFSSL_LOCAL void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i);
+    WOLFSSL_API void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i);
     /* Fetch* functions return the value of the counter immediately preceding
      * the effects of the function. */
-    WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i);
-    WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
+    WOLFSSL_API int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i);
+    WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
+#else
+    /* Code using these fallback macros needs to arrange its own fallback for
+     * wolfSSL_Atomic_Int, which is never defined if
+     * !defined(WOLFSSL_ATOMIC_OPS).  This forces local awareness of
+     * thread-unsafe semantics.
+     */
+    #define wolfSSL_Atomic_Int_Init(c, i) (*(c) = (i))
+    #define wolfSSL_Atomic_Int_FetchAdd(c, i) (*(c) += (i), *(c) - (i))
+    #define wolfSSL_Atomic_Int_FetchSub(c, i) (*(c) -= (i), *(c) + (i))
 #endif
 
 /* Reference counting. */
@@ -372,27 +387,7 @@ typedef struct wolfSSL_Ref {
 #endif
 } wolfSSL_Ref;
 
-#ifdef SINGLE_THREADED
-
-#define wolfSSL_RefInit(ref, err)            \
-    do {                                     \
-        (ref)->count = 1;                    \
-        *(err) = 0;                          \
-    } while(0)
-#define wolfSSL_RefFree(ref) WC_DO_NOTHING
-    #define wolfSSL_RefInc(ref, err)         \
-    do {                                     \
-        (ref)->count++;                      \
-        *(err) = 0;                          \
-    } while(0)
-#define wolfSSL_RefDec(ref, isZero, err)     \
-    do {                                     \
-        (ref)->count--;                      \
-        *(isZero) = ((ref)->count == 0);     \
-        *(err) = 0;                          \
-    } while(0)
-
-#elif defined(WOLFSSL_ATOMIC_OPS)
+#if defined(SINGLE_THREADED) || defined(WOLFSSL_ATOMIC_OPS)
 
 #define wolfSSL_RefInit(ref, err)            \
     do {                                     \
@@ -427,7 +422,8 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
 
 /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */
 #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \
-    defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG)
+    defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) || \
+    defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
     #ifndef WOLFSSL_CRYPT_HW_MUTEX
         #define WOLFSSL_CRYPT_HW_MUTEX  1
     #endif
@@ -442,9 +438,9 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
        however it's recommended to call this directly on Hw init to avoid possible
        race condition where two calls to wolfSSL_CryptHwMutexLock are made at
        the same time. */
-    int wolfSSL_CryptHwMutexInit(void);
-    int wolfSSL_CryptHwMutexLock(void);
-    int wolfSSL_CryptHwMutexUnLock(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexUnLock(void);
 #else
     /* Define stubs, since HW mutex is disabled */
     #define wolfSSL_CryptHwMutexInit()      0 /* Success */
@@ -452,6 +448,74 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
     #define wolfSSL_CryptHwMutexUnLock()    (void)0 /* Success */
 #endif /* WOLFSSL_CRYPT_HW_MUTEX */
 
+#if defined(WOLFSSL_ALGO_HW_MUTEX) && (defined(NO_RNG_MUTEX) && \
+        defined(NO_AES_MUTEX) && defined(NO_HASH_MUTEX) && defined(NO_PK_MUTEX))
+        #error WOLFSSL_ALGO_HW_MUTEX does not support having all mutexs off
+#endif
+/* To support HW that can do different Crypto in parallel */
+#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX)
+    typedef enum {
+        #ifndef NO_RNG_MUTEX
+        rng_mutex,
+        #endif
+        #ifndef NO_AES_MUTEX
+        aes_mutex,
+        #endif
+        #ifndef NO_HASH_MUTEX
+        hash_mutex,
+        #endif
+        #ifndef NO_PK_MUTEX
+        pk_mutex,
+        #endif
+    } hw_mutex_algo;
+#endif
+
+/* If algo mutex is off, or WOLFSSL_ALGO_HW_MUTEX is not define, default */
+/* to using the generic wolfSSL_CryptHwMutex */
+#if (!defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexUnLock(void);
+#else
+    #define wolfSSL_HwRngMutexInit    wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwRngMutexLock    wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwRngMutexUnLock  wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexUnLock(void);
+#else
+    #define wolfSSL_HwAesMutexInit    wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwAesMutexLock    wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwAesMutexUnLock  wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexUnLock(void);
+#else
+    #define wolfSSL_HwHashMutexInit   wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwHashMutexLock   wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwHashMutexUnLock wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexUnLock(void);
+#else
+    #define wolfSSL_HwPkMutexInit     wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwPkMutexLock     wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwPkMutexUnLock   wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
 /* Mutex functions */
 WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex* m);
 WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void);
@@ -859,6 +923,25 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define XSPRINTF   sprintf
 #endif
 
+#ifdef USE_WINDOWS_API
+    #ifndef SOCKET_T
+        #ifdef __MINGW64__
+            typedef size_t SOCKET_T;
+        #else
+            typedef unsigned int SOCKET_T;
+        #endif
+    #endif
+    #ifndef SOCKET_INVALID
+        #define SOCKET_INVALID INVALID_SOCKET
+    #endif
+#else
+    #ifndef SOCKET_T
+        typedef int SOCKET_T;
+    #endif
+    #ifndef SOCKET_INVALID
+        #define SOCKET_INVALID (-1)
+    #endif
+#endif
 
 /* MIN/MAX MACRO SECTION */
 /* Windows API defines its own min() macro. */
@@ -1085,7 +1168,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #endif
 
     /* PowerPC time_t is int */
-    #ifdef __PPC__
+    #if defined(__PPC__) || defined(__ppc__)
         #define TIME_T_NOT_64BIT
     #endif
 
@@ -1243,19 +1326,28 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
 #endif
 
 #ifndef WOLFSSL_NO_FENCE
-    #if defined (__i386__) || defined(__x86_64__)
+    #ifdef XFENCE
+        /* use user-supplied XFENCE definition. */
+    #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L)
+        #include <stdatomic.h>
+        #define XFENCE() atomic_thread_fence(memory_order_seq_cst)
+    #elif defined(__GNUC__) && (__GNUC__ >= 4) && (__GNUC__ < 5)
+        #define XFENCE() __sync_synchronize()
+    #elif (defined(__GNUC__) && (__GNUC__ >= 5)) || defined (__clang__)
+        #define XFENCE() __atomic_thread_fence(__ATOMIC_SEQ_CST)
+    #elif defined (__i386__) || defined(__x86_64__)
         #define XFENCE() XASM_VOLATILE("lfence")
     #elif (defined (__arm__) && (__ARM_ARCH > 6)) || defined(__aarch64__)
         #define XFENCE() XASM_VOLATILE("isb")
     #elif defined(__riscv)
         #define XFENCE() XASM_VOLATILE("fence")
-    #elif defined(__PPC__)
+    #elif defined(__PPC__) || defined(__POWERPC__)
         #define XFENCE() XASM_VOLATILE("isync; sync")
     #else
-        #define XFENCE() do{}while(0)
+        #define XFENCE() WC_DO_NOTHING
     #endif
 #else
-    #define XFENCE() do{}while(0)
+    #define XFENCE() WC_DO_NOTHING
 #endif
 
 
diff --git a/wolfssl/wolfcrypt/wc_xmss.h b/wolfssl/wolfcrypt/wc_xmss.h
index 9d88fbf71d..21d5fe8ef2 100644
--- a/wolfssl/wolfcrypt/wc_xmss.h
+++ b/wolfssl/wolfcrypt/wc_xmss.h
@@ -1,6 +1,6 @@
 /* wc_xmss.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/wolfevent.h b/wolfssl/wolfcrypt/wolfevent.h
index 31cc7c5c4c..cb3cb58de2 100644
--- a/wolfssl/wolfcrypt/wolfevent.h
+++ b/wolfssl/wolfcrypt/wolfevent.h
@@ -1,6 +1,6 @@
 /* wolfevent.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h
index 4ed88b81f8..e012ff6551 100644
--- a/wolfssl/wolfcrypt/wolfmath.h
+++ b/wolfssl/wolfcrypt/wolfmath.h
@@ -1,6 +1,6 @@
 /* wolfmath.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -52,6 +52,10 @@ This library provides big integer math functions.
     #include <wolfssl/wolfcrypt/random.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
+
 #ifndef MIN
    #define MIN(x,y) ((x)<(y)?(x):(y))
 #endif
@@ -118,6 +122,28 @@ WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len,
     WOLFSSL_API const char *wc_GetMathInfo(void);
 #endif
 
+/* Support for generic Hardware based Math Functions */
+#ifdef WOLFSSL_USE_HW_MP
+
+WOLFSSL_LOCAL int hw_mod(mp_int* multiplier, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_mulmod(mp_int* multiplier, mp_int* multiplicand,
+                                mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod,
+                                mp_int* result);
+WOLFSSL_LOCAL int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result);
+
+/* One to one mappings */
+#define mp_mod      hw_mod
+#define mp_addmod   hw_addmod
+#define mp_submod   hw_submod
+#define mp_mulmod   hw_mulmod
+#define mp_exptmod  hw_exptmod
+#define mp_sqrmod   hw_sqrmod
+
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/xmss.h b/wolfssl/wolfcrypt/xmss.h
index 37aab34d00..548700caaf 100644
--- a/wolfssl/wolfcrypt/xmss.h
+++ b/wolfssl/wolfcrypt/xmss.h
@@ -1,6 +1,6 @@
 /* xmss.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index e2a1c887ec..5195208a65 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -1,6 +1,6 @@
 /* io.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -168,6 +168,9 @@
             #include "socket.h"
         #elif defined(NETOS)
             #include <sockapi.h>
+        #elif defined(NUCLEUS_PLUS_2_3)
+            #define SO_TYPE     17  /* Socket type */
+            #define SO_RCVTIMEO 13  /* Recv Timeout */
         #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \
                 && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \
                 && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)
@@ -198,6 +201,9 @@
     #include <sys/filio.h>
 #endif
 
+#define SOCKET_RECEIVING 1
+#define SOCKET_SENDING 2
+
 #ifdef USE_WINDOWS_API
     /* no epipe yet */
     #ifndef WSAEPIPE
@@ -205,6 +211,7 @@
     #endif
     #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
     #define SOCKET_EAGAIN      WSAETIMEDOUT
+    #define SOCKET_ETIMEDOUT   WSAETIMEDOUT
     #define SOCKET_ECONNRESET  WSAECONNRESET
     #define SOCKET_EINTR       WSAEINTR
     #define SOCKET_EPIPE       WSAEPIPE
@@ -224,6 +231,7 @@
         /* RTCS old I/O doesn't have an EWOULDBLOCK */
         #define SOCKET_EWOULDBLOCK  EAGAIN
         #define SOCKET_EAGAIN       EAGAIN
+        #define SOCKET_ETIMEDOUT    RTCSERR_TCP_TIMED_OUT
         #define SOCKET_ECONNRESET   RTCSERR_TCP_CONN_RESET
         #define SOCKET_EINTR        EINTR
         #define SOCKET_EPIPE        EPIPE
@@ -232,6 +240,7 @@
     #else
         #define SOCKET_EWOULDBLOCK  NIO_EWOULDBLOCK
         #define SOCKET_EAGAIN       NIO_EAGAIN
+        #define SOCKET_ETIMEDOUT    NIO_ETIMEDOUT
         #define SOCKET_ECONNRESET   NIO_ECONNRESET
         #define SOCKET_EINTR        NIO_EINTR
         #define SOCKET_EPIPE        NIO_EPIPE
@@ -249,6 +258,7 @@
 #elif defined(WOLFSSL_PICOTCP)
     #define SOCKET_EWOULDBLOCK  PICO_ERR_EAGAIN
     #define SOCKET_EAGAIN       PICO_ERR_EAGAIN
+    #define SOCKET_ETIMEDOUT    PICO_ERR_ETIMEDOUT
     #define SOCKET_ECONNRESET   PICO_ERR_ECONNRESET
     #define SOCKET_EINTR        PICO_ERR_EINTR
     #define SOCKET_EPIPE        PICO_ERR_EIO
@@ -257,6 +267,7 @@
 #elif defined(FREERTOS_TCP)
     #define SOCKET_EWOULDBLOCK FREERTOS_EWOULDBLOCK
     #define SOCKET_EAGAIN       FREERTOS_EWOULDBLOCK
+    #define SOCKET_ETIMEDOUT    (-pdFREERTOS_ERRNO_ETIMEDOUT)
     #define SOCKET_ECONNRESET   FREERTOS_SOCKET_ERROR
     #define SOCKET_EINTR        FREERTOS_SOCKET_ERROR
     #define SOCKET_EPIPE        FREERTOS_SOCKET_ERROR
@@ -270,6 +281,14 @@
     #define SOCKET_EPIPE        NU_NOT_CONNECTED
     #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED
     #define SOCKET_ECONNABORTED NU_NOT_CONNECTED
+#elif defined(NUCLEUS_PLUS_2_3)
+    #define SOCKET_EWOULDBLOCK  NU_WOULD_BLOCK
+    #define SOCKET_EAGAIN       NU_NO_DATA
+    #define SOCKET_ECONNRESET   NU_RESET
+    #define SOCKET_EINTR        0
+    #define SOCKET_EPIPE        0
+    #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED
+    #define SOCKET_ECONNABORTED NU_CONNECTION_REFUSED
 #elif defined(WOLFSSL_DEOS)
     /* `sockaddr_storage` is not defined in DEOS. This workaround will
      * work for IPV4, but not IPV6
@@ -301,6 +320,7 @@
 #elif defined(WOLFSSL_LWIP_NATIVE)
     #define SOCKET_EWOULDBLOCK ERR_WOULDBLOCK
     #define SOCKET_EAGAIN      ERR_WOULDBLOCK
+    #define SOCKET_TIMEDOUT    ERR_TIMEOUT
     #define SOCKET_ECONNRESET  ERR_RST
     #define SOCKET_EINTR       ERR_CLSD
     #define SOCKET_EPIPE       ERR_CLSD
@@ -318,6 +338,7 @@
 #else
     #define SOCKET_EWOULDBLOCK EWOULDBLOCK
     #define SOCKET_EAGAIN      EAGAIN
+    #define SOCKET_ETIMEDOUT   ETIMEDOUT
     #define SOCKET_ECONNRESET  ECONNRESET
     #define SOCKET_EINTR       EINTR
     #define SOCKET_EPIPE       EPIPE
@@ -354,6 +375,11 @@
 #elif defined(WOLFSSL_NUCLEUS_1_2)
     #define SEND_FUNCTION NU_Send
     #define RECV_FUNCTION NU_Recv
+#elif defined(NUCLEUS_PLUS_2_3)
+    #define SEND_FUNCTION          nucyassl_send
+    #define RECV_FUNCTION          nucyassl_recv
+    #define DTLS_RECVFROM_FUNCTION nucyassl_recvfrom
+    #define DTLS_SENDTO_FUNCTION   nucyassl_sendto
 #elif defined(FUSION_RTOS)
     #define SEND_FUNCTION FNS_SEND
     #define RECV_FUNCTION FNS_RECV
@@ -378,26 +404,13 @@
     #endif
 #endif
 
-#ifdef USE_WINDOWS_API
-    #if defined(__MINGW64__)
-        typedef size_t SOCKET_T;
-    #else
-        typedef unsigned int SOCKET_T;
-    #endif
-    #ifndef SOCKET_INVALID
-        #define SOCKET_INVALID INVALID_SOCKET
-    #endif
-#else
-    typedef int SOCKET_T;
-    #ifndef SOCKET_INVALID
-        #define SOCKET_INVALID (-1)
-    #endif
-#endif
-
 #ifndef WOLFSSL_NO_SOCK
     #ifndef XSOCKLENT
         #ifdef USE_WINDOWS_API
             #define XSOCKLENT int
+        #elif defined(NUCLEUS_PLUS_2_3)
+            typedef int socklen_t;
+            #define XSOCKLENT socklen_t
         #else
             #define XSOCKLENT socklen_t
         #endif
@@ -420,6 +433,10 @@
         #ifdef WOLFSSL_IPV6
             typedef struct sockaddr_in6 SOCKADDR_IN6;
         #endif
+        #if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN)
+            #include <sys/un.h>
+            typedef struct sockaddr_un SOCKADDR_UN;
+        #endif
         typedef struct hostent          HOSTENT;
     #endif /* HAVE_SOCKADDR */
 
@@ -444,6 +461,32 @@ WOLFSSL_API int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port);
 WOLFSSL_API  int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags);
 WOLFSSL_API  int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);
 
+#ifdef WOLFSSL_HAVE_BIO_ADDR
+
+#ifdef WOLFSSL_NO_SOCK
+#error WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_NO_SOCK are mutually incompatible.
+#endif
+
+union WOLFSSL_BIO_ADDR {
+    SOCKADDR sa;
+    SOCKADDR_IN sa_in;
+#ifdef WOLFSSL_IPV6
+    SOCKADDR_IN6 sa_in6;
+#endif
+#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN)
+    SOCKADDR_UN sa_un;
+#endif
+};
+
+typedef union WOLFSSL_BIO_ADDR WOLFSSL_BIO_ADDR;
+
+#if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA)
+WOLFSSL_API  int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags);
+WOLFSSL_API  int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags);
+#endif
+
+#endif /* WOLFSSL_HAVE_BIO_ADDR */
+
 #endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */
 
 #ifndef WOLFSSL_NO_SOCK
@@ -465,6 +508,7 @@ WOLFSSL_API  int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);
                                     FNS_CLOSE(s, &err); \
                                 } while(0)
     #endif
+    #define StartTCP() WC_DO_NOTHING
 #else
     #ifndef CloseSocket
         #define CloseSocket(s) close(s)
@@ -476,15 +520,24 @@ WOLFSSL_API  int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);
 #endif
 #endif /* WOLFSSL_NO_SOCK */
 
-
+/* Preseve API previously exposed */
 WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
 WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+
+WOLFSSL_LOCAL int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
+WOLFSSL_LOCAL int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr,
+                                     char* buf, int sz);
+WOLFSSL_LOCAL int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 #if defined(USE_WOLFSSL_IO)
     /* default IO callbacks */
     WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
     WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
     #ifdef WOLFSSL_DTLS
+        #ifdef NUCLEUS_PLUS_2_3
+            #define SELECT_FUNCTION nucyassl_select
+            WOLFSSL_LOCAL int nucyassl_select(INT sd, UINT32 timeout);
+        #endif
         WOLFSSL_API int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz,
                                          void *ctx);
         WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx);
@@ -497,9 +550,14 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
     #endif /* WOLFSSL_DTLS */
 #endif /* USE_WOLFSSL_IO */
 
+
+typedef int (*WolfSSLGenericIORecvCb)(char *buf, int sz, void *ctx);
 #ifdef HAVE_OCSP
     WOLFSSL_API int wolfIO_HttpBuildRequestOcsp(const char* domainName,
         const char* path, int ocspReqSz, unsigned char* buf, int bufSize);
+    WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO(
+        WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf,
+        unsigned char* httpBuf, int httpBufSz, void* heap);
     WOLFSSL_API int wolfIO_HttpProcessResponseOcsp(int sfd,
         unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
         void* heap);
@@ -530,6 +588,10 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
     WOLFSSL_LOCAL int wolfIO_HttpBuildRequest_ex(const char* reqType,
         const char* domainName, const char* path, int pathLen, int reqSz,
         const char* contentType, const char *exHdrs, unsigned char* buf, int bufSize);
+    WOLFSSL_API  int wolfIO_HttpProcessResponseGenericIO(
+        WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, const char** appStrList,
+        unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
+        int dynType, void* heap);
     WOLFSSL_API  int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
         unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
         int dynType, void* heap);
@@ -556,7 +618,6 @@ WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
 WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
 WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
-
 #ifdef HAVE_NETX
     WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx);
     WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx);
diff --git a/wrapper/Ada/README.md b/wrapper/Ada/README.md
index 76f4b8e8bd..d0cb2da284 100644
--- a/wrapper/Ada/README.md
+++ b/wrapper/Ada/README.md
@@ -28,7 +28,9 @@ Not only can the WolfSSL Ada binding be used in Ada applications but
 also SPARK applications (a subset of the Ada language suitable
 formal verification). To formally verify the Ada code in this repository
 open the client.gpr with GNAT Studio and then select
-SPARK -> Prove All Sources and use Proof Level 2.
+SPARK -> Prove All Sources and use Proof Level 2. Or when using the command
+line, use `gnatprove -Pclient.gpr --level=4 -j12` (`-j12` is there in
+order to instruct the prover to use 12 CPUs if available).
 
 ```
 Summary of SPARK analysis
@@ -53,19 +55,31 @@ Total                           172    17 (10%)          .                     1
 
 ## Compiler and Build System installation
 
-### GNAT Community Edition 2021
-Download and install the GNAT community Edition 2021 compiler and studio:
-https://www.adacore.com/download
+### Recommended: [Alire](https://alire.ada.dev)
+[Alire](https://alire.ada.dev) is a modern package manager for the Ada
+ecosystem.  The latest version is available for Windows, OSX, Linux and FreeBSD
+systems.  It can install a complete Ada toolchain if needed, see `alr install`
+for more information.
 
-Linux Install:
+In order to use WolfSSL in a project, just add WolfSSL as a dependency by
+running `alr with wolfssl` within your project's directory.
 
-```sh
-chmod +x gnat-2021-20210519-x86_64-linux-bin
-./gnat-2021-20210519-x86_64-linux-bin
-```
+If the project is to be verified with SPARK, just add `gnatprove` as a
+dependency by running `alr with gnatprove` and then running `alr gnatprove`,
+which will execute the SPARK solver. If you get warnings, it is recommended to
+increase the prove level: `alr gnatprove --level=4`.
+
+### GNAT FSF Compiler and GPRBuild manual installation
+In May 2022 AdaCore announced the end of the GNAT Community releases.
+Pre-built binaries for the GNAT FSF compiler and GPRBuild can be
+downloaded and manually installed from here:
+https://github.com/alire-project/GNAT-FSF-builds/releases
+Make sure the executables for the compiler and GPRBuild are on the PATH
+and use gprbuild to build the source code.
+
+#### Manual build of the project
 
 ```sh
-export PATH="/opt/GNAT/2021/bin:$PATH"
 cd wrapper/Ada
 gprclean
 gprbuild default.gpr
@@ -82,15 +96,6 @@ gprbuild -XOS=Windows default.gpr
 gprbuild -XOS=Windows client.gpr
 ```
 
-
-### GNAT FSF Compiler and GPRBuild manual installation
-In May 2022 AdaCore announced the end of the GNAT Community releases.
-Pre-built binaries for the GNAT FSF compiler and GPRBuild can be
-downloaded and manually installed from here:
-https://github.com/alire-project/GNAT-FSF-builds/releases
-Make sure the executables for the compiler and GPRBuild are on the PATH
-and use gprbuild to build the source code.
-
 ## Files
 The (D)TLS v1.3 client example in the Ada/SPARK programming language
 using the WolfSSL library can be found in the files:
@@ -103,15 +108,3 @@ using the WolfSSL library can be found in the files:
 tls_server_main.adb
 tls_server.ads
 tls_server.adb
-
-A feature of the Ada language that is not part of SPARK is exceptions.
-Some packages of the Ada standard library and GNAT specific packages
-provided by the GNAT compiler can therefore not be used directly but
-need to be put into wrapper packages that does not raise exceptions.
-The packages that provide access to sockets and command line arguments
-to applications implemented in the SPARK programming language can be
-found in the files:
-spark_sockets.ads
-spark_sockets.adb
-spark_terminal.ads
-spark_terminal.adb
diff --git a/wrapper/Ada/ada_binding.c b/wrapper/Ada/ada_binding.c
index 0becb0e7e0..72fd8b475b 100644
--- a/wrapper/Ada/ada_binding.c
+++ b/wrapper/Ada/ada_binding.c
@@ -1,6 +1,6 @@
 /* ada_binding.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
diff --git a/wrapper/Ada/alire.toml b/wrapper/Ada/alire.toml
new file mode 100644
index 0000000000..53b0e94644
--- /dev/null
+++ b/wrapper/Ada/alire.toml
@@ -0,0 +1,11 @@
+name = "wolfssl"
+description = "WolfSSL encryption library and its Ada bindings"
+version = "5.7.2"
+
+authors = ["WolfSSL Team <support@wolfssl.com>"]
+maintainers = ["Fernando Oleo Blanco <irvise@irvise.xyz>"]
+maintainers-logins = ["Irvise"]
+licenses = "GPL-2.0-only"
+website = "https://www.wolfssl.com/"
+project-files = ["wolfssl.gpr"]
+tags = ["ssl", "tls", "embedded", "spark"]
diff --git a/wrapper/Ada/user_settings.h b/wrapper/Ada/user_settings.h
index b66bb3224d..00f06a0fab 100644
--- a/wrapper/Ada/user_settings.h
+++ b/wrapper/Ada/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,9 +34,14 @@
 extern "C" {
 #endif
 
+#include <stdint.h>
+
 /* Usually comes from configure -> config.h */
 #define HAVE_SYS_TIME_H
 
+/* Explicitly define NETDB support */
+#define HAVE_NETDB_H
+
 /* Features */
 #define SINGLE_THREADED
 #define WOLFSSL_IGNORE_FILE_WARN /* Ignore *.c include warnings */
diff --git a/wrapper/Ada/wolfssl.gpr b/wrapper/Ada/wolfssl.gpr
new file mode 100644
index 0000000000..65d8cce6f8
--- /dev/null
+++ b/wrapper/Ada/wolfssl.gpr
@@ -0,0 +1,96 @@
+library project WolfSSL is
+
+   for Library_Name use "wolfssl";
+   --  for Library_Version use Project'Library_Name & ".so";
+   type OS_Kind is ("Windows", "Linux_Or_Mac");
+
+   OS : OS_Kind := external ("OS", "Linux_Or_Mac");
+
+   for Languages use ("C", "Ada");
+
+   for Source_Dirs use (".",
+                        "../../",
+                        "../../src",
+                        "../../wolfcrypt/src");
+
+   --  Don't build the tls client or server application.
+   --  They are not needed in order to build the library.
+   for Excluded_Source_Files use ("tls_client_main.adb",
+                                  "tls_client.ads",
+                                  "tls_client.adb",
+				  "tls_server_main.adb",
+				  "tls_server.ads",
+				  "tls_server.adb");
+
+   for Object_Dir use "obj";
+   for Library_Dir use "lib";
+   for Create_Missing_Dirs use "True";
+
+   type Library_Type_Type is ("relocatable", "static", "static-pic");
+   Library_Type : Library_Type_Type := external("LIBRARY_TYPE", "static");
+   for Library_Kind use Library_Type;
+
+   package Naming is
+      for Spec_Suffix ("C") use ".h";
+   end Naming;
+
+   package Builder is
+      for Global_Configuration_Pragmas use "gnat.adc";
+   end Builder;
+
+   package Compiler is
+      for Switches ("C") use
+         ("-DWOLFSSL_USER_SETTINGS", --  Use the user_settings.h file.
+          "-Wno-pragmas",
+          "-Wall",
+          "-Wextra",
+          "-Wunknown-pragmas",
+          "--param=ssp-buffer-size=1",
+          "-Waddress",
+          "-Warray-bounds",
+          "-Wbad-function-cast",
+          "-Wchar-subscripts",
+          "-Wcomment",
+          "-Wfloat-equal",
+          "-Wformat-security",
+          "-Wformat=2",
+          "-Wmaybe-uninitialized",
+          "-Wmissing-field-initializers",
+          "-Wmissing-noreturn",
+          "-Wmissing-prototypes",
+          "-Wnested-externs",
+          "-Wnormalized=id",
+          "-Woverride-init",
+          "-Wpointer-arith",
+          "-Wpointer-sign",
+          "-Wshadow",
+          "-Wsign-compare",
+          "-Wstrict-overflow=1",
+          "-Wstrict-prototypes",
+          "-Wswitch-enum",
+          "-Wundef",
+          "-Wunused",
+          "-Wunused-result",
+          "-Wunused-variable",
+          "-Wwrite-strings",
+          "-fwrapv") & External_As_List ("CFLAGS", " ");
+
+      for Switches ("Ada") use ("-g") & External_As_List ("ADAFLAGS", " ");
+   end Compiler;
+
+   package Binder is
+      for Switches ("Ada") use ("-Es");  --  To include stack traces.
+   end Binder;
+ 
+--     case OS is
+--        when "Windows" =>
+--           for Library_Options use ("-lm",  --  To include the math library (used by WolfSSL).
+--  		                  "-lcrypt32");  --  Needed on Windows.
+--        when "Linux_Or_Mac" =>
+--  	 for Library_Options use ("-lm");  --  To include the math library (used by WolfSSL).
+--     end case;
+--  
+--     --  Put user options in front, for options like --as-needed.
+--     for Leading_Library_Options use External_As_List ("LDFLAGS", " ");
+
+end WolfSSl;
diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md
index 4a2c1455ec..21310463ae 100644
--- a/wrapper/CSharp/README.md
+++ b/wrapper/CSharp/README.md
@@ -81,7 +81,7 @@ mono client.exe
 To enable SNI, just pass the `-S` argument with the specified hostname to the client:
 
 ```
-mono client.exe -S hostname 
+mono client.exe -S hostname
 ```
 
 And run the server with the `-S` flag:
diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs
index f1753282b8..f21932c222 100644
--- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs
+++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-DTLS-PSK-Server.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs
index 5e10a9a93b..fe9c392ae5 100644
--- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs
+++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-DTLS-Server.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
index 77218fd0a1..4490371fc3 100644
--- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
+++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-Example-IOCallbacks.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs
index 7cf4c71f4c..9e9dbe46ed 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-Client.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
index 0f70d72d44..a6525112fb 100644
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-PSK-Client.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs
index a16bb87325..650d848115 100644
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-PSK-Server.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs
index 386f9d6e3a..ff184b1e9a 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-Server.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs
index 6cd6982dbe..a7c3d88ee0 100644
--- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-ServerThreaded.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
index 1458d00081..91d52d01d2 100644
--- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
+++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
@@ -1,6 +1,6 @@
 /* wolfSSL.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt
index ed5900aaec..b13d9941a1 100644
--- a/zephyr/CMakeLists.txt
+++ b/zephyr/CMakeLists.txt
@@ -13,10 +13,10 @@ if(CONFIG_WOLFSSL)
     endif()
 
     zephyr_include_directories(
-  	${ZEPHYR_CURRENT_MODULE_DIR}
-  	${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl
-  	${ZEPHYR_CURRENT_MODULE_DIR}/zephyr
-  	)
+        ${ZEPHYR_CURRENT_MODULE_DIR}
+        ${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl
+        ${ZEPHYR_CURRENT_MODULE_DIR}/zephyr
+        )
 
     zephyr_library()
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/zephyr/zephyr_init.c)
@@ -117,6 +117,8 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/tfm.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_dsp.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_encrypt.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber_poly.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c)
@@ -162,8 +164,8 @@ if(CONFIG_WOLFSSL)
 
     zephyr_library_link_libraries(wolfSSL)
 
-  	target_compile_definitions(wolfSSL INTERFACE WOLFSSL_ZEPHYR)
-  	target_compile_definitions(wolfSSL INTERFACE WOLFSSL_USER_SETTINGS)
+        target_compile_definitions(wolfSSL INTERFACE WOLFSSL_ZEPHYR)
+        target_compile_definitions(wolfSSL INTERFACE WOLFSSL_USER_SETTINGS)
     if(CONFIG_WOLFSSL_DEBUG)
       target_compile_definitions(wolfSSL INTERFACE DEBUG_WOLFSSL)
       zephyr_library_compile_options(-g3 -O0)
@@ -175,8 +177,8 @@ if(CONFIG_WOLFSSL)
     # therefore susceptible to bit rot
 
     target_include_directories(wolfSSL INTERFACE
-  	${CONFIG_WOLFSSL_INSTALL_PATH}
-  	)
+        ${CONFIG_WOLFSSL_INSTALL_PATH}
+        )
 
     zephyr_link_libraries(
       wolfssl_external
diff --git a/zephyr/README.md b/zephyr/README.md
index 098d51c96c..ef0334d117 100644
--- a/zephyr/README.md
+++ b/zephyr/README.md
@@ -102,3 +102,12 @@ west build -p auto -b qemu_x86 modules/crypto/wolfssl/zephyr/samples/wolfssl_tls
 west build -t run
 ```
 
+## How to setup wolfSSL support for Zephyr TLS Sockets and RNG
+
+wolfSSL can also be used as the underlying implementation for the default Zephyr TLS socket interface.
+With this enabled, all existing applications using the Zephyr TLS sockets will now use wolfSSL inside
+for all TLS operations. This will also enable wolfSSL as the default RNG implementation. To enable this
+feature, use the patch file and instructions found here:
+
+https://github.com/wolfSSL/osp/tree/master/zephyr
+
diff --git a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
index c25277820b..90347ceb3d 100644
--- a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
+++ b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
@@ -1,6 +1,6 @@
 /* tls_sock.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c b/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
index cd7aad9016..99036f2d19 100644
--- a/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
+++ b/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
@@ -1,6 +1,6 @@
 /* tls_threaded.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/zephyr/user_settings-no-malloc.h b/zephyr/user_settings-no-malloc.h
index 5a5ca131c7..cd7e2fad18 100644
--- a/zephyr/user_settings-no-malloc.h
+++ b/zephyr/user_settings-no-malloc.h
@@ -1,7 +1,7 @@
 /* user_settings-tls-generic.h
  * generated from configure options
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/zephyr/zephyr_init.c b/zephyr/zephyr_init.c
index cd8ae98e6d..927249e528 100644
--- a/zephyr/zephyr_init.c
+++ b/zephyr/zephyr_init.c
@@ -1,6 +1,6 @@
 /* zephyr_init.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *